[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] The Torouter and the DreamPlug



On Thu, Jun 9, 2011 at 4:55 PM, Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
> On Thu, Jun 9, 2011 at 2:57 PM, Runa A. Sandvik <runa.sandvik@xxxxxxxxx>
> wrote:
>>
>> On Wed, Jun 8, 2011 at 4:02 PM, Andrew Lewman <andrew@xxxxxxxxxxxxxx>
>> wrote:
>> > On Tue, 7 Jun 2011 15:36:45 -0700
>> > Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
>> >
>> >> > We would also need a way for users to easily change the hashed
>> >> > password. I can't remember if this is a feature that is already
>> >> > present in Vidalia.
>> >> Yes, we do need a way to change the password. We will also need a way
>> >> to reset the password if the user is locked out of the control port. I
>> >> generally think that this means we'll need a web UI... :-)
>> >
>> > It's built into vidalia.  Just click Advanced and you can change the
>> > password all you want.
>> >
>> >> I think the best thing is to make an autoconfiguring device with a
>> >> web UI; we can easily rate limit Tor to something reasonable and make
>> >> it a middle node by default. In all cases it stands alone and simply
>> >> plugging it into a wall (power/ethernet) will provide more capacity
>> >> to the network if the OR port is reachable (ala tor-fw-helper + tor +
>> >> init.d scripts to start Tor on boot).
>> >
>> > Most of me wants to wait for the freedombox people to derive their web
>> > interface, and then we can plug tor into it.  I realize this could be
>> > years at the current rate of progress. If someone whips up a quick
>> > interface that isn't a security nightmare, we could use that until
>> > freedombox has something tangible.
>>
>> Yeah, I was hoping the freedombox people would have something we could
>> use. Doesn't seem like it, though. I think that, at some point, we
>> should create a web ui for the dreamplug. But not having one right now
>> should not be a blocker for the dreamplug-torouter.
>>
>
> Well, I'm not sure what you mean... The FB is just a Debian machine. Pick a
> web server, write a cgi and perhaps that will be the main interface? :-) I'd
> email the FBF list and ask. Perhaps the best web UI is one that is already
> written? Is the web UI for the Excito free software?

I was hoping there would be an existing ui what we could just plug Tor
into, just like we did with the Excito B3 interface.

>> > I suggest we ship the dreamplug with cli access only for those who want
>> > a cheap device to be a bridge or relay.
>>
>> I guess we can set up dreamplugs as bridges by default and include a
>> leaflet explaining the steps to take to change the configuration. Do
>> you think we should touch the default setup of the dreamplug (it
>> serves an open wifi by default, for example)?
>>
>
> I believe that by default we should be shipping middle relays and we should
> be shipping 0.2.3.x with tor-fw-helper enabled by default as well.
> I think the boxes should be re-flashed to have Debian or a modern Ubuntu and
> locked down except with Tor and OpenSSH as listening services. We also need
> things to sync time and so on.

Sounds like a plan. I prefer bridge by default, but we can discuss that later.

>> > I suggest we ship the excito with the web ui as the easy to use
>> > option.
>>
>> Yep, the Tor web ui for the Excito B3 should be ready at the end of the
>> month.
>>
>
> Is it Free Software? Can we use it on the DreamPlug until we have something
> else?

Yes, it's free software and will be available in the Excito GitHub
repository when it's released (not sure if it's there already, I don't
think so). The web interface is probably a bit too "heavy" (and
includes a good mix of php and perl) for the dreamplug, so we should
probably look for something else.

>> > In either case, we need to start testing, not keep thinking about what
>> > we could do.  We're going to get a flood of feedback from actual people
>> > testing the excito or dreamplug.
>>
>> Valid point.
>>
>
> I think we need to talk about what we need for the OS. I suspect we need
> OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files + time
> syncing (clockskew for example) + a randomly generated password that we
> uniquely key for each router in some non-silly way.
> Is there a trac ticket for the OS part of the Torouter?

There is now: https://trac.torproject.org/projects/tor/ticket/3374

We can move the discussion to #3374 if you want.

-- 
Runa A. Sandvik
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev