[tor-dev] The Torouter and the DreamPlug

[Jacob Appelbaum]

On Thu, Jun 9, 2011 at 7:34 PM, Runa A. Sandvik <runa.sandvik at gmail.com>wrote:

> On Thu, Jun 9, 2011 at 4:55 PM, Jacob Appelbaum <jacob at appelbaum.net>
> wrote:
> > On Thu, Jun 9, 2011 at 2:57 PM, Runa A. Sandvik <runa.sandvik at gmail.com>
> > wrote:
> >>
> >> On Wed, Jun 8, 2011 at 4:02 PM, Andrew Lewman <andrew at torproject.org>
> >> wrote:
> >> > On Tue, 7 Jun 2011 15:36:45 -0700
> >> > Jacob Appelbaum <jacob at appelbaum.net> wrote:
> >> >
> >> >> > We would also need a way for users to easily change the hashed
> >> >> > password. I can't remember if this is a feature that is already
> >> >> > present in Vidalia.
> >> >> Yes, we do need a way to change the password. We will also need a way
> >> >> to reset the password if the user is locked out of the control port.
> I
> >> >> generally think that this means we'll need a web UI... :-)
> >> >
> >> > It's built into vidalia.  Just click Advanced and you can change the
> >> > password all you want.
> >> >
> >> >> I think the best thing is to make an autoconfiguring device with a
> >> >> web UI; we can easily rate limit Tor to something reasonable and make
> >> >> it a middle node by default. In all cases it stands alone and simply
> >> >> plugging it into a wall (power/ethernet) will provide more capacity
> >> >> to the network if the OR port is reachable (ala tor-fw-helper + tor +
> >> >> init.d scripts to start Tor on boot).
> >> >
> >> > Most of me wants to wait for the freedombox people to derive their web
> >> > interface, and then we can plug tor into it.  I realize this could be
> >> > years at the current rate of progress. If someone whips up a quick
> >> > interface that isn't a security nightmare, we could use that until
> >> > freedombox has something tangible.
> >>
> >> Yeah, I was hoping the freedombox people would have something we could
> >> use. Doesn't seem like it, though. I think that, at some point, we
> >> should create a web ui for the dreamplug. But not having one right now
> >> should not be a blocker for the dreamplug-torouter.
> >>
> >
> > Well, I'm not sure what you mean... The FB is just a Debian machine. Pick
> a
> > web server, write a cgi and perhaps that will be the main interface? :-)
> I'd
> > email the FBF list and ask. Perhaps the best web UI is one that is
> already
> > written? Is the web UI for the Excito free software?
>
> I was hoping there would be an existing ui what we could just plug Tor
> into, just like we did with the Excito B3 interface.
>
>
I think it's fine to ship one web interface for us now and later find a good
integration point with the Freedom Box later...


> >> > I suggest we ship the dreamplug with cli access only for those who
> want
> >> > a cheap device to be a bridge or relay.
> >>
> >> I guess we can set up dreamplugs as bridges by default and include a
> >> leaflet explaining the steps to take to change the configuration. Do
> >> you think we should touch the default setup of the dreamplug (it
> >> serves an open wifi by default, for example)?
> >>
> >
> > I believe that by default we should be shipping middle relays and we
> should
> > be shipping 0.2.3.x with tor-fw-helper enabled by default as well.
> > I think the boxes should be re-flashed to have Debian or a modern Ubuntu
> and
> > locked down except with Tor and OpenSSH as listening services. We also
> need
> > things to sync time and so on.
>
> Sounds like a plan. I prefer bridge by default, but we can discuss that
> later.
>
>
What's the rational there? While we certainly need more bridges, I'd like to
see an increase in relays and encourage more Friend of Friend bridge
sharing. We should include a bunch of common configs and make it easy to
setup. Also, a public relay will be much easier to help with in terms of
setup, I suspect.


> >> > I suggest we ship the excito with the web ui as the easy to use
> >> > option.
> >>
> >> Yep, the Tor web ui for the Excito B3 should be ready at the end of the
> >> month.
> >>
> >
> > Is it Free Software? Can we use it on the DreamPlug until we have
> something
> > else?
>
> Yes, it's free software and will be available in the Excito GitHub
> repository when it's released (not sure if it's there already, I don't
> think so). The web interface is probably a bit too "heavy" (and
> includes a good mix of php and perl) for the dreamplug, so we should
> probably look for something else.
>
>
Can we rip out everything except the basics? If so, I think their web front
end is perfect and it already has a Tor UI thanks to you... :-)


> >> > In either case, we need to start testing, not keep thinking about what
> >> > we could do.  We're going to get a flood of feedback from actual
> people
> >> > testing the excito or dreamplug.
> >>
> >> Valid point.
> >>
> >
> > I think we need to talk about what we need for the OS. I suspect we need
> > OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files +
> time
> > syncing (clockskew for example) + a randomly generated password that we
> > uniquely key for each router in some non-silly way.
> > Is there a trac ticket for the OS part of the Torouter?
>
> There is now: https://trac.torproject.org/projects/tor/ticket/3374
>
> We can move the discussion to #3374 if you want.
>
>
I'm happy to keep hammering stuff out here and the we can dump the results
into the bug report.

What do you think about a DreamPlug with Debian or Ubuntu? Do we have a
preference?
What other software do we need beyond ntp, ssh, tor and a web UI?
Do we want to support a transparent Tor wifi network by default?

I think Ubuntu's latest release is the best in terms of security and in
theory support. It is however not as beloved as Debian for a number of solid
reasons. I think NTP, OpenSSH with key auth (and perhaps fail2ban or
something similar) and password auth, a very minimal web UI but still
functional for real Tor configuration and that's about all we'll need.

I also like the idea of a Tor wifi network by default for laptops like the
CR-48 that I'm using right now. I'd kill to have a way to Torify the laptop
because my main concern isn't privacy from my local network, it's data
retention from the remote hosts... :-/

All the best,
Jake
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20110609/7c1154b3/attachment-0001.htm>