[Cerowrt-devel] making cerowrt chattier
dpreed at reed.com
dpreed at reed.com
Wed Jun 13 15:49:20 EDT 2012
Can we clarify what this is to be used for? I assume it will be defaulted off. Not sure I want my router to send messages to people I don't know, or be reachable by people I don't know.
Anyway, just a personal reaction.
From: "Dave Taht" <dave.taht at gmail.com>
Sent: Tuesday, June 12, 2012 11:09pm
To: "Jim Gettys" <jg at freedesktop.org>
Cc: dpreed at reed.com, cerowrt-devel at lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] making cerowrt chattier
On Tue, Jun 12, 2012 at 10:28 PM, Jim Gettys <jg at freedesktop.org> wrote:
> On 06/12/2012 10:22 PM, dpreed at reed.com wrote:
>> I have an awkward worry that the functionality here is expanding to
>> fill all possible space on the machine, so it is less a router than a
>> complete "home appliance".
I guess I'm way ahead of you guys, and should have just deployed the
thing and awaited feedback. The jabber server I have working runs out
of xinetd (so no memory use when not used), and eats less than 100k of
ram per invocation. For more details on in.jabberd and related tools
There is of course an old aphorism that all programs expand until they
can send mail (which ssmtp can do, btw). While I miss the days where
email was the one constant in the universe, lacking secure
authentication and verification as well as direct p2p access in the
current standards is a real problem that has too many overlapping
means to solve at the present time.
I miss email direct to my machine. And netnews for that matter.
(cerowrt has leafnode as an optional package btw), but I wasn't
planning to solve that problem this year.
>> On a machine that has almost no internal isolation capabilities,
>> lurking potential alignment bugs whenever the kernel is updated by the
>> x86 maintainers, vulnerable to the first compromised service, it may
>> be a bit risky to load on to the system every app except the kitchen sink.
I am concerned about most embedded appliances (not just routers)
running nearly every service as root. While cerowrt takes more steps
than most to remedy this (named is in a jail, the web server doesn't
run as root, etc), more work is needed on the configuration web server
among other subsystems. I wish certs weren't such a PITA, for example.
>> My personal bias would be to make a darn good router, and leave the
>> other stuff entirely out of the picture.
My personal bias is toward making a darn good router that *stays one*
and better, improves over time, and that is one motivation towards
making it chattier in some form. Other ideas include adopting a
hip-like protocol to allow remote access to a user selected
independent provider of security services.
In the time we've been working on cerowrt (well over a year now) there
have been over 8 major CVEs to deal with that I can think of off the
top of my head. Some means of pushing out security updates in
particular, in a sane manner, is needed, and a little user
intervention required now and then.
> I mostly agree with you, particularly when it comes to running a chat
> But we've identified a number of situations where having the router be
> able to inform you of goings ons/events is needed. One other low tech
> solution is sending email, but you also have a configuration problem
> then (as you will for a chat service too, of course, unless you run via
> multicast, and I doubt if anything but a Linux system will receive those
> without fuss).
> That's why I sent a pointer to telepathy; it allows you to send messages
> to a bunch of different back ends, and stays out of the server
> business. And it's being used on embedded systems (though I don't know
> if they go as small as what a typical home router is today).
> - Jim
I will look over telepathy. IRC, as the other major chat standard, would
be nice to support. As well as bonjour.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cerowrt-devel