Contest For a Better Open-WRT Wireless Router GUI

Reader RoundSparrow sends word of a contest, with big cash prizes, being mounted by a commercial vender of open source Open-WRT routers. You have 10 months to come up with "the most impressive User Interface/Firmware for Ubiquiti's newly released open-source embedded wireless platform, the RouterStation." Entries are required to have open source licensing and will all be released. First prize is $160,000, with four runners-up receiving $10,000. RoundSparrow adds: "Could be built on top of existing X-WRT or LuCI OpenWRT web interfaces. OpenWRT Kamikaze 8.09 was just released. Now is perfect timing for OpenWRT to get some kick-ass interface and usability ideas. I'm not affiliated with the contest vendor."

X-WRT?

[Gothmolly]

What's wrong with X-WRT?

OpenWRT is something you set up, then forget. It doesn't need "themes" or "skins", or 3d effects. This is not "pimp my router".

Re:X-WRT?

[rbrausse]

hmm, Crysis with 60 fps on a Beowulf cluster of OpenWRT routers?

[bye karma, I will miss you :)]

Re:X-WRT?

[DougBTX]

This isn't a theme competition, it's a user interface competition - usability counts much more than the style of the buttons.

Re:X-WRT?

[Zeinfeld]

And an interface-less interface would be absolutely ideal in my view. Problem is that the WiFi specs are botched and that makes it hard to do a good job of a UI. The way I would do the UI for WiFi (and I describe how to do this in detail in my book) is to generate a self signed cert for every WiFi device during manufacture. Then I would put the fingerprint of the cert onto the case. When a device tries to connect there are two modes 'guest' and 'permanent'. Guest mode is optional and allows a device to connect for a time set by the owner after which they have to wait for a while (e.g. get 24 hours access then have to wait a week). Permanent mode is as it suggests, permanent. Once the association is set up the router remembers it. No more stupid passwords that OS/X or Windows manage to forget. The first association is set up as administrator mode automatically. Further permanent associations can be approved by a machine with an administrator association. This sounds complex but the practical effect would be that instead of having to remember a password you simply need to accept or reject requests to connect. Oh and the association mode has a means to verify that the connection succeeded. So no having to re-enter the access data because the UI is borked.

Re:X-WRT?

[Poltras]

This is not "pimp my router".

Yo Dawg! I heard you liked security, so I put a WPA2 in your WRT so you can feel safe whenever you browse porn!

Re:X-WRT?

[RoundSparrow]

Noting wrong with X-WRT, I use it. The OpenWRT developers recently choose LuCI as default for Kamikaze 8.09 release.

I also forgot to mention there are other up to date alternate such as Gargoyle http://www.gargoyle-router.com/ that is GPL license and could be uses as basis for contest entry.

You can view this as fit and finish challenge - but will you win the contest if you put the least effort in?

Re:X-WRT?

[couchslug]

"This is not "pimp my router"."

If enough customers will spend sweet, sweet monies on a pimped router there is every reason to give them that option.

Slashdot has already provided a suitably artful theme:

http://armish.linux-sevenler.org/blog/wp-content/pembeslash.jpg

Re:X-WRT?

[aliquis]

Yo dawg! I heard you was smoking, so I put a bong in your thong so you can smoke while you smoke!

Re:X-WRT?

[Jurily]

This isn't a theme competition, it's a user interface competition - usability counts much more than the style of the buttons.

Also, it's a genious move. When the clients are released, you'll have plenty to choose from. Also, being open source. you can merge the best bits of all the clients into one really good one.

Whoever came up with this idea should get a massive pay rise.

BTW, we could adopt the methodology in other areas too.

Re:X-WRT?

It doesn't have to be though.

I have a flakey internet connection to a very small ISP. I find the status pages on Tomato's default install to be very useful.

Graphs of network usage based on QoS classification helps you tell what is using your network at a glance. Theres a lot of work that could be put into areas like that that make your router not somethin you set and forget.

It also doesn't have to be a self contained gui (i assume, didn't read the contest rules).

I certainly think theres a market for pretty desktop apps to both configure and monitor your router, letting you see network utilization and what all is connected to your router.

Re:X-WRT?

[RoundSparrow]

I think we should encourage other companies to join in the contest. Best idea I have is solicit router companies to do $25,000 donations - and allow them to independently judge and reward their own winner.

That way maybe someone who didn't make the top place could get a chance at another income boost. Would supplement the interest in people fearful of not making 1st place.

Also note that a single person can enter more than ONE entry - so if they come up with different design cocepts - they don't have to choose.

Re:X-WRT?

[pz]

What's wrong with X-WRT?

OpenWRT is something you set up, then forget. It doesn't need "themes" or "skins", or 3d effects. This is not "pimp my router".

Regrettably, it sounds like the contest is, exactly, Pimp My Route. And, as you point out, that sort of endeavor is a waste of time. I have spent perhaps a total of 10 minutes, cumulatively, with a router interface of one form or another. None was so horrible that it had me cursing or pulling my hair in frustration. Bang, set up, done. Polishing usability for something that is rarely used and for which a decent interface already exists? Utter waste of time.

My laboratory is working on treatments for blindness to restore vision. I could put that $200,000 to good use (and with a tax deduction for the company, too, since I work for a university hospital). And the CPU-months that will be spent? SETI@home, or any other distributed cpu-intensive project could use the cycles.

Re:X-WRT?

How terrible for you that someone spends money on what matters to them instead of what matters to you. These guys deserve better than your blinkered dismissal.

The sponsors and the OpenWRT team in general are people who care about use of low-footprint routers in much more complex circumstances than the average Joe's SOHO router. They deploy huge meshes of routers and manage them as a service, sometimes as cooperatives and sometimes as full-blown commercial endeavors.

It is great to see these self-funding OSS communities prove that there are ways to make a living without adopting draconian licensing schemes and FUD.

Re:X-WRT?

[hardburn]

How do you nullify and change that cert? If the answer is "you don't", then how do you deal with someone breaking that cert (either through cryptanaylisis or getting access to the machine)?

OTOH, do you really need to secure wireless networks at all?

Re:X-WRT?

[RazzleDazzle]

This is not "pimp my router".

No, but this PIMP MY INFRASTRUCTURE

Re:X-WRT?

[palegray.net]

I've always like the idea of putting bounties on cool projects. Keeping all contributions open source is an even better way to do it.

Re:X-WRT?

My company is working on a serum to get you to shut the fuck up.

Clearly we have our work cut out for us.

Re:X-WRT?

[maxume]

You are assuming that good ideas are harder than good integration.

More and more, I don't think so.

Re:X-WRT?

[macbuzz01]

Crap! This is a user interface competition? I was hoping it was a theme competition, and was going to suggest a darkish green background with white lettering. I know, kick ass right?

Re:X-WRT?

[afidel]

WRT is about a lot more than just wifi, you can do custom firewall rules (yeah there's uPnP for automating that, but sane people turn that off since it's so broken from a security perspective), share files and printers, run a webcam, play music, and probably some other things I'm forgetting. Basically it's a general purpose Linux distribution targeted at small lowpower embedded devices that just happen to start out as cots routers in most cases.

Re:X-WRT?

[KZigurs]

raytraced. You forgot raytraced.

Re:X-WRT?

[obarthelemy]

you're confusing "GUI" and "eye-candy".

A good GUI, as opposed to eye-candy, is all about ergonomics, helping the user see the choices and make the right one...

Re:X-WRT?

[Team503]

That is VASTLY more complicated that it needs to be. "Stupid passwords that OS/X or Windows manage to forget"? Funny, I've been running consumer grade WiFi (on Open/Hyper/DD-WRT routers) since it was available, and I use my laptop at many locations on a regular basis. My XP install has yet to "forget" a password. Sounds like an overtech solution to PEBKAC.

Re:X-WRT?

[coryking]

then how do you deal with someone breaking that cert

If somebody is trying to break the encryption on your WiFi card, buddy your life has bigger problems then just revoking some certificate. You must be doing some seriously hard-core shit to provoke somebody into wanting to break the crypto on your network. And if you are doing hard-core shit, you have no business using a wireless network anyway.

In other words, you don't deal with revoking certificates--this is SOHO stuff. Unless you are using WEP, nobody will bother cracking your encryption.

Re:X-WRT?

[Guspaz]

And because it's a general purpose Linux distribution powered at small low-power embedded devices, it has a practically non-existent market-share when compared to the likes of dd-wrt and Tomato. It's essentially completely unusable to anybody who doesn't know their way around a Linux box, and that rules out virtually the entire market of "people installing third-party firmware on home routers".

Then there's people like me, who DO know their way around a Linux console, but don't WANT to have to bother with the needless complexities of OpenWRT if a good UI will let me do what I want with a fraction the effort. Sure, I occasionally have to toss an IPTABLES rule into my WANUP script textbox in the UI, but for the most part, the UI does what I need.

Re:X-WRT?

[Hurricane78]

On Vista7!

And because the CPU likely does not support x86, it will be in a virtualization container.

The display will be a slide projector combined with a film printer. With double-scan technology. (Two display refreshes per rendered frame.)

Re:X-WRT?

[zetalog]

A router UI should based on ASN.1 object system. Protocol stacks should use ASN.1 object API accessing manageable objects. CGI/CLI/GUI/SNMP should be UI transport layers to present proper interface for users. CLI should include statemachines maintaining "command arguments, session context, UI choices, UI ranges, display more, table display, tree display, completion, history" CGI should include HTML tagging system implementing above things using HTML. Has current OpenWRT's UI implemented in this way? It's core technology for network appliance systems. I BELIEVE IOS is implemented in this way. $200K might not be enough for building such system... Regards/Lv

Re:X-WRT?

[Phroggy]

People who think "user interface" is synonymous with "themes, skins or 3D effects" are a large part of the reason so much software has a terrible user interface.

Modern Linux hackable routers, 802.11n support

[RoundSparrow]

Other OpenWRT news. The newest Atheros 9xxx radio chips is available in a number of OpenWRT supported routers now. I have been working to help organize new 802.11n support in OpenWRT. I have compiled a list of consumer routers that work with Linux ath9k driver and ar71xx CPU. In order of current recommendation:

Planex (PCI) MZK-W04NU, 32MB RAM and 8MB flash, USB port, 10/100 Ethernet
Trendnet TEW-652BRP, 32MB RAM and 4MB flash, 10/100 Ethernet
Trendnet TEW-632BRP, 32MB RAM and 4MB flash, 10/100 Ethernet
D-Link DIR-615 revision C1 (ONLY!), 32MB of RAM and 4MB flash, 10/100 Ethernet
TP-Link TL-WR941N WR941ND, 32MB RAM and 4MB flash, 10/100 Ethernet

OpenWRT team is pretty close also on the Netgear WNR2000.

These listed above all come from a common Atheros AP81 reference platform. see http://wiki.openwrt.org/AtherosAR9100

In USA and Japan, the Planex is available on Amazon.com for $59.99 with free shipping... it has more flash and USB port. 3 removable antennas, is a nice hacker system. In the USA, the Trendnet routers have been on sale from Newegg, Fry's, buy.com for only $25 a few times. I will try to post on Reddit / my Slashdot journal when I see them on sale for $25 next time.

The ath9k driver for Linux is not yet mature but is moving along... in 2 to 3 months I expect we have a very nice platform... and the router interface and ease of use of OpenWRT is getting attention with this contest! Now is an exciting time for OpenWRT and Linux routers - finally moving to some new N devices.

Re:Modern Linux hackable routers, 802.11n support

[AvitarX]

Damn you.

The day after I spend $90 on an Asus wl-500w you post this list.

I wish it even came up when looking for a list of similar. The only one I could find info on was the 500w.

Re:Modern Linux hackable routers, 802.11n support

[msimm]

Thanks. Everyones help is really appreciated and you've helped make something as basic as a router something fun to use (and more useful then most manufacturers probably intended).

Re:Modern Linux hackable routers, 802.11n support

[BLKMGK]

Ah, now we're talking - very nice list and terrific to see that 802.11n is coming on strong. The $60 Planax is pretty cheap and a USB port could be quite handy! Poking around now looking to find some good info on configuring\hacking\loading this puppy with OpenWRT...

Amazon has it here -> http://www.amazon.com/IEEE802-11N-Wireless-Broadband-MZK-W04NU-Designed/dp/B000YDS0YG

Re:Modern Linux hackable routers, 802.11n support

Lark is doing some great work on getting the TPLink's working, which is good news.

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=40041&postdays=0&postorder=asc&start=0

Re:Modern Linux hackable routers, 802.11n support

[drsmack1]

I bought a Planex (PCI) MZK-W04NU based on your comments here - then I find that openwrt is definitely a work in progress on this router and it is not considered stable at all. Did I miss something?

Here is the forum thread on this router:
http://forum.openwrt.org/viewtopic.php?pid=83190

there is some sort of disconnect here.

needs an easy way to edit firewall rules

should work as easy as a personal firewall

not everyone can understand or spend the time to learn iptables

Re:needs an easy way to edit firewall rules

[causality]

not everyone can understand or spend the time to learn iptables

Not everyone should be administering a network either. Any literate adult meets all of the requirements necessary to learn how to do so but there are plenty of people who should not perform this task. The system is self-correcting however; the ones who shouldn't have done so are the ones who have most of the problems. If you a) don't know how to properly do something and b) refuse to learn how to properly do it, then it makes sense to ask (or hire) someone else to do it for you.

