Re: [Tails-dev] [tor-dev] [GSoC] Tails Server - status repor…

Borrar esta mensaxe

Responder a esta mensaxe
Autor: George Kadianakis
Data:  
Para: segfault, tails-dev
Asunto: Re: [Tails-dev] [tor-dev] [GSoC] Tails Server - status report 4
segfault <segfault@???> writes:

> [ text/plain ]
> Hi,
>
> George Kadianakis:
>> segfault <segfault@???> writes:
>>
>>> [ text/plain ]
>>> Hi everyone,
>>>
>>> this is the fourth status report on the Tails Server GSoC project.
>>>
>>> First off: There are nightly images of Tails with integrated Tails
>>> Server available for download [1]. Some notes if you want to test it:
>>
>> Hey segfault,
>>
>> I gave your iso a try! The application seems to work pretty well!
>
> Thanks for testing it!
>
>>
>> Here are some nitpicking comments. Feel free to ignore comments that involve
>> parts you have not yet implemented.
>>
>> - When Mumble starts it just says "Online". There is no indication on how to
>> use it, what's the onion address, or how you connect to it.
>>
>> - Why is the reset button available only for Gobby?
>>
>> - Mumble has no options? Not even port or onion address like Gobby?
>
> That should not happen. Seems like you discovered a bug. But I can't
> reproduce it in the current version. :/
>


Hmm. The Mumble panel just tells me "Online" and nothing more. Is it supposed
to say more stuff, like the onion address?

>>
>> - OTOH, Gobby provides useful information when it starts, like the onion
>> address and the port.
>>
>> However, in both cases I was actually not sure how to test or use the
>> service. I wonder if it would make sense to have a small paragraph for each
>> type of service pointing to resources on the internet, or a small guide on
>> how your friends can connect to you... (hm, localization issues?)
>
> I plan to relay on the documentation for this (the question mark).
>
>>
>> I guess the client-side of Mumble is also installed on Tails right? So
>> testing it from inside Tails should be quite easy.
>
> Right.
>
>>
>> - I tried starting up (installing) Mumble for the first time without
>> Internet. The startup blocked for a while and then it displayed a message
>> that said "An error occured. See the log for details." How is the user
>> supposed to find this log?
>
> Installing services won't work without Internet, because the packages
> are downloaded and installed on the fly. I didn't implement logging to a
> file yet, only to stdout (so no log if you didn't start tails-server
> from the command line). I think I should catch the error caused by
> missing Internet connection and set the status message accordingly.
>
>> - In Gobby, is the server password securely auto-generated? Can we make this
>> more obvious maybe? Or maybe can we have an opt-in "auto-generate" button
>> that generates a password only if the user wants?
>
> In both Mumble and Gobby the server password is a 20 character random
> string. We could implement a button to generate a new (secure) password,
> but I kinda like the secure default. Do you think explaining this in the
> documentation would be acceptable?
>


I think that's acceptable.

>>
>> Or maybe the current auto-generate by default approach is best for UI. Not sure.
>>
>> BTW, did you write the password generation routine yourself or is it a
>> module? You don't have one that uses readable words instead of random base64?
>
> I use Python's random module:
> import random; import string;
> ''.join(random.SystemRandom().choice(string.ascii_letters +
> string.digits) for _ in range(20))
>
> I kinda expect users to copy-paste the `Connection Info` (including
> onion address and password). But I think you're right and it wouldn't
> hurt to use something more readable. I did a quick search and didn't
> find any Python module in Debian that provides such a function. Do you
> know one?
>


Hmm, there seem to be some Python modules on github that do this sort of thing:
     https://github.com/redacted/XKCD-password-generator
     https://github.com/beala/xkcd-password


However, your "random characters" approach should be fine for now since you
assume that your users will copy-paste it around. Adding more password patterns
can be a task for the future.