From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-f47.google.com (mail-wg0-f47.google.com [74.125.82.47]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id A48F22006AA for ; Tue, 12 Jun 2012 20:09:17 -0700 (PDT) Received: by wgbfa7 with SMTP id fa7so74931wgb.28 for ; Tue, 12 Jun 2012 20:09:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=3BHmyIbcz4xZlx3bZ9HaQWMil6OgDI3p6F0qtxuwCtg=; b=XsQC+qaKOjZ2oq791XF8ZfHFVubZZH60PEpMdpGAGWtVXoclrbQYqRDqWCD6E+UR2E /E1bX7p6R9d1CF5HJhWIzcqVHI8/5+1c9kg+iMPOX4Fc5S3k6P2yAlaXpcENNHHLFF9i XiGMPnuUbikQrj9rRLIb9bs+CbJBcimDhcJYlH+rU5ndPK4v9ZB/XtLFU5swM0A2n7/v ro//UsF6Nl0qamndsbrqBBlxVL40loy9Xe28tOQcvTCbozFwHbm8vKGpJIIR15D8mZbI NHvKGs7NMZXBqZLvECx93eATNMgLF+ZKcIaL/MBAAwoKVK6O/3v4J8oAPZXwdQOP+VoR KdIg== MIME-Version: 1.0 Received: by 10.180.102.9 with SMTP id fk9mr38770861wib.1.1339556950518; Tue, 12 Jun 2012 20:09:10 -0700 (PDT) Received: by 10.223.103.199 with HTTP; Tue, 12 Jun 2012 20:09:10 -0700 (PDT) In-Reply-To: <4FD7FAEA.80500@freedesktop.org> References: <4FD7E443.7000304@gmail.com> <4FD7EFC2.4010609@freedesktop.org> <1339554171.637719702@apps.rackspace.com> <4FD7FAEA.80500@freedesktop.org> Date: Tue, 12 Jun 2012 23:09:10 -0400 Message-ID: From: Dave Taht To: Jim Gettys Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] making cerowrt chattier X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2012 03:09:21 -0000 On Tue, Jun 12, 2012 at 10:28 PM, Jim Gettys wrote: > On 06/12/2012 10:22 PM, dpreed@reed.com wrote: >> >> I have an awkward worry that the functionality here is expanding to >> fill all possible space on the machine, so it is less a router than a >> complete "home appliance". I guess I'm way ahead of you guys, and should have just deployed the thing and awaited feedback. The jabber server I have working runs out of xinetd (so no memory use when not used), and eats less than 100k of ram per invocation. For more details on in.jabberd and related tools see: http://inetdxtra.sourceforge.net/ There is of course an old aphorism that all programs expand until they can send mail (which ssmtp can do, btw). While I miss the days where email was the one constant in the universe, lacking secure authentication and verification as well as direct p2p access in the current standards is a real problem that has too many overlapping means to solve at the present time. I miss email direct to my machine. And netnews for that matter. (cerowrt has leafnode as an optional package btw), but I wasn't planning to solve that problem this year. >> >> >> >> On a machine that has almost no internal isolation capabilities, >> lurking potential alignment bugs whenever the kernel is updated by the >> x86 maintainers, vulnerable to the first compromised service, it may >> be a bit risky to load on to the system every app except the kitchen sin= k. I am concerned about most embedded appliances (not just routers) running nearly every service as root. While cerowrt takes more steps than most to remedy this (named is in a jail, the web server doesn't run as root, etc), more work is needed on the configuration web server among other subsystems. I wish certs weren't such a PITA, for example. >> >> >> >> My personal bias would be to make a darn good router, and leave the >> other stuff entirely out of the picture. My personal bias is toward making a darn good router that *stays one* and better, improves over time, and that is one motivation towards making it chattier in some form. Other ideas include adopting a hip-like protocol to allow remote access to a user selected independent provider of security services. In the time we've been working on cerowrt (well over a year now) there have been over 8 major CVEs to deal with that I can think of off the top of my head. Some means of pushing out security updates in particular, in a sane manner, is needed, and a little user intervention required now and then. > > I mostly agree with you, particularly when it comes to running a chat > server. > > But we've identified a number of situations where having the router be > able to inform you of goings ons/events is needed. One other low tech > solution is sending email, but you also have a configuration problem > then (as you will for a chat service too, of course, unless you run via > multicast, and I doubt if anything but a Linux system will receive those > without fuss). > > That's why I sent a pointer to telepathy; it allows you to send messages > to a bunch of different back ends, and stays out of the server > business. =A0And it's being used on embedded systems (though I don't know > if they go as small as what a typical home router is today). > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0- Jim I will look over telepathy. IRC, as the other major chat standard, would be nice to support. As well as bonjour. --=20 Dave T=E4ht SKYPE: davetaht http://ronsravings.blogspot.com/