The people who think that this simple observation somehow does not apply to them, or that getting pissed off at someone like me who points that out is going to change the reality of the situation, well, I bet they wonder why they have such bad "luck" with these things. You attempted something that you don't actually know how to do and experienced undesired results; what a surprise, it must have been those evil elitist geeks! Seriously though it's amazing how upset people get sometimes when you dare to suggest that there are tasks which require a bit of skill and that doing them without that bit of skill can cause problems. You'd think that this were some kind of highly controversial position for which there was no conclusive evidence.

To more directly answer your post, I think iptables itself is rather irrelevant. The story is about a router GUI, which would probably be a front-end to iptables. There are some very nice GUI tools available for iptables; if Open-WRT's offerings are on a par with them, then they would provide a way to edit firewall rules that's about as easy as it's going to get. I do think that a firewall is one of those few applications where there is some inherent complexity that cannot be made much simpler without severely compromising the device. It's like that Albert Einstein quote (paraphrase): "Things should be made as simple as possible, but no simpler."

For that reason, I question the type of "easy to use" to which you refer. If you have a solid working knowledge of TCP/IP, then you should be able to handle any firewall and "easy to use" would mean automating what can be automated to save you some keystrokes and to avoid some unnecessary tedium. If you don't have a solid working knowledge of TCP/IP, it would probably mean dumbing things down to make up for your lack of understanding, which of course would result in a less thorough or a less accurate configuration.

Given the security issues that can arise from a misconfigured firewall, I would suggest that this is one area where enabling people who don't really understand what they're doing is asking for trouble. You're not really doing the less-knowledgable any favors by setting up a situation, in the name of convenience, where they are likely to have problems that they won't know how to solve. The good news is that there is abundant documentation on both TCP/IP and iptables, so anyone who is interested and motivated can easily learn how they work.

Re:needs an easy way to edit firewall rules

[Gordonjcp]

If you a) don't know how to properly do something and b) refuse to learn how to properly do it, then it makes sense to ask (or hire) someone else to do it for you.

This is something I've never entirely understood about computing. Why should it be easy for someone with no knowledge of computers be easy to do relatively complex tasks, like a complex OS install or configuring a firewall?

Most people are too terrified to open the bonnet of their car to check the oil, and rely on paying someone to fix it when it breaks. Yet most people physically capable of driving a car would be able to check the oil and top it up correctly. A sizeable subset of these people could change the oil correctly, with a simple guide, but they still choose to spend money getting someone to do it for them. Why not spend money on getting someone to set your network up properly?

Re:needs an easy way to edit firewall rules

[gnapster]

I think that most people choose to pay others to change their oil because, for new cars, it may be covered by a service contract they signed, and changing the oil themselves may affect the warranty. Aside from that, their time and cleanliness may be more valuable to them than the money spent for the service or the equipment (jack stands / ramps) to to it safely.

Re:needs an easy way to edit firewall rules

[causality]

If you a) don't know how to properly do something and b) refuse to learn how to properly do it, then it makes sense to ask (or hire) someone else to do it for you.

This is something I've never entirely understood about computing. Why should it be easy for someone with no knowledge of computers be easy to do relatively complex tasks, like a complex OS install or configuring a firewall?

Most people are too terrified to open the bonnet of their car to check the oil, and rely on paying someone to fix it when it breaks. Yet most people physically capable of driving a car would be able to check the oil and top it up correctly. A sizeable subset of these people could change the oil correctly, with a simple guide, but they still choose to spend money getting someone to do it for them. Why not spend money on getting someone to set your network up properly?

That's what gets me about this whole thing. So many users want to perform tasks they don't understand and they want this to have good results each time. No matter how kindly you tell them that this is unrealistic, they get upset and accuse you of being an "elitist" or they give you some crap about how "not everyone can be an expert" even when the bit of knowledge they would need in their specific case is a far cry from being an "expert". At the same time, they don't apply these unrealistic expectations to any other domain, as you have explained in your discussion about automobile maintainence. On top of this, computer and networking knowledge is very easy to find; the information is out there and readily available to anyone who wants to study it. In fact, I can't think of any other industry involving complex machinery or skilled labor that has anything approaching the wealth of freely available information and step-by-step guides that can be found for computing.

It's hard not to see these things and view those users as a bunch of spoiled children. I don't want to view them that way, I take no pleasure in it at all, but sometimes they seem to want me to do so. Certainly they act the part, and it's unfortunate because they could put that effort towards overcoming these challenges. Saying "this is how I learned and you are able to do the same" is a statement of equality, not elitism. It seems like it is only in computing that a person resents you for trying to teach him how to fish so that he can take care of his own needs and praises you for giving him a fish so he never gains his own understanding. Of course helping someone out is one thing, but I don't feel like I am really doing a person any favor if I encourage them to have a needless dependency on me for easy answers. I think that needless dependency is what we cultivate when we just hand out easy answers without explaining why something works or why it's the right answer and encouraging the person to develop their own understanding.

Re:needs an easy way to edit firewall rules

[coryking]

You sure can make firewalling stuff easier. You just have to think a bit outside of what is the norm. We have lots of computing power these days and your router can play games that were previously impossible.

1) If your router is also a switch/hub, it can analyze the internal network traffic and learn computer names (if windows file sharing is enabled anyway).

2) It can tap the internet to look up stuff like mac addresses and other statistical traffic patterns to identify things like your Tivo or XBox.

3) You can invent an internal protocol that enables your household computers and devices to communicate to the router what the fuck they are. Odds are good you can use fancy crypto to make sure that the computers and devices can't lie if they get compromised.

4) Make a training mode that lets everything go through and when you are done, the router uses the wealth of statistical bullshit it collected in steps 1->3 to give the user a report outlining the househouse hold traffic.

5) The user can then "lock" the router and not let anything but what was configured in #4

6) If something odd happens, or the router detects new computers (say a laptop, etc). The magic protocol in step 2 would send some kind of alert to a computer, your email, your phone... something... basically saying "hey man, something changed... you might have to retrain me".

My idea, obviously, is a very crude outline. But you get the idea. Everything can be simplified if you focus in on exactly what the task at hand is and leave the rest of the bullshit out. In fact, I bet you can design the firewall configuration in such a way that the user never needs to see IP addresses or port numbers. All they see is friendly computer names (deduced from #1->#3) and descriptions of the traffic.

Nerds, obviously, wouldn't like this--instead wanting some geeky bullshit. But they can piss up a rope as far as I'm concerned. This is a mass market device intended for people who just want to feel secure that nobody is hacking their shit.

Re:needs an easy way to edit firewall rules

Right, and when you live in the city and fifteen people have already connected to your router by the time you can log on to set it up, the hypothetical moron user you seem to be designing for doesn't know better and includes them in the config. Because, for sure, we're talking about a moron, you've made that clear. And then when something happens later, what do you do?

Hey, IP 192.168.0.253 has been replaying ARP packets

Sorry, your moron won't understand that. How about this:

HEY, SOMEONE'S HACKING YOUR SHIT

Well, WTF is your moron user going to do then? They're too stupid to know what an ARP relay attack is and "hacking your shit" doesn't tell you anything except go crying to your nerd friends. You're not thinking this through and you're exactly the kind of person we all hate. Sorry, no, it can't get much simpler, you're just an asshole who doesn't want to learn how it all works or pay someone who has learned. I'm sure that instead of thinking about this, though, you're just going to go on posting broken HTML and the complaining about how /. uses Extrans or some other bullshit without reading the help pages. My blockquotes work fine with Chrome. You suck, dude, I bet the IT department at your company hates your guts.

Re:needs an easy way to edit firewall rules

You sure can make firewalling stuff easier. You just have to think a bit outside of what is the norm. We have lots of computing power these days and your router can play games that were previously impossible.

1) If your router is also a switch/hub, it can analyze the internal network traffic and learn computer names (if windows file sharing is enabled anyway).

2) It can tap the internet to look up stuff like mac addresses and other statistical traffic patterns to identify things like your Tivo or XBox.

3) You can invent an internal protocol that enables your household computers and devices to communicate to the router what the fuck they are. Odds are good you can use fancy crypto to make sure that the computers and devices can't lie if they get compromised.

4) Make a training mode that lets everything go through and when you are done, the router uses the wealth of statistical bullshit it collected in steps 1->3 to give the user a report outlining the househouse hold traffic.

5) The user can then "lock" the router and not let anything but what was configured in #4

6) If something odd happens, or the router detects new computers (say a laptop, etc). The magic protocol in step 2 would send some kind of alert to a computer, your email, your phone... something... basically saying "hey man, something changed... you might have to retrain me".

My idea, obviously, is a very crude outline. But you get the idea. Everything can be simplified if you focus in on exactly what the task at hand is and leave the rest of the bullshit out. In fact, I bet you can design the firewall configuration in such a way that the user never needs to see IP addresses or port numbers. All they see is friendly computer names (deduced from #1->#3) and descriptions of the traffic.

Nerds, obviously, wouldn't like this--instead wanting some geeky bullshit. But they can piss up a rope as far as I'm concerned. This is a mass market device intended for people who just want to feel secure that nobody is hacking their shit.

Yes, just because I can spend a day learning the ins and outs of iptables, doesnt mean I want to. I set these things up so rarely I'll forget it all anyway.

Now a sysadmin on a corporate IT network is a different kettle of fish but OpenWRT isnt aimed exclusively at that network.

By all means don't dumb it down to the point of uselessness but we can still eliminate needless complexity.

Re:needs an easy way to edit firewall rules

You've never actually configured a real firewall before, have you.

First, the automation you propose would be a huge gaping security hole no matter which way you look at it. It would never be acceptable from a security standpoint and you might as well just tell the end user "You're behind a port-address translating firewall so your network is 'safe'."

Second, UPnP already does 90% of the crap you just "outlined." The mass-consumers you speak of will and already DO just turn on UPnP and go about their business. Then the router can use adaptive QOS for on-the-fly traffic shaping (like they already do)...

It seems to me that you're one of the "people who just want to feel secure that nobody is hacking their shit" consumers who's pretending to know what a firewall is.

Odds are that if somebody has a need to configure their firewall then they know what they are doing and all that BS you spouted off will actually get in the way. In fact, if you need to be doing anything other than poking holes through the firewall, one of these dorky little home-router linux distros isn't going to cut it. You'll need something with RAM and then you'll need a real manly firewall like pf, so you'll throw your pathetic little 32MB embedded router and its busybox command line out the window and replace it with a blazingly fast *BSD setup.

*disclaimer: I'm a competent Linux user who earned an RHCE back in the day, so you whiny "linux >> BSD" geeks can roll your excuses into a neat little cylinder and shove it down your throat. When you want to do some real networking in a production environment, do yourself a favor and hide your Linux server behind a *BSD firewall.

Re:needs an easy way to edit firewall rules

[DaleGlass]

Problem is, it's either friendly, or it's secure.

You can have sort of that, with UPNP. Except there's no auth, so any device, including that trojaned unpatched box can ask the router to open a port for it to receive commands from the botnet.

You can't invent a "fancy crypto protocol" to prevent compromise, because if the device is compromised, the key probably is as well. Crypto is so that Alice can talk to Bob without Eve eavesdropping on them, or modifying the contents of their conversation. But it's of absolutely no use if one of the endpoints is compromised. In this case, Alice is the trojaned box, Bob is the router, and Eve probably doesn't exist, so all crypto gives you is that the trojaned box will be sure its request to open the botnet port is encrypted and hasn't been changed in transit.

Really this sort of thing has been done for one computer, with software firewalls. Say, Zone Alarm pops up a message asking "service.exe wants to listen on port 2342, allow or reject?" Well I have no clue really, without trying to figure out what that process is, and what does it want. The average user will know even less. This sort of thing will work for devices like an XBox, perhaps, where you know what an XBox is supposed to or and not. But a PC can have pretty much anything installed.

If the DSL modem were to take on that function it wouldn't even know what application is trying to get access. Did the user just install apache on port 8080? Or it's a trojan waiting for instructions?

The problem is that ultimately, if the user doesn't know and understand what is supposed to be running and what not on their computer, it can't be really automatically determined. Maybe telnet is running because it was installed automatically. Maybe it is because a trojan decided to use it to receive commands. Only the user knows whether it's supposed to be there.

Security is a hard problem that can't be solved in a fully automatic manner. You can put a lock on a door, and give people keys, but who should have the keys? What is the normal time for somebody to use their key and when is it suspicious? When should a key be taken away? It really depends on what's behind the door and what each person with access does. There's no way to have a key lock that automatically decides who should be able to get in, and when, without somebody telling it that.

Re:needs an easy way to edit firewall rules

Hopefully there is an open source version that I can install that lets it run WEP cracking and WPA lookups automatically. I'm still waiting for the point and click wi-fi hacking program.

There are plenty of secure options, I want something that will work with me and do what I want it to do. Not what Linksys wants me to do. (See DD-WRT)

Re:needs an easy way to edit firewall rules

[coryking]

the hypothetical moron user you seem to be designing for doesn't know better and includes them in the config

Only if you design the interface in a way that obsures all 15 leeches. The traditional router guys would shove all 15 computers into a listbox and call it a day. Of course people wouldn't bother to remove the 15 devices under that regime.

