On Thu, Jun 9, 2011 at 2:57 PM, Runa A. Sandvik <span dir="ltr"><<a href="mailto:runa.sandvik@gmail.com">runa.sandvik@gmail.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Wed, Jun 8, 2011 at 4:02 PM, Andrew Lewman <<a href="mailto:andrew@torproject.org">andrew@torproject.org</a>> wrote:<br>
</div><div class="im">> On Tue, 7 Jun 2011 15:36:45 -0700<br>
> Jacob Appelbaum <<a href="mailto:jacob@appelbaum.net">jacob@appelbaum.net</a>> wrote:<br>
><br>
>> > We would also need a way for users to easily change the hashed<br>
>> > password. I can't remember if this is a feature that is already<br>
>> > present in Vidalia.<br>
>> Yes, we do need a way to change the password. We will also need a way<br>
>> to reset the password if the user is locked out of the control port. I<br>
>> generally think that this means we'll need a web UI... :-)<br>
><br>
> It's built into vidalia. Just click Advanced and you can change the<br>
> password all you want.<br>
><br>
>> I think the best thing is to make an autoconfiguring device with a<br>
>> web UI; we can easily rate limit Tor to something reasonable and make<br>
>> it a middle node by default. In all cases it stands alone and simply<br>
>> plugging it into a wall (power/ethernet) will provide more capacity<br>
>> to the network if the OR port is reachable (ala tor-fw-helper + tor +<br>
>> init.d scripts to start Tor on boot).<br>
><br>
> Most of me wants to wait for the freedombox people to derive their web<br>
> interface, and then we can plug tor into it. I realize this could be<br>
> years at the current rate of progress. If someone whips up a quick<br>
> interface that isn't a security nightmare, we could use that until<br>
> freedombox has something tangible.<br>
<br>
</div>Yeah, I was hoping the freedombox people would have something we could<br>
use. Doesn't seem like it, though. I think that, at some point, we<br>
should create a web ui for the dreamplug. But not having one right now<br>
should not be a blocker for the dreamplug-torouter.<br>
<div class="im"><br></div></blockquote><div><br></div><div>Well, I'm not sure what you mean... The FB is just a Debian machine. Pick a web server, write a cgi and perhaps that will be the main interface? :-) I'd email the FBF list and ask. Perhaps the best web UI is one that is already written? Is the web UI for the Excito free software?</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
> I suggest we ship the dreamplug with cli access only for those who want<br>
> a cheap device to be a bridge or relay.<br>
<br>
</div>I guess we can set up dreamplugs as bridges by default and include a<br>
leaflet explaining the steps to take to change the configuration. Do<br>
you think we should touch the default setup of the dreamplug (it<br>
serves an open wifi by default, for example)?<br>
<div class="im"><br></div></blockquote><div><br></div><div>I believe that by default we should be shipping middle relays and we should be shipping 0.2.3.x with tor-fw-helper enabled by default as well.</div><div><br></div>
<div>I think the boxes should be re-flashed to have Debian or a modern Ubuntu and locked down except with Tor and OpenSSH as listening services. We also need things to sync time and so on.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">
> I suggest we ship the excito with the web ui as the easy to use<br>
> option.<br>
<br>
</div>Yep, the Tor web ui for the Excito B3 should be ready at the end of the month.<br>
<div class="im"><br></div></blockquote><div><br></div><div>Is it Free Software? Can we use it on the DreamPlug until we have something else?</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">
> In either case, we need to start testing, not keep thinking about what<br>
> we could do. We're going to get a flood of feedback from actual people<br>
> testing the excito or dreamplug.<br>
<br>
</div>Valid point.<br><font class="Apple-style-span" color="#888888"><br></font></blockquote><div><br></div><div>I think we need to talk about what we need for the OS. I suspect we need OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files + time syncing (clockskew for example) + a randomly generated password that we uniquely key for each router in some non-silly way.</div>
<div><br></div><div>Is there a trac ticket for the OS part of the Torouter? </div><div><br></div><div>All the best,</div><div>Jake</div></div>