[Cerowrt-devel] making cerowrt chattier

[Cerowrt-devel] making cerowrt chattier

[Dave Taht]

I am fiddling with ideas towards making the router chattier.

One reason is that some countries, and locations (hotspots) tend to
require that a person agree to the terms of service before using the
service. I happen to dislike intensely how this is usually implemented
(requiring a signin via web browser and having something like a
chilispot intercept DNS and all access) - I'd prefer some automated
system and to allow
basic services (like telephone, etc), automagically just work, and
only intercept browser access if required.

The second reason is that periodically a router needs an update, for
example to address a CVE. I note that versions of cerowrt prior to
3.3.8-1 have a version of bind in them that had a CVE issued against
it that needs to be addressed.

A third reason would be to enable various sorts of other messages to
make it to the user faster/more often.

Now, I've implemented a tiny jabber server in my current builds and am
looking into javascript based chat servers that I could incorporate
into the introductory web page, which could be used for notices of
this sort, and jabber users could also merely subscribe to notices
from the router so that they get chat notices when something is going
wrong - "upgrade needed", "we are under a syn attack", "Earthquake",
"out of memory", etc.  I haven't found a lightweight version of
sendxmpp yet, and have never been fond of centralized chat services in
the first place (the venerable "talk" protocol has no ipv6
implementation, I note) , so perhaps there's a better standard or
system I can use that is more aggressively p2p/distributed? I have
seen chat demonstrated over ccnx, but don't know anything
about the implementation.

ejabberd is NOT lightweight but supports muc and other services.

There is also the possibility of a lightweight email tool or the
winpopup utility for samba.

-- 
Dave Täht
SKYPE: davetaht
http://ronsravings.blogspot.com/

Re: [Cerowrt-devel] making cerowrt chattier

[Mark Constable]

On 12/06/12 23:10, Dave Taht wrote:
> I am fiddling with ideas towards making the router chattier.
> ...

NodeJS plus a light websocket implementation could be interesting.

Re: [Cerowrt-devel] making cerowrt chattier

[Robert Bradley]

On 12/06/12 14:10, Dave Taht wrote:
> Now, I've implemented a tiny jabber server in my current builds and am
> looking into javascript based chat servers that I could incorporate
> into the introductory web page, which could be used for notices of
> this sort, and jabber users could also merely subscribe to notices
> from the router so that they get chat notices when something is going
> wrong - "upgrade needed", "we are under a syn attack", "Earthquake",
> "out of memory", etc.  I haven't found a lightweight version of
> sendxmpp yet, and have never been fond of centralized chat services in
> the first place (the venerable "talk" protocol has no ipv6
> implementation, I note) , so perhaps there's a better standard or
> system I can use that is more aggressively p2p/distributed? I have
> seen chat demonstrated over ccnx, but don't know anything
> about the implementation.
>
> ejabberd is NOT lightweight but supports muc and other services.

ejabberd is probably a bit extreme for this unless you want to add more 
services, but I think simple broadcasts could actually be done via the 
Bonjour variant of XMPP (http://xmpp.org/extensions/xep-0174.html).  
I've no idea if a command-line client exists for that, though, and my 
attempts to send a basic message using netcat and Empathy failed badly.  
Maybe I need to publish more services with Avahi?

>
> There is also the possibility of a lightweight email tool or the
> winpopup utility for samba.
>

Winpopup might work, but is generally disabled on the Windows side these 
days (since SP2?) thanks to Messenger service spam.

-- 
Robert Bradley

Re: [Cerowrt-devel] making cerowrt chattier

[Jim Gettys]

