In this post I would like to talk a bit about the main design goals of OPI and the overall architecture mainly from a functional software perspective. What is ticking under the hood and why have we made the decisions we have taken.
(Note however that even though we have come a long way with development, all parts are still not 100% finalized so things might still change after this is written.)
Design and architecture
Lets start by going through the main design and architectural goals of OPI. There are three cornerstones in the design.
First off, OPI shall be safe. You should be able to rely on OPI safekeeping your information as much as possible under all circumstances. Data should be stored securely and permanently.
Secondly, you shall be in control of the device. There shall be no way for a third party to use information stored on OPI.
And lastly, OPI should be designed with ease of use as a top priority. You should not have to bend over backwards to enjoy the features of OPI. We want you to be both Connected and Protected.
OPI run a more or less untouched kernel.org Linux kernel. We try to do as little modifications as possible for two reasons. First off it makes any source audit that much simpler. If we were to use an SDK provided by the processor manufacturer or any other embedded distribution we would have to live with thousands of changes made by different, mainly unknown contributors often with a build system not easily understood. Secondly it makes our life easier not having to do massive work on updates to keep our modifications up to date.
On top of this we run our own derivative of Ubuntu 14.04. We took the base of 14.04 modified some packages and added our own specific packages on top. All available, including source, in our package repositories. The reasons for using Ubuntu is that Ubuntu is based on the high quality Debian project giving us a good foundation to build upon. Further more the 14.04 release is a long term release which means that Ubuntu will support this for a longer time than usual, EOL for 14.04 is April 2019.
OPI uses apt, for software upgrades, and runs unattended updates daily to make sure that all software running on the system is up to date. This feature is of course optional but highly recommended.
All user data is stored on the µSD(XC)-card. The complete µSD is encrypted using LUKS with AES encryption. The user selects a master password when configuring the device for first use. That password then has to be provided upon boot for the device to be functional. The password can be provided to OPI via a browser, by having a usb-key, with the secret password on, plugged into the device while booting, or if the user is fine with degraded security the password can be stored on the unit itself.
This assures, if the password is not stored on the device, that even if OPI or the µSD is stolen the thief still will not have access to the information stored on the device.
Then to make sure that information stored on OPI is available tomorrow as well, regardless what happens, OPI has a top class built in backup service. We use S3QL to make encrypted, time-lined, space efficient backups of OPI. This will also be tightly integrated into OPI filebrowser.
Initially backup is provided either against our backup service or onto an externally attached USB mass storage device. (Each purchase of an OPI entitles to at least three month trial of our service.) We will try to extend the list of possible targets later on.
To make sure that you can reach your unit, OPI is bundled with a free dynamic DNS service. During initial setup you are asked for an easy to remember name for your OPI. When the operation is completed the device is always reachable via https on “opi-name”.op-i.me OPI makes sure that this DNS name is always updated and if needed OPI will open up appropriate ports on UPNP-IGD enabled routers. (NAT-PMP is planned)
All communications is encrypted at all times using TLS. During initial setup OPI sends a certificate signing request to our servers which returns a unique certificate. This enables OPI to always be able to identify itself safely when communicating. Further more, our smartphone apps only talks to a unit identified by our CA mitigating any man in the middle attacks.
OPI of course also has its own built in firewall to safeguard the unit from both external access and internal unauthorized communication. It should be perfectly safe to put OPI outside a firewall if that is preferred.
OPI provides full featured email handling. It sends email, retrieves mail from external accounts and accepts incoming mail for configured domains.
If you have email hosted elsewhere today, say from your ISP, gmail etc, and want to keep doing so. OPI uses fetchmail to retrieve mail from other sources and store them locally. For example tell OPI to fetch all mail from email@example.com and store it locally in Tim’s inbox and OPI will periodically check firstname.lastname@example.org and retrieve any new mail. As an added bonus this gives you a speedy always up to date inbox on your local network.
Apart from retrieving email from other sources OPI has a built in SMTP server, postfix, that is used to send email, either directly or via a relay. All users of OPI can use OPI as an outgoing SMTP server.
The SMTP server also accepts emails for local users directly. Which means that for example an email for tim@”opi-name”.op-i.me is delivered directly into Tim’s inbox. The last but definitely not the least feature of the SMTP server is that it can accept mail for specific domains.
That is, if you have a domain lets say mydomain.com you can redirect the email handling of that domain to point at “opi-name”.op-i.me and tell OPI to accept mail from that domain. You can then setup OPI to accept mail addressed to, say, email@example.com and deliver them into Tim’s inbox.
Finally OPI has a built in IMAP server, Dovecot, which makes sure you also can read your email.