Remember I said if you take away traditional constraints, a lot of stuff is possible. Ideally it would present you with a map-like interface with an icon for every computer/device connected and let you pick which ones you want. No reason you couldn't have the interface let you right click on the icons, or have some way to click on a rouge laptop and block it. People are scared about getting hacked--if you make it easy and obvious when something is afoul, they will pay attention.

The goal is to make doing the right thing, securing your household network, easy and obvious. You'll never nail it 100% and some people will never figure things out. But than again people will drive around for weeks with a bright red "no oil pressure light" on their car and blow the engine. Those people aren't a reason to not try.

doesn't tell you anything except go crying to your nerd friends

That is all it needs to do than. If your shit is hacked, go see your nerd friends. For most people, when the "check engine" light goes on, they take it to a service station--same thing.

My blockquotes work fine with Chrome

Not if you had it set to whatever the fuck extrans was and then realized after the preview it wasn't blockquoting shit anymore. What is the difference between "Plain Text" and "Extrans"--really "Plain Text" seems to interpret some tags just fine. But seriously, why not make even a spartan rich text editor--think stackoverflow.

You suck, dude

So does your mom--ask me how I know.

Re:needs an easy way to edit firewall rules

[coryking]

Second, UPnP already does 90% of the crap you just "outlined.

Yeah. There is also Link Layer Discovery Protocol, which is used by Vista to figure out what the fuck is on my network. The protocol stack is evolving in such a way that it could make SOHO firewall configuration easier.

But I was told that making a user friendly firewall might be possible. I never ran it through the engineering staff (you) first. Obviously you'd come back to me with a list of what is wrong and we'd reach something better then the "here is a listbox of shit--type a port number and some IP address and click submit" that constitutes most firewall configurations.

And by the way, I've yet to see a SOHO router that has a QoS implementation that doesn't suck. I'm not a network nerd, but I've use online backup software that I'd like to keep from hogging all my upstream bandwidth. Sounds like QoS, right? Point me to a SOHO router that doesn't throw up a wall of jargon and acronyms--or at least documents them. Better still, point me to one that has a report showing that it is working. It never seems like it works and whenever the backup software is running on one of my computers (mozybackup), my SSH sessions all slow to a crawl. It is all outgoing traffic, right? any configuration I do shouldn't depend on my upstream enabling QoS, right?

Odds are that if somebody has a need to configure their firewall then they know what they are doing and all that BS you spouted off will actually get in the way

Nerds wouldn't like my router anyway. I'm talking about the people who buy "Norton Magical Firewall" and crap like that. Do you run "McSlow Super-Dope-Internet-Protector"? Neither do I.

do yourself a favor and hide your Linux server behind a *BSD firewall

Way ahead of you, pal.

coryking@cory ~/trunk/mozi $ uname -a
FreeBSD cory.local 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

coryking@sparky ~ $ uname -a
FreeBSD sparky.xxxx 6.1-RELEASE-p12 FreeBSD 6.1-RELEASE-p12 #1: Sat Jan 20 14:15:16 PST 2007 root@sparky.xxxxx:/usr/obj/usr/src/sys/V100 sparc64

Re:needs an easy way to edit firewall rules

[coryking]

It couldn't be automatic. But you could have a training mode or something and then "lock the door" so to speak. The hard part is what do you do with exceptions after the door is locked. I think a bit of that could be solved with some kind of protocol where the firewall alerts the devices, which in turn might alert the user. Something. I think you could handle it so that 95% of your problem cases are covered.

the key probably is as well

This becomes another problem--what to do when an exception is thrown that the router really cannot handle securely. You've got to alert the user that something is amiss and they should go take their network to the computer service station--i.e. call a nerd friend. The problem is, if they don't have a nerd friend they will call the router manufacturer and increase the support costs.

Re:needs an easy way to edit firewall rules

Re 2) OpenBSD already supports this. It just doesn't use Mac Addresses, which are known to be entirely changeable. It uses TCP fingerprinting to dig out the quirks in a TCP/IP packet, and match those to a list of quirks that effectively returns your host OS type (since just about every network stack in any OS has different "quirks" associated with it, sometimes down to the service pack level or patch level).

Re 3) See mDNS/Bonjour. Bonjour already supports announcing what services you offer- ie, are you a printer? computer? wireless router? etc.

Re 5) Packet Filter allows you to specify a file (usually pf.os) that contains #2's database (included with every copy of OpenBSD under /etc/pf.os). You can specify OS types in the ruleset based on their fingerprints. PF will analyze packets on the fly, match them up to an OS, and this can be used in rules like "block in on $lan_if...".

Frankly, your router exists ~80%. OpenBSD does just about everything you said, and supports the framework for everything that it doesn't support. It just lacks a reasonable GUI tacked on top of it. AFAIK mDNS/Bonjour is available for OpenBSD, as is p0f, which dumps TCP fingerprinting data to stdout or file.

-SC

I have a suggestion ...

[ScrewMaster]

Tomato for the win!

Re:I have a suggestion ...

Tomato is garbage. OpenWrt is a full featured Linux distro.

Re:I have a suggestion ...

[Daimanta]

Too bad it still doesn't support ipv6 properly. But personally, I love Tomato. I have bought a WRTGL router because of my problems with other routers(very crappy firmware) and tomato runs like a sunshine with options that I didn't even comprehend would benefit me.

It's simply another case of FLOSS to the rescue.

Re:I have a suggestion ...

Bah... shiny gui painted over an ancient half-proprietary sdk pulled straight out of the stone age and limited to a few broadcom based router platforms.

Fine for the typical end user but not exactly suitable for many of current devices.

Re:I have a suggestion ...

[sunderland56]

Personally, I don't have enough computers at home to need ipv6.

Tomato is 99% of the way there on the UI - but there are still a few unexplained/under-documented check boxes and settings.

Re:I have a suggestion ...

[joel48]

Sure, Tomato is simple and pretty looking. Apart from the IPv6 issues mentioned by others, the biggest issue for me with Tomato is that it doesn't support VLANs on Broadcom hardware. OpenWRT and DD-WRT both support them, and OpenWRT is really open, so I use that. The live statistics graphs and such in Tomato have an equivalent package in OpenWRT.

Re:I have a suggestion ...

[morgan_greywolf]

I don't think anyone here has enough computers at home to need IPv6. I mean, if you have more than 253(*) computers in your house, you have more problems than needing IPv6.

(*) Number of possible nodes on a Class C subnet minus the router itself.

Re:I have a suggestion ...

[Cyberax]

IPv6 has some really nice features. I have deployed IPv6 on my networks (6to4 rules!) and now I can SSH into _any_ computer from _any_ computer - all computers have public IPv6 addresses.

Additionally, reverse 6to4 provides fully automatic reverse DNS delegation.

All for free.

Re:I have a suggestion ...

[BlackCreek]

Care to make an argument, dear AC?

I second the GP poster. Tomato rocks. Clean interface, lots of functionality, good documentation.

I've been many times at the OpenWrt. It sure looks like a full featured linux dist, but they sure forgot to put clear simple instructions to get my router running it. They seem to try to be so many things that they forgot to cater to, what seems to me to be, their most plentiful potential users: Linux users that would like to run OpenWrt in a router.

No, I don't want to edit /etc/network files, I want a simple GUI that does the job.

Re:I have a suggestion ...

[RoundSparrow]

So why don't the guys who make Tomato port their UI over to OpenWRT and enter it in contest?

Re:I have a suggestion ...

Sure Tomato is nice - as long as you can still get hardware for it.

Sure OpenWrt may lack documentation or tries to do too much stuff at once, but right now it's the only fucking router distro that makes actual progress besides tuning the ui.

DD-Wrt, Tomato, CoovaAP etc. are all stuck with binary drivers that require an ancient kernel to operate them and more and more devices that are supported by this software are already end of life or will be soon.

The point of the challange this article is to make a user friendly interface for OpenWrt (besides the three projects already working on it). If Tomato satisfies your need - fine, but if you rely an modern hardware you're out of luck. And at some point it makes more sense to spend 25$ for a cheap-ass Draft-N device with gigabit instead of being stuck with ancient Broadcom gear for 60+$ just to install Tomato.

Re:I have a suggestion ...

[Daimanta]

I don't have enough computers at home to need ipv4 either but that's included.

Re:I have a suggestion ...

[ScrewMaster]

Tomato is 99% of the way there on the UI

I agree. However, that makes it better than 99% of the open source offerings out there, and 100% better than the commercial firmware offerings from the likes of Linksys. I mean, there's a reason that Tomato is so popular.

Re:I have a suggestion ...

[ScrewMaster]

I don't think anyone here has enough computers at home to need IPv6. I mean, if you have more than 253(*) computers in your house, you have more problems than needing IPv6.

(*) Number of possible nodes on a Class C subnet minus the router itself.

The only reason I could see myself having to move to IPV6 would be if my ISP forces me to.

Re:I have a suggestion ...

[Temkin]

Personally, I don't have enough computers at home to need ipv6.

I take it you're not developing software that needs to support IPv6 either.

Tomato is great, but I need/want IPv6 autoconfig on my home net. A spare Cisco 1700 handles this nicely. One of these days when I have some spare time, I'll get a v6 tunnel set up on it.

Re:I have a suggestion ...

[ScrewMaster]

So why don't the guys who make Tomato port their UI over to OpenWRT and enter it in contest?

Actually, it's one guy. He was heavily involved in a number of other open-source alternate firmware packages, before coming up with Tomato.

Re:I have a suggestion ...

[ScrewMaster]

Bah... shiny gui painted over an ancient half-proprietary sdk pulled straight out of the stone age and limited to a few broadcom based router platforms.

Fine for the typical end user but not exactly suitable for many of current devices.

Sure, but this contest appears to be all about the GUI ... and how do you define "the typical end user"?

Re:I have a suggestion ...

[ScrewMaster]

Sure Tomato is nice - as long as you can still get hardware for it.

Well, Tomato is a GPL'ed product, so you could take it and update it if you wanted to. But that's not the point. I was just noting that Tomato is an excellent example of a clean, minimalist GUI. He puts in a fair amount of glitz, true, but it's not gratuitious. And, since this contest is all about the user interface, that seemed appropriate.

Re:I have a suggestion ...

Indeed, and it is too bad that it isn't supported out of the box. Not only that, the optional IPv6 packages don't appear to work at all for 6to4 or static tunnels. (That is after you manage to track down the various required packages that aren't explicitly specified as dependencies, nor documented anywhere.)

Re:I have a suggestion ...

[ScrewMaster]

Tomato is garbage. OpenWrt is a full featured Linux distro.

Ever heard of using the right tool for the job?

Re:I have a suggestion ...

[Joelfabulous]

I use Tomato and I love it. I made sure before I bought my router (the ever popular Linksys WRT54GL - L for Linux) that I was picking the right router for what I wanted.

The default firmware sucked, so I flashed it with Tomato, which was dirt easy. Easily deployable, a hell of a lot more reliable than the default firmware, and pretty simple to administrate even for a newbie like me. It works.

Re:I have a suggestion ...

Agreed. I ran OpenWRT for a while but it's too annoyingly low-level. For a router I want something I don't have to think about. Easy plug-in-play with power-user features that are easy to get at. Tomato is perfect.

Re:I have a suggestion ...

[floodo1]

d00d dd-wrt is actively developed onto new platforms. For example they now support Netgear WNDR3300, which is one of the few commonly available 5ghz 802.11N routers.

Re:I have a suggestion ...

Or if content you need/want is only available via IPv6.

Re:I have a suggestion ...

I don't have enough computers at home to need ipv6.

Either you have an unusually small number of computers, or your ISP is providing an unusually large number of IPv4 addresses. If you don't have an IP address for every unit you want connected to the internet, then you have a problem. There exist workarounds that almost works (NAT/masquerading), but the only actual solution for that problem is IPv6.

Re:I have a suggestion ...

[paul248]

Personally, I don't have enough computers at home to need ipv6.

It's not just about your computers at home. Your home is connected to the Internet. The Internet is growing at an exponential rate. It only has 4 billion addresses. Thus, IPv6 is useful if you plan to continue connecting to things as we approach the not-so-distant future.

Re:I have a suggestion ...

[xmff]

Still using Broadcom's blob, still using kernel 2.4, still no IPv6 support, still no writeable file system, still nvram based configuration. I'm not impressed.

Re:I have a suggestion ...

[morgan_greywolf]

In which case there are IPv4-to-IPv6 gateways.

Re:I have a suggestion ...

[floodo1]

All I was saying is that your implication that DD-WRT is eventually going to disappear due to "more and more devices that are supported by this software are already end of life or will be soon" is just not the case. It's kinda obvious that this was the extent of my comment.

Device support, I believe, is the reason that DD-WRT has stuck with Broadcom's closed drivers, which require 2.4 kernel, as the open source broadcom driver doesnt support "a lot" of hardware out there (i.e. the Netgear WNDR3300 that I mentioned originally).

It's pretty obvious that OpenWrt has focused on functionality while DD-WRT has focused on ease of use and device support. It makes it pretty easy to choose which one you'd like to use this way :) Personally I'm impressed with DD-WRT and how much time they spend developing for new hardware!

Re:I have a suggestion ...

[ZerdZerd]

I agree, but his UI isn't free (libre). Hope he changes his mind and joins the contest!

Why not GbE?

[manyxcxi]

I mean seriously... you're putting out a new product... why not put in gigabit lan ports?

Slashdot Editor: OpenWRT not Open-WRT

[RoundSparrow]

You guys altered the name to Open-WRT :) Anyway, thanks for spreading the world on this and Kamikaze 8.09 release. the OpenWRT devs work hard.

