Hi,
Arturo Filastò wrote (23 Mar 2012 22:45:39 GMT) :
I believe this project has some common goals with the work TAILS wants to do on the "TAILS server edition" [1].
Sure. There's probably some work that can be shared. It's unclear to me what part of it yet, but we'll see.
It's striking how different those projects are, but not as much as the fact we independently thought of proposing them for GSoC the very same year. I think it confirms "something like this" is needed, and I'm glad of seeing this happen.
Tails server and APAF share something important: they don't exist yet. There are a few big differences between Tails server and APAF, though. Let me mention some of those, and we'll see what we can learn from this. At least I'm sure comparing Tails server with APAF will help clarify what Tails server would be :)
Amnesia vs. post-mortem analysis of the equipment -- Tails server is likely to be based on Tails (no kidding), inheriting much, if not all, of its threat model and specification, including taking radical measures to avoid writing anything to local storage media unless the user explicitly asks for it. I did not see any such thing in the APAF description. Is this part of the APAF threat model? I must say I am impressed with how far something like the TBB goes to satisfy this requirement at the application level. At some level, things get out of control of most applications anyway (hints: swap, usage of various OS functionality that may, or may not, write stuff to disk), but even if we disregard that level, I'm not sure how a webapp framework for a generic language such as Python could try to satisfy this requirement as well as the TBB.
Target hardware and usage model -- As far as I understand it, APAF is aimed at running on the Desktop (that is on a desktop or laptop computer that's running a full-blown desktop environment such as GNOME). We expect most of the services provided by Tails server to run 24/7 in cupboards, garages and basements. I don't expect users to keep their desktop or laptop running and online 24/7. This is one of the reasons why Tails server should be fully functional on boxes people do not want, or cannot, use as Desktop computers anymore, e.g. because of hardware being half-broken or not powerful enough to run a modern Desktop environment plus server software.
Applications -- Tails server is meant to run any existing application we add and maintain support for, building on existing blocks such as Gobby and a few others. As far as I understand it, APAF is a framework to write, and maintain, a set of brand new applications that would be bound to this specific environment -- in other words, people not interested in Tor are unlikely to ever contribute to such an application. I find the APAF approach to be very ambitious.
Future -- Tails server would be a practical contribution to the FreedomBox project, that should explore some of the FreedomBox aspects: 1. In a way that's immediately useful to lots of people. 2. In a way that _practically_ attacks some of the FreedomBox technical challenges (e.g. configuration management on the long term, upgrade management, unlocking encrypted storage at boot time on a potentially headless machine). 3. With a specific threat model in mind, that's not shared by all people who {are, should be, are supposed to be, could, might} be working on the FreedomBox project. Showing them deployed, working code and systems will be much better an advocacy for anonymity, storage encryption, and location hiding, than trying to explain them why they should write support for all of this themselves. Ideally, the purpose of Tails server should be taken over by the FreedomBox some day, and the process that leads to Tails server should help the FreedomBox to actually exist some day. Sometimes, it's great to start a project while knowing right from the beginning it could very well become obsoleted by something even greater that will be maintained by, or with, entirely different people.
Tails server should be able to run APAF applications, right?
Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc