[Freedombox-discuss] FBX Setup with Debconf Web-Frontend: Difficult
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks, I've reviewed the debconf web-frontend a little with an eye to
using it for the initial configuration of an FBX. My idea was that we
could use the web-frontend to do initial configuration during the setup
process, from a remote computer (like a laptop that joined the
DreamPlug's wireless network).
I've found that the system could work, but isn't well suited for that
use case.
The biggest issue is that the server accepts connections only from the
localhost and does no authentication at all. So, there's no way
(without hacking on it) to use that frontend for remote management. The
connection also isn't encrypted in any way (HTTP only, no HTTPS), which
is bad when you're doing remote management over a wireless network.
Secondly, even if that could be fixed, there's no automatic way to make
the administration login process transparent to the user. I originally
assumed we could use Monkeysphere for this process, but there are a
couple hurdles. Monkeysphere currently only handles identifying the
server to the client. It won't identify the client to the server. So,
even if we could generate, sign, and correctly exchange keys during the
login process, the user would still need to log into their new box with
a password. Yeah, not a really big deal, but still something we should
be able to improve on.
So, if anyone's looking for open coding-related tasks, here are two:
1. Allow secured, remote logins to Debconf's web-frontend. Remote
logins are fine, but since we're (presumably) sending a user's
password, cleartext password transmission is unacceptable.
2. Make Monkeysphere work the othe way (identifying clients to servers).
I'll get to both of these ...someday but, if anybody else is both
interested and has the time, consider yourself asked.
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJPDEEMAAoJEJ8nM/QJKNI6qJoQAIEkv3b5or461jf4VOS9UttG
Ml+xjoiym0OyQQVpQD41hP7x2Buu87iLKMgVABiaCkGppKlh3rVOpPiAzIb/vPP5
VQ2XsWlOMK3W/B8KQ4tZ6ZjsM+0eZ5nTKpywTEfAjPx51z7kKSAWQTkTHPD4g/3U
plMVO/U4yRLiqFQ3MVaYL8857ASi+MZ0AXUL/PPjZoa5Kc9PiiDHknjdI6Cyg7LQ
W1zMS9OHdyCR4M2AfokF816Mu1iFCSEQf3704bopK5+PKkI/YNrmdrXPj7tAwk4A
W4n4z9sxpuxORqvzRyu/v6U4R5Z53S7UkPvJe8oiGW+hRkd3F7BtVirmjfQlW0Z8
Mvi97gkxOw5UjXPpchz504kpzBYEXs+cueOZ/Z6gFnYMLRv97Ej3bgNW8lcHyXGp
kC4VkI17w1TaSbCY8rv10zanZ8PhVvkAq+DfGGnrzrgTNIgzazrkUH8MneZJRR9R
zO+OJ6/n/4R//6LoaxLEt+Dw4ga8btPd1tbddIRg2G+8w/3PN7vdaACgEU68PmYG
X89IhIO0K90qFk4vw5inpqVmntXahyGNd65CmwvEiSjzZxV+b0/V+zH4t7DCqbdU
t7Hfdk6gMxTBt2pyHQYyWwFg2/ObIsL6TzaKYZzwaQ9pmkPYctma8iuv7T2rdwmT
iKq8xZ39XJTYpZQnWl21
=R3s9
-----END PGP SIGNATURE-----
Reply to: