From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id DFB4A3B2A3; Sun, 13 Mar 2016 17:17:34 -0400 (EDT) Received: from hms-beagle.lan ([93.237.70.232]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0MIdTM-1ahPFV2D3g-002E7K; Sun, 13 Mar 2016 22:17:25 +0100 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: moeller0 In-Reply-To: Date: Sun, 13 Mar 2016 22:17:22 +0100 Cc: David Lang , make-wifi-fast@lists.bufferbloat.net, bufferbloat-fcc-discuss , "cerowrt-devel@lists.bufferbloat.net" Content-Transfer-Encoding: quoted-printable Message-Id: References: <9BD140AE-D0FA-47B1-8BED-DE60E603F6E5@gmail.com> <9C673B76-DBC5-4282-A03C-A273D02ACA3B@gmail.com> <8E3D19C3-601A-41B6-B3F9-CD6B35BA96F5@gmx.de> To: Jonathan Morton X-Mailer: Apple Mail (2.2104) X-Provags-ID: V03:K0:X5J/6QpAmtO3LvDBQ2A68xtJE8pQe5rsqFUHZlvCshM5nHKVIjh RENyN/OY2sW1sqBZRFmDkr5Kt9YBdzpNRHvbuFPQnZE4gXNUUmwMFEuWuaicvyjGnWZsVpt 3576FJ4L8ThBjeWx7duxiZbxKzlkNvc7gbEsac/NK5kHUqfOgKSMbQ4fEUon34MrENj89ho NH4Y1QvBlnUTqsle534Yw== X-UI-Out-Filterresults: notjunk:1;V01:K0:DwH0Wywv7jU=:irBCGtOX/DMlHR0oErtMVl Q1n/sZocAnKRsXNdht9EjaFkj624GBlwFR43we3QzUUHVD8wGP522N02QeMRWTFq8dKAqGLNV PdIUdiG7gIn5NegJJ8NM9CdBzPX6I0ErsESagkjPoaQAa40iAzkWdRgfR3MAjCickKhF1gaED cDKkrfpIHtsgLOfYausiOst4RzD9TFlkUVl9Jtt6yPxJSgBrbJeu06Mbt9DC8RVeWug5ZzjD9 wc4HYzgVHz93+qq+6xBrk8/UASIICSTc/rHVs9sZMmhpFsS5EcAOAqhfBg8tLb3BDmGcOZhzc 5T8pwrKiLRC6NmV5pkhVwsLqpEwom375194RCwJD/e3Ccchydl2LbvuMl+IltEH9FMNHOtCFf MWhvdlfvr+097GlNaAXH/kjayUsRw+t7MixjbZ61O8NoCjoPUns4iVjCfnl7X1ADVMJhYB/9w OD5E0mzuvGMytR0YB+RVrgfYA797TRK7Gj20vRy/YfbJHJa7DwNBEFUeo693J4GCe759U85Fs kVBJXzwL0g70whSttCuPZgcdquK6mIp2nl4fqHTlqhQh0rm2tsWX1jpzHNEhzXPCcPc98zAPd Zq+frekHfIkBRjDiX6C24DLnfKOKo8PvoDFmLIiCI1q8k/hz58wBVjzGnk7GZA6YrnZQgbjbK x59C9+KEY3mdV3xPjLfiS21WGP32y11m/KlJJN6RaU9FzBD32BBtFW4lVLI3kcDGjE0kuVs6b oF+lEt6wIKshL/I9+t+6PDsHOuEX11GWQNEw8X7wSax/IiQe7rpW/Sr/E7kKt5TqZA0flC1oa I+gnTkc Subject: Re: [Make-wifi-fast] [Cerowrt-devel] arstechnica confirms tp-link router lockdown X-BeenThere: make-wifi-fast@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2016 21:17:35 -0000 Hi Jonathan, > On Mar 13, 2016, at 21:15 , Jonathan Morton = wrote: >=20 >=20 >> On 13 Mar, 2016, at 20:25, moeller0 wrote: >>=20 >> I also fondly remember my 3310, but I certainy do not want to go back = there, that week of standby be damned ;) >=20 > I don=E2=80=99t actually use my 3310 very much - it=E2=80=99s there = for emergencies more than anything else. But I do think it makes a = better phone than my Android phablet. >=20 > The latter is pretty good at the whole =E2=80=9Cinternet terminal=E2=80=9D= and =E2=80=9Cutility app=E2=80=9D thing, but it=E2=80=99s a pretty = lousy phone. Indeed the =E2=80=9Cmake a phone call=E2=80=9D = functionality is presented as just another app, albeit one that can=E2=80=99= t be uninstalled. I can=E2=80=99t even type a text message any faster = on it (to the same accuracy) than on my 3310. It works adequately as a = phone, rather than well. My sentiment as well; only I realized I value a mobile internet = terminal (with acceptable phone capability) more than an excellent phone = without internet access ;) >=20 >> while the password could be randomized, I envision user unhappiness = with randomized SSIDs >=20 > I don=E2=80=99t see why - that=E2=80=99s the one they don=E2=80=99t = have to type, because it gets scanned for. >=20 > A straight random string of characters from the base64 or base85 = character sets would be hard to recognise or read out loud, but I was = thinking more along the lines of picking randomly from wordlists, so = you=E2=80=99d get SSIDs of the form =E2=80=9CAdjectiveNoun=E2=80=9D = which are relatively easy to recognise and remember, yet still likely to = be locally unique. >=20 > Passwords chosen by a similar method (ie. virtual diceware) would also = be easier to type, etc. CorrectHorseBatteryStaple=E2=80=A6 I had considered this, but looking at the SSIDs in my = neighborhood, people either stick to the default or pick something = clever/funny; and dice ware will not allow those users to fulfill their = wittiness. For passwords that might work, have people =E2=80=9Croll=E2=80=9D= a fresh one until they like the result =E2=80=A6 >=20 >> That reminds me a bit of https://www.securifi.com/almondplus >=20 > The eye-watering price is certainly notable. It=E2=80=99s unclear how = much of that is profit margin, and how much went into the screen. I = note also the touchscreen UI, at which I have to squint to work out what = each icon is for (despite the bright, high-res colour screen). The price is putting