openinternet / copilot Goto Github PK
View Code? Open in Web Editor NEWAn easy to use censorship simulating access point in a box
Home Page: https://openinternet.github.io/copilot/
License: GNU Lesser General Public License v3.0
An easy to use censorship simulating access point in a box
Home Page: https://openinternet.github.io/copilot/
License: GNU Lesser General Public License v3.0
Currently the Co-Pilot profile config file is a csv file. This will need to be changed to support a better format. I am currently thinking that YAML or JSON would be easy to implement and readable config file formats for copilot.
We need to clearly test and document the capabilities of various platforms so that developers and trainers know what capabilities they will get with various devices.
After presenting Co-Pilot in the demo room at RightsCon https://www.rightscon.org/index, several more in-depth conversations with trainers occurred. Current Co-Pilot capabilities, modifications, different use-cases and the future of a training aid like Co-Pilot were also discussed.
The ability to share resources (such as word docs or pdf files), executable files for tool downloads, or html pages would all be very valuable so as not to use bandwidth on downloading these things during a training.
When creating a rule the following error occurs.
File "/home/www/copilot/copilot/models.py" line 182, in apply_it
dnsc_rule = eule.get_dns()
File ..../models.py line 218 in get_dns
reutrn _parsed
NameError: global name _parsed not defined.
During a follow up interview, one trainer suggested making a "Tor" switch so the trainer can choose when to send all traffic through the Tor network. This is so when participants are passively connecting to the Internet during a training session - checking email, news, social media, etc - the connection is encrypted and more anonymous. Once the trainer goes to use Co-Pilot profiles to block and censor, they would be able to turn this feature off so connection speeds will be faster.
We will be useing supervisord to run all scripts including dnschef and create_ap to make a simple system for managing service manipulation. This will leverage pythons' watchdog library monitoring config files to restart the major scripts when needed.
Documentation to show a trainer how to use the tool
In netfilter, If a chain doesn't decide the fate of the packet, then once traversal on that chain has finished, traversal resumes on the next rule in the current chain. This means that the first rule that blocks, discards, or forwards a packet on will be carried out without concern for any later rules. The Co-pilot interface must make sure that the interface provides a logical way to prevent incompatible rule sets that may cause inconsistent behavior.
Pre populating Co-Pilot with a few sample profiles will provide trainers with a variety of examples and will also help trainers get a glimpse of some of the different ways they can use it during their trainings.
Name | Cost | Shipping | Total |
---|---|---|---|
Bananna Pi | 64.24 | 5.25 | |
Beagle Bone Black | 55.00 | ||
MinnowBoard | $189.00 | ||
ODROID-U3 | $65.00 (+ 5.00 power cord) | ||
HummingBoard | 60-120 |
Overestimate: 75$
802.11AC Devices
Name | Cost |
---|---|
ASUS | 64.00 |
Roswell | 38.00 |
Comparison 55-70$
Overestimate: $75
Name | Cost |
---|---|
Beagle Bone Case | 10.00 |
Custom Printed | 15.00 |
Overestimate: 17.00 Per
A wifi router to test client bridged AP: 40$
Batteries: 55$
Cost per Piece: 157
The co-pilot needs to be easy for many trainees to use. As such, we have decided that the co-pilot should put out a wireless access point for students to connect to.
debian access point
debian & ubuntu wifi access point
Linux Wireless Access Point
How to setup Access Point (WiFi hotspot) on Debian
ODROID U2 as a wireless access point
SOLVED - Odroid X2 Running Arch Linux Cannot Start hostapd
Arch Linux tutorial for turning a computer into an internet gateway/router.
Building a Linux Router
Identification of interviewees for the user interface design is under way.
Using the list of user-interface elements as a guide create a document describing the outputs of the user think aloud testing.
This write-up will be a condensed version of main takeaways from the follow up interviews that took place in Feb.
During the think aloud testing interviews, several trainers wanted the ability to not only save profiles to a USB, but also be able to save straight to Co-Pilot's SD card.
Per the needs assessment survey Sharable Trainer Profiles are desired for creating region specific blocking simulations and updating and sharing them.
