From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 792BC3B2B4; Sun, 13 Mar 2016 16:15:45 -0400 (EDT) Received: by mail-lb0-x22a.google.com with SMTP id k15so216277239lbg.0; Sun, 13 Mar 2016 13:15:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Fe5VkbkMOVS1v38KDg79cnd0m3hyr5Gj8obXiI9Sy/w=; b=FpkbKM25XjQkJGv+sif0ay3fl5G8hufoB4jE+IAcN0xHbEFS8lf6BWax/ru6PX5R5w me9uHRrNw1wzSCG5uoFJBdoQClfqsLLnKJ7gdz4mI73qhwUxaaEztVhWAr2DzwUt2Iln WTBgGjQsyBmbvW6OA2h8X+p3Zt51dgca6lAyyvLu/tvaz/5PSBvSRkjNnaRdLS4YlKPo dsVC9Vps2aCkvVku1XxztT2GwjSwp+mHfxRC+3cS6Gpt4vw5z3ig6G/5K+ltVpJpTc/a qz0AUYDH/zfX1+MXJ2ZsD43jB9/708R2wLuCV6q9nWoAnSppmF43dDX5nxVheHcWFt2t kRRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Fe5VkbkMOVS1v38KDg79cnd0m3hyr5Gj8obXiI9Sy/w=; b=YIalj0h/CQXilI4F50rvdPcbpVg/hQO51f6+i5Tar5y2IcEL1cmPqCtcuirQUxRVN1 h4giJqcfLBBq9d8/aodRdhmYDRi5e9RnN+4BQZgJXT/zt9/dpelYPLmRnCeJHlZUnVq+ bjF6Vl43sy8FOovFiLCtiw0+le2lhkmLgx7DO25VCoaru7VkvjH/0rUCWBWCJnmVN/oE E4rLTwEMrjS+1ptNr3OrH5VowVEd+rzWDm1xEz7iVsBhrdJcTlagJkQmzJr4Fyfawbxo 7v/mKDGRitSiwhhcIpf2RHXIRN4QDt2g6ABBqIZXGB8Ycecgc9uP2Ke3mxoFtJr8GqF9 mHDg== X-Gm-Message-State: AD7BkJJ6008fco3Qa7jAGrkzKOUbA0+kMHpve6iOQCewpmyh8QSJKTL/o19zupsI3c3YKw== X-Received: by 10.25.42.13 with SMTP id q13mr6772951lfq.96.1457900144050; Sun, 13 Mar 2016 13:15:44 -0700 (PDT) Received: from bass.home.chromatix.fi (37-33-67-252.bb.dnainternet.fi. [37.33.67.252]) by smtp.gmail.com with ESMTPSA id a14sm3060631lfe.7.2016.03.13.13.15.42 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 13 Mar 2016 13:15:43 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Jonathan Morton In-Reply-To: <8E3D19C3-601A-41B6-B3F9-CD6B35BA96F5@gmx.de> Date: Sun, 13 Mar 2016 22:15:40 +0200 Cc: David Lang , make-wifi-fast@lists.bufferbloat.net, bufferbloat-fcc-discuss , "cerowrt-devel@lists.bufferbloat.net" Content-Transfer-Encoding: quoted-printable Message-Id: References: <9BD140AE-D0FA-47B1-8BED-DE60E603F6E5@gmail.com> <9C673B76-DBC5-4282-A03C-A273D02ACA3B@gmail.com> <8E3D19C3-601A-41B6-B3F9-CD6B35BA96F5@gmx.de> To: moeller0 X-Mailer: Apple Mail (2.3112) Subject: Re: [Make-wifi-fast] [Cerowrt-devel] arstechnica confirms tp-link router lockdown X-BeenThere: make-wifi-fast@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2016 20:15:45 -0000 > On 13 Mar, 2016, at 20:25, moeller0 wrote: >=20 > I also fondly remember my 3310, but I certainy do not want to go back = there, that week of standby be damned ;) I don=E2=80=99t actually use my 3310 very much - it=E2=80=99s there for = emergencies more than anything else. But I do think it makes a better = phone than my Android phablet. The latter is pretty good at the whole =E2=80=9Cinternet terminal=E2=80=9D= and =E2=80=9Cutility app=E2=80=9D thing, but it=E2=80=99s a pretty = lousy phone. Indeed the =E2=80=9Cmake a phone call=E2=80=9D = functionality is presented as just another app, albeit one that can=E2=80=99= t be uninstalled. I can=E2=80=99t even type a text message any faster = on it (to the same accuracy) than on my 3310. It works adequately as a = phone, rather than well. > while the password could be randomized, I envision user unhappiness = with randomized SSIDs I don=E2=80=99t see why - that=E2=80=99s the one they don=E2=80=99t have = to type, because it gets scanned for. A straight random string of characters from the base64 or base85 = character sets would be hard to recognise or read out loud, but I was = thinking more along the lines of picking randomly from wordlists, so = you=E2=80=99d get SSIDs of the form =E2=80=9CAdjectiveNoun=E2=80=9D = which are relatively easy to recognise and remember, yet still likely to = be locally unique. Passwords chosen by a