From owner-freebsd-hackers@FreeBSD.ORG Sat Nov 6 06:05:49 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0373F106564A; Sat, 6 Nov 2010 06:05:49 +0000 (UTC) (envelope-from yanegomi@gmail.com) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 99EC78FC1C; Sat, 6 Nov 2010 06:05:48 +0000 (UTC) Received: by gya6 with SMTP id 6so2685928gya.13 for ; Fri, 05 Nov 2010 23:05:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=7O0PVSyT594563oKYEKWWdie7ZB4QmiAHB1WKWJXWXc=; b=EGdjbo7kCDMRaipQd/J66Xuoq2YMvLJJeNew3OfmRETGjwcdUBOKB9Wqljl5cezK0Y czilwxX6D87NN2ZuICCkSkxXoHwLbY1prVNymAu91Gf2AA8Y2LnU34UHMEpBBuqhXbNR RUgO37tyyyrctxQ3TvzT7HdYUBR8eWZl+FJrM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=hKQxF1UJpd1OwjDN5xkCfLAn/ck/1Na1HlprGp5y6V2WT4tsuZSS8r3VPr7e5yJ12o 14lLYu9+iab6u7WdMy7seeheVO0We9P975pkeYFIRs9P0cMAmUkShEfKnihn5giDS2cZ mFumnlk5KS2o2H8GxZ212T6SkFDA0VZLvxm7E= MIME-Version: 1.0 Received: by 10.91.16.27 with SMTP id t27mr2369418agi.126.1289023547659; Fri, 05 Nov 2010 23:05:47 -0700 (PDT) Sender: yanegomi@gmail.com Received: by 10.90.70.19 with HTTP; Fri, 5 Nov 2010 23:05:47 -0700 (PDT) In-Reply-To: References: <201011052316.27839.jpaetzel@freebsd.org> <20101105.230617.74669306.imp@bsdimp.com> Date: Fri, 5 Nov 2010 23:05:47 -0700 X-Google-Sender-Auth: AEIsEpk9AieZrZX1ANipTyfqg_8 Message-ID: From: Garrett Cooper To: Warner Losh Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: jpaetzel@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: txt-sysinstall scrapped X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Nov 2010 06:05:49 -0000 On Fri, Nov 5, 2010 at 11:04 PM, Garrett Cooper wrote= : > On Fri, Nov 5, 2010 at 10:06 PM, Warner Losh wrote: >>> =A0 =A0 Just to add to that (because I do find it a novel idea), 1) how >>> are you going to properly prevent man in the middle attacks (SSL, TLS, >>> etc?), and 2) what webserver would you use? >> >> https or ssh. >> >> We're also toying with the idea of having a partition that you could >> 'dd' your certs and keys to (so any system can customize the image >> with keys to make sure you were talking to who you think you are). >> We'd just reserve 1MB of space on partition s3. =A0We'd then check to >> see if there was a tar ball. =A0If so, we'd extract it and do the >> intelligent thing with the keys we find there. > > Wouldn't it be better just to go with a read-write media solution > (USB) like Matt Dillon was suggesting at today then? Then again, > determining the root device to date is still a bit kludgy isn't it? > >>> =A0 =A0 I bring up the former item because I wouldn't want my data goin= g >>> unencrypted across any wire, and what BSD compatible web servers did >>> you guys have in store and who would maintain the server, and what >>> kinds of vulnerabilities would you be introducing by adding a service >>> which would be enabled by default at runtime? >> >> The web server would just be there at installation time. =A0You'd run it >> out of the ram disk and it would evaporate when the system reboots >> after it being installed. > > Sure. > >> Also, I'm not sure we even need to have to have a set of prompts. =A0If >> we do the web page right, we likely can just go directly to lynx... > > Well... I like the curl idea a lot more for this approach (esp because > it supports more protocols than just http and ftp, whereas lynx is > constrained to ftp and http for the most part), but having both > solutions is more heavyweight for the task than it probably should be. One other thing to add. If prompts aren't necessary, the process should be completely scripted, so I personally would probably just take the webserver, et all out of the equation. Just seems like unnecessary and problematic overhead requirements... Thanks! -Garrett