[Freedombox-discuss] Thoughts on

[Nick Daly]

Here's a really long discussion from another project about how to engage
with users and manage bugs.  Might be interesting/useful to folks here:

https://sourceforge.net/p/inkscape/mailman/inkscape-devel/thread/1484974530.27431.9.camel%40gmail.com/#msg35617126

Thanks, FreedomBoxers!

Nick


signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Unattended updates not running

[Nick Daly]

Diederik de Haas writes:

>> Allowed origins are: ['origin=Debian','o=Debian,n=jessie,c=main'...
>
> To make it useful on a non-stable system, you'd have to provide a custom 
> configuration.

That's unexpected.  In the 0.9 image, the distro_codename should be
derived from /etc/debian_version [0], which should be set to "stretch/sid",
and is in my system.  Changing /etc/debian_version to read "stretch/sid"
should fix the issue.  Maybe you're starting with an older image?

Nick


0: /etc/apt/apt.conf.d/50unattended_upgrades:

// Within lines unattended-upgrades allows 2 macros whose values are
// derived from /etc/debian_version:
//   ${distro_id}Installed origin.
//   ${distro_codename}  Installed codename (eg, "jessie")


signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Testing ODroid-XU4 Notes

[Nick Daly]

Hi Jonas,

Jonas Smedegaard  writes:

> Hi Nick,
>
> Quoting Nick Daly (2016-09-04 21:27:25)
>>   - The [ODroid-XU4] seems sturdy and fast.  Really nice hardware.
>
> Do I recall correctly that the "fast" part come with the price of 
> needing a fan?

Yes, the system comes with an integrated fan, about 2cm diameter.  It
runs infrequently (a few seconds a minute) when the system is not under
load, and seems pretty quiet (which you'd expect for a small fan).  I
haven't tried putting the system under load yet, though.  I've attached
a picture (that may or may not be scrubbed) with a Beaglebone Black for
scale.

Nick



signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Testing ODroid-XU4 Notes

[Nick Daly]

Sunil Mohan Adapa  writes:

> It looks like Debian bits are all there and we need bl1, bl2 and
> trustzone binaries to boot[3].  However, there may be hope for it as
> the original reference implementation is free software[4].  We can
> check with #debian-boot folks for more information on how they are
> using the XU4 support added to u-boot.

Hi Sunil, thank you for replying so soon!  I go back and forth on this
one, because it does depend on binary blobs (which I didn't realize when
I'd originally purchased it).  Since freer hardware is probably
available at a fairly similar cost/performance, this should probably go
in the when-we-have-time bucket.

Thanks,
Nick


signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Testing ODroid-XU4 Notes

[Nick Daly]

Hi folks,

Recently, I bought an ODroid XU4 to test as a FreedomBox.  I was
originally going to buy one of the boards from the Parallela project,
but they seem to have wrapped up.  16 or 128 cores might be the wrong
focus for a personal web-server, anyway.  Below are my notes on
testing with the ODroid.


1 Equipment
===

  All equipment purchased through ODroid's American distributor,
  ameridroid.com:

  - The [ODroid-XU4] seems sturdy and fast.  Really nice hardware.
The hardware isn't completely free, as it seems to be in a similar
situation to the Raspberry Pi's proprietary display driver.  You
don't need to use the graphics card during normal operation, but I
believe the binary blob does need to be installed to boot the
device.  Grumble.

  - The Ameridroid case is either really fragile or doesn't fit quite
right, I can't tell.  It holds together well, but I've added
rubber-bands to make sure it stays together.

  - If you plan on developing on the device, instead of just using it
as a FreedomBox, get a [USB UART Cable].  It makes low-level
debugging possible, as HDMI-based debugging is hit-or-miss:
HDMI-to-DVI cables probably won't work, and my HDMI monitor only
displayed lines 2 - 7 of the screen's output in text-mode, instead
of the whole 24 lines.  It also cut off the four leftmost columns,
so I only had a screen that went from characters ( (4,2), (80,7)
).  Very unhelpful.


  [ODroid-XU4] http://ameridroid.com/products/odroid-xu4

  [USB UART Cable] http://ameridroid.com/products/usb-uart-module-kit2


2 Images


  We don't have an official FreedomBox image for this hardware, so I
  used the [20160221] XU3 image (XU3 and XU4 are software compatible:
  software for the XU3 will work with the XU4).


  [20160221] http://oph.mdrjr.net/meveric/images/Jessie/


3 Experience


3.1 Ubuntu 16.04, 20160708
~~

  This is the default image that came from ODroid.  Works well but
  isn't a Debian image and it's filled with lots of extra stuff I'll
  never need, like a desktop.  I'm not certain I'm comfortable using
  Ubuntu for a simple headless server.


3.2 Debian Jessie, 20160221 Image
~

  [http://oph.mdrjr.net/meveric/images/Jessie/]

  Using the 20160221 image and the UART cable, I can't log in.  Using
  the cable with screen seems to drop characters as I type them,
  sometimes.  The SSH service doesn't seem to have started, so I can't
  remote in either.

  There's so much more to this, however.  Root login via UART is
  disabled, so I need to create a login to use locally, first.
  However, given the above text-mode display issues, I had a difficult
  time creating the login locally as well.  I logged in locally as
  root, then ran "adduser" in both the XU4 and my normal laptop,
  typing the same answers on both keyboards.  Then, I could screen
  into the XU4 [screen].  I found out that it wasn't the SSH service
  that hadn't started, but eth0 wasn't configured at all.  I added the
  [standard eth0 stanza], restarted the networking service, and then
  immediately upgraded to the latest packages.  I like it because the
  default image doesn't have many services listening for a connection
  [listening].

  My next task is to [reconfigure the HDMI display] and see if I can get
  useful monitor output, or upgrade the image from Jessie to testing to
  install Plinth.


  [screen] sudo screen /dev/ttyUSB0 115200

  [listening] netstat -plunt | cut -c 81- | egrep "^[^A-Z]" | sort -un

  [standard eth0 stanza]
  
https://wiki.debian.org/NetworkConfiguration#Using_DHCP_to_automatically_configure_the_interface

  [reconfigure the HDMI display]
  
http://superuser.com/questions/716795/how-to-adjust-the-screen-resolution-in-debian#716837


3.3 ODROID GameStation Turbo 3.1 RC2


  [http://oph.mdrjr.net/meveric/images/OGST/]

  Works great for games on a headed system, aside from the fact that
  the screen goes black and the system becomes unresponsive to
  anything but the Alt+PrntScrn keys every few games.  Apparently
  that's a problem with the XU3 and XU4 with this image.  Doesn't seem
  to affect the C1 and C2 though, but I don't have those to test with.


4 Summary
=

  Overall, I'd give this hardware a B.  It could be freer and a lot
  easier to set up (and would be with a FreedomMaker image), but it
  seems quite speedy and powerful for the price.

Hope this is useful,
Nick


signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Shaarli anomaly with tags.

[Nick Daly]

A. F. Cano writes:

> I've just imported 1000+ links from firefox into Shaarli on the
> freedombox from firefox ...all the [comma separated multi-word] tags
> had been broken up into single words... This is also the case when
> entering tags manually in edit mode.

Hi Augustine I haven't done this myself, so this is just my best guess,
but: if you're seeing this behavior in Shaarli's own edit mode, it's
likely an issue with Shaarli itself.  Probably worth checking to see if
it's been reported, and then reporting it upstream if it hasn't.

Otherwise, there're probably ways to work around the problem, like
hyphenating the tags before importing, but that might be something the
Shaarli folks would want to add.  Maybe include that in your bug report?

Nick


signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] 4th Amendment Troubles

[Nick Daly]

Hi Bill, thanks for writing in, it's always good to hear from our
insightful lurkers. :)

On Thu, Jun 23, 2016, 16:26 Bill K. wrote:
> The federal government (in the US, anyways) is trying very hard to make
> it legal to break in to home computers (of domestic citizens) without
> warrants... how does this effect the future of the project?

This isn't a change: freedomboxen have been used overseas, and the packages
are the same worldwide. So, some boxes have been facing the same
adversaries that all boxes now face: anyone who decides that attacking
boxes is worth the investment. It's our job to make breaking boxes
financially irresponsible, which makes this thread even more important:

http://lists.alioth.debian.org/pipermail/freedombox-discuss/2016-June/007516.html

It does, however, lower my opinion of the government.

Nick

P.S. Hi list! I'm back again, as much as I ever am, until September
probably.
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Adding a partition

[Nick Daly]

Dietmar  writes:

> Up to now I have always used EXT4, so I have no experience with btrfs.
> How do I create that file system? 

Use gparted on another system to resize the partition to fill the card.
Don't try to resize the partition while the system is running on that
partition.


signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] FreedomBox 0.6 Released!

[Nick Daly]

Hello,

I'm pleased to announce that FreedomBox version 0.6 has been released!
This release comes 2 months after the previous, 0.5 release.

Please feel free to join us to discuss this release on the mailing list,
IRC, or on the monthly progress calls:

- List: http://lists.alioth.debian.org/pipermail/freedombox-discuss/

- IRC: irc://irc.debian.org/freedombox

- Calls: https://wiki.debian.org/FreedomBox/ProgressCalls

The FreedomBox version 0.6 is available here:

http://ftp.skolelinux.org/pub/freedombox/0.6/

Before using, you should verify the image's signature, see
https://wiki.debian.org/FreedomBox/Download for further instructions:

$ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys
0x36C361440C9BC971

$ gpg --fingerprint 0x36C361440C9BC971

pub   4096R/0C9BC971 2011-11-12
  Key fingerprint = BCBE BD57 A11F 70B2 3782
BC57 36C3 6144 0C9B C971
uid  Sunil Mohan Adapa 
sub   4096R/4C1D4B57 2011-11-12

$ gpg --verify
freedombox-unstable_2015-10-18_raspberry-armel-card.tar.bz2.sig
freedombox-unstable_2015-10-18_raspberry-armel-card.tar.bz2

(Replace the file names with the version you download.)

Thanks to all who helped put this release together.

More information on this release is available on the wiki:

https://wiki.debian.org/FreedomBox/ReleaseNotes

Major FreedomBox 0.6 Changes:

- New supported hardware target: Raspberry Pi 2
- New modules in Plinth:
  * Shaarli: Web application to manage and share bookmarks.
  * Date & Time: Configure time zone and NTP service.
  * Service Discovery: Configure Avahi service.
  * Debian packages can be download over Tor.
- Switched from mod_ssl to mod_gnutls.
- Documentation Revamp:
  * Get latest FreedomBox user manual from wiki.
  * Manual is focused on using FreedomBox, with a section on developing
Plinth modules.
- Wi-Fi configuration now in general network configuration.

Known Bugs:

- DreamPlugs do not boot the 0.6 image.  Please upgrade your previous
  Dreamplug by manually upgrading Plinth to 0.6.

Nick


signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Progress Call Notes: June 28th, 2015

[Nick Daly]

Hi folks, I've posted the current notes for the LDAP-demo discussed
during today's call.  Please edit!

https://wiki.debian.org/FreedomBox/TalksAndPresentations/LdapDemo

Nick Daly  writes:

> Hi folks, the notes from this month's progress call are available:
>
> https://wiki.debian.org/FreedomBox/ProgressCalls/2015.0628


pgpwConM4rkbs.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Progress Call Notes: June 28th, 2015

[Nick Daly]

Hi folks, the notes from this month's progress call are available:

https://wiki.debian.org/FreedomBox/ProgressCalls/2015.0628

This month's TODOs include:

- Plinth module to mount/unmount disks, encryption support? (James)

- End-User Manual for next release
  (https://wiki.debian.org/FreedomBox/Manual/Stretch) (wiki editors)

- Split Plinth wiki page out into app-specific pages and include
  them. (wiki editors)

- Publish apache/ldap integration notes (nick, marc)

- Publish demo notes on wiki (nick)

- Schedule time to discuss GPG-cli (marc, nick, james, sunil,
  sflc-folks)

- Upload plinth and fbx-setup packages (Nick).

- Release-test 0.4 Dreamplug (Nick)

- Release-test 0.4 cubietruck (fonfon)

- Make PGP-Client Certificates easy (Marc, Nick)

- Investigate Coveralls (bobg)


pgpyZ7dfdArMX.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Next Progress Call: 2015-06-28

[Nick Daly]

Hi folks, the next FreedomBox progress call is June 28th, 2015, at 6 PM
GMT.

Connect through Mumble: freedombox.mumble.com, port: 9989.

I hope you can join!

Nick


pgpgduKGacaPu.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Progress Call Notes: 2015-05-24

[Nick Daly]

Hi folks, the 2015-05-24 Progress Call is complete, please see the notes
and this month's TODOs, below.

