From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp201.iad.emailsrvr.com (smtp201.iad.emailsrvr.com [207.97.245.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id CFC2D202224 for ; Wed, 13 Jun 2012 12:49:39 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp50.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id ECA75370778; Wed, 13 Jun 2012 15:49:20 -0400 (EDT) X-Virus-Scanned: OK Received: from legacy19.wa-web.iad1a (legacy19.wa-web.iad1a.rsapps.net [192.168.2.205]) by smtp50.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id BE9EF370317; Wed, 13 Jun 2012 15:49:20 -0400 (EDT) Received: from reed.com (localhost.localdomain [127.0.0.1]) by legacy19.wa-web.iad1a (Postfix) with ESMTP id A8CFC2D5806B; Wed, 13 Jun 2012 15:49:20 -0400 (EDT) Received: by apps.rackspace.com (Authenticated sender: dpreed@reed.com, from: dpreed@reed.com) with HTTP; Wed, 13 Jun 2012 15:49:20 -0400 (EDT) Date: Wed, 13 Jun 2012 15:49:20 -0400 (EDT) From: dpreed@reed.com To: "Dave Taht" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_20120613154920000000_50974" Importance: Normal X-Priority: 3 (Normal) X-Type: html In-Reply-To: References: <4FD7E443.7000304@gmail.com> <4FD7EFC2.4010609@freedesktop.org> <1339554171.637719702@apps.rackspace.com> <4FD7FAEA.80500@freedesktop.org> Message-ID: <1339616960.68548755@apps.rackspace.com> X-Mailer: webmail7.0 Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] making cerowrt chattier X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2012 19:49:45 -0000 ------=_20120613154920000000_50974 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =0ACan we clarify what this is to be used for? I assume it will be defaulte= d off. Not sure I want my router to send messages to people I don't know, = or be reachable by people I don't know.=0A =0AAnyway, just a personal react= ion.=0A =0A-----Original Message-----=0AFrom: "Dave Taht" =0ASent: Tuesday, June 12, 2012 11:09pm=0ATo: "Jim Gettys" =0ACc: dpreed@reed.com, cerowrt-devel@lists.bufferbloat.net=0ASubje= ct: Re: [Cerowrt-devel] making cerowrt chattier=0A=0A=0A=0AOn Tue, Jun 12, = 2012 at 10:28 PM, Jim Gettys wrote:=0A> On 06/12/2012 = 10:22 PM, dpreed@reed.com wrote:=0A>>=0A>> I have an awkward worry that the= functionality here is expanding to=0A>> fill all possible space on the mac= hine, so it is less a router than a=0A>> complete "home appliance".=0A=0AI = guess I'm way ahead of you guys, and should have just deployed the=0Athing = and awaited feedback. The jabber server I have working runs out=0Aof xinetd= (so no memory use when not used), and eats less than 100k of=0Aram per inv= ocation. For more details on in.jabberd and related tools=0Asee:=0A=0Ahttp:= //inetdxtra.sourceforge.net/=0A=0AThere is of course an old aphorism that a= ll programs expand until they=0Acan send mail (which ssmtp can do, btw). Wh= ile I miss the days where=0Aemail was the one constant in the universe, lac= king secure=0Aauthentication and verification as well as direct p2p access = in the=0Acurrent standards is a real problem that has too many overlapping= =0Ameans to solve at the present time.=0A=0AI miss email direct to my machi= ne. And netnews for that matter.=0A(cerowrt has leafnode as an optional pac= kage btw), but I wasn't=0Aplanning to solve that problem this year.=0A=0A>>= =0A>>=0A>>=0A>> On a machine that has almost no internal isolation capabili= ties,=0A>> lurking potential alignment bugs whenever the kernel is updated = by the=0A>> x86 maintainers, vulnerable to the first compromised service, i= t may=0A>> be a bit risky to load on to the system every app except the kit= chen sink.=0A=0AI am concerned about most embedded appliances (not just rou= ters)=0Arunning nearly every service as root. While cerowrt takes more step= s=0Athan most to remedy this (named is in a jail, the web server doesn't=0A= run as root, etc), more work is needed on the configuration web server=0Aam= ong other subsystems. I wish certs weren't such a PITA, for example.=0A=0A>= >=0A>>=0A>>=0A>> My personal bias would be to make a darn good router, and = leave the=0A>> other stuff entirely out of the picture.=0A=0AMy personal bi= as is toward making a darn good router that *stays one*=0Aand better, impro= ves over time, and that is one motivation towards=0Amaking it chattier in s= ome form. Other ideas include adopting a=0Ahip-like protocol to allow remot= e access to a user selected=0Aindependent provider of security services.=0A= =0AIn the time we've been working on cerowrt (well over a year now) there= =0Ahave been over 8 major CVEs to deal with that I can think of off the=0At= op of my head. Some means of pushing out security updates in=0Aparticular, = in a sane manner, is needed, and a little user=0Aintervention required now = and then.=0A=0A>=0A> I mostly agree with you, particularly when it comes to= running a chat=0A> server.=0A>=0A> But we've identified a number of situat= ions where having the router be=0A> able to inform you of goings ons/events= is needed. One other low tech=0A> solution is sending email, but you also = have a configuration problem=0A> then (as you will for a chat service too, = of course, unless you run via=0A> multicast, and I doubt if anything but a = Linux system will receive those=0A> without fuss).=0A>=0A> That's why I sen= t a pointer to telepathy; it allows you to send messages=0A> to a bunch of = different back ends, and stays out of the server=0A> business. And it's be= ing used on embedded systems (though I don't know=0A> if they go as small a= s what a typical home router is today).=0A> - Jim=0A=0AI= will look over telepathy. IRC, as the other major chat standard, would=0Ab= e nice to support. As well as bonjour.=0A=0A=0A-- =0ADave T=C3=A4ht=0ASKYPE= : davetaht=0Ahttp://ronsravings.blogspot.com/ ------=_20120613154920000000_50974 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Can we cla= rify what this is to be used for? I assume it will be defaulted off.  = Not sure I want my router to send messages to people I don't know, or be re= achable by people I don't know.

