Byzantium Live Distro: Difference between revisions
From HacDC Wiki
No edit summary |
(→Stuff) |
||
Line 144: | Line 144: | ||
==Stuff== | ==Stuff== | ||
Need to edit /etc/hosts, add 'byzantium' to 127.0.0.1 so that the web server will start up. | Need to edit /etc/hosts, add 'byzantium' to 127.0.0.1 so that the web server will start up. | ||
[[Mobile devices and IPv6.]] | |||
==Stuff to consider for later== | ==Stuff to consider for later== |
Revision as of 14:00, 19 September 2011
Description
We are building a portable live Linux distribution based on Porteus Linux. Porteus itself is a fork of Slax that has been brought up to date with Slackware 13.37 and uses a 2.6.38.8 kernel. Porteus can use binary packages from Slackware 13.37 after conversion to Porteus' native format.
Code Repositories
Github page Subversion repo for Porteus packages
Goals
- Make it possible for people in emergency situations to communicate and collaborate.
- Make it possible for people in areas where the communications infrastructure is compromised to communicate and collaborate.
- Provide services to support communication and collaboration.
- Will be secure out of the box.
- Best practices for isolating running services will be followed.
- Best practices for configuration web applications will be followed.
- Least privilege will be followed wherever possible.
- Will be extensively documented.
- A Creative Commons-licensed book will be made available with the Byzantium distribution as well as separately
- Will explain the finer points of setting up a mesh, as well as accompanying projects (such as dialup gateways and long-haul transports).
- Will be translated into as many languages as possible.
- Widely compatible.
- Users need to be able to boot their desktop/laptop/netbook from Byzantium media and set up a node.
- As little fiddling with network drivers as possible.
- Rapidly deployable.
- Users need to be able to configure their Byzantium node rapidly and with little assistance.
- Emergency situations.
- Control panel aims to be as self-documenting as possible.
- Aims to protect confidentiality of traffic.
- Opportunistic IPsec?
- All services default to SSLv3/TLSv1.
- Aims to protect integrity of traffic.
- SSLv3/TLSv1.
- Meshes should grow without the direction of a central authority.
- Anyone can set up a mesh node.
- Anyone can set up services on the mesh.
- Services packaged by default can be managed (activated and deactivated) from the control panel
- Services packaged by default will come preconfigured with secure defaults and a mobile-friendly theme where appropriate.
- This is a calculated risk. The threat models of Tor and I2P take this into account as well.
- Byzantium nodes need to be rapidly clonable.
- One copy of the live distribution needs to become many on demand.
- Nodes need to be clonable without taking the node down.
- Persistent storage has to be an option.
- Built into Porteus.
- save.dat file
- removable media
- media Porteus is installed to
- Built into Porteus.
- Dependencies will be automatically managed by the control panel.
Features
- Can support multiple mesh routing protocols.
- Modular configuration back end.
- Multiple pre-packaged, pre-configured web applications for communication and collaboration.
- All services can be independently activated and deactivated.
- Aims for security by default.
- Services are not active unless explicitly triggered.
- Services are configured using best practices for security.
- Services support strong cryptography by default.
- Supports gatewaying from the mesh to the Net over a live connection.
- Supports persistent (encrypted) storage on demand (not default).
ToDo
- Node Control Panel
- Wiki - suspended notion
- Microblog
- File dump/Twitpic work-alike
- Voice chat/telephony server
- Clientless web chat
- Blog - see Microblog
- EtherPad-like thing
- Streaming media server
- HTTP caching proxy
- Tor
Pick a web server to host applications:
Needs to:
- ...be readily reconfigurable.
- ...support PHP.
- ...not use too much RAM or disk space.
- ...support passthrough for other apps like
- ...crypto.cat.
- ...etherpad-lite.
We need to figure out how to properly install the control panel app on a new system. The process should be as pythonic as possible.
Packages built for Byzantium
- babeld - For great mesh routing.
- batman-adv - Kernel module which implements mesh routing at OSI layer 2. We may not use it but it's there if we need it.
- batctl - Utility for configurating and manipulating batman-adv.
- Dependency of batman-adv.
- ahcpd - For configuring mesh nodes that don't want to use the random RFC-1918 IP address generator.
- CherryPy - Python module that implements a fast multi-threaded HTTP (web application) server.
- Without this, there is no control panel.
- pySetupTools - Required for installing some Python modules.
- Mako - Python HTML templating system.
- Dependency of the control panel.
- MarkupSafe - Python library that implements a Unicode string that is aware of HTML escaping rules and does automatic string escaping.
- Dependency of Mako.
- Git - Converted Slackware v13.37 package.
- Necessary for checking code out and into Github.
- Curl - Converted Slackware v13.37 package.
- Dependency of git.
- Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt
- rrdtool - Used by traffic_stats.sh to monitor network traffic and build graphs.
- sqlitebrowser - Used to develop SQLite database schemas and debug database access code. Will not be in OS release.
nginx - Lightweight, fast HTTP(S) server. Much more lightweight than Apache, at any rate. Custom build for Byzantium.- Enough!
- gd - Dependency of PHP.
- Used for server side image manipulation.
- libmcrypt - Dependency of PHP.
- icu4c - International Components for Unicode. i18n dependency of PHP.
- openldap-client - Dependency of PHP to make it compile. Not pleased by having to package it, but it won't build without it.
- Can we get away with not having it because I didn't have to compile it for Apache? Let's try it!
- php - Converted Slackware v13.37 package.
- httpd - Apache v2.2.17. Converted Slackware v13.37 package.
- ..and then stuff started working!
- apr-util - Converted Slackware v13.37 package.
- Utility used for compiling Apache modules.
- apr - Converted Slackware v13.37 package.
- Package used for compiling Apache modules.
- t1lib - Converted Slackware v13.37 package. Used for font manipulation.
- pcre - Converted Slackware v13.37 package.
- Perl Compatible Regular Expression library.
- Unicode aware for i18n support. status.net requires this for basic functionality, whcih means that we get i18n for free.
Links
Place links relevant to any part of the process of making the live distro here.
Porteus Official Website Processes for building Porteus packages. Process for manually installing Byzantium.
Timeline
- .....uhh....
- 20 October 2011 - Live demo, presentation, and networking at ContactCon.
Stuff
Need to edit /etc/hosts, add 'byzantium' to 127.0.0.1 so that the web server will start up. Mobile devices and IPv6.
Stuff to consider for later
- Consider adding Iodine to Byzantium to help tunnel gatewayed traffic onto the Net.
- Gateway nodes in hostile areas could use Iodine to tunnel traffic out.
- Gateway nodes in non-hostile areas could accept Iodine connections to help less fortunate nodes evade censorship.