[Freedombox-discuss] Developing code for Freedombox

Sandy Harris sandyinchina at gmail.com
Sun May 27 03:35:16 UTC 2012

Rick Hodgin <foxmuldrster at yahoo.com> wrote:

> I have desired since January to work on this project.  However, the software tools in use were completely outside of my prior experience.
> As the weeks wear on and I see more and more videos about Freedombox, and listen to more and more speeches by Eben Moglen, I am moved from the inside to step up and offer my developer services.
> I don't know where to begin.  I assume I need to get a FreedomBox device ...

For some things, you would need that. There are other things you might
tackle without it.

For one thing, there are dozens of applications that look likely to be
used on the Box, or at least are on various people's wish lists for
use there. Ideally, all of them would be thoroughly audited before
being deployed in a situation where security flaws might have very
serious consequences. You could make a start on that just running lint
(or gcc with strict options) on such applications, cleaning up and
problems you find and submitting patches wherever they need to go.

The archives have a moderately long thread titled "crypto questions",
started by me and with others criticizing and/or improving my
suggestions. Parts of that give possible projects.

One item discussed there is Bcrypt, a password system that aims to be
more secure. See: http://codahale.com/how-to-safely-store-a-password/
That is already in the Debian repositories. I'd say a worthwhile small
project would be to work out how to make it default for the Box.

Any crypto device needs a good random number generator and random(4)
is not enough for the Box. For some devices, HAVEGE looks fine, but
perhaps not for all devices that might become Freedombox servers.
There are two other possibilities, John Denker's Turbid and my
Maxwell, that might be useful. There are bug reports for both asking
that they be added to Debian. Both authors say they'll co-operate but
don't want responsibility for Debian package maintenance. Getting
either of those packaged would be a small project that might help Box
development. I'd say Turbid is much the more useful of the two.

More information about the Freedombox-discuss mailing list