From owner-freebsd-hackers@FreeBSD.ORG Sat Nov 6 07:38:14 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36A12106564A; Sat, 6 Nov 2010 07:38:14 +0000 (UTC) (envelope-from yanegomi@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id CC6278FC0A; Sat, 6 Nov 2010 07:38:13 +0000 (UTC) Received: by iwn39 with SMTP id 39so3757044iwn.13 for ; Sat, 06 Nov 2010 00:38:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=IqnISn3fXgj6nzAGDSUiIUzRcZYGZ0U7YJmOmIeji+U=; b=qGkiFoJRBiZlWRxgKSKNWdVMAjW2zlAWoe54yQjjrvFzWmv3AFHx67KXkVGxbscbMH s2+ChUC5UDztOt9CVutLV1nfH3eJ8Ptq7NSdFP6bidTo1k/xGaIFd9s33r0l7RhqGFHQ jwelsd/7JI1p/TK9jBvf/t7pIFfWMOdhoDWLM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=B5AmhrktWoUfDcjZja2Stw2EWPp1VHamdq8o0+/bVVHzHPi24G7g2UijGaTwVyNnZR HVfi1IVL/dbzI5E8DeEDapFLc21hAgXN5HoZca/PrZQndI8iB4LFTxecX7XxWz5T9Kzi 8AK3co7drwNbCqYUrrn74fcTozuUEgyvaVAWA= Received: by 10.231.157.9 with SMTP id z9mr2483120ibw.48.1289029093366; Sat, 06 Nov 2010 00:38:13 -0700 (PDT) Received: from littlepig.local (c-67-161-8-62.hsd1.ca.comcast.net [67.161.8.62]) by mx.google.com with ESMTPS id d21sm2480645ibg.9.2010.11.06.00.38.11 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 06 Nov 2010 00:38:12 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Garrett Cooper In-Reply-To: <4CD4FA7E.4030602@bsdimp.com> Date: Sat, 6 Nov 2010 00:38:09 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201011052316.27839.jpaetzel@freebsd.org> <20101105.230617.74669306.imp@bsdimp.com> <4CD4FA7E.4030602@bsdimp.com> To: Warner Losh X-Mailer: Apple Mail (2.1081) Cc: jpaetzel@FreeBSD.org, freebsd-hackers@FreeBSD.org, Garrett Cooper Subject: Re: txt-sysinstall scrapped X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Nov 2010 07:38:14 -0000 On Nov 5, 2010, at 11:49 PM, Warner Losh wrote: > On 11/06/2010 00:04, Garrett Cooper wrote: >> On Fri, Nov 5, 2010 at 10:06 PM, Warner Losh wrote: >>>> Just to add to that (because I do find it a novel idea), 1) how >>>> are you going to properly prevent man in the middle attacks (SSL, = TLS, >>>> etc?), and 2) what webserver would you use? >>> https or ssh. >>>=20 >>> We're also toying with the idea of having a partition that you could >>> 'dd' your certs and keys to (so any system can customize the image >>> with keys to make sure you were talking to who you think you are). >>> We'd just reserve 1MB of space on partition s3. We'd then check to >>> see if there was a tar ball. If so, we'd extract it and do the >>> intelligent thing with the keys we find there. >> Wouldn't it be better just to go with a read-write media solution >> (USB) like Matt Dillon was suggesting at today then? > That's exactly what I'm doing, i think. I didn't hear matt's = suggestion at all, so I have no idea what you are talking about. Summary: DVD load times are ridiculous; just go straight for a fat (4GB = uncompressed, 1.7GB compressed) USB image. I think it's a bit big, but = with all of the binary packages in ports, it might be around that size. > my idea was that you could do this with an image you'd DD to a usb = stick. For the cdrom, you'd need to do more complicated things, which I = hadn't though about earlier... While I thought of this for vm creation = mostly, I can see cdrom booting might be desirable too... Yeah... I boot from CD by default and so do a number of other users of = course (despite the fact that it's an archaic 1980s technology :)...). >> Then again, >> determining the root device to date is still a bit kludgy isn't it? >>=20 > Not anymore. ufs labels and glabel make it almost bulletproof. Good point -- forgot about that. Which reminds me that I need to test = some geom things related to this. >>>> I bring up the former item because I wouldn't want my data = going >>>> unencrypted across any wire, and what BSD compatible web servers = did >>>> you guys have in store and who would maintain the server, and what >>>> kinds of vulnerabilities would you be introducing by adding a = service >>>> which would be enabled by default at runtime? >>> The web server would just be there at installation time. You'd run = it >>> out of the ram disk and it would evaporate when the system reboots >>> after it being installed. >> Sure. >>=20 >>> Also, I'm not sure we even need to have to have a set of prompts. = If >>> we do the web page right, we likely can just go directly to lynx... >> Well... I like the curl idea a lot more for this approach (esp = because >> it supports more protocols than just http and ftp, whereas lynx is >> constrained to ftp and http for the most part), but having both >> solutions is more heavyweight for the task than it probably should = be. > I must be explaining badly. lynx isn't for downloading anything from = the web, but connecting to the web-server that's running on your box to = configure the box before the install happens. You don't need https for = that, and while I suppose we could offer the uber-geek ftp install via = command line extensions to ftpd, I hadn't planned on that :) Well... what do you mean by "before the install happens"? What kind of = information would one specify in that state to get the machine from an = effectively halted state to a singing and dancing I'm installing FreeBSD = state? > I have no idea what the curl idea is. Maybe you could explain to me = what you are suggesting here. Summary: push and pull data to and from the backend via curl. There = wasn't much else to it other than that... Thanks, -Garrett=