Electromagnetic Field 2022

2022-05-24T11:10:04Z

Dpslwk:

[[File:Emf1.jpg|thumb|left|The EMF sign in 2014]]

Electromagnetic Field (EMF) is a non-profit UK camping festival for those with an inquisitive mind or an interest in making things: hackers, geeks, scientists, engineers, artists, and crafters. This wiki is intended to allow attendees of EMF to coordinate information sharing, for more general information about EMF see https://emfcamp.org/.

== Interesting Pages ==

* [https://wiki.emfcamp.org/wiki/Category:Villages Villages] - A list of all the villages with wiki pages.
* [[Location/Lift sharing]] - Lift sharing, find people to get a lift with, or who need a lift
* [[Camping Gear Lending and Borrowing]] - Lend or borrow camping gear
* [[Network]] - More information than you could ever want about the network and wifi

If you've got other things you want to share with people, add a page for them.

APIs

2022-05-21T10:50:29Z

Dpslwk:

EMF-relevant APIs that can be used are documented at [https://developer.emfcamp.org developer.emfcamp.org]. Feel free to add more via this [https://github.com/emfcamp/developer.emfcamp.org GitHub repo].

Network

2022-05-01T18:03:37Z

Dpslwk: /* Wireless */

[[Team:NOC]] has tried to build and support the fastest network for you: a network comparable to a medium sized ISP, built up in just a couple of days. It might not be perfect all the time. We will be providing blanket wireless coverage and wired network access to both venues and camping tents.

=== Key points ===

* To use the camp WiFi on most modern devices, connect to the '''emfcamp''' network with a username of '''emf''' and a password of '''emf'''.
* You have a public IP address and there is no network firewall or filtering. [[#Security|Keep safe!]]
* Don't set up your own wireless access point. This is a serious problem in such a dense event and [[Network/Rogue Access Points|here's why]].

== Wireless ==

<dl>
<dt>Network Name (SSID)</dt>
<dd>emfcamp</dd>
<dt>Username</dt>
<dd>emf</dd>
<dt>Password</dt>
<dd>emf</dd>
</dl>

The whole field has been covered with many wireless access points to ensure the best possible coverage and to allow you to roam seamlessly without interruption. Please note that your device will be reachable by anyone on the internet, please take suitable precautions such as turning on a firewall, and making sure your software is up to date.

You should not bring your own wireless access point, its unlikely to provide better service than the camp ones, and it makes the network worse for everyone else. Any rogue access points will be hunted down and disconnected from the network - see [[Network/Rogue_Access_Points]] if you want to know why. If you have a project that needs to provide its own AP for some reason please contact the NOC and we will find an alternative solution.

Here is the complete list of wireless networks (SSIDs) available:

{| class="wikitable"
! emfcamp
| This is 5GHz and should you should use this one in preference, if you can see it. This is the most secure, WPA2-Enterprise.
|-
! emfcamp-legacy22
| This is 2.4GHz and less resistant to interference, use it only if you have to. This is also WPA2-Enterprise.
|-
! emfcamp-insecure22
| '''Warning: insecure''' This is both 5GHz and 2.4GHz, and is for older devices that don't support WPA2-Enterprise. It's unencrypted, and people will likely intercept your traffic. It does however give you an address behind NAT.
|-
! spacenet
| This is 2.4GHz + 5GHz and WPA2-Enterprise, you can connect with a valid account if your hackerspace offers [https://spacefed.net/ spacenet].
|-
! eduroam
| This is 2.4GHz + 5GHz and WPA2-Enterprise, you can connect with a valid account if your university/college/school is offering eduroam. More information can be found at [https://www.eduroam.org/ eduroam.org].
|}

When connecting to any of the WPA2-Enterprise password, which require a username and password, you can use the following (case-sensitive):

{| class="wikitable"
! Username
! Password
! Result
|-
| emf
| emf
| Unfiltered connection, public IP address, no NAT.
|-
| internetofstuff
| internetofstuff
| Filtered connection, public IP address, no NAT. Inbound connections from the rest of the campsite are possible, inbound connections from the Internet are blocked.
|-
| outboundonly
| outboundonly
| Filtered connection, private IP address, NAT. Inbound connections from the Internet are not possible.
|}

Use of the 5GHz SSIDs is recommended if your device supports them. 802.11b is disabled as it slows everyone else down.