Thanks,
Nick



https://wiki.debian.org/FreedomBox/ProgressCalls/2015.0524#preview

TODOs:

* [ ] Complete Roadmap Draft (Nick)
* [X] Update Call time to 6 PM GMT (Nick)
* [ ] Upload plinth and fbx-setup packages (Nick).
* [ ] Release-test Dreamplug (Nick)
* [ ] Release-test cubietruck (fonfon)
* [ ] Coordinate GMG call, when necessary (Nick)
* [ ] Make PGP-Client Certificates easy (Marc, Nick)
* [ ] Add Travis-CI Last-Build-Status button to FBX Readme (bobg)
* [ ] Investigate Coveralls (bobg)
* [ ] Release 0.4
* * [ ] Release Note Writing (Sunil)
* * * [ ] Building images and release-testing (Sunil, fonfon, Nick)
* * * * [ ] Publish Plinth and freedombox-setup (Nick)


pgpnoDJZ93b3C.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Fwd: Progress Call: 2015-05-24, 17:00 GMT

[Nick Daly]

Hi folks, the next regularly scheduled progress call is next Sunday,
2015-05-24, at 17:00 GMT.  Please bring any items you'd like to discuss.

For further details, please see:

wiki.debian.org/FreedomBox/ProgressCalls

Thanks,
Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] March 29th Progress Call TODOs

[Nick Daly]

The call notes from the 2015-3-29 call are posted:

https://wiki.debian.org/FreedomBox/ProgressCalls/2015.0329

The TODO list is below, for reference:

- Marc: mod_auth_env needs to be moved.
- Marc: mod_auth_env optionally check VERIFY variable so we're examining both 
the username and local trust-level.

- Markus: RO Seth of LE. Let us know if no response next month.
- Markus: submit ITP for node-restore (for Unhosted applications) to Debian.

- Nick: find Markus some hackathon-sized bugs
- Nick: Fix openpgp2x509 to handle custom GNUPGHOME directories.

- Sunil: Jumping in to review the pagekite-augeas patches. 
- Sunil/Markus: Hash out Plinth#103
- Sunil/Markus/Michael: work on making 
http://freedombox.elevate.at/development/ ready to pull into plinth
- Sunil: send federico3 details to review for django-stronghold package 
sponsorship
- Sunil: Send Markus hackathon bug list

Thanks everybody for joining!
Nick


pgpr4_kQeJyna.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Progress Call: 3/29, 7 PM GMT

[Nick Daly]

Hi folks, the next progress call is next Sunday at 7 PM GMT.

Please post any items you'd like to discuss at:

https://wiki.debian.org/FreedomBox/ProgressCalls

Thanks!
Nick

BEGIN:VCALENDAR
VERSION:1.0
BEGIN:VEVENT
DTSTART:20150329T19
DTEND:20150329T20
LOCATION:https://wiki.debian.org/FreedomBox/ProgressCalls
DESCRIPTION:FreedomBox March Progress Call
SUMMARY:FreedomBox March Progress Call
PRIORITY:3
END:VEVENT
END:VCALENDAR


pgpi9MyDDkR3n.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Python 2/3?

[Nick Daly]

Hi folks, is there a preferred Python version on the FreedomBox right
now?  It seems to me that both are available by default, so both are
fine, but I wanted to make sure that I wasn't missing anything.

Nick


pgpRQoBxoy_Dv.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Progress Call: February 22, 7 PM GMT

[Nick Daly]

Hi folks, the next FreedomBox Progress Call will be on Sunday, February
22th, at 7 PM GMT.  Please add any topics you wanted to cover to:

https://wiki.debian.org/FreedomBox/ProgressCalls

Hope to see you there!

Thanks,
Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] FOSDEM 2015

[Nick Daly]

On Tue, Jan 27, 2015, 09:14 Federico Ceratto 
wrote:


 >

The IRC channel #freedombox@freenode is

probably the best place to

>

sync-up during FOSDEM.



 Nope, you'll want to be on #freedom...@irc.oftc.net, which is the
project's actual home. Nobody working on the project uses the freenode
channel.
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Progress Call: January 25th, 7 PM GMT

[Nick Daly]

Hi everybody, the TODO items from this month's call are below.  The next
call will be on 2015-02-22:

https://wiki.debian.org/FreedomBox/ProgressCalls

Actions

- TODO Sunil: Post X86/Debian page to supported hardware.

- TODO Sunil: Ask about F-M/FBX-Setup upload permissions?

- TODO Nick: check in with Bdale about when it makes sense to get
  security audit.

- TODO TomG: Try Plinth hacking again, is it easier?

- TODO Everybody: Please review your targets for the next release and
  post them to the mailing list, especially if you're willing to work on
  them soonish.

- DONE Nick: Mail contributors with recent FBuddy updates.

- DONE DNSChain: Open Debian Package and Plinth UI issues.

  - https://github.com/okTurtles/dnschain/issues/109

  - https://github.com/okTurtles/dnschain/issues/110


signature.asc
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Progress Call: January 25th, 7 PM GMT

[Nick Daly]

Hi folks, the next FreedomBox Progress Call will be on Sunday, January
25th, at 7 PM GMT.  Please add any topics you wanted to cover to:

https://wiki.debian.org/FreedomBox/ProgressCalls

Hope to see you there!

Thanks,
Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] FreedomBox 0.3 Released!

[Nick Daly]

Hi folks, I'm proud to announce that FreedomBox version 0.3 has been
released!  This release comes ten months after the previous, 0.2
release.

The FreedomBox version 0.3 is available here:

http://ftp.skolelinux.org/pub/freedombox/0.3/

Before using, you should verify the image's signature, see
https://wiki.debian.org/FreedomBox/Download for further instructions:

$ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0x36C361440C9BC971

$ gpg --fingerprint 0x36C361440C9BC971

pub   4096R/0C9BC971 2011-11-12
  Key fingerprint = BCBE BD57 A11F 70B2 3782
BC57 36C3 6144 0C9B C971
uid  Sunil Mohan Adapa 
sub   4096R/4C1D4B57 2011-11-12

$ gpg --verify freedombox-unstable_2015-01-15_beaglebone-armhf-card.tar.bz2.sig 
freedombox-unstable_2015-01-15_beaglebone-armhf-card.tar.bz2

(Replace the file names with the version you download.)

Thanks to the many folks who helped put this release together and
especially Sunil and Petter who are regularly building and publishing
updated images.

More information on this release is available on the wiki:

https://wiki.debian.org/FreedomBox/ReleaseNotes

Major FreedomBox 0.3 Changes:

- Add BeagleBone support.  We now have images for BeagleBone,
  RaspberryPi, VirtualBox i386/amd64, and DreamPlug.

- Ability to enable and use Tor Hidden Services.  Works with
  Ejabberd/JWChat and ownCloud services.

- Enable Tor obfsproxy with scramblesuit.

- Drop well-known root password (an account with sudo capabilities still
  exists for now but will be removed soon).

- Switch to unstable as suite of choice for easier development.

- Newer images are built with systemd by default (due to Debian change).

- Install and operate firewall automatically (uses firewalld).

- Major restructuring of Plinth UI using Python3, Django web development
  framework and Bootstrap3.  Code quality is much better and UI is more
  polished.

- Introduced packaging framework in Plinth UI for on-demand application
  installation.

- Documentation updates.

- Many bug fixes and cleanups.

Unfortunately, some known issues do exist:

- ownCloud requires removing /etc/owncloud/config.php after installation
  for Plinth to enable it properly.

However, other known issues have already been fixed upstream:

- etckeeper commit doesn't work during first-run.

- Wi-Fi AP isn't automatically available on Dreamplug. The interface
  needs to be created manually.

Please discuss, test, and enjoy.  Please also join us on the mailing
list, IRC, or on the monthly progress calls:

- List: http://lists.alioth.debian.org/pipermail/freedombox-discuss/

- IRC: irc://irc.debian.org/freedombox

- Calls: https://wiki.debian.org/FreedomBox/ProgressCalls

Happy hacking,
Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] plinth giving Bad Request (400)

[Nick Daly]

Cameron Bunch writes:

> I am trying to get an fbx setup as a Vmware VM to begin some Freedombox
> experimentation with it but have encountered a problem.
>
> 1. Obtained the VirtualBox image (2014-11-15) and converted it into a
> Vmware VM...  The problem is that when I use Iceweasel on the Wheezy
> PC VM to access http://192.168.0.1/plinth I get: Bad Request (400).

Hi Cameron, please check out the more recent images that should have
fixed the 400 error in Plinth:

http://ftp.skolelinux.org/pub/freedombox/latest/

Thank you very much for the thorough and detailed overview of the steps
you took, this sort of detail when submitting issue reports is really
appreciated!

Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Wiki page about contributing to FreedomBox

[Nick Daly]

Excellent work, as always, Sunil.  Thank you!

On Fri, Jan 9, 2015, 09:39 Sunil Mohan  wrote:

> On Monday 22 December 2014 03:35 AM, Nick Daly wrote:
> [...]
> > - Create a general "Contribute" wiki page telling people how to pull
> >   projects, put them together, and submit changes?
> >
> >   - https://github.com/puppetlabs/puppet/blob/master/CONTRIBUTING.md
> >
> >   -
> > https://github.com/thoughtbot/factory_girl_rails/blob/
> master/CONTRIBUTING.md
>
> I have written two pages[1][2] on how to contribute to FreedomBox:
>
> 1) https://wiki.debian.org/FreedomBox/Contribute
> 2) https://wiki.debian.org/FreedomBox/Contribute/Code
>
> --
> Sunil
>
>
>
> ___
> Freedombox-discuss mailing list
> Freedombox-discuss@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Wider Distribution Concerns?

[Nick Daly]

Hi folks, during the call today, Markus and Sunil brought up the fact
that they had concerns about distributing 100 boxen to developers
(projectdanube.org), and thought it would be a good idea to discuss
what those concerns are.  This might help us direct the 1.0 todo list
as well.

To start, my concerns are that we've written Plinth and some glue code
(like Augeas-lenses, FBuddy, etc.) for the project.  I'm pretty sure
all of these things were necessary (because nothing available in
Debian did them in the coordinated way we needed them to), but I'm
uncomfortable releasing externally-facing services without getting
those services a proper security review.  I'm sure we'll do our best,
but it also feels negligent to ask people to rely on our tools without
making reasonable external verifications.

Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] 2014-12-28 Progress Call

[Nick Daly]

Hi folks, we had another successful progress call this month, with the next
one scheduled for Sunday, 2015-01-25, at 19:00 GMT.  The detailed notes are
available on the Debian Wiki, but the things on everybody's mind for the
next month are:

- Everybody: Discuss what our concerns are about distributing boxes on
mailing list.

- Everybody: create a general contribute-to-the-project-as-a-whole page.

- Everybody: think about places we can meet up and give talks, or just hang
out: fosdem, libreplanet, etc.

See https://wiki.debian.org/FreedomBox/ProgressCalls for more details.

Thanks,
Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Monthly Progress Call: 12/28 7 PM GMT?

[Nick Daly]

Hi folks, let me know if this month's scheduled progress meeting, 12/28,
19:00 GMT, does or doesn't work for you.  If it doesn't, we can
reschedule for other times.  Please offer potential times if asking for
a reschedule.

Also, let me know if the time works for you, too.  Since we have folks
dispersed so widely around the world, it might be nice to just shift it
by 8 hours each month, but maybe I'm trying to make this much more
complicated than it needs to be.

Ideas/Topics:

- Progress on moving TODOs to issue tracker.

- Review 0.3 blockers.  Are we ready to declare a release?

- Identify 1.0 blockers.

- Create a general "Contribute" wiki page telling people how to pull
  projects, put them together, and submit changes?

  - https://github.com/puppetlabs/puppet/blob/master/CONTRIBUTING.md

  -
https://github.com/thoughtbot/factory_girl_rails/blob/master/CONTRIBUTING.md

Thanks,
Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] November 2014 Call Notes

[Nick Daly]

Hi folks, the notes from today's call have been posted:

https://wiki.debian.org/FreedomBox/ProgressCalls

Thanks to everyone who attended, we had a great turnout today!

Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Monthly Progress + Development Calls?

[Nick Daly]

Hi folks, in order to coordinate better, we should try to put together
regular, probably monthly, calls where we discuss ongoing topics of
interest.  Right now, I'm scheduling the first call for Sunday, November
30th at 6 PM GMT.  Further details on joining the meeting will be posted to
https://wiki.debian.org/FreedomBox/ProgressCalls

The current topics include:

- 0.3 Release blockers: do any remain?  How do they get fixed?  Who needs
what help, and how do we get them that help?

- Building in Jessie: Impossible?  Being fixed?

- Client -> Server and Server -> Client Authentication in Monkeysphere, in
Apache.

- Wireless Access Points: What are next TODOs?

- Reorganizing documentation and deciding on a good entry point for the
project (the wiki?).  At the SFLC 10th Anniversary Celebration, "I don't
know where any documentation is, and everything points to something else"
was a frequent complaint.  How do we fix that?

