Actions

Byzantium Live Distro

From HacDC Wiki

Revision as of 21:41, 14 September 2011 by Drwho (talk | contribs)

Description

We are building a portable live Linux distribution based on Porteus Linux. Porteus itself is a fork of Slax that has been brought up to date with Slackware 13.37 and uses a 2.6.38.8 kernel. Porteus can use binary packages from Slackware 13.37 after conversion to Porteus' native format.

Code Repositories

Github page Subversion repo for Porteus packages

Goals

  • Make it possible for people in emergency situations to communicate and collaborate.
  • Make it possible for people in areas where the communications infrastructure is compromised to communicate and collaborate.
  • Provide services to support communication and collaboration.
  • Will be secure out of the box.
    • Best practices for isolating running services will be followed.
    • Best practices for configuration web applications will be followed.
    • Least privilege will be followed wherever possible.
  • Will be extensively documented.
    • A Creative Commons-licensed book will be made available with the Byzantium distribution as well as separately
    • Will explain the finer points of setting up a mesh, as well as accompanying projects (such as dialup gateways and long-haul transports).
    • Will be translated into as many languages as possible.
  • Widely compatible.
    • Users need to be able to boot their desktop/laptop/netbook from Byzantium media and set up a node.
    • As little fiddling with network drivers as possible.
  • Rapidly deployable.
    • Users need to be able to configure their Byzantium node rapidly and with little assistance.
    • Emergency situations.
    • Control panel aims to be as self-documenting as possible.
  • Aims to protect confidentiality of traffic.
    • Opportunistic IPsec?
    • All services default to SSLv3/TLSv1.
  • Aims to protect integrity of traffic.
    • SSLv3/TLSv1.
  • Meshes should grow without the direction of a central authority.
    • Anyone can set up a mesh node.
    • Anyone can set up services on the mesh.
    • Services packaged by default can be managed (activated and deactivated) from the control panel
    • Services packaged by default will come preconfigured with secure defaults and a mobile-friendly theme where appropriate.
    • This is a calculated risk. The threat models of Tor and I2P take this into account as well.
  • Byzantium nodes need to be rapidly clonable.
    • One copy of the live distribution needs to become many on demand.
    • Nodes need to be clonable without taking the node down.
  • Persistent storage has to be an option.
    • Built into Porteus.
      • save.dat file
      • removable media
      • media Porteus is installed to
  • Dependencies will be automatically managed by the control panel.

Features

  • Can support multiple mesh routing protocols.
  • Modular configuration back end.
  • Multiple pre-packaged, pre-configured web applications for communication and collaboration.
  • All services can be independently activated and deactivated.
  • Aims for security by default.
    • Services are not active unless explicitly triggered.
    • Services are configured using best practices for security.
    • Services support strong cryptography by default.
  • Supports gatewaying from the mesh to the Net over a live connection.
  • Supports persistent (encrypted) storage on demand (not default).

ToDo

Pick a web server to host applications:

Needs to:

  • ...be readily reconfigurable.
  • ...support PHP.
  • ...not use too much RAM or disk space.
  • ...support passthrough for other apps like
    • ...crypto.cat.
    • ...etherpad-lite.

We need to figure out how to properly install the control panel app on a new system. The process should be as pythonic as possible.

The Doctor's to-do list

Packages built for Byzantium

  • babeld - For great mesh routing.
  • batman-adv - Kernel module which implements mesh routing at OSI layer 2. We may not use it but it's there if we need it.
  • batctl - Utility for configurating and manipulating batman-adv.
    • Dependency of batman-adv.
  • ahcpd - For configuring mesh nodes that don't want to use the random RFC-1918 IP address generator.
  • CherryPy - Python module that implements a fast multi-threaded HTTP (web application) server.
    • Dependency of the control panel. Without this, there is no control panel.
  • pySetupTools - Required for installing some Python modules.
  • Mako - Python HTML templating system.
    • Dependency of the control panel.
  • MarkupSafe - Python library that implements a Unicode string that is aware of HTML escaping rules and does automatic string escaping.
    • Dependency of Mako.
  • Git - Converted Slackware v13.37 package.
  • Curl - Converted Slackware v13.37 package.
    • Dependency of git.
    • Note: To make git work without "error setting certificate verify locations" errors, you need to run the following command as the root user: git config --system http.sslcainfo /usr/share/curl/ca-bundle.crt
  • rrdtool - Used by traffic_stats.sh to monitor network traffic and build graphs.
  • sqlitebrowser - Used to develop SQLite database schemas and debug database access code. Will not be in OS release.
  • nginx - Lightweight, fast HTTP(S) server. Much more lightweight than Apache, at any rate. Custom build for Byzantium.
  • gd - Dependency of PHP.
  • libmcrypt - Dependency of PHP.
  • icu4c - International Components for Unicode. i18n dependency of PHP.
  • openldap-client - Dependency of PHP to make it compile. Not pleased by having to package it, but it won't build without it.

Links

Place links relevant to any part of the process of making the live distro here.

Porteus Official Website Processes for building Porteus packages. Process for manually installing Byzantium.

Timeline

  • .....uhh....
  • 20 October 2011 - Live demo, presentation, and networking at ContactCon.