Progress call: 17:00 UTC
- Libre Crafts launch (sunil)
- Intel model no longer available from supplier due to increased prices.
- AMD model is more expensive, more powerful, 15 watt TDP.
- Only posted to discussion forum so far. Will post to mailing list and social media.
- Issues with shipping outside US, apps' support for RAID disk.
- 10 seconds to install OS to NVMe disk.
- RAM and SSD prices are going up.
- Doing first boot to check that hardware is working.
- Less than 5 seconds to boot, 5 seconds for first setup.
- Reduce number of shipping options.
- Syncthing/Transmission issue caused by snac2 package
- Mentioned on the forum
- Web interface was not loading
- If they remove snac package, it works
- Related to Apache configuration. Line for proxypreservehost applies globally instead of for just snac2.
- Host header is IP address or domain name.
- When turned off, Host header is localhost.
- These apps do not know about the domain name.
- Fix is ready and will ship soon.
- Also fix in Trixie for the upcoming point release.
- DNS Rebinding attack
Attacker sets up foo.com with JavaScript request, and changes DNS IP address to system being attacked.
- Browser shows foo.com but request goes to another domain.
- Sensitive information like cookies stored for wrong domain.
- Stop requests from unapproved domain names at Apache level.
- Privileged daemon change regression with uploaded files.
- Web interface and privileged daemon have different instances of /tmp.
Turn off PrivateTmp feature.
In development mode, FreedomBox runs without systemd sandboxing.
- We should change development mode to be run by systemd instead of directly.