Re: [D*] Isolating a Pod from other Pods

[Jonne Haß]

Do not connect it to the Internet.

Diaspora is build around federation, not the federation around Diaspora.

On 07/27/2012 06:03 PM, Scott C. Reynolds wrote:
> I have a client that started using Diaspora for part of their solution.
> I've recently been brought in, and they want their pod completed
> isolated. No federation with other pods. What's the easiest/least
> destructive way to accomplish this?
>
> --
> You received this message because you are subscribed to the Google
> Groups "diaspora-dev" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/diaspora-dev/-/WQ4lWqZ5lOcJ.
> To post to this group, send email to diaspo...@googlegroups.com.
> To unsubscribe from this group, send email to
> diaspora-dev...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/diaspora-dev?hl=en.

[Justin Thomas]

Use a firewall (host or network) to limit connectivity.

[Robert Bender]

Hi. My family in Pittsburgh works in the coal industry and I am
returning to NYC to resume my hospitality business. FB has caused my
associates and me nothing but problems recently. Diaspora looks like
a great alternative to migrate my close circle of friends over there.
We are now on Dynamic IP, which changes your IP address every time you
log on to the Internet. I've been told that it's virtually hack-free.
So far, no problems at all. I would like any and all feedback before
I shut down my FB account and move over to Diaspora. Since Wall
Street defriended FB the other day, the buzz is to get rid of FB and
just move on. Diaspora looks like a great solution. Regards, Robert
Bender (Bob).

[Robert Bender]

Okay. How do I do that? I am on Norton and have used AVG and Spybot.
Which host or network should I use? FB is clearly dangerous. I just
need some advice so I can start moving selected people over to
Diaspora. Thanks, Rob.

On Fri, Jul 27, 2012 at 9:42 AM, Justin Thomas <jus...@justinthomas.name> wrote:

[memento Ad]

Hi !

It's been almost 2 years, I know.
Did you find any anwser to this question of yours ?

What's the simplest and less destructive way to keep your pod isolated from the jungle composed by the other pods ?

Best regards !

[memento Ad]

What if your private pod has to accessed threw the internet by your singned-up users.. but still you wanna keep this pod isolated and invisible to other pods ?

[Jonne Haß]

One would think that reading through all the existing discussion made
you understand the purpose of diaspora*. Anyway, here is it spelled out
once more:
https://wiki.diasporafoundation.org/FAQ_for_pod_maintainers#Can_I_make_my_pod_private.2Fisolated.2Fnot_communicate_with_other_pods.3F

- Jonne

> --
> You received this message because you are subscribed to the Google
> Groups "diaspora-dev" group.

> To unsubscribe from this group and stop receiving emails from it, send
> an email to diaspora-dev...@googlegroups.com
> <mailto:diaspora-dev...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

[memento Ad]

Of course you can isolate your pod from the others.

On the link you shared, it's written :

"No. diaspora* is built around the idea of a distributed social network. We want to built one network, not enable special interest... bla bla bla the earth is flat, period"

=> Of course this answer is obviously a dogmatic answer. It's ideological. They don't want you to use your open-source diaspora pod this way.

My question (our question) was : Is there a clean way, into the code, to block the network calls between our pod and the whole network ?

If noone can/want to share his/her insight/experience with us about that precise matter, well I'll look into the code, find the cleanest way I can and share it back to this very thread (and on blogs as a matter of fact. What a punk !).

Jonne, you can built a wonderful open-source car and maybe someone would like to modify it to put it on rails ! (Ow rails are so Restrictive ! It's baaad !) Live with that !

Freedom isn't just what's convenient for you...

I can't believe I feel the need to remind anyone from the open-source community with this simple fact.

Memento.

> <mailto:diaspora-dev+unsub...@googlegroups.com>.

[Jonne Haß]

This message is personal opinion, not an official statement in any way.

We're not building a car. We're building a church.

