[Commotion-dev] Ok to commit to master OpenWRT branch default root password?

Ben West ben at gowasabi.net
Tue Jan 22 04:06:46 UTC 2013 

If it helps, I believe the specific backports I created for kernel v3.3.8
and compat-wireless-2012-09-07 are generally independent of application
layer within OpenWRT.

So, whenever the DR1 release candidate is assembled into a coherent whole,
if the underlying OS doesn't already have the kernel and radio drivers from
Attitude Adjustment, then these backports may work on that too:

https://code.commotionwireless.net/projects/commotion-openwrt/repository/revisions/ath9k_new/changes/patches/backport_kernel_3.3.8.patch
https://code.commotionwireless.net/projects/commotion-openwrt/repository/revisions/ath9k_new/changes/patches/backport_compat_wireless_09-07-12.patch

My original motivation for creating the backports was that the
compat-wireless drivers included with the version of Commotion pinned to
trunk r31639 didn't work very well with the ath9k_htc USB wifi adapters I'd
been using.  That, and the fact that I too had a personal copy of Attitude
Adjustment that I had been toying around with for purposes vaguely
tangential to Commotion.

Perhaps one day everyone's secret copies of Attitude Adjustment will be
merged together . :)

On Mon, Jan 21, 2013 at 9:52 PM, Dan Staples <
danstaples at opentechinstitute.org> wrote:

> Right now a most of the new code for DR1 that we've been working on is
> in various repos on the OTI github account:
> https://github.com/opentechinstitute. Everything has yet to be compiled
> into a single source tree, since plenty of it isn't finished yet.
>
> As for the backports, I really have no idea. I know Josh King has been
> working on bringing Commotion-OpenWRT up to Attitude Adjustment, and
> I'm not sure what kernel version that uses. I apologize that our DR1
> efforts haven't been well documented or announced. I think in the
> future, it would be good for us Commotion developers at OTI to be more
> transparent with what we're working on, at least for the reason that
> it's important for everyone to be on the same page...it would be crummy
> for someone to be working on something that is then made obsolete by
> something someone else is working on!
>
> We've been pretty good about tracking our DR1 efforts on the Commotion
> issue tracker. You can check out the DR1-specific stuff here:
>
> https://code.commotionwireless.net/projects/commotion/issues?set_filter=1&f[]=fixed_version_id&op[fixed_version_id]=%3D&v[fixed_version_id][]=2&f[]=&c[]=tracker&c[]=status&c[]=priority&c[]=subject&c[]=assigned_to&c[]=updated_on&group_by=
> .
>
> Here are some highlights of what we've been working on for DR1:
>
> * A cross-platform Commotion daemon written in C, to manage all the
> Commotion components and handle configuration
> * Quick Start wizard to guide the user through setting up a node on
> first boot
> * Application advertisement and discovery (using mDNS/DNSSD) and
> OpenWRT application web portal
> * Enhanced security features, such as AuthSAE and a OLSRd-secure plugin
> to sign routing traffic with Serval keys
> * A new LuCI theme to match commotionwireless.net
> * A Commotion-OpenBTS live distro with Serval integration
>
> Dan
>
> On Mon 21 Jan 2013 09:29:28 PM EST, Ben West wrote:
> > This is encouraging to hear.  Is the code base for DR1 RC somewhere on
> > the git repo at code.commotionwireless.net
> > <http://code.commotionwireless.net> at present, or is that also
> > pending release soon too?
> >
> > At any rate I won't commit anything to the master branch for a default
> > root password.
> >
> > (Also, I hope the back ports for the newer kernel and compat-wireless
> > drivers mentioned in the other thread are still of use. Or maybe
> > they're now already obsolete ...)
> >
> > On Monday, January 21, 2013, Dan Staples wrote:
> >
> >     We actually have an entire quick start wizard in the works now for
> the
> >     Commotion DR1 release candidate, which should be released shortly.
> >     This
> >     will walk the user through all the steps of configuring a device,
> >     including root password, or uploading a configuration file, upon
> first
> >     boot. So I would say setting a default password would probably not be
> >     needed in this case.
> >
> >     Dan
> >
> >     On Mon 21 Jan 2013 07:10:24 PM EST, L. Aaron Kaplan wrote:
> >     >
> >     > On Jan 21, 2013, at 11:34 PM, Ben West <ben at gowasabi.net
> >     <javascript:;>> wrote:
> >     >
> >     >> This is why I ask.  What is preferred method for letting users
> >     specify a root password?
> >     >
> >     > Yeah, a hard problem.
> >     >
> >     > Ideally you generate one initially and display it on some LCD
> >     once ;-)
> >     >
> >     > The problem that I see with having the password a well known
> >     default password is that usually people forget to change it.
> >     Search engines then find those devices on the internet. And they
> >     are sort of p0wned by definition then :)
> >     >
> >     >>
> >     >> OpenWRT by default has no root password set, expecting you
> >     first telnet in to set the password.  This doesn't seem to play
> >     nicely with the automated configuration that the meshconfig tool
> >     tries to do.  I had thought that compiling in a default root
> >     password into images did not change the (lack of) security of this
> >     arrangement any all, while at least letting meshconfig run to
> >     completion.
> >     >>
> >     > Well.... I did discover some openwrts in the wild which are
> >     default, unconfigured and once you greet them with a telnet login
> >     attempt, they will greet you back with a prompt ("#") sign. No
> >     password required. Yikes.
> >     >
> >     >
> >     > Personally I recommend the following:
> >     > Step 1: an unconfigured mesh node generates a random password
> >     > Step 2: it connects to some central server and fetches its
> >     configuration.
> >     > Step 3: It reconfigures itself based on the configuration stored
> >     in the nodeDB. The user can change the pwd from a nodeDB/dashboard.
> >     >
> >     > (I know this conflicts with the totally distributed approach of
> >     commotion, but that's how we will do it initially with our new
> >     nodeDB at Funkfeuer)
> >     >
> >     > That's one way to do it. ssh keys are a different one. X509
> >     certificates also come to mind.
> >     > I am open to better suggestions.
> >     >
> >     > a.
> >     >
> >     >
> >     > _______________________________________________
> >     > Commotion-dev mailing list
> >     > Commotion-dev at lists.chambana.net <javascript:;>
> >     > https://lists.chambana.net/mailman/listinfo/commotion-dev
> >     >
> >
> >     --
> >     Dan Staples
> >
> >     Open Technology Institute
> >     https://commotionwireless.net
> >     _______________________________________________
> >     Commotion-dev mailing list
> >     Commotion-dev at lists.chambana.net <javascript:;>
> >     https://lists.chambana.net/mailman/listinfo/commotion-dev
> >
> >
> >
> > --
> > Ben West
> > http://gowasabi.net
> > ben at gowasabi.net <mailto:ben at gowasabi.net>
> > 314-246-9434
> >
>
> --
> Dan Staples
>
> Open Technology Institute
> https://commotionwireless.net
>



-- 
Ben West
http://gowasabi.net
ben at gowasabi.net
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20130121/2a803894/attachment.html>

More information about the Commotion-dev mailing list