Re:Slashdot Editor: OpenWRT not Open-WRT

OpenWrt is the correct name, but I digress..

Please....

[Lumpy]

Oh god no.....no Web 2.0 Crap. the router GUI is supposed to be fast, small, and compatible with EVERYTHING.

DDWRT has a problem with Firefox on the latest builds because of the stupid Web2.crap to make things more flashy instead of working right.

I am really tired of the "ooh shiny" becoming far more important than functionality lately in both projects.

Re:Please....

You did noticed that OpenWrt's new gui is xhtml 1.0 conform, works even with disabled javascript and is actually pretty fast - even on devices like the Fonera? Can't see any specific web 2.0 hype on the OpenWrt side...

just my two cents.

Re:Please....

[AvitarX]

That's a shame it was sloppily done, but good web2.0 should be faster that traditional reload the whole page.

Now there needs to be a same fall-back that works without it, but just because you want things to be like they were before client computers could do any of the heavy lifting don't think that the rest of us love full page refreshes.

Re:Please....

[TheGratefulNet]

I am really tired of the "ooh shiny" becoming far more important than functionality lately in both projects.

I do netmgt for a living (client and server side, both) and I've turned down jobs that emphasized glitz over actual *needed* functionality.

I still maintain that a simple forms/cgi interface with NO javascript is all you need to get the job done. I wrote an entire NMS on form/cgi (1998 era) and it didn't have 'active stuff' but who the hell cares! the only lacking I had was no dynamic graphs - and I solved that by computing .gifs from the GD library and that had the benefit of being able to do a simple save-as for the graphs!

the requirements for form/cgi is SO simple. even a toaster can support it.

but noooooo. no one wants simple anymore. they want jscript, they want non-bookmarkable pages, they want LAYERS of complex code (job security?) - but they don't want basic, reliable, platform-independant code.

the trend saddens me. netmgt is supposed to be THIN. somewhere, the old school netmgt guys must have all retired or died out and the new ones never learned about the lean-n-mean nature of what netmgt is (used to be) about.

Re:Please....

[powerspike]

But that flashy stuff, and the web2.0 is what gets the users, if you don't like it, just use telnet, that'll solve your issues out right wouldn't it ?

If i'm not in the office, and the dsl connection has an issue, it's alot easier to tell someone to click on the red button or green button etc. trying to tell a non tech person a command for iptables or something like that is just outright stupid. I'd rather have the office administrator implementing the rules she puts in place so i can get onto more important thing like protecting the web production environment from the developers.

Re:Please....

[morgan_greywolf]

CGI doesn't scale well. That's the rest of the world moved away from CGI and forms to J2EE, LAMP, Django, Ruby on Rails, etc. Plus, once you've developed on Django or Ruby on Rails, you'll never go back to traditional models of Web development. You can write applications very, very quickly.

But, I digress. For a router, which won't have sufficient memory to run J2EE, Django, Ruby on Rails, etc., you'll definitely want CGI or maybe mod_perl because upward scalability isn't an issue: you need to shoehorn the thing in as little RAM as possible.

Re:Please....

[vadim_t]

In theory, yeah.

In practice, I just checked my mail on my phone, saw a slashdot reply notification, and clicked the link. Then stared at the screen in disbelief, as the phone showed me that to show me a message maybe 2KB in size it had to download 1MB worth of crap.

Reloading the page is something that takes a very small fraction of a second, when the server isn't doing any heavy lifting, and the page doesn't have half a megabyte of javascript.

And a much larger amount of devices can show that simple page. The router interface shouldn't be flashy. It should be neat and simple, something you could deal with from a cell phone if it was needed in an emergency. I can't tell you how much I hate the websites of various device manufacturers that require hunting the link for the drivers download in the source, because the only available browser I had was lynx, and the link is impossible to find in it.

IMO, don't bother with the flashy stuff. I'll be the one who is going to mess with the router settings, and I want it stable, functional, and usable on all devices. If it prefers form over function I'll go with another product.

Re:Please....

[TheGratefulNet]

CGI doesn't scale well.

and since when does netmgt need to support LOTS of concurrent connections?

see, that's my point - unless you know the *problem space*, you are likely to over-engineer the solution.

most netmgt solutions are WAY over-engineered. they are not going to be hit by thousands of clients. likely they'll be polled frequently by a few NMS's and by frequently I mean a few packets of query every 15minutes, TOPS.

you do not need 'scaling' at the client. you just don't for this problem space.

Re:Please....

[AvitarX]

I thought emergency remote access (e.g. from a phone) was what ssh was for.

The web interface was for those whome are right there.

the realtime traffic chart in tomato is simply amazing, and is the type of thing impossible in a situation as you mention.

I just changed router to one it doesn't support, but I bet it's interface gracefully degraded to be viewable with anything.

The fact that /. has a crappy interface doesn;t mean that web 2.0 sucks, simply that /. doesn't have the greatest implementation.

And the fact that a phone tries to do more than it is capable of, instead of falling back to earlier techs is not the fault of web 2.0 either.

The tomato firmware is a great interface (though somewhat limited in features compared to OpenWrt).

I think Gmail makes webmail great, and the non Web 2.0 webmails suck, but just as I wouldn't use a web interface to a router on a phone (ssh for that), I wouldn't use a web interface to e-mail on a phone either (e-mail client for that).

In fact, I wouldn't even use a phone web interface to wikipedia, which is fairly non-web2.0 I bet.

On the android at least there is a quickpedia app that is far superior to browsing the site, and it does this using web2.0ish tech.

I would additionally even on a phone, .5MB of JS is no big deal if it is cacheable. I mean, even with an EDGE connection it isn't that much time, and then it is done for good.

Re:Please....

[vadim_t]

I thought emergency remote access (e.g. from a phone) was what ssh was for.

That's with a full keyboard, but plenty phones can render HTML competently and have a standard keyboard. SSH is certainly technically possible, but a pain.

the realtime traffic chart in tomato is simply amazing, and is the type of thing impossible in a situation as you mention.

It's a nice gimmick I guess, but I'd rather have it come preconfigured for easy interfacing with Cacti, then I can make my own, better graphs.

I think Gmail makes webmail great, and the non Web 2.0 webmails suck, but just as I wouldn't use a web interface to a router on a phone (ssh for that), I wouldn't use a web interface to e-mail on a phone either (e-mail client for that).

Meh, I much prefer Mutt and KMail.

Though I dislike anything on the web that requires JavaScript to work. I've got the annoying slashdot junk disabled, and I have a gmail account, but it's redirected to my IMAP server, and I never actually log into the web interface.

Re:Please....

[maxume]

Yes, where are my blinkenlites and jumper cables.

Re:Please....

[Ilgaz]

The rules require W3C valid entries so if a browser doesn't work, it will be a browser bug.

If one uses standard W3C standard to increase usabiility like ''click here to show advanced options'', why not?

Quote from my router ''We suggest that you use Internet Explorer 5.5 or above at a minimum of 1024x768 resolution. ''

That is old good US Robotics for you which their analogue modems came with 130 page manual explaining every single detail. That is the shape of things in home router world now. I don't think they look for flashy content.

Re:Please....

[rbrausse]

> most netmgt solutions are WAY over-engineered

oh yes, I agree totally.

e.g. our copier needs flash(sic!) for the web management frontend.

you can't imagine my wtf-face after realising this - heck, I'm not able to add a new user for the build-in scanner without a fscking flash-plugin... sigh

Re:Please....

[AvitarX]

Why is it you are so comfortable using an external program to access gmail, but insist a web browser be used for a router?

the /. ajax isn't great, but when traversing comment trees the in-line expanding and collapsing is a nice feature that made the "parent" button far more useful.

It additionally functions just as bad as it always did without js active.

And it's most annoying feature when I check it from a phone is not the JS, but the CSS positioned karma slider.

Though maybe CSS also represents a bad technology that should be disabled too.

Re:Please....

[vadim_t]

Why is it you are so comfortable using an external program to access gmail, but insist a web browser be used for a router?

I explained already, depending on the type of device you're using, a commandline interface may take a very long time to use.

Picture trying to use vi to edit network settings config files with a standard (numeric only) phone keyboard. If you just have to fix the IP address, you'll get it done a lot faster from a web browser.

Email is much different, in that it's something people use often and in complex ways. The user interface a dedicated client can offer is much more complete, better performing and has less latency than what a web application can offer. Using a web app has security implications too, for instance there's no way gmail can securely implement GPG signatures. It could be done with a plugin, but then I need an external application already.

It additionally functions just as bad as it always did without js active.

My preferred form of browsing is nested mode, reading pretty much the whole page from top to bottom. With the dynamic interface I simply ended up clicking "more" and lowering the threshold, until getting the equivalent result, except in 20 clicks instead of one.

From my POV, nested mode with threshold set to 1, loading the maximum amount of comments possible per page is precisely what I want, and the dynamic mode adds a lot of inconvenience. Dynamic mode also instantly breaks when I load slashdot pages for reading on the underground, where I don't have an internet connection.

My ideal version of slashdot would come with a NNTP gateway, so that I could read offline, with zero latency, use a better editor than the browser's text area, and queue replies to be sent when I get out of the train. Then the phone would just need a newsreader and I'd get a much better and lower bandwidth interface.

And it's most annoying feature when I check it from a phone is not the JS, but the CSS positioned karma slider.
Though maybe CSS also represents a bad technology that should be disabled too.

CSS is precisely the right technology, which allows to separate content from presentation. It's precisely the thing to allow the page to display in formats optimized for computer viewing, phone viewing, printing, disabilities, etc, without having to change the code.

Unfortunately these days it's often used to add pointless decoration.

Re:Please....

[Mr_Silver]

In practice, I just checked my mail on my phone, saw a slashdot reply notification, and clicked the link. Then stared at the screen in disbelief, as the phone showed me that to show me a message maybe 2KB in size it had to download 1MB worth of crap.

I know your pain, so I wrote AvantSlash to get around this very issue. When the Slashdot developers see fit to produce a decent mobile/PDA friendly site then I'll retire this - but i've been saying that since 2001 and it still hasn't happened.

Re:Please....

[TheGratefulNet]

for a few seconds, I took 'flash' to mean flash ram.

at least if you needed more ram, that's sort of defendable. non-volatile storage makes sense.

but adobe flash never EVER makes sense in *this* context.

Re:Please....

[rbrausse]

sorry - next time I will be more precise in my wording :)

Re:Please....

[vadim_t]

That page doesn't work. I get a 403.

quick question

interesting contest, but I searched and couldn't find an answer to my biggest questions:

does it run linux?

are there any requirements to use it in a beowulf configuration?

any requirement to be resistant to, and remain working, after having hot grits dumped on it?

should it support QoS by streaming naked photos of natalie portman at top priority?

Re:quick question

more importantly, what's the website number?

Re:quick question

[morgan_greywolf]

does it run linux?

In Soviet Russia, Linux runs YOU!!!

are there any requirements to use it in a beowulf configuration?

You have to welcome your new OpenWrt-running overlords.

any requirement to be resistant to, and remain working, after having hot grits dumped on it?

No, but I hear pants are still optional, but recommended for you.

should it support QoS by streaming naked photos of natalie portman at top priority?

Only if naked and petrified.

Re:quick question

[Eighty7]

I'm going to become rich and famous after i invent a device that allows you to stab people in the face over the internet -[SA]HatfulOfHollow

Re:quick question

[ScrewMaster]

I'm going to become rich and famous after i invent a device that allows you to stab people in the face over the internet -[SA]HatfulOfHollow

Bah. Why send a machine to do a man's job? If you want something done right ... do it yourself.

Re:quick question

more importantly, what's the website number?

Is that you, Biden?

the best routers I have seen

[ani23]

have all used cli

Re:the best routers I have seen

Nothing's stopping you from wasting your time, but for the rest of us who don't want to read the manual for hours, we'd rather do all the setup in 10 clicks.

Re:the best routers I have seen

I know that the rest of you will screw up the routing. Great to know that you'll do that while looking at a pretty GUI though.

Re:the best routers I have seen

Why would we screw up the routing any more with a GUI than without? Oh wait I'm sorry I took your baseless argument seriously.

Listen numpty, it's not that hard. If you're a serious user you won't screw up the routing regardless of whether there's a GUI or not. If you're not a serious user, then there's basically no routing to be done (3 standard routes for the average home) and I'm assuming OpenWRT is usable enough to set those up automatically.

Re:the best routers I have seen

[ani23]

doesn't change the fact that no network guy worth his salt doesnt give a flying fk about GUI. just not powerful enuff.

Re:the best routers I have seen

[troll8901]

for a while, i thought you had missed out a "t"

It is amazing how negative everyone is about this

[OverZealous.com]

It's not like it's your money! I currently use Tomato on one of my routers. I love the interface. I don't log in very often, mostly to check those fantastic real-time usage stats.

But when I do log in, it is nice to be able to find things quickly. I respect developers who take into account usability and style. In fact, I have basically no respect for those who discount it.

You probably can code circles around me. But in the end, the customer or user only sees the interface. They only see those "useless" graphics, and that "Web 2.0 Crap". Yet, a well designed interface will allow new users to appreciate the product faster, and hopefully keep them around.

Just because the majority of web developers suck at designing "web 2.0" interfaces doesn't mean that the problem lies with the "web 2.0" part. We'd have a lot less technology if we used that metric to measure a tools value.