Even if you are using an encrypted network, you should still [[#Encryption|encrypt any sensitive traffic]] sent over the air end-to-end to prevent snooping. Although some SSIDs offer encryption, it is only over-the-air.

We have airtime fairness configured on our wireless controllers, so if you wish to use a lot of bandwidth (e.g. stream videos or download large files), please use a [[#Wired|wired connection]].

==== Client Settings ====
Also see [[Network/802.1X client settings]] for a list of OS-specific client settings.

SSID: emfcamp or emfcamp-legacy18

EAP-TTLS:

Phase 1: EAP-TTLS
Phase 2: PAP

PEAP:

Phase 1: PEAP
Phase 2: MSCHAPv2 or EAP-MSCHAPv2 or PAP

CN = radius.emfcamp.org
CA = DST Root CA X3
SHA256 Fingerprint = [ To be determined ]

Make sure '''you check the certificate''' in order to know you are connecting to the correct network (you should check on both the CN and the CA). Check [[Network/RADIUS_certificate|here]] for the complete certificate.

== Wired Ethernet ==

All camping areas are within 60m of a datenklo (or data toilet), where you can connect to the network. If you intend to do so please bring 60-70m of CAT5 cable as we are unable to provide any.

Lay your own cable neatly from your tent back to the nearest Datenklo, and leave 6m of slack coiled on the floor in front of it. And please lay it so that it can be clearly seen that it needs to be plugged in - or you risk having your cable overlooked. At regular intervals a member of the NOC team will connect it up and enable the port.

If you wish to be removed from a Datenklo again on Sunday or Monday, leave your entire cable coiled outside the DK and we will disconnect it. If you need to leave before then, contact the [[Team:InfoDesk|helpdesk]] directly.

All of our edge ports are at least 100 Mbps or 1 Gbps, auto-negotiate, auto-MDX. We are unlikely to have PoE ports for general use.

Note that most of our ports will not support 10 Mbps - if you need it for old equipment or embedded things, please bring your own switch to convert.

== Static IPs ==

If you need a static IP on the wired network, contact the NOC.

== IPv6 ==

Naturally, IPv6 is available throughout the network and should "just work" for you. Team:NOC does not recommend disabling IPv6 if you have problems, instead try to understand the problem you are experiencing and get educated in the new world order. Contact the [[Team:InfoDesk|NOC helpdesk]] if you need help.

== Services ==

* DNS: 78.158.87.11 and 78.158.87.12
* NTP: 78.158.87.11 and 78.158.87.12 (ntp1.emf.camp and ntp2.emf.camp)
* Nearest Debian mirror: http://debian.mirror.uk.sargasso.net

== Security ==

=== Encryption ===

Please treat the network as wide open and full of attackers. Although [[Team:NOC]] themselves will not monitor the network, always assume that Alice flirting with Bob will be spied upon by The Third Party.

Any sensitive information including passwords must therefore be encrypted. Please make sure you don't use any software or web applications that send sensitive data or passwords in the clear.

The following mechanisms should be safe:
* Anything that goes through a VPN
* Any website that uses HTTPS
* Any application that uses SSL
** In the case of email, you need to have SSL enabled for both receiving mail (POP, IMAP) and sending it (SMTP)
* ssh and scp
* Where possible, use One-time passwords. Real tokens work best, many of those should be compatible with open source radius servers. [http://perlmonks.org/?node=967433 Here] is a simple Perl radius server implementation for [http://tools.ietf.org/html/rfc6238 RFC6238] tokens that works with ssh and other stuff on linux.

