Slashdot Mirror
NSLU2 Now More Useful
NSLUG writes "The WRT54G's not the only hackable kid on the block. Linksys has a new device out. The NSLU2 is a tiny network storage device running Linux and it's been hacked to add SSH, NFS, an iTunes server, etc. Tom's Hardware is running a series of articles on how to hack the NSLU2. The first article is here
and the second is here. Check out this page for details on getting into the box."
This is another example of why linux is so damn cool. That little kernel can go anywhere.
It shouldn't be this easy to let hackers break into the system, and there really shouldn't be enough tools in the OS to allow more functionality than the designers spec'd out for the device.
Linux is a great thing, on the desktop. But in embedded systems, the kernel is too tangled to successfully create a small distribution that is at the same time useful and feature-limited.
This is where operating systems designed from the ground up with modularity in mind fit the bill. QNX, iTron, and VxWorks all get around this hacking problem by not providing the tools for hackers to change the system.
The WRT54G is a superb router - it's product's like this which made Cisco by them out because they were starting to verge on their low end devices which cost 10x as much.
Of course, no-one got fired for buying Cisco but I'm sure we will see a hell of a lot more of these sorta devices at remote sites and for 'glue'.
IntechHosting - Free domain, 2GB, PHP, £4.95/$8.95
A-Link has released two new ADSL-modems RoadRunner 64 and RoadRunner 64AP. Both have many advanced features, but the one that cought my eye was that they are Linux based. I bought the RoadRunner64 (without WLAN) and I've gathered some data about it.
You can find out more about the product either by looking at the RR64 feature sheet or by checking out the guides and firmware page.
The platformBoth versions use LSI Logic's HomeBASE platform with the AR901 network processor. The only difference is that the AP version has a WLAN module manufactured by Zydas.
The platform consists of AR901 processor (ARM922), the AR8203 analog-to-digital adsl chip and the AR229 USB/Ethernet chip. Note that the value of these parts is a measly $21 while I paid 80 EUR for the complete modem ;-)
SpecsProcessor: ARM922 @ 200MHz integrated in the AR901 chip
One can simply ssh to the box. It has tftp support and you can mount nfs partitions, so setting it up to distribute kernels for a ltsp setup would be possible. Cool little gadget, I must say. Unfortunately the software isn't 100% yet, at least not the firmware I have (first release). I got the source by asking politely by e-mail, and after it suddenly borked on me, they changed it for a new one without any hassle.Flash: 4MB
RAM: 16MB SDRAM
Ports: 4 RJ45, 1 RJ11, 1 power
Other: Zydas 802.11b WLAN (In RR64AP only)
Lucky for you, the NSLU2 stands for "LINKSYS Network Storage Link for USB 2.0 Disk Drives"
so you can have both the WRT54G and the NSLU2, unless you were looking for two items to hack.
I've just signed legislation that'll outlaw Russia forever. We'll begin bombing in five minutes.
Buy's got it for $71 if you use a $5 off coupon. Nobody /. 'em until I finish my order, though... thanks!
How about someone installing ClamAV on this puppy? Have it auto-scan the HD every so often and keep your NAS nice and virus-clean!
Full-Featured GPL Web Hosting Control Panel
You are totally missing the point. There is a difference in hacking and cracking.
The thing is highly likely be secure enough although it is modifiable (read: hackable). `Secure' doesn't have to mean `unhackable' you know.
- Voice of Ambience -
As neat as this is, I can't help to wish there was a little more security in devices like this. What about when someone adapts some worm code to install a custom, ddos-zombie installation on the thousands of Linux-powered Linksys/etc routers out there?
It seems like there would be only a marginal intersection between the type of people that buy network attached storage devices and the type of people interested in hacking their network attached storage device. I mean, I would think most people who are able to hack their NSLU2 are also the type that have an extra computer around that they would use instead.
Could it be hacked to run software RAID 1 or RAID 10 on the attached hard drives? That would make it more useful for small office environments.
Full-Featured GPL Web Hosting Control Panel
test_user:scEPG0VnVyqmE:2000:501:::/dev/null
t
test3:sc5
But in order to use these accounts, I would need to have their passwords. I started down the path of cracking the passwords before I came out of my stupor and realized all I had to do was edit the passwd file and replace the encrypted password with a known encrypted password from one of my other accounts! I could also just add a valid shell to one of my accounts, but for starters, decided to just put a new password in for root and leave the rest of the accounts alone.
*nix n00b question, maybe, but why not just blank the password out?
root::0:0:root:/root:/bin/sh
??
Well, get a USB flatbed scanner with GPL drivers and you can have a network attached scanner. Come to think of it, there are probably lots of USB devices that one could share with this box. It could even do wiring closet security monitoring with a USB webcam and a remote machine which analyzes the images for movement. The possibilities appear endless (provided working drivers can be obtained and installed on the box).