=0A

&nbs= p;

=0A

Anyway, just a personal reaction.=

=0A

 

=0A

-----Original Message-----
From: "Dave Taht" <dave.taht@= gmail.com>
Sent: Tuesday, June 12, 2012 11:09pm
To: "Jim Getty= s" <jg@freedesktop.org>
Cc: dpreed@reed.com, cerowrt-devel@lists= .bufferbloat.net
Subject: Re: [Cerowrt-devel] making cerowrt chattier<= br />

=0A
=0A

On Tue, Jun 12, 2012 at 10:28 PM, Jim Gettys <jg@freedesktop= .org> wrote:
> On 06/12/2012 10:22 PM, dpreed@reed.com wrote:>>
>> I have an awkward worry that the functionality he= re is expanding to
>> fill all possible space on the machine, so= it is less a router than a
>> complete "home appliance".
<= br />I guess I'm way ahead of you guys, and should have just deployed thething and awaited feedback. The jabber server I have working runs outof xinetd (so no memory use when not used), and eats less than 100k of<= br />ram per invocation. For more details on in.jabberd and related toolssee:

http://inetdxtra.sourceforge.net/

There is o= f course an old aphorism that all programs expand until they
can send = mail (which ssmtp can do, btw). While I miss the days where
email was = the one constant in the universe, lacking secure
authentication and ve= rification as well as direct p2p access in the
current standards is a = real problem that has too many overlapping
means to solve at the prese= nt time.

I miss email direct to my machine. And netnews for that= matter.
(cerowrt has leafnode as an optional package btw), but I wasn= 't
planning to solve that problem this year.

>>
= >>
>>
>> On a machine that has almost no intern= al isolation capabilities,
>> lurking potential alignment bugs w= henever the kernel is updated by the
>> x86 maintainers, vulnera= ble to the first compromised service, it may
>> be a bit risky t= o load on to the system every app except the kitchen sink.

I am = concerned about most embedded appliances (not just routers)
running ne= arly every service as root. While cerowrt takes more steps
than most t= o remedy this (named is in a jail, the web server doesn't
run as root,= etc), more work is needed on the configuration web server
among other= subsystems. I wish certs weren't such a PITA, for example.

>= >
>>
>>
>> My personal bias would be to= make a darn good router, and leave the
>> other stuff entirely = out of the picture.

My personal bias is toward making a darn goo= d router that *stays one*
and better, improves over time, and that is = one motivation towards
making it chattier in some form. Other ideas in= clude adopting a
hip-like protocol to allow remote access to a user se= lected
independent provider of security services.

In the ti= me we've been working on cerowrt (well over a year now) there
have bee= n over 8 major CVEs to deal with that I can think of off the
top of my= head. Some means of pushing out security updates in
particular, in a = sane manner, is needed, and a little user
intervention required now an= d then.

>
> I mostly agree with you, particularly whe= n it comes to running a chat
> server.
>
> But we'v= e identified a number of situations where having the router be
> ab= le to inform you of goings ons/events is needed. One other low tech
&g= t; solution is sending email, but you also have a configuration problem
> then (as you will for a chat service too, of course, unless you run = via
> multicast, and I doubt if anything but a Linux system will re= ceive those
> without fuss).
>
> That's why I sent = a pointer to telepathy; it allows you to send messages
> to a bunch= of different back ends, and stays out of the server
> business. &n= bsp;And it's being used on embedded systems (though I don't know
> = if they go as small as what a typical home router is today).
> &nbs= p;                  - Jim

I will look over telepathy. IRC, as the other major chat standard, w= ould
be nice to support. As well as bonjour.


--
Dave T=C3=A4ht
SKYPE: davetaht
http://ronsravings.blogspot.com/<= /p>=0A

 ------=_20120613154920000000_50974--