[Freedombox-discuss] FBX Setup with Debconf Web-Frontend: Difficult
The second case (hardwired/script) approach only has to get to the
point of the user being able to run a browser that connects over the
hardwired link, which I think would be a very minimal script. Once a
browser was connected configuration would proceed as described for the
wireless case. So I think the obvious thing is to go with the hardwired
It might be possible to provide some method of getting the FB to
configure over wireless as a fallback, if that was really all that was
On Tue, 10 Jan 2012 21:55:18 -0600, Nick Daly wrote:
> There are a couple approaches we could take to the setup process,
> with advantages and problems:
> - - The user connects to the DreamPlug's wireless network and a
> one-time install URL.
> That's simple, but not very secure, and doesn't make future
> administration simpler.
> - - The user starts an install script on their primary machine which
> walks them through the install process.
> That's more complicated, however, it means we can automate a fair
> number of things (even the initial connection to the wireless
> to exchange keys). This means future administration becomes easier
> and more secure.
> If you're configuring over wireless, the initial connection (at least
> the key exchange) will be insecure. Ethernet-based configuration
> be preferred, if more difficult. Am I shooting too low, not giving
> users enough credit? Are we (should we be) aiming for community
> who can set up federated servers for their communities, or end-users
> would set up a server directly?
> I'm mostly unconcerned about MITM attacks during the setup process,
> because that requires being within a ~30m (wireless) range during a 5
> minute window, with the DreamPlug hardware. *After* the setup is
> complete (ongoing administration), I'm plenty concerned about it.
> Monkeysphere /could/ help automatically organize an HTTPS connection
> between the server and client (after key exchange), had they
> their listed goals. That's not the case, though, so it can't be
> Does this help clarify what I was going for? Are there any other
> Thanks for your time,
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> -----END PGP SIGNATURE-----
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org