[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r11977: Once more, Ahem. (weather/trunk)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r11977: Once more, Ahem. (weather/trunk)
From: pde@xxxxxxxx
Date: Tue, 16 Oct 2007 04:10:12 -0400 (EDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Tue, 16 Oct 2007 04:10:19 -0400
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: pde
Date: 2007-10-16 04:10:12 -0400 (Tue, 16 Oct 2007)
New Revision: 11977

Added:
   weather/trunk/README
   weather/trunk/TODO
Log:
Once more, Ahem.



Added: weather/trunk/README
===================================================================
--- weather/trunk/README	                        (rev 0)
+++ weather/trunk/README	2007-10-16 08:10:12 UTC (rev 11977)
@@ -0,0 +1,25 @@
+This is the Tor Weather server.  It offers a service that allows users to sign
+up for email alerts in case a particular tor node becomes unreachable.
+
+The process runs a web server which allows users to sign up for these alerts.
+Subscription confirmations, and the email alerts themselves, are sent via SMTP
+on localhost:25.
+
+On debian systems, the following packages are required to run it:
+
+python2.5
+python-gdbm
+python-dns
+python-webpy
+tor
+
+/etc/tor/torrc should be configured to enable the control port and insist upon
+authentication.  Plaintext control port authentication information
+should be placed in config.py, along with a publicly addressable url prefix
+("http://server.domain.com:port";).
+
+Weather stores its records in a set of gdbm databases: requests.gdbm,
+subscriptions.gdbm, unsubscriptions.gdbm, and failures.gdbm.  For real usage,
+it absolutely essential to backup subscriptions.gdbm properly, and
+unsubscriptions.gdbm is pretty important too (though the code could be modified
+to recover from its loss).

Added: weather/trunk/TODO
===================================================================
--- weather/trunk/TODO	                        (rev 0)
+++ weather/trunk/TODO	2007-10-16 08:10:12 UTC (rev 11977)
@@ -0,0 +1,15 @@
+* Security audit
+
+* Fix TorCtl.Connection.close()
+
+* What happens if the openssl command gets a go-slow DOS attack in response?
+
+* Might someone attack weather with a huge number of spurious subscription requests?  Should we have
+  exponential backoff or similar?
+
+* figure out how to disable HTTP logging through web.py, and should decide what
+  diagnostic logging makes sense (currently, there is a debug variable in each
+  of weather.py and poll.py; turning these on currently produces a lot of
+  semi-informative chatter on stdout and turns the web server into an oracle
+  for whether address x has already subscribed to alerts about node y, which is
+  of course unsatisfactory)

Prev by Author: [or-cvs] r11976: Added some notes, and cross-linked to TorCtl in torflow (svn (weather)
Next by Author: [or-cvs] r12045: Various security things: * Use uradom() for security-related (weather/trunk)
Previous by thread: [or-cvs] r11976: Added some notes, and cross-linked to TorCtl in torflow (svn (weather)
Next by thread: [or-cvs] r11978: 0.1.2.17-dev-1 development snapshot (tor/branches/tor-0_1_2-patches/debian)
Index(es):
- Author
- Thread