Slashdot Mirror
Contest For a Better Open-WRT Wireless Router GUI
Reader RoundSparrow sends word of a contest, with big cash prizes, being mounted by a commercial vender of open source Open-WRT routers. You have 10 months to come up with "the most impressive User Interface/Firmware for Ubiquiti's newly released open-source embedded wireless platform, the RouterStation." Entries are required to have open source licensing and will all be released. First prize is $160,000, with four runners-up receiving $10,000. RoundSparrow adds: "Could be built on top of existing X-WRT or LuCI OpenWRT web interfaces. OpenWRT Kamikaze 8.09 was just released. Now is perfect timing for OpenWRT to get some kick-ass interface and usability ideas. I'm not affiliated with the contest vendor."
What's wrong with X-WRT?
OpenWRT is something you set up, then forget. It doesn't need "themes" or "skins", or 3d effects. This is not "pimp my router".
I want to delete my account but Slashdot doesn't allow it.
Other OpenWRT news. The newest Atheros 9xxx radio chips is available in a number of OpenWRT supported routers now. I have been working to help organize new 802.11n support in OpenWRT. I have compiled a list of consumer routers that work with Linux ath9k driver and ar71xx CPU. In order of current recommendation:
Planex (PCI) MZK-W04NU, 32MB RAM and 8MB flash, USB port, 10/100 Ethernet
Trendnet TEW-652BRP, 32MB RAM and 4MB flash, 10/100 Ethernet
Trendnet TEW-632BRP, 32MB RAM and 4MB flash, 10/100 Ethernet
D-Link DIR-615 revision C1 (ONLY!), 32MB of RAM and 4MB flash, 10/100 Ethernet
TP-Link TL-WR941N WR941ND, 32MB RAM and 4MB flash, 10/100 Ethernet
OpenWRT team is pretty close also on the Netgear WNR2000.
These listed above all come from a common Atheros AP81 reference platform. see http://wiki.openwrt.org/AtherosAR9100
In USA and Japan, the Planex is available on Amazon.com for $59.99 with free shipping... it has more flash and USB port. 3 removable antennas, is a nice hacker system. In the USA, the Trendnet routers have been on sale from Newegg, Fry's, buy.com for only $25 a few times. I will try to post on Reddit / my Slashdot journal when I see them on sale for $25 next time.
The ath9k driver for Linux is not yet mature but is moving along... in 2 to 3 months I expect we have a very nice platform... and the router interface and ease of use of OpenWRT is getting attention with this contest! Now is an exciting time for OpenWRT and Linux routers - finally moving to some new N devices.
Tomato for the win!
The higher the technology, the sharper that two-edged sword.
You guys altered the name to Open-WRT :) Anyway, thanks for spreading the world on this and Kamikaze 8.09 release. the OpenWRT devs work hard.
Oh god no.....no Web 2.0 Crap. the router GUI is supposed to be fast, small, and compatible with EVERYTHING.
DDWRT has a problem with Firefox on the latest builds because of the stupid Web2.crap to make things more flashy instead of working right.
I am really tired of the "ooh shiny" becoming far more important than functionality lately in both projects.
Do not look at laser with remaining good eye.
interesting contest, but I searched and couldn't find an answer to my biggest questions:
does it run linux?
are there any requirements to use it in a beowulf configuration?
any requirement to be resistant to, and remain working, after having hot grits dumped on it?
should it support QoS by streaming naked photos of natalie portman at top priority?
have all used cli
It's not like it's your money! I currently use Tomato on one of my routers. I love the interface. I don't log in very often, mostly to check those fantastic real-time usage stats.
But when I do log in, it is nice to be able to find things quickly. I respect developers who take into account usability and style. In fact, I have basically no respect for those who discount it.
You probably can code circles around me. But in the end, the customer or user only sees the interface. They only see those "useless" graphics, and that "Web 2.0 Crap". Yet, a well designed interface will allow new users to appreciate the product faster, and hopefully keep them around.
Just because the majority of web developers suck at designing "web 2.0" interfaces doesn't mean that the problem lies with the "web 2.0" part. We'd have a lot less technology if we used that metric to measure a tools value.
I think the comments so far some up one of the major issues with the open source world and usability. At this point most of the comments are saying "we don't want themes" and "it's fine the way it is". The usability of a device has NOTHING to do with being able to skin it or apply themes. Usability is all about making the device simple for someone with limited knowledge or experience to use. This means things like dimming or disabling options if someone chooses a checkbox for an item that is incompatible those options. If they choose to only run the device as 802.11b (god knows why, but humour me), then don't ask them to set up the security options that only apply to 802.11g and higher. Explain what the options do in plain English. That's what usability is.