On 06/12/2012 08:52 PM, Robert Bradley wrote:
> On 12/06/12 14:10, Dave Taht wrote:
>> Now, I've implemented a tiny jabber server in my current builds and am
>> looking into javascript based chat servers that I could incorporate
>> into the introductory web page, which could be used for notices of
>> this sort, and jabber users could also merely subscribe to notices
>> from the router so that they get chat notices when something is going
>> wrong - "upgrade needed", "we are under a syn attack", "Earthquake",
>> "out of memory", etc.  I haven't found a lightweight version of
>> sendxmpp yet, and have never been fond of centralized chat services in
>> the first place (the venerable "talk" protocol has no ipv6
>> implementation, I note) , so perhaps there's a better standard or
>> system I can use that is more aggressively p2p/distributed? I have
>> seen chat demonstrated over ccnx, but don't know anything
>> about the implementation.
>>
>> ejabberd is NOT lightweight but supports muc and other services.
>
> ejabberd is probably a bit extreme for this unless you want to add
> more services, but I think simple broadcasts could actually be done
> via the Bonjour variant of XMPP
> (http://xmpp.org/extensions/xep-0174.html).  I've no idea if a
> command-line client exists for that, though, and my attempts to send a
> basic message using netcat and Empathy failed badly.  Maybe I need to
> publish more services with Avahi?
>
>>
>> There is also the possibility of a lightweight email tool or the
>> winpopup utility for samba.
>>
>
> Winpopup might work, but is generally disabled on the Windows side
> these days (since SP2?) thanks to Messenger service spam.
>
Hmmm....  I guess I should excavate a bit of stuff out of my memory.

Not clear to me that the home router should normally do a chat server;
you certainly don't want ejabberd (which is written in erlang, and will
certainly have a ton of funny dependencies) even if you do.  Openfire is
likely a lot smaller, if you do; but I haven't looked.  There are a
bunch of other xmpp servers around, but ejabberd and openfire are the
most serious I found (and may be overkill) when I went looking 3 years
ago.  Having been badly burned by ejabberd, I'd stay away from it, even
if it is small (which it isn't, at least in RAM footprint), if only
because fixing bugs in erlang has an "interesting" learning curve....

More interesting may be to look at the telepathy library, which provides
pluggable back ends to a ton of different chat systems, and just look
into being able to have the router use whatever server the user prefers
(which might be on the router, if we find a small one that is suitable.

You'll find telepathy here: http://telepathy.freedesktop.org/wiki/

It's too late tonight to dig into it at all.
                        - Jim

Re: [Cerowrt-devel] making cerowrt chattier

[dpreed]

[-- Attachment #1: Type: text/plain, Size: 3846 bytes --]


I have an awkward worry that the functionality here is expanding to fill all possible space on the machine, so it is less a router than a complete "home appliance".
 
On a machine that has almost no internal isolation capabilities, lurking potential alignment bugs whenever the kernel is updated by the x86 maintainers, vulnerable to the first compromised service, it may be a bit risky to load on to the system every app except the kitchen sink.
 
My personal bias would be to make a darn good router, and leave the other stuff entirely out of the picture.
 
 
 
-----Original Message-----
From: "Jim Gettys" <jg@freedesktop.org>
Sent: Tuesday, June 12, 2012 9:41pm
To: "Robert Bradley" <robert.bradley1@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] making cerowrt chattier



On 06/12/2012 08:52 PM, Robert Bradley wrote:
> On 12/06/12 14:10, Dave Taht wrote:
>> Now, I've implemented a tiny jabber server in my current builds and am
>> looking into javascript based chat servers that I could incorporate
>> into the introductory web page, which could be used for notices of
>> this sort, and jabber users could also merely subscribe to notices
>> from the router so that they get chat notices when something is going
>> wrong - "upgrade needed", "we are under a syn attack", "Earthquake",
>> "out of memory", etc.  I haven't found a lightweight version of
>> sendxmpp yet, and have never been fond of centralized chat services in
>> the first place (the venerable "talk" protocol has no ipv6
>> implementation, I note) , so perhaps there's a better standard or
>> system I can use that is more aggressively p2p/distributed? I have
>> seen chat demonstrated over ccnx, but don't know anything
>> about the implementation.
>>
>> ejabberd is NOT lightweight but supports muc and other services.
>
> ejabberd is probably a bit extreme for this unless you want to add
> more services, but I think simple broadcasts could actually be done
> via the Bonjour variant of XMPP
> (http://xmpp.org/extensions/xep-0174.html).  I've no idea if a
> command-line client exists for that, though, and my attempts to send a
> basic message using netcat and Empathy failed badly.  Maybe I need to
> publish more services with Avahi?
>
>>
>> There is also the possibility of a lightweight email tool or the
>> winpopup utility for samba.
>>
>
> Winpopup might work, but is generally disabled on the Windows side
> these days (since SP2?) thanks to Messenger service spam.
>
Hmmm....  I guess I should excavate a bit of stuff out of my memory.