- Other topics people email me.

Thanks,
Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Merge Policy?

[Nick Daly]

Hi folks, I've recently had a few questions about the FBX community's merge
policy, and wanted to bring them to the list, because it might be helpful
to have a well documented standard available on the wiki.

I would like to hold myself to something like the following:

- Unit tests pass.
- Style tests (pep8.py, etc.) pass.

This at least makes sure that code hasn't become broken and that it looks
similar to other code already in the project.  This isn't something I've
enforced (FreedomBuddy doesn't *have* any tests other than acceptance
tests), but something I'd like to start sticking to, in order to set clear
expectations for patchers.

What other criteria do other folks use?

Thanks,
Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] FreedomBox - "Danube Edition"

[Nick Daly]

Hi Markus, I'm excited to see what you do with the November 2014 FreedomBox
Danube Edition.  As long as it's clear that it's a developer-preview, I
think it's a great idea.  I can't imagine what 100 live boxen could do for
the community!

However, I'd really appreciate it if you could keep a few things in mind
for me when putting it together, just to make sure we don't lose track of
anything important along the way.  Could you please:

- Write up your experience of booting the boxes: what worked, what didn't,
what should've been easier.

- Reporting any bugs you find, when you run into them.  I'm sure they're
there.  For example, I had trouble with DNS and SSH on my most recent test
images and haven't really gotten to the bottom of that yet.

- Make sure the box's administrator knows where to find documentation, as
well as the version they're running.  This should probably be handled in
Plinth better, but I haven't really thought about how to do that well.  I'm
open to any ideas!

Thanks for your help in all this, this was awesome to read about.

Nick
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Per user temp directory using libpam-tmpdir?

[Nick Daly]

Petter Reinholdtsen  writes:

> libpam-tmpdir create the missing folder when a new pam session is
> created.  I guess this do not happen in freedom-maker.  I am not sure
> what the correct approach is, but either freedom-maker can be changed
> to call processes in a way that create a new pam session, or it can
> set TMP and TMPDIR to /tmp/ to avoid the problem.
>
> Perhaps you got time to prepare a patch along these lines to fix it?

James's patch has been merged.  It should work correctly now. :)


pgpqgz_AbghO5.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Trouble Building Raspberry Pi Image

[Nick Daly]

Nick Daly  writes:

> The immediate cause of the issue has been discovered, but we don't yet
> know why it's broken.  Using "kpartx -a $IMAGE.img", you can easily
> mount each partition of the image file and verify that the first
> (primary boot) partition of the Raspberry Pi image is empty other than a
> zero-byte start.elf file.  Because the boot partition is empty, the
> image has no data with which to boot.

It works fine with a DreamPlug.  Looking through F-M's
bin/mk_freedombox_image, the only difference I can find is that the
Raspberry Pi is missing uboot.  I'm trying to build an image with that
now.

Nick


pgphEAuIOOB2X.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Trouble Building Raspberry Pi Image

[Nick Daly]

The immediate cause of the issue has been discovered, but we don't yet
know why it's broken.  Using "kpartx -a $IMAGE.img", you can easily
mount each partition of the image file and verify that the first
(primary boot) partition of the Raspberry Pi image is empty other than a
zero-byte start.elf file.  Because the boot partition is empty, the
image has no data with which to boot.

So, copy correct boot partition data from an old image to a new image's
boot partition and you'll have a hacky workaround.  I assume we missed
something that changed in vmdebootstrap.

Nick


pgpje0PC85Lbs.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Trouble Building Raspberry Pi Image

[Nick Daly]

Chris Troutner writes:

> ...to add curl like this:
>
> # Packages to install in all FreedomBox environments
> base_pkgs="apt base-files ifupdown initramfs-tools \
> logrotate module-init-tools netbase rsyslog udev debian-archive-keyring curl"
>
> Did I edit the right line? Did I edit it correctly?

That should work fine.  If curl ends up on a line by itself, end the
previous line with a "\", just like the line that ends with
"initramfs-tools" does.

> Again, the image built and appears fine, but the Raspberry Pi does not
> boot.
>
> I uploaded my freedombox.log file here: http://pastebin.com/rswEZVtm
> I uploaded the screen log here: http://pastebin.com/v0aEa6y9

What do you get from the SD card itself?  Try following these
instructions [0] from linuxquestions.org to enable boot logging and then
post that file:

go to /etc/default/ and look for (or create) a file named
"bootlogd".  Inside that file add/ change a line so it reads
"BOOTLOGD_ENABLE=Yes".  The next time you reboot you will have your
boot messages saved in the file "/var/log/boot".

In summary, on the SD card's /etc/default/bootlogd:

BOOTLOGD_ENABLE=Yes

> I'm starting to suspect there may be an issue with my build
> environment.

vmdebootstrap should handle all of that.  I'm building and booting
images from Wheezy, so I'd be surprised if that were the issue.

> Has anyone been able to successfully build and boot a Raspberry Pi
> image in the last couple weeks?  I'd like to rule out if the issues
> I'm having are isolated to me, or if they are more general in nature.

I'll give it a go this weekend and let you know.

Nick

0: 
https://www.linuxquestions.org/questions/debian-26/where-is-the-boot-log-in-debian-sarge-197688/


pgpKZbYhFV90C.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Fossil SCM/VCS as CMS [Was: Re: CMS in freedombox]

[Nick Daly]

ST  writes:

> I'm not sure about bug reports, but wiki you definitely can host as
> files (or within the database - both options are available) - they call
> it embedded documentation. This is exactly what I was thinking to use
> instead of a dedicated CMS. In ikiwiki you have to have 2 packages -
> ikiwiki and git, here only fossil...

That's really interesting.  If Fossil supported "embedded everything,"
it'd be perfect in my eyes (but then it wouldn't be Fossil).  I'll have
to think about this a little more.

Thanks for sending that along!

Nick


pgpWRdIdMmJSB.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] How do we handle package upgrades on the Freedombox?

[Nick Daly]

Jonas Smedegaard  writes:

> When Plinth directly edits configuration files, it is an administrators' 
> tool.
>
> Solution is to have Plinth only ever communicate with debconf!
>
> ...and convince various package maintainers (e.g. by offering patches) 
> to implement via debconf the configuration flexibility that we need.

Jonas, just to help save you from having to explain this again in the
future, could you put together some sort of trivial example that folks
could reference, and make it available somewhere?

Thanks,
Nick


pgppt0BiN3xKH.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Fossil SCM/VCS as CMS [Was: Re: CMS in freedombox]

[Nick Daly]

ST  writes:

> Hi Nick,
>
> if no CMS was integrated yet - I suggest to use Fossil
> ( http://en.wikipedia.org/wiki/Fossil_(software) ) instead of Ikiwiki. I
> took a look on Ikiwiki and realized that Fossil covers almost all
> Ikiwiki features but offers much more. It is small (only one file), fast
> (written in C) and is tuned for security.
>
> What does the public think?
>
> http://www.fossil-scm.org/index.html/doc/tip/www/index.wiki

The only thing I really don't like about Fossil for projects is that the
wiki and the bug reports aren't hosted as files within the repository,
making them impossible to check out without *using* Fossil.  I had a
not-very-good workaround for this in Publish [0], which just tracks all
separate artifacts as files (in particular root-level directories).
Then, it's easy to cross-publish between multiple hosting sites.  It's
also trivial to offer a read-only view of the entire repository (code +
data + metadata) and make the whole thing downloadable as an archive.
It could be a lot more flexible and easier to use (I'll update it to
host multiple projects some day), but that said, not everybody cares
about those sorts of things and Fossil's really nice.

Nick

0: https://gitorious.org/project-publish


pgp1XDq1jRJYj.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] CMS in freedombox

[Nick Daly]

Correction, you should download images from this site instead.
They're much newer!

ftp://ftp.skolelinux.org/pub/freedombox/

On Wed, Apr 9, 2014 at 8:06 AM, Nick Daly  wrote:
> Hi ST, I don't believe anybody's integrated a CMS yet.  I have plans
> to integrate ikiwiki, but that's not currently at the top of my
> project list.  Until then, Ikiwiki's pretty easy to add yourself, with
> a little command line knowledge. You can download pre-built images to
> play with (in VirtualBox) at:
>
> http://download.internetmachines.co.uk/tracker/freedombox-images/
>
> For more details, see:
>
> https://wiki.debian.org/FreedomBox/VirtualBoxImages
>
> On Wed, Apr 9, 2014 at 2:14 AM, ST  wrote:
>> Hi,
>> which CMS does freedombox uses for publishing user's websites?
>>
>> Thanks,
>> ST
>>
>>
>> ___
>> Freedombox-discuss mailing list
>> Freedombox-discuss@lists.alioth.debian.org
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] CMS in freedombox

[Nick Daly]

Hi ST, I don't believe anybody's integrated a CMS yet.  I have plans
to integrate ikiwiki, but that's not currently at the top of my
project list.  Until then, Ikiwiki's pretty easy to add yourself, with
a little command line knowledge. You can download pre-built images to
play with (in VirtualBox) at:

http://download.internetmachines.co.uk/tracker/freedombox-images/

For more details, see:

https://wiki.debian.org/FreedomBox/VirtualBoxImages

On Wed, Apr 9, 2014 at 2:14 AM, ST  wrote:
> Hi,
> which CMS does freedombox uses for publishing user's websites?
>
> Thanks,
> ST
>
>
> ___
> Freedombox-discuss mailing list
> Freedombox-discuss@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Doc: Please Contribute to 0.2 Release Notes!

[Nick Daly]

Hi folks, if you have any details about any of the new services added to
the FreedomBox in the 0.2 release, please add them here:

https://wiki.debian.org/FreedomBox/ReleaseNotes#New_Services-1

The services that really need help are:

 * !OwnCloud
 * dnsmasq
 * Service Announcement
 * LDAP Server
 * LXC Support

These service descriptions are technically complete, but can certainly
be improved:

 * Configuration Management UI
 * Instant Messaging
 * Low-Level Configuration Management
 * Source Packages

Thanks for your help,
Nick


pgpxk73SBwqpo.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: Sending All Traffic Over Tor?

[Nick Daly]

Hi folks, since we now support running Tor bridges on boxes, is it
time to send all the box's traffic over Tor?

If so, what would be the best way to do this?  We already have privoxy
(have we configured it or the HTTPSEverywhere ruleset at all?), but we
could also use one of the instruction sets from:

https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy

Previously, there was one objection to this proposal:

1. Certain service providers discriminate against Tor users (editing
Wikipedia without hoops, etc).

So, are we significantly disadvantaging users by transparently
proxying all their traffic over Tor?  Of course, it depends on what
they want to do, but are those discriminatory services sufficiently
frequent to make gaining anonymity a net loss for the user?  I don't
think so but I haven't, for example, tried banking over Tor.

Thanks,
Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Dev: Sending All Traffic Over Tor?

[Nick Daly]

On Fri, Mar 28, 2014 at 10:02 AM, Nick Daly  wrote:
>
> Hi folks, since we now support running Tor bridges on boxes, is it
> time to send all the box's traffic over Tor?

Since we now have a UI that we can use to configure settings, lets try
setting all traffic to go through Tor by default.  Users who don't want
this feature can selectively disable it.  To do that, we'll need a few
more infrastructure pieces in place:

1. iptables support (yet another cross-cutting concern).
2. privoxy configuration to route connections through Tor.
3. Tor module for Plinth (allow enabling/disabling Tor routing).

That'll configurably give users significantly more privacy by default. :)

Anybody want to contribute a module or two to Plinth [0] or
FreedomBox-Setup [1]?