Not everyone should be administering a network either. Any literate adult meets all of the requirements necessary to learn how to do so but there are plenty of people who should not perform this task. The system is self-correcting however; the ones who shouldn't have done so are the ones who have most of the problems. If you a) don't know how to properly do something and b) refuse to learn how to properly do it, then it makes sense to ask (or hire) someone else to do it for you.
The people who think that this simple observation somehow does not apply to them, or that getting pissed off at someone like me who points that out is going to change the reality of the situation, well, I bet they wonder why they have such bad "luck" with these things. You attempted something that you don't actually know how to do and experienced undesired results; what a surprise, it must have been those evil elitist geeks! Seriously though it's amazing how upset people get sometimes when you dare to suggest that there are tasks which require a bit of skill and that doing them without that bit of skill can cause problems. You'd think that this were some kind of highly controversial position for which there was no conclusive evidence.
To more directly answer your post, I think iptables itself is rather irrelevant. The story is about a router GUI, which would probably be a front-end to iptables. There are some very nice GUI tools available for iptables; if Open-WRT's offerings are on a par with them, then they would provide a way to edit firewall rules that's about as easy as it's going to get. I do think that a firewall is one of those few applications where there is some inherent complexity that cannot be made much simpler without severely compromising the device. It's like that Albert Einstein quote (paraphrase): "Things should be made as simple as possible, but no simpler."
For that reason, I question the type of "easy to use" to which you refer. If you have a solid working knowledge of TCP/IP, then you should be able to handle any firewall and "easy to use" would mean automating what can be automated to save you some keystrokes and to avoid some unnecessary tedium. If you don't have a solid working knowledge of TCP/IP, it would probably mean dumbing things down to make up for your lack of understanding, which of course would result in a less thorough or a less accurate configuration.
Given the security issues that can arise from a misconfigured firewall, I would suggest that this is one area where enabling people who don't really understand what they're doing is asking for trouble. You're not really doing the less-knowledgable any favors by setting up a situation, in the name of convenience, where they are likely to have problems that they won't know how to solve. The good news is that there is abundant documentation on both TCP/IP and iptables, so anyone who is interested and motivated can easily learn how they work.
It is a miracle that curiosity survives formal education. - Einstein
In fact, I have basically no respect for those who discount it.
You probably can code circles around me. But in the end, the customer or user only sees the interface.
Actually you've hit on a major problem of programers that we don't like to talk about (well, except me, obviously..). The thing is, GUI design is a complex art, one that takes a long time to learn to do well, so its hard to be good both at visual interfaces and the often very complex code that they control.
I know this from my own work. I'm a pretty good coder (gosh, how modest of me). I can write code to just about anything, and charge a pretty penny to do so, but my ability to code a user interface is rather poor. Sure I know all the theory, but there's something extra you need, that 'eye for the visually pleasing' thats hard to cultivate unless user interfaces are what you do all the time.
I've used plenty of applications where the guy who wrote the backend code also coded the gui, and as a rule the gui is somewhat lacking. This is't just restricted to single coder projects, it also occurs when a project is full of able back end coders, and they build the gui to suit their own level of ability to use the code.
You can see this if you use Emacs. Nice though that software is in features, the interface is godawful, and actively prevents anyone new to computer usage or programing from using it.
A learning experience is one of those things that say, 'You know that thing you just did? Don't do that.' - D. Adams
"Simplicity and intuitiveness for the end user (both newbie and expert)"
Maybe this will be won by the most blinged-up interface but there's hope here that the competition organisers get some well thought out entries which help guide the users through the configuration of their routers.
Some installs are jargon heavy and just assume you know what all the options mean, little to no explanation or help. I've spent many hours sweating over some WRT GUIs that have (to me as a relative beginner) had meaningless options. I really really want to use these excellent installs but I get really put off by zero-to-poor documentation or explanations of what all the options are.
A simple interface with excellent documentation and guidance would be worth the prize.
If you a) don't know how to properly do something and b) refuse to learn how to properly do it, then it makes sense to ask (or hire) someone else to do it for you.
This is something I've never entirely understood about computing. Why should it be easy for someone with no knowledge of computers be easy to do relatively complex tasks, like a complex OS install or configuring a firewall?
Most people are too terrified to open the bonnet of their car to check the oil, and rely on paying someone to fix it when it breaks. Yet most people physically capable of driving a car would be able to check the oil and top it up correctly. A sizeable subset of these people could change the oil correctly, with a simple guide, but they still choose to spend money getting someone to do it for them. Why not spend money on getting someone to set your network up properly?