Re:AND NOW A JOKE

Fail, you stole that from Full Metal Jacket, what an uncreative dumbass..

open source and usability

I think the comments so far some up one of the major issues with the open source world and usability. At this point most of the comments are saying "we don't want themes" and "it's fine the way it is". The usability of a device has NOTHING to do with being able to skin it or apply themes. Usability is all about making the device simple for someone with limited knowledge or experience to use. This means things like dimming or disabling options if someone chooses a checkbox for an item that is incompatible those options. If they choose to only run the device as 802.11b (god knows why, but humour me), then don't ask them to set up the security options that only apply to 802.11g and higher. Explain what the options do in plain English. That's what usability is.

Re:open source and usability

[MichaelSmith]

The usability of a device has NOTHING to do with being able to skin it or apply themes. Usability is all about making the device simple for someone with limited knowledge or experience to use.

The usability of slashdot seems to be in decline, while the reliance on javascript increases. Now maybe there isn't really a causal relationship there, but correlation is enough for many people.

Re:open source and usability

Yes, bad design and bad usability often go hand in hand. But simply holding up an example of poorly written javascript and css and saying "see, it all sucks" shows that you're still missing the point. That's like saying CmdrTaco and kdawson are bad editors, so all editors of websites are bad. You see the major flaw in thinking there? Just because there are plenty of examples of things done poorly doesn't mean that it has to be done poorly.

Re:open source and usability

[powerspike]

Couldn't agree with your more.

Also as a systems administrator, i like gui's, generally good ones allow me to get my job done faster, not slower, if I have to, I'll drop to cli, but in a good gui you don't have to, if the gui is written well for usability, you'll be able to cover 95% of what you need to do, and beening able to do that quickly and efficiently is the important thing

Re:open source and usability

[morgan_greywolf]

Why does everyone seem to hate the new interface? I like it, personally.

Re:open source and usability

[physicsphairy]

Who doesn't enjoy a program that, when you hover your mouse over an option, you get a description of what the option does and why you should use it?

"Contextual help" makes even the most alien programs a dream to use.

Re:open source and usability

[macshit]

I think the comments so far some up one of the major issues with the open source world and usability ... Usability is all about making the device simple for someone with limited knowledge or experience to use

No it's not -- that's merely one aspect of usability (other aspects include efficiency of use for an expert, etc). Whether it's the most or least important aspect depends strongly on the context.

Sadly, many UI creators do seem to emphasize this aspect way too much, often with strongly detrimental effects on other important attributes of the UI. Sure it's great to make your program accessible to beginners -- but if it's a program they'll use every day, and your UI is "expert unfriendly" (inefficient/limiting/unpleasant), then on balance, you've created a bad UI.

Re:open source and usability

[ScrewMaster]

Couldn't agree with your more.

Also as a systems administrator, i like gui's, generally good ones allow me to get my job done faster, not slower, if I have to, I'll drop to cli, but in a good gui you don't have to, if the gui is written well for usability, you'll be able to cover 95% of what you need to do, and beening able to do that quickly and efficiently is the important thing

I take it that you're a big fan of Regedit.

Re:open source and usability

[coryking]

If they added a browser-like address bar where you could type in the path to a particular spot, than maybe. If said address bar did tab-completion like a good shell, than "yes". If the search function used an index instead of what appears to be a sequential scan of the whole registry, then hell yes.

But really, I rarely have to muck in the registry.

Re:open source and usability

[ScrewMaster]

If they added a browser-like address bar where you could type in the path to a particular spot, than maybe. If said address bar did tab-completion like a good shell, than "yes". If the search function used an index instead of what appears to be a sequential scan of the whole registry, then hell yes.

But really, I rarely have to muck in the registry.

Couldn't agree more, and it's odd that given Microsoft's dependence upon the registry that they haven't really improved their primary management tool for the past fifteen years.

Unfortunately, as a Windows dev I spend too much time mucking about in the registry. It's a pain in the ass. It also annoys me that no matter how fast my machine, regedit always seems to take the same amount of time to search for something.

Re:open source and usability

[tom's+a-cold]

Usability is all about making the device simple for someone with limited knowledge or experience to use.

Better to say that it's about making easy tasks easy, and difficult tasks possible. Not original, but very much in line with my experience.

In some contexts, all you have is a population of power users. Their usability requirements are not the same as those of naive users of a mass consumer item. Horses for courses, that's the ticket.

Re:It is amazing how negative everyone is about th

[thermian]

In fact, I have basically no respect for those who discount it.

You probably can code circles around me. But in the end, the customer or user only sees the interface.

Actually you've hit on a major problem of programers that we don't like to talk about (well, except me, obviously..). The thing is, GUI design is a complex art, one that takes a long time to learn to do well, so its hard to be good both at visual interfaces and the often very complex code that they control.

I know this from my own work. I'm a pretty good coder (gosh, how modest of me). I can write code to just about anything, and charge a pretty penny to do so, but my ability to code a user interface is rather poor. Sure I know all the theory, but there's something extra you need, that 'eye for the visually pleasing' thats hard to cultivate unless user interfaces are what you do all the time.

I've used plenty of applications where the guy who wrote the backend code also coded the gui, and as a rule the gui is somewhat lacking. This is't just restricted to single coder projects, it also occurs when a project is full of able back end coders, and they build the gui to suit their own level of ability to use the code.

You can see this if you use Emacs. Nice though that software is in features, the interface is godawful, and actively prevents anyone new to computer usage or programing from using it.

"Simplicity and intuitiveness for the end user"

[fantomas]

"Simplicity and intuitiveness for the end user (both newbie and expert)"

Maybe this will be won by the most blinged-up interface but there's hope here that the competition organisers get some well thought out entries which help guide the users through the configuration of their routers.

Some installs are jargon heavy and just assume you know what all the options mean, little to no explanation or help. I've spent many hours sweating over some WRT GUIs that have (to me as a relative beginner) had meaningless options. I really really want to use these excellent installs but I get really put off by zero-to-poor documentation or explanations of what all the options are.

A simple interface with excellent documentation and guidance would be worth the prize.

Re:"Simplicity and intuitiveness for the end user"

[bendodge]

I suspect that for $160k there will be some competent thought put into the judging.

Flash based

[Dan+East]

Can it be Flash based? I've got some cool ideas involving fancy animated text effects and transitions that would be really useful for a router interface.

Re:Flash based

[ScrewMaster]

Can it be Flash based? I've got some cool ideas involving fancy animated text effects and transitions that would be really useful for a router interface.

Gah. I think I'm going to be sick. Yeah, you earned that +5 funny.

Re:Flash based

[RoundSparrow]

Yes, the router has 16MB of flash memory, just like a SU SLINUX Disk (SSD).

Re:Flash based

[swillden]

Duh, I'm slow tonight. I almost started typing a reply asking wny it matters how much memory it has, since flash runs in the browser, not on the server.

Re:Flash based

[Joe+U]

Strangling the developers of a Flash based router UI would be considered self defense in most of the world, wouldn't it?

On the other hand, think of the possibilities! Themed routers that talk to you. Strong Bad could tell me that my firewall configuration is stupid, or how abou *grrk*

Re:Flash based

I think this is a terrible idea. You should not require the user to have flash to configure their router.

Re:Flash based

You think you're joking, don't you? dd-wrt actually uses flash in it's web interface.

By popular demand

[snsh]

Open-WRT needs a Redmond theme. Bonus points for defaulting to Aero theme, which the user immediately disables, reverting to Redmond theme.

Re:By popular demand

[RiotingPacifist]

It apears you are setting your router to local channels, (this is not supported by the shitty windows drivers included with many wireless chipsets). cancel or deny?

Re:It is amazing how negative everyone is about th

[physicsphairy]

You can see this if you use Emacs. Nice though that software is in features, the interface is godawful, and actively prevents anyone new to computer usage or programing from using it.

What would you honestly change? 99% of the feature set is packed up in control sequences. If you're using the GUI at all one would have to wonder why you are using Emacs. Vi doesn't even bother.

I understand the point you are making but Emacs is really not the program to pick on because it has a *fantastic* User Interface for programmers--which is the entire point of the program. No your grandma will not be able to point-and-click her way through writing a new database application, but I think that is ok.

As far as "new programmers" go, I would say (i) if they can't easily get through the included Emacs tutorial, programming is probably not going to work out for them (ii) they should not start off in Emacs anyway. Emacs solves a lot of problems but until you've written your first big program you're unlikely to have much appreciation for its features.

If you really like CLI and have decent knowledge

[Darkk]

If you really like CLI and have decent knowledge in networking then give Vyatta a try. No GUI at all.

I've tried it and it's not too hard. Just have to pay close attention to the syntax or you'll screw it up.

GUI in routers do provide a quick glace as to what is going on. High end Cisco routers do NOT have a nice web-gui as it is entirely CLI based except for some home versions of the PIX.

I personally use DD-WRT v24 SP1 in all of my wireless access points (they're really routers but I turned those functions off) and never skipped a heartbeat. I got a Linksys that been running 6 months solid without a single reboot as DD-WRT is meant to be set and forget type thing.

I do wish peeps luck in this contest as we all could use the money.

Any support for USB Modems?

I'd like to find an affordable (US$80)router to use my Merlin V640 ExpressCard EVDO modem. I have a USB adapter for it that works, so other than the Kyocera KR2 Mobile Router (now $188) and similar, do I have more choices?

Re:If you really like CLI and have decent knowledg

[RoundSparrow]

RE: "If you really like CLI and have decent knowledge in networking then give Vyatta a try. No GUI at all."

OpenWRT has "no GUI at all". it is an optional piece when you build the firmware. It has all the settings in /etc/config/ tree. There is a command-line program called UCI that allows you to easily edit them. The GUI's get built on top of that typically.

There are at least 3 installable package GUI's available that I know of: X-WRT, LuCI, Gargoyle. But people have used it for years and years without a GUI.

OpenWRT's is really great at being portable to many routers and CPU types. They spent a lot of time investing in the long-term and not worried about the visual fluff.

Re:PMR

Pimp My Router.... that's an awesome idea

The future or routers.

[Krneki]

I'd like to see an open-wrt router firmware with.

8+ - eth ports for multi wan (load balancing and failover)
8+ - port USB so I can attach everything

Different size distribution so we can choose what to install and a nice auto-update to support all the devices.

Re:The future or routers.

[lamapper]

I'd like to see an open-wrt router firmware with.

8+ - Ethernet ports for multi wan (load balancing and fail over) 8+ - port USB so I can attach everything

Different size distribution so we can choose what to install and a nice auto-update to support all the devices.

Good idea and I agree with you!

For those who are not aware, you can get this very cheaply with DD-WRT + multiple router / firewalls or a router/firewall + network hubs.

Just combine a typical 4 port firewall/router that supports and will run DD-WRT, use VLANS and either a second router or a Gigabyte hub...thus port 2 + VLAN1 could be one 8 port gigabyte hub; port 3 + VLAN2 + second 8 port gigabyte hub; assign port 4 + 3rd 8 port gigabyte hub + VLANs. Since VLANs normally start at zero VLAN0, assign that port to a computer and or segregated network for monitoring of the hub and put all your WiFi traffic on this port to the Internet service provider. Thus you segregate your local area network from the WiFi part, thus you can have your port free and open, even charge if you want and make some money, although most just leave it open. And no you do NOT advertise this fact to your ISP.

VLAN0 - All Wifi + Internet (throttled by you as you see fit, so that your usage always gets priority over any other user that does not live in your household) + Quality of Service (QoS) + separate LAN address and PC to monitor everything, pushing this traffic off the LAN and if setup correctly can monitor for Trojan horses installed thanks to buggy browsers, applications and operating systems from proprietary vendors.

VLAN1 - 8 port gigabyte hub - Internet (with priority given to this LAN segment over VLAN0, QoS so that your VoIP gets priority over anything else...thus your phone calls are always clear without interruption

VLAN2 - second 8 port gigabyte hub - Internet (also priority over VLAN0

VLAN3 - third 8 port gigabyte hub - Internet (priority over VLAN0

With that setup you would have 25 ports through that one 4 port hub....doubt you would need that many. The best thing is that you can offer FREE WiFi and prevent users of this FREE WiFi from seeing the rest of your Local Area Network by segmenting the VLANS.

By segregating your Local Area Network, you can offer FREE WiFi without concerns from crackers, phishers and scammers. By definition, hackers will DO NO HARM.

Encourage everyone to open up their WiFi and stop the FUD by those that ONLY want to offer us less than what we already pay for....

The telcos have accepted billions of our tax dollars to build out fiber to our homes, but give us excuses instead. Many other countries have had 100Mbps / 100Mbps since 2000. Japan is starting to implement 1 Gbps / 1Gbps for less than $55 per month NOW. How much are you paying for less than 2 Mbps? Even FIOS will NOT give us more than 45 Mbps and its 2009, is that really a solution?

While the typical router and firewall routers do not have more than 4 ports, you can use VLANs to separate out those four ports. Considering that the lowest priced DD-WRT router is around $35 - $65; you could just extend from 4 to more by chaining + VLAN with additional Router / Firewalls instead of network hubs.

IMPORTANT NOTE about LINKSYS routers: The new ones coming on the shelves since December 2008 DO NOT allow you to use the DD-WRT software. Make sure you ONLY purchase a DD-WRT supported router!

Here is the page showing which routers support DD-WRT; I recommend those reading this that you get one that will support t

Modern Rosewill hackable routers, 802.11n support

[Ostracus]

You don't have openfirmware for this* router.

*Clue: This is a house brand.

I like LuCI

[kshade]

I don't know, LuCI seems pretty good to me and is a good choice for people who actually know about the technical stuff but don't want to do everyting in the CLI. Basically, it's nothing more than a graphical add-on for uci (the OpenWRT configuration manager) that shows you what options are available and what they do. Oh, and the live network/CPU load diagrams are a nice touch too.

Re:I like LuCI

I LOVE Lucy.

Re:It is amazing how negative everyone is about th

[thermian]

As far as "new programmers" go, I would say (i) if they can't easily get through the included Emacs tutorial, programming is probably not going to work out for them (ii) they should not start off in Emacs anyway. Emacs solves a lot of problems but until you've written your first big program you're unlikely to have much appreciation for its features.

I get where you're coming from but when I was a post grad teaching first year students my experience was that that they found Emacs to be uncomfortable and used it only when the tutorial sheets required them too. Most of the time the dominant linux text editor in use by students I taught was kwrite.

160k could hire them a good designer (or ten)

[billcopc]

It's cute that they're doing this the open-source way, but realistically they'd be better off hiring a few designers and letting them fight it out. Maybe I'm jaded from years of Linux adminning, but I have absolutely no faith in the graphic abilities of network geeks, myself included.

Re:160k could hire them a good designer (or ten)

[jonaskoelker]

but realistically they'd be better off hiring a few designers and letting them fight it out.

I heard someone say that "Nobody ever made statues of committees".

I think the money would be better spent one one good designer and what's left over on doing good usability tests and iterating the design and implementation process.

- Jonas

Re:160k could hire them a good designer (or ten)

[ScrewMaster]

I heard someone say that "Nobody ever made statues of committees".

Well, there was that whole Iwo Jima thing.

Re:160k could hire them a good designer (or ten)

[eclectro]

Actually "the whole Iwo Jima" thing was an unscripted spontaneous moment in war that was captured by a photograph (that won a pulitzer), from which statues were made. So, to say or imply that it was designed by a comittee would be entirely false, and wildly escapes the parameters that the idiom was meant to describe. Espically if you are aware of the video

I think that most people identifies a truism from their own personal experience, and this would be one case. Who hasn't been associated with a committee or group of people that get mired in their decision process (evidently besides you)? That said, every truism like anything else might have it's exception. The first thing that pop's into my mind is the Draper's guild who managed to get a Rembrandt of themselves painted, even though they were the ones that probably commissioned it!

Don't mean to get pedantic, but you asked for it.

Re:160k could hire them a good designer (or ten)

[ScrewMaster]

Don't mean to get pedantic, but you asked for it.

Dude, a. it was a joke, and b. I included a link to a detailed history of the entire offensive. I figure that would forestall any attempts at pedantry, but I see I was wrong.

Re:160k could hire them a good designer (or ten)

Yeah. Totally unscripted. Sure.
Come on, six guys dramatically raising a flag on a pole that couldn't have weighed fifteen pounds max? Seriously, you could balance that flagpole on your little finger and they're acting like they're manually raising a telephone pole. You do understand about posing for pictures right? Now, it was all meant to be symbolic of the struggle to reach that point, and I'm not trying to sully the struggle in any way, but I would call a group of guys, even if they're soldiers away at war, who get together and plan an elaborately posed flag raising specifically to produce a photo like that a form of committee.

Re:160k could hire them a good designer (or ten)

Hmm, checked it out myself and it looks like I was wrong about the weight. It looked like a wooden pole, but apparently it was actually scrap pipe and weighed about 100 pounds. Still I'm pretty sure I could raise it myself and I'm not in the best shape and they were a group of battle ready marines. It was posing, plain and simple. Once again, not a bad thing, but not a spontaneous photo either.
Going back to the topic of statues of a committee. How about the statues at the constitution museum. Now there's a statue (or, rather, a set of statues, of a committee. A very important one that wrote some very important documents, of course.

Know what SOHO means?

[iris-n]

The majority of the posts seems to be sneering down in elitism to these poor folks that don't know how to setup a router in the CLI and, god forgive them, try to setup their home network by themselves, without paying a sysadmin to do the work.

Yes, a sysadmin that can't configure a router without a good GUI should be hanged by the neck until death, but last time I checked, the majority of the routers supported by OpenWRT were SOHO ones.

Do you really expect people that just want to setup a minimal network of maybe a printer, one desktop and two lappies to read RFC 1123?
One shouldn't need to. Yes, networking is interesting and useful, but not everyone wants to be an expert on it.

I have seen a physics PhD setting up a wireless net for his lab with WEP, because the list of protocols was sorted alphabetically and it came before WPA. Well, he should have told the lab's undergrad to do the job but, nevertheless, a good GUI would at least put an (deprecated) near the option.

He wasn't being dumb. Would be if he put a short common word as password. Even if he didn't knew about dictionary attacks, common sense would have told him that they're easy to guess. Actually he chose some interval of the digits of pi because it had high information entropy. But how could he know that the router would offer an insecure option to him or which 3-letter acronym was better?

Re:Know what SOHO means?

[coryking]

Why modern routers even offer WEP is beyond me. All the stuff I've touched seems to want to place WEP as the "standard" and so people who don't know the acronym soup will pick it over something more secure and usable (no hex passwords) like WPA or WPA2.

It is too bad the protocols all suck. Ideally the access point and the wifi cards would auto-configure in a way that allowed for the strongest encryption possible between the two. However, 802.11a/b/g doesn't offer that, instead forcing you to pick one.

Re:Know what SOHO means?

[thalassinos]

Routers supplied by your telco/ISP are set up for WEP because it saves them support calls.

If their (clueless) user has old hardware which only supports WEP and it does not work with their shiny new router, they will call support or, worst yet, will simply cancel their contract and go to another ISP whose router defaults to WEP and works (for them) out of the box.

All devices which support WPA/WPA2 support WEP. Some ancient devices support only WEP. They target the largest number of devices, therefore the routers default to WEP.

I suspect that is also the reason some manufacturers default their security settings to WEP. If a user buys a router set to WEP but his ancient laptop is only capable of working with WEP, he will not be bothered to properly troubleshoot the device but will simply return the router back to the store because (for them) it does not work and the store will exchange it with another brand which (probably) defaults to WEP and it will work with his setup.

In short:

- Number of devices supporting WEP > Number of devices supporting WPA2 => Default to WEP

- WEP = Less support calls

- Inertia feeds WEP

Re:Know what SOHO means?

[MoreDruid]

I guess what everybody is also forgetting is that most people *don't flash their firmware!* The ones who do have at least a basic understanding of what they are doing in the first place, so you won't have to explain everything. This GUI thing is probably geared towards the end-user who has a geek relative/friend that set them up with the initial flashed product, so they can add a MAC filtered device or change some firewall rules. I think the best tradeoff in this is a basic interface with few options like adding a firewall rule, port forwarding, MAC address filtering and statistics. The rest should be put in the advanced interface designed to look a bit intimidating so a user that clicks "Advanced" (and they will!) is encouraged back towards the basic interface so they won't break anything easily.

Re:Know what SOHO means?

[coryking]

I can see defaulting to WEP from the hardware standpoint, but the "enter a HEX key"? Does it still do that? it would seem to me that the second I have to write down a hex key, I'd just can the whole thing and go unencrypted. That or call support.

In other words, doesn't the fact that WEP sucks to configure increase support calls?

Re:Know what SOHO means?

[Gothmolly]

Your use of the term 'lappies' invalidates your entire existence^Wpoint.

Re:Know what SOHO means?

[thalassinos]

My ISP/telco supplies its own router (usually Alcatel Thomson SpeedTouch). The router is configured for WEP and the WEP password (different for each device) is printed on a label affixed on the bottom of the device. Also, the AP name is different for each device and it is also printed on the label.

The users know that in order to connect wirelessly, they only have to pick the AP and enter the password printed on the label. It is simple and (usually) problem free, therefore it minimizes Help Desk calls.

I understand that this is a serious security risk but my telco does not seem to care: it is a security risk FOR THE USER but it saves money FOR THEM.

Unfortunately, 99% of all users simply do not care/do not know better and so they do not change their router password and do not change the encryption to WAP.

Re:It is amazing how negative everyone is about th

[ScrewMaster]

The thing is, GUI design is a complex art, one that takes a long time to learn to do well, so its hard to be good both at visual interfaces and the often very complex code that they control.

You hit the nail on the head. It's an art, and that means that, when all is said and done, it's the guy with the eye who polishes the job. Programmers can follow all the user-interface design rules laid down in the multitude of books on the subject, but if they don't have the touch, what they'll come up with may be functional, but will still look like crap. It's as inevitable as the tide. Good coding can be an art as well ... it is by no means always thus, but some developers do carry their work into the realm of true art.

Look at the history of video game development. Early products were as you describe: often designed by single coders, or maybe a team of coders. That worked, because the hardware was too crude to allow an artist to do much with it, although some companies did hire animators. Blocky programmer-drawn graphics were acceptable because that was about the limit of the equipment. However, as the resolution, color space, and processing power of graphics systems improved, you began to see specialization occur in game development. Much as happened in motion pictures decades before, the evolving complexity of the products demanded an expanding team effort. Designers, coders, artists, animators, level designers, writers, play testers, quality control testers, a whole host of wildly different disciplines are now required to produce a single game.

It's no different in the world of Web development. You need a team, with people capable of handling overall design responsibility, documentation (something coders are notoriously bad at doing), back-end requirements, the GUI, and many others. It's easy for developers who have no talent for user interface work to dismiss such as unnecessary glitz. Understandable, but entirely wrong when talking about software that is marketed or used by the general public (like a Web site.) Furthermore, in the real world people (especially people who write big checks) are impressed by a polished, well-written GUI.

Personally, I've spent almost thirty years in this business, and I started out doing largely embedded-type stuff for the game industry, and eventually got into doing higher-level graphics and artwork. Then I got into manufacturing and control systems, and discovered that users like software that is attractive, not overly-complicated for the problem it purports to solve, and above all does the job. The years I had spent learning graphic techniques paid off handsomely during that time, since my competitors generally couldn't draw their way out of a shoebox.

In any event, I found that while I had successfully worn a number of hats as an application developer over the years, it was getting harder and harder to be a solo act. So, nowadays I'm not, I work with lots of other people, and I've found that my skill set is complementary to many of them. It works out well, if you have a good team.

CLI

IMO, the best router interface is a CLI.

Says who?

[coryking]

small

Says who? If it is cheap enough (and energy efficient enough), why not throw a damn Core Duo in the damn thing and use powerful statistical magic to figure shit out?

"Fast and small" for "fast and small"'s sake is old school man. Nobody gives a rats ass about wasting CPU or memory. The computer works for us and what you should really be concerned about is saving *our* CPU cycles and memory--not the computer.

<blockquote>I am really tired of the "ooh shiny" becoming far more important than functionality lately in both projects.</blockquote>
Your definition of "functionality" is too narrow to be of use. If you broaden your definition to include the user experience, "ooh shiny" matters a whole hell of a lot. Contrary to some, presentation matters almost as much, if not more, then your very narrow definition of "functionality".

Re:Says who?

[dltaylor]

I'll treat your response as one from ignorance, rather than from stupidity or insanity.

#1 it's for a cost-sensitive market, not gamers. USD $0.20 MATTERS, because by the time the costs are multiplied up the distribution chain, it will make a real difference in sales volume. You want to put in the least-expensive hardware that meets the target requirements (with a bit of headroom for last-minute spec changes). No one will see the GUI until after they've bought it, and if the cost delta is too much, they simply won't.

#2 "presentation", simply for the exercise of "presentation", is the equivalent of masturbation, fun for you (presumably), but not for bystanders. "presentation", in the sense that you present the features of the device in either a familiar way, or readily discernible new way, causing the user a minimum of confusion, cognitive dissonance, and frustration is paramount. Once that's accomplished, apply some aesthetic sensibility, but do not degrade the functionality to do it. Requiring, for example, that the user enable hideously insecure Flash, or javascript, for example, to deal with a security device is very nearly a definition of insanity.

Re:Says who?

[coryking]

1) obviously. Even a penny matters. I've got friends in the CPU business. They brag about removing a couple resistors on some PCB to save half a cent per board. However, I suspect people do buy a new router every few years (gotta have 802.11/xxyyzz after all!). They will choose the next one based on prior experience. I used to buy Netgear routers religiously until I bought some goofy looking white one that crashed every day. I'll never guy a netgear router again. Likewise, if the interface sucks, odds are good somebody won't buy that brand again.

2) We agree. But I'll debate requiring javascript--done properly it could significantly enhance the usability of the device. Flash? Couldn't do it even if you wanted--what if you were configuring the router using a new computer that doesn't yet have it installed? You couldn't download it until you configured the router, and you couldn't configure the router until you had flash. Oops!

Easy and Good to look at

[olddotter]

My guess is that they want it as easy to use and configure securely as possible. Its time to ask yourself, what would Steve Jobs do?

Naw...

[coryking]

So many users want to perform tasks they don't understand and they want this to have good results each time.

Maybe the task is needlessly complex? Why should somebody connecting to a access point need to configure which encryption protocol to use? Why should the damn WiFi card and the access point negotiate automagically and *pick the damn best one they both support*?

