At this point, I'm trying to walk the line between unrealistic "wouldn't
it be great if..." type ideas and overly-strict reliance on solving the
specific problem I have in my head, so I'd like to go back to first
principles for a moment. Please tell me if any of these are false:
1) It's common for new Linux users to have a technical friend that deals
with their problems. This is a healthy relationship that we should look
for ways to support
2) People generally don't formalise that sort of thing until it's too late
3) All Linux users can be behind arbitrarily complex sets of
firewalls/NAT, including multiple layers of NAT or firewalls, not all of
which are under either user's control
4) We can expect experts to do some considerable work (e.g. installing
packages and configuring routers), but non-technical users need simple
instructions from the default installation
5) There's some interest in making small changes to the default install
to cater to the above issues
6) Since the people in most need of help are more likely to stick to LTS
releases, we can afford to add this sort of feature gradually, and see
what public reaction is like
The basic solution we're looking at here is to make it possible for the
technical friend to set up an SSH connection to the non-technical
friend's computer, using an account that has some way to execute
superuser commands (with sudo or by actually being the root user). This
breaks down into three sub-problems:
1) Creating or modifying an account that has the necessary permissions
2) Creating an SSH connection
3) Destroying or reverting an account to its original state
In (1) and (3), I had been concentrating on setting up a mechanism to
trust someone temporarily, but I now realise that's not a particularly
common use case, because if I trust you today, I will probably trust you
tomorrow too. Getting people to jump through the same set of hoops
every time there's a problem makes life harder than necessary for
non-expert users, which I've been complaining about all thread.
Reliably doing (2) is a hard problem. The solution I had come up with
strikes me as a good solution for a common use case, but there's no way
to deal with the general case without introducing more complexity.
Solving the three sub-problems individually allows for more flexibility,
because then intermediate users can mix-and-match the parts that they're
interested in.
Creating, modifying, and deleting accounts is a standard problem, and
I've already suggested ways to add the necessary bits into Ubuntu
(specifying an authorised key when creating an account, etc.). Since I
used the alternate install CD, I don't know whether the default Ubuntu
installation gives you the option to set up extra user accounts after
installing. If it does, I'd recommend adding a "technical friend" user
account creation option.
But since most people will click straight through the above option, it
would be good if this was offered explicitly somewhere in the System
menu, and if a program like friendly-recovery could offer the same
functionality from the command line.
If there's an interest in it, I would be happy to maintain some sort of
"ssh-strategies" script/page that walks people through an increasingly
complex decision tree, trying to set up an SSH connection. In order to
work easily, there would probably have to be some sort of
ssh-strategies-minimal package in the default install.
I'd be even more happy if Canonical were willing to host a couple of
very simple scripts at ubuntu.com to confirm the user's world-visible IP
address and to reflect half a dozen SSH packets back to the address they
came from. The former can't be done over HTTP because of the mess of
transparent proxies on the net nowadays, and the latter should be safe
so long as just enough packets to appear in the SSH log are sent, but
not enough to try a password are sent.
- Andrew
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