this well into the life-style accessory = terrain ;) (I wonder whether this thing actually sells, but its main = selling point is the display so I thought it relevant to the current = discussion). >=20 > There=E2=80=99s a lot to be said for the old Amstrad PCW type of UI. = Very little window dressing, straight down to business. >=20 >> The keypad is sort of helpful to put in say IP addresses (or = passwords with a T9 like numerical hash for words system). I have used = old HP on printer interfaces to configure IP networking, not an = experience I would recommend to emulate (not that you are doing tis, but = please keep the failures of old in mind when designing your system). >=20 > I just looked up a few HP printer manuals to see what you=E2=80=99re = talking about. Setting numerical values by incremental button presses = does sound tedious - but I already knew that from badly-designed = microwave ovens. The cheap ones come with a clockwork dial, which is = actually easier to use than the typical =E2=80=9Cincrement 10 mins, 1 = min or 10 sec=E2=80=9D buttons. I deliberately bought a good one with a = digital dial. >=20 > At university, I often saw people routinely set the microwave timer = for 10 minutes, simply because it required fewer button presses than the = correct setting. We had a lot of false fire alarms. >=20 > But I=E2=80=99m not presently considering putting buttons on the = device itself. The screen will be a significant expense in itself; = adding enough buttons to be a worthwhile input device sounds like = another big cost. But there=E2=80=99ll be a USB port somewhere anyway, = and most users will have something worthwhile to plug into it. Honestly, if it is not self sufficient, then an display-only = solution seems inferior to even a mediocre web-interface, given that = everybody (requiring to set-up a router) probably is browser-proficient = already. Having the display in addition is superior for sure. >=20 > Clearly a keyboard will be the preferred input device. Though there = are many national layouts, we can rely on arrow keys, a full Latin = alphabet, Arabic numerals, space, backspace and return giving consistent = keycodes. Or at least, we can once we correct for = QWERTY/QWERTZ/AZERTY/Dvorak quirks - we can prompt the user to press the = Z key to distinguish between these. Rapid and accurate navigation and = data entry should then be easy. I believe using a web browser for access solves these issues = quite elegantly ;) >=20 > As a subtype of keyboards, though, there are standalone numeric = keypads, essentially the part missing from a laptop keyboard. Those may = merit special consideration - they don=E2=80=99t have a Z key. >=20 > There are established ways of navigating menus and entering text using = console controllers - since that=E2=80=99s a problem consoles themselves = have had to solve. It=E2=80=99s clunky, but somehow they get people to = pay $60 per game for the privilege of entering CD key codes this way. >=20 > It should also be feasible to allow a mouse to be used. Almost all = mice these days have a scroll wheel, which we can use to scan through = the character set instead of trying to squeeze a virtual keyboard onto = the screen. Navigation would be by pointing, left-click to select, = right-click to cancel/exit. If this comes as an additional/emergency method to access the = device this all sounds great, but as the main method that does not seem = to be superior to a reasonably well made web-interface (or as much as I = dislike those an =E2=80=9Capp=E2=80=9D interface). But I am fully aware = that this is a) a matter of taste and b) my taste is quite peculiar = (meaning I have no clue what the =E2=80=9Cmasses=E2=80=9D will like). >=20 > If this sounds like a complex solution to a problem - maybe it is, at = the design level. I think users will find it simple. That matters = more. >=20 >> Well, a lot of ISP supplied routers have a sticker on the back giving = exactly the information (in addition to the password for the web-gui) >=20 > My Buffalo router has such a sticker. It says the web-UI login is = root/(blank). That, right there, is my best argument against Web = configuration interfaces - they are impossible to secure in the = factory-fresh state. I can only speak for my ISP, but each device has a unique(?) = password/passcode (which might be trivially deduced from serial and/or = mac numbers). So if DTAG can pull this through so could OEMs/ODMs (that = after all build the devices the ISPs distribute in the first place). Best Regards Sebastian >=20 > - Jonathan Morton >=20