From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp65.iad3a.emailsrvr.com (smtp65.iad3a.emailsrvr.com [173.203.187.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id E81A420175A for ; Sat, 25 Jan 2014 19:04:42 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp17.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 36A4A2A008B; Sat, 25 Jan 2014 22:04:41 -0500 (EST) X-Virus-Scanned: OK Received: from app40.wa-webapps.iad3a (relay.iad3a.rsapps.net [172.27.255.110]) by smtp17.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 208CC2A0086; Sat, 25 Jan 2014 22:04:41 -0500 (EST) Received: from reed.com (localhost.localdomain [127.0.0.1]) by app40.wa-webapps.iad3a (Postfix) with ESMTP id 0ACE1300048; Sat, 25 Jan 2014 22:04:41 -0500 (EST) Received: by apps.rackspace.com (Authenticated sender: dpreed@reed.com, from: dpreed@reed.com) with HTTP; Sat, 25 Jan 2014 22:04:41 -0500 (EST) Date: Sat, 25 Jan 2014 22:04:41 -0500 (EST) From: dpreed@reed.com To: "Dave Taht" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_20140125220441000000_12210" Importance: Normal X-Priority: 3 (Normal) X-Type: html In-Reply-To: References: <13b6a42d-47ca-4b1b-b3e8-a7ae8ba0809f@email.android.com> Message-ID: <1390705481.041814229@apps.rackspace.com> X-Mailer: webmail7.0 Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: [Cerowrt-devel] side issue, related to the bigger picture surrounding Cerowrt and Bufferbloat. X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jan 2014 03:04:43 -0000 ------=_20140125220441000000_12210 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =0AOn Friday, January 24, 2014 5:27pm, "Dave Taht" sa= id:=0A =0A=0A> and also, suddenly every device with a web server on it on 8= 0 and 443=0A> is vulnerable, ranging from your printer to your fridge.=0A = =0AOne of the reasons I like the "Cerowrt project" is that it focuses on fi= xing the aspects of the Internet plumbing that are due to careless practice= s like presuming that a printer or fridge will be protected inside a "firew= all" and thus need not be designed correctly.=0A =0AIt reminds me of the at= titude toward safety taken by the Auto Industry prior to Ralph Nader. (whe= ther you like Nader or not, his point was correct at the time - GM and Ford= engineering did not design sufficiently safe cars, and that had a huge soc= ial impact that individuals could not cope with).=0A =0AWe now have printer= s and fridges that are "unsafe at any speed", just as we have access networ= ks that are knowingly designed to get bloated under stress, amplifying the = stress rather than ameliorating it.=0A =0ANow there may be "temporary kludg= es" that can protect the printers and fridges thus misdesigned - and NAT fi= rewalls are possibly OK in that light. But honestly, I want to be able to = connect to my printer from anywhere.=0A =0AFor a few bucks I can probably b= uild a front-end box for my printer that is a printer server based on encry= pted connections (using SSL with certificates, perhaps). E.g. for each prin= ter and fridge, a Raspberry Pi with a USB WiFi interface, connected directl= y on IPv6. That's about $50 per badly designed consumer electronics device.= =0A =0AI'd prefer, however for the printer makers, etc. to make this a stan= dard. To do so, we need an open source project like Cerowrt to show the wa= y, perhaps starting with the front-end box that implements the standard, si= nce adding software to a printer or fridge itself is hard.=0A =0A ------=_20140125220441000000_12210 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Friday, Januar= y 24, 2014 5:27pm, "Dave Taht" <dave.taht@gmail.com> said:

= =0A

 

=0A
=0A

> and also, suddenly every de= vice with a web server on it on 80 and 443
> is vulnerable, ranging= from your printer to your fridge.

=0A

&= nbsp;

=0A

One of the reasons I like the = "Cerowrt project" is that it focuses on fixing the aspects of the Internet = plumbing that are due to careless practices like presuming that a printer o= r fridge will be protected inside a "firewall" and thus need not be designe= d correctly.

=0A

 

=0A

It reminds me of the attitude toward safety taken = by the Auto Industry prior to Ralph Nader.  (whether you like Nader or= not, his point was correct at the time - GM and Ford engineering did not d= esign sufficiently safe cars, and that had a huge social impact that indivi= duals could not cope with).

=0A

 =0A

We now have printers and fridges that= are "unsafe at any speed", just as we have access networks that are knowin= gly designed to get bloated under stress, amplifying the stress rather than= ameliorating it.

=0A

 

=0A

Now there may be "temporary kludges" that can p= rotect the printers and fridges thus misdesigned - and NAT firewalls are po= ssibly OK in that light.  But honestly, I want to be able to connect t= o my printer from anywhere.

=0A

 =0A

For a few bucks I can probably build = a front-end box for my printer that is a printer server based on encrypted = connections (using SSL with certificates, perhaps). E.g. for each printer a= nd fridge, a Raspberry Pi with a USB WiFi interface, connected directly on = IPv6. That's about $50 per badly designed consumer electronics device.

= =0A

 

=0A

I'd prefer, however for the printer makers, etc. to make this a stan= dard.  To do so, we need an open source project like Cerowrt to show t= he way, perhaps starting with the front-end box that implements the standar= d, since adding software to a printer or fridge itself is hard.

=0A

 

=0A

&= nbsp;

=0A
 ------=_20140125220441000000_12210--