Not clear to me that the home router should normally do a chat server;
you certainly don't want ejabberd (which is written in erlang, and will
certainly have a ton of funny dependencies) even if you do.  Openfire is
likely a lot smaller, if you do; but I haven't looked.  There are a
bunch of other xmpp servers around, but ejabberd and openfire are the
most serious I found (and may be overkill) when I went looking 3 years
ago.  Having been badly burned by ejabberd, I'd stay away from it, even
if it is small (which it isn't, at least in RAM footprint), if only
because fixing bugs in erlang has an "interesting" learning curve....

More interesting may be to look at the telepathy library, which provides
pluggable back ends to a ton of different chat systems, and just look
into being able to have the router use whatever server the user prefers
(which might be on the router, if we find a small one that is suitable.

You'll find telepathy here: http://telepathy.freedesktop.org/wiki/

It's too late tonight to dig into it at all.
 - Jim

_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

[-- Attachment #2: Type: text/html, Size: 4725 bytes --]

Re: [Cerowrt-devel] making cerowrt chattier

[Jim Gettys]

On 06/12/2012 10:22 PM, dpreed@reed.com wrote:
>
> I have an awkward worry that the functionality here is expanding to
> fill all possible space on the machine, so it is less a router than a
> complete "home appliance".
>
>  
>
> On a machine that has almost no internal isolation capabilities,
> lurking potential alignment bugs whenever the kernel is updated by the
> x86 maintainers, vulnerable to the first compromised service, it may
> be a bit risky to load on to the system every app except the kitchen sink.
>
>  
>
> My personal bias would be to make a darn good router, and leave the
> other stuff entirely out of the picture.
>

I mostly agree with you, particularly when it comes to running a chat
server.

But we've identified a number of situations where having the router be
able to inform you of goings ons/events is needed. One other low tech
solution is sending email, but you also have a configuration problem
then (as you will for a chat service too, of course, unless you run via
multicast, and I doubt if anything but a Linux system will receive those
without fuss).

That's why I sent a pointer to telepathy; it allows you to send messages
to a bunch of different back ends, and stays out of the server
business.  And it's being used on embedded systems (though I don't know
if they go as small as what a typical home router is today).
                    - Jim

>  
>
>  
>
>  
>
> -----Original Message-----  On
> From: "Jim Gettys" <jg@freedesktop.org>
> Sent: Tuesday, June 12, 2012 9:41pm
> To: "Robert Bradley" <robert.bradley1@gmail.com>
> Cc: cerowrt-devel@lists.bufferbloat.net
> Subject: Re: [Cerowrt-devel] making cerowrt chattier
>
> On 06/12/2012 08:52 PM, Robert Bradley wrote:
> > On 12/06/12 14:10, Dave Taht wrote:
> >> Now, I've implemented a tiny jabber server in my current builds and am
> >> looking into javascript based chat servers that I could incorporate
> >> into the introductory web page, which could be used for notices of
> >> this sort, and jabber users could also merely subscribe to notices
> >> from the router so that they get chat notices when something is going
> >> wrong - "upgrade needed", "we are under a syn attack", "Earthquake",
> >> "out of memory", etc. I haven't found a lightweight version of
> >> sendxmpp yet, and have never been fond of centralized chat services in
> >> the first place (the venerable "talk" protocol has no ipv6
> >> implementation, I note) , so perhaps there's a better standard or
> >> system I can use that is more aggressively p2p/distributed? I have
> >> seen chat demonstrated over ccnx, but don't know anything
> >> about the implementation.
> >>
> >> ejabberd is NOT lightweight but supports muc and other services.
> >
> > ejabberd is probably a bit extreme for this unless you want to add
> > more services, but I think simple broadcasts could actually be done
> > via the Bonjour variant of XMPP
> > (http://xmpp.org/extensions/xep-0174.html). I've no idea if a
> > command-line client exists for that, though, and my attempts to send a
> > basic message using netcat and Empathy failed badly. Maybe I need to
> > publish more services with Avahi?
> >
> >>
> >> There is also the possibility of a lightweight email tool or the
> >> winpopup utility for samba.
> >>
> >
> > Winpopup might work, but is generally disabled on the Windows side
> > these days (since SP2?) thanks to Messenger service spam.
> >
> Hmmm.... I guess I should excavate a bit of stuff out of my memory.
>
> Not clear to me that the home router should normally do a chat server;
> you certainly don't want ejabberd (which is written in erlang, and will
> certainly have a ton of funny dependencies) even if you do. Openfire is
> likely a lot smaller, if you do; but I haven't looked. There are a
> bunch of other xmpp servers around, but ejabberd and openfire are the
> most serious I found (and may be overkill) when I went looking 3 years
> ago. Having been badly burned by ejabberd, I'd stay away from it, even
> if it is small (which it isn't, at least in RAM footprint), if only
> because fixing bugs in erlang has an "interesting" learning curve....
>
> More interesting may be to look at the telepathy library, which provides
> pluggable back ends to a ton of different chat systems, and just look
> into being able to have the router use whatever server the user prefers
> (which might be on the router, if we find a small one that is suitable.
>
> You'll find telepathy here: http://telepathy.freedesktop.org/wiki/
>
> It's too late tonight to dig into it at all.
> - Jim
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

