Difference between revisions of "Desktop Roadmap"

From RCS Wiki
Jump to navigation Jump to search
m (Missing parenthesis added)
 
(6 intermediate revisions by 4 users not shown)
Line 4: Line 4:
  
 
="Urgently Needed"=
 
="Urgently Needed"=
* "Safe By Default" Randomly generated BMC Passphrase with password written down on a sheet of cardboard in the package.  
+
* <del>"Safe By Default" Randomly generated BMC Passphrase with password written down on a sheet of cardboard in the package. </del>
''Rationale:'' even some of our users have had trouble with this. The default insecure password with the BMC could result in an instant compromise of the machine and require full flashing of all persistent firmware components in the event the computer is accidentally plugged into the network and the power at the same time. This completely innocent mistake could be fatal and recovering from it difficult. The threat model of a randomly determined BMC Passphrase would be if the user accidentally plugs the computer into the untrusted internet against a passive adversary that will simply try the default passwords, similar to how the Mirai Botnet operated.  
+
* <del>''Rationale:'' even some of our users have had trouble with this. The default insecure password with the BMC could result in an instant compromise of the machine and require full flashing of all persistent firmware components in the event the computer is accidentally plugged into the network and the power at the same time. This completely innocent mistake could be fatal and recovering from it difficult. The threat model of a randomly determined BMC Passphrase would be if the user accidentally plugs the computer into the untrusted internet against a passive adversary that will simply try the default passwords, similar to how the Mirai Botnet operated.</del>
 +
** It appears that as of the Blackbird launch, each board gets an individual randomized BMC password! It's printed on a slip of paper in the box!
 
* "[[Talos II Beginner's Quick Start Guide]]" in Talos User's Manual
 
* "[[Talos II Beginner's Quick Start Guide]]" in Talos User's Manual
 
''Rationale:'' nontechnical users may have difficulty with the complicated procedure to remotely access and set the BMC password from a trustworthy system.
 
''Rationale:'' nontechnical users may have difficulty with the complicated procedure to remotely access and set the BMC password from a trustworthy system.
 
* "Hole Pattern Template"  
 
* "Hole Pattern Template"  
 
''Rationale:'' A reusable cardboard or a fold-out paper template in the manual for seeing which standoffs to install and not to install would be really helpful to avoid the "scraped resistor" problem that have plagued a couple builders.
 
''Rationale:'' A reusable cardboard or a fold-out paper template in the manual for seeing which standoffs to install and not to install would be really helpful to avoid the "scraped resistor" problem that have plagued a couple builders.
 +
* Firefox Just in Time compiler for Javascript
  
 
="Somewhat Needed"=
 
="Somewhat Needed"=
Line 20: Line 22:
 
* FreeCAD? (May or may not be upstreamed yet?)
 
* FreeCAD? (May or may not be upstreamed yet?)
 
* Maybe open up a discussion on the feasibility of allowing the changing of the default BMC password through the petitboot? Is this even possible?
 
* Maybe open up a discussion on the feasibility of allowing the changing of the default BMC password through the petitboot? Is this even possible?
 +
** It might be possible to do it over IPMI from Petitboot or other host OS.
  
 
=Done=
 
=Done=
Line 26: Line 29:
 
* AMDGPU Kernel DMA Patches (Possibly upstreamed?)
 
* AMDGPU Kernel DMA Patches (Possibly upstreamed?)
 
* Firefox Quantum running stably (Not upstreamed yet)
 
* Firefox Quantum running stably (Not upstreamed yet)
* Office Suite (LibreOffice, TeXStudio
+
* Office Suite (LibreOffice, TeXStudio)
 
* Libre Games (SuperTuxKart, Chromium BSU, Super Tux, Tux Racer, Blob Wars, Open Transit Tycoon, Open Roller Coaster Tycoon, etc)
 
* Libre Games (SuperTuxKart, Chromium BSU, Super Tux, Tux Racer, Blob Wars, Open Transit Tycoon, Open Roller Coaster Tycoon, etc)
 
* Unreal Tournament 4 Tested and working and demonstrated.  
 
* Unreal Tournament 4 Tested and working and demonstrated.  
 
* OBS (Needs to be upstreamed?)
 
* OBS (Needs to be upstreamed?)
 +
* Thunderbird Stable  (still hasn't made it to some distros yet, stay posted.)
 +
 +
=See also=
 +
* [[Errata and Improvements]]

Latest revision as of 10:44, 30 March 2020

This page is currently a very hasty list of the roadmap needed to make the Talos an "everyday common user's" machine.

For convenience, unfinished tasks have been grouped into three categories: "Urgently Needed", "Somewhat Needed", and "Would Be Nice" in descending order of importance.

"Urgently Needed"

  • "Safe By Default" Randomly generated BMC Passphrase with password written down on a sheet of cardboard in the package.
  • Rationale: even some of our users have had trouble with this. The default insecure password with the BMC could result in an instant compromise of the machine and require full flashing of all persistent firmware components in the event the computer is accidentally plugged into the network and the power at the same time. This completely innocent mistake could be fatal and recovering from it difficult. The threat model of a randomly determined BMC Passphrase would be if the user accidentally plugs the computer into the untrusted internet against a passive adversary that will simply try the default passwords, similar to how the Mirai Botnet operated.
    • It appears that as of the Blackbird launch, each board gets an individual randomized BMC password! It's printed on a slip of paper in the box!
  • "Talos II Beginner's Quick Start Guide" in Talos User's Manual

Rationale: nontechnical users may have difficulty with the complicated procedure to remotely access and set the BMC password from a trustworthy system.

  • "Hole Pattern Template"

Rationale: A reusable cardboard or a fold-out paper template in the manual for seeing which standoffs to install and not to install would be really helpful to avoid the "scraped resistor" problem that have plagued a couple builders.

  • Firefox Just in Time compiler for Javascript

"Somewhat Needed"

  • Tor Browser Bundle with safe configuration defaults

Would Be Nice

  • "Easy Build" Script for building Unreal Tournament 4 for nontechnical users?
  • Android Builder for building smartphone OSes?
  • Cryptsetup (dm-crypt) and verity in Petitboot for firmware-based full disk encryption?
  • FreeCAD? (May or may not be upstreamed yet?)
  • Maybe open up a discussion on the feasibility of allowing the changing of the default BMC password through the petitboot? Is this even possible?
    • It might be possible to do it over IPMI from Petitboot or other host OS.

Done

  • Chromium With Just In Time JavaScript
  • Electron with Just In Time JavaScript
  • AMDGPU Kernel DMA Patches (Possibly upstreamed?)
  • Firefox Quantum running stably (Not upstreamed yet)
  • Office Suite (LibreOffice, TeXStudio)
  • Libre Games (SuperTuxKart, Chromium BSU, Super Tux, Tux Racer, Blob Wars, Open Transit Tycoon, Open Roller Coaster Tycoon, etc)
  • Unreal Tournament 4 Tested and working and demonstrated.
  • OBS (Needs to be upstreamed?)
  • Thunderbird Stable (still hasn't made it to some distros yet, stay posted.)

See also