[Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
On Fri, Jul 6, 2012 at 3:16 PM, Nick M. Daly wrote:
> I'm a little leery of asking users to sign up for a service on a
> device that's designed to let them host their own services.
On 07/06/2012 06:45 PM, Michiel de Jong wrote:
> if you want to offer any form of web presence, you need... a DNS
> server or a (network of) reverse proxy(s) if you're on a dynamically
> assigned own IP.
On Fri, 06 Jul 2012 12:57:37 -0400, Ian Sullivan wrote:
> I don't see anything wrong with setting up such a service as long as
> we work towards making it possible for others to set them up too...
> If everyone with a route-able address can run such a service for the
> people in their lives who trust them to run it then it actually seems
> pretty natural to me that community non-profits like the freedombox
> foundation or Debian itself would start running such services for
> their communities.
Very well put, Ian. I wouldn't have concerns with that, as long as
users have the option and ability to enable themselves. I'm a little
annoyed we don't have an easy solution yet, all of the solutions are
aimed at power users (defined as "requiring almost any setup at all")
and might be hard to configure out of the box, but I have faith in
Michiel and Bjarni.
On Sat, 7 Jul 2012 16:25:54 +0300, Michiel de Jong wrote:
> On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauch wrote:
> > with PageKite, this probably leads to registering a domain name for
> > a box...
>
> or subdomain, which saves money.
>
> > with Tor HS, no need to register a domain...
>
> for mainstream users that would mean going via tor2web, so effectively
> still a reverse proxy setup.
For the record, I'd like to see what comes of both the PK and THS
approaches. PK seems easier, while THS seems more robust (it'll take a
lot more than some ICE paperwork to corrupt the Tor directory servers).
Box-to-box communication can be much simpler and is where I've been
focusing most of my time. Thanks for looking into these harder
problems.
On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauch wrote:
> in the long run, i would prefer something like FreedomBuddy as Tor HS
> in the role of a gatekeeper. this frees from registering a domain name
> and still gets you a durable name/address. further, it gives the
> service provider more anonymity and FreedomBuddy can do access-control
> before revealing service endpoints to clients (either connections
> through Tor network or direct connections).
On Sat, 7 Jul 2012 16:25:54 +0300, Michiel de Jong wrote:
> i think the main point (for me, at least) is that we want to get a
> 2013 version out there now, that has functionality for a mainstream
> user. It would then be updateable through apt as soon as we have more
> better things working, and then the 2014 version can have full
> FreedomBuddy-based onion routing.
FreedomBuddy as Tor Hidden Service is available today. It, too, isn't
integrated into the disk image yet. However, given the recent
freedombuddyLocation script (wow, that needs a less annoying name) any
service in the system should be able to use the address layer, right
now. That still requires client-configuration, unfortunately.
On Sat, 7 Jul 2012 16:25:54 +0300, Michiel de Jong wrote:
> my main open questions for the pagekite-based setup we're proposing
> are if it makes sense to put ssl-certs on the boxes (i have a feeling
> that it doesn't), and how we want to do the installation (i think the
> best way is to connect it via ethernet to the existing ISP-supplied
> router, and make it emit a wifi access point).
I think it does make sense to put SSL-certs on the boxes. Bdale put a
"make sure to generate your own certificates" warning in Freedom Maker's
readme. There's actually space reserved in the first-boot process for
certificate generation. It should be easy to put together a FBuddy
script that sniffs your certs and advertises them at your identity
locations, allowing for out-of-band verification. That would finally
make self-signed SSL certs meaningful, and might be another way to
handle the Monkeysphere problem. Should I work on that this week?
I imagine the boxes would come pre-installed. What use case wouldn't
that cover? Did you mean "initial configuration" instead of
installation? If so, then yes, I agree that a wifi access point would
be a good first configuration. Just in case users are particularly
concerned about their security, we might want to allow users to disable
the WAP when requesting their plug (allowing configuration only over
ethernet) or password the WAP before it's configured (with the password
written on an included index-card).
It should be able to function as both a device on a network with a
router and as router on its own. You know, being multi-function and
all.
Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120708/1e30dbf9/attachment.pgp>
Reply to: