Merge branch 'master' of code.ungleich.ch:ungleich-public/ungleich-staticcms

This commit is contained in:
Nico Schottelius 2020-11-04 10:15:48 +01:00
commit 9b642e543c
8 changed files with 635 additions and 1 deletions

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 869 KiB

View file

@ -0,0 +1,49 @@
title: 2020 incompatible: without IPv6
---
pub_date: 2020-10-16
---
author: ungleich
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: no
---
abstract:
2020 is the year of IPv6 - are you ready for it?
---
body:
## TL;DR
As of 2020-10-16 we will start to label software and hardware that is not fully IPv6 compatible
as "2020 incompatible". And we encourage everyone to join.
## Background
Latest with the [exhaustion of IPv4 space at
RIPE](https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses),
it has become a necessity to switch to IPv6 in 2020.
Additionally IPv4 address have become a very scarce and expensive
resource. Not only in buying the actual addresses, but also to keep
the legacy IP stack active and maintained.
## 2020: Switching to IPv6 only networks
Running dual stack networks is not feasible, because you do not profit
from the advantages of IPv6, but suffer from complexity in your
network.
Dual stack networks also limit the scope of IPv6 implementation, as
layouts are orientated on legacy network designs. So in a nutshell: If
you want to make your life easier and your operations less cost
intensive, you switch to IPv6 only networks.
## Blocker for the IPv6 only migration
We argue that there is no practical blocker anymore for moving to IPv6
only networks, because even reachability from the IPv4 Internet can
easily be achieved using [IPv4-to-IPv6
proxies](/u/products/ipv4-to-ipv6-proxy/) or

View file

@ -0,0 +1,26 @@
title: Blocking Source Address Spoofing
---
pub_date: 2020-10-23
---
author: ungleich
---
twitter_handle: ungleich
---
_hidden: yes
---
_discoverable: no
---
abstract:
Let's not let the wrong packets in.
---
body:
## TL;DR
Effective 2020-10-23 we drop source address spoofed packets in Data
Center Light.
## Introduction
We have received a very helpful hint from a group of researchers that
spoofed packets from our own

View file

@ -0,0 +1,418 @@
_discoverable: no
---
_hidden: no
---
title: IPv6 Hardware List
---
subtitle: Enabling your network with IPv6
---
headline1: IPv6 Hardware List
---
headline2: IPv6 Routers - IPv6 VPN
---
headline3: IPv6 WiFi - IPv6 Cameras
---
header_background_color: #1BC0A1
---
header_text_color: text-light
---
nav_classes: navbar-dark
---
description1:
<h2>IPv6 Hardware List</h2>
<p>
We at ungleich provide a variety of IPv6 only services. Through the
years we have tested, retested, flashed, upgraded and tested again a
lot of hardware.<br/>
We want to allow that our IPv6 experiences are a value for everyone
interested in IPv6 networking.<br/>
For some devices we have taken the opportunity to replace the original
firmware with OpenWRT to give full networking freedom and full IPv6
support to you.
</p>
<div class="container">
<div class="row">
<div class="col-md-12">
<table>
<tr>
<th>Device</th>
<th>Description</th>
<th>IPv6VPN</th>
<th>WiFi</th>
<th>Ethernet</th>
<th>4G/LTE</th>
<th>Wireguard Speed</th>
<th>Operating System</th>
</tr>
<tr>
<td><a href="/u/products/viirb-ipv6-box/">VIIRB (58)</a></td>
<td>The world's smallest IPv6 router</td>
<td>yes</td>
<td>no</td>
<td>1x 100Mbit/s</td>
<td>add-on</td>
<td>?</td>
<td><a href="https://openwrt.org/toh/hwdata/vocore/vocore_vocore2">OpenWRT</a></td>
</tr>
<tr>
<td><a
href="/u/products/viirb-ipv6-box/">Wired-IPv6-Camera (83)</a></td>
<td>IPv6 Video Streaming (1280x720)</td>
<td>optional</td>
<td>no</td>
<td>1x 100Mbit/s</td>
<td>add-on</td>
<td>N/A</td>
<td><a href="https://openwrt.org/toh/hwdata/vocore/vocore_vocore2">OpenWRT</a></td>
</tr>
<tr>
<td><a href="/u/products/wib-ipv6-box/">WIVIRB (73)</a></td>
<td>Tiny WiFi enabled IPv6 router</td>
<td>yes</td>
<td>yes</td>
<td>1x 100Mbit/s</td>
<td>add-on</td>
<td>?</td>
<td><a href="https://openwrt.org/toh/tp-link/tl-wr902ac_v3">OpenWRT</a></td>
</tr>
<tr>
<td><a
href="/u/products/viirb-ipv6-box/">Wireless-IPv6-Camera (98)</a></td>
<td>IPv6 Video Streaming (1280x720)</td>
<td>optional</td>
<td>yes</td>
<td>1x 100Mbit/s</td>
<td>add-on</td>
<td>N/A</td>
<td><a href="https://openwrt.org/toh/tp-link/tl-wr902ac_v3">OpenWRT</a></td>
</tr>
<tr>
<td><a href="/u/products/wib-ipv6-box/">FIVIRB (79)</a></td>
<td>Fast and Small IPv6 router</td>
<td>yes</td>
<td>no</td>
<td>5x 1 Gbit/s, POE</td>
<td>no</td>
<td>200Mbit/s</td>
<td><a href="https://openwrt.org/toh/tp-link/tl-wr902ac_v3">OpenWRT</a></td>
</tr>
<tr>
<td><a href="/u/products/pib-ipv6-box/">PIB (300)</a></td>
<td>Professional IPv6 Router</td>
<td>yes</td>
<td>yes</td>
<td>3x 1 Gbit/s</td>
<td>add-on</td>
<td>?</td>
<td><a href="https://openwrt.org/toh/pcengines/apu2">OpenWRT</a></td>
</tr>
<tr>
<td><a href="/u/products/pib-ipv6-box/">WIAPLITE</a></td>
<td>IPv6 compatible Wifi Access Point</td>
<td>optional</td>
<td>867 Mbit/s (5Ghz), 300 Mbit/s (2.4 Ghz)</td>
<td>1x 1 Gbit/s</td>
<td>no</td>
<td>?</td>
<td><a href="https://openwrt.org/toh/ubiquiti/unifiac">OpenWRT</a></td>
</tr>
<tr>
<td><a href="/u/products/pib-ipv6-box/">WIAPLR</a></td>
<td>IPv6 compatible Wifi Access Point</td>
<td>optional</td>
<td>866 Mbit/s (5Ghz), 450 Mbit/s (2.4 Ghz)</td>
<td>1x 1 Gbit/s</td>
<td>no</td>
<td>?</td>
<td><a href="https://openwrt.org/toh/ubiquiti/unifiac">OpenWRT</a></td>
</tr>
<tr>
<td><a href="/u/products/pib-ipv6-box/">WIAPPRO</a></td>
<td>IPv6 compatible Wifi Access Point</td>
<td>optional</td>
<td>1300 Mbit/s (5Ghz), 450 Mbit/s (2.4 Ghz)</td>
<td>1x 1 Gbit/s</td>
<td>no</td>
<td>?</td>
<td><a href="https://openwrt.org/toh/ubiquiti/unifiac">OpenWRT</a></td>
</tr>
</table>
</div>
</div>
</div>
Additional to support IPv6 properly, due to OpenWRT the devices also
support:
* prometheus
<div class="container">
<div class="row">
<div class="col-md-3">
<img style="width: 100%; position: relative; top: 25%; margin-bottom: 25%;" src="/u/image/matrix-logo.png" />
</div>
<div class="col-md-9">
<ul>
<li>
The strongest point of Matrix is <b>federation</b>: a Matrix homeserver allows you to manage your own community and to join the whole
Matrix network. You will be able to exchange with users on any other Matrix
