Goldstein is a social media server with multiple client programs for handing different functions. It’s modelled on IRC, but stores messages, on both the server and client. It aims to eventually replicate the basic functionality of Facebook, YouTube, Twitter, etc, but with the freedom of running one’s own server.
However, it’s main purpose is to reliably preserve messages and files. If a server goes down (or is taken down) all messages and user information still functions as normal in offline mode. This provides the user with a complete record of every message she has downloaded, across multiple servers. This is the origin of the name: from the supposed character of Goldstein in George Orwell’s Nineteen Eighty-Four, who was demonised for trying to accurately preserve history.
Stores messages on both server and client, using the same data format.
Allows download and upload of files using their SHA-256 secure hashes, which allows multiple servers to securely host each others’ files.
Features multiple channels, with user ranks.
Caches user information (name, real name, description, icon) locally, updating only data that has changed.
Doesn’t use TCP networking, making it both fast and resistant to DDOS attacks.
Encrypts messages to and from client and server using either Serpent or Rijndael (aka AES) 128 bit block ciphers, with 256 bit keys.
Uses 4096 bit Diffie-Hellman-Merkle key exchange.
Allows users to exchange pre-shared secrets with servers, for extra security.
Never exchanges unencrypted data, making it ideal for use with steganography.
Uses a library for most functionality, making it modular.
Since the library can only support one server at a time, commands/applications based on it can only access one server simultaneously. This does however simply the user interface.
Because Goldstein aims to preserve all messages that have been read, on client systems (out of reach of the server), there is no way to delete or edit messages.
Servers are assumed to be relatively harmonious communities. This means there aren’t user groups, nor blocking of users. Instead users have ranks: owner, admin, trusted, regular, normal, and guest.
Since Goldstein doesn’t use TCP, messages are limited to a single packet, which means they can only be 1024 bytes long.
User and channel names are limited to 16 characters. Real names are limited to 32 characters and user descriptions to 256.
No automatic downloading of channels file.
No unicode support (including emojis).
No muting of users.
No download or upload quotas.
No audio or video communication.
No display/playback of audio, video or 3D model files.
No Android client.
goldsd: The server.
golds-crypt: Command used to encrypt and decrypt files. Doesn’t connect to a server.
golds-file: Command used to download and upload files from/to a server.
golds-user: Command used to perform user commands on a server. These tasks include changing user info (real name, description, icon), changing your password, creating pre-shared secrets, adding/removing/renaming channels, and user admin.
golds-msg: Command used to send and download messages and user configs to/from a server.
golds-chat: Ncurses based command line chat program, used to send and automatically receive messages and user configs continually from a server.
golds-gtk: GTK based GUI chat program, used to send and automatically receive messages and user configs, continually from a server. Supports multiple channels and display of image files.
Goldstein uses two different forms of encryption: symmetric block cipher and Diffie-Hellman-Merkle (DHM) key exchange.
There are two types of block cipher used: Serpent and Rijndael (aka AES). The default is Serpent, since it only lost the Advanced Encryption Standard (AES) competition in favour of Rijndael because it was slower - thus the competition was flawed. Since Serpent uses a more conservative design it must take precedence, especially since it appears as if it has been abandoned by the cryptography community, for no good reason.
DHM key exchange is done with GNU Multiple Precision Arithmetic (GMP) library, using a 4096 bit modulus and 2048 bit secrets. This is achieved with only one packet in each direction.
See the INSTALL file for generic install instructions - this package uses the Autoconf compilation and installation system.
To get it running, a bit more work is needed. First on the server:
Create the change root directory (/var/lib/goldsd/ by default).
Create the “users” directory within the change root directory and copy the supplied “etc/admin.cfg” file there, editing it to add a password (in the passwd-text option). Nb. the password will be hashed (encrypted) once the server has been run.
Copy the supplied “etc/channels.txt” file to the change root directory, editing it to add/remove channels.
Run goldsd, either like this: goldsd -chroot-dir=[change root directory] -pass=[server password] -hostname=[server hostname], or placing the options in the system config file (probably /etc/stdconfig/goldsd) and running it like this: goldsd. Nb. -chroot-dir can be omitted it’s the default (/var/lib/goldsd). Nb. chroot with the root user will be insecure unless run without all but chroot capabilities - eg. via Systemd, Startd, etc.
Now on the client:
Create the “~/.config/goldstein/servers/” directory, and copy the supplied “etc/local” config file to it.
Edit the “~/.config/goldstein/servers/local” config file, and possibly change the name - the name of the file is the name of the server for commands.
You can now connect to the server, adding more users with golds-user, upload files with golds-file, etc. The commands must be run with the -server=local option.
The daemon and associated commands are licensed under the GNU General Public Licence (GPL).
The major version of the GPL used is only 2, in rejection of version 3’s social engineering. Forks of Startd may use GPL version 2, version 3, or later versions.
Found a bug? Please send the details to bugs@cinfinity.info. Mention the program being used, package (with version and/or release number) it came from, command line and config file options, and ideally the backtrace provided by gdb (with the bt command). Please don’t send core files (unless requested).
Any ideas for improvements can be sent to marks@cinfinity.info.
If you want to make a contribution, you can send patches to patches@cinfinity.info. I can’t guarantee I’ll accept them though, since Startd is designed to be minimalist, so for anything substantial, you should probably ask first. Patches should be in unified diff format, created with diff -u <original file> <modified file>. Nb. I don’t use git or any other source code version control system, since I believe that every package should have a single author, and that large projects should ideally be broken down into a number of independent libraries.
My name is Mark Skinner. I’m an Australian, self taught computer programmer, with a degree in engineering (specifically, computer control systems).
I write all my source code using a simple text editor, and compile and test it via the command line. My Xwindow GUI consists of a text editor, web browser and a number of terminals.
Last modified: 2022-08-03 15:37:07 UTC.