<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div class="h5">> I think it's fine to ship one web interface for us now and later find a good<br>
> integration point with the Freedom Box later...<br>
<br>
</div></div>Yep, I agree.<br>
<div class="im"><br></div></blockquote><div><br></div><div>Great. I'm sure that if the web UI is free software and it works well, we can see if the FB will be interested in using it.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">> What's the rational there? While we certainly need more bridges, I'd like to<br>
> see an increase in relays and encourage more Friend of Friend bridge<br>
> sharing. We should include a bunch of common configs and make it easy to<br>
> setup. Also, a public relay will be much easier to help with in terms of<br>
> setup, I suspect.<br>
<br>
</div>Well, bridge by default is what they B3's are set up with. I also<br>
figure that a bridge sees less traffic than a relay, and so it might<br>
be more "friendly" for new users. But I like the idea of having a<br>
bunch of common configs, and we can also suggest bandwidth limits.<br>
<div class="im"><br></div></blockquote><div><br></div><div>Hrm. The B3 is certainly able to handle traffic. Also in both cases, we'll want to configure them to limit bandwidth. There is no promise that a relay or a bridge will see a certain amount of traffic if they're not configured to hibernate/rate limit/etc.</div>
<div><br></div><div>I'd like a device that I can plug into a wall and it will automatically join a network, probe for upnp/natpmp and become a relay. I'd also like a hidden service so that I can connect and administrate it from anywhere in the world; though this is clearly a nice to have and not a requirement. :-)</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
>> >> > I suggest we ship the excito with the web ui as the easy to use<br>
>> >> > option.<br>
>> >><br>
>> >> Yep, the Tor web ui for the Excito B3 should be ready at the end of the<br>
>> >> month.<br>
>> >><br>
>> ><br>
>> > Is it Free Software? Can we use it on the DreamPlug until we have<br>
>> > something<br>
>> > else?<br>
>><br>
>> Yes, it's free software and will be available in the Excito GitHub<br>
>> repository when it's released (not sure if it's there already, I don't<br>
>> think so). The web interface is probably a bit too "heavy" (and<br>
>> includes a good mix of php and perl) for the dreamplug, so we should<br>
>> probably look for something else.<br>
>><br>
><br>
> Can we rip out everything except the basics? If so, I think their web front<br>
> end is perfect and it already has a Tor UI thanks to you... :-)<br>
<br>
</div>Maaaaybe. I haven't tried, but it can't be that hard. I'll look into it.<br>
<div class="im"><br></div></blockquote><div><br></div><div>It seems like it may be modular from what you've said and if so, I mean, we've got the work put into the web UI already... :-)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">
>> >> > In either case, we need to start testing, not keep thinking about<br>
>> >> > what<br>
>> >> > we could do. We're going to get a flood of feedback from actual<br>
>> >> > people<br>
>> >> > testing the excito or dreamplug.<br>
>> >><br>
>> >> Valid point.<br>
>> >><br>
>> ><br>
>> > I think we need to talk about what we need for the OS. I suspect we need<br>
>> > OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files +<br>
>> > time<br>
>> > syncing (clockskew for example) + a randomly generated password that we<br>
>> > uniquely key for each router in some non-silly way.<br>
>> > Is there a trac ticket for the OS part of the Torouter?<br>
>><br>
>> There is now: <a href="https://trac.torproject.org/projects/tor/ticket/3374" target="_blank">https://trac.torproject.org/projects/tor/ticket/3374</a><br>
>><br>
>> We can move the discussion to #3374 if you want.<br>
>><br>
><br>
> I'm happy to keep hammering stuff out here and the we can dump the results<br>
> into the bug report.<br>
<br>
</div>Works for me. It's great to get feedback that will help get me started.<br>
<div class="im"><br></div></blockquote><div><br></div><div>I plan on hacking on it with you. In theory my DreamPlug arrives next week.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">
> What do you think about a DreamPlug with Debian or Ubuntu? Do we have a<br>
> preference?<br>
<br>
</div>Good question. I love Debian, but I'm sure Ubuntu would be great to<br>
use as well. I'll do some research and see if there is a good reason<br>
we should pick one over the other.<br>
<div class="im"><br></div></blockquote><div><br></div><div>The main reason is security and possibly support on the Ubuntu front. The main reason for Debian is quite frankly, weasel. Without him, we'd be lost. :-)</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
> What other software do we need beyond ntp, ssh, tor and a web UI?<br>
<br>
> Do we want to support a transparent Tor wifi network by default?<br>
<br>
</div>Maybe this is something we can add later, and focus on bridge/relay<br>
support first?<br>
<div class="im"><br></div></blockquote><div><br></div><div>Sure, I think it's pretty much done though - I've got lots of transparent configs, etc. If we're using Debian or Ubuntu, it's dead simple and these boxes have enough memory to just run a second Tor for that purpose.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
> I think Ubuntu's latest release is the best in terms of security and in<br>
> theory support. It is however not as beloved as Debian for a number of solid<br>
> reasons. I think NTP, OpenSSH with key auth (and perhaps fail2ban or<br>
> something similar) and password auth, a very minimal web UI but still<br>
> functional for real Tor configuration and that's about all we'll need.<br>
<br>
</div>Yeah, I agree.<br></blockquote><div><br></div><div>Ok. Great.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><br>
> I also like the idea of a Tor wifi network by default for laptops like the<br>
> CR-48 that I'm using right now. I'd kill to have a way to Torify the laptop<br>
> because my main concern isn't privacy from my local network, it's data<br>
> retention from the remote hosts... :-/<br>
<br>
</div>I'm sure it would be useful for a number of users. I wouldn't be too<br>
difficult to include, and maybe the web interface can have an on/off<br>
button so that they can choose whether or not to enable the Tor wifi<br>
network.<br>
<div><div></div><div class="h5"><br></div></div></blockquote><div><br></div><div>Sure - I can see the on/off button as just bringing up and down a network interface, basically. That network interface might also need ttdnsd/Tor's DNSPort/dhcpd and a custom MAC adddress... Seems straight forward, am I missing anything?</div>
<div><br></div><div>All the best,</div><div>Jake</div></div>