Slashdot Mirror
Web Server Packed into RJ45 Connector
VinceTronics writes "Electronic Design magazine has a review (.pdf) of the XPort by Lantronix, a product that packs an entire web server into the volume of an RJ45 connector! This includes an 80186 controller, an OS, the TCP/IP stack, a 10/100 Ethernet transceiver, and the LAN interface magnetics. Downside is that the serial interface to the controller tops out at 300 kbps, but for $33 (in 10K quantities) it's a cool, easy way to net-enable just about anything."
Sounds interesting. You take a modern Refrig. and you have all of the internal processor(s) and sensor(s) output their data to this thing and then while I'm sitting at work I can check and see how well my Fridge is running..
It might be more fun in the TV so it can keep a log of with the kids and the Spouse are watching not to mention the washing machine! [Dirty water detected, extend wash cycle (yes) (no)].
http://www.hawknest.com/
Ok, imagine your company makes sensors that output their results via RS-232 serial. Or controllers that are given commands via RS-232 serial. Or maybe you have machinery that is programmed through RS-232 serial. Either way, your would like to access those products remotely, and RS-232 just doesn't go very far. Add this thing, and suddenly your products are web-enabled.
The price is a bit high still, but there is a lot of equipment where $33 extra a unit would not scare customers away.
Finally! A year of moderation! Ready for 2019?
the Siteplayer is bigger but does more and is easily afforded by nearly anyone at $29.00 in SINGLE QUANTITIES so buy one and mess with it, make the first toaster with an IP address, 10baseT and a web interface (I did. though it was neat, then dismantled it because it was reallllly silly.)
http://www.siteplayer.com/ is the place to go.
If you cant buy the product in single quantities for a very reasonable price, then it's not worth messing with.
Do not look at laser with remaining good eye.
Can't see why that would bother you. You encrypt everything between the desktop and the server room anyway right? Just like your wireless access?
I bet someone could generally walk in the frontdoor with a laptop and sit in the meeting room to accomplish the same thing without anbody saying anything.
Rod Taylor
actually, that's not a bad idea. Imagine how many of these little boogers you could stuff into a chassis. Or a fly for that matter...
So there is the proof that it was a good idea to make the network dumb and put the "intelligence" into the leaves. It's time to rethink network security with that old paradigm in mind. Firewalls, network address based access controls and physical network access protection mean very little with devices like these around, and even less when the ethernet socket gets replaced with a WiFi transceiver. We need end-to-end authentication instead of "safe networks".
...it's a cool, easy way to net-enable just about anything.
Which is fine, but the REAL killer device will be an embeddable, commodity-level wireless interface--whether 802.11 or its successor--paired with ubiquitous wireless access, at least on par with current digital cell service. I estimate we're only a few years away from the latter, and the former is already more or less available in the PCMCIA form factor.
When my toaster oven can download Pop-Tart-warming instructions from its manufacturer's website without an additional cable to the wall, that'll be something.
What this could really use is a pass-through ethernet hub built into the device, so that you can drop it in-line with a cable in place of some existing connecter...
It still needs to connect to your network which means a new light on your hub/switch/router. A regular portscan of your network ip address range would find this, then you can just pull the connection at the other end. I don't think the security concerns are as great as everyone seems to think. I think it would be cool to modify it to integrate a wireless card with it to allow a wider market. I for one don't really feel like running cables into my kitchen.
-Chris
Why would you need IPv6?
Are you planning on making your fridge world visible? If not, your appliances could all sit behind NAT and you'd still only need a single IP address for your entire house.
I wouldn't want to get home and find out I've been H4X0R3D and have a freezer full of rotten food, so I don't think I'd ever give them world visible addresses.
--
Not that IPv6 is a bad thing, but this probably wouldn't significantly grow the total number of world routable addresses much, as they'd be on private nets.
I don't know about edible, but I do like this idea; for most fruit, you could embed the tag in the skin, for example. I'd actually really like to be able to get a list of stuff in the fridge, be warned when something's approaching the eat-by date...
Better still: some RFID tags have sensors in. A simple Perl script could track a shopping list for me, and either order replacements online or be synced to a PDA for shopping. Maybe even couple it with a Pricewatch-type site, so I know which supermarket would be cheapest for that particular list; work out what recipe I could make, or what I'd need to add.
