[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Your 'Relay Web Status Panel' GSoC idea (was: r26589: {website} Adding 'Relay Web Status Panel' Adding a project I'm interes (website/trunk/getinvolved/en))

To: Damian Johnson <atagar1@xxxxxxxxx>, "tor-dev@xxxxxxxxxxxxxxxxxxxx" <tor-dev@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-dev] Your 'Relay Web Status Panel' GSoC idea (was: r26589: {website} Adding 'Relay Web Status Panel' Adding a project I'm interes (website/trunk/getinvolved/en))
From: Karsten Loesing <karsten@xxxxxxxxxxxxxx>
Date: Thu, 06 Feb 2014 06:28:29 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Feb 2014 00:28:42 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=CuTxCf1ecBaXTrxYZnp27uJX0XHTkEoXbkxx2O8y2j0=; b=h66VzfeLAzmtUVG5hHX1N+titO2piuTgAopUWw4yKUteFgu0QvJ4WUF2Nd/XoaGXMz ZW1Oot6zE3AJs6svTOKEA7298xGlI8W0SvKxSM08IOXWtjAMU6EeEfCI4gwKszbPNxKi tDo5psuyiHPE1XndG3oEQRfdDtp1nfOLbavUPs2A9occRmvxxSKCpH4PFssCtaCtbrCR cLp/ngW4soIn8c9aC/NFGUz3vzIKtH/WAYRa8Gnobqg21291MY+aVA274XVXgl9PgvjH V2xrKHwvrdoiYOYBTTC/NANBVKOjrdS3zQizEuL9oRP9ucoozSkKrb6qtlyhlVgWHINw QJZw==
In-reply-to: <20140205170131.9AA392417E@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20140205170131.9AA392417E@xxxxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

Hi Damian,

this sounds like a fun project and a great GSoC project idea!

Some quick feedback: Have you considered suggesting this relay webstatus panel for a possible Torouter? I could imagine making this theprimary interface for a little Torouter box, so that people don't haveto ssh into it or install a desktop application to connect to it.

Which brings up two my questions: why not make this a "relay web statusand *control* panel"? Are the security risks really that much highercompared to using arm? And if you distrust the web server part of thisdesign, how do you prevent an attacker from breaking into the web serverand abusing the controller connection to reconfigure the relay?

And question number two: why not make this a "relay and *client* webstatus and control panel"? In the Torouter case, people might want touse their tor only as a client to route all their connections throughtor. Think of a little box that provides wifi access to nearbystrangers but tunnels everything through the local tor client to avoidlegal trouble. Or, if strangers need anonymity, the guy running the boxcould configure it as (private) bridge and mention the address on itslocal website for strangers to use with their own tor client.

I'm not at all suggesting to include all this in the GSoC project. Butmaybe these ideas could be mentioned or kept in mind?


Looking forward to seeing this happen!

All the best,
Karsten


On 05/02/14 18:01, Damian Johnson wrote:

Author: atagar
Date: 2014-02-05 17:01:31 +0000 (Wed, 05 Feb 2014)
New Revision: 26589

Modified:
    website/trunk/getinvolved/en/volunteer.wml
Log:
Adding 'Relay Web Status Panel'

Adding a project I'm interested in mentoring this summer.



Modified: website/trunk/getinvolved/en/volunteer.wml
===================================================================
--- website/trunk/getinvolved/en/volunteer.wml	2014-02-05 03:18:48 UTC (rev 26588)
+++ website/trunk/getinvolved/en/volunteer.wml	2014-02-05 17:01:31 UTC (rev 26589)
@@ -629,6 +629,7 @@
      <p>
      <b>Project Ideas:</b><br />
      <i><a href="#txtorcon-stemIntegration">Txtorcon/Stem Integration</a></i><br />
+    <i><a href="#relayWebPanel">Relay Web Status Panel </a></i><br />
      </p>

      <a id="project-txtorcon"></a>
@@ -917,6 +918,53 @@
      bonus points if it's Twisted.</p>
      </li>

+    <a id="relayWebPanel"></a>
+    <li>
+    <b>Relay Web Status Panel</b>
+    <br>
+    Effort Level: <i>Medium</i>
+    <br>
+    Skill Level: <i>Medium</i>
+    <br>
+    Likely Mentors: <i>Damian (atagar)</i>
+    <p>
+    Relay operators presently have a couple options for monitoring the status
+    of their relay: <a
+    href="https://www.torproject.org/getinvolved/volunteer.html.en#project-vidalia";>Vidalia</a>
+    which is a gui and <a href="https://www.atagar.com/arm/";>arm</a> which uses
+    curses. This project would be to make a new kind of monitor specifically
+    for relay operators that provides a status dashboard site on localhost.
+    </p>
+    <p>
+    The interface will likely <a
+    href="https://www.atagar.com/arm/screenshots.php";>borrow heavily from
+    arm</a>, except of course in areas where we can improve upon it. Two
+    important design constraints is that a localhost controller provides a
+    bigger attack surface than guis or curses, so we should be a little more
+    wary of what it does. This should be a read-only controller (ie, you can't
+    *do* anything to the relay) and by default not surface any sensitive
+    information (such as arm's connection panel).
+    </p>
+    <p>
+    This project will likely include two parts: an AJAX site and a localhost
+    daemon to fulfill those requests. <a
+    href="https://stem.torproject.org/";>Stem</a> is the backend of arm, and can
+    be used to get everything you see in arm's interface (making it a natural
+    choice for the daemon). That said, this project might entail some Stem
+    improvements if we run across any gaps.
+    </p>
+    <p>
+    Applicants should be familiar with Python, JavaScript, and learn about
+    <a href="https://stem.torproject.org/";>Stem</a>. <b>As part of your
+    application for this project please make both mockups of the interface and
+    a proof of concept demo application using JS to surface something with
+    Stem. <a
+    href="https://trac.torproject.org/projects/tor/wiki/doc/stem/bugs";>Involvement
+    with Stem development</a> during the application process is also a big
+    plus.</b>
+    </p>
+    </li>
+
      <a id="httpsImpersonation"></a>
      <li>
      <b>HTTPS Server Impersonation</b>

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits


_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Your 'Relay Web Status Panel' GSoC idea
  - From: meejah

Prev by Author: Re: [tor-dev] Using MaxMind's GeoIP2 databases in tor, BridgeDB, metrics-*, Onionoo, etc.
Next by Author: Re: [tor-dev] Looking up bridges in Globe et al. by fingerprint
Previous by thread: [tor-dev] Status Report - Torsocks 2.x
Next by thread: Re: [tor-dev] Your 'Relay Web Status Panel' GSoC idea
Index(es):
- Author
- Thread