I think it's fine to ship one web interface for us now and later find a
good
integration point with the Freedom Box later...
Yep, I agree.
Great. I'm sure that if the web UI is free software and it works well, we can see if the FB will be interested in using it.
What's the rational there? While we certainly need more bridges, I'd like
to
see an increase in relays and encourage more Friend of Friend bridge sharing. We should include a bunch of common configs and make it easy to setup. Also, a public relay will be much easier to help with in terms of setup, I suspect.
Well, bridge by default is what they B3's are set up with. I also figure that a bridge sees less traffic than a relay, and so it might be more "friendly" for new users. But I like the idea of having a bunch of common configs, and we can also suggest bandwidth limits.
Hrm. The B3 is certainly able to handle traffic. Also in both cases, we'll want to configure them to limit bandwidth. There is no promise that a relay or a bridge will see a certain amount of traffic if they're not configured to hibernate/rate limit/etc.
I'd like a device that I can plug into a wall and it will automatically join a network, probe for upnp/natpmp and become a relay. I'd also like a hidden service so that I can connect and administrate it from anywhere in the world; though this is clearly a nice to have and not a requirement. :-)
I suggest we ship the excito with the web ui as the easy to use option.
Yep, the Tor web ui for the Excito B3 should be ready at the end of
the
month.
Is it Free Software? Can we use it on the DreamPlug until we have something else?
Yes, it's free software and will be available in the Excito GitHub repository when it's released (not sure if it's there already, I don't think so). The web interface is probably a bit too "heavy" (and includes a good mix of php and perl) for the dreamplug, so we should probably look for something else.
Can we rip out everything except the basics? If so, I think their web
front
end is perfect and it already has a Tor UI thanks to you... :-)
Maaaaybe. I haven't tried, but it can't be that hard. I'll look into it.
It seems like it may be modular from what you've said and if so, I mean, we've got the work put into the web UI already... :-)
In either case, we need to start testing, not keep thinking about what we could do. We're going to get a flood of feedback from actual people testing the excito or dreamplug.
Valid point.
I think we need to talk about what we need for the OS. I suspect we
need
OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files + time syncing (clockskew for example) + a randomly generated password that
we
uniquely key for each router in some non-silly way. Is there a trac ticket for the OS part of the Torouter?
There is now: https://trac.torproject.org/projects/tor/ticket/3374
We can move the discussion to #3374 if you want.
I'm happy to keep hammering stuff out here and the we can dump the
results
into the bug report.
Works for me. It's great to get feedback that will help get me started.
I plan on hacking on it with you. In theory my DreamPlug arrives next week.
What do you think about a DreamPlug with Debian or Ubuntu? Do we have a preference?
Good question. I love Debian, but I'm sure Ubuntu would be great to use as well. I'll do some research and see if there is a good reason we should pick one over the other.
The main reason is security and possibly support on the Ubuntu front. The main reason for Debian is quite frankly, weasel. Without him, we'd be lost. :-)
What other software do we need beyond ntp, ssh, tor and a web UI?
Do we want to support a transparent Tor wifi network by default?
Maybe this is something we can add later, and focus on bridge/relay support first?
Sure, I think it's pretty much done though - I've got lots of transparent configs, etc. If we're using Debian or Ubuntu, it's dead simple and these boxes have enough memory to just run a second Tor for that purpose.
I think Ubuntu's latest release is the best in terms of security and in theory support. It is however not as beloved as Debian for a number of
solid
reasons. I think NTP, OpenSSH with key auth (and perhaps fail2ban or something similar) and password auth, a very minimal web UI but still functional for real Tor configuration and that's about all we'll need.
Yeah, I agree.
Ok. Great.
I also like the idea of a Tor wifi network by default for laptops like
the
CR-48 that I'm using right now. I'd kill to have a way to Torify the
laptop
because my main concern isn't privacy from my local network, it's data retention from the remote hosts... :-/
I'm sure it would be useful for a number of users. I wouldn't be too difficult to include, and maybe the web interface can have an on/off button so that they can choose whether or not to enable the Tor wifi network.
Sure - I can see the on/off button as just bringing up and down a network interface, basically. That network interface might also need ttdnsd/Tor's DNSPort/dhcpd and a custom MAC adddress... Seems straight forward, am I missing anything?
All the best, Jake