Can it be Flash based? I've got some cool ideas involving fancy animated text effects and transitions that would be really useful for a router interface.
Better known as 318230.
Open-WRT needs a Redmond theme. Bonus points for defaulting to Aero theme, which the user immediately disables, reverting to Redmond theme.
You can see this if you use Emacs. Nice though that software is in features, the interface is godawful, and actively prevents anyone new to computer usage or programing from using it.
What would you honestly change? 99% of the feature set is packed up in control sequences. If you're using the GUI at all one would have to wonder why you are using Emacs. Vi doesn't even bother.
I understand the point you are making but Emacs is really not the program to pick on because it has a *fantastic* User Interface for programmers--which is the entire point of the program. No your grandma will not be able to point-and-click her way through writing a new database application, but I think that is ok.
As far as "new programmers" go, I would say (i) if they can't easily get through the included Emacs tutorial, programming is probably not going to work out for them (ii) they should not start off in Emacs anyway. Emacs solves a lot of problems but until you've written your first big program you're unlikely to have much appreciation for its features.
When things get complex, multiply by the complex conjugate.
I think that most people choose to pay others to change their oil because, for new cars, it may be covered by a service contract they signed, and changing the oil themselves may affect the warranty. Aside from that, their time and cleanliness may be more valuable to them than the money spent for the service or the equipment (jack stands / ramps) to to it safely.
If you really like CLI and have decent knowledge in networking then give Vyatta a try. No GUI at all.
I've tried it and it's not too hard. Just have to pay close attention to the syntax or you'll screw it up.
GUI in routers do provide a quick glace as to what is going on. High end Cisco routers do NOT have a nice web-gui as it is entirely CLI based except for some home versions of the PIX.
I personally use DD-WRT v24 SP1 in all of my wireless access points (they're really routers but I turned those functions off) and never skipped a heartbeat. I got a Linksys that been running 6 months solid without a single reboot as DD-WRT is meant to be set and forget type thing.
I do wish peeps luck in this contest as we all could use the money.
RE: "If you really like CLI and have decent knowledge in networking then give Vyatta a try. No GUI at all."
OpenWRT has "no GUI at all". it is an optional piece when you build the firmware. It has all the settings in /etc/config/ tree. There is a command-line program called UCI that allows you to easily edit them. The GUI's get built on top of that typically.
There are at least 3 installable package GUI's available that I know of: X-WRT, LuCI, Gargoyle. But people have used it for years and years without a GUI.
OpenWRT's is really great at being portable to many routers and CPU types. They spent a lot of time investing in the long-term and not worried about the visual fluff.
I'd like to see an open-wrt router firmware with.
8+ - eth ports for multi wan (load balancing and failover)
8+ - port USB so I can attach everything
Different size distribution so we can choose what to install and a nice auto-update to support all the devices.
Love many, trust a few, do harm to none.
You don't have openfirmware for this* router.
*Clue: This is a house brand.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
I don't know, LuCI seems pretty good to me and is a good choice for people who actually know about the technical stuff but don't want to do everyting in the CLI. Basically, it's nothing more than a graphical add-on for uci (the OpenWRT configuration manager) that shows you what options are available and what they do. Oh, and the live network/CPU load diagrams are a nice touch too.
As far as "new programmers" go, I would say (i) if they can't easily get through the included Emacs tutorial, programming is probably not going to work out for them (ii) they should not start off in Emacs anyway. Emacs solves a lot of problems but until you've written your first big program you're unlikely to have much appreciation for its features.
I get where you're coming from but when I was a post grad teaching first year students my experience was that that they found Emacs to be uncomfortable and used it only when the tutorial sheets required them too. Most of the time the dominant linux text editor in use by students I taught was kwrite.
A learning experience is one of those things that say, 'You know that thing you just did? Don't do that.' - D. Adams
It's cute that they're doing this the open-source way, but realistically they'd be better off hiring a few designers and letting them fight it out. Maybe I'm jaded from years of Linux adminning, but I have absolutely no faith in the graphic abilities of network geeks, myself included.
-Billco, Fnarg.com
The majority of the posts seems to be sneering down in elitism to these poor folks that don't know how to setup a router in the CLI and, god forgive them, try to setup their home network by themselves, without paying a sysadmin to do the work.
Yes, a sysadmin that can't configure a router without a good GUI should be hanged by the neck until death, but last time I checked, the majority of the routers supported by OpenWRT were SOHO ones.
Do you really expect people that just want to setup a minimal network of maybe a printer, one desktop and two lappies to read RFC 1123?
One shouldn't need to. Yes, networking is interesting and useful, but not everyone wants to be an expert on it.
I have seen a physics PhD setting up a wireless net for his lab with WEP, because the list of protocols was sorted alphabetically and it came before WPA. Well, he should have told the lab's undergrad to do the job but, nevertheless, a good GUI would at least put an (deprecated) near the option.
He wasn't being dumb. Would be if he put a short common word as password. Even if he didn't knew about dictionary attacks, common sense would have told him that they're easy to guess. Actually he chose some interval of the digits of pi because it had high information entropy. But how could he know that the router would offer an insecure option to him or which 3-letter acronym was better?
entropy happens
The thing is, GUI design is a complex art, one that takes a long time to learn to do well, so its hard to be good both at visual interfaces and the often very complex code that they control.
You hit the nail on the head. It's an art, and that means that, when all is said and done, it's the guy with the eye who polishes the job. Programmers can follow all the user-interface design rules laid down in the multitude of books on the subject, but if they don't have the touch, what they'll come up with may be functional, but will still look like crap. It's as inevitable as the tide. Good coding can be an art as well ... it is by no means always thus, but some developers do carry their work into the realm of true art.
Look at the history of video game development. Early products were as you describe: often designed by single coders, or maybe a team of coders. That worked, because the hardware was too crude to allow an artist to do much with it, although some companies did hire animators. Blocky programmer-drawn graphics were acceptable because that was about the limit of the equipment. However, as the resolution, color space, and processing power of graphics systems improved, you began to see specialization occur in game development. Much as happened in motion pictures decades before, the evolving complexity of the products demanded an expanding team effort. Designers, coders, artists, animators, level designers, writers, play testers, quality control testers, a whole host of wildly different disciplines are now required to produce a single game.
It's no different in the world of Web development. You need a team, with people capable of handling overall design responsibility, documentation (something coders are notoriously bad at doing), back-end requirements, the GUI, and many others. It's easy for developers who have no talent for user interface work to dismiss such as unnecessary glitz. Understandable, but entirely wrong when talking about software that is marketed or used by the general public (like a Web site.) Furthermore, in the real world people (especially people who write big checks) are impressed by a polished, well-written GUI.
Personally, I've spent almost thirty years in this business, and I started out doing largely embedded-type stuff for the game industry, and eventually got into doing higher-level graphics and artwork. Then I got into manufacturing and control systems, and discovered that users like software that is attractive, not overly-complicated for the problem it purports to solve, and above all does the job. The years I had spent learning graphic techniques paid off handsomely during that time, since my competitors generally couldn't draw their way out of a shoebox.
In any event, I found that while I had successfully worn a number of hats as an application developer over the years, it was getting harder and harder to be a solo act. So, nowadays I'm not, I work with lots of other people, and I've found that my skill set is complementary to many of them. It works out well, if you have a good team.
The higher the technology, the sharper that two-edged sword.
You sure can make firewalling stuff easier. You just have to think a bit outside of what is the norm. We have lots of computing power these days and your router can play games that were previously impossible.
1) If your router is also a switch/hub, it can analyze the internal network traffic and learn computer names (if windows file sharing is enabled anyway).
2) It can tap the internet to look up stuff like mac addresses and other statistical traffic patterns to identify things like your Tivo or XBox.
3) You can invent an internal protocol that enables your household computers and devices to communicate to the router what the fuck they are. Odds are good you can use fancy crypto to make sure that the computers and devices can't lie if they get compromised.
4) Make a training mode that lets everything go through and when you are done, the router uses the wealth of statistical bullshit it collected in steps 1->3 to give the user a report outlining the househouse hold traffic.
5) The user can then "lock" the router and not let anything but what was configured in #4
6) If something odd happens, or the router detects new computers (say a laptop, etc). The magic protocol in step 2 would send some kind of alert to a computer, your email, your phone... something... basically saying "hey man, something changed... you might have to retrain me".
My idea, obviously, is a very crude outline. But you get the idea. Everything can be simplified if you focus in on exactly what the task at hand is and leave the rest of the bullshit out. In fact, I bet you can design the firewall configuration in such a way that the user never needs to see IP addresses or port numbers. All they see is friendly computer names (deduced from #1->#3) and descriptions of the traffic.
Nerds, obviously, wouldn't like this--instead wanting some geeky bullshit. But they can piss up a rope as far as I'm concerned. This is a mass market device intended for people who just want to feel secure that nobody is hacking their shit.
Says who? If it is cheap enough (and energy efficient enough), why not throw a damn Core Duo in the damn thing and use powerful statistical magic to figure shit out?
