Byzantium Live Distro: Difference between revisions
From HacDC Wiki
No edit summary |
No edit summary |
||
Line 75: | Line 75: | ||
** [http://interfacelab.com/nginx-php-fpm-apc-awesome/ How to set up PHP under nginx with the FastCGI Process Manager.] | ** [http://interfacelab.com/nginx-php-fpm-apc-awesome/ How to set up PHP under nginx with the FastCGI Process Manager.] | ||
* lighttpd | * lighttpd | ||
* [http://www.lighttpd.net/ lighttpd] | |||
** [http://redmine.lighttpd.net/wiki/1/TutorialLighttpdAndPHP How to set up PHP under lighttpd as a FastCGI process.] | |||
Needs to: | Needs to: | ||
* ...be reconfigurable. | * ...be readily reconfigurable. | ||
* ...support PHP. | * ...support PHP. | ||
* ...not use too much RAM or disk space. | * ...not use too much RAM or disk space. | ||
Line 85: | Line 87: | ||
==Packages built for Byzantium== | ==Packages built for Byzantium== | ||
* | * babeld - For great mesh routing. | ||
* batman-adv - Kernel module which implements mesh routing at OSI layer 2. We may not use it but it's there if we need it. | |||
* batctl - Utility for configurating and manipulating batman-adv. | |||
** Dependency of batman-adv. | |||
* ahcpd - For configuring mesh nodes that don't want to use the random RFC-1918 IP address generator. | |||
* CherryPy - Python module that implements a fast multi-threaded HTTP (web application) server. | |||
** Dependency of the control panel. Without this, there is no control panel. | |||
* pySetupTools - Required for installing some Python modules. | * pySetupTools - Required for installing some Python modules. | ||
* Mako - Python HTML templating system. | * Mako - Python HTML templating system. | ||
** Dependency of the control panel. | ** Dependency of the control panel. | ||
* MarkupSafe - Python library that implements a Unicode string that is aware of HTML escaping rules and does automatic string escaping. | |||
** Dependency of Mako. | |||
* Git - Converted Slackware v13.37 package. | * Git - Converted Slackware v13.37 package. | ||
* Curl - Converted Slackware v13.37 package. | * Curl - Converted Slackware v13.37 package. | ||
** Dependency of git. | ** Dependency of git. | ||
** Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt | ** Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt | ||
* rrdtool - Used by traffic_stats.sh to monitor network traffic and build graphs. | |||
==Links== | ==Links== | ||
Line 101: | Line 112: | ||
==Timeline== | ==Timeline== | ||
* .....uhh.... | |||
* 20 October 2011 - Live demo, presentation, and networking at [http://contactcon.com/ ContactCon]. |
Revision as of 22:25, 7 August 2011
Description
We are building a portable live Linux distribution based on Porteus Linux. Porteus itself is a fork of Slax that has been brought up to date with Slackware 13.37 and uses a 2.6.38.8 kernel. Porteus can use binary packages from Slackware 13.37 after conversion to Porteus' native format.
Code Repositories
Github page Subversion repo for Porteus packages
Goals
- Make it possible for people in emergency situations to communicate and collaborate.
- Make it possible for people in areas where the communications infrastructure is compromised to communicate and collaborate.
- Provide services to support communication and collaboration.
- Will be secure out of the box.
- Best practices for isolating running services will be followed.
- Best practices for configuration web applications will be followed.
- Least privilege will be followed wherever possible.
- Will be extensively documented.
- A Creative Commons-licensed book will be made available with the Byzantium distribution as well as separately
- Will explain the finer points of setting up a mesh, as well as accompanying projects (such as dialup gateways and long-haul transports).
- Will be translated into as many languages as possible.
- Widely compatible.
- Users need to be able to boot their desktop/laptop/netbook from Byzantium media and set up a node.
- As little fiddling with network drivers as possible.
- Rapidly deployable.
- Users need to be able to configure their Byzantium node rapidly and with little assistance.
- Emergency situations.
- Control panel aims to be as self-documenting as possible.
- Aims to protect confidentiality of traffic.
- Opportunistic IPsec?
- All services default to SSLv3/TLSv1.
- Aims to protect integrity of traffic.
- SSLv3/TLSv1.
- Meshes should grow without the direction of a central authority.
- Anyone can set up a mesh node.
- Anyone can set up services on the mesh.
- Services packaged by default can be managed (activated and deactivated) from the control panel
- Services packaged by default will come preconfigured with secure defaults and a mobile-friendly theme where appropriate.
- This is a calculated risk. The threat models of Tor and I2P take this into account as well.
- Byzantium nodes need to be rapidly clonable.
- One copy of the live distribution needs to become many on demand.
- Nodes need to be clonable without taking the node down.
- Persistent storage has to be an option.
- Built into Porteus.
- save.dat file
- removable media
- media Porteus is installed to
- Built into Porteus.
- Dependencies will be automatically managed by the control panel.
Features
- Can support multiple mesh routing protocols.
- Modular configuration back end.
- Multiple pre-packaged, pre-configured web applications for communication and collaboration.
- All services can be independently activated and deactivated.
- Aims for security by default.
- Services are not active unless explicitly triggered.
- Services are configured using best practices for security.
- Services support strong cryptography by default.
- Supports gatewaying from the mesh to the Net over a live connection.
- Supports persistent (encrypted) storage on demand (not default).
ToDo
- Node Control Panel
- Wiki - suspended notion
- Microblog
- File dump/Twitpic work-alike
- Voice chat/telephony server
- Clientless web chat
- Blog - see Microblog
- EtherPad-like thing
- Streaming media server
- HTTP caching proxy
- Tor
Pick a web server to host applications:
Needs to:
- ...be readily reconfigurable.
- ...support PHP.
- ...not use too much RAM or disk space.
- ...support passthrough for other apps like
- ...crypto.cat.
- ...etherpad-lite.
Packages built for Byzantium
- babeld - For great mesh routing.
- batman-adv - Kernel module which implements mesh routing at OSI layer 2. We may not use it but it's there if we need it.
- batctl - Utility for configurating and manipulating batman-adv.
- Dependency of batman-adv.
- ahcpd - For configuring mesh nodes that don't want to use the random RFC-1918 IP address generator.
- CherryPy - Python module that implements a fast multi-threaded HTTP (web application) server.
- Dependency of the control panel. Without this, there is no control panel.
- pySetupTools - Required for installing some Python modules.
- Mako - Python HTML templating system.
- Dependency of the control panel.
- MarkupSafe - Python library that implements a Unicode string that is aware of HTML escaping rules and does automatic string escaping.
- Dependency of Mako.
- Git - Converted Slackware v13.37 package.
- Curl - Converted Slackware v13.37 package.
- Dependency of git.
- Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt
- rrdtool - Used by traffic_stats.sh to monitor network traffic and build graphs.
Links
Place links relevant to any part of the process of making this livedistro here.
Porteus Official Website Processes for building Porteus packages.
Timeline
- .....uhh....
- 20 October 2011 - Live demo, presentation, and networking at ContactCon.