On Fri, Jul 6, 2012 at 3:16 PM, Nick M. Daly wrote: > I'm a little leery of asking users to sign up for a service on a > device that's designed to let them host their own services.
On 07/06/2012 06:45 PM, Michiel de Jong wrote: > if you want to offer any form of web presence, you need... a DNS > server or a (network of) reverse proxy(s) if you're on a dynamically > assigned own IP. On Fri, 06 Jul 2012 12:57:37 -0400, Ian Sullivan wrote: > I don't see anything wrong with setting up such a service as long as > we work towards making it possible for others to set them up too... > If everyone with a route-able address can run such a service for the > people in their lives who trust them to run it then it actually seems > pretty natural to me that community non-profits like the freedombox > foundation or Debian itself would start running such services for > their communities. Very well put, Ian. I wouldn't have concerns with that, as long as users have the option and ability to enable themselves. I'm a little annoyed we don't have an easy solution yet, all of the solutions are aimed at power users (defined as "requiring almost any setup at all") and might be hard to configure out of the box, but I have faith in Michiel and Bjarni. On Sat, 7 Jul 2012 16:25:54 +0300, Michiel de Jong wrote: > On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauch wrote: > > with PageKite, this probably leads to registering a domain name for > > a box... > > or subdomain, which saves money. > > > with Tor HS, no need to register a domain... > > for mainstream users that would mean going via tor2web, so effectively > still a reverse proxy setup. For the record, I'd like to see what comes of both the PK and THS approaches. PK seems easier, while THS seems more robust (it'll take a lot more than some ICE paperwork to corrupt the Tor directory servers). Box-to-box communication can be much simpler and is where I've been focusing most of my time. Thanks for looking into these harder problems. On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauch wrote: > in the long run, i would prefer something like FreedomBuddy as Tor HS > in the role of a gatekeeper. this frees from registering a domain name > and still gets you a durable name/address. further, it gives the > service provider more anonymity and FreedomBuddy can do access-control > before revealing service endpoints to clients (either connections > through Tor network or direct connections). On Sat, 7 Jul 2012 16:25:54 +0300, Michiel de Jong wrote: > i think the main point (for me, at least) is that we want to get a > 2013 version out there now, that has functionality for a mainstream > user. It would then be updateable through apt as soon as we have more > better things working, and then the 2014 version can have full > FreedomBuddy-based onion routing. FreedomBuddy as Tor Hidden Service is available today. It, too, isn't integrated into the disk image yet. However, given the recent freedombuddyLocation script (wow, that needs a less annoying name) any service in the system should be able to use the address layer, right now. That still requires client-configuration, unfortunately. On Sat, 7 Jul 2012 16:25:54 +0300, Michiel de Jong wrote: > my main open questions for the pagekite-based setup we're proposing > are if it makes sense to put ssl-certs on the boxes (i have a feeling > that it doesn't), and how we want to do the installation (i think the > best way is to connect it via ethernet to the existing ISP-supplied > router, and make it emit a wifi access point). I think it does make sense to put SSL-certs on the boxes. Bdale put a "make sure to generate your own certificates" warning in Freedom Maker's readme. There's actually space reserved in the first-boot process for certificate generation. It should be easy to put together a FBuddy script that sniffs your certs and advertises them at your identity locations, allowing for out-of-band verification. That would finally make self-signed SSL certs meaningful, and might be another way to handle the Monkeysphere problem. Should I work on that this week? I imagine the boxes would come pre-installed. What use case wouldn't that cover? Did you mean "initial configuration" instead of installation? If so, then yes, I agree that a wifi access point would be a good first configuration. Just in case users are particularly concerned about their security, we might want to allow users to disable the WAP when requesting their plug (allowing configuration only over ethernet) or password the WAP before it's configured (with the password written on an included index-card). It should be able to function as both a device on a network with a router and as router on its own. You know, being multi-function and all. Nick
pgpF4fzKbh92U.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
