Difference between revisions of "Desktop Roadmap"

From RCS Wiki
Jump to navigation Jump to search
(Firefox JIT is not even started)
(making a note regarding BMC password change)
(2 intermediate revisions by the same user not shown)
Line 4: Line 4:
  
 
="Urgently Needed"=
 
="Urgently Needed"=
* "Safe By Default" Randomly generated BMC Passphrase with password written down on a sheet of cardboard in the package.  
+
* <del>"Safe By Default" Randomly generated BMC Passphrase with password written down on a sheet of cardboard in the package. </del>
''Rationale:'' even some of our users have had trouble with this. The default insecure password with the BMC could result in an instant compromise of the machine and require full flashing of all persistent firmware components in the event the computer is accidentally plugged into the network and the power at the same time. This completely innocent mistake could be fatal and recovering from it difficult. The threat model of a randomly determined BMC Passphrase would be if the user accidentally plugs the computer into the untrusted internet against a passive adversary that will simply try the default passwords, similar to how the Mirai Botnet operated.  
+
* <del>''Rationale:'' even some of our users have had trouble with this. The default insecure password with the BMC could result in an instant compromise of the machine and require full flashing of all persistent firmware components in the event the computer is accidentally plugged into the network and the power at the same time. This completely innocent mistake could be fatal and recovering from it difficult. The threat model of a randomly determined BMC Passphrase would be if the user accidentally plugs the computer into the untrusted internet against a passive adversary that will simply try the default passwords, similar to how the Mirai Botnet operated.</del>
 +
** It appears that as of the Blackbird launch, each board gets an individual randomized BMC password! It's printed on a slip of paper in the box!
 
* "[[Talos II Beginner's Quick Start Guide]]" in Talos User's Manual
 
* "[[Talos II Beginner's Quick Start Guide]]" in Talos User's Manual
 
''Rationale:'' nontechnical users may have difficulty with the complicated procedure to remotely access and set the BMC password from a trustworthy system.
 
''Rationale:'' nontechnical users may have difficulty with the complicated procedure to remotely access and set the BMC password from a trustworthy system.
Line 21: Line 22:
 
* FreeCAD? (May or may not be upstreamed yet?)
 
* FreeCAD? (May or may not be upstreamed yet?)
 
* Maybe open up a discussion on the feasibility of allowing the changing of the default BMC password through the petitboot? Is this even possible?
 
* Maybe open up a discussion on the feasibility of allowing the changing of the default BMC password through the petitboot? Is this even possible?
 +
** It might be possible to do it over IPMI from Petitboot or other host OS.
  
 
=Done=
 
=Done=

Revision as of 00:23, 2 June 2019

This page is currently a very hasty list of the roadmap needed to make the Talos an "everyday common user's" machine.

For convenience, unfinished tasks have been grouped into three categories: "Urgently Needed", "Somewhat Needed", and "Would Be Nice" in descending order of importance.

"Urgently Needed"

  • "Safe By Default" Randomly generated BMC Passphrase with password written down on a sheet of cardboard in the package.
  • Rationale: even some of our users have had trouble with this. The default insecure password with the BMC could result in an instant compromise of the machine and require full flashing of all persistent firmware components in the event the computer is accidentally plugged into the network and the power at the same time. This completely innocent mistake could be fatal and recovering from it difficult. The threat model of a randomly determined BMC Passphrase would be if the user accidentally plugs the computer into the untrusted internet against a passive adversary that will simply try the default passwords, similar to how the Mirai Botnet operated.
    • It appears that as of the Blackbird launch, each board gets an individual randomized BMC password! It's printed on a slip of paper in the box!
  • "Talos II Beginner's Quick Start Guide" in Talos User's Manual

Rationale: nontechnical users may have difficulty with the complicated procedure to remotely access and set the BMC password from a trustworthy system.

  • "Hole Pattern Template"

Rationale: A reusable cardboard or a fold-out paper template in the manual for seeing which standoffs to install and not to install would be really helpful to avoid the "scraped resistor" problem that have plagued a couple builders.

  • Firefox Just in Time compiler for Javascript

"Somewhat Needed"

  • Tor Browser Bundle with safe configuration defaults

Would Be Nice

  • "Easy Build" Script for building Unreal Tournament 4 for nontechnical users?
  • Android Builder for building smartphone OSes?
  • Cryptsetup (dm-crypt) and verity in Petitboot for firmware-based full disk encryption?
  • FreeCAD? (May or may not be upstreamed yet?)
  • Maybe open up a discussion on the feasibility of allowing the changing of the default BMC password through the petitboot? Is this even possible?
    • It might be possible to do it over IPMI from Petitboot or other host OS.

Done

  • Chromium With Just In Time JavaScript
  • Electron with Just In Time JavaScript
  • AMDGPU Kernel DMA Patches (Possibly upstreamed?)
  • Firefox Quantum running stably (Not upstreamed yet)
  • Office Suite (LibreOffice, TeXStudio
  • Libre Games (SuperTuxKart, Chromium BSU, Super Tux, Tux Racer, Blob Wars, Open Transit Tycoon, Open Roller Coaster Tycoon, etc)
  • Unreal Tournament 4 Tested and working and demonstrated.
  • OBS (Needs to be upstreamed?)
  • Thunderbird Stable (still hasn't made it to some distros yet, stay posted.)