Nick

0: github.com/nickdaly/plinth

1: github.com/petterreinholdtsen/freedombox-setup

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] FreedomBox Wiki Pages

[Nick Daly]

Just so you know, we have 80 pages already on the wiki.  We just need to
do a bit of a better job organizing them:

FreedomBox
FreedomBox/0.2Todos
FreedomBox/1.0Todos
FreedomBox/BetaReleaseTodos
FreedomBox/BoxConfiguration
FreedomBox/BuildImage
FreedomBox/ClientServerCommunication
FreedomBox/Conferences
FreedomBox/Conferences/SoftwareFreedomDay2011
FreedomBox/Configs
FreedomBox/Configs/DNSMasq
FreedomBox/Configs/Prosody
FreedomBox/Configs/Scuttle
FreedomBox/Configs/Tor
FreedomBox/Configs/inadyn
FreedomBox/Configs/shorewall
FreedomBox/Connections
FreedomBox/ContributingAnonymously
FreedomBox/CurrentProgress
FreedomBox/DesignAndToDos
FreedomBox/DistributedNaming
FreedomBox/Documents
FreedomBox/Download
FreedomBox/DreamPlug
FreedomBox/DreamPlug/Firmware
FreedomBox/DreamPlug/Images
FreedomBox/DreamPlug/Images/InternalMicroSD
FreedomBox/DynamicDNS
FreedomBox/ExampleProjects
FreedomBox/Firmware
FreedomBox/FirstHandsOn
FreedomBox/FreedomBuddy
FreedomBox/FreedomCluster
FreedomBox/FreeingTheCloud
FreedomBox/GettingStarted
FreedomBox/Hackfests/1
FreedomBox/Hackfests/2
FreedomBox/Hackfests/3
FreedomBox/HardwareRequirements
FreedomBox/Identity
FreedomBox/IdentityManagement
FreedomBox/LeavingTheCloud
FreedomBox/Manual/Jessie
FreedomBox/MeshNetwork
FreedomBox/MobileKeyVerification
FreedomBox/PageKite
FreedomBox/Plinth
FreedomBox/Press
FreedomBox/PrivacyAtHome
FreedomBox/Proposals
FreedomBox/Proposals/AnonProposal
FreedomBox/Ready
FreedomBox/Requirements
FreedomBox/Requirements/BrainStorm
FreedomBox/Roadmap
FreedomBox/Software
FreedomBox/SoftwareRequirements
FreedomBox/SundayHackfest
FreedomBox/SystemRequirements
FreedomBox/Tahoe-LAFS
FreedomBox/TalksAndPresentations
FreedomBox/TalksAndPresentations/AvailableMaterial
FreedomBox/TargetedHardware
FreedomBox/Tools
FreedomBox/UniLeipzigPractical
FreedomBox/UnscheduledTodos
FreedomBox/UserExperience
FreedomBox/UserInterface
FreedomBox/UserRequirements
FreedomBox/UserRequirements/BrainStorm
FreedomBox/UserStories
FreedomBox/VirtualBoxImages
FreedomBox/VisualIdentity
FreedomBox/VoIPVideoAndInstantMessaging
FreedomBox/Welcome
FreedomBox/feeds
FreedomBox/macAddresses
FreedomBox/router
Freedombox
Freedombox/FreedomBuddy


pgp11oTW9SYO0.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Wiki Updates

[Nick Daly]

Hi folks, I sorta tore up the wiki's landing page, because...  It's
needed to be revamped for quite a while now.  I split the page into
three sections:

1. Use a FreedomBox (manuals)
2. Learn about FreedomBox (philosophy)
3. Build the FreedomBox (contribute)

https://wiki.debian.org/FreedomBox

I think I copied all the material from each section onto the relevant
page, but we need to do a lot more cleanup: we need to integrate and
organize the elements that are already on the wiki.  So, if you see two
pages that look like they should be one, combine them!  If you see a few
pages that look like they should be a single section, then fix it!  It's
a wiki: be bold!

Please send feedback and edit the wiki.

Thanks for your help,
Nick


pgpsMaOjgG5UY.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] How to use JWChat on the freedombox?

[Nick Daly]

James Valleroy  writes:

> On Mon, Mar 17, 2014 at 6:06 PM, Petter Reinholdtsen  wrote:
>>
>> You are right.  This actually work.  When I visit
>> http://> I add fbx to /etc/hosts on my local machine and then access http://fbx/,
>> I get JWChat.
>
> One way to fix this is to comment out the port 80 vhost in the plinth
> apache configuration, and restart apache. So I would suggest splitting
> plinth.conf into 2 files:
> 1) plinth.conf for HTTP (does nothing but redirect to HTTPS).
> 2) plinth-ssl.conf for HTTPS.
>
> Then freedombox-setup can disable plinth.conf, since fbx.conf handles
> the redirect as well.

Should fbx.conf handle all these services by itself?  Can we use
Location directives to divide up the conf files further per service?  I
haven't done a lot of Apache config file frobbing, so I'm unclear how to
best support multiple services on the same port like this...

James, I've merged your patch (Plinth pull 63) for now, but maybe
there's an easier to manage way, somewhere?

Nick


pgpwWq8D3bskN.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: Cross Cutting Concerns in Plinth?

[Nick Daly]

Hi folks, Plinth doesn't currently handle cross-cutting concerns very
well.  For example, if I change the hostname, I need to individually
notify every service that depends on that hostname.  If Plinth had
better support for callbacks or advice, each service could just register
a function to be performed when the hostname changed.

Do you have any recommendations for tools or approaches (preferably with
working examples) that we could learn from to apply to Plinth?  I've
found a few examples, but I don't see an obvious best way forward yet.

Thanks for your time,
Nick


pgpiu1JYMBOMk.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Test if your freedombox is working as it should (testsuite)

[Nick Daly]

On Sun, Mar 23, 2014 at 8:20 PM, A. F. Cano  wrote:
> I suppose I should have asked: How do I access plinth when the fbx is
> running in a virtualbox?
>
> Obviously, I need to know the interface names on which the virtualbox
> is listening.  The default eth0 is in NAT mode, so it can't be accessed
> from outside the virtualbox.

Try switching that interface to Bridged mode before powering the box on.

Nick

http://www.virtualbox.org/manual/ch06.html#network_bridged

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Some notes on the disk space situation on FreedomBox 0.2

[Nick Daly]

Petter Reinholdtsen  writes:

> When Bdale switched on the option to store the source of all the
> installed packages in /usr/src/packages/ to prepare for the release
> build, the disk space situation on the freedombox changed dramatically.
> I believe we need to increase the image sizes by almost one GiB to cope.
>
> On my freshly created virtualbox image, the root file system is 2.7 GiB
> according to df -h, and 1.9 GiB (74%) of this is used.  Only 692 MiB is
> available according to df (5% is reserved for user root and not included
> in that number).
>
> According to apt-get, installing owncloud will use 973 MiB of additional
> disk space, which clearly will not fit in 692 MiB.

Per James's work [0], we can now install owncloud without the
recommends, reducing owncloud's install size (to around 70 MiB, if I've
mathed correctly).  However, it may still be time to increase the image
size to 4 GiB.  I believe that would still fit on the default DreamPlug
microSD card, of 4 GB.  Now seems like a fine time to upsize the image,
though I'm very wary of doing so much further.

Thoughts?

Nick

0: https://github.com/NickDaly/Plinth/pull/61


pgpWVVg2syL8W.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] What is new in FreedomBox version 0.2 compared to 0.1?

[Nick Daly]

On Thu, Mar 20, 2014 at 11:11 AM, Petter Reinholdtsen  wrote:
> What about the ssh server?  Was it present in 0.1?

Yup, that's how we administered the box remotely.

> And the latest version contain avahi daemon, ldap server and lxc
> support.  There is also a DNS and DHCP server handed out on eth1.

All new!

> These are the open ports:
>
> root@freedombox:~# netstat -a|grep 'LISTEN '
> tcp0  0 *:ldap  *:* LISTEN
> tcp0  0 *:xmpp-client   *:* LISTEN
> tcp0  0 *:4431  *:* LISTEN
> tcp0  0 *:epmd  *:* LISTEN
> tcp0  0 *:xmpp-server   *:* LISTEN
> tcp0  0 *:domain*:* LISTEN
> tcp0  0 *:ssh   *:* LISTEN
> tcp0  0 localhost:52854 *:* LISTEN
> tcp0  0 localhost:9050  *:* LISTEN
> tcp0  0 *:57756 *:* LISTEN
> tcp0  0 *:5280  *:* LISTEN
> tcp0  0 localhost:8000  *:* LISTEN
> tcp0  0 freedombox: *:* LISTEN
> tcp6   0  0 [::]:ldap   [::]:*  LISTEN
> tcp6   0  0 [::]:http   [::]:*  LISTEN
> tcp6   0  0 [::]:domain [::]:*  LISTEN
> tcp6   0  0 [::]:ssh[::]:*  LISTEN
> tcp6   0  0 localhost:8118  [::]:*  LISTEN
> tcp6   0  0 [::]:https  [::]:*  LISTEN

That's nuts!  Can we map each of these to the owning services?  I want
to start wrangling that information while it's still manageable.
That'll help make decent automated firewall management *possible.*

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] What is new in FreedomBox version 0.2 compared to 0.1?

[Nick Daly]

Hi Pere!

On Thu, Mar 20, 2014 at 9:00 AM, Petter Reinholdtsen  wrote:
> What exactly is new in version 0.2 compared to version 0.1?  I belive
> we should make a list and put it in the wiki.  I never tried v0.1, so
> I do not know.

The 0.1 release announcement [0] featured a functioning Privoxy.
Everything else, since then, is new.

The full feature list now includes (by my count):

- JWChat (XMPP)
- Plinth
- Tor
- OwnCloud (with 4GB images)
- Privoxy
- Source packages
- dnsmasq
- Configuration management (etckeeper)

I wanted to put this up on the wiki last night, but was just too tired
to get to it.  List, please help yourselves to this task.

Nick

0: 
https://www.freedomboxfoundation.org/news/FreedomBox_version_0.1_Released/index.en.html

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Block brute force login attacks?

[Nick Daly]

I'd like to throw one more alternative into the mix:

On Wed, Mar 19, 2014 at 1:38 AM, Petter Reinholdtsen  wrote:
>   - iptables / ufw rules
>   - libpam-shield - locks out remote attackers trying password guessing
>   - libpam-abl - blocks hosts which are attempting a brute force attack
>   - fail2ban - ban hosts that cause multiple authentication errors
>   - (*) denyhosts - Utility to help sys admins thwart SSH crackers

- Figure out how to make key authentication easy for end user's
devices and disable password authentication on boxen altogether.

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Should we drop xterm from the freedombox default setup?

[Nick Daly]

Mercurial was installed because some unpackaged projects used hg
instead of git.  It can be removed, and certainly shouldn't be pulling
xterm in, anyway...

On Tue, Mar 18, 2014 at 12:26 AM, Petter Reinholdtsen  wrote:
>
> I noticed today when running apt-get upgrade on my freedombox from a few
> days ago, that _xterm_ was being upgraded.  Why on earth do we have
> xterm installed, I wondered:
>
>   root@freedombox:~# aptitude why xterm
>   i   freedombox-setup Dependsmercurial
>   i A mercurialRecommends wish
>   i A tk8.6Provides   wish
>   i A tk8.6Recommends xterm | x-terminal-emulator
>   root@freedombox:~#
>
> Can we drop merucrial?  Anyone remember why it is installed by default?
>
> --
> Happy hacking
> Petter Reinholdtsen
>
> ___
> Freedombox-discuss mailing list
> Freedombox-discuss@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Why four users with passwords on the freedombox?

[Nick Daly]

Petter Reinholdtsen  writes:

> The plinth process now seem to run as user root according to 'ps -ef'
> (and not www-data any more), but no longer have a valid password.  Can
> it be changed to run as a non-privileged user?

Yeesh.  It should run as a non-privileged user, now tracked as a 2.0
release goal [0]:

: FreedomBox 2.0: Plinth: Run as non-root user.

It probably should run as a service-specific user, to compartmentalize
the permissions as much as possible.

>> What is the point of having both the users root and fbx?  Is it not
>> enough with one normal user, and set up sudo for this user to get root
>> access, or perhaps disable it completely and depend on some plinth GUI
>> to set the password on a regular unix user?
>
> The plinth unix user is now created by the plinth package, and no
> longer have a password.  And the admin user in the plinth user
> interface no longer exist.  But there are still two unix users with
> known passwords on the freedombox:
>
>   /etc/passwd, /etc/shadow
>
> root / freedom
> fbx / frdm

Removing and disabling "root" and "fbx" are currently 2.0 release goals:

: FreedomBox 2.0: Infrastructure: Remove or Disable "root/fbx" Accounts

The "plinth" user should be the only administrative user on the box, and
the user should be able to direct the plinth user through the Plinth UI.

Pere, if you feel that Plinth is ready for the role, please remove the
known users and passwords.  I'm not convinced we're there yet, but
removing them might be the only way we'll get there...

Nick

0: https://gitorious.org/freedombox-todos


pgpF6u5vfTrJW.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Freedombox 0.2 almost ready - please test

[Nick Daly]

"A. F. Cano"  writes:

> I'm now running the newly-built image in virtualbox.  I can log in as
> root and fbx, but I gather from the readme file that the first thing
> to do is plug in ethernet cables on both interfaces.

The README assumes you're using a physical DreamPlug.  The software
tries to use two Ethernet ports (eth0 and eth1), but VirtualBox only
provides one, AFAIK.  I don't know how to add additional interfaces to a
VirtualBox image, though it's probably possible (and would be nice).

> Is it even possible to do any testing on a virtualbox in a machine
> that has one network interface?

Sure!  You'll just use it as a end-device instead of a proxy.

> I would have thought I could somehow connect to a fake, or create, a
> sofware network interface.  Is there a way to do this?  If it were
> possible to have a fake ethernet connection as the "inside" that the
> browser and other software could connect to, (maybe the loopback
> interface?) the firewall machine type of setup of a physical dreamplug
> could be simulated, but how can I tell virtualbox to use that as the
> inside connection?  Or do I have a fundamental misunderstanding of how
> the freedombox is intended to be used?

