Byzantium Live Distro: Difference between revisions

Description

We are building a portable live Linux distribution based on Porteus Linux. Porteus itself is a fork of Slax that has been brought up to date with Slackware 13.37 and uses a 2.6.38.8 kernel. Porteus can use binary packages from Slackware 13.37 after conversion to Porteus' native format.

Code Repositories

Github page Subversion repo for Porteus packages

Goals

• Make it possible for people in emergency situations to communicate and collaborate.
• Make it possible for people in areas where the communications infrastructure is compromised to communicate and collaborate.
• Provide services to support communication and collaboration.
• Will be secure out of the box.
  • Best practices for isolating running services will be followed.
  • Best practices for configuration web applications will be followed.
  • Least privilege will be followed wherever possible.
• Will be extensively documented.
  • A Creative Commons-licensed book will be made available with the Byzantium distribution as well as separately
  • Will explain the finer points of setting up a mesh, as well as accompanying projects (such as dialup gateways and long-haul transports).
  • Will be translated into as many languages as possible.
• Widely compatible.
  • Users need to be able to boot their desktop/laptop/netbook from Byzantium media and set up a node.
  • As little fiddling with network drivers as possible.
• Rapidly deployable.
  • Users need to be able to configure their Byzantium node rapidly and with little assistance.
  • Emergency situations.
  • Control panel aims to be as self-documenting as possible.
• Aims to protect confidentiality of traffic.
  • Opportunistic IPsec?
  • All services default to SSLv3/TLSv1.
• Aims to protect integrity of traffic.
  • SSLv3/TLSv1.
• Meshes should grow without the direction of a central authority.
  • Anyone can set up a mesh node.
  • Anyone can set up services on the mesh.
  • Services packaged by default can be managed (activated and deactivated) from the control panel
  • Services packaged by default will come preconfigured with secure defaults and a mobile-friendly theme where appropriate.
  • This is a calculated risk. The threat models of Tor and I2P take this into account as well.
• Byzantium nodes need to be rapidly clonable.
  • One copy of the live distribution needs to become many on demand.
  • Nodes need to be clonable without taking the node down.
• Persistent storage has to be an option.
  • Built into Porteus.
    • save.dat file
    • removable media
    • media Porteus is installed to
• Dependencies will be automatically managed by the control panel.

Features

• Can support multiple mesh routing protocols.
• Modular configuration back end.
• Multiple pre-packaged, pre-configured web applications for communication and collaboration.
• All services can be independently activated and deactivated.
• Aims for security by default.
  • Services are not active unless explicitly triggered.
  • Services are configured using best practices for security.
  • Services support strong cryptography by default.
• Supports gatewaying from the mesh to the Net over a live connection.
• Supports persistent (encrypted) storage on demand (not default).

ToDo

• Node Control Panel
• Wiki - suspended notion
• Microblog
• File dump/Twitpic work-alike
• Voice chat/telephony server
• Clientless web chat
• Blog - see Microblog
• EtherPad-like thing
• Streaming media server
• HTTP caching proxy
• Tor

Pick a web server to host applications:

• nginx
  • How to set up PHP under nginx with the FastCGI Process Manager.
• lighttpd
• lighttpd
  • How to set up PHP under lighttpd as a FastCGI process.

Needs to:

• ...be readily reconfigurable.
• ...support PHP.
• ...not use too much RAM or disk space.
• ...support passthrough for other apps like
  • ...crypto.cat.
  • ...etherpad-lite.

Packages built for Byzantium

• babeld - For great mesh routing.
• batman-adv - Kernel module which implements mesh routing at OSI layer 2. We may not use it but it's there if we need it.
• batctl - Utility for configurating and manipulating batman-adv.
  • Dependency of batman-adv.
• ahcpd - For configuring mesh nodes that don't want to use the random RFC-1918 IP address generator.
• CherryPy - Python module that implements a fast multi-threaded HTTP (web application) server.
  • Dependency of the control panel. Without this, there is no control panel.
• pySetupTools - Required for installing some Python modules.
• Mako - Python HTML templating system.
  • Dependency of the control panel.
• MarkupSafe - Python library that implements a Unicode string that is aware of HTML escaping rules and does automatic string escaping.
  • Dependency of Mako.
• Git - Converted Slackware v13.37 package.
• Curl - Converted Slackware v13.37 package.
  • Dependency of git.
  • Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt
• rrdtool - Used by traffic_stats.sh to monitor network traffic and build graphs.

Links

Place links relevant to any part of the process of making this livedistro here.

Porteus Official Website Processes for building Porteus packages.

Timeline

• .....uhh....
• 20 October 2011 - Live demo, presentation, and networking at ContactCon.