Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 23 Apr 2013 22:37:39 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: Best place to discuss other lightweight libraries?

On Tue, Apr 23, 2013 at 05:50:23PM -0400, Kurt H Maier wrote:
> On Tue, Apr 23, 2013 at 09:47:24AM -0400, Rich Felker wrote:
> > 
> > 1. Choosing which network to connect to.
> > 2. Managing keys.
> > 3. Logic for what to do when signal is lost.
> > 4. Automating nonsense click-through agreements on public wifi.
> > ...
> 
> wpa_supplicant can do 1., unless you mean choosing between ethernet and
> wifi.  but it supports priority weighting on access points..

OK.

> 2. is pretty trivial since you can easily wpa_cli >> /etc/wpa.conf or 
> similar.  I've never been sure why typing 'dhclient eth0' is seen as
> more onerous than running a polling daemon to save you the trouble.

Because you don't have a keyboard, you have a 3-4" touchscreen. And
you want it to keep working as you move from place to place without
any interaction.

> Can you elucidate more on 3?  if the signal is lost, wpa_supplicant
> rescans and connects to any configured network, or else sleeps and
> rescans later.

I'm not sure what the ideal behavior is, but I know all the existing
ones have bad behavior.

> 4. will never be solved satisfactorally, since that garbage is not
> predictable.  the database of tedious TOS crap will never stop
> expanding.

Agree, but it still needs to be solved, even if the solution requires
frequent updates to be fully effective. With decent heuristics though
I think it could be fully automated for most sites with just a few
exceptions for really weird ones..

> > 4. Minimal or no auto-click-through; even when it does work, you can
> > get burned if your web browser happens to attempt a load before it
> > succeeds. A correct one needs to encapsulate the connection somehow so
> > that no connection is exposed to the user at all until the
> > click-through succeeds.
> 
> There are lots of useful things that can be done with this concept of an
> encapsulated connection.  I get burned by this on my work laptop, which
> likes to spam VPN connection attempts back to corporate.

Agreed. I think really most users should _always_ be running in an
environment where only root sees the real network interfaces and
applications just see a virtual network routed through the real one.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.