[Otter/Cute] What's Cute in APAF

Dear Team, For completeness' sake I am attaching to this email the report I wrote last week in order to summarize what the project APAF is about, and what there is in common between it and the Otter/Cute proposal. Eventually, feel free to add it to the trac page. After reading ["Cute" design and challenges], though, I think the report lacks an exhaustive description of APAF's threat model. In APAF's documentation, the only document vaguely resembling a threat model is embarassingly poor in terms of content[0]. If still possible, I would like to remedy writing a more detailed one during this week-end, maybe really pentesting the application with your help this time. Does this sound visible to you? ["Cute" design and challenges] <https://trac.torproject.org/projects/tor/attachment/wiki/org/sponsors/Otter/Cute/cute.txt.asc> [0] <http://apaf.readthedocs.org/en/latest/threat_model.html> -- mi.

Cool! I'd like to suggest several changes to the implementation strategy for Cute: * Cute should be an "application" and it must not be for any reason a virtual machine that's a nerdy/geeky things. An application has to be distributed trough Mac App Stores, Ubuntu App Stores, Windows App Stores. * Cute should not have multiple process running (only a single process, no LAMP that's difficult to be maintained) * Cute's Wordpress must use SQLite backend (to keep it selfcontained) * Wordpress should run over a secure Python sandbox Assuming the use of APAF, wordpress must be run using php-cgi, with a sandboxed profie from Twisted http://stackoverflow.com/questions/14541813/python-twisted-render-php * Use Tor2web for "Edge Cache Nodes", without using other piece of software It just need to implement caching with https://github.com/globaleaks/Tor2web-3.0/issues/29 Fabio Il 10/10/13 2:02 PM, Michele Orrù ha scritto:
Dear Team,
For completeness' sake I am attaching to this email the report I wrote last week in order to summarize what the project APAF is about, and what there is in common between it and the Otter/Cute proposal. Eventually, feel free to add it to the trac page.
After reading ["Cute" design and challenges], though, I think the report lacks an exhaustive description of APAF's threat model.
participants (2)
-
Fabio Pietrosanti (naif)
-
Michele Orrù