server without any special configuration!
</li>
<li>
You can enable end-to-end encryption (E2EE): only the sender and
intended receiver(s) will be able to read the messages. Even ungleich, who
manages the matrix server, will not be able to access the content of E2EE
messages.
</li>
<li>
Our Matrix servers are provided with a TURN server: you'll be
able to use voice and video calls out of the box.
</li>
<li>
You can bridge to other networks: Mattermost instances, IRC,
Slack, Telegram and more via <a
href="https://github.com/42wim/matterbridge">Matterbridge</a>.
</li>
</ul>
</div>
</div>
</div>
<hr />
---
feature1_title: Open
---
feature1_text:
The evolution of Matrix is managed through an open governance process,
supervised by [The Matrix.org Foundation](https://matrix.org/foundation).
All the software backing the network is [Free and Open
Source](https://en.wikipedia.org/wiki/Free_and_open-source_software), which
guarantees quality and security.
---
feature2_title: Secure & decentralized
---
feature2_text:
Both end-to-end encryption and federation are *built-in* into Matrix. The
former will be enabled by default in the near future, making it a valuable tool
for activists and privacy-minded people all across the world.
---
feature3_title: Zero Carbon
---
feature3_text:
We host your Matrix homeserver in our [own
datacenter](/u/projects/data-center-light/) in Switzerland, which we believe to
be as ecologically-friendly as a datacenter can get: we use old factory halls,
recycled servers, passive cooling and our servers are directly plugged into a
hydroelectric power plant.
---
description3:
<div class="container" style="padding: 0;">
<div class="row">
<div class="col-md-9">
<img style="width: 100%;" src="/u/image/penguin-matrix.jpg" />
</div>
<div class="col-md-3">
<h2>Growing fast!</h2>
<p>As of February 2020, the Matrix network supports ~13.5M visible
accounts, ~5.0M messages a day, ~40.000 federated servers and even <a
href="https://archive.fosdem.org/2019/schedule/event/matrix_french_state/">governments</a>!</p>
<p>A lot of privacy, security and usability work is going on: Matrix will get even more awesome in the coming months!</p>
<p>You can follow the <a href="https://matrix.org/blog/posts">Matrix.org
blog</a> to get frequent updates on Matrix's development, and chat with
us on <a
href="https://matrix.to/#/%23matrix:ungleich.ch">#matrix:ungleich.ch</a>!
</div>
</div>
</div>
<hr />
<div class="container" style="padding: 0;">
<div class="row">
<div class="col-md-6">
<h2>Hosted Matrix Chat</h2>
<p>We will provide you with your own dedicated Matrix home server, as well as
a hosted web client. Matrix requires a domain name in order to join the global
networks, which will appear in your username (e.g.
<i>@penguin:example.0co2.cloud</i>): you can either use a subdomain of
<i>0co2.cloud</i> (e.g. <i>example.0co2.cloud</i>) or your own domain name. We
will deploy a <a href="https://github.com/42wim/matterbridge">Matterbridge</a>)
instance (bridging to Mattermost, IRC, Slack, Telegram, ...) on demand.
</p>
<p>There are <a href="https://matrix.org/clients/">many Matrix
clients</a>, although we <b>strongly recommend</b> <a
href="https://about.riot.im/features">Riot</a> which is the most
advanced at the moment. Be aware, however, that you might be a bit
confused with its UI/UX at first (there is ongoing work to improve
onboarding): we encourage you to <a href="https://riot.im/app/">try
Riot/Matrix</a> first if your are not already familiar with it.
</p>
</div>
<div class="col-md-6">
<h2>How the pricing works</h2>
<p>We try to be as transparent as possible for our Matrix pricing. The pricing is made of 2 essential parts.
</p>
<ul>
<li>
a one-time set up fee for initially setting up the Matrix instance for you. We set up the Matrix and also customize* the login page with your own logo and text.
</li>
<li>
a monthly maintenance fee that includes the price of a dedicated virtual machine(VM)** and the fee for maintaining the service.
</li>
</ul>
<p>
You're all set with above 2 costs for starting your own Matrix.
</p>
<p>
