Re: [Freedombox-discuss] Next step in hardware?
2012/5/19 Nick M. Daly nick.m.d...@gmail.com Do you have any hardware or designs in mind? I'm newbie on the list and I beg your pardon if asking something already discuss: It's not possible to install a freedombox into virtualbox: you can install vb pratically in any computer, already connected to the net angelo -- Marco Polo descrive un ponte, pietra per pietra. - Ma qual'è la pietra che sostiene il ponte? - chiede Kublai Kan. - Il ponte non e sostenuto da questa o quella pietra, - risponde Marco, - ma dalla linea dell'arco che esse formano. Kublai Kan rimane silenzioso, riflettendo. Poi soggiunge: - Perché mi parli delle pietre? È solo dell'arco che m'importa. Polo risponde: - Senza pietre non c'è arco. Italo Calvino Da: Le città invisibili, Einaudi ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Announcing Santiago Release Candidate 1
On 05/18/2012 04:35 AM, Nick M. Daly wrote: ... Tor Hidden Services (or other protocols, maybe I2P, GNUnet, etc) can act as static IP addresses. So, if I use that to host the FreedomBuddy service, my friends will be able to find me, because that location is my unchanging, cryptographic identity. We could stop right here and have no need for the FreedomBuddy service, but there's one functional problem: communicating over Tor is really slow. So, we can use the FreedomBuddy system to exchange our current IP addresses (for any service), and connect directly to one another, without going through any sort of proxy. This sort of connection, while less anonymous, is usually much faster. this is really cool! by exposing FreedomBuddy as a Tor Hidden Service there's no DNS resolution involved for service discovery. to find a service, the client only needs to know the public key or hash thereof, which is the .onion address. would this work together with monkeysphere to connect the ssl-cert to the gpg-cert and this way allowing verified HTTPS connections? -michael Finally, since we already have a whitelist of permitted users (through their PGP keys), you could configure each service to allow only whitelisted users to connect. Nothing in the above is new. However, it's nice to have a standardized system behind it, making it more accessible to less technical users. Nick ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Announcing Santiago Release Candidate 1
On Sat 19 May 2012 07:00:13 PM CEST, Nick M. Daly wrote: On Sat, 19 May 2012 15:45:23 +0200, Michael Rauchl...@miranet.ch wrote: this is really cool! by exposing FreedomBuddy as a Tor Hidden Service there's no DNS resolution involved for service discovery. to find a service, the client only needs to know the public key or hash thereof, which is the .onion address. Precisely :) would this work together with monkeysphere to connect the ssl-cert to the gpg-cert and this way allowing verified HTTPS connections? That's step two. Has anyone looked into using PGP keys as SSL certificates? ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
[Freedombox-discuss] Configuration via SNMP over SSH
I didn't followed the FreedomBox project over the last year, but as far as I understand Plinth is now the configuration utility for the project. Regardless of that I suggest to look at SNMP for configuration. SNMP is standardized, there is working software for it and as I recently found out, it can run over SSH as a subsystem, which seems like the biggest advantage to me. Instead of a HTML based user interface, you could provide a native user interface and instead of TLS it would run over SSH. SSH has the advantage that it doesn't require X.509 to secure the connection (theoretically you could use TLS with OpenPGP, but except for GnuTLS there is no library that supports it and probably there won't be any support for it in major web browsers in the near future) and requires mutual authentication. The user interface could be similar to Tryton in modularity and appearance. Regards, Matthias-Christian ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
[Freedombox-discuss] Configuration via SNMP over SSH
I didn't followed the FreedomBox project over the last year, but as far as I understand Plinth is now the configuration utility for the project. Regardless of that I suggest to look at SNMP for configuration. SNMP is standardized, there is working software for it and as I recently found out, it can run over SSH as a subsystem, which seems like the biggest advantage to me. Instead of a HTML based user interface, you could provide a native user interface and instead of TLS it would run over SSH. SSH has the advantage that it doesn't require X.509 to secure the connection (theoretically you could use TLS with OpenPGP, but except for GnuTLS there is no library that supports it and probably there won't be any support for it in major web browsers in the near future) and requires mutual authentication. The user interface could be similar to Tryton in modularity and appearance. Regards, Matthias-Christian ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss