[tor-dev] The Torouter and the DreamPlug

Jacob Appelbaum jacob at appelbaum.net
Thu Jun 9 15:55:43 UTC 2011 

On Thu, Jun 9, 2011 at 2:57 PM, Runa A. Sandvik <runa.sandvik at gmail.com>wrote:

> On Wed, Jun 8, 2011 at 4:02 PM, Andrew Lewman <andrew at torproject.org>
> wrote:
> > On Tue, 7 Jun 2011 15:36:45 -0700
> > Jacob Appelbaum <jacob at appelbaum.net> wrote:
> >
> >> > We would also need a way for users to easily change the hashed
> >> > password. I can't remember if this is a feature that is already
> >> > present in Vidalia.
> >> Yes, we do need a way to change the password. We will also need a way
> >> to reset the password if the user is locked out of the control port. I
> >> generally think that this means we'll need a web UI... :-)
> >
> > It's built into vidalia.  Just click Advanced and you can change the
> > password all you want.
> >
> >> I think the best thing is to make an autoconfiguring device with a
> >> web UI; we can easily rate limit Tor to something reasonable and make
> >> it a middle node by default. In all cases it stands alone and simply
> >> plugging it into a wall (power/ethernet) will provide more capacity
> >> to the network if the OR port is reachable (ala tor-fw-helper + tor +
> >> init.d scripts to start Tor on boot).
> >
> > Most of me wants to wait for the freedombox people to derive their web
> > interface, and then we can plug tor into it.  I realize this could be
> > years at the current rate of progress. If someone whips up a quick
> > interface that isn't a security nightmare, we could use that until
> > freedombox has something tangible.
>
> Yeah, I was hoping the freedombox people would have something we could
> use. Doesn't seem like it, though. I think that, at some point, we
> should create a web ui for the dreamplug. But not having one right now
> should not be a blocker for the dreamplug-torouter.
>
>
Well, I'm not sure what you mean... The FB is just a Debian machine. Pick a
web server, write a cgi and perhaps that will be the main interface? :-) I'd
email the FBF list and ask. Perhaps the best web UI is one that is already
written? Is the web UI for the Excito free software?

> I suggest we ship the dreamplug with cli access only for those who want
> > a cheap device to be a bridge or relay.
>
> I guess we can set up dreamplugs as bridges by default and include a
> leaflet explaining the steps to take to change the configuration. Do
> you think we should touch the default setup of the dreamplug (it
> serves an open wifi by default, for example)?
>
>
I believe that by default we should be shipping middle relays and we should
be shipping 0.2.3.x with tor-fw-helper enabled by default as well.

I think the boxes should be re-flashed to have Debian or a modern Ubuntu and
locked down except with Tor and OpenSSH as listening services. We also need
things to sync time and so on.


> > I suggest we ship the excito with the web ui as the easy to use
> > option.
>
> Yep, the Tor web ui for the Excito B3 should be ready at the end of the
> month.
>
>
Is it Free Software? Can we use it on the DreamPlug until we have something
else?


> > In either case, we need to start testing, not keep thinking about what
> > we could do.  We're going to get a flood of feedback from actual people
> > testing the excito or dreamplug.
>
> Valid point.
>
>
I think we need to talk about what we need for the OS. I suspect we need
OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files + time
syncing (clockskew for example) + a randomly generated password that we
uniquely key for each router in some non-silly way.

Is there a trac ticket for the OS part of the Torouter?

All the best,
Jake
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20110609/2c804967/attachment.htm>

More information about the tor-dev mailing list