Re: [Cerowrt-devel] making cerowrt chattier

[Dave Taht]

On Tue, Jun 12, 2012 at 10:28 PM, Jim Gettys <jg@freedesktop.org> wrote:
> On 06/12/2012 10:22 PM, dpreed@reed.com wrote:
>>
>> I have an awkward worry that the functionality here is expanding to
>> fill all possible space on the machine, so it is less a router than a
>> complete "home appliance".

I guess I'm way ahead of you guys, and should have just deployed the
thing and awaited feedback. The jabber server I have working runs out
of xinetd (so no memory use when not used), and eats less than 100k of
ram per invocation. For more details on in.jabberd and related tools
see:

http://inetdxtra.sourceforge.net/

There is of course an old aphorism that all programs expand until they
can send mail (which ssmtp can do, btw). While I miss the days where
email was the one constant in the universe, lacking secure
authentication and verification as well as direct p2p access in the
current standards is a real problem that has too many overlapping
means to solve at the present time.

I miss email direct to my machine. And netnews for that matter.
(cerowrt has leafnode as an optional package btw), but I wasn't
planning to solve that problem this year.

>>
>>
>>
>> On a machine that has almost no internal isolation capabilities,
>> lurking potential alignment bugs whenever the kernel is updated by the
>> x86 maintainers, vulnerable to the first compromised service, it may
>> be a bit risky to load on to the system every app except the kitchen sink.

I am concerned about most embedded appliances (not just routers)
running nearly every service as root. While cerowrt takes more steps
than most to remedy this (named is in a jail, the web server doesn't
run as root, etc), more work is needed on the configuration web server
among other subsystems. I wish certs weren't such a PITA, for example.

>>
>>
>>
>> My personal bias would be to make a darn good router, and leave the
>> other stuff entirely out of the picture.

My personal bias is toward making a darn good router that *stays one*
and better, improves over time, and that is one motivation towards
making it chattier in some form. Other ideas include adopting a
hip-like protocol to allow remote access to a user selected
independent provider of security services.

In the time we've been working on cerowrt (well over a year now) there
have been over 8 major CVEs to deal with that I can think of off the
top of my head. Some means of pushing out security updates in
particular, in a sane manner, is needed, and a little user
intervention required now and then.

>
> I mostly agree with you, particularly when it comes to running a chat
> server.
>
> But we've identified a number of situations where having the router be
> able to inform you of goings ons/events is needed. One other low tech
> solution is sending email, but you also have a configuration problem
> then (as you will for a chat service too, of course, unless you run via
> multicast, and I doubt if anything but a Linux system will receive those
> without fuss).
>
> That's why I sent a pointer to telepathy; it allows you to send messages
> to a bunch of different back ends, and stays out of the server
> business.  And it's being used on embedded systems (though I don't know
> if they go as small as what a typical home router is today).
>                    - Jim

I will look over telepathy. IRC, as the other major chat standard, would
be nice to support. As well as bonjour.


-- 
Dave Täht
SKYPE: davetaht
http://ronsravings.blogspot.com/

Re: [Cerowrt-devel] making cerowrt chattier

[dpreed]

[-- Attachment #1: Type: text/plain, Size: 4067 bytes --]


Can we clarify what this is to be used for? I assume it will be defaulted off.  Not sure I want my router to send messages to people I don't know, or be reachable by people I don't know.
 
Anyway, just a personal reaction.
 
-----Original Message-----
From: "Dave Taht" <dave.taht@gmail.com>
Sent: Tuesday, June 12, 2012 11:09pm
To: "Jim Gettys" <jg@freedesktop.org>
Cc: dpreed@reed.com, cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] making cerowrt chattier



On Tue, Jun 12, 2012 at 10:28 PM, Jim Gettys <jg@freedesktop.org> wrote:
> On 06/12/2012 10:22 PM, dpreed@reed.com wrote:
>>
>> I have an awkward worry that the functionality here is expanding to
>> fill all possible space on the machine, so it is less a router than a
>> complete "home appliance".

I guess I'm way ahead of you guys, and should have just deployed the
thing and awaited feedback. The jabber server I have working runs out
of xinetd (so no memory use when not used), and eats less than 100k of
ram per invocation. For more details on in.jabberd and related tools
see:

http://inetdxtra.sourceforge.net/

There is of course an old aphorism that all programs expand until they
can send mail (which ssmtp can do, btw). While I miss the days where
email was the one constant in the universe, lacking secure
authentication and verification as well as direct p2p access in the
current standards is a real problem that has too many overlapping
means to solve at the present time.

I miss email direct to my machine. And netnews for that matter.
(cerowrt has leafnode as an optional package btw), but I wasn't
planning to solve that problem this year.

>>
>>
>>
>> On a machine that has almost no internal isolation capabilities,
>> lurking potential alignment bugs whenever the kernel is updated by the
>> x86 maintainers, vulnerable to the first compromised service, it may
>> be a bit risky to load on to the system every app except the kitchen sink.

I am concerned about most embedded appliances (not just routers)
running nearly every service as root. While cerowrt takes more steps
than most to remedy this (named is in a jail, the web server doesn't
run as root, etc), more work is needed on the configuration web server
among other subsystems. I wish certs weren't such a PITA, for example.

>>
>>
>>
>> My personal bias would be to make a darn good router, and leave the
>> other stuff entirely out of the picture.

My personal bias is toward making a darn good router that *stays one*
and better, improves over time, and that is one motivation towards
making it chattier in some form. Other ideas include adopting a
hip-like protocol to allow remote access to a user selected
independent provider of security services.

In the time we've been working on cerowrt (well over a year now) there
have been over 8 major CVEs to deal with that I can think of off the
top of my head. Some means of pushing out security updates in
particular, in a sane manner, is needed, and a little user
intervention required now and then.

>
> I mostly agree with you, particularly when it comes to running a chat
> server.
>
> But we've identified a number of situations where having the router be
> able to inform you of goings ons/events is needed. One other low tech
> solution is sending email, but you also have a configuration problem
> then (as you will for a chat service too, of course, unless you run via
> multicast, and I doubt if anything but a Linux system will receive those
> without fuss).
>
> That's why I sent a pointer to telepathy; it allows you to send messages
> to a bunch of different back ends, and stays out of the server
> business.  And it's being used on embedded systems (though I don't know
> if they go as small as what a typical home router is today).
>                    - Jim

I will look over telepathy. IRC, as the other major chat standard, would
be nice to support. As well as bonjour.


-- 
Dave Täht
SKYPE: davetaht
http://ronsravings.blogspot.com/

[-- Attachment #2: Type: text/html, Size: 4940 bytes --]

Re: [Cerowrt-devel] making cerowrt chattier

[Dave Taht]

My intent was to limit it to the "secure" interfaces only, but on by default,
not running as root, and requiring a username/password to use regardless.

(I am similarly blocking port 81 and the samba ports to the secure
interfaces on my next attempt at a release)

Other suggestions as to improving security overall - while still
improving end to end connectivity greatly appreciated!  One of the
more controversial ideas discussed on this list earlier was the
concept of making the guest network a nearly default free zone, and
allowing advanced protocols such as hip, sctp, etc, through on ipv6 by
default.

