[Freedombox-discuss] Policy questions

Jonas Smedegaard dr at jones.dk
Sun May 8 12:02:22 UTC 2011


On 11-05-08 at 01:23pm, Rob van der Hoeven wrote:
> > > You are right. A competent sysadmin can build a secure system 
> > > without using virtualization. I don't think that an average 
> > > FreedomBox user can manage the more advanced security features 
> > > that you mention. So, must they become dependent on FreedomBox 
> > > security experts every time they want to install a new service 
> > > that connects to the internet? That's no freedom to me. In my 
> > > design i use VM's as sandboxes. Users are free to install whatever 
> > > they want inside a VM.
> > 
> > Sure, users are free to whatever with their FreedomBoxes - it is 
> > Free Software.
> 
> People will install other non FreedomBox approved software. It would 
> be nice if the FreedomBox has a software architecture that makes this 
> as safe as possible.

FreedomBox is a Debian system with only FreedomBox-optimized software 
installed.

Our users are non-technical end-users.  They will only install 
FreedomBox-optimized software on their FreedomBox.  Because that is what 
we tell them is safe.

Users are welcome to install non-FreedomBox-optimized official Debian 
packages.  In doing so their system is no longer a FreedomBox but still 
a Debian system.  We do more harm than good if we continue to try help 
them through FreedomBox chatrooms, helpdesks or documentation: We should 
instead refer them to Debian user areas instead - and encourage them to 
join us in improving FreedomBox for other non-technical end-users. :-)

Users are also welcome to install non-Debian software.  In doing so 
their system is no longer a FreedomBox and also no longer a Debian 
system.  We should suggest them to try seek help in Debian user areas, 
and recommend them to clearly mention that their system contains 
non-Debian parts, to avoid frustrations for all involved - and encourage 
them to instead work with Debian in incorporating those missing pieces 
they felt necessary to add.


Systems may still work and do nice things for their owners even if no 
longer FreedomBox or Debian, but that is not our concern.




> Just curious: Have you considered automating a process like this using 
> Puppet or another configuration management system, if that’s possible? 
> It would be nice if a setup like this were as easily built-up and torn 
> down as a single “app” on a freedombox

Yes, I have struggled with various approaches to hacking on top of 
Debian for some years.

Try search the archives of this mailinglist - I have tried - especially 
in the fall, I believe - to elaborate on my concerns with this and why I 
believe the reliable approach is for all to be handled by Debian 
packages, no hacking on top.


> > > Maybe the cloud companies have done some research on that? You 
> > > have a valid question here. I'm very interested how secure the 
> > > virtualization i use (LXC) is.
> > 
> > You expect cloud companies to have done research in running 
> > virtualization on crippled hardware without dedicated RNG or even 
> > CPU virtualization support?
> > 
> 
> Yes. Cloud companies are very security aware. CPU virtualization 
> features are mostly there to improve performance, not security. The 
> hardware of the FreedomBox is not crippled hardware. It is modest 
> hardware for modest tasks. Cloud companies have more powerful 
> hardware, but on this hardware they are running far more VM's. From my 
> own experience i would say that a VM on my FreedomBox has roughly the 
> same performance as a cloud VM.


Well, you could argue that lack of a hardware Random Number Generator 
(RNG) is related only to performance, not security, if always using 
/dev/random (not /dev/urandom) and tolerating that the system freezes if 
the random pool is depleeted.  But I dare say that is a lousy argument.


I suspect - as mentioned by others in this thread - that virtualization 
affects the revitalization process of the random pool.  And I find it 
unlikely that companies using big iron for virtualization purposes have 
done analysis on what happens if applying similar virtualization 
structures to "modest hardware".


> > > One of the goals of the FreedomBox is to decentralize popular 
> > > social networking services. The software to do so is still in 
> > > development or does not exists. In order to develop the software 
> > > FreedomBoxes are needed. Are you going to wait until Diaspora is 
> > > mature in order to let it run on the FreedomBox?
> > 
> > I am going to bet on alternatives to Diaspora not building 
> > everything from scratch, e.g. Buddycloud - approached as an XMPP 
> > extension with multiple implementations.
> 
> Diaspora is just an example. The problem here is that in order to 
> mature some programs that we want to have on our FreedomBoxes need our 
> platform to mature.

Yes. I agree.

But virtualization is an extreme, and you use somewhat the opposite 
extreme as argument for your approach.  I then point out that instead of 
fighting extremes with extremes, I find a more modest approach more 
sensible.


I dare say that your very approach of running virtualization on "modest 
hardware" is experimental itself.  Quite interesting, but still.


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110508/4717507e/attachment.pgp>


More information about the Freedombox-discuss mailing list