^ this space reserved for replies telling me that the protocol doesn't allow it. Well you know what? The user isn't broken, the protocol is. 802.11/whatever is horribly insecure because the protocol doesn't fucking handle the encryption for you. Let me pick a key on the router, type it into the laptop, and the damn things can pick WAP, WPA, WEP, WAZOO or whatever the fuck some encryption dudes dream up all on their own. As long as it works and is secure, I dont really care what the hell protocol is used.

Blame the user is arrogant, stupid and is increasingly a black mark on employment. The world expects the programmer and the designer to do everything for them. That is the market. Deal with it. Programmers who design usable stuff will find their skills highly desired. Programmers who say users are spoiled children will rapidly find nobody wants to hire them.

You know who to blame? Blame the designers and programmers for not understanding what the goals and tasks are. Blame the designers (or lack thereof) and programmers for not removing all the roadblocks in the way of accomplishing said goals and tasks.

Honestly, the real reason programmers get bent out of shape (*cough*aside from the weird vibes coming from those still in the computing stone age like RMS*cough*) is that programming a usable interface is very hard. Lots of edge cases and you can't catch all of them. Really, the shit is hard and no silver bullet will ever be found that makes the hardness go away.

Re:Naw...

[coryking]

And just to back my shit up... the fact that slashdot even has options about how to interpret what I type is stupid. Where is the damn rich text editor everybody else has. Why do I have to format the code on my own? What the hell is "extrans" anyway and why isn't it picking up my blockquote.

Re:Naw...

[atraintocry]

I guess the hard part is the "working and secure" bit then. I think you are generalizing too much.

Networking used to be horrible. Different protocols, different hardware. Lots of fads, each as much as a pain to set up as the last. No point and click email server wizards. Site-to-site was by modem, not VPN. When men were men and the cable was coax, that sort of thing.

It has gotten to the point now where you have a router, modem, AP, and switch in one, for $50 or something. Network speed is automatically negotiated. Everything full-duplex. That's if you're actually running cable. You don't even have to anymore. The protocol is all TCP/IP, so there's no need to worry about having matching hardware as well as software that can speak those protocols.

If a user can't set up a 2009-era consumer router/switch/AP/toaster, there's nothing wrong with that, but they need to pay someone to do it for them. Because it's about as magically automatic as it's gonna get.

People that come on here and complain about networking not being easy enough must not remember a time when your OS didn't do the connection troubleshooting for you. So yeah, in general we can always strive to make things simpler, but specifically, how is it going to get simpler than "plug the blue wire into the port on the left and turn your laptop's radio on?"

Re:Naw...

and I want a pony. somebody call a whaaambulance.
also, fuck you :)

Re:Naw...

your sig says it all... it's chrome's fault that you can't spell and can't be bothered to learn how.
it's a protocol's fault that everything doesn't automagically connect you the the internets.
it's a programmer's fault that computer interfaces are too hard for you to learn.

i bet you're pissed off a lot. stupid car that won't drive itself, damned bed that doesn't make itself, fucking pr0n that won't jack you off...

Re:Naw...

It isn't as simple as that. Why can't I sit in the cockpit of a Boeing 747 and fly it? It's too hard! Obviously, it's Boeing's fault that flying a plane is hard.

Even scaling it down - a computer is far more complicated than a Cessna, yet nobody can fly one of just sitting in a cockpit either.

Actual understanding is required to use some tools correctly - networking infrastructure is one of them. There are computer security decisions that end users cannot sensibly make informed decisions about.

Yes, some routers could make it easier. But no user interface in the world can make up for a lack of user understanding. And user interfaces that try often get in the way making it impossible to understand what is really going on.

Would you want to drive over a bridge designed by someone that treated civil engineering software with this same attitude (the tricky bits are all the program writer's fault), or someone that actually understood the concepts and used the program as a tool to do that design?

My point is that it's extremely arrogant to say programmers 'have to remove all roadblocks' - they, simply, cannot. It is stupid to try; but people/marketing departments force them to anyway. However, yes, programmers are beholden, I feel, to remove roadblocks that are artifacts of their design and implementation (as opposed to artifacts of reality.)

Yes, programmers should make their systems as simple and robust as possible - they should work with the user, not against the user. And, yes, there are times when protocols should be simpler. (usually it's designed by committee or too many people wanting their exotic case implemented, something that only they ever want to do. But, thanks to them, there's a pile of extra nonsense and settings in the protocol that nobody else ever wants). Things should be as simple as possible, but no simpler.

However, nobody complains that a chain-saw can, in the hands of someone that doesn't understand what they're doing, take an arm off.

Re:Naw...

[Team503]

Actually, the flying part is really easy. It's the navigating and legal stuff that's a pain. Takes about thirty seconds to master the controls of a Cessna; 45 if you deal with flaps.

Re:Naw...

"plug the blue wire into the port on the left and turn your laptop's radio on?"

And then bridge the "Local Area Network" and "Wireless" connections - it's trivial in WinXP.
Voila - instant switching loop!

Just making a joke. You have a nice day. :)

(Goodbye, karma!)

Re:Naw...

[atraintocry]

We wired our new building with two LAN ports in each office, for network printers. Day 1 was fine. On day 2, I had to rush in early because the network was completely down. During the move I made damn sure everything was perfect, but there's always something that can go wrong.

Someone realized that they had a small switch with the stuff they moved from their old office. They didn't know what to do with it, so they plugged it in in the new room. Naturally, they plugged it into both ports.

Apparently STP doesn't do a thing if some of your gear doesn't speak it. I consider it my fault for not remembering that they had the switch and chucking it before the move.

Re:Naw...

[troll8901]

I too don't realize STP must work on both switches. Thanks for relating the story to us. Hope it doesn't happen again.

(Yes, I'm the AC who made the cheap joke above.)

It's not that easy

It looks like the overall discussion quickly drifted away from the actual topic and the further degrades into insults and endless discussions about cli vs. gui / enduser vs. professional etc. But hey, this is slashdot so I think it's expected.

Anyway, I think that most people miss the point here. The challange is about to implement a (new) gui for the Ubiquity Router Station, based on AirOS which is actually a snapshot of the OpenWrt Kamikaze trunk with some patches added for board support and another proprietary hal to drive the Atheros cards used with the board.

The RouterStation is not exactly a SOHO device, it's a bare embedded board featuring a fast MIPS cpu and three MiniPCI slots, POE and some other fuzz.

It has higher specs then the average Broadcom gear and is intended for larger infrastructure deployments, like wisps etc.

So far on the target hardware. Since one requirement is to use OpenWrt/AirOS as base operating system, one can rule out Tomato (which ppl quickly suggested) since it's built on top of the former disclosed Linksys SDK for WRT54G devices and relies heavily on a Linux 2.4 kernel to use bcm43xx wireless phy. Part of the original Linksys firmware design was the use of nvram as central configuration storage which is abandonned in nowadays Kamikaze releases. Anyway - I think it's nearly possible to rip the gui off an existing firmware project and refactor it to run on top of OpenWrt, it would be easier to just start from scratch.

Now the list of required features is pretty long and includes stuff that's not present in (half) open source firmwares like Tomato, DD-Wrt or OpenWrt. It includes things like bgp/ospf routing, bonding, snmp or layer 2 firewalling (ebtables, arp nat ...) just to name a few. That are things a normal ui designer can't draft without the support of one or more networking experts who actually know whats this about and how it's done properly. Some of that features also are inherently complex and can't be fully abstracted away with some fancy ui elements and a short help text on each page. On the other hand an ui allows to present complex relations like traffic flow, qos behaviour, wifi signal stength etc. in a visual way that can't be accomplished with a cli-only interface.

The to-be-developed ui is not intended for casual users that just want to hook up a bunch of computers and get into the internet. It's also not intended to be used by people who don't have a clue about networking or don't want to learn about the principles of the involved technologies. You have to keep in mind that the interface should be able to handle multiple wifi cards with multiple wireless networks each, that it should ease the setup of complex network configurations without limiting the amount of possible options. It's also not about a fancy web 2.0 portal or shiny flash interfaces, just to please possible customers.

Imho the ui should also be designed in such a way that it allows a smooth coexistance with cli-based workflows. Neither Tomato nor DD-Wrt provide such abilities since the underlying system is optimized to be used by the ui and hardly intuitive to use via the cli. Think of it like the relation of Linux and Xorg. You can uninstall all X related stuff and still have a functional system where you can access all resources etc.

Another fact to worry about is the portability of such an ui - if one wants to make it into a generic interface for OpenWrt, it would have to support a wide range of hardware from simple Linksys boxes to X86 gear like Avila or Alix boards, tt would have to support wireless configuration for madwifi, legacy broadcom and mac80211 based wireless drivers, each with different ways of configuration. Oh - and it should support kernel 2.4 and 2.6 which becomes a real pain if one relies on sysfs for state information.

Also the choice of the programming language and framework matters, one could go ahea

Re:It's not that easy

[RoundSparrow]

A great response. I wished you hadn't posted anon so there could be follow-up to your experienced insight. I think it would be very helpful to the OpenWrt community as a whole to really detail what hard tech the project requires that is absent from current Trunk. For example, the bonding you mention.

I personally encourage anyone to build this on OpenWRT trunk and not the AirOS fork. I don't see a single mention of AirOS on the pages, did I miss it?

The contest, at minimum, is free marketing for OpenWRT. I'd like to see companies add to the prize amount with secondary joins to the contest.

Re:It's not that easy

[RoundSparrow]

I have taken some of what you say and started to compile a list on the Ubiquiti contest forums.

http://ubnt.com/forum/viewtopic.php?t=8884

Regarding some of what you say as an OpenWrt user: I personally think any new UI should be 2.6 only and only ath5k/ath9k (no madwifi). This is complex enough, supporting these out of date platforms when a new Trendnet router has ath9k and 400Mhz CPU for $25 to $45 is available. Kenrel 2.4 is on the way out, FINALLY, b43 has already been the push of Kamikaze 8.09 release.

Re:It's not that easy

[RoundSparrow]

anon says: The challange is about to implement a (new) gui for the Ubiquity Router Station, based on AirOS

If you read their forums, this has been explicitly debunked. They say OpenWrt. See:

http://forum.ubnt.com/forum/viewtopic.php?t=6734

I think any wise developer would go with OpenWrt Trunk and update every month or so during development.

Re:It's not that easy

[troll8901]

A great response. I wished you hadn't posted anon so there could be follow-up to your experienced insight.

Totally agree. If only he posted under his name, and if only we can mod him +50 Insightful.

Re:If you really like CLI and have decent knowledg

[scottv67]

GUI in routers do provide a quick glace as to what is going on. High end Cisco routers do NOT have a nice web-gui as it is entirely CLI based except for some home versions of the PIX.

Well, the PIX isn't really a *router*. But as long as you mentioned the Cisco firewall product line (which includes the ASA), have you tried ASDM? It's maturing into a pretty useful way to admin a Cisco firewall through a GUI.

http://www.cisco.com/en/US/products/ps6121/index.html

When you said "home version of the PIX", I assume that you are referring to the PIX 501 and possibly the 506. Those devices can run the PDM GUI interface which is kinda clunky.

Good logic for any purposeful device.

[RulerOf]

If only the iPhone had a more useful CLI and ditched the glitzy interface, it could be the best phone on the market!

Vender?

Editors, do your fucking job already. It's vendors -- you even have it quoted.

It's not that costly.

[Ostracus]

All good points and one left out. One needs to purchase the hardware in order to be in the game.

Re:It's not that costly.

[RoundSparrow]

Man, people are so jaded here. Stop spreading misinformation. The company is giving free routers to contestants. These guys clearly seem to GET IT. But the attitudes of some in the Linux community make it seem like nobody should even try new ideas and all open source work should only be done traditional ways.

An yha, as soon as you start giving away free routers for entering a contest - guess what happens. People sign up for the free router with no intention of doing any programming. So they rightly have to evaluate how serious a entrant is. But they ARE providing free hardware.

And you can ask someone nicely on OpenWrt to help test and give feedback on your firmware. People who enter the contest are releasing their work to the project at the end, why wouldn't I want to assist them? Not everyone is selfish.

Re:It's not that costly.

[Ostracus]

"Ubiquiti reserves the right to limit the complimentary distribution of RouterStationsâ to the first 20 registrations if it so chooses. All other contestants are responsible for the purchase of their own RouterStationâ or any additional products."

Well let's see. First 20 entries and contest started about two and a half months ago. Gee what do you think will happen?

WRT54G(S) v5 and above...

[PCMeister]

While slightly OT, I took a moment to seek out possible alternatives but it seems DD-WRT is still the only 3rd-party firmware to solidly support the WRT54G(S) v5 and above. Is any fellow /.'er aware of firmware that would work well with v.5 and above considering that friends and family happen to have purchased the newer/stripped down versions.

Re:WRT54G(S) v5 and above...

[Mantorp]

I haven't found anything else and would be interested in what you find. I have dd-wrt on mine (WRT54GS v5) in repeater bridge mode and it's hit and miss. Works some days, others not, but it might be the fault of my AT&T supplied not so configurable main router.

It's even more complicated than that

[melted]

>> there's something extra you need, that 'eye for the
>> visually pleasing

Not only you need "an eye" (i.e. the discriminative system in learning theory parlance), you also need the ability to come up with something new (i.e. the generative system).

