> I think it's fine to ship one web interface for us now and later find a good
> integration point with the Freedom Box later...

Yep, I agree.


Great. I'm sure that if the web UI is free software and it works well, we can see if the FB will be interested in using it.
 
> What's the rational there? While we certainly need more bridges, I'd like to
> see an increase in relays and encourage more Friend of Friend bridge
> sharing. We should include a bunch of common configs and make it easy to
> setup. Also, a public relay will be much easier to help with in terms of
> setup, I suspect.

Well, bridge by default is what they B3's are set up with. I also
figure that a bridge sees less traffic than a relay, and so it might
be more "friendly" for new users. But I like the idea of having a
bunch of common configs, and we can also suggest bandwidth limits.


Hrm. The B3 is certainly able to handle traffic. Also in both cases, we'll want to configure them to limit bandwidth. There is no promise that a relay or a bridge will see a certain amount of traffic if they're not configured to hibernate/rate limit/etc.

I'd like a device that I can plug into a wall and it will automatically join a network, probe for upnp/natpmp and become a relay. I'd also like a hidden service so that I can connect and administrate it from anywhere in the world; though this is clearly a nice to have and not a requirement. :-)
 
>> >> > I suggest we ship the excito with the web ui as the easy to use
>> >> > option.
>> >>
>> >> Yep, the Tor web ui for the Excito B3 should be ready at the end of the
>> >> month.
>> >>
>> >
>> > Is it Free Software? Can we use it on the DreamPlug until we have
>> > something
>> > else?
>>
>> Yes, it's free software and will be available in the Excito GitHub
>> repository when it's released (not sure if it's there already, I don't
>> think so). The web interface is probably a bit too "heavy" (and
>> includes a good mix of php and perl) for the dreamplug, so we should
>> probably look for something else.
>>
>
> Can we rip out everything except the basics? If so, I think their web front
> end is perfect and it already has a Tor UI thanks to you... :-)

Maaaaybe. I haven't tried, but it can't be that hard. I'll look into it.


It seems like it may be modular from what you've said and if so, I mean, we've got the work put into the web UI already... :-)
 
>> >> > In either case, we need to start testing, not keep thinking about
>> >> > what
>> >> > we could do.  We're going to get a flood of feedback from actual
>> >> > people
>> >> > testing the excito or dreamplug.
>> >>
>> >> Valid point.
>> >>
>> >
>> > I think we need to talk about what we need for the OS. I suspect we need
>> > OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files +
>> > time
>> > syncing (clockskew for example) + a randomly generated password that we
>> > uniquely key for each router in some non-silly way.
>> > Is there a trac ticket for the OS part of the Torouter?
>>
>> There is now: https://trac.torproject.org/projects/tor/ticket/3374
>>
>> We can move the discussion to #3374 if you want.
>>
>
> I'm happy to keep hammering stuff out here and the we can dump the results
> into the bug report.

Works for me. It's great to get feedback that will help get me started.


I plan on hacking on it with you. In theory my DreamPlug arrives next week.
 
> What do you think about a DreamPlug with Debian or Ubuntu? Do we have a
> preference?

Good question. I love Debian, but I'm sure Ubuntu would be great to
use as well. I'll do some research and see if there is a good reason
we should pick one over the other.


The main reason is security and possibly support on the Ubuntu front. The main reason for Debian is quite frankly, weasel. Without him, we'd be lost. :-)
 
> What other software do we need beyond ntp, ssh, tor and a web UI?

> Do we want to support a transparent Tor wifi network by default?

Maybe this is something we can add later, and focus on bridge/relay
support first?


Sure, I think it's pretty much done though - I've got lots of transparent configs, etc. If we're using Debian or Ubuntu, it's dead simple and these boxes have enough memory to just run a second Tor for that purpose.
 
> I think Ubuntu's latest release is the best in terms of security and in
> theory support. It is however not as beloved as Debian for a number of solid
> reasons. I think NTP, OpenSSH with key auth (and perhaps fail2ban or
> something similar) and password auth, a very minimal web UI but still
> functional for real Tor configuration and that's about all we'll need.

Yeah, I agree.

Ok. Great.
 

> I also like the idea of a Tor wifi network by default for laptops like the
> CR-48 that I'm using right now. I'd kill to have a way to Torify the laptop
> because my main concern isn't privacy from my local network, it's data
> retention from the remote hosts... :-/

I'm sure it would be useful for a number of users. I wouldn't be too
difficult to include, and maybe the web interface can have an on/off
button so that they can choose whether or not to enable the Tor wifi
network.


Sure - I can see the on/off button as just bringing up and down a network interface, basically. That network interface might also need ttdnsd/Tor's DNSPort/dhcpd and a custom MAC adddress... Seems straight forward, am I missing anything?

All the best,
Jake