Starting with a ODROID-U3+
ODROID software Mirrors_and_File_Servers
Debian Wheezy Instructions
Step-by-step Ubuntu SD Card Setup
When dnschef is restarted https://github.com/OpenInternet/co-pilot/blob/15404dcd614cec555ca0f166a2f2108a3787c1b4/copilot/models.py#L193 the service is not being found by the service command.
Per the needs assessment survey:
Whatever case we decide upon should make the co-pilot look like as generic as a travel wireless access point.
Trainers work in a wide variety of environments and there may be some instances where there will not be direct ethernet port to plugin Co-Pilot. Documentation is needed for cases such as this.
Draft of initial survey results has been completed. Will work on polishing this draft today and tomorrow.
Selecting a specific action, should recompute the available options in the target. Selecting a target should recompute the type and options in the sub-target selector. We will need this as we add features and it will be harder and harder to implement as we move forward.
We should work on a way for co-pilot to be able to work without needing a trainer to facilitate.
This way people in high risk, or trainer-less areas can train themselves. Trainers are spread very thin (see the needs survey) and we can't reach all the possible interested users with these types of experiences.
(edited by s2e)
Additional UI enhancements were suggested during follow up interviews. For example, when a trainer goes to configure a profile they wish to demonstrate or simulate during a training, several trainers suggested if you hover over DNS blocking, an explanation/definition bubble would then pop up automatically, in order to provide more information to trainer so they can select the best configuration for their specific use-case.
Co-Pilot needs a color/design scheme and basic UI design specs
A user facing interface to show what the co-pilot tool is currently doing.
Both through follow up interviews and the initial needs assessment it was mentioned that building out a sample curriculum incorporating Co-Pilot into training would be very valuable.
Develop wire frames for User Interface
The proposed architecture should be sent out to a set of communities to get review before major technical work begins. This will help us streamline the development process and learn from problems faced by other groups.
There need to be sepearate paths into the application so that users can be served blockpages and trainers can be served the trainer interface.
This feature may be a future enhancement to Co-Pilot, but having the ability to load these on the device to use during training may also be useful, as long as there is a smooth transition between the different components.
(in)security demos show participants specific vulnerabilities and risks associated with different behaviors, while then providing information to participants on how to mitigate them. These demos focus on a more hands-on learning experience, rather than a lecture style training session.
https://github.com/schloss/insecurity-demos
Another component that would be useful to incorporate into Co-Pilot are COGS (Challenges, Observations, Games and Simulations). COGS focus on actively engaging with participants through different drills and games, while allowing them to practice the new set of skills they have acquired.
Guide for simple implementation:
https://devcentral.f5.com/articles/v111-dns-blackhole-with-irules#.U2M6-lea8Tg
Blockpages:
https://github.com/NullHypothesis/blockpages
https://github.com/citizenlab/blockpages
The Co-Pilot needs a user-interface for the customization and management of the co-pilot device.
Create a flow chart out of the wireframes to outline the detailed user experience within the co-pilot trainer interface.
Existing tools on the Kali distribution provide the same functionality that we will want to implement through the current iptables design. These tools are externally supported and provide sustainability to the tool.
The specific rule actions are currently contained with a profile. They should be more clearly separated so that the path for each is clearer.
The current url validator does not handle many of the edge cases that are needed to properly apply co-pilot rules. These need to be able to parse various parts of an address to provide different blocking scenarios.
More so than any of the other embedded platforms there has been a huge amount of interest in the raspberry-pi as a co-pilot platform.
I have serious concerns about the general lack of computing power supplied by the Raspberry-pi. We need to be able to provide a clear capabilities/limitations overview of this platform so that those who will eventually get it running on the Raspberry-pi understand its limitations.
This would allow a developer to add additional functionality to the co-pilot platform.
References:
We will need extra storage as it only has 4gb by deafult.
EDIT: it can use a sd card so it is not limited to the 4gb on the board.
List of potential interviewees includes: 2, 5, 9, 16
Needs Assessment Interviews with trainers will guide the development of rough interface prototypes. The interviewees will be chosen from survey participants.
Needs Assessment will be conducted a survey of digital security trainers.
Includeing:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.