"Fast and small" for "fast and small"'s sake is old school man. Nobody gives a rats ass about wasting CPU or memory. The computer works for us and what you should really be concerned about is saving *our* CPU cycles and memory--not the computer.
<blockquote>I am really tired of the "ooh shiny" becoming far more important than functionality lately in both projects.</blockquote>
Your definition of "functionality" is too narrow to be of use. If you broaden your definition to include the user experience, "ooh shiny" matters a whole hell of a lot. Contrary to some, presentation matters almost as much, if not more, then your very narrow definition of "functionality".
My guess is that they want it as easy to use and configure securely as possible. Its time to ask yourself, what would Steve Jobs do?
Think Deeply.
Maybe the task is needlessly complex? Why should somebody connecting to a access point need to configure which encryption protocol to use? Why should the damn WiFi card and the access point negotiate automagically and *pick the damn best one they both support*?
^ this space reserved for replies telling me that the protocol doesn't allow it. Well you know what? The user isn't broken, the protocol is. 802.11/whatever is horribly insecure because the protocol doesn't fucking handle the encryption for you. Let me pick a key on the router, type it into the laptop, and the damn things can pick WAP, WPA, WEP, WAZOO or whatever the fuck some encryption dudes dream up all on their own. As long as it works and is secure, I dont really care what the hell protocol is used.
Blame the user is arrogant, stupid and is increasingly a black mark on employment. The world expects the programmer and the designer to do everything for them. That is the market. Deal with it. Programmers who design usable stuff will find their skills highly desired. Programmers who say users are spoiled children will rapidly find nobody wants to hire them.
You know who to blame? Blame the designers and programmers for not understanding what the goals and tasks are. Blame the designers (or lack thereof) and programmers for not removing all the roadblocks in the way of accomplishing said goals and tasks.
Honestly, the real reason programmers get bent out of shape (*cough*aside from the weird vibes coming from those still in the computing stone age like RMS*cough*) is that programming a usable interface is very hard. Lots of edge cases and you can't catch all of them. Really, the shit is hard and no silver bullet will ever be found that makes the hardness go away.
It looks like the overall discussion quickly drifted away from the actual topic and the further degrades into insults and endless discussions about cli vs. gui / enduser vs. professional etc. But hey, this is slashdot so I think it's expected.
Anyway, I think that most people miss the point here. The challange is about to implement a (new) gui for the Ubiquity Router Station, based on AirOS which is actually a snapshot of the OpenWrt Kamikaze trunk with some patches added for board support and another proprietary hal to drive the Atheros cards used with the board.
The RouterStation is not exactly a SOHO device, it's a bare embedded board featuring a fast MIPS cpu and three MiniPCI slots, POE and some other fuzz.
It has higher specs then the average Broadcom gear and is intended for larger infrastructure deployments, like wisps etc.
So far on the target hardware. Since one requirement is to use OpenWrt/AirOS as base operating system, one can rule out Tomato (which ppl quickly suggested) since it's built on top of the former disclosed Linksys SDK for WRT54G devices and relies heavily on a Linux 2.4 kernel to use bcm43xx wireless phy. Part of the original Linksys firmware design was the use of nvram as central configuration storage which is abandonned in nowadays Kamikaze releases. Anyway - I think it's nearly possible to rip the gui off an existing firmware project and refactor it to run on top of OpenWrt, it would be easier to just start from scratch.
Now the list of required features is pretty long and includes stuff that's not present in (half) open source firmwares like Tomato, DD-Wrt or OpenWrt. It includes things like bgp/ospf routing, bonding, snmp or layer 2 firewalling (ebtables, arp nat ...) just to name a few. That are things a normal ui designer can't draft without the support of one or more networking experts who actually know whats this about and how it's done properly. Some of that features also are inherently complex and can't be fully abstracted away with some fancy ui elements and a short help text on each page. On the other hand an ui allows to present complex relations like traffic flow, qos behaviour, wifi signal stength etc. in a visual way that can't be accomplished with a cli-only interface.
The to-be-developed ui is not intended for casual users that just want to hook up a bunch of computers and get into the internet. It's also not intended to be used by people who don't have a clue about networking or don't want to learn about the principles of the involved technologies. You have to keep in mind that the interface should be able to handle multiple wifi cards with multiple wireless networks each, that it should ease the setup of complex network configurations without limiting the amount of possible options. It's also not about a fancy web 2.0 portal or shiny flash interfaces, just to please possible customers.