similar method (ie. virtual diceware) would also = be easier to type, etc. CorrectHorseBatteryStaple... > That reminds me a bit of https://www.securifi.com/almondplus The eye-watering price is certainly notable. It=E2=80=99s unclear how = much of that is profit margin, and how much went into the screen. I = note also the touchscreen UI, at which I have to squint to work out what = each icon is for (despite the bright, high-res colour screen). There=E2=80=99s a lot to be said for the old Amstrad PCW type of UI. = Very little window dressing, straight down to business. > The keypad is sort of helpful to put in say IP addresses (or passwords = with a T9 like numerical hash for words system). I have used old HP on = printer interfaces to configure IP networking, not an experience I would = recommend to emulate (not that you are doing tis, but please keep the = failures of old in mind when designing your system). I just looked up a few HP printer manuals to see what you=E2=80=99re = talking about. Setting numerical values by incremental button presses = does sound tedious - but I already knew that from badly-designed = microwave ovens. The cheap ones come with a clockwork dial, which is = actually easier to use than the typical =E2=80=9Cincrement 10 mins, 1 = min or 10 sec=E2=80=9D buttons. I deliberately bought a good one with a = digital dial. At university, I often saw people routinely set the microwave timer for = 10 minutes, simply because it required fewer button presses than the = correct setting. We had a lot of false fire alarms. But I=E2=80=99m not presently considering putting buttons on the device = itself. The screen will be a significant expense in itself; adding = enough buttons to be a worthwhile input device sounds like another big = cost. But there=E2=80=99ll be a USB port somewhere anyway, and most = users will have something worthwhile to plug into it. Clearly a keyboard will be the preferred input device. Though there are = many national layouts, we can rely on arrow keys, a full Latin alphabet, = Arabic numerals, space, backspace and return giving consistent keycodes. = Or at least, we can once we correct for QWERTY/QWERTZ/AZERTY/Dvorak = quirks - we can prompt the user to press the Z key to distinguish = between these. Rapid and accurate navigation and data entry should then = be easy. As a subtype of keyboards, though, there are standalone numeric keypads, = essentially the part missing from a laptop keyboard. Those may merit = special consideration - they don=E2=80=99t have a Z key. There are established ways of navigating menus and entering text using = console controllers - since that=E2=80=99s a problem consoles themselves = have had to solve. It=E2=80=99s clunky, but somehow they get people to = pay $60 per game for the privilege of entering CD key codes this way. It should also be feasible to allow a mouse to be used. Almost all mice = these days have a scroll wheel, which we can use to scan through the = character set instead of trying to squeeze a virtual keyboard onto the = screen. Navigation would be by pointing, left-click to select, = right-click to cancel/exit. If this sounds like a complex solution to a problem - maybe it is, at = the design level. I think users will find it simple. That matters = more. > Well, a lot of ISP supplied routers have a sticker on the back giving = exactly the information (in addition to the password for the web-gui) My Buffalo router has such a sticker. It says the web-UI login is = root/(blank). That, right there, is my best argument against Web = configuration interfaces - they are impossible to secure in the = factory-fresh state. - Jonathan Morton