> "First, even if you can create a plug and play home server box, it will still need some configuration to make it available from the internet"
Will it? The device I had in mind would plug directly into a router, occupying two LAN ports for connectivity, and one USB port for power (USB ports are increasingly common on routers these days, even the free ones ISPs give out). In addition, IPv6 removes the need for NAT and port forwarding. The device could even come with a default DNS name setup, so it could be literally plug and play.
> "Secondly, it is not clear if there is an acceptable solution to security issues."
You build the security into the device, e.g. firewalls and process isolation. You could also design the device so that flashing new firmware required a physical button on the device to be pressed to enable this feature for a short period of time, limiting the window of opportunity for the device to be infected with malware.
> "Auto updates could be part of the answer, but it seems that human intervention would still be needed from time to time and that imply an effort of the user to keep informed and aware of such operations."
Information about security updates could be done via email or SMS, which are both easy enough for mass market users. You would enter these details at the point of purchasing the device, so you'd have nothing extra to setup once you had it. If you had to update your contact details, this would be easy enough to set via the home server GUI.
Will it? The device I had in mind would plug directly into a router, occupying two LAN ports for connectivity, and one USB port for power (USB ports are increasingly common on routers these days, even the free ones ISPs give out). In addition, IPv6 removes the need for NAT and port forwarding. The device could even come with a default DNS name setup, so it could be literally plug and play.
> "Secondly, it is not clear if there is an acceptable solution to security issues."
You build the security into the device, e.g. firewalls and process isolation. You could also design the device so that flashing new firmware required a physical button on the device to be pressed to enable this feature for a short period of time, limiting the window of opportunity for the device to be infected with malware.
> "Auto updates could be part of the answer, but it seems that human intervention would still be needed from time to time and that imply an effort of the user to keep informed and aware of such operations."
Information about security updates could be done via email or SMS, which are both easy enough for mass market users. You would enter these details at the point of purchasing the device, so you'd have nothing extra to setup once you had it. If you had to update your contact details, this would be easy enough to set via the home server GUI.