Joseph's question is really important not even for me, as for person, who just want to try to run multi-purpose "home server". I think it is good idea for some bigger Documentation and HowTo project, too. Eugen's idea to have .ovf packages for different purposes is relevant too. Both ideas still need to be answered, and seems to me even propagated, so let me add one more question: Is there some Propaganda/Documentation Project/HowTo Wiki for this purpose? One of interesting .ovf I have found is *Liberté Linux*: http://dee.su/liberte [seems to be kind of out-dated] One of interesting "multi purpose, out of the box, home server" seems to be this: *arkOS: Building the anti-cloud (on a Raspberry Pi) - open source, Raspberry Pi - Development - Techworld* http://www.techworld.com.au/article/528273/arkos_building_anti-cloud_raspber... Both projects seems to be worth to add human power to and more propaganda. *Tails* https://tails.boum.org/ seems to be paranoid enough to not to support .ovf, or em'I wrong? BTW all of mentioned projects are good hint, what is trend on side of services but list of services and tools is still more than welcome. Btw2: On this wiki, I'm tiring to complete list of user side apps for different platforms, so it could be helpful too: https://brmlab.cz/project/crypto-anonymity_knowbase Regards, ~ Over Dne 11.10.2013 13:42, Eugen Leitl napsal(a):

On Wed, Oct 09, 2013 at 03:58:26PM -0500, J.A. Terranson wrote:

...

Don't get me wrong, I'm not saying don't do it: I think *everyone* should, at least for a years or so, for a variety of technical, political, and other reasons. But you *cannot* go in unprepared! I think we need more hidden services to make the darknet more attractive, less exits. The open Internet has been dead for a while, time to accept it.

Running a non-exit relay from home is still worthwhile, since it raises the bar for physical access, and also increases the traffic background.

Decentral search is pretty important, we could really use lots of YaCy nodes as hidden services -- indexing not just the hidden web, of course.

I wish there was a library of different privacy-based appliances in virtual formats (.ovf) which are kept up to date for easy deployment (even though running it on bare iron would be preferable). That would seem to be a lot of work, though, and run into trust issues.

-- “Borders I have never seen one. But I have heard they exist in the minds of some people.” ― Thor Heyerdahl www...................http://overdrive.a-nihil.net twitter...............https://twitter.com/#!/idoru23 GoogleTalk/Jabber.....tpetru@gmail.com blog..................http://d8ofh8.blogspot.com last.fm...............http://www.last.fm/user/overdrive23 GnuPG public key......http://overdrive.a-nihil.net/overdrive.txt GnuPG key FingerPrint.072C C0AD 88EF F681 5E52 5329 8483 4860 6E19 949D

I'm using Tails inside virtual boxes only, because there is almost zero possibility of local data theft or local attack in my case, much more problematic is "Open Internet". So I think they are too much paranoid for my purpose and could be good idea to try to discuss it with them. Even I like design of Liberte Linux more [smaller, faster, same amount of tools, encrypted filestystem usable even under Windows...]. But we seems to be little bit OT, better to return back to question: what server application to run these days for self-suficient-anarcho-cPUNK-box. I think people from FreedomBox thread & Tor thread should be able to answer us best. Btw I see FreedomBox as unusable overkill, but it is just my IMHO. Too much crypto* == no usability for everyday purposes [which is basically exactly, why I'm reading this mailing list and doing wiki]. We must count with users as my mother is. She is able to encrypt/sign e-mail with Enigmail and use OTR and TrueCrypt... that is good example, where all of this should lead on user level. e.g. Pidgin + OTR plugin, Thunderbird + Enigmail, Ubuntu -- good user experience, not really much ponts, where even my Mother "can do it completely wrong" ... it is Facebook century, even most stupid or non-techie from primary school are on netz. Nobody cares about mailing lists and bbses anymore. Time to do it completely transparent [really gr8 job Enigmail !!!] --> Tails is killing itself because crypto* overkill even on web now [even I understand it could be good to have complex, it should not be default... propaganda and education should not kill usability, even it IS fu*ng important] Smart aPUNK study and is able to configure server, but does not understand elliptic curves on math level. Still MUCH better to understand concepts and be able to run it relatively fast and secure, than undrstand math and not 2 be able to do revolution, eh? have an ice day, ~ Over Dne 11.10.2013 17:53, Eugen Leitl napsal(a):

On Fri, Oct 11, 2013 at 05:31:31PM +0200, Tomas Overdrive Petru wrote:

...

*Tails* https://tails.boum.org/ seems to be paranoid enough to not to support .ovf, or em'I wrong? Their official position IIRC is that they discourage VM use, so they might not want to offer a virtual appliance.

While they're technically correct, there's value in virtual network plumbing, so you can build up separated compartments, and routers which force everything through Tor.

It would reduce the threshold of entry, even though there are ways of detecting that you're running in a hypervisor jail, and break out of it.

-- “Borders I have never seen one. But I have heard they exist in the minds of some people.” ― Thor Heyerdahl www...................http://overdrive.a-nihil.net CellPhone.............00420-721-007-507 twitter...............https://twitter.com/#!/idoru23 GoogleTalk/Jabber.....tpetru@gmail.com blog..................http://d8ofh8.blogspot.com last.fm...............http://www.last.fm/user/overdrive23 GnuPG public key......http://overdrive.a-nihil.net/overdrive.txt GnuPG key FingerPrint.072C C0AD 88EF F681 5E52 5329 8483 4860 6E19 949D

On 12/10/13 03:35, Andy Isaacson wrote:

On Fri, Oct 11, 2013 at 01:42:13PM +0200, Eugen Leitl wrote:

...

I think we need more hidden services to make the darknet more attractive, less exits. The open Internet has been dead for a while, time to accept it.

Running a non-exit relay from home is still worthwhile, since it raises the bar for physical access, and also increases the traffic background.

Decentral search is pretty important, we could really use lots of YaCy nodes as hidden services -- indexing not just the hidden web, of course. Hmmm, I hadn't heard of YaCy before, thanks for the mention!

...

I wish there was a library of different privacy-based appliances in virtual formats (.ovf) which are kept up to date for easy deployment (even though running it on bare iron would be preferable). That would seem to be a lot of work, though, and run into trust issues. OVF is a dead end AFAICS.

It's not perfect, but the combination of Chef/Puppet (to specify + install + configure the software stack) plus Vagrant (to specify + install + configure the base VM) seems like a more fruitful path forward. There are some missing pieces; for example, it's regrettably common in current Cookbooks and Vagrantfiles to download unsigned-and-unhashed code from the network and trust it. But that's fixable with more hashing and content addressed storage.

-andy coreOS also has potential still has some bugs but looks promising.

On Sat, Oct 12, 2013 at 04:54:30AM -0400, grarpamp wrote:

On Fri, Oct 11, 2013 at 7:42 AM, Eugen Leitl wrote:

...

I think we need more hidden services to make the darknet more attractive, less exits. The open Internet has been dead for a while, time to accept it.

If you are referring to Tor, there are at least 700 such services that you could find rather easily right now. That's ~75% more since two months.

Certainly nice growth, but realistically won't be sustained post-Snowden. Most-used services on the Internet is search, and there's just one useful search engine in onionland: 3g2upl4pq6kufc4m.onion and it's not operated by multiple, independent, noncommercial parties.