On Wed, Jun 13, 2012 at 3:49 PM,  <dpreed@reed.com> wrote:
> Can we clarify what this is to be used for? I assume it will be defaulted
> off.  Not sure I want my router to send messages to people I don't know, or
> be reachable by people I don't know.
>
>
>
> Anyway, just a personal reaction.
>
>
>
> -----Original Message-----
> From: "Dave Taht" <dave.taht@gmail.com>
> Sent: Tuesday, June 12, 2012 11:09pm
> To: "Jim Gettys" <jg@freedesktop.org>
> Cc: dpreed@reed.com, cerowrt-devel@lists.bufferbloat.net
> Subject: Re: [Cerowrt-devel] making cerowrt chattier
>
> On Tue, Jun 12, 2012 at 10:28 PM, Jim Gettys <jg@freedesktop.org> wrote:
>> On 06/12/2012 10:22 PM, dpreed@reed.com wrote:
>>>
>>> I have an awkward worry that the functionality here is expanding to
>>> fill all possible space on the machine, so it is less a router than a
>>> complete "home appliance".
>
> I guess I'm way ahead of you guys, and should have just deployed the
> thing and awaited feedback. The jabber server I have working runs out
> of xinetd (so no memory use when not used), and eats less than 100k of
> ram per invocation. For more details on in.jabberd and related tools
> see:
>
> http://inetdxtra.sourceforge.net/
>
> There is of course an old aphorism that all programs expand until they
> can send mail (which ssmtp can do, btw). While I miss the days where
> email was the one constant in the universe, lacking secure
> authentication and verification as well as direct p2p access in the
> current standards is a real problem that has too many overlapping
> means to solve at the present time.
>
> I miss email direct to my machine. And netnews for that matter.
> (cerowrt has leafnode as an optional package btw), but I wasn't
> planning to solve that problem this year.
>
>>>
>>>
>>>
>>> On a machine that has almost no internal isolation capabilities,
>>> lurking potential alignment bugs whenever the kernel is updated by the
>>> x86 maintainers, vulnerable to the first compromised service, it may
>>> be a bit risky to load on to the system every app except the kitchen
>>> sink.
>
> I am concerned about most embedded appliances (not just routers)
> running nearly every service as root. While cerowrt takes more steps
> than most to remedy this (named is in a jail, the web server doesn't
> run as root, etc), more work is needed on the configuration web server
> among other subsystems. I wish certs weren't such a PITA, for example.
>
>>>
>>>
>>>
>>> My personal bias would be to make a darn good router, and leave the
>>> other stuff entirely out of the picture.
>
> My personal bias is toward making a darn good router that *stays one*
> and better, improves over time, and that is one motivation towards
> making it chattier in some form. Other ideas include adopting a
> hip-like protocol to allow remote access to a user selected
> independent provider of security services.
>
> In the time we've been working on cerowrt (well over a year now) there
> have been over 8 major CVEs to deal with that I can think of off the
> top of my head. Some means of pushing out security updates in
> particular, in a sane manner, is needed, and a little user
> intervention required now and then.
>
>>
>> I mostly agree with you, particularly when it comes to running a chat
>> server.
>>
>> But we've identified a number of situations where having the router be
>> able to inform you of goings ons/events is needed. One other low tech
>> solution is sending email, but you also have a configuration problem
>> then (as you will for a chat service too, of course, unless you run via
>> multicast, and I doubt if anything but a Linux system will receive those
>> without fuss).
>>
>> That's why I sent a pointer to telepathy; it allows you to send messages
>> to a bunch of different back ends, and stays out of the server
>> business.  And it's being used on embedded systems (though I don't know
>> if they go as small as what a typical home router is today).
>>                    - Jim
>
> I will look over telepathy. IRC, as the other major chat standard, would
> be nice to support. As well as bonjour.
>
>
> --
> Dave Täht
> SKYPE: davetaht
> http://ronsravings.blogspot.com/



-- 
Dave Täht
SKYPE: davetaht
http://ronsravings.blogspot.com/