[Cerowrt-devel] [Make-wifi-fast] arstechnica confirms tp-link router lockdown

Jonathan Morton chromatix99 at gmail.com
Sun Mar 13 16:15:40 EDT 2016

> On 13 Mar, 2016, at 20:25, moeller0 <moeller0 at gmx.de> wrote:
> I also fondly remember my 3310, but I certainy do not want to go back there, that week of standby be damned ;)

I don’t actually use my 3310 very much - it’s there for emergencies more than anything else.  But I do think it makes a better phone than my Android phablet.

The latter is pretty good at the whole “internet terminal” and “utility app” thing, but it’s a pretty lousy phone.  Indeed the “make a phone call” functionality is presented as just another app, albeit one that can’t be uninstalled.  I can’t even type a text message any faster on it (to the same accuracy) than on my 3310.  It works adequately as a phone, rather than well.

> while the password could be randomized, I envision user unhappiness with randomized SSIDs

I don’t see why - that’s the one they don’t have to type, because it gets scanned for.

A straight random string of characters from the base64 or base85 character sets would be hard to recognise or read out loud, but I was thinking more along the lines of picking randomly from wordlists, so you’d get SSIDs of the form “AdjectiveNoun” which are relatively easy to recognise and remember, yet still likely to be locally unique.

Passwords chosen by a similar method (ie. virtual diceware) would also be easier to type, etc.  CorrectHorseBatteryStaple...

> That reminds me a bit of https://www.securifi.com/almondplus

The eye-watering price is certainly notable.  It’s unclear how much of that is profit margin, and how much went into the screen.  I note also the touchscreen UI, at which I have to squint to work out what each icon is for (despite the bright, high-res colour screen).

There’s a lot to be said for the old Amstrad PCW type of UI.  Very little window dressing, straight down to business.

> The keypad is sort of helpful to put in say IP addresses (or passwords with a T9 like numerical hash for words system). I have used old HP on printer interfaces to configure IP networking, not an experience I would recommend to emulate (not that you are doing tis, but please keep the failures of old in mind when designing your system).

I just looked up a few HP printer manuals to see what you’re talking about.  Setting numerical values by incremental button presses does sound tedious - but I already knew that from badly-designed microwave ovens.  The cheap ones come with a clockwork dial, which is actually easier to use than the typical “increment 10 mins, 1 min or 10 sec” buttons.  I deliberately bought a good one with a digital dial.

At university, I often saw people routinely set the microwave timer for 10 minutes, simply because it required fewer button presses than the correct setting.  We had a lot of false fire alarms.

But I’m not presently considering putting buttons on the device itself.  The screen will be a significant expense in itself; adding enough buttons to be a worthwhile input device sounds like another big cost.  But there’ll be a USB port somewhere anyway, and most users will have something worthwhile to plug into it.

Clearly a keyboard will be the preferred input device.  Though there are many national layouts, we can rely on arrow keys, a full Latin alphabet, Arabic numerals, space, backspace and return giving consistent keycodes.  Or at least, we can once we correct for QWERTY/QWERTZ/AZERTY/Dvorak quirks - we can prompt the user to press the Z key to distinguish between these.  Rapid and accurate navigation and data entry should then be easy.

As a subtype of keyboards, though, there are standalone numeric keypads, essentially the part missing from a laptop keyboard.  Those may merit special consideration - they don’t have a Z key.

There are established ways of navigating menus and entering text using console controllers - since that’s a problem consoles themselves have had to solve.  It’s clunky, but somehow they get people to pay $60 per game for the privilege of entering CD key codes this way.

It should also be feasible to allow a mouse to be used.  Almost all mice these days have a scroll wheel, which we can use to scan through the character set instead of trying to squeeze a virtual keyboard onto the screen.  Navigation would be by pointing, left-click to select, right-click to cancel/exit.

If this sounds like a complex solution to a problem - maybe it is, at the design level.  I think users will find it simple.  That matters more.

> Well, a lot of ISP supplied routers have a sticker on the back giving exactly the information (in addition to the password for the web-gui)

My Buffalo router has such a sticker.  It says the web-UI login is root/(blank).  That, right there, is my best argument against Web configuration interfaces - they are impossible to secure in the factory-fresh state.

 - Jonathan Morton

More information about the Cerowrt-devel mailing list