* Further customization such as favicon, background and more is possible at additional fee, get in touch with us to learn more.
</p>
<p>
** The number of users or size of rooms depend on the size of your VM, and you can scale them anytime you want. The extention will be done according to <a href="https://datacenterlight.ch">our standard VM pricing.</a>
</p>
<div class="alert alert-info">
Your usecase doesn't fit the offers below? We do custom-sized deployment for you. Get in touch with us by
email or even on matrix, via <a
href="https://matrix.to/#/%23matrix:ungleich.ch">#matrix:ungleich.ch</a>!
</div>
</div>
</div>
<p style="text-align: center; font-weight: bold;"> You will find more details
on our <a href="https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Ungleich_Matrix-as-a-Service_(MaaS)">Matrix-as-a-Service FAQ</a> and on <a href="https://matrix.org/discover"> Matrix's official documentation</a>.
</p>
<div class="alert alert-secondary">
You might be also interested in our <a
href="../zero-carbon-chat">Mattermost-based chat offer</a>, which might be
closer to what you expect for a enterprise team chat at the moment. We use both
at ungleich, since Matrix is especially convenient to reach out to the world!
</div>
---
offer1_title: Matrix-S 36 CHF/Month
---
offer1_text:
* VM with 1 Core, 2 GB RAM, 10 GB SSD and 100 GB HDD
* Maintenance fee 20 CHF/month included
* Application firewall included
* [Initial setup fee 30 CHF](https://ungleich.ch/product/0carbonchat-setup/)
---
offer1_link: https://ungleich.ch/product/hosted-matrix-s/
---
offer2_title: Matrix-M 63 CHF/Month
---
offer2_text:
* VM with 2 Core, 4 GB RAM, 10 GB SSD and 500 GB HDD
* Maintenance fee 30 CHF/month included
* Application firewall included
* [Initial setup fee 30 CHF](https://ungleich.ch/product/0carbonchat-setup/)
---
offer2_link: https://ungleich.ch/product/hosted-matrix-m/
---
offer3_title: Matrix-L 157 CHF/Month
---
offer3_text:
* VM with 8 Core, 16 GB RAM, 10 GB SSD and 1000 GB HDD
* Maintenance fee 50 CHF/month included
* Application firewall included
* [Initial setup fee 30 CHF](https://ungleich.ch/product/0carbonchat-setup/)
---
offer3_link: https://ungleich.ch/product/hosted-matrix-l/
---
description4:
## Additional offers
* Bridging to other networks using
[matterbridge](https://github.com/42wim/matterbridge) is a 10 CHF
setup fee and 5 CHF/month maintenance fee. It supports the following protocols:
** Discord
** Gitter
** IRC
** Keybase
** Matrix
** Mattermost 4.x, 5.x
** Microsoft Teams
** Rocket.chat
** Slack
** Ssh-chat
** Steam
** Telegram
** Twitch
** WhatsApp
** XMPP
** Zulip
## Matrix UI/UX development support program
On 2020-04-21 we started our new support program to specifically
enhance the UI and UX of Matrix. With this program we want to enhance
the usability of the web client and the apps.
### How the matrix support program works
If you want to support UI/UX improvements of Matrix,
you can support the work financially with 15 CHF (roughly about 15
USD) as a one time or monthly payment (below 15 CHF is costing too
much in transfer fees).
To do so, write an email with the subject "I want to support the
Matrix UI/UX improvements" to **support -at- ungleich.ch** and include
the amount that you are willing to contribute and whether you want to
pay via credit card or wire transfer.
Also mention whether you want to be publicly listed as a supporter on
this website.
### Development and transparency
All money that comes in will only be used to finance development and
design work related to Matrix. We will continuously
update this website with contributions and which tasks we work on.
### Why is ungleich doing this?
We at ungleich think that Matrix has one really, really huge edge over
almost all other solutions: it is really decentralised and
federated. It finally solves the problems of **data silos** that
exists in many places in IT.
However we do acknowledge that Matrix can benefit a lot from UI/UX
improvements and thus we wanted to create an easy way for anyone to
contribute to it.
### List of tasks / work
* [UI/UX improvement suggestions for
matrix](https://redmine.ungleich.ch/issues/7876)

