On Fri, Jun 10, 2011 at 04:15:43PM +0000, jacob@appelbaum.net wrote 15K bytes in 322 lines about: : I think we should re-flash with an OS that makes hardening a priority. We : should only harden the OS in the sense that we should strip out anything : that we do not require for our uses. Debian and Ubuntu both have compiler : hardening flags enabled by default but in general, I'd consider Ubuntu's : userspace to be proactively improved and their kernel ships with quite a few : security improvements. I'm not sure about the kernel status for Debian or : who is proactively working on security in Debian.
Let's go back to the original point of the tor router. It is to provide a consumer-level Internet NAT/router that is a tor bridge. This way, people have a functional Internet gateway, and also give blocked users access to information via tor. The target user is someone who cannot configure tor themselves, but wants to help out with nearly zero effort. From what we're discussing, the excito is still that device.
We're only attracted to the dreamplug because it's cheaper. If we're going to ship a device that is only usable to 10 people in the world, then we shouldn't waste our time and ship anything. We can simply document how to turn your dreamplug into a secure tor relay/bridge and let those so interested do it. As it is, the dreamplug is already difficult to use for 90% of the world because it's ssh only. ssh and vi only and consumer friendly generally do not go together.