[tor-dev] The Torouter and the DreamPlug

[Jacob Appelbaum]

>
> > I think it's fine to ship one web interface for us now and later find a
> good
> > integration point with the Freedom Box later...
>
> Yep, I agree.
>
>
Great. I'm sure that if the web UI is free software and it works well, we
can see if the FB will be interested in using it.


> > What's the rational there? While we certainly need more bridges, I'd like
> to
> > see an increase in relays and encourage more Friend of Friend bridge
> > sharing. We should include a bunch of common configs and make it easy to
> > setup. Also, a public relay will be much easier to help with in terms of
> > setup, I suspect.
>
> Well, bridge by default is what they B3's are set up with. I also
> figure that a bridge sees less traffic than a relay, and so it might
> be more "friendly" for new users. But I like the idea of having a
> bunch of common configs, and we can also suggest bandwidth limits.
>
>
Hrm. The B3 is certainly able to handle traffic. Also in both cases, we'll
want to configure them to limit bandwidth. There is no promise that a relay
or a bridge will see a certain amount of traffic if they're not configured
to hibernate/rate limit/etc.

I'd like a device that I can plug into a wall and it will automatically join
a network, probe for upnp/natpmp and become a relay. I'd also like a hidden
service so that I can connect and administrate it from anywhere in the
world; though this is clearly a nice to have and not a requirement. :-)


> >> >> > I suggest we ship the excito with the web ui as the easy to use
> >> >> > option.
> >> >>
> >> >> Yep, the Tor web ui for the Excito B3 should be ready at the end of
> the
> >> >> month.
> >> >>
> >> >
> >> > Is it Free Software? Can we use it on the DreamPlug until we have
> >> > something
> >> > else?
> >>
> >> Yes, it's free software and will be available in the Excito GitHub
> >> repository when it's released (not sure if it's there already, I don't
> >> think so). The web interface is probably a bit too "heavy" (and
> >> includes a good mix of php and perl) for the dreamplug, so we should
> >> probably look for something else.
> >>
> >
> > Can we rip out everything except the basics? If so, I think their web
> front
> > end is perfect and it already has a Tor UI thanks to you... :-)
>
> Maaaaybe. I haven't tried, but it can't be that hard. I'll look into it.
>
>
It seems like it may be modular from what you've said and if so, I mean,
we've got the work put into the web UI already... :-)


> >> >> > In either case, we need to start testing, not keep thinking about
> >> >> > what
> >> >> > we could do.  We're going to get a flood of feedback from actual
> >> >> > people
> >> >> > testing the excito or dreamplug.
> >> >>
> >> >> Valid point.
> >> >>
> >> >
> >> > I think we need to talk about what we need for the OS. I suspect we
> need
> >> > OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files +
> >> > time
> >> > syncing (clockskew for example) + a randomly generated password that
> we
> >> > uniquely key for each router in some non-silly way.
> >> > Is there a trac ticket for the OS part of the Torouter?
> >>
> >> There is now: https://trac.torproject.org/projects/tor/ticket/3374
> >>
> >> We can move the discussion to #3374 if you want.
> >>
> >
> > I'm happy to keep hammering stuff out here and the we can dump the
> results
> > into the bug report.
>
> Works for me. It's great to get feedback that will help get me started.
>
>
I plan on hacking on it with you. In theory my DreamPlug arrives next week.


> > What do you think about a DreamPlug with Debian or Ubuntu? Do we have a
> > preference?
>
> Good question. I love Debian, but I'm sure Ubuntu would be great to
> use as well. I'll do some research and see if there is a good reason
> we should pick one over the other.
>
>
The main reason is security and possibly support on the Ubuntu front. The
main reason for Debian is quite frankly, weasel. Without him, we'd be lost.
:-)


> > What other software do we need beyond ntp, ssh, tor and a web UI?
>
> > Do we want to support a transparent Tor wifi network by default?
>
> Maybe this is something we can add later, and focus on bridge/relay
> support first?
>
>
Sure, I think it's pretty much done though - I've got lots of transparent
configs, etc. If we're using Debian or Ubuntu, it's dead simple and these
boxes have enough memory to just run a second Tor for that purpose.


> > I think Ubuntu's latest release is the best in terms of security and in
> > theory support. It is however not as beloved as Debian for a number of
> solid
> > reasons. I think NTP, OpenSSH with key auth (and perhaps fail2ban or
> > something similar) and password auth, a very minimal web UI but still
> > functional for real Tor configuration and that's about all we'll need.
>
> Yeah, I agree.
>

Ok. Great.


>
> > I also like the idea of a Tor wifi network by default for laptops like
> the
> > CR-48 that I'm using right now. I'd kill to have a way to Torify the
> laptop
> > because my main concern isn't privacy from my local network, it's data
> > retention from the remote hosts... :-/
>
> I'm sure it would be useful for a number of users. I wouldn't be too
> difficult to include, and maybe the web interface can have an on/off
> button so that they can choose whether or not to enable the Tor wifi
> network.
>
>
Sure - I can see the on/off button as just bringing up and down a network
interface, basically. That network interface might also need ttdnsd/Tor's
DNSPort/dhcpd and a custom MAC adddress... Seems straight forward, am I
missing anything?

All the best,
Jake
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20110609/51ac6c2a/attachment-0001.htm>