[Freedombox-discuss] http://politics.slashdot.org/story/11/07/18/0153204/Security-Consultants-Wa rn-About-PROTECT-IP-Act
Bjarni Rúnar Einarsson
bre at pagekite.net
Sun Jul 24 06:50:54 UTC 2011
On Sat, Jul 23, 2011 at 11:54 PM, Wookey <wookey at wookware.org> wrote:
> > * How do users sign up?
> > * Where is the user database stored?
> > * What is the policy regarding usage/traffic/billing/... ?
> >
> I must admit I don't understand why that last is relevant.
>
It probably isn't if you are just providing service to friends and family.
:-)
If you are providing service to strangers that sort of thing tends to become
important. If the FreedomBox plans to support millions of non-technical
users, we may be talking about the latter, not just the former. When I
started implementing dynamic DNS I hadn't given accounting much thought at
all, but as I did my research it became apparent that as with any other free
service, dynamic DNS can be abused and you want to isolate your well behaved
users from the bad apples...
> and although they
> > are non-standard, it's a lot easier to tell a developer to just fetch
> https://
> > username:password at dyndnasprovider/update.cgi?ip=1.2.3.4 (or the
> equivalent)
> > than it is to get them to craft authenticated DNS update packets.
>
> Yes. It's very simple on the client end but it makes config on the
> server end fiddly.
>
It is actually relatively easy to drop a single CGI script or add a
specialized virtual host or module to the Apache configs these days, things
are greatly improved since people started moving to configuration
directories instead of configuration files.
> > I have already open sourced most of
> > my back-end code, the only thing I haven't released is the web-based
> updater,
> > but I would be perfectly willing to do so if someone wants to try and
> clean it
> > up for reuse and packaging.
>
OK. That's interesting, and useful as, if packaged, it fills the hole
> in question: Server side of DDNS updates. But I worry that it's tricky
> to package anything that needs to fiddle with apache/other web-server
> config because web-server configs are so variable.
>
You mention scp - how about remote commands over ssh? If you assume updates
using the shell, from trusted users who won't go modifying each other's DNS
records, then you can probably use my tools unchanged:
https://pagekite.net/wiki/Floss/PyPdnsRedis/
That's the Python glue layer. It does three things:
1. Allows PowerDNS to look up DNS records in a redis database (as a
pipe-backend).
2. Provides a CLI for updating/editing the records.
3. Provides a Python API for performing such updates from code.
If you don't want to use the shell and don't want to trust all the users to
play nice, then creating a CGI wrapper using 3. is trivial.
--
Bjarni R. Einarsson
Founder, lead developer of PageKite.
Make localhost servers visible to the world: http://pagekite.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110724/1eac7d5f/attachment.html>
More information about the Freedombox-discuss
mailing list