From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ig0-x22a.google.com (mail-ig0-x22a.google.com [IPv6:2607:f8b0:4001:c05::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id CDC9D2012C3 for ; Fri, 24 Jan 2014 14:27:52 -0800 (PST) Received: by mail-ig0-f170.google.com with SMTP id m12so6114843iga.1 for ; Fri, 24 Jan 2014 14:27:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=mby2+AdwpwORTevJEytHTJmdUXyZJIqT6Q33IkHL08A=; b=pc29pXXrk/XBcOTo/v5fyfkf2LdRvmLQzmat+RalKU69npxwc8yCCBeaNswogPxgd9 J0hjosdRK6uK/urGy9mz3eQKYD6Uj88seAN8GTHzEaVVSSPhSvOg2zG1d84QISMwxSej I+9/DuQPBLjAMqwBVYHZUG+C+q8IbJClehYjkwr+pueXIbrAFzQpF/Bunf1qKuyPdAM7 Qa40H6U82tw/1uwkkLJ9neUAbEhVN69fzUhICBYfGzohnDhIjmO1v7ZiZeAcDDhD0qTK wp1oWuSwmTm6zvuB9FT74O+RxZrYaQLJxBZsiDdMHjSmrDUGbQcUw+RGkWi3B43QH+JI pWxA== MIME-Version: 1.0 X-Received: by 10.43.49.1 with SMTP id uy1mr12661070icb.48.1390602472179; Fri, 24 Jan 2014 14:27:52 -0800 (PST) Received: by 10.64.145.67 with HTTP; Fri, 24 Jan 2014 14:27:52 -0800 (PST) In-Reply-To: <13b6a42d-47ca-4b1b-b3e8-a7ae8ba0809f@email.android.com> References: <13b6a42d-47ca-4b1b-b3e8-a7ae8ba0809f@email.android.com> Date: Fri, 24 Jan 2014 17:27:52 -0500 Message-ID: From: Dave Taht To: =?ISO-8859-1?Q?Toke_H=F8iland=2DJ=F8rgensen?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] Comcast specific Cerowrt-3.10.26-7: another "too exciting for me" unrelease X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jan 2014 22:27:53 -0000 On Fri, Jan 24, 2014 at 5:08 PM, Toke H=F8iland-J=F8rgensen = wrote: >> the biggest problem people have had is the switch to https vs http >> for the gui, their webbrowsers' cache rewrite the url back to http, >> and lighttpd, >> unlike apache, doesn't give any sign as to why the connection is >> not working. >> >> remember: https://gw.home.lan:81 from now on... > > How about moving the HTTPS listener to a new port, and keep the http list= ener on port 81, but having it redirect unconditionally to the new address? Great, now I gotta know :XX. :). IMHO the temporary pain of your web browser rewriting urls for you once, is better than sticking a pair of redirects into the system, but I could be persuaded otherwise. It does open the question of "why use a specialized port for configuration at all"? In an ipv6 world we have restored e2e connectivity, and that makes it possible for random arbitrary boxes on your network to be providing a useful web based service, which is a good thing... and also, suddenly every device with a web server on it on 80 and 443 is vulnerable, ranging from your printer to your fridge. Now we can arbitrarily block port 80/433 across ingress to the network (which I fear is what will happen), or we can move devices containing sensitive info to their own port range which can be treated more sensibly. So how 81 happened was I went through /etc/services and saw that 81-87 had apparently never been allocated. A "config port" seemed sane, thus 81 for the adminstration gui, and 80 and 443 for their normal uses. I might argue that there should be an industry standard for a "config port" that has different behavior than normal ports, by definition listening only on the local network, for example... or limiting hop count... this is the sort of behavior that bind has by default. > > -Toke > --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html