[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Stormy - request for feedback



Hey all,

  Sorry for the delay in responding -- comments inline.

Fabio Pietrosanti - lists wrote:
I would suggest to add a Tor2web policy that, looking at X-Tor2web: HTTP
header, enable or disable access to the Blog trough he internet:

  What is your reasoning for disabling access via tor2web?

You may also consider adding support for Ahmia directory index

  This seems reasonable =)  Added as a task.

Nicolas Vigier wrote:
So I am thinking that an other way to do it could be to write a few
ansible modules (or modules for your favorite configuration management
tool) for the various tasks currently done by the script (installing
nginx, installing a blog software, setup a hidden service, configure
the firewall, etc ...), or take existing modules if they do what is
needed.

I've been considering creating ansible modules to make it easier to deploy for some people. An organization reached out who wants to offer it in-house as some kind of enterprise service, which has reignited the discussion.

Then write a GUI program that will ask some questions, and when
you click on the "setup" button generate an ansible variables file
containing the answers to those questions (variables which are used by
the ansible modules), and run ansible to apply the changes on the system.

Lots of people would like a GUI, which would make it much easier to deploy, but I always recommend that people segregate their hidden services (and websites) from their personal machine. I might be slowly changing my mind on GUIs for a number of reasons. It's still not a good idea to run on one's personal machine if there is a large risk associated with being personally linked to running a particular hidden service (eg, Muslims in Myanmar should host in a VM or a dedicated machine). But this may be a case where more users would be better served by having a gui than the fairly mild risk of someone running a service on their personal machine.

And a GUI would be great for people who want to run a hidden service using Tails. =)

Patrick Schleizer wrote:
I think it's non-ideal to modify config files using cat/sed/echo. That
breaks sooner or later. And if later settings are supposed to be changed
in the same file, things get messy. Some suggestions...

It would be better to put the config files into (debian) packages.

While this is true for popcon, this is not possible for most config files being edited. The most critical edits require the onionsite address, which of course has to be generated by each user on their own.

It's possible for debian and ubuntu packages to list package conflicts, which would be much better than rolling up custom packages that only exist to remove another.

Please consider to set timezone to UTC. Perhaps use the timezone-utc [2]
package?

  Tor requires an accurate clock to work properly.

You're sure you're not inventing a new linux distribution here? :)

Quite sure ;-) There's a real risk in trying to be everything to everyone. Not only does everything have to be created and documented, but maintained long-term. Bash scripts are straightforward for these tasks, as is ansible, VMs much less so, and GUIs very difficult.

best,
Griffin


--
"The apparent safety of modern life is just a shallow skin atop
an ocean of blood, guts and bricked devices."
~Pearce Delphin

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev