[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: flash in a (hello xB Machine)



Roger, just how much documentation would you like? You won't have to
romance me to give docs, it just isn't priority 1. I mean, I could spend
hundreds of hours documenting what is going on or you could ask
questions. Most of it is built on pre-existing software, and all the
source is available. The system will auto-update, and check the package
signatures.

Here is a diagram of what is going on:
http://www.xerobank.com/images/xBVM_diagram.png

That should answer most of the questions.

Here is a current screenshot:
http://www.xerobank.com/images/xBVM_dev_screenshot.jpg

And here are the basics of what is going on:
Basic features:
- Designed to run within VMWare (Workstation, Server, Player), Qemu,
others may follow in second release only private network information, no
public.
- Firewall only allows anonymity client outgoing/incoming traffic
from/to external interfaces. No outgoing traffic without anonymity
- Some hardening to make local exploits less easy (GrSecurity,
stackprotection, minimal suids, etc)

Anonymity clients:
- Tor
- Jap
- xB Plus
- xB Pro / Premium

Usability features:
- Firefox with privacy extensions and settings
- Thunderbird with privacy extensions and settings
- GPG and Enigmail
- Pidgin w/ OTR Chat client
- Text editor, image viewer
- Filemanager
- Autoconfiguration of anonymity clients
- Proxy autoconfiguration of clients (Firefox, Thunderbird without
restart of program)
- Remote filesystem via WebDavFS/SSHFS with encfs
- Local user filesystem with loop-aes
- Userdir with dmcrypt/pam_mount
- Console (command line text thing, green characters on black background )

Windowmanager: Enlightenment

Additional features:
- Easy updating without destroying userdir
- Integrity check from host system

Future features:
- LiveCD to boot Qemu and xBVM

Details on firewall:
- Each outgoing software runs under it's own userID
- Firewall only allows those userIDs
- LSM SecLVL to keep router/firewall from being changed if system got
hacked locally (maybe, not sure on that yet)


Regards,
Steve

Roger Dingledine wrote:
> On Fri, Jul 27, 2007 at 12:39:59AM -0500, Arrakis wrote:
>> The question is if the stand-alone player, just like regular flash
>> player, phones home without regard to your proxy settings.
>>
>> Or you could just wait till xB Machine is released on August 3rd and
>> never worry about it again.
> 
> Unless you have to switch to worrying about how xB Machine works and
> whether it addresses all the problems correctly and doesn't add new
> ones. :)
> 
> I look forward to my conversation with you on Aug 3 where I try to
> convince you to document and publish what you intend it to be doing,
> so we have something to compare against. :)
> 
> --Roger
> 
>