@JulianOliver It's network effect in action... I'm 60km away from the big city and I can reach it via #Meshtastic, but both meshcore and reticulum are just quiet here. Also, while reticulum looks way better than the other two regarding network design, it's not only the prebuilt hardware availability -- flashing it to one of my boards was rather easy, but the documentation in general is sparse and intimidating and not suited to the layperson.
IMO Reticulum/LXMF/Sideband is superior to any other mesh txting solution atm. I'm really impressed by the maturity and flexibility of this design & approach.
However, without an off-the-shelf scan & go hw market, as #Meshtastic has (even if only for LoRa), public will never get in on the action, resulting in thin or nonexistent infrastructure to lean on in a blackout. A mesh needs surface to be useful.
I hope they solve this. Sometimes the best ideas and implementations alone are not enough
So to hopefully make it more clear, I wrote a CLI tool which can recover the decryption parameters for DM conversations.
It basically does everything but the final AES-CCM decryption. Turns out there's something funky with the meshtastic AES-CCM implementation and I can't seem to fully decrypt using an openssl based library.
This does not mean DMs are any safer, just that I haven't taken the time to crosscompile the MT/arduino AES routines to x86 yet.
https://github.com/datapartyjs/meshmarauder/blob/main/bin/mitm-dm
This segment of meshtastic's DEFCON post are sadly not correct.
I can't tell you why how exactly the firmware and phone app work but I can tell you that if you are near someone PKI spoofing it absolutely does replace the users private key on BOTH the app and the firmware.
The only pub keys that are pinned are your favorites list.
It doesn't matter what -type- of AES is used after the public key is replaced you're already MITMd.
So I'm not sure how to say it in a more concise way but YES meshtastic direct messages are at risk of MITM (man-in-the-middle) if your public key can be replaced by an attacker who spoofs the PKI.
Due to the way DMs and adverts work I believe this risk likely exists for any device on meshtastic regardless of whether they are on public channels or not.
@datenburg Ihr habt einen #Meshtastic Router aufgestellt! Super!
My #Meshtastic node is ready for the rooftop, I think!
contact
Now just need to climb said ladder.
My second Meshtastic solar node is finished!
Inside there is:
- Seeed Studio XIAO nRF52840
- SD30CRMA MPPT set to 4.2 V
- 4 x Li-Ion battery
- a 3d printed T-shaped spacer
The antenna is a skirted dipole as seen in my last two posts:
https://toot.fan/@finn/115045339025026500
https://toot.fan/@finn/115029240863609782
I will make a third one before trying a different design. One of those is already installed on a roof and working well.
@jonty @adamgreenfield Same observations here at my end. #Meshtastic is very indeterministic currently and I don't see a very active development community, either.
Aha, kaum hat‘s die externe Antenne, findet das #Lilygo T-Deck Plus auch endlich mal #Meshtastic Nodes! Jetzt muss ich „nur noch“ dieses steinzeitliche Kartensystem bedienen und haufenweise fixe Grafikdateien für Zoomstufen auf die SD-Karte packen – und vorher erstmal finden bzw. erzeugen! Mit einem Tool, was man erstmal bauen muss!
Oder geht das irgendwie einfacher?
So, Operation erfolgreich. Interne Antenne abgeklemmt, externe Antenne eingebaut. Jetzt hoffentlich deutlich besserer #Meshtastic Empfang! #Lilygo #tdeckplus
@KrissyKat "I bought a Meshtastic compatible device, a Heltec V3 LoRa transceiver, to do some experimenting with the DIY messaging system. It can be used off-grid to communicate in situations where cell phones are not available, for example. I'm still learning how to use it. I have connected it to the MQTT server run by Chicagoland Mesh and have been checking out the group chat channel by replying to people sending test messages to let them know I saw them. I did see a message sent from an airplane passing through the Chicago area skies this morning which was pretty great."
This is awesome!
[Got what I needed, thanks – PLEASE DO NOT boost this further.] This is an open call for insight and help: I’m looking for guidance from folks who are familiar with #Meshtastic to help me understand what would be involved in setting up and maintaining a national-scale #mutualaid and disaster-response (relief/recovery/“resilience”) network in the UK.
Ich glaube, in Karlsruhe wurde eine kritische Nodedichte erreicht.
Gefühlt habe ich von jedem Punkt der Stadt aus Kontakt zu meinen Konten in der Wohnung.
Excellent tropospheric conditions in the last few days. The #MeshCore community in the UK and NL have been able to exchange a lot of messages. With distances close to 350-450km. Sadly there's no similar activity possible on @meshtastic at these distances.
#lora #lorawan #meshcore #meshtastic
At #DEFCON33, #Meshtastic ran its biggest mesh yet—2K+ nodes, thousands of msgs & an unexpected live vulnerability demo. Lessons learned Big plans for security, identity & UX.
Full recap https://meshtastic.org/blog/that-one-time-at-defcon/
Interesting. This meshtastic node is approximately at JPL. Which would explain the enthusiasm for the USGS earthquake output #jpl #meshtastic
Someone wired up the USGS earthquakes to #meshtastic recently.... Seems like they will want to limit it geographically.
You can see this implemented on the fediverse at @quakes (one example)