[tor-dev] Stormy - request for feedback

Griffin Boyce griffin at cryptolab.net
Fri Nov 28 13:27:51 UTC 2014


Hey all,

   Sorry for the delay in responding -- comments inline.

Fabio Pietrosanti - lists wrote:
> I would suggest to add a Tor2web policy that, looking at X-Tor2web: 
> HTTP
> header, enable or disable access to the Blog trough he internet:

   What is your reasoning for disabling access via tor2web?

> You may also consider adding support for Ahmia directory index

   This seems reasonable =)  Added as a task.

Nicolas Vigier wrote:
> So I am thinking that an other way to do it could be to write a few
> ansible modules (or modules for your favorite configuration management
> tool) for the various tasks currently done by the script (installing
> nginx, installing a blog software, setup a hidden service, configure
> the firewall, etc ...), or take existing modules if they do what is
> needed.

   I've been considering creating ansible modules to make it easier to 
deploy for some people.  An organization reached out who wants to offer 
it in-house as some kind of enterprise service, which has reignited the 
discussion.

> Then write a GUI program that will ask some questions, and when
> you click on the "setup" button generate an ansible variables file
> containing the answers to those questions (variables which are used by
> the ansible modules), and run ansible to apply the changes on the 
> system.

   Lots of people would like a GUI, which would make it much easier to 
deploy, but I always recommend that people segregate their hidden 
services (and websites) from their personal machine.  I might be slowly 
changing my mind on GUIs for a number of reasons.  It's still not a good 
idea to run on one's personal machine if there is a large risk 
associated with being personally linked to running a particular hidden 
service (eg, Muslims in Myanmar should host in a VM or a dedicated 
machine). But this may be a case where more users would be better served 
by having a gui than the fairly mild risk of someone running a service 
on their personal machine.

   And a GUI would be great for people who want to run a hidden service 
using Tails.  =)

Patrick Schleizer wrote:
> I think it's non-ideal to modify config files using cat/sed/echo. That
> breaks sooner or later. And if later settings are supposed to be 
> changed
> in the same file, things get messy. Some suggestions...
> 
> It would be better to put the config files into (debian) packages.

   While this is true for popcon, this is not possible for most config 
files being edited.  The most critical edits require the onionsite 
address, which of course has to be generated by each user on their own.

   It's possible for debian and ubuntu packages to list package 
conflicts, which would be much better than rolling up custom packages 
that only exist to remove another.

> Please consider to set timezone to UTC. Perhaps use the timezone-utc 
> [2]
> package?

   Tor requires an accurate clock to work properly.

> You're sure you're not inventing a new linux distribution here? :)

   Quite sure ;-)  There's a real risk in trying to be everything to 
everyone.  Not only does everything have to be created and documented, 
but maintained long-term.  Bash scripts are straightforward for these 
tasks, as is ansible, VMs much less so, and GUIs very difficult.

best,
Griffin


-- 
"The apparent safety of modern life is just a shallow skin atop
an ocean of blood, guts and bricked devices."
~Pearce Delphin



More information about the tor-dev mailing list