[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers

coadde coadde at riseup.net
Mon Aug 1 23:25:42 GMT 2016

On 08/01/2016 07:23 PM, André Silva wrote:
> On 08/01/2016 06:52 PM, Luke wrote:
>> On 07/30/2016 11:24 PM, coadde wrote:
>>> Hi guys, i would make some changes in the new server, however i would
>>> propose it to be discussed under consensus first:
>>> * Remove SSL certificates to be more KISS and adhocratic.
>> No idea what this means, but we should keep our TLS certs and all
>> mirrors should be required to have HTTPS.
>> Would also be nice to have a means of verifying the fingerprint of the
>> certs.
> +1 about Luke opinion.

OK, i don't know much about tls :(

>>> * Use a TOX server as XMPP replacement.
>> +1. Simple to use, works on my slow internet, and doesn't require a
>> central server (XMPP does require a centralized server, although it is
>> "federated" meaning we could setup our own. Tox is still more reliable imo.)
> I think TOX has option to register account to toxme.io. Since i don't
> know about it, could be it useful to create a server?

It could creates a user to speech in groups and conferences with TOX

And "toxcore" contains the service "tox-bootstrapd (Tox DHT Bootstrap)",
to use as node and DHT[0][1]


>>> * Use NetworkManager (CLI) instead of Netctl.
>> Netctl is pretty solid, I no longer use network manager on anything
>> other than my laptop due to the heavy bloatware.
> Netctl is pretty solid, but no portable since it is adapted only for
> systemd. If we have plans to move to OpenRC or another one (eg. gnudmd
> (called now as GNU Shepherd)), we should looking for alternatives (eg.
> NetworkManager).

+1, NetworkManager is easy to use it with "nmcli" command and contains
most of options, example:

nmcli commands:

nmcli c add help # help to create any type of network
nmcli c add type ethernet ifname eth10 con-name "Ethernet_Server" \
            autoconnect yes \
            ip4 gw4 # create the "Ethernet_Server"
nmcli c show # show all networks
nmcli c edit "Ethernet_Server" # edit the selected network in
interactive mode
nmcli c up "Ethernet_Server" # to connect the selected network
nmcli c down "Ethernet_Server" # to disconnect the selected network
nmcli d status # show interfaces
nmcli d wifi   # show SSID wifis and status
nmcli -a d wifi connect "SSID" # create and enter the selected SSID wifi

configuration file like:








>>> * Testing against all type of attacks to check our security settings is ok.
>> +1. We should have someone audit the server for any vulnerabilities.
> +1, i suggest use linux-libre-audit for it.
> In this case, since it is a server, i could create a modified version of
> linux-libre-lts with AUDIT support called linux-libre-lts-audit, what do
> you think guys?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160801/28dc6e0a/attachment.sig>

More information about the Dev mailing list