Full-Featured GPL Web Hosting Control Panel
What's the real-world performance on this kind of device like? And why is it limited to two USB devices (other than the obvious fact that there are only two USB ports on the thing)? I'm considering one simply as a network backup device.
I don't get it.
I have been pwned because my
well done
If you want ssh, telnet and all the other toys, plug a real linux box into your network !
It is a real linux box. It was when it was packaged too.
The thing about this and WRT54G is that it can do things with more efficient hardware than setting up an inefficient ATX based system. These things consume watts, not hundreds of watts and are also fanless, lighter and more compact.
for you to ebay your /. account?
What a sad world we live in.
I got dibs!
-- "I'm not a religious man, but if you're up there, save me Superman..."
I don't get it.
THAT was the great and historic 10,000,000th post. Beautiful. I'm reminded of the "I don't know" written on the chalkboard in Fast Times At Ridgemont High.
http://publicvoidlife.blogspot.com
buzbee specifically indicate that he just accessed the flash-partition containing the system using the usb connector on the device and mounting the drive so he could
: /dev/null for the shell. But there were two accounts that had a real shell: root and an interestingly named account--ourtelnetrescueuser, that looked like a back door account used for debugging or recovery purposes.
x :1:1:bin:/bin:: 8:12:mail:/var/spool/mail:e user:scFf7ZMXBMl4I:100:100::/home/u ser:/bin/shu ll: /dev /null
e st2:scEPG0VnVyqmE:2001:501:::/dev/null0 wKPq.zChw:2002:501:::/dev/null
all his copying, untarring, editing and modifying where made on the device network share-drive, him being short on space and all...
so you don't need to fiddle a lot with the box, except for plugging in usb, which any luser can do.(?)
he didn't even have to crack the password
"As expected, the passwd file showed the user accounts I had created with a
root:WeeOvKUvbQ6nI:0:0:root:/root:/bin/sh
bin:
lp:x:4:7:lp:/share/spool:
mail:x
ftp:x:14:50:FTP User:/:
nobody:x:99:99:Nobody:/:
ourtelnetrescu
guest:scEPG0VnVyqmE:501:501:::/dev/n
admin:sclzZZfodiRXY:502:501::/home/user/admin
test_user:scEPG0VnVyqmE:2000:501:::/dev/null
t
test3:sc5
But in order to use these accounts, I would need to have their passwords. I started down the path of cracking the passwords before I came out of my stupor and realized all I had to do was edit the passwd file and replace the encrypted password with a known encrypted password from one of my other accounts! I could also just add a valid shell to one of my accounts, but for starters, decided to just put a new password in for root and leave the rest of the accounts alone. "
See, just copying and pasting a configuration file...
even a luser ca do that (bis repetitam placient 8p )
Cheers
da5id
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
I, nslu(1), am just as useful.
I would think most people who are able to hack their NSLU2 are also the type that have an extra computer around that they would use instead.
Sure you could use an old PC for that job. But that PC has at least a 150W PSU, often 200W, 250W or more, and almost every PC has at least one noisy fan. My tests on my ex-router (really old Compaq 486 without harddisk) show that a PC needs at least 40W AC power when IDLE, and much more with newer CPUs. According to the Datasheet, the device is specified for 5VDC @ 2A. USB ports must be able to deliver 0.5A each, so the "real" machine needs nothing more than 5V @ 1A. This means you never put more than 10W into the device, with a low power USB storage device, 5W should be possible IMHO. With a common wallbrick PSU (50% heat, 50% output), this translates to 20W AC power under FULL LOAD. With a modern switching PSU (20% heat, 80% output), and a low power USB storage device, you need about 7W AC power. That's what a modern ATX PC draws in standby mode (so-called "off").
Did I mention that the NSLU2 has no moving parts?
Tux2000, not related to Linksys except that I own a hacked WRT54G.
Denken hilft.
- low power... makes the box silent, and the power-supply is simpler/cooler and likely to have a longer life
- simpler software... unlike an old box that potentially has a ton of different things running on it, this has a smaller set of very stable software that's likely to continue working forever
- easy backup/restore... the ROM image is 16MB, so it's something you can put a copy on all of your computers, and is trivial to restore. Whereas if your random machine lost its installation, how long would it take to do a re-install?
- it's small and cheap... yes, spare computers are cheaper, but whereas it's feasible to maintain and store 25 NSLU2's in my computer room, the same is not true of spare boxes... it'd be too noisy and much less stable.
Where we're going with this is having separate hardware to do each little network task. Since they're all running on separate CPU's, if one of them does die, the other ones will be fine, and will likely continue running for a long time.- audio output/video playback (one per room)
- firewall/NAT/WiFi
- DMZ services
- apache
- sendmail
- network attached storage
- backup/restore
- X10 network interface
- ...
These are things you simply want to always work, and don't want to screw around too much.Lots of people are claiming that this is much cheaper to run than a dedicated ATX server, but they are forgetting you need to power the hard disks too. In my (limited) experience, powering desktop 7200rpm disks from USB is very dicey, so you need externally powered hard disk boxes for them.