Alternatively - if this device can do 300 Kbit/sec in this version, how about cable-modem/ADSL routers? Up the bandwidth a bit, it would handle the load OK; as it is, it could make a nice easy dialup router. $33 with a serial port - add a simple modem, and you have the ultimate plug+play ISP: one end in the phone socket, the other in the NIC, and it's all preconfigured!
Food service organizations must regularly monitor and log the temperature of their refrigerators. If one is off for any reason, the Health Department gets verrrrry testy. A net enabled device to check the temp does not substitute for showing up in person with a thermometer. However, this would allow them to spot trouble brewing before the health inspectors find it.
And you could also make one wireless... I think the only thing limiting you could be power consumption. But having a wall wart plugged into one of these under somebody's desk- that seems doable.
Manipulate the moderator system! Mod someone as "overrated" today.
I think the idea is that people who produce things like TVs, Refrigerators, water heaters etc... could easily intergrate these things into their products for a minimal cost. So, you can have your iRefrigerator and plug a network cable in it, and it can now email you when it runs out of ice, or someone leaves the door open, or it needs de-icing. You could point your webserver at it and get a reading of the current temperature, how much ice it has etc...
You could put these things in drink kiosks so that they can email you when they're almost out of Dr. Pepper.
I can't see why you'd want one in a toaster, though...
and we have the ultimate spy-device. heck, this ain't using any bandwidth, is super small and can transmit its findings via W-lan to the receiver in that unmarked white van outside the office building. that thing is powered via the network-interface, so no need for batteries or anything.
now if you only could produce such a thing in a form factor like a plug, not a socket, you wouldn't even need cable to spy on the network. just plug it in some unused office in the building or in a spare network outlet somewhere in the offices, no one will notice that. can be put secretly in place by the cleaning maid, can spy forever, can hardly be detected.
Downside is that the serial interface to the controller tops out at 300 kbps, but for $33 (in 10K quantities) it's a cool, easy way to net-enable just about anything."
The size is a big factor but there are already full blown devices that can do far more then this and are cheaper. Take a look at some DSL/Cable routers. Siemens sells one that is a 10/100 4 port switch, web interface and control, printer port, firewall, etc... for $19 and $28. Many SMC barricades and Linksys models are going for under $40. These devices might not fit into a toaster but I know they could be made smaller. I know comparing these to the articles product is not apples to apples but there are cheaper and more robust web and network enabled devices already out on the street.
Bad boys rape our young girls but Violet gives willingly.
I don't know if noticing a new light will provide any protection... computers here are routinely plugged in and out depending upon agent and client needs, etc, and that portscan erancy might just be a new laptop that somebody plugged in. I would think what you need to do is moniter the traffic out of your network, and prevent anyone from forwarding sniffed packets across your firewall. They might be difficult to detect if the machine had built in ssh, a time-delay, and mimmocked normal traffic use (requesting /. at 10:00 AM, for example).
The best protection against this is that with the above mentioned precaution it is unnecessary. If someone can smuggle themselves into your building, install a piece of hardware onto your network, and smuggle themselves out, then back in and out again to remove the device, why not just install a keylogger onto the back of someone's keyboard and get admin priviledges?
Personally, I'm hoping this gets integrated into webcams. I would love to setup a camera out of the side window of my basement to know when the carpool has come, but really don't feel like putting a full server into that environment.
The ______ Agenda
If you can run this gizmo in promiscuous mode without an IP stack it would not HAVE an IP address but would still be able to snag all the ethernet frames and perhaps filter them. OK, the bandwidth out of the serial lines would probably preclude this, but it would be semi-trivial to build a box about the size of, say a box of matches with one of these and an IBM CF microdrive to capture all the goodies. Such a thing would be bigger, but still would be easy to hide. For instance, plug it into a telephone case and connect the normal phone cable inside the phone to this thing and surreptiously plug the phone cord into the ethernet jack. Noone would notice (except perhaps that the phone is dead). You could even rig it so that you switch CF cards once per day through a small slot on the phone and analyze the stuff at your leisure.