Imho the ui should also be designed in such a way that it allows a smooth coexistance with cli-based workflows. Neither Tomato nor DD-Wrt provide such abilities since the underlying system is optimized to be used by the ui and hardly intuitive to use via the cli. Think of it like the relation of Linux and Xorg. You can uninstall all X related stuff and still have a functional system where you can access all resources etc.
Another fact to worry about is the portability of such an ui - if one wants to make it into a generic interface for OpenWrt, it would have to support a wide range of hardware from simple Linksys boxes to X86 gear like Avila or Alix boards, tt would have to support wireless configuration for madwifi, legacy broadcom and mac80211 based wireless drivers, each with different ways of configuration. Oh - and it should support kernel 2.4 and 2.6 which becomes a real pain if one relies on sysfs for state information.
Also the choice of the programming language and framework matters, one could go ahea
GUI in routers do provide a quick glace as to what is going on. High end Cisco routers do NOT have a nice web-gui as it is entirely CLI based except for some home versions of the PIX.
Well, the PIX isn't really a *router*. But as long as you mentioned the Cisco firewall product line (which includes the ASA), have you tried ASDM? It's maturing into a pretty useful way to admin a Cisco firewall through a GUI.
http://www.cisco.com/en/US/products/ps6121/index.html
When you said "home version of the PIX", I assume that you are referring to the PIX 501 and possibly the 506. Those devices can run the PDM GUI interface which is kinda clunky.
If only the iPhone had a more useful CLI and ditched the glitzy interface, it could be the best phone on the market!
Boot Windows, Linux, and ESX over the network for free.
All good points and one left out. One needs to purchase the hardware in order to be in the game.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
While slightly OT, I took a moment to seek out possible alternatives but it seems DD-WRT is still the only 3rd-party firmware to solidly support the WRT54G(S) v5 and above. Is any fellow /.'er aware of firmware that would work well with v.5 and above considering that friends and family happen to have purchased the newer/stripped down versions.
Sorry, your moron won't understand that. How about this:
Well, WTF is your moron user going to do then? They're too stupid to know what an ARP relay attack is and "hacking your shit" doesn't tell you anything except go crying to your nerd friends. You're not thinking this through and you're exactly the kind of person we all hate. Sorry, no, it can't get much simpler, you're just an asshole who doesn't want to learn how it all works or pay someone who has learned. I'm sure that instead of thinking about this, though, you're just going to go on posting broken HTML and the complaining about how /. uses Extrans or some other bullshit without reading the help pages. My blockquotes work fine with Chrome. You suck, dude, I bet the IT department at your company hates your guts.
>> there's something extra you need, that 'eye for the
>> visually pleasing
Not only you need "an eye" (i.e. the discriminative system in learning theory parlance), you also need the ability to come up with something new (i.e. the generative system).
I have "an eye". I can tell whether something is good or not, and can convincingly explain why. I can suggest improvements to an existing interface and explain how they will improve matters. I just can't roll a good UI from scratch.
The brand doesn't matter. What chipset is inside matters. And even though there are thousands of different routers to choose between, there are less than 10 chipsets they are based on.
The rules of the contest say this:
Required elements for web interface pages:
Does this mean entrants do not own the copyright to the web design portion of the contest?
(Btw, in case you thought this was just about adding a web-based front-end to an existing product, think again: this is about designing intuitive user interfaces for complex networking options. Not a trivial task.)
I'd say it's because DD-WRT has a nice GUI and is easy to configure... OpenWRT, not so much.
/etc/config/network and /etc/config/wireless, adding about 20 lines to each file. (source: http://forum.openwrt.org/viewtopic.php?pid=53924 )
I use a wireless router as a repeater, and upon searching for which firmware version I would like to use, I found that:
DD-WRT you click repeater, set the SSID of the source network, the SSID of the new repeater network, and assign it a WPA password. Done. Happy point and click. (source: I did it.)
OpenWRT I found that you have to edit the
The OpenWRT was doable, but would certainly take more than the 30 seconds I needed to setup, then forget, the DD-WRT firmware that I went with. I think this story is an advertisement because they are losing a popularity contest with DD-WRT. And yes, you can telnet into the DD-WRT and edit the files manually as well if that's your thing.
You've never actually configured a real firewall before, have you.
First, the automation you propose would be a huge gaping security hole no matter which way you look at it. It would never be acceptable from a security standpoint and you might as well just tell the end user "You're behind a port-address translating firewall so your network is 'safe'."
Second, UPnP already does 90% of the crap you just "outlined." The mass-consumers you speak of will and already DO just turn on UPnP and go about their business. Then the router can use adaptive QOS for on-the-fly traffic shaping (like they already do)...
