Introduction

<sect1 id="configurations-ppp-intro">

    <title>Introduction</title>

    <para>
        This chapter describes how to configure &TCD; to provide some
        Internet services through the telephone line. In this chapter,
        the computer holding the Internet services is named the
        <quote>server</quote> and the computer that want to make use
        of such services is named the <quote>client</quote>. We assume
        that both server and client computers have been installed with
        &TCD; (release 5.5).
    </para>

    <para>
        In this configuration, both client and server computers use
        modems to transmit data in form of sound through the telephone
        lines system. The dial-up connection described in this chapter
        could be a choise when the only communication medium you have
        access to is the telephone lines system.
    </para>

    <para>
        This configuration emerged from the need of sharing
        information with my friends in a country where Internet access
        is limitted to statal organizations and controlled there with
        an increasing crazy obsession. However, in this environment,
        the telephone lines system provides an alternative platform to
        interchange information in a point-to-point fashion. It can be
        used to create small social groups and organize ideas safetly
        (e.g., by using TLS to encrypt connections). To be more
        specific, the goal would be to provide public access to an
        Internet Service Provider (ISP) where people can express
        themselves freely (e.g., through a mailing list with open
        subscriptions).
    </para>

    <para>
        Even this configuration tries to reduce the lack of
        communication, there are limitations around it that we cannot
        take away, yet. The following list shows what these
        limitations are:
    </para>

    <itemizedlist>
    <listitem>
    <para>
        Only one connection (of 15 minutes) is possible at a time.
    </para>
    </listitem>
    <listitem>
    <para>
        More than 3 consecutive connections from the same phone number
        in a time range of 60 minutes means that that number is
        attacking the ISP to provoke a <quote>Denying of Service
        (DoS)</quote> attach. In such cases the phone number
        originating the call will be permantly banished from
        realizing further calls to the ISP.  Fourtunly, such controls
        can be automated so I hope they achieve an acceptable degree
        of efficiency.
    </para>
    </listitem>
    <listitem>
    <para>
        The ISP is isolated from Internet, so it is not possible to
        provide Internet access through the ISP.
    </para>
    </listitem>
    <listitem>
    <para>
        The information generated inside the ISP is jailed to it. This
        way, it will be available to people registered inside the ISP
        only (e.g., through the web internface).
    </para>
    </listitem>
    <listitem>
    <para>
        The implementation of services that required persistent
        connections (e.g., <application>chats</application>) will not
        be considered as a practical offer.  Instead, only
        asynchronous services (e.g.,
        <application>e-mail</application>) will be supported. This
        restriction is required to reduce the connection effective
        times. For example, consider an environment where you connect
        the ISP to send/receive e-mails only and then disconnect.  In
        fact, to force this behaivour the ISP will be configured to
        close connections after 15 minutes passed the connection
        establishment.  
    </para>
    </listitem>
    <listitem>
    <para>
        Your user profile will be removed from ISP when no effective
        point-to-point connection is established by you in a period of
        7 days since the last effective point-to-point connection you
        established to the ISP. When your user profile is removed, you
        will need to register yourself again inside the ISP, to access
        its services.
    </para>
    </listitem>
    </itemizedlist>
        
    <para>
        I'm very sorry about these limitations, but this is the best I
        can offer with one PC, one modem, and one single telephone
        line. If you think this configuration can be improved somehow,
        please send me an e-mail to <email>al@example.com</email>.
        Notice that, for any mail to reach me, you should be
        registered inside the ISP first; I don't answer phone calls
        personally, the phone is very busy answering point-to-point
        connections ;).
    </para>

    <para>
        In order for you to share information with others, it is
        required that both you and the person you want to share
        information with, have an e-mail address registered inside
        ISP. This registration process is realized through a secured
        web interface accessable through an encrypted connection as
        the following url illustrates:
    </para>
    
    <itemizedlist>
    <listitem>
    <para>
        <ulink url="https://example.com/users?action=register" />
    </para>
    </listitem>
    </itemizedlist>

    <para>
        The web interface should permit everyone to update or delete
        their personal profiles without compromising personal
        information. Notice that all actions realized through this web
        interface must be simple enough to be achieved in less than 15
        minutes (the time the point-to-point connection reamins active
        from its first establishment on).
    </para>

    <para>
        User information is stored inside an LDAP server. The web
        application manipulates LDAP records and all related files
        inside the operating system that make possible a user to
        establish a poit-to-point connection to the ISP, as well as
        register, update or delate its profile inside the ISP. Care
        should be taken to prevent one user to modify/delete profiles
        from other users. The user's profile administration is
        individual to each user based on its identity. Notice that,
        all related subsystems (e.g., Postix, Cyrus-Imapd and
        Saslauthd) must use the user information from LDAP server.
        Likewise, the mailbox administration must be automated based
        on the users in the LDAP server. The web application must be
        able to be aware of all files related inside the
        infrastructure in a way that administration tasks can be
        automated and presented friendly to end users (this will
        required the web application to run some program that needs
        root privileges =:-|). The whole proces would be, establish a
        point-to-point connection to the ISP, register a new user
        through the web application and start using the e-mail client
        with your new address. The LDAP server will be available for
        everyone to consult from their mail clients. Inside the web
        application, verifications must be included to avoid
        duplicated values, invalid characters and similar stuff.
    </para>

    <para>
        In case some kind of force intend to confiscate me the
        computer where the ISP is installed in, I am plaing to encrypt
        the whole filesystem in a way that it would be very difficult
        to get any valid data from it. The encryption feature is
        applied before the operating system starts. In this
        configuration a password is required to decrypt the operating
        system filesystem in order to be able of booting up the
        operating system as expected. If the password is not provided,
        the only thing you get is a prompt to enter a password :).
    </para>

    <para>
        Another important matter to be aware of is about the ISP's
        policy.  In order to keep freedom, it is required to define
        the boundaries of that freedom so you can determine and judge
        it.  Absolute freedom (anarchism) will not be permitted (it
        would end up in total destruction) and communism will be
        avoided (it would suppress the natural freedom of human
        beings). So a middle point will be used. For example, if you
        think you have the freedom to abuse the ISP I provide (e.g.,
        by spamming it, or by provoking denying of service attaks) you
        probably have it, but consider that I am free to banish you
        immediatly for trying to destroy my work. On the other hand,
        if you show yourself to be an educated person with solid ideas
        and reasons to share, you'll be totaly welcome to stay. The
        general idea behind this work is improving Cuban communication
        to make ourselves better persons, understand our nature and
        environment either social, economical or polital. 
    </para>

</sect1>