[Freedombox-discuss] FBX Setup with Debconf Web-Frontend: Difficult

kent kent at songbird.com
Wed Jan 11 07:12:44 UTC 2012


The second case (hardwired/script) approach only has to get to the 
point of the user being able to run a browser that connects over the 
hardwired link, which I think would be a very minimal script.  Once a 
browser was connected configuration would proceed as described for the 
wireless case.  So I think the obvious thing is to go with the hardwired 

It might be possible to provide some method of getting the FB to 
configure over wireless as a fallback, if that was really all that was 


On Tue, 10 Jan 2012 21:55:18 -0600, Nick Daly wrote:
> There are a couple approaches we could take to the setup process, 
> each
> with advantages and problems:
> - - The user connects to the DreamPlug's wireless network and a 
> specific
>   one-time install URL.
>   That's simple, but not very secure, and doesn't make future
>   administration simpler.
> - - The user starts an install script on their primary machine which
>   walks them through the install process.
>   That's more complicated, however, it means we can automate a fair
>   number of things (even the initial connection to the wireless 
> network
>   to exchange keys).  This means future administration becomes easier
>   and more secure.
> If you're configuring over wireless, the initial connection (at least
> the key exchange) will be insecure.  Ethernet-based configuration 
> would
> be preferred, if more difficult.  Am I shooting too low, not giving
> users enough credit?  Are we (should we be) aiming for community 
> gurus
> who can set up federated servers for their communities, or end-users 
> who
> would set up a server directly?
> I'm mostly unconcerned about MITM attacks during the setup process,
> because that requires being within a ~30m (wireless) range during a 5
> minute window, with the DreamPlug hardware.  *After* the setup is
> complete (ongoing administration), I'm plenty concerned about it.
> Monkeysphere /could/ help automatically organize an HTTPS connection
> between the server and client (after key exchange), had they 
> completed
> their listed goals.  That's not the case, though, so it can't be 
> done.
> Does this help clarify what I was going for?  Are there any other
> questions?
> Thanks for your time,
> Nick
> Version: GnuPG v1.4.10 (GNU/Linux)
> BajtpAdcfVu5by2VyZ1jrQxt3HFxSwS/Vc4GcOXFFHPPrVdJOd5TpYTMf8vdHhj9
> wbLW80+mR0877O4xis9sW9Rgq0b8l7t8YYBOD9yUFfT6FIRbW4wO/7NDyjR8koBi
> J7vXNe8prpqp52EeduhgYNFLUygf5xCYqdDXVDN2O+EwgCnWChfC/mzB9hdfeP1u
> a/3vH/KL1ZhevK+Qd1GAYLzM1xLOJlmQOEPmk9LY0zTL7oXjj6aAZ8mh/BXFcoFL
> W8QiOWu1KSjGvEs8JZPPtdng7rVYq1yh9ko5GEBjk1ArF0tyAmyItQYc75fPmwbJ
> fy+HmE5OHPA65efY9hlgJjONxCQpsJfwWQ+3eSgzyP3OgxJvv6/qIGGELGXugz2y
> rAMmfxbLnqlImTafNSp6zj2R/IHRMlcQMHG2Ppn6qd1JJNLVnQYoE049IkEDVe7w
> UpBdrMALr+jysM5rLqmSWCuGiJOpUmn2zmJccRQJ1XDqTBbjJhkxIUQ1UJPRQRB2
> Bqxd8VVLZhf00meunxQcCGKKmNpC2DMQxmzjuZNoHuA7XTsw66p63c9YGbbzP6gl
> PZmlQXTiosxKTBBT+inMLr0iaATqqYHg5shdKcOt0QBqn8aPLKCQX4qh9euO3Ovd
> J1KY8om+qnq/26WP2Ict
> =RpPH
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

More information about the Freedombox-discuss mailing list