View file

@ -8,7 +8,7 @@ subtitle: The VIIRB connects anything anywhere with IPv6.
---
image: /u/image/cards/viirb.jpg
---
content1_image: /u/image/viirb-ipv6-box.png
content1_image: /u/image/viirb-vertical.jpg
---
content1_text:

View file

@ -0,0 +1,128 @@
title: The 1000 eyes project
---
subtitle: Let's connect back - digitally
---
_hidden: yes
---
_discoverable: no
---
description1:
## What is the 1000 eyes project?
2020 has been a difficult year for everyone. Lockdowns, sickness,
limitations of movement, being unable to see friends and family.
2020 might be the year that we talk about for decades, probably to our
children.
In these times, when we need to social distance to keep others safe,
we can feel isolated, locked in - wanting to go out and meet other
people.
With the 1000eyes project we aim to bring people back together. Safely
and everywhere in the world.
## How does the 1000 eyes project work?
Every **eye** allows you to see one spot in the world. An eye is an
IPv6 enabled camera that is world wide reachable (*). With an eye, you
can view parts of the world. Live and unedited.
There are two options to choose from: Option (A) an eye at your place that you
operate. Or (B) an eye that we operate for you.
### Option (A): An eye for you and your place
### Option (B): An eye operated by ungleich
## How do I connect the eye?
You can either connect the eye via a network cable to your router or
you can connect it via WiFi.
## Meet, talk and exchange ideas
So what if you see a cool eye? Who can you talk to it about? Where can
you announce a trip that you do with your eye?
For this we already created an open exchange platform on the [Open
Chat](/u/projects/open-chat/): simply register at the Open Chat
and then join **1000eyes:ungleich.ch**.
## Financial Goals
### Initial Goal: producing first batch of 100 eyes - 7520 CHF
Let's create the first 100 eyes together. We will setup a website that
lists all available eyes and allows you to select an individual eye
for viewing.
### Stretch Goal #1: 20'000 CHF
If we are able to produce a bigger amount, we will be able to add
a battery and solar panel option to allow your eye to function without
external power source for some time. Our current tested option
includes a 30000mAh battery and a 1.65W solar panel. The estimated
price for this add-on is 75 CHF (the exact price will be communicated
once we passed this stretch goal).
### Stretch Goal #3: 50'000 CHF
This is roughly 500 eyes distributed in the world. Reaching this goal
will allow us to add a 4G/LTE option, allowing your eye to function
even without an Ethernet cable and without WiFi. We are currently
evaluating a partnership that will even allow us to distribute it with
SIM cards in Switzerland. Estimated price for the 4G/LTE extension is
75 CHF (the exact price will be communicated once we passed this stretch goal).
### Stretch Goal 3: 100'000 CHF
If we reach this goal we will add IPv4 proxy support for every eye -
that means every eye will also be accessible from the IPv4 Internet.
Additionally we plan to add more sophisticated filtering and creating
your own collection of eyes on the website - so that you can show your
selection of eyes to your friends and family.
## Tech details
The eyes are based on tested and running on ungleich verified
hardware.
All eyes are
running the Open Source operating system
[OpenWRT](https://openwrt.org/). The camera is a HD (1280x720)
resolution. The eye **does not store**
### The hardware
The eye is based on a MediaTek MT7628AN with
580Mhz, 8 MB Flash and 64 MB RAM. The underlying hardware platform is
a TP-Link TL-WR902AC v3. It has dual band WiFi chip that supports
2.4 Ghz (b/g/n) and 5 Ghz (a/n/ac) networks. The Ethernet port is a
100 Mbit/s port.
### IPv6 Connectivity
All eyes are bringing their own IPv6 connectivity. So you can connect
your eye to any IPv4 or IPv6 network and the eye will use the
[IPv6VPN.ch](https://ipv6vpn.ch) to get its own IPv6 address.
### Fully Open Source
Not only is the operating system fully Open Source, also the process
to create the eyes and to configure is openly available. Because the
eyes are using OpenWRT, you are free to reconfigure the eye to your
need.
### Wireguard included
The eyes use the [Wireguard](https://www.wireguard.com/) protocol to
establish the VPN. If you are reconfiguring or resetting the eye,
ensure that you make a backup of the wireguard private key.
## The footprint / small print
(*) The eyes are only reachable via IPv6. If we reach the If you do not have an IPv6
connection, you can get IPv6 connectivity from the
[IPv6VPN.ch](https://ipv6vpn.ch).

View file

@ -21,6 +21,11 @@ To foster IPv6 deployement, we created [IPv6.chat](../ipv6-chat/),
which is also reachable via matrix. Follow above instructions and type
**/join #ipv6:ungleich.ch** instead.
## 1000eyes
Are you interested in the [1000eyes](https://1000ey.es) project? Then
do not hesitate to **/join #1000eyes:ungleich.ch**.
## VIIRB
If you own a [VIIRB](/u/products/viirb-ipv6-box)