The following are almost always unsafe:

* FTP with login/password (are almost always sent in the clear)
* Telnet with login/password
* Email if you don't use SSL
* Webmail that doesn't use HTTPS
** Someone could trigger a password reminder and then intercept your email
* Websites that use HTTP (not HTTPS) where you need to fill in a password in the page itself

Possibly unsafe, make sure that you understand what you're doing:

* Websites where you need to fill in a password and your ''browser'' (not the website!) tells you it's going to be sent securely
* Websites that require an account but remember you're logged in
** The password ''may'' be protected but not the content or cookies that automatically log you in
* Any time your browser or other application brings up ''anything'' to do with a certificate
* Anything not protected with SSL: someone could be faking DNS answers to impersonate certain sites

Remember: if you're being stupid someone may feel the need to teach you a security lesson in a not so subtle way! (No, that doesn't mean it's ok to hack people just to see if their security is in order.)

=== Firewall ===

There is no network firewall. We operate an unfiltered network that is wide open to the Internet. There is no NAT, and everybody has a public IP address. This is our definition of "network neutrality" - a network that doesn't do anything whatsoever to your IP connection.

If you are used to feeling secure just because you've been sitting behind a NAT router, think again. You are now wide open to the whole Internet. Ensure your personal firewall is enabled and set to "Public Network" and that you have applied all security updates to your OS and applications.

If you are not confident that your device is secure, use the "outboundonly" login. However as with any NAT, this is just an illusion of security. You will still be attacked from within the campsite.

== FAQ ==

=== Can I bring a server? ===

Sure. You can host a server anywhere on the network, and the long DHCP lease time will effectively give you a static IP address.

If you would like to house your server in our data centre (NOC-DC), please contact us before the event by e-mail to noc@. 1 Gbps copper ports are standard; if you require a 10 Gbps port, you'll need to supply a DAC or SFPs (our end Arista-coded) with fibre.

=== Is there a server I can use to host data on site? ===

Due to lack of demand at the last event, this will not be provided this time.

=== Can I use the 2.4GHz band for non-wifi projects? ===

The following channels are available for adhoc/mesh/other wireless stuff:

* 2.4Ghz: Channel 1
* 5Ghz: Channel 136, 140

We cannot force you to use these channels, but we are trying to build a functional wireless network for the other attendees too. So please, don't do any experiments on other channels.

=== Can I bring an access point? ===

No, this is strictly prohibited! We need all available channels to provide good quality coverage for the rest of the attendees. Please do not be selfish here as you will degrade performance for everyone else, and we WILL track you down.

If you think you can ignore this rule because one little access point can't hurt anyone, think again. This page has the calculations on just how huge a problem it is for an event of our size: [[Network/Rogue Access Points]].

If you are operating a village (using an EMF-supplied tent) that has poor coverage, we may be able to arrange to put an extra access point in it during the event to improve coverage. Stop by the NOC and ask.

=== Can I bring a switch? ===

Yes, but for stability purposes all edge ports are limited to 10 MAC addresses at a time. If you want to connect a switch with more stations, you need to stop by the NOC and ask us to raise the port-security on your port. If you do this, you need to convince us that you know what you're doing and promise not to do anything that may harm the network - in particular, you must not connect the switch to our network by more than 1 cable (not even to a different DK). Make sure that you disable STP and other protocols on your switch which try to be intelligent.

=== My port goes up and down every couple of minutes ===

You have probably tripped port security. Most likely scenario is that you have connected more than 10 stations without consulting us (see answer to previous question). To reduce support calls, the port will automatically be re-enabled after a few minutes. But if you haven't fixed the problem, it will immediately be shut down again.

== Supporters ==

We'd like to extend our immense gratitude to the following people and organisations who have been instrumental in making the EMF network and uplink happen through their donations and sponsorship:

* [https://ethernet.business.sky.com Sky For Business]
* [http://www.sargasso.co.uk/from/emfcamp Sargasso Networks]
* [https://eventinfra.org EventInfra]
* [https://www.lonap.net LONAP]
* [https://www.comtec.com Comtec Enterprises]
* [https://www.mythic-beasts.com/ Mythic Beasts]
* [https://www.i3d.net/ i3d]

Electromagnetic Field 2022 - User contributions [en-gb]

Electromagnetic Field 2022

APIs

Network