:o)
Based on UK prices turned up in 30 seconds by Google, so probably not the cheapest to be had, but never mind.
NSLU2: £60, 5V/2A power into device
Cheap USB hard disk box:£35, 50-80VA power into the PSU brick (based on the one on my desk). I'll use 70VA, to be on the safe side.
So, outfitting one of these for two hard disks would cost around £130. Assume a 60% efficiency plugpack for the NSLU2 (which seems conservative) and total power consumption would then be around 160VA.
In comparison, my server has an Athlon 900Mhz, a couple of fans, the same two hard disks, and a 300W PSU. Let's assume it's highly loaded and actually draws around 250VA; I'll ignore power correction factor for these calculations.
At 10p/kWh, the NSLU2 costs 39p per day to run, and the server 60p. If I upgraded to the NSLU2, it would take over 3 years to get a ROI from a purely financial point of view. Unless I've gotten something wrong, in which case I'm sure some clever slashdotter will correct me in a few seconds
So, on purely financial grounds, perhaps hard to justify. Still, it's nifty, it's a hell of a lot smaller than my existing server, and it would reduce the noise in this room nicely by eliminated a few fans too.
Update: hmmm, PC guide reckons it's more like 10W for a hard disk under use, suggesting the rather high sounding 50-80VA max draw are probably for 10,000rpm disks spinning up or something. Even assuming 15W to be on the safe side changes things around a lot; assume 75% efficient PSU plugpacks just to look on the bright side, and we get 20W per hard disk and 13W for the device = 13p per day. Break even is now about 9 months; not too shabby, given the other benefits.
You win again, gravity!
Space and spare hardware are issues for me. As a college student living in the dorms, I kindof really have to choose what I bring to school with me. Currently, I bring my WinXP tower for game-playing (and, as of now, mass-storage), my PowerBook, and an old school ThinkPad 600E as a network appliance linux utility. Say I need more storage, I'd have trouble finding space for another box between everything else (UPS, tower, storage for books, etc). Also, my complete-computer boxes often find their way into the hands of my friends, who are computationally less fortunate, so I don't always have spare hardware to run such an appliance from. Sure, there's the ThinkPad, but it lives in a ventilated drawer, for the most part, firewalling, scanning the network, etc. If I wanted a networkable mass storage device (NAS), this would work great. Further, the disks are reconfigurable. I'm sure you could even make it into an even more reliable solution by integrating mirror-RAID across the two USB disks. Just get two enclosures, two hard disks of the same size, and, presto, mirrored network backup. And a toy, to boot! (Boot. Haha.)
Your point is valid, but, this solution would be great for me.
Informatus Technologicus
There appears to be a fair sized amount of information on how to modify these boxes on various Japanese sites which I can not read a word of. So I have yet to take my LinkStation appart but will hopefully get around to it soon. So far it has worked well and I am pretty happy with my purchase.
Some Slashdot history (thanks to $$$$$exyGal for the informative journal entry...
0 00 0 000 0 000 = 4000000 0 000 0 000 0 000 0 44&cid=8000000 8 &cid=9000000 8 344&cid=10000000
Post #1,000,000 on Jun 15, ???? http://slashdot.org/comments.pl?sid=6038&cid=1000
Post #2,000,000 on Mar 1, ???? http://slashdot.org/comments.pl?sid=16359&cid=200
Post #3,000,000 on Feb 13, ???? http://slashdot.org/comments.pl?sid=27908&cid=300
Post #4,000,000 on Aug 2, 2001 http://ask.slashdot.org/comments.pl?sid=37241&cid
Post #5,000,000 on Jan 2, 2002 http://slashdot.org/comments.pl?sid=49501&cid=500
Post #6,000,000 on May 20, 2003 http://slashdot.org/comments.pl?sid=64871&cid=600
Post #7,000,000 on Sep 18, 2003 http://slashdot.org/comments.pl?sid=79101&cid=700
Post #8,000,000 on Jan 16, 2004 http://developers.slashdot.org/comments.pl?sid=93
Post #9,000,000 on Apr 28, 2004 http://science.slashdot.org/comments.pl?sid=10569
Post #10,000,000 on Aug 18, 2004 http://developers.slashdot.org/comments.pl?sid=11
Unfortunately, I couldn't tell what year the first three were posted, but from 4 million to 10 million, you can see the number of days it takes to post 1,000,000 comments:
4 million to 5 million: 153 days
5 million to 6 million: 138 days
6 million to 7 million: 121 days
7 million to 8 million: 120 days
8 million to 9 million: 102 days
9 million to 10 million: 112 days
First observation: Comment posting is slowing down on Slashdot!!! Slashdot is dying!!! Netcraft confirms it!!! OMGWTFBBQ!!!
(end troll mode)
Second observation: At the current rate of posting, it will take us 3 years to post 10 million more comments, or about 27 years to get to 100 million. So you can reschedule the celebration from 2525 to 2031, if not sooner.
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508