How do you use the mail functionality of OPI?
If you are on your desktop, configure your mail-application to use OPI as outgoing SMTP server and incoming server via IMAP. This works out of the box with all major email applications on Windows, Linux or Mac. Example applications here could be for example Thunderbird, Outlook or the built in mail client in Mac OSX.
If you are using a web browser, just surf to https://”opi-name”.op-i.me and log in. OPI comes with a built in web mail client, Roundcube
If you use an Android Smartphone or tablet you download and install our free OPI app from google-play. Complete the simple setup providing your personal user information and your selected OPI-name. The OPI-application comes with a slightly customized mail application, K9 mail
Unfortunately our IOS app will not be finished for the IGG campaign. Until then IOS users will have to manually setup their devices. This should however not be to difficult since OPI natively uses the same protocols as IOS. This will be covered in another article.
Files, Calendar and Contacts
OPI also supports storing your calendars, contacts and files. It uses Owncloud for this. External access is primarily provided via the various DAV variants.
Files stored on OPI can be accessed via web interface, point your browser at https://”opi-name”.op-i.me and login using your username and password. Files, photos etc is then accessible via the web based filemanager.
On your desktop or laptop you can either connect natively via WebDAV. Linux, Mac OS, and Windows all support this. Alternatively the Owncloud client application can be used.
If you use an Android Smartphone or tablet you can download and install our OPI app from google play. The OPI app includes the Owncloud application for easy file synchronization including automatic upload of photos taken with the device.
Calendars and contacts can be accessed via web interface as all other services. External access is provided via CardDAV and CalDAV.
On your desktop applications such as Thunderbird have support via the SoGo Connector. Mac OS have built in support for both Card- and CalDAV.
Using an Android Smartphone or tablet, use the OPI app which have support for this via the DavDROID IOS has native support for both Card- and CalDAV.
Things to be done
There are a few things we really want to add but we realize that we wont have time to squeeze in in time for Indiegogo deliveries. This will however hopefully be delivered as upgrades later on.
Core, the big thing that wont be ready on time is the use of auditing. I.e. SELinux or AppArmor
Email, what is currently missing and wont be ready in time is unfortunately spam-filtering. We will try to add this asap and it will most likely be using Spamassassin.
IOS app, we are targeting an IOS settings app as soon as possible. Even though all features of OPI is natively supported on IOS devices you still should not have to configure all services manually.
Possible future extensions
This is an open area. Where should we take OPI next? Areas or applications that we find interesting is for example integrating an RSS-reader, todo-lists and similar applications. Extending communications with secure chat or possibly even VoIP. Other highly interesting areas would be home automation.
Got any cool ideas, want to share them with us? We would love to hear about them!
I hope this have been an interesting, hopefully positive, read. If not please let us know, we really appreciate all feedback we can get. Also consider supporting our current IndieGoGo campaign or just help us spread the word!
Pingback: OPI – Under the Hood | A blog with a view
If I already have working Owncloud instance running, can OPI made somehow play with that or are they duplicate effort?
Is there / how local storage is done?
Regarding Owncloud. You can add “external storage” to let one of the OC-instances also expose files on the second one. But beyond that it gets a bit problematic. But not really knowing your current setup its hard to provide answers.
Regarding local storage. All user data is stored on the encrypted µSD-card.
Great post Tor. Very informative!
First: Awesome that you are doing work to tackle the “own your data” problem! Keep up the good work!
Could you (or PA) maybe do a similar post on the hardware side of OPI? Or give us some quick specs on chipsets, etc?
There is some informatin here:
Any specific questions and I will be happy to answer, but there are not that much more on the board.
This seems like a very interesting product. However I wish for one more feature (that I haven’t seen listed). I would like to be able to connect two or more OPI:s at different physical locations, so that they automaticaly make duplicate copies of files.
One basic use of this would be that family photos are safe, even if there is physical harm done to one of the OPI:s. (I would expect this to be a good selling point)
We do have some thoughts on how to connect OPIs with each other, but there is a lot of work involved in this.
But I understand your intent.
For now what we can offer is to make sure your photos are safe by keeping a backup on our servers. Your files are encrypted before being passed to us, and we have no access to anything else but encrypted data.
Vad sägs om att använda Yubikey, som ett sätt att åstadkomma långa, trevliga lösenord?
Självklart tittat vi på lösningar för tvåfaktorsautentisering inklusive Yubikey. Vi har tom ett par sådana här för test
Detta och GPG hela vägen är saker som ligger högt på vår attgöra-lista. Dock hinner vi tyvärr inte med det innan releasen men vi hoppas kunna släppa, iaf GPG etc, som uppdateringar så snart det går.