[tor-dev] Stormy - request for feedback
griffin at cryptolab.net
Fri Nov 28 13:27:51 UTC 2014
Sorry for the delay in responding -- comments inline.
Fabio Pietrosanti - lists wrote:
> I would suggest to add a Tor2web policy that, looking at X-Tor2web:
> header, enable or disable access to the Blog trough he internet:
What is your reasoning for disabling access via tor2web?
> You may also consider adding support for Ahmia directory index
This seems reasonable =) Added as a task.
Nicolas Vigier wrote:
> So I am thinking that an other way to do it could be to write a few
> ansible modules (or modules for your favorite configuration management
> tool) for the various tasks currently done by the script (installing
> nginx, installing a blog software, setup a hidden service, configure
> the firewall, etc ...), or take existing modules if they do what is
I've been considering creating ansible modules to make it easier to
deploy for some people. An organization reached out who wants to offer
it in-house as some kind of enterprise service, which has reignited the
> Then write a GUI program that will ask some questions, and when
> you click on the "setup" button generate an ansible variables file
> containing the answers to those questions (variables which are used by
> the ansible modules), and run ansible to apply the changes on the
Lots of people would like a GUI, which would make it much easier to
deploy, but I always recommend that people segregate their hidden
services (and websites) from their personal machine. I might be slowly
changing my mind on GUIs for a number of reasons. It's still not a good
idea to run on one's personal machine if there is a large risk
associated with being personally linked to running a particular hidden
service (eg, Muslims in Myanmar should host in a VM or a dedicated
machine). But this may be a case where more users would be better served
by having a gui than the fairly mild risk of someone running a service
on their personal machine.
And a GUI would be great for people who want to run a hidden service
using Tails. =)
Patrick Schleizer wrote:
> I think it's non-ideal to modify config files using cat/sed/echo. That
> breaks sooner or later. And if later settings are supposed to be
> in the same file, things get messy. Some suggestions...
> It would be better to put the config files into (debian) packages.
While this is true for popcon, this is not possible for most config
files being edited. The most critical edits require the onionsite
address, which of course has to be generated by each user on their own.
It's possible for debian and ubuntu packages to list package
conflicts, which would be much better than rolling up custom packages
that only exist to remove another.
> Please consider to set timezone to UTC. Perhaps use the timezone-utc
Tor requires an accurate clock to work properly.
> You're sure you're not inventing a new linux distribution here? :)
Quite sure ;-) There's a real risk in trying to be everything to
everyone. Not only does everything have to be created and documented,
but maintained long-term. Bash scripts are straightforward for these
tasks, as is ansible, VMs much less so, and GUIs very difficult.
"The apparent safety of modern life is just a shallow skin atop
an ocean of blood, guts and bricked devices."
More information about the tor-dev