It works as you'd expect, as long as the hardware supports multiple
Ethernet interfaces.  However, VirtualBox only supplies one by default,
so you're stuck with an end-device, until we figure out how to get VBox
to provide more interfaces.

Nick


pgpyKwR6vhohD.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Freedombox 0.2 almost ready - please test

[Nick Daly]

Petter Reinholdtsen  writes:

> The next release of freedombox is almost ready to ship.

:) :) :) 8)

> Nick Daly got the dreambox image working yesterday.

Here're my release notes from testing the current image.



* FBX Image [2014-03-09 Sun] Release Notes

1. To connect to your DreamPlug, connect the Ethernet cable to the
   inside Ethernet port, that's eth1.

2. Add this line to ~/etc/apache2/sites-available.plinth.conf~:

   #+begin_src apache
## Force SSL
RewriteEngine on
 +   ReWriteCond %{REQUEST_URI} ^/plinth
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

   #+end_src

3. If you're going to use the /plugserver/ scripts to set up your
   system, you'll need to change
   ~/etc/apache2/sites-available/000-default.conf~:

   #+begin_src apache
   #ServerName www.example.com

   ServerAdmin webmaster@localhost
 -  DocumentRoot /var/www/html
 +  DocumentRoot /var/www

   # Available loglevels: trace8, ..., trace1, debug, info, notice, 
warn,

   #+end_src

4. You also probably want to enable a few modules:

   : apt-get install libapache2-mod-perl2
   : a2enmod cgi perl


pgpDqrKhkpbkw.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] OwnCloud

[Nick Daly]

Petter Reinholdtsen  writes:

> [Chris Troutner]
>> If the FreedomBox is attached to a home router with a dynamic IP,
>> how does the that get handled for interaction through the web
>> browser interface?  I've used DynDNS for stuff like this in the
>> past, but I don't think they're free anymore.
>
> I suspect we must have several options, and one of them I hope to get
> working is pagekite. :)

I don't believe Dyn is free ($25/yr), and they also don't accept Bitcoin
(if that matters to you), but NoIp.com does ($20/yr).  Pagekite does and
is significantly cheaper than either of the other two ($36/yr,
recommended).

I buy my domain name through Dyn and use PageKite for the hosting, it
works really well.  Pere's working on FBX PageKite support, which I'm
looking forward to.

Ultimately, it's going to be a non-zero cost, unless you enable uncommon
routing tools on your client devices (like i2p on a cell phone, for
example).

Nick


pgpiEG_aT9eCt.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Freedombox 0.2 almost ready - please test

[Nick Daly]

"A. F. Cano"  writes:

> Tried to build for virtualbox.  It failed. The loop device the script
> assumes doesn't exist on Debian Jessie.
>
> ERROR: command failed: ['mkfs', '-t', 'ext4', '/dev/mapper/loop0p1']

Interesting.  Bdale was running into that issue too.  Try running:

: kpartx -av $IMAGE

And then try running make again.

In your case, $IMAGE is probably:

: build/freedombox-unstable_2014-03-12_i386-virtualbox-hdd.img

Please reply to the list with whether that works or not.

Nick


pgpoVKo4Ryfnw.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] DreamPlug Bootloaders?

[Nick Daly]

Nick Daly  writes:

> Hi folks, please reply if you have a DreamPlug.  I'm trying to get to
> the bottom of the "Fix DreamPlug MAC Addresses" 1.0 TODO item [0], and I
> suspect I'll need copies of an original bootloader image, if any still
> exist.  I haven't dug too deeply into it, so maybe I won't end up
> needing that, but it'd be interesting reference material, either way.

Thanks to everyone who replied to this email.  With your help, we were
able to update the README so that DreamPlug users don't lose MAC
addresses any more, and update the recovery script so that users who've
already lost MAC addresses get reasonable addresses assigned
automatically.

Nick


pgp_l4xltoKig.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] LDAP

[Nick Daly]

(Processing very old emails, sorry.)

Simo  writes:

>>> Do yourself a favor... and use apache modules, mediawiki has a
>>> module to understand REMOTE_USER, so should other services like
>>> that. Once you find one that understand REMOTE_USER you can defer
>>> authentication compeltely to apache and not have to
>>> learn/implement/tweak each single service in a different way.
>
> ...use REMOTE_USER, it's at the same time a very low common
> denominator but also very flexbile because all you need to change is
> the apache configuration and not each single application.

This is tracked in the FreedomBox TODO list (line 122) [0, 1]:

- FreedomBox 1.0: Infrastructure: Add Single Sign On Support

Simo, Jonas, list, et al., please review that writeup when you get a
chance and let me know what needs to be fixed about it.  Please submit
fixes here or as pull requests on Gitorious or GH.

Thanks,
Nick

0: https://gitorious.org/freedombox-todos/freedombox-todos/source/HEAD:TODO#L122

1: https://github.com/NickDaly/freedombox-todos/blob/master/TODO#L122


pgp09ae1vik4d.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: TODO List Cleanup Complete

[Nick Daly]

Hi folks, I've just pushed a massive cleanup to the TODO list [0, 1]:

1. Consolidate disorganized items (spread across multiple releases,
   unclear, etc.).

2. Move completed items to TODO_archive.

Take a look and tell me what you think!

Excitingly, this means that, 9 or fewer items remain for the 1.0
release.

Thanks,
Nick

0: https://gitorious.org/freedombox-todos

1: https://github.com/nickdaly/freedombox-todos


pgpSdwbCk8sty.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] bin/partition-stick

[Nick Daly]

Markus>> Is there a reason why this is in Nick's "shiny" branch but not
Markus>> in "master"?  I always found this helpful to set up my USB
Markus>> stick.

James> I think the "master" has diverged quite a bit from "shiny". It no
James> longer copies files directly to a USB stick; instead it creates
James> the entire disk image that can be dd'ed to a USB stick or SD
James> card. ("make rootfs" and "make image" have both been removed as
James> targets from the Makefile.)

I should probably update Shiny from Master, as I don't think there are
many (any?) features unique to shiny any longer.  I think the USB stick
configuration was removed because it required users to manually edit
/etc/fstab.  That's difficult to explain and easy to screw up.  It's
simpler to explain the (much harder-to-screw-up) dd command.

Nick


pgpUUDQKKOtpf.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Dev: DreamPlug Networking Fixed?

[Nick Daly]

Anders Jackson  writes:

> Den 18 jan 2014 23:10 skrev "Nick Daly" :
>>
>> If the system detects an interface without a MAC address, we'll try
>> to use macchanger to set it, or just generate a dummy MAC address
>> (00:00:00:XX:XX:XX).
>
> The first octet should at least be 02 and not 00.  The two last bits
> in first octet say if it is a locally administered or globally unique
> (OUI) MAC-address and if its an uni- or multicast MAC-address.
>
> So you want them to be 10 and not 00 (02:00:00:XX:XX:XX).

Hi Anders, I've updated the generated MAC to comply with the rule.
However, MACs appear to have been assigned in violation of that rule, so
I don't know how reliable it is.  For example, the output of `macchanger
-l` includes these entries:

12619 - 02:07:01 - Racal-datacom
12620 - 02:1c:7c - Perq Systems Corporation
12621 - 02:60:86 - Logic Replacement Tech. Ltd.
12622 - 02:60:8c - 3com Corporation
12623 - 02:70:01 - Racal-datacom
12624 - 02:70:b0 - M/a-com Inc. Companies
12625 - 02:70:b3 - Data Recall Ltd
12626 - 02:9d:8e - Cardiac Recorders Inc.
12627 - 02:aa:3c - Olivetti Telecomm Spa (olteco)
12628 - 02:bb:01 - Octothorpe Corp.
12629 - 02:c0:8c - 3com Corporation
12630 - 02:cf:1c - Communication Machinery Corp.
12631 - 02:e6:d3 - Nixdorf Computer Corporation

Go figure.

Nick


pgpVmvkaoOxT_.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: DreamPlug Networking Fixed?

[Nick Daly]

Hi folks, I just pushed a fix to the broken DreamPlug networking to
FreedomBox-Setup.  If the system detects an interface without a MAC
address, we'll try to use macchanger to set it, or just generate a dummy
MAC address (00:00:00:XX:XX:XX).  Should be good enough to work around
DreamPlug Ridiculousness (TM) for the 1.0, anyway.

Nick


pgpCgCLP9_YyG.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] DreamPlug Bootloaders?

[Nick Daly]

Hi folks, please reply if you have a DreamPlug.  I'm trying to get to
the bottom of the "Fix DreamPlug MAC Addresses" 1.0 TODO item [0], and I
suspect I'll need copies of an original bootloader image, if any still
exist.  I haven't dug too deeply into it, so maybe I won't end up
needing that, but it'd be interesting reference material, either way.

Thanks,
Nick

0: 
https://gitorious.org/freedombox-todos/freedombox-todos/source/master:TODO#L118


pgpFZdyV_vdWn.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Up-to-date Dreamplug build recipe?

[Nick Daly]

Chris Hamlin  writes:

> Where is there a correct, complete current recipe for building and
> running Freedombox on a Dreamplug, including the boot firmware?
>
> Many obsolete recipes scattered about fail in one way or another,
> seeming to have fallen into dependency hell.
>
> A short recipe providing precisely the necessary and sufficient steps
> for building and running the latest Freedombox, including Privoxy and
> Plinth, on a Dreamplug (with JTAG) would save many people a lot of
> time.

Get Freedom-Maker [0, 1], it contains all the details you need.  What
other recipes have you found or been using?

On DreamPlugs purchased in (around) fall 2012 or later, running "make
dreamplug-image" should successfully build a DreamPlug image ready to be
dd-ed onto the FreedomBox's main SD card, without needing to modify the
DreamPlug's boot loader.

DreamPlugs purchased before that time may need to update the bootloader
so the image can boot, per the upgrade instructions available in
Freedom-Maker's README.

Nick

0: https://www.freedomboxfoundation.org/code/

1: github.com/nickdaly/freedom-maker


pgpnyjGH0OGPm.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Dev: Networking Interface Config?

[Nick Daly]

Nick Daly  writes:

> On Tue, Dec 17, 2013 at 4:04 AM, Petter Reinholdtsen  wrote:
>> The network setup is done at first boot in
>> freedombox-setup/first-run.d/05_network, and there I was told by
>> jsullevan to use eth1, not eth0, on the dreamplug.  What is correct?

I don't know that it matters which one we use, as long as we're
consistent and clear about how to use it correctly.  FreedomBox-Setup
can now tell how many wired and wireless interfaces are available and
configure the networking setup appropriately (sbin/interface_detect.py
[0]).

It's easy enough to get a reasonable first-boot networking configuration
in FBX-Setup, but I don't know how we should handle configuring the
network for the live system.  Regardless, we should now have enough
information to be able to make those decisions [1].

Also, I experimented with making interface_detect as easy to understand
as possible, so I put it together in org mode and exported it a few
different ways [2].  If you find the python script or the exported
source easier to read, please let me know.

Nick

0: 
https://github.com/NickDaly/freedombox-setup/blob/master/sbin/interface_detect.py

1:
https://github.com/NickDaly/Plinth/blob/master/doc/design/first-connection.mdwn

2: https://github.com/NickDaly/interface-detect


pgpBG2tW_iXkO.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Unencrypted passwords

[Nick Daly]

Sandy Harris  writes:

> (from Slashdot) A claim that various distros store wifi passwords
> unencrypted. Does this affect us?
>
> http://news.softpedia.com/news/All-Linux-Distributions-Store-Wi-Fi-Passwords-in-Plain-Text-If-You-Don-t-Use-Encryption-412387.shtml

As far as I can tell, this specific case (though not the concept) is
irrelevant to the FreedomBox server.  The article discusses storing
unencrypted wireless passwords on the hard-drive of the client device.
This article is saying that:

"If someone has physical access to your laptop, they'll probably be able
to read the passwords that you use to connect to wireless networks."

The article's talking about wireless network clients, but the same could
apply to the server: someone reading the server's hard-drive could
probably read the wireless password and compromise the wireless network
that way.

If a human attacker (or some malware) has physical access to your
device, someone reading the wireless passwords is probably the least of
your concerns.  That's an issue for both clients and servers.
Encrypting the hard-drive will delay those sorts of attacks when the
data are at rest, but that won't actually protect against malware
reading the data when the device is running (the encrypted data must be
decrypted to be used).

So:

1. Only people you trust should touch your devices.

2. Malware is a nasty class of trouble that's easier to prevent than it
   is to correct.  It's funny to think of a Live CD as malware.

Nick


pgpUXp55TJ7sW.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] (fwd) plinth_0.3.0.0.git.20131101-2_amd64.changes REJECTED

[Nick Daly]

Petter Reinholdtsen  writes:

> [Petter Reinholdtsen 2013-12-29]
>> I've uploaded the current source as version 0.3.0.0.git.20131229-1.
>
> Happy to report that this time plinth was accepted into Debian
> unstable, http://packages.qa.debian.org/p/plinth.html >.