This project started with an idea, a common base ideology that still
can be seen among the members of this community. The idea of a more
open platform that accommodates the need for a modern way of
communication while basing its structure on the most essential ideas of
the internet and the web. As such we're not building a car, we're
exploring ways to make this idea real, if it can be done. So we're
building our church, the room to practice and develop our ideology.
We've chosen to hand out the construction plans for this church, so
that anyone can participate and even implement their own idea with it,
given he gives the same rights to his users. However this part is not
the motivation of this project and as such not t he personal motivation
of its developers, or me at least. I'm implementing an ideology, not a
framework for different ones. I don't want to stop you from using my
work for your purposes, but don't make me work for your idea instead of
mine.

My core motivation in this project is idealogical and as such I'm
dogmatic about the core concepts. I'm fully aware of that, and I think
I've stated that in the past. It's a decision I made, not a side effect
of anything.

So go ahead, do whatever you want, share it so that we can learn from
each other and others can learn from us. We might ask you to not call
it diaspora. We might ask you to make it clear that your work is based
on diaspora. We might ask you to make the difference to our ideology
clear. We might ask you to not use our terminology, like pods or seeds.
But by no means we will ask you to stop implementing your idea or using
our work as a base for that.

- Jonne

On Do 27 Mär 2014 04:17:46 CET, memento Ad wrote:
> *Of course you can isolate your pod from the others.*
> *
> *

> On the link you shared, it's written :
>

> /"No. diaspora* is built around the idea of a distributed social

> network. We want to built one network, not enable special

> interest... bla bla bla the earth is flat, period/"
>
>
> => *Of course* this answer is *obviously* a dogmatic answer.

> It's ideological. They don't want you to use your open-source diaspora
> pod this way.
> My question (our question) was : Is there a clean way, into the code,
> to block the network calls between our pod and the whole network ?
>
> If noone can/want to share his/her insight/experience with us about
> that precise matter, well I'll look into the code, find the cleanest

> way I can and share it back to *this very thread* (and on blogs as a

> matter of fact. What a punk !).
>
> Jonne, you can built a wonderful open-source car and maybe someone
> would like to modify it to put it on rails ! (Ow rails are so
> Restrictive ! It's baaad !) Live with that !
>
> Freedom isn't just what's convenient for you...
>
> I can't believe I feel the need to remind anyone from the open-source

> community with this *simple fact*.

> > an email to diaspora-dev...@googlegroups.com <javascript:>
> > <mailto:diaspora-dev...@googlegroups.com <javascript:>>.

> > For more options, visit https://groups.google.com/d/optout

> <https://groups.google.com/d/optout>.

>
> --
> You received this message because you are subscribed to the Google
> Groups "diaspora-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to diaspora-dev...@googlegroups.com

> <mailto:diaspora-dev...@googlegroups.com>.

[memento Ad]

Isolating your pod is actually very simple when you get to know how pods comunicate with each others http://www.sarahmei.com/blog/2011/09/17/how-diaspora-connects-users/ 
If you don't have access to this page anymore, know you can get the pdf version attached.

If the outside world wants to get informations on your users, it will use request to your pod through this file : http://yourpod.com/.well-known/host-meta

To prevent your pod from being requested, here is a two step-solution :

First step :

If you use NGINX, you should add something like this :

        location ~ ^/.well-known/ {

                deny all;

                access_log off;

                log_not_found off;

        }

Second step : 

If some pieces of information already leaked (because you were not fast enough to do the first step ;) ) and if a pod (or anything else using the webfinger protocole) already have the id of some of your users so they can see public informations about your people, you can also add a HTTP Password system easily configurable with nginx (google it if you wish).

What you'll get :

Your users will be able to search (on your pod) for users from the outside world and even add them to their aspect but the maneuver will never materialize as the outside pod won't be able to get information from the users on your pod. It will be a dead end.
However it's nice to see without being seen. Your private pod will rather become a ghost pod.

I'm not especially an advocate of branding a diaspora pod but I know for sure podmins should have the possibility to grow a private community if they want.

Best regards,

Alexandre (Greetings from France).