It seems to me that you're one of the "people who just want to feel secure that nobody is hacking their shit" consumers who's pretending to know what a firewall is.
Odds are that if somebody has a need to configure their firewall then they know what they are doing and all that BS you spouted off will actually get in the way. In fact, if you need to be doing anything other than poking holes through the firewall, one of these dorky little home-router linux distros isn't going to cut it. You'll need something with RAM and then you'll need a real manly firewall like pf, so you'll throw your pathetic little 32MB embedded router and its busybox command line out the window and replace it with a blazingly fast *BSD setup.
*disclaimer: I'm a competent Linux user who earned an RHCE back in the day, so you whiny "linux >> BSD" geeks can roll your excuses into a neat little cylinder and shove it down your throat. When you want to do some real networking in a production environment, do yourself a favor and hide your Linux server behind a *BSD firewall.
Problem is, it's either friendly, or it's secure.
You can have sort of that, with UPNP. Except there's no auth, so any device, including that trojaned unpatched box can ask the router to open a port for it to receive commands from the botnet.
You can't invent a "fancy crypto protocol" to prevent compromise, because if the device is compromised, the key probably is as well. Crypto is so that Alice can talk to Bob without Eve eavesdropping on them, or modifying the contents of their conversation. But it's of absolutely no use if one of the endpoints is compromised. In this case, Alice is the trojaned box, Bob is the router, and Eve probably doesn't exist, so all crypto gives you is that the trojaned box will be sure its request to open the botnet port is encrypted and hasn't been changed in transit.
Really this sort of thing has been done for one computer, with software firewalls. Say, Zone Alarm pops up a message asking "service.exe wants to listen on port 2342, allow or reject?" Well I have no clue really, without trying to figure out what that process is, and what does it want. The average user will know even less. This sort of thing will work for devices like an XBox, perhaps, where you know what an XBox is supposed to or and not. But a PC can have pretty much anything installed.
If the DSL modem were to take on that function it wouldn't even know what application is trying to get access. Did the user just install apache on port 8080? Or it's a trojan waiting for instructions?
The problem is that ultimately, if the user doesn't know and understand what is supposed to be running and what not on their computer, it can't be really automatically determined. Maybe telnet is running because it was installed automatically. Maybe it is because a trojan decided to use it to receive commands. Only the user knows whether it's supposed to be there.
Security is a hard problem that can't be solved in a fully automatic manner. You can put a lock on a door, and give people keys, but who should have the keys? What is the normal time for somebody to use their key and when is it suspicious? When should a key be taken away? It really depends on what's behind the door and what each person with access does. There's no way to have a key lock that automatically decides who should be able to get in, and when, without somebody telling it that.
I use dd-wrt and find the interface good enough for everything I've tried to do with it... But I've been thinking that this stuff would get more wide-spread attention if end-users could have various scenarios auto-configured for them. ie: I want a firewall but I also want to provide an open access point while protecting my home network from anonymous users. I want to restrict anonymous users to 100kb/sec of bandwidth. I want my security cameras to be blocked from talking to the outside world .. blah blah blah... none of this "WDS" "VLAN" "DMZ" "QoS" "WPA2" unless you're in expert mode.
Only if you design the interface in a way that obsures all 15 leeches. The traditional router guys would shove all 15 computers into a listbox and call it a day. Of course people wouldn't bother to remove the 15 devices under that regime.
Remember I said if you take away traditional constraints, a lot of stuff is possible. Ideally it would present you with a map-like interface with an icon for every computer/device connected and let you pick which ones you want. No reason you couldn't have the interface let you right click on the icons, or have some way to click on a rouge laptop and block it. People are scared about getting hacked--if you make it easy and obvious when something is afoul, they will pay attention.
The goal is to make doing the right thing, securing your household network, easy and obvious. You'll never nail it 100% and some people will never figure things out. But than again people will drive around for weeks with a bright red "no oil pressure light" on their car and blow the engine. Those people aren't a reason to not try.
That is all it needs to do than. If your shit is hacked, go see your nerd friends. For most people, when the "check engine" light goes on, they take it to a service station--same thing.
Not if you had it set to whatever the fuck extrans was and then realized after the preview it wasn't blockquoting shit anymore. What is the difference between "Plain Text" and "Extrans"--really "Plain Text" seems to interpret some tags just fine. But seriously, why not make even a spartan rich text editor--think stackoverflow.
So does your mom--ask me how I know.
Yeah. There is also Link Layer Discovery Protocol, which is used by Vista to figure out what the fuck is on my network. The protocol stack is evolving in such a way that it could make SOHO firewall configuration easier.
