On Sat, 14 Jul 2012 20:08:20 -0500 Nick M. Daly <[email protected]> wrote:
> So, since there is a lot of concern about including PHP on the > FreedomBox, what are our solutions? Static content would be good to keep on the table as an option, for cases where it can be used. Micah Lee from EFF did an interesting presentation at this year's HOPE: "Privacy Tricks for Activist Web Developers". (Slides here: https://www.eff.org/hope9/privacy-tricks) One of his points was: "Static HTML is always more secure than server-side code" (slide 40). This doesn't work for everything, of course. But, it does keep a web server more secure. There's this list of static content generators: http://iwantmyname.com/blog/2011/02/list-static-website-generators.html It includes ikiwiki. Another comment from Micah's presentation was that some CMS systems have the ability to generate static content. So you can create content using CMS shortcuts, and then have it generate static content to put on your website. I do agree that security needs to be a top priority for FreedomBox, especially since it's is being advertised as "an organizing tool for democratic activists in hostile regimes" (from https://www.freedomboxfoundation.org/learn/). It seems there may be two target audiences. One is users that want to get away from centralized services such as Facebook. The other is activists that are risking their lives. A FreedomBox for the first audience could include dynamic content, while one for the second maybe shouldn't. There could be two versions of a FreedomBox, one for each audience. Or, maybe there's a safe(r) web application framework?
signature.asc
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