Yay!

> One step closer to having all of our freedombox in Debian Jessie. :)
> The two remaining parts are freedombox-setup and freedom-maker.
> Perhaps both should be included in the same source package?

I'll leave that up to the folks with more packaging experience than me.
Also, Bdale was working on removing a bunch of the cruft (from the days
before we had *anything* packaged) from Freedom-Maker.  Bdale, have you
published those changes yet?

Thanks for your time,
Nick


pgpPo99GsJWFJ.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] LDAP

[Nick Daly]

Simo  writes:

> On Fri, 2013-12-27 at 19:08 -0600, Nick Daly wrote:
>> Time to do a lot of LDAP (or Kerberos, or...) learning.
>
> Do yourself a favor, nix their auth system and use apache modules,
> mediawiki has a module to understand REMOTE_USER, so should other
> services like that. Once you find one that understand REMOTE_USER you
> can defer authentication compeltely to apache and not have to
> learn/implement/tweak each single service in a different way.

Could you clarify or point to an example of where this is used well?
There're lots of results, but there's also a lot of chaff in those
results.

Seems like ikiwiki's httpauth [0] respects REMOTE_USER, which seems
ideal for the wiki service.  Now as long as everything else does the
same...

Nick

0: http://ikiwiki.info/plugins/httpauth/


pgpheTdGzCMRJ.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] LDAP

[Nick Daly]

Jonas Smedegaard  writes:

> Which applications do you have in mind which stores their data in LDAP?  
> Or do you envision (even more!) applications written from scratch 
> specific for FreedomBox?

I was imagining using LDAP as the ACL for application data, not as a
data store itself, though I suppose it could be used that way, sorry if
I was unclear.  I really don't want more things from scratch.  I want
glue.  Were webmin packaged (or if someone would suggest similar already
packaged administration tools), this'd be easier.

> Here's a list of auth plugins: https://ikiwiki.info/plugins/type/auth/
>
> I have not played with it myself, but believe you should be able to use 
> either httpauth plugin + libapache module or unixauth + PAM module.

Thanks, I missed httpauth earlier.  I saw unixauth, saw that it seemed
like it'd do the trick, and then realized that it wasn't packaged in
Debian, or even in ikiwiki.

Seems like httpauth and mod_authnz_ldap [0] could do the trick.  I
should be able to bang out a simple authentication PoC quickly.  I'll
put that on the TODO list, though anyone with the time is welcome to
beat me to it or point to an existing example/tutorial.

Thanks,
Nick

0: https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html


pgpzuenXdNxlx.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] LDAP

[Nick Daly]

Bdale Garbee  writes:

> Jonas Smedegaard  writes:
>
>> Ok.  Makes good sense to mandate use of shared auth mechanism.  Not 
>> convinced LDAP is the ideal for that, though.
>
> ...Clearly not critical path, but this is another possible task for
> someone out there reading who would like a modest project that could
> help us out in the long term.
>
> What I think we can effectively use LDAP for is to manage the information
> associated with identities.  Users, what access rights they should have,
> etc, in an application-neutral way that we can potentially wrap some
> plinth UI goodness around eventually.

It should also be possible to use these sorts of ACLs to create
application-specific data-stores (among other things, to keep
applications from snooping on one another's data).  Keeping data
separated is a related, but different, issue from the problem of
separating processes ("the LXC/VM issue").

So, does anybody know any good LDAP-enabled services we can use?  I
tried to move a wiki service into Plinth (ikiwiki, via [0]), but
immediately ran into the problem that ikiwiki knows nothing about
authentication mechanisms other than its own.  I'm checking on the
ikiwiki IRC channel and their forums, but very few wiki services (other
than MediaWiki, which feels like overkill) are aware of LDAP.

Time to do a lot of LDAP (or Kerberos, or...) learning.

Thanks,
Nick

0: https://bitbucket.org/nickdaly/plugserver/src/tip/setup/wiki/


pgpQB7pDKTFn8.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Dev: Review: Plinth First-Connection Design Published

[Nick Daly]

On Sun, Dec 22, 2013 at 8:57 PM, Nick Daly  wrote:
> Hi folks, I've published some notes on Plinths' first-connection process
> [0].  Please read through them and send pull requests or changes and
> comments to the list.

0: 
https://github.com/NickDaly/Plinth/blob/master/doc/design/first-connection.mdwn

:)

> Also, please help fill out Plinth's LICENSING file so we can get Debian
> package approval!

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: Review: Plinth First-Connection Design Published

[Nick Daly]

Hi folks, I've published some notes on Plinths' first-connection process
[0].  Please read through them and send pull requests or changes and
comments to the list.

Also, please help fill out Plinth's LICENSING file so we can get Debian
package approval!

Thanks,
Nick


pgp_5lJetMqOc.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Dev: Networking Interface Config?

[Nick Daly]

On Tue, Dec 17, 2013 at 4:04 AM, Petter Reinholdtsen  wrote:
> [Nick Daly]
>> fix /etc/network/interface
>>
>> allow-hotplug eth0
>> iface eth0 inet dhcp
>
> Why 'allow-hotplug' and not 'auto'?  'allow-hotplug' is obsolete, as
> far as I know, and require network-manager to be running.  I did not
> plan to use network-manager, but only ifupdown.  Should we use
> network-manager?

If auto is that much simpler, let's just go with that.

> The network setup is done at first boot in
> freedombox-setup/first-run.d/05_network, and there I was told by
> jsullevan to use eth1, not eth0, on the dreamplug.  What is correct?

The issue isn't that eth0/eth1 are mislabeled on the DreamPlug, but
that they're entirely missing on the RaspberryPi.  In my built images,
/etc/network/interfaces has these contents:

: auto lo
: iface lo inet loopback

And that's it.  eth0 is missing from my built RPi images.  If other
folks have different results and I need to pull changes into my
fbx-setup fork, that's fine, but either way that needs to be corrected
before we call this a release.

Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: Networking Interface Config?

[Nick Daly]

Hi folks, I'm trying to fix the /etc/network/interface misconfiguration
in the Freedom-Maker generated images, but I'm not sure where best to
apply the fix.  The underlying issue is that the interface file doesn't
include these lines:

allow-hotplug eth0
iface eth0 inet dhcp

If you have recommendations on how to patch the Freedom-Maker [0] or
FreedomBox-Setup [1] packages to handle this case, I'd appreciate your
help.

Thanks,
Nick



0: github.com/nickdaly/freedom-maker

1: github.com/nickdaly/freedombox-setup


pgpElIUypo7Gi.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] (fwd) plinth_0.3.0.0.git.20131101-2_amd64.changes REJECTED

[Nick Daly]

>> * some files under theme/ are licensed under Apache-2.0
>> * according to COPYING, the documentation is released under
>>   CC-BY-Sa-3.0, or GDFL.
>> * filedict.py is licensed under "MIT/BSD/Python.
>>
>> Please add missing information to the copyright file.

Hi folks, please help fill out the missing copyright information.  If
you're interested in getting started with FBX development, this is a
good way to start.  You can clone the Plinth repository and help fill
out the /LICENSES file:

: git clone https://github.com/NickDaly/Plinth.git plinth

I've filled out all the sections but modules and themes.  After you've
finished that, send me a pull request.  If you want to go further, you
can clone the Plinth Debian Package repository and add the licenses to
the /debian/copyright file:

: git clone https://github.com/NickDaly/plinth-debian-package.git 
plinth-debian-package

Same deal: send a pull request if you have worthwhile changes.

Thanks,
Nick


pgp07E8UIb87R.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Fwd: [Cryptography] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

[Nick Daly]

Sandy Harris  writes:

> Worth a look for use on the Box?

Namecoin is YAINS (yet another interesting naming system) and definitely
worth a look.  At this point, I'd appreciate if someone could write a
FreedomBuddy-Namecoin bridge, that would allow Namecoin to update the
FBuddy service directory.

You can get a good sense of how to write that sort of a bridge by
looking at the freedombuddy/src/scripts/openvpn/static-key_client.py
file [0].

Thanks,
Nick



The basic concept is that, if you know the PGP key of the person you
want to host a service for or consume the service from, you'll run the
following from inside the FBuddy directory:

$ python src/query.py --action (add|list|remove) --(hosting|consuming) \
--key {0} [--service {1} [--location {2}]]

This allows you to control the connections managed per PGP key
fingerprint.  If I wanted to host a wiki for you at r3u6shel9hg.onion
(and your PGP key fingerprint was 123456), I'd run:

$ python src/query.py --action add --hosting --key 123456 --service wiki
--location r3u6shel9hg.onion

If I wanted to see where you were hosting the IM service for me, I'd run:

$ python src/query.py --action list --hosting --key 123456 --service im



0: 
github.com/nickdaly/freedombuddy/blob/master/src/scripts/openvpn/static-key_client.py


pgpCB8SEDScRW.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Plinth VM Build Scripts

[Nick Daly]

Hi folks, I recently had someone ask for the scripts I use to test
FreedomBox packages on empty VMs.  So, I thought I'd clean them up and
post them to the list in case anybody else finds them useful:

http://paste.debian.net/67606/

You'll need to apply this diff:

http://paste.debian.net/67607/

You should install these dependencies:

-  devscripts
-  gdebi
-  git

For Plinth specifically, your */etc/apt/sources.list* should contain:

: deb http://ftp.us.debian.org/debian/ jessie main
: deb-src http://ftp.us.debian.org/debian/ jessie main
:
: deb http://www.reinholdtsen.name/freedombox wheezy main
: deb-src http://www.reinholdtsen.name/freedombox wheezy main

Enjoy!

Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: Current Plinth Bugs

[Nick Daly]

I'm sure these problems have already been solved, but I'm not sure
how.  Ideas?  Patches?  Fork!

https://github.com/NickDaly/Plinth/

* Conceptual Bugs

** Communicate Securely Between Processes

The owncloud setup process has no idea what the right mysql user
password is.  How do we tell owncloud, without telling everybody else?
Is this communication Plinth can and should facilitate?

* Functional Bugs

** Blank Mysql Root User Password

The default mysql root password is blank.  Yuck.

** OwnCloud Install Sucks

The owncloud install process sucks.  It takes X minutes, where X >> my
patience, and there's no indication to the user when the install
finishes.

This was floated on IRC:

> when the user hits "enable owncloud," it goes to a page with an
> X-minute countdown timer that just updates every 10 seconds with the
> current owncloud install status.  When the install finishes, it
> opens a new tab for the user at /owncloud.  If the install doesn't
> finish in X minutes, it errors.

Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Bootstrapping a Freedombox contact list

[Nick Daly]

Tim Retout  writes:

> I've been thinking about the problems involved in the initial setup of a
> Freedombox, particularly the challenge of finding your friends'
> Freedombox addresses.  Has anyone else been through this already?  I
> couldn't see anything which really spelled this out on the wiki.

Tim, thanks for writing this all out, I'll try to read through it in the
next few days.  After Plinth v0.3.1 is released, I'll work on making
these changes in FreedomBuddy.  Please let me know what you think of
this.

My goal is to make it trivial to exchange service addresses and PGP keys
in person (and remotely, but keys must still be verified in person).
When a the chooses "introduce me" in the FreedomBuddy UI, the following
is written to an archive on a USB stick (or any local removable device):

- My public PGP key.

- The "introductory package" of services that I share with everybody
  (FreedomBuddy, possibly other common services, like a wiki).

The archive is signed by the enclosed public key.  The archive (unlike
normal FreedomBuddy messages) is not encrypted, because the users don't
know whose key to encrypt to, yet.  Both users will then exchange their
USB sticks and read in one another's archives.  If the archive has a
valid signature, the services are imported.

At this point, each user will have the other's public key and service
locations and can communicate and update locations normally.  Since the
USB stick contains unencrypted data, it should then be wiped (shred?) by
the receiving user, even though shred is of limited use on flash memory.

If users have already exchanged keys, the messages can be encrypted for
remote transmission (email, etc.).

Also, I'd really like to point out [0, 1] to folks.  They could be
mighty useful going forward.

Thanks for your time,
Nick

0: https://whispersystems.org/blog/simplifying-otr-deniability/

1: https://tools.ietf.org/html/draft-brown-pgp-pfs-03


pgpmepndNoOxJ.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: New FreedomBox-Setup Dependency: NTP

[Nick Daly]

Hi everybody,

I noticed, this morning, that my laptop's clock has skewed from real
time by about 5 minutes.  I wondered why and then realized that no NTP
services were installed.  After quickly putting ntpdate on my laptop, I
realized that none of the NTP services are dependencies of
FreedomBox-Setup either.  I fixed that by adding *ntp* as a dependency
in my FBX-Setup branch.

