[Freedombox-discuss] my summary of yesterday's Hackfest

Mon Feb 28 14:55:10 UTC 2011

This summary is probably biased towards my own point of view. Please correct
and append.

General
======

Multiple were experimenting installing debian on plugservers. I tried to get
the VirtualBox image working, but had some trouble with the networking.

We talked about how to extract package dependency structures from running
systems (
http://lists.alioth.debian.org/pipermail/freedombox-discuss/2010-October/000164.htmland
Jonas's new boxer tool)

1: Social
=======

Several people mentioned how message sending can be done with social tools
other than email, for instance xmpp or something like twitter's DMs. more
about this under point 6 (email). Just remember we're right now trying to
shortlist existing debian packages.

I studied the facebook api a bit more to see if we can scrape it. For now,
my conclusion is that, since you need to register each app to get an api
key, I think this is not so appropriate to do separately on each freedombox.
I am planning to create an unhosted web app as a generic social client
though - if we get something working on this front i'll let you know.

2: Backup
=======
I someone saw something about this, but iirc that was on the mailing list
and not at the hackfest.

3: Network Neutrality
===============
Again, interesting discussions about this more on the mailing list than at
the hackfest. Just remember we're right now trying to shortlist existing
debian packages.

4: Anonymous publishing
==================
I looked into the "main four" again (tor, i2p, freenet, gnunet) and came to
the same conclusion as last week, that Tor seems to be a lot more light
weight and also more mature than the other 3, and thus looks like the best
option. It is an existing debian package.

5: Firewalling
==========

We again got stuck at the issue that this one is a bit vague. If you use NAT
on your router, it's already quite safe from attacks, and other virus
scanning and such can be done on the windows computer.

6: Email
======

Goal #6 of http://freedomboxfoundation.org/goals/ reads:
Encrypted email, with seamless encryption and decryption;

We have been discussing three options (both at the hackfest, and also this
week on the mailing list):

- running a mailserver on the freedombox. this has several problems:
  - you need to find a way to point a domainname to it, and let it receive
traffic on port 25.
  - you need to do the spam filtering on the plugserver, which is hard
performance-wise
  - a mailserver generally needs some sysadmin love from time to time - it's
not something you can easily leave running unattended
- running a mail client on the freedombox.
  - you still need a mailserver somewhere. that's solvable, but as was
mentioned on the mailing list, this creates a handy central kill switch for
governments.
  - you need to make the pgp invisible, and automatically discover the
public key of a recipient, if she (or her freedombox) advertises one. that's
doable, especially where we are the designer of both the sending and the
receiving device.
  - this isn't as decentralized as the other two options, and worse, as we
said, it generates a centralized kill switch.
- discourage the use of smtp, and promote something superior instead, like
xmpp
  - xmpp is better than smtp in the same way "Internet Mail 2000" is: it
puts the burden with the sender, thus discouraging spam.
  - downside is, this means you would have to send your communications
through several different channels. people will still be using standard
email, without using freedombox, and will not be encouraged to use pgp
there.

addendum: after also reading the two recent threads about email on the
mailing list, i think we should maybe discourage the use of email, yet still
offer a pgp-enabled email client, and maybe an easy way to register your own
domain name (from a choice of TLDs) and rent an in-the-cloud mailserver for
it. however, the question is, if we want to promote something that is better
than email, do we still want to promote pgp as an intermediate solution?

7: Voice
======
Someone found plugpdx.org, a project to put Asterisk onto a plug server. It
looks interesting, i'll contact the author to make sure he know about
freedombox.

Other than that, it was discussed that Asterisk has currently no consensus
on how to proceed with adding the necessary configuration options to
debconf, so that would sort of block the route for plugpbx's configuration
going into a debian package.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110228/c2677e9a/attachment.htm>