On Wed, Jun 8, 2011 at 8:02 AM, Andrew Lewman <span dir="ltr"><<a href="mailto:andrew@torproject.org">andrew@torproject.org</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On Tue, 7 Jun 2011 15:36:45 -0700<br>
<div class="im">Jacob Appelbaum <<a href="mailto:jacob@appelbaum.net">jacob@appelbaum.net</a>> wrote:<br>
<br>
</div><div class="im">> > We would also need a way for users to easily change the hashed<br>
> > password. I can't remember if this is a feature that is already<br>
> > present in Vidalia.<br>
> Yes, we do need a way to change the password. We will also need a way<br>
> to reset the password if the user is locked out of the control port. I<br>
> generally think that this means we'll need a web UI... :-)<br>
<br>
</div>It's built into vidalia. Just click Advanced and you can change the<br>
password all you want.<br>
<div class="im"><br></div></blockquote><div><br></div><div>Sure, I think that's good for a local socket but not going to help with remote control ports or a locked out password.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">
> I think the best thing is to make an autoconfiguring device with a<br>
> web UI; we can easily rate limit Tor to something reasonable and make<br>
> it a middle node by default. In all cases it stands alone and simply<br>
> plugging it into a wall (power/ethernet) will provide more capacity<br>
> to the network if the OR port is reachable (ala tor-fw-helper + tor +<br>
> init.d scripts to start Tor on boot).<br>
<br>
</div>Most of me wants to wait for the freedombox people to derive their web<br>
interface, and then we can plug tor into it. I realize this could be<br>
years at the current rate of progress. If someone whips up a quick<br>
interface that isn't a security nightmare, we could use that until<br>
freedombox has something tangible.<br>
<br></blockquote><div><br></div><div>I generally agree.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I suggest we ship the dreamplug with cli access only for those who want<br>
a cheap device to be a bridge or relay.<br>
<br></blockquote><div><br></div><div>That seems reasonable.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I suggest we ship the excito with the web ui as the easy to use<br>
option.<br>
<br></blockquote><div><br></div><div>How's that web UI doing?</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
In either case, we need to start testing, not keep thinking about what<br>
we could do. We're going to get a flood of feedback from actual people<br>
testing the excito or dreamplug.<br><font class="Apple-style-span" color="#888888"><br></font></blockquote><div><br></div><div>I agree. My excito is pushing a lot of data without any trouble, my dreamplug hasn't arrived.</div>
<div><br></div><div>I was thinking that we should talk about clocks. I think djb solved the main problem of syncing clocks a while ago:</div><meta http-equiv="content-type" content="text/html; charset=utf-8"><div><a href="http://cr.yp.to/clockspeed.html">http://cr.yp.to/clockspeed.html</a></div>
<div><br></div><div>I think we should consider this as something we push for any embedded system with Tor.</div><div><br></div><div>All the best,</div><div>Jake </div></div>