All of this simply pushes further into the idea that perimiter security on networks just do not cut it anymore. Perimiter security is where you have a firewall that blocks from the outside and everything on the inside is free to do whatever it wants. Soon you will have to use edge security, where each edge in the internal network is explicity opened and configure and run IpSec inside the internal network too. See the new ACM Queue Mag (which has the inaugural issue online) for an article amout this. www.acmqueue.com
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
These devices would be great for simplifying factory control systems. Consider a small refinery producing cooking oil, speciality lubricants, detergents, or other liquids. There are hundreds, if not thousands of valves, flow meters, temperature and pressure sensors, tank gauges, heating/cooling units, and so on. Aside from power, all these devices have at least a wire pair back to some central control position, often through some proprietary interface (sometimes several layers worth), usually a legacy from several factory refits back.
These devices would let you strip away all the legacy hardware to be replaced by a simple RS-232 interface to the RJ45 device, then CAT-5 and local network back to a software solution control system.
The upside: software replacement for hardware system, and generic interfaces throughout the factory!
Pacifist paratroopers yell, "Ghandi!" when they jump.
It still needs to connect to your network which means a new light on your hub/switch/router.
You're right. This is a major drawback.
What we need is help from some hardware hackers. Surely someone skilled with electronics could build a, say, calculator sized board, duct taped to a square 6-volt lantern battery, that would have both the function of a hub and a packet sniffer using a small embedded microcontroller.
The way I propose building it, such a device would plug between an ethernet jack and a computer. It would install inline. (Although my proposed construction method is too bulky to be hidden inline, but the construction price is right. So it needs to go "inline" up in the suspended ceiling.
Since it is inline, it doesn't "take up" an ethernet port. It piggybacks on a legitimate device that is entitled to have a network connection.
A regular portscan of your network ip address range would find this, then you can just pull the connection at the other end.
Not true. Just because the thing listens on ethernet does not mean it needs to respond to portscans. Heck, it doesn't even have to have an IP address. It doesn't even need to have a MAC address!
Late at night, when the device the sniffer is piggybacked onto isn't doing anything, our sniffer could then use the same MAC address and IP address as the piggybacked device. Packets sent out from our sniffer could look to the LAN, switches, routers, etc. just like they had come from the piggybacked device. In fact, no reason we couldn't do this during the daytime. Our sniffer would watch for reply packets comming to our MAC and IP address to one of OUR port numbers, and just not relay those packets thru to the piggybacked device whose connection we're leaching from.
Okay, maybe this shouldn't have a "hub", but should really be an embedded computer with TWO ethernet ports. It's normal function is to "transparently" bridge all packets between the two so that it is invisible "inline".
I sure wish such an inline sniffer could be truly small so that it literally could go "inline" between two ethernet cables, connecting them together. But the price of such equipment isn't there yet for most of us.
Another problem that I touched on above is how to power such a device. I mentioned the possibility of battery power. This is fine if you don't want a permanent "bug" in someone's network.
Better is to somehow power it from utility power. A small AC adapter? A very tiny switching power supply on the sniffer's circuit board so that you just use aligator clips to hook into 110v power, such as in some light fixture in the suspended ceiling? (You still need battery backup for "lights off" hours.) Well, maybe just the insides of an AC adapter bolted to your board, with alligator clips for 110v power. Again, the price and ease of construction is right for those of us without NSA style budgets.
I wish I could buy some of the NSA's packet sniffers from ThinkGeek.
Another problem is how does the device communicate to its master? IRC is one possibility. Instant messaging? P2P? What about a P2P that is bandwidth friendly like OpenNap? The device connects to a server, offers several bizzarre files to upload. When one of those files is uploaded, that triggers it to search for and then "download" a file of new commands or firmware. When a different file is requested for upload, the sniffer yields up its booty. Besides IRC or OpenNap, the device could pretend to visit certian web sites. Various URL's of the web site would secretly communicate "bits" of steganographic information. For instance, it visits my "slash" site. It checks the last 64 comments. Which of the 64 comments it checks, communicates a 6-bit value to the web server. Of course, once such a device is discovered, the web server might be implicated. Another possibility is to e-mail various yahoo or hotmail accounts with encrypted infor
I'll see your senator, and I'll raise you two judges.
All good points, there are issues here - I was just pointing out that the assumption that large companies encrypt all their IP traffic is, AFAIK, incorrect.
Personally, I think physical security has to be number one. Secondly, think about how these things work.
I assume that the bug will sniff interesting data and pipe it out of the LAN into the hands of the cracker. So we need to tighten outbound security. Web traffic is routinely proxied, so the bug would have to know where the proxy is. Now how about we put auth on the proxy? The bug now needs a valid token to get an outbound connection. Still not impossible to break, but very much harder - the intruder will need more than 30 seconds to plug the thing in, he'll need inside information as well. How about we also put in MAC filtering? The bug would have to sniff a valid MAC and use that, hoping no-one would notice. It should be easy enough to run an IDS which looks for duplicate MACs and blacklists them.
The other use for the bug (taking requests from the outside and executing them on the inside) would already be blocked by firewalls etc on incoming connections. Nothing can connect from the outside to the general LAN. The server rooms (where machines which are accessible are located) of course need to have very tight physical security.
Just some ideas - it's by no means an easy problem to fix, and this is a very real risk.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Typical - someone fits an entire web server into the space of an RJ45 socket, including socket space, and the top ten posts go on about what a waste of time it is! Personally, I think its great, and although I wouldn't expect toasters with this thing any time soon, it would be ideal for wiring factory equipment and such like with remote diagnostics (I get the impression this is the market they are aiming for). I think it would be massively improved if they could fit a wifi interface into the space wasted by the RJ45 socket, though. Then it might have realistic household applications.
Their development methodology is out to lunch though!
If I seem short sighted, it is because I stand on the shoulders of midgets
It's obvious. To predict the weather!
http://www.theregister.co.uk/content/2/19442.htm l
These will initially be targeted at higher margin items. A poster suggested a clothes washer that could send you an email when it is finished washing a load. This wouldn't appear in a Roper (about a 4% margin), but more likely a Kennmore Elite or Maytag Neptune. A refrigertator with online access to temperature and enegry usage graphs is more likely to be a $3999 SubZero than a $399 GE. The good thing about this product is that as more people use it, pricing will drop and it will work its way down to mid-range products where the margins are thinner.
While a web server is cool, and ideal for human interaction, it seems to me that the most promising application for this technology is on the assembly line. In this application, a passive technology (a daemon waiting for someone to connect) is not ideal.
Why not implement an snmp daemon, this way the device can through traps you tell you when the "capper" is jammed, or when the fridges temp goes below a threshold. SNMP Mibs can allow for the same passive access that HTTP allows, though there would need to be a client involved.
FizzyD
Small web servers are old news. Art & Logic has been creating embedded web applications since 1996. Typically, embedded web servers are used for something called web-based device management. Companies do this as an alternative to CLI or Windows/Java applications. All the usual advantages to web-based management apply, including ease of development, deployment, support, etc.
This story has a lot of cool factor, but other companies (Ubicom, for example) sell web-enabled chips for less money (last time I checked). If you're talking about consumer devices (such as a toaster, fridge, etc), it's all about cost per unit.
If you're building a more expensive product, you might have room for an RTOS (real-time operating system) and a software-based webserver to run on top of it, such as the GoAhead WebServer or the Device Management Framework.
These will be huge in medical equipment if they're proven reliable. Imagine being able to monitor patients at home 24/7 over the web, or using these in hospitals for real time monitor and capture of medical monitors'data (EKG's etc.) over the Hospital LAN. Doctors could even use these to check up on patients from home without having to bother the nurses on duty. And in terms of having one in your refrigerator, though you might not need/want one there, a supermarket chain or restaurant might! Why do you think that so many are stafffed 24 hours? To keep an eye on the refrigeration equipment. I can also see these being used in process control devices, automation, and remote control units.
If they can slap a webserver into such a small device, why not just slap ircop or some other small footprint firewall and hook it up with a pass through on the back end so you can hook another system behind it. Then, you can just slap that baby in and now each time you plug in your computer into the network, just slap that baby in the front of your RJ45 and whala, instant firewall for you and just do NAT for you. Now that would be really sweet.
Actually, this is 300k baud - much faster than the //c can handle. If you wrote the code in assembly (running with a 1 MHz clock and 4 cycles per instruction), the tightest code ("LDA $C1FF; LDA $C1FF; etc.") wouldn't keep up -- and that doesn't even do anything with the data! Ah, nostalgia. I remember how the //c couldn't scroll the screen reliably at 2400 baud - it's amazing how far things have come, especially when I DMA stuff at a gigabit/sec to/from a RAID.
HIV Crosses Species Barrier... into Muppets