I have "an eye". I can tell whether something is good or not, and can convincingly explain why. I can suggest improvements to an existing interface and explain how they will improve matters. I just can't roll a good UI from scratch.

Re:Modern Rosewill hackable routers, 802.11n suppo

[repvik]

The brand doesn't matter. What chipset is inside matters. And even though there are thousands of different routers to choose between, there are less than 10 chipsets they are based on.

Copyright

[hdon]

The rules of the contest say this:

Required elements for web interface pages:

• Full description (requirements)
  • Required elements for web interface pages:
    • Copyright - use "(C) 2008 Ubiquiti Networks, Inc. All rights reserved." as non-intrusive text

Does this mean entrants do not own the copyright to the web design portion of the contest?

(Btw, in case you thought this was just about adding a web-based front-end to an existing product, think again: this is about designing intuitive user interfaces for complex networking options. Not a trivial task.)

Re:Copyright

[RoundSparrow]

This has had considerable discussion on #OpenWrt IRC. I am not a lawyer or a certified license person. I just been in field and try to get along with this like most educated users.

My take on this:

1) They want you to transfer copyright as an employee or contractor would in USA. This would allow them to add additional licenses or what if they wish (fork the project), as they would be the official copyright holder. There is plenty of stuff in the Linux kernel that is copyright Atheros or IBM. So I don't see much concern here.

2) The open source license clearly gives you the ability to keep working on the code after you give it to them (anyone can). but I guess this would restrict entrant author from offering it commercially and open source (say how MySQL does). AGAIN, no different than I see if you work for a company as an employee and the company has copyright and your job ends.

3) I think the notice they request is not well thought out. But discussion of GPL, Apache licenses seems to me that there is no requirement that anyone keep visible output copyright notices. Only discussion of keeping copyright notices in the source code. So instantly upon release of the code one could have a patch to remove the copyright notice and ubiquity specific graphics icons from the code base and re-release it as a neutral extension to OpenWrt.

3a) I think that they should amend the rules of the contest to have it say "PORTIONS copyright" instead of absolute. It is offensive to the OpenWrt people to make it appear as if shows only one. I think this is just an oversight on Ubiquity part in contest rule. It isn't like they take this directly from contestant and release to their customers on routers - it probably go through a beta and update cycle where such issues are fixed.

I agree with your comment that it isn't trivial. But nor is $160,000 trivial to many people throughout the world. And I encourage other router and Linux vendors to consider joining the contest adding their own money. Why not add another $20,000 and a company do their own evaluation of entries and pick who they think is best?

Re:Copyright

[hdon]

2) The open source license clearly gives you the ability to keep working on the code after you give it to them (anyone can). but I guess this would restrict entrant author from offering it commercially and open source (say how MySQL does). AGAIN, no different than I see if you work for a company as an employee and the company has copyright and your job ends.

That is my point, actually: if I don't win the prize, can I not rebrand it for another company?

Re:Copyright

[RoundSparrow]

That is my point, actually: if I don't win the prize, can I not rebrand it for another company?

It is an open source license, ANYONE can rebrand it! The logos and text can be changed. The source code must retain previous copyright notices.

Re:Copyright

[hdon]

But as you said before:

They want you to transfer copyright as an employee or contractor would in USA. This would allow them to add additional licenses or what if they wish

If I did not own the copyright to any part of my submission, I would not be able to transfer the copyright to a third party.

Usability?

[nloop]

I'd say it's because DD-WRT has a nice GUI and is easy to configure... OpenWRT, not so much.

I use a wireless router as a repeater, and upon searching for which firmware version I would like to use, I found that:

DD-WRT you click repeater, set the SSID of the source network, the SSID of the new repeater network, and assign it a WPA password. Done. Happy point and click. (source: I did it.)

OpenWRT I found that you have to edit the /etc/config/network and /etc/config/wireless, adding about 20 lines to each file. (source: http://forum.openwrt.org/viewtopic.php?pid=53924 )

The OpenWRT was doable, but would certainly take more than the 30 seconds I needed to setup, then forget, the DD-WRT firmware that I went with. I think this story is an advertisement because they are losing a popularity contest with DD-WRT. And yes, you can telnet into the DD-WRT and edit the files manually as well if that's your thing.

Re:Usability?

[xmff]

Or use a preconfigured, self-compiled OpenWrt image and do *zero* configuration after flashing.

Different projects, different audience, different goals.

Also how to automate stuff? What files do you refer to? Last time I checked, the internal DD-Wrt config was an endless sequence of "nvram set foo=bar" commands and there is *no* explaination on their meaning. Also it uses a readonly file system, so no way to easily add custom scripts or configs.

some suggestions ....

[nblender]

I use dd-wrt and find the interface good enough for everything I've tried to do with it... But I've been thinking that this stuff would get more wide-spread attention if end-users could have various scenarios auto-configured for them. ie: I want a firewall but I also want to provide an open access point while protecting my home network from anonymous users. I want to restrict anonymous users to 100kb/sec of bandwidth. I want my security cameras to be blocked from talking to the outside world .. blah blah blah... none of this "WDS" "VLAN" "DMZ" "QoS" "WPA2" unless you're in expert mode.

Re:some suggestions ....

[wwwolf]

I'm just common home access point user, but I know "WDS" "VLAN" "DMZ" "QoS" "WPA2" like 5 fingers of my arm, nothing special and not a rocket science actually. dd-wrt is nearly good, but the again just "nearly". Something more intuitive is worth 100k$

Ubiquiti is awesome!

I just saw this article and wish I had known about these guys before I wasted money on my last router. Retail consumer routers don't have enough features, high-end routers are too expensive and running WRT on consumer routers still leaves them with a few features missing due to memory limitations. I've been toying with building my own but now I definitely know where my next router is coming from.

Tomato IPv6

Tomato for the win!

Doesn't support IPv6 AFAIK, which a lot of us would like to play with.

Re:Tomato IPv6

[ScrewMaster]

Tomato for the win!

Doesn't support IPv6 AFAIK, which a lot of us would like to play with.

Well, if you basically like the offering, write to the author and see if he's willing to add support.

RouterStation?

[BLKMGK]

I'd like a good Linkxsys WRT replacement. The RouterStation mentioned in this sounds interesting but looks more like a board in need of a case in need of radios sort of thing - yes? The Pro model was the only one I saw a price on and it too doesn't look like it has radios onboard. Are these aimed at consumers or at WiFi dealers? If possibly for consumer use can you point to some dealers maybe?

Currently running DD-WRT on one of the early WRT54G units and an upgrade might be nice indeed!

Feature Suggestion--Channel Selection Optimization

[Jouster]

The #1 problem with WiFi in my area is the lack of available channels. Half the problem is the all the unsecured routers still set to SSID "linksys" and on the default channel. So, add in a feature that can connect to each visible network that has a default SSID and admin password and moves its channel to free up a channel for my use.

ql idea fo rfirewalls

some sort of the gui which has the firewalls - bricks like blocks would be awful. You are like playing the tetris but in reality configuring the iptables, got the point? I dont care about the implementation java/app/script/flash but the idea should be "routing is the game!" :)

Re:Modern Rosewill hackable routers, 802.11n suppo

[RoundSparrow]

You don't have openfirmware for this router.

The number of closed routers and outright crippled routers far exceeds the number of open and well supported routers.

This problem continues as long as consumers buy the flavor the week and with no concern as to quality or the product even meeting the claims printed on the box. Routers aren't new, this has been over 10 years of this mess.

Take the famous Cisco/Linksys WRT54G/GS beyond version 4. That router is still for sale more than six years after introduction. Now it is a ghost of it's former self on internal parts. A stream of supposedly self-proclaimed experienced Linux users continue to buy these (version 7, 8, etc) each day and then whine away that the various Linux projects don't support it. 2MB of flash for a $60 router that sold 6 years ago for $60 when it has 8MB of flash... yha, ok. Keep supporting and recommending that model to people. The Least Common Denominator sadly drags down all.

Re:Modern Rosewill hackable routers, 802.11n suppo

[RoundSparrow]

I meant "lowest common denominator".

GUI design

[troll8901]

GUI design is a complex art, one that takes a long time to learn to do well...

I'm not a programmer, so I respectfully defer to your knowledge.
Question: GUI can be greatly improved by:

1. Imagining I'm the end user, and using the program for the first time, and
2. Going through at least 2 rounds of actual end-user feedback,

Right?

No, it's a FIRMWARE competition

[Crazy+Taco]

This isn't a theme competition, it's a user interface competition.

After reading the technical requirements, it's clear this isn't really a user interface competition. User interface is a part, yes, but I would say the much smaller part of the contest. Take a look at this part of the official "technical requirements" of the contest to see what you would have to implement, in addition to a UI. Actually, I would say the 200,000 they are putting up for the contest is an absolute steal... implementing all these features would typically take a team of quite a few engineers (or a few working much longer), and you'd probably end up paying them much more than 200,000 dollars combined regardless.

Technical Requirements:

REQUIRED FEATURES A. Network 1. Interfaces 2. Bridge 2.1 STP - Spanning Tree Protocol 2.2 Port management 3. Point-to-Point tunneling 3.1 IPSec (AH/ESP) 3.2 PPTP/PPPOE concentrator/server; including authentication (PAP, CHAP, MSCHAPv1 and MSCHAPv2), MPPE encryption, compression possibilities 3.3 L2TP (VPN) 4. VLANs - IEEE802.1q Virtual LANs 5. DNS - Domain Name System 5.1 Static 5.2 Proxy 5.3 Dynamic 6. DHCP - Dynamic Host Configuration 6.1 Client 6.2 Server - with static and dynamic leases 6.3 Relay 7. Routing tables 7.1 Static Source 7.2 Multi path routing 7.3 Selective/Policy Based Source 7.4 Dynamic routing 7.4.1 RIP 7.4.2 BGP 7.4.3 OSPF 8. Bonding - aggregating multiple network interfaces into a single logical one 9. SNMP agent - for read-only statistics 10. Traffic accounting (monitoring/graphing) B. Wireless 1. Ubiquiti SR/XR/SR71 radio support with card frequency detection 2. Virtual AP (MBSSID) 3. Modes 3.1 Station 3.2 AP 3.3 Repeater 3.4 WDS (utilizing WPA/WPA2) 4. Security 4.1 WEP 4.2 WPA/WPA2/IEEE802.11i 4.2.1 Personal (PSK) 4.2.2 Enterprise (EAP) 4.3 Layer2 Isolation 4.4 Access Control List 5. Basic 5.1 ESSID 5.2 Channels/Frequency 5.3 Output Power 5.4 Data Rate 5.5 Frequency List 5.6 Site Survey 6. Advanced 6.1 ACK Timeout Adjustment 6.2 RTS/CTS 6.3 Fragmentation 6.4 Super Features 6.5 802.11e (WMM) 6.6 Antenna Selection 6.7 Multicast Rate Selection C. Network Access 1. AAA (Authentication Authorization and Accounting) 1.1 HotSpot Gateway with RADIUS 1.2 HotSpot Captive portal, splash screen customization, walled garden 2. IP Firewall 2.1 TCP/UDP matches 2.2 ICMP matches 2.3 MAC matches 2.4 IPP2P 2.5 Layer7 2.6 Port Forwarding 2.7 DMZ 2.8 NAT - Network Address Translation 3. Bridging Firewall 3.1 802.3 matches 3.2 ARP matches 3.3 IP matches 3.4 Mark matches 3.5 Packet type matches 3.6 STP matches 3.7 VLAN matches 4. QOS/TOS - manageable per MAC/IP/subnets/ports and port ranges 4.1 Static Bandwidth Control 4.2 Dynamic client rate equalizing 4.3 p2p traffic management 4.4 Bursting D. Management Access 1. Telnet 2. SSH Server 3. Layer2 telnet 4. HTTP/HTTPS 4.1 Server 4.2 Proxy 5. System Users and their passwords E. System/Services 1. Manual clock control 2. NTP (Network Time) Client 3. Logging - both local and remote 4. User login access (admin/read-only) 5. Usage Statistics 6. Firmware Upgrade 7. Configuration file upload/download 8. USB Mass Storage Support / Flash Memory Auto-Backup F. Utilities 1. Ping 2. Trace Route 3. Memory Info 4. CPU load 5. Network Statistics 6. TCP Dump 7. Speed Test

Re:No, it's a FIRMWARE competition

[RoundSparrow]

Actually, I would say the 200,000 they are putting up for the contest is an absolute steal... implementing all these features would typically take a team of quite a few engineers (or a few working much longer), and you'd probably end up paying them much more than 200,000 dollars combined regardless.

I agree with you there are some difficult areas. But I think it is in the interest of the Linux community be specific in helping contestants understand those areas and where OpenWrt and Linux stands today.

OpenWrt is already a firmware system. OpenWrt isn't exactly a slouch, it is very modular and on latest Linux 2.6.28.7 kernel currently for this platform. This contest is also on only one specific hardware platform that has a lot more RAM and CPU than what most routers have.

And you could build the web GUI on top of LuCI, X-WRT, Gargoyle codebase.

I don't think this is a huge company... I think they honest want to give back the code to Open Source. I still think we should encourage additional companies to chip in and add to the contest. But probably now that everyone sees the world economy tanking... but that might incentive some unemployed people. $160,000 for 6 months of solid work for two talented people isn't so bad.

ssh root@openwrt

[felixhummel]

Done. Where's the price?