But I was told that making a user friendly firewall might be possible. I never ran it through the engineering staff (you) first. Obviously you'd come back to me with a list of what is wrong and we'd reach something better then the "here is a listbox of shit--type a port number and some IP address and click submit" that constitutes most firewall configurations.
And by the way, I've yet to see a SOHO router that has a QoS implementation that doesn't suck. I'm not a network nerd, but I've use online backup software that I'd like to keep from hogging all my upstream bandwidth. Sounds like QoS, right? Point me to a SOHO router that doesn't throw up a wall of jargon and acronyms--or at least documents them. Better still, point me to one that has a report showing that it is working. It never seems like it works and whenever the backup software is running on one of my computers (mozybackup), my SSH sessions all slow to a crawl. It is all outgoing traffic, right? any configuration I do shouldn't depend on my upstream enabling QoS, right?
Nerds wouldn't like my router anyway. I'm talking about the people who buy "Norton Magical Firewall" and crap like that. Do you run "McSlow Super-Dope-Internet-Protector"? Neither do I.
Way ahead of you, pal.
coryking@cory ~/trunk/mozi $ uname -a
FreeBSD cory.local 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
coryking@sparky ~ $ uname -a
FreeBSD sparky.xxxx 6.1-RELEASE-p12 FreeBSD 6.1-RELEASE-p12 #1: Sat Jan 20 14:15:16 PST 2007 root@sparky.xxxxx:/usr/obj/usr/src/sys/V100 sparc64
It couldn't be automatic. But you could have a training mode or something and then "lock the door" so to speak. The hard part is what do you do with exceptions after the door is locked. I think a bit of that could be solved with some kind of protocol where the firewall alerts the devices, which in turn might alert the user. Something. I think you could handle it so that 95% of your problem cases are covered.
This becomes another problem--what to do when an exception is thrown that the router really cannot handle securely. You've got to alert the user that something is amiss and they should go take their network to the computer service station--i.e. call a nerd friend. The problem is, if they don't have a nerd friend they will call the router manufacturer and increase the support costs.
I'd like a good Linkxsys WRT replacement. The RouterStation mentioned in this sounds interesting but looks more like a board in need of a case in need of radios sort of thing - yes? The Pro model was the only one I saw a price on and it too doesn't look like it has radios onboard. Are these aimed at consumers or at WiFi dealers? If possibly for consumer use can you point to some dealers maybe?
Currently running DD-WRT on one of the early WRT54G units and an upgrade might be nice indeed!
Build it, Drive it, Improve it! Hybridz.org
The #1 problem with WiFi in my area is the lack of available channels. Half the problem is the all the unsecured routers still set to SSID "linksys" and on the default channel. So, add in a feature that can connect to each visible network that has a default SSID and admin password and moves its channel to free up a channel for my use.
You don't have openfirmware for this router.
The number of closed routers and outright crippled routers far exceeds the number of open and well supported routers.
This problem continues as long as consumers buy the flavor the week and with no concern as to quality or the product even meeting the claims printed on the box. Routers aren't new, this has been over 10 years of this mess.
Take the famous Cisco/Linksys WRT54G/GS beyond version 4. That router is still for sale more than six years after introduction. Now it is a ghost of it's former self on internal parts. A stream of supposedly self-proclaimed experienced Linux users continue to buy these (version 7, 8, etc) each day and then whine away that the various Linux projects don't support it. 2MB of flash for a $60 router that sold 6 years ago for $60 when it has 8MB of flash... yha, ok. Keep supporting and recommending that model to people. The Least Common Denominator sadly drags down all.
I meant "lowest common denominator".
GUI design is a complex art, one that takes a long time to learn to do well...
I'm not a programmer, so I respectfully defer to your knowledge.
Question: GUI can be greatly improved by:
Right?
After reading the technical requirements, it's clear this isn't really a user interface competition. User interface is a part, yes, but I would say the much smaller part of the contest. Take a look at this part of the official "technical requirements" of the contest to see what you would have to implement, in addition to a UI. Actually, I would say the 200,000 they are putting up for the contest is an absolute steal... implementing all these features would typically take a team of quite a few engineers (or a few working much longer), and you'd probably end up paying them much more than 200,000 dollars combined regardless.
Technical Requirements:
Beware of bugs in the above code; I have only proved it correct, not tried it.
Tomato for the win!
Doesn't support IPv6 AFAIK, which a lot of us would like to play with.
Well, if you basically like the offering, write to the author and see if he's willing to add support.
The higher the technology, the sharper that two-edged sword.
Done. Where's the price?