Nick


pgp3QCzaU8lrl.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: Granting Users Service Access?

[Nick Daly]

Hi folks, did we ever arrive at a consensus on a general solution to the
user-level password storage/accounts (see the "Kerberos and remctl"
discussion in September)?  I'm looking into a similar question: how do
we safely grant different users access to multiple services on the box?

Please let me know if I'm missing some basic information or
understanding here, and I'll get back to researching.  I'm worried that
I might be conflating two different, independent, concerns here.

There are two basic approaches, both of which seem to have their
disadvantages:

1. Keep user accounts separate for each service, let each service handle
   logins and user accounts.  For example, if I hosted a XMPP and Wiki
   service on my box, users would have separate logins for each of
   those.

   This is bad because it duplicates logins and asks each service to
   handle logins on its own.  If you're running five services on your
   box, chances are good that at least one of them is putting your login
   information at risk.

   This is good because it keeps your service level login separate from
   the system level login.  Specific user accounts can't put the system
   at risk because they don't exist in the system.

2. Tie service logins into the system-level logins.  For example, if I
   hosted an XMPP and Wiki service on my box, users would also have a
   system (shell) level login that each service looked to for
   authentication.

   This is bad because it hands malicious users a shell-level account.
   We could attempt to close that hole with the nologin shell, but it
   still feels dangerous.  It also requires us to use services that can
   pass authentication off to other login services (see LDAP).

   This is good because it means users will have only a single
   password/authentication mechanism to guard.  This increases system
   security by helping protect users from themselves.  This also gives
   us a single point to modify and update authentication methods in the
   future.

As far as I see it, those are our trade offs: put the user at risk (1)
through foolish service configuration or put the system at risk (2) to
malicious users.  I'm leaning more toward option 2 because it *prevents
individual users from engaging in bad password management practices,* but
I'd like to hear if somebody has already thought this through.

This came up because I *really* want to get password storage out of
Plinth.  It's fine that it's there now, but it should probably be
removed by 1.0.

(Yay bus rides.  Lots of thinking time.)

Nick


pgpKMESIwUlc4.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Dev: Packaging Incompatible Plinth Changes

[Nick Daly]

(Trying to remember start all dev-oriented mail with "Dev:" subject)

Going forward, you'll want to patch out cfg.py instead of
plinth.sample*.config.  It should provide the same results with few line
changes overall.  Let me know if that's an issue.

The only meaningful edits to this file, ever, come from:

https://github.com/jvasile/Plinth/commit/5c6f38f9b812499cfe637d74819c140cda904aa4

Nick


pgpG6FotrQnig.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] More of today's Upstream Updates

[Nick Daly]

Also, per the FreedomBox TODOs list [0], all of Plinth's FBX 1.0 TODOs
have been completed (subject to verification and bug reports, of
course).

Champagne?

Nick

0: http://github.com/nickdaly/freedombox-todos


pgp_exmEUessI.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Today's Upstream Updates

[Nick Daly]

Hi folks, today's updates include:

- Freedom-Maker Setup package reviewed and updated.

- Freedom-Maker Setup now puts Plinth behind SSL.

  - We should put JWChat behind SSL as well.

  - JWChat and Plinth should both be in root sub-directories, not custom
ports.

- Freedom-Maker has been updated to let FM-Setup handle most
  configuration.

- WithSqLite now handles more than one table per database.

Petter will soon package and publish some of these changes to Debian as
time allows.  After those changes are in, some FM changes will have to
be reverted to point directly to the Debian mirrors instead of Petter's
custom repositories.

Once the Apache SSL configuration is moved into Plinth, we should
probably formally tag a Plinth version.

Once we get a message passing system between boxes in place, we should
probably formally tag a FreedomBox 0.2 release, as well.

FreedomBuddy is still waiting on the database version changes, which
will pave the way to providing an introduction mechanism and a set of
default services (between new peers).  Now that I'm caught up on
outstanding patches, I'll work on those pieces shortly.

Nick


pgpNFuSeYUENA.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Onion Pi

[Nick Daly]

Long story short: this should be configurable, selectively-disableable
by the end-user, or the end-user should be informed of the potential
disadvantages of this connection method.

If your destinations are using SSL (like they should) MITM is less of
an issue.  The lovely HttpsEverywhere Firefox/Iceweasel extension
makes this as simple as possible (and should definitely be installed
on any client device).

The unexpected trouble you might need to worry about is infrastructure
services (like online banking, Paypal, etc.) freaking out because
you're connecting from a known exit node, and assuming that your
account is under attack [0].  Some service providers are good about
this (Google will mark your account as a Tor-using account if you sign
in from a non-exit node IP and then sign in from a known exit-node IP,
without clearing cookies [1]), but /I don't know/ which service
providers are bad about it.

Nick

0: personal communication with primary source.

1: a libtech email from a Google employee that I don't have time to
find right now.  Check the libtech list.

On Tue, Sep 17, 2013 at 11:45 AM, Tim Retout  wrote:
> On 17 Sep 2013 15:32, "Petter Reinholdtsen"  wrote:
>> or by configuring privoxy, dnsmasq and redsocks with iptables to pass
>> all traffic passing through the Freedombox via Tor.
>>
>> Is there some reason not to do this by default?
>
> Hi!
>
> There are some good reasons not to run unencrypted traffic through Tor:
>
> - malicious exit nodes will be studying all unencrypted traffic passing
> through them - badly-secured websites still send session cookies
> unencrypted, for example.
> - the exit node can very easily inject arbitrary Javascript into the web
> page. This is bad. I don't think Javascript-enabled browsers should use Tor.
> (Ditto for Flash/Java.)
>
> For fully encrypted traffic, you still need to be careful of MITM attacks.
> Again this is easy for a malicious exit node. You can think of Tor as
> subjecting yourself to a deliberate MITM. :)
>
> I have heard anecdotal evidence that the above is happening routinely on
> Tor, FWIW.
>
> Tim
>
>
> ___
> Freedombox-discuss mailing list
> Freedombox-discuss@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Weekly Work: 9/9 - 9/15

[Nick Daly]

Hi folks, below are the changes that I've been able to make to
the FreedomBox projects this week.

Unfortunately, due to UGM at work, I was only able to put time in on
Sunday, but was able to get (what I feel is) a sizeable amount completed
anyway.

We've gone from 15 to 4 outstanding Github patches.  Three of the four
outstanding issues have comments requesting additional fixes before
merging.  The remaining issue is Petter's Freedom-Maker-to-.deb patches
that I want to take a closer look at before merging.  I'm trying to
finish the lower hanging fruit first.

FreedomBuddy is still broken, but progress is being made.  The v0.5.2
release still works, but I'd like to figure out what's up with the
latest commits.  Those still haven't been pushed, but I probably should.

Next, there have been a few updates made to the TODO list, namely that
there's now an HTML export (that I have to manually update), but that
should be much more accessible than raw org-mode:

https://github.com/nickdaly/freedombox-todos

Finally, the github FreedomBox organization page has taken shape and
contains all the projects I currently recall.  If any others should be
on that list, please let me know.

Also, if you're in the Madison area tomorrow night, feel free to stop by
the monthly TA3M (see madhacktivism.eventbrite.com for more details).

Nick


pgpOlO3nJ_Y1q.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Rebasing FreedomBuddy?

[Nick Daly]

Hi everybody, I'm considering publicly rebasing FreedomBuddy because
of a commit that merged a branch before it should've been published [0,
1].

Are there any other (better) options than the (rather nuclear) public
rebase?  I'm also considering just creating another head and cherry
picking revisions onto that new head (or branch), but I'm not crazy
about having a non-master branch working as the master branch (it
offends my sense of naming conventions).  If I do that, I'm not sure how
to make the main branch the master branch again.  Any advice?

Nick

0: 20679fe39ff9c86a19b8ddc0b324da98f04f724b

1: 
https://github.com/NickDaly/FreedomBuddy/commit/20679fe39ff9c86a19b8ddc0b324da98f04f724b


pgp1Kavnf7FHe.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Are there regular developer meetings on IRC?

[Nick Daly]

Petter Reinholdtsen  writes:

> [Nick Daly]
>> Nope.  Good idea though.  What times work for you?  Sunday
>> afternoons are usually best for me.
>
> Most work days around 10:00 +0200 and almost all evenings after 20:00
> +0200 would work for me.  I notice you are on timezone -0500, which
> will make your and mine afternoons quite different.
>
>> 3. Make FM work on the Raspberry Pi.  This will take a month or so
>>after it hits #1.
>
> Actually, it is trivial if we decide to go the route I suggest - stop
> copying source/* to the chroot, and instead create a deb with the
> files and scripts needed to set up a Debian box as a freedombox.
> Please let me know if you agree with this design choice or not.  If
> you do not, it will be very hard to share patches between us. :(

If you can lead it, please go for it.  I'll pull working code.  I
haven't done much as far as learning packaging goes because the
functional code hacking I already know how to do provides much more
immediate returns.

> I already got a Raspberry Pi running as a Freedombox using Raspian and
> installing the freedombox-setup package (and building
> freedombox-privoxy for the architecture).
>
> My plan is to continue polishing the deb based Freedombox setup to a
> point where installing Debian Wheezy using a preseed file on a normal
> laptop, or installing the freedom-setup package in Raspian, give me a
> working privoxy and plinth installation.

Excellent.  You just made my day.

> Next step for me will then be to add a plinth option to enable a ical
> calendar service.

Nice.

> It would be great if the jwchat option also would work out of the box,
> but it is not very high on my priority list.  Just mentioning jwchat
> because it is already installed by default, and not working as far as
> I can tell.

Yes, that's what I've found as well.  It's there, it's not quite
working, but it's never bubbled up.

Nick


pgpUO5NDy2O4p.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] debconf is the only way...

[Nick Daly]

On Tue, Sep 3, 2013 at 12:41 PM, Jonas Smedegaard  wrote:
> Quoting Nick Daly (2013-09-03 16:24:38)
>> On Tue, Sep 3, 2013 at 4:57 AM, Jonas Smedegaard  wrote:
>> > Therefore I see debconf as the *only* possibility we have: Debian
>> > package maintainers *must* support the configurations that we need
>> > for FreedomBox, as there are noone else between them and the
>> > (non-technical!) user.
>>
>> Jonas, I wish you had made that clarification years ago.
>
> Well, "years ago" (august 2010) I wrote this:
> ...and (september 2010) this:
> ...and numerous posts posts to 24 threads in this mailinglist over the
> years, preaching debconf as then IMO only sane approach.

Yes, but due to limitations of my own imagination, I didn't quite
understand why you felt that way.  That's why I was thanking you for
the clarification, as I recognize you've been making the point all
along. :)

>> FWIW, I think you're right, which makes me a little bit sad, because
>> the FreedomBoxiness of a particular package then becomes yet another
>> unfunded mandate on upstream's or the packager's time (it starts to
>> sound like SPDX).  That's a hard bargain, socially...
>
> I am excited that you agree with me (but puzzled what makes you sad).

Sad only because it can be difficult to get buy in from packagers or
upstream, because we're requiring work from other owners who aren't
necessarily independently motivated to do that work.  I just hate
taking other folks' time instead of doing it myself.

> Yes, I wholeheartedly agree that we should play with configurations, to
> help decide what we then want to try convince Debian developers to
> implement debconf hooks for in their official Debian packages:
>
> http://lists.alioth.debian.org/pipermail/freedombox-discuss/2010-October/000164.html

The part I'm not completely sure about is when it's appropriate to
release a package with a completely custom configuration versus
requesting additional debconf hooks.  That's probably a very minor
detail, though.

IIUC, FM will lead the charge before changes are folded back into
Debian proper.  The only obvious sticking point is the upgrade path
from FM to real-Debian for those select guru users who choose that
path.  In effect, that might be a no-op as FM should eventually become
Debian proper.  Of course, that only matters after we get past the
upgrade-by-blowing-away-previous-FM-installs stage.

Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Plinth deb packages

[Nick Daly]

Please also see the TODO list that includes some of these points:
https://github.com/nickdaly/freedombox-todos

On Tue, Sep 3, 2013 at 7:03 AM, Tzafrir Cohen  wrote:
> On Tue, Sep 03, 2013 at 10:44:52AM +0200, Tzafrir Cohen wrote:
>
>> At the moment it is semi-working. I didn't really get past the
>> first_boot module. Not sure why I'm stuck there. But I ran out of time
>> to check it.
>
> And when I skip it by force, I get the following error on a login
> attempt (after submitting the login form):
>
> Traceback (most recent call last):
>   File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line
> 656, in respond
> response.body = self.handler()
>   File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line
> 188, in __call__
> self.body = self.oldhandler(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line
> 34, in __call__
> return self.callable(*self.args, **self.kwargs)
>   File "/usr/share/plinth/python/plinth/modules/auth_page.py", line 33,
> in login
> error_msg = check_credentials(username, passphrase)
>   File "/usr/share/plinth/python/plinth/modules/auth.py", line 30, in
> check_credentials
> u = cfg.users[username]
>   File "/usr/lib/python2.7/dist-packages/withsqlite/withsqlite.py", line
> 174, in __getitem__
> self.crsr.execute('select val from %s where key=?' % self.table,
> [key])
> ProgrammingError: SQLite objects created in a thread can only be used in
> that same thread.The object was created in thread id 139879518795520 and
> this is thread id 139879381292800
>
> It's also nice to see the URL:
>
> http://127.0.0.1:8000/auth/login?from_page=%2Frouter%2Fsetup&username=admin&passphrase=secret
>
> which means that the password is sent via GET and thus displayed to
> anybody viewing the screen or that has read access to plinth's
> access.log .
>
> --
> Tzafrir Cohen | tzaf...@jabber.org | VIM is
> http://tzafrir.org.il || a Mutt's
> tzaf...@cohens.org.il ||  best
> tzaf...@debian.org|| friend
>
> ___
> Freedombox-discuss mailing list
> Freedombox-discuss@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Kerberos and remctl instead of exmachina?

[Nick Daly]

On Tue, Sep 3, 2013 at 4:57 AM, Jonas Smedegaard  wrote:
> Quoting Tim Retout (2013-09-03 09:31:20)
>> The debian-edu project handles more complex configuration using
>> cfengine - if they found it necessary, I suspect this project will. (I
>> believe Petter might know more about this than me.)
>
> Goal of Debian Edu is minimizing system administration to 1 hour per
> week (or some such number).  FreedomBox must have *zero* administration.
>
> Therefore I see debconf as the *only* possibility we have: Debian
> package maintainers *must* support the configurations that we need for
> FreedomBox, as there are noone else between them and the
> (non-technical!) user.

Jonas, I wish you had made that clarification years ago.  FWIW, I
think you're right, which makes me a little bit sad, because the
FreedomBoxiness of a particular package then becomes yet another
unfunded mandate on upstream's or the packager's time (it starts to
sound like SPDX).  That's a hard bargain, socially.  Nonetheless, it
does seem to validate the approach of experimenting with the system to
see what configuration options are actually required.  This is why the
TODO list has all the packaging and configuration steps in the 2.0
release: so we can poke at the system before asking devs to implement
features or accept patches.

Nick

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] How can I get plinth listening on a public address?

[Nick Daly]

Petter Reinholdtsen  writes:

> [Keith Fernie]
>
>> https://github.com/Keith2/freedom-maker
>>
>> It's a new file source/home/fbx/plinth-startup.sh
>> Apache2 should already be installed and this adds a proxy for Apache
>> listening on all ip's port 8001 to 127.0.0.1 port 8000
>> Latest addition is the Order allow,deny and Allow from lines.
>> 
>> If you've already set up Plinth, you may have to omit the lines at the
>> end to set up and run Plinth.
>
> Right.  Based on your script, I added a setup.d/80_plinth script to my
> setup-using-deb branch to configure apache like that.  Will test it
> tomorrow.

Unless folks have other requests, I was just going to merge the
source/home/fbx/plinth-startup.sh file into a new
source/etc/apache/sites-available/plinth soon.

Also, Keith, if you open a separate branch, you can manage multiple
change tracks.

https://github.com/NickDaly/freedom-maker/pull/20/files

Nick


pgpMZ9g8ibE98.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] Are there regular developer meetings on IRC?

[Nick Daly]

Petter Reinholdtsen  writes:

> Hi.  I am aware of the project IRC channel #freedombox på
> irc.debian.org, but there seem to be little regular development
> discussion there.  Perhaps I am visiting at the wrong times, or just
> in the wrong time zone?  Are there regular IRC developer meetings in
> the Freedombox project?
>
>   

Nope.  Good idea though.  What times work for you?  Sunday afternoons
are usually best for me.  To do this asynchronously: right now, my
current task list is:

1. Merge outstanding patches against Freedom-Maker, FreedomBuddy, and
   Plinth.  I know of at least 4 or 5 patches, one or two of which are
   huge.

2. Fix FreedomBuddy: we changed the python-gnupg library we use recently
   (to one with fewer known trivially exploitable security holes) which
   introduced a few functional issues.  Ideally, you should be able to
   "make clean; make; (point data/production.cfg at your 40-digit key
   ID); start.sh 0; start.sh 5" to complete a key exchange with
   yourself.  Don't think it works right now.

   This isn't as high a priority as #1, but took up most of my free time
   today, because I like to have the published tree of each project
   ready-to-go and because FBuddy breakage really irks me.  This
   occurred because an outstanding pull request that was published into
   the main tree too soon.

3. Make FM work on the Raspberry Pi.  This will take a month or so after
   it hits #1.

4. The rest of the TODO items on the version 1 TODO list.

5. Reply to list emails (not doing this as much as I should, today).

In my free time, I'm trying to get Lantern working on the Raspberry Pi,
because they're a really cool project.  Now, though, I'm going to spend
the rest of my free time today on merging those pull requests.  I'll be
happy if I can finish one or two.

Nick


pgpS35Tq6fnX1.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] How can I get plinth listening on a public address?

[Nick Daly]

I'm looking to merge a patch this weekend (Saturday morning or Sunday
morning?) that should allow Plinth to be generally accessible.

HOWEVER: that patch creates its own set of problems: now Plinth (and
thus, your FBX's administrative tools) are now globally accessible and
must be actively defended (usually by passwords).  Until dkg's
Firefox/Apache/PGP patches land somewhere, FreedomBoxes are stuck with
self-signed SSL certs, which is probably insufficient for most cases
(good in small or test deployments, but not at scale).

TODOs:

1. We need to add SSL keygen to FM's source/etc/init.d/first-run
create-keys function to protect the Plinth login in transit.
2. We need to create new Plinth user passwords on first boot (or make).
3. We need to make sure Plinth authentication actually works:

A. Is everyone logged out by default?
B. Is the right password required to log in?

Nick

On Fri, Aug 30, 2013 at 4:09 PM, Petter Reinholdtsen  wrote:
>
> The default setup for plinth seem to be to only listen on the
> 127.0.0.1/localhost address.  How can I change it to listed to the hosts
> public address?
>
> I've tried modifying plinth.config, setting host to the hosts public
> address, but visiting the plinth URL just redirect me to localhost and I
> can't get it working.
>
> --
> Happy hacking
> Petter Reinholdtsen
>
> ___
> Freedombox-discuss mailing list
> Freedombox-discuss@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] freedomBox download and install for testing

[Nick Daly]

I don't know if it'll work with a Pentium 4.  It *should* be fine, but
there might be details that might prevent it from booting, I don't
recall.  You might also try running "make virtualbox-image" if you
like VMs.

On Wed, Aug 28, 2013 at 11:44 AM, Quiliro Ordóñez
 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> El 24/08/13 17:00, Petter Reinholdtsen escribió:
>> [Gilgamezh 2013-07-28]
>>> Hi all!
>>
>> Hi.  Guess you never got any reply to this.
>>
>>> I'm interested in this project and would like to test the current
>>> version.  I have only found this download page[1] but the torren
>>> link[2] is down.  How can i download and install Freedombox?
>>
>> I ended up fetching the freedom-maker git source from > https://github.com/NickDaly/freedom-maker.git > and running 'make
>> rootfs' to generate my own environment.  Perhaps that could be a good
>> starting point for you too?
>
> Will this work for a Pentium 4?
>
>
> - --
> Saludos libres,
>
> Quiliro Ordóñez
> Presidente (en co-gobierno con los socios)
> Asociación de Software Libre del Ecuador - ASLE
> 6008579
>
> Recuerda que todas tus comunicaciones están siendo vigiladas. Lo que
> puedes hacer para restar su eficacia es eliminar el software privativo
> de tus computadores, evitar el software como servicio, almacenar tus
> datos en tus propios equipos y encriptar todas tus comunicaciones.
>
> Toda la información contenida en este mensaje es libre de uso y
> distribución con o sin modificaciones y todo correo que reciba implica
> que el remitente acepta que tendrá las mismas libertades sin importar
> cualquier clausula de confidencialidad o restricción anterior o posterior.
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQIcBAEBAgAGBQJSHij+AAoJELMnJLlh/t+6F2kP/Rt5zzmjnuM60pU2XT6Qux0n
> tWTpiYZ/Yl2TMKTq2fI/MGSzC47MbX7zPAqWM7OsLg7HBm47AidYBQ7KXrHEEv64
> div8GBrkLnzNXv5viYP40B9o7mpitUNfoFaPoxwGKuxpIeNCd9EQCd9kvH+95Pb8
> YZlU5maj5jVrKNFc8eP+wLvhRFwAvsMDkxU7g5Jf45e+rc7V+/BHPrtF4UW92K/V
> AClKzEjT9mRmImZ9f719Luw7F/gzLV23eEztsm93VqBwEzqlJL1MudvqAXa68M4J
> rEEy78i2MbgdOGEsqDUb3dNVyLuRKhOkQZKwvBh4EOPRkp96j4UJvISzBlu8aJOO
> rTSQ5+E8PDQ32Hl9Sba97JLOLzLu1HTwODtdYmlntGaPm8+dROsT0hpCKXPZSTNH
> bomxMRP21xAwxFy3gN8n1I5X1chOaqcI4oeeyh8Oj/NxObGEOH4fEMwLLnl5A4aG
> NsabOtecaebAbAeeI8dSNjvfJWSbo4A6XVnd4QWpEAUD4vb/S17mhHaajuqEEa9U
> REBHJCZR8cZl/Yajz5MkQV+oDYx9ciw3yypMA7j+QAYIzQRHpQYTbB886xljliru
> 7c9UgOb04zEK+nWzwE2hyORPAylbL65C5EZFlZdsy9VCC4bWniWSt3/vh4Hhk75i
> f8+CiD+HM3/0Uip3KLlX
> =R8hm
> -END PGP SIGNATURE-
>
>
> ___
> Freedombox-discuss mailing list
> Freedombox-discuss@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

[Freedombox-discuss] Groklaw Ends :(

[Nick Daly]

I've been on vacation for the last week or so, so I haven't kept up with
emails, but I'll get back on it tomorrow and Monday.  Thought you might
like to see this, though:

http://www.groklaw.net/article.php?story=20130818120421175

Nick


pgpWlPmlKaEgD.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] DreamPlug advice before I buy it

[Nick Daly]

Hi Rachid, thanks for mailing!  Apologies for the late reply.

I want you to be aware of two things:

1. There are several "Dream Plugs" from GlobalScale.  Only the original
   DreamPlug has been tested.  We haven't tested the D2 Plug, so you
   probably want to buy the original DreamPlug (unless you're really
   adventurous!).

2. A DreamPlug is a fine little web server, but it takes a bit of
   technical work and know-how to turn it into a FreedomBox.  If you
   just want a web server then it's fine but, if you want to run a
   FreedomBox, you'll need some technical experience or a willingness to
   learn.  Folks on this list would be happy to help you, but we can't
   guarantee success.

Rachid Abdelli  writes:

> I'll order the DreamPlug from globalscale technologies
>  before I
> want to know If it is still valid ?

Yes, it's still valid.  However, if you're looking to save money, you
might also look into the Raspberry Pi, though no FreedomBox image exists
for it yet.

> Indeed, globalscale selling now new product or you have a new proposal !
> The last DreamPlug product from globalscale has following specifications :

Be careful, as GlobalScale has produced a DreamPlug and a D2 Plug (the
sequel to the DreamPlug).  We haven't built anything for the D2 Plug
yet, only the original DreamPlug.

> I'm located in France, near of Paris and globalscale has Europe model
> should I choose it ?

Yeah, that should work.  Mind your outlets, though, you might need to
buy an adapter to plug it in.

Nick


pgpjbyOdFx_rL.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Re: [Freedombox-discuss] [James Vasile] tinc rollout and fbox

[Nick Daly]

Nicolás Reynolds  writes:

> i know spanish can be a turnoff but we're working something similar at
> librevpn[0], including scripts to manage nodes, links and host files
> exchange.  i'm in the process of making it installable as a package,
> and we have an ipv6 subnet so you can reach nodes from internet :)

Nicolás, would you be willing to help create hooks between FreedomBuddy [2]
and librevpn?  I have no bandwidth for this in the next two weeks, but
I'd be happy to help explain how all that business goes together.

Basically, we need a small glue script that takes the server's location
From librevpn and calls freedombuddy/src/connectors/cli/controller.py
with service and location arguments tied to a user's PGP key.  This lets
you tie particular keys to specific services at pre-defined locations.
FreedomBuddy will then use whatever protocols you have defined to
exchange that data.

Nick

> [0]: http://librevpn.org.ar
> [1]: https://github.com/fauno/librevpn

2: github.com/nickdaly/freedombuddy


pgp00iy1EFjT4.pgp
Description: PGP signature
___
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss