Dust is mostly made up of dead skin. If it is just your dead skin, well, a dust mask may be OK for you. However, keep in mind that people are regularly excreting small amounts of their medications through their skin and people also have a tendency to rub various medications (and who-knows-what else) onto themselves as well. Not to mention the various pesticides we regularly squirt onto our pets for flea and tick control. Coming in contact with such chemicals usually isn't a big deal (be careful, wash your hands, etc) but inhaling them is an entirely different matter (especially considering the half-life of some popular pesticides).
For example, I would not want to be the guy cleaning out PCs in/from a retirement home. There's enough hormone replacement therapy going on in places like that you might wind up with gynomastia (well, probably not THAT much =).
Besides, a good respirator is much more comfortable than a dusk mask anyway.
I believe the cultural factor behind the work-averse attitude of today's youngsters lies directly with the fact that schoolwork is much harder and time consuming than Real Work. At least, that's been my experience. My job involves sitting in front of a computer--at home no less--for a mere 8 hours every day. I don't have to get dressed up, I don't have to do any homework, and my knowledge of trivia (specifics of certain time periods in history, English literature, rarely-useful-in-the-real-world mathematical formulas, etc) is never a factor. Not only that but my career advancement doesn't rely on passing a barrage of broad-spectrum tests on a quarterly or yearly basis.
Even if I worked in an office with a dress code the results would be similar: From the perspective of a child, Real Work doesn't appear to require much effort at all. In fact, just being present seems to be enough to get paid (and in some places I've worke I must concede that actually *is* all that's required for many positions).
If "kids these days" are hard to get motivated for absorbing trivia and performing rote tasks we have only ourselves to blame. I've said it before and I'll say it again: One has only to point a finger at the preceding generation to discover who is to blame for "kids these days."
The RouterStation and RouterStation Pro have 3 mini-PCI slots. You can use those to hook up ethernet adapters. I'm pretty sure you can get mini-PCI cards with breakout panels supporting 6 or more ports. I couldn't give you a specific product to use though.
At the very least I know there's dual-port mini-pci cards out there (gigabit, even). So you could add 4 ports with two cards and still have a slot left for a wireless card.
libopenssl isn't a general requirement of OpenWRT because all the default web-based interfaces (LuCI, X-WRT, etc) don't use SSL (not by default anyway). I suspect the reason for this is precisely because libopenssl is so large (from an embedded perspective).
PyCI requires the pyOpenSSL package because PyCI was built using the CherryPy framework which currently uses that module for SSL capability. The next release (3.2) will support the regular Python SSL implementation and I plan to get rid of the pyOpenSSL requirement when that happens.
The contest was for firmware images that can specifically run on Ubiquiti's RouterStation and RouterStation Pro products. However, you'll be happy to know that I included instructions on how to build your own firmware for any given platform/device. It really isn't that hard but it does take a while to compile (can take a few hours even on fairly modern systems).
I recommend you just grab the latest OpenWRT trunk release via svn (instructions at dev.openwrt.org) and copy the PyCI-OpenWRT-trunk.config file from the PyCI source package to that directory and rename it ".config". Then run "./scripts/feeds install -a", "make oldconfig", "make menuconfig", and then change the configured platform to the platform of your choice. After that you can run "make V=99" to compile your firmware. It'll show up under the trunk/bin directory.
For reference, the very same instructions are also included in the source code package under the "docs/build/html" directory.
Oh come on, *every* advanced configuration interface includes the ability to shoot yourself in the foot! I even had a debate in the contest forum about whether or not I should add a timeout to the page that allows you to reboot your router: If the router didn't come back up after 5 minutes it would ask you if you've updated your resume recently.
Sadly due to time constraints I never got to implement that feature =)
FYI: PyCI runs in "God mode" by default but this behavior can be changed.
PyCI checks to make sure that no input element is currently selected before it drops down the terminal. So if you just clicked on a drop-down menu and hit ESC you'd get the expected behavior. Press ESC again and you get the terminal window.
So yeah, I already thought of that and took care of it. The only place where it actually overrides standard behavior is with jQuery-UI dialogs. By default the ESC key closes the dialog but PyCI overrides that feature. It isn't a big deal though... Just hit tab until you get to the cancel button.
I thought I had this in the docs somewhere but I'm not seeing it. Anyway... PyCI requires that python 2.6+ be installed along with pyOpenSSL (an ipk for which is included in the PyCI source package). The packages and dependencies add up to the following:
So in total you need about 3.7MB free (unless I'm forgetting something). Different platforms may have slightly larger (or smaller) binary sizes so your mileage may vary.
For reference, a mostly-fully-loaded (minus Quagga, Coova Chilli, and a few other lesser-used-by-consumers packages) RouterStation firmware with PyCI and l2sh included amounts to about 6.5MB. That includes all the layer7 scripts, ddns-scripts, qos stuff, ntpclient, all the aetheros drivers, drivers for USB storage, most of the firewall kernel modules, and more.
In short, you should be able to use PyCI on any OpenWRT system with at least 32MB of RAM and 8MB of flash ROM.
I appreciate this comment (thanks) but I thought I should mention that I'm not a programmer by trade. I'm actually a Systems Administrator/Security Consultant (CISSP, former PCI QSA). I taught myself Python two years ago and only just recently (within the past year or so) started programming real applications with it. Before that I never wrote anything except for shell scripts. So when I started this contest six months ago I had no idea how to write a web-based application from scratch let alone a contest-winning one.
All in all I'd say the most significant learning challenges during the six months I worked on this contest were:
* Learning how to really program with Python. I had to learn about metaprogramming, how to write decorators, list comprehensions, and lots of OOP things I had no concept of before the contest. My most advanced Python program before this was just a command line SSH tool. * Learning JavaScript and then learning how to use jQuery and MochiKit (I also tested Dojo when I was first starting out but it was too big/slow for embedded). * Learning how to write a layer-2 network protocol with a server and client. It took me a week of research and a week of programming to get it running--two weeks before the final draft was due. Kind of insane! The most annoying thing was the fact that there's almost ZERO official documentation and examples regarding layer-2 stuff using Python's socket module. * Learning about QT and how to program using PyQT4 (for the speed test client GUI).
The good thing was I started out in the contest expecting it to be a learning experience and it sure turned out that way!
The RouterStation is much more powerful than your typical WRT54g but PyCI doesn't require a super-fast processor or huge amounts of RAM. On a RouterStation with 64MB of RAM PyCI takes up about 27% according to top. This will be reduced significantly in the future as I optimize things (the contest didn't give me much time to do that). Also, I'm pondering porting the whole thing from CherryPy + Mako to the Tornado framework which would speed things up and reduce the memory footprint considerably.
I don't think people will have any trouble at all running PyCI on a router with 32MB of RAM and 8MB of Flash ROM. Some pages might load a little slow but that shouldn't matter too much since you're not going to be configuring your router every day.
PyCI can configure networking (including wireless) on any OpenWRT-based Linux distribution. Essentially, what PyCI is configuring is/etc/config/network and/etc/config/wireless. These files utilize the Universal Configuration Interface (UCI) standard format.
For reference, I have plans in the future to fork PyCI into a more generic web-based administration tool more akin to webmin that works with more distributions than just OpenWRT. The necessary framework is already there and many plugins can already configure various aspects of any given Linux system.
You can actually run PyCI on any old Linux box with Python 2.6+ installed. A lot of the configuration screens won't be useful if it isn't OpenWRT though (pretty much all the network configuration screens won't work but Users and Groups configuration will work great =). So to answer your question: Yes, it'll run on any OpenWRT host with one caveat: You need enough space for the requirements.
PyCI requires Python 2.6 (more than just python-mini) which itself requires libopenssl which is over a megabyte. I forget the exact sizes but your OpenWRT router will probably need 8MB of flash ROM at a bare minimum. You can get around this requirement by using external storage (PyCI doesn't care where it's installed) and loading Python + PyCI there.
There's ipk files for PyCI, pyOpenSSL, and l2sh in the PyCI zip file on the wiki. The rule of thumb is this: If you can "opkg install python" with ~1MB free afterwards you can install and use PyCI.
I won't comment on the other entries since I haven't played around with them yet but I will say this: The primary advantage PyCI has over, say, LuCI, Tomato, DD-WRT, and X-WRT is that configuration screens in PyCI are infinitely configurable. When I say, "inifinitely configurable" I mean that all forms that can be dynamic are dynamic. For example, in Tomato and LuCI if you want to configure DNS you get two fields to enter that information (primary and secondary). In PyCI you can add as many as you want. There's examples of this all over the spectrum of configurable options.
Also, PyCI supports many features that the existing interfaces do not which is sort of the whole point of the contest. As another example, PyCI doesn't just let you configure firewall rules. It lets you configure your firewall rules and then see exactly which iptables command will be executed as the result of your changes.
My personal favorite unique feature of PyCI is the quake-style terminal. Even if PyCI doesn't have a configuration interface for something you can always just hit the ESC key to pull down a full terminal just as if you SSH'd into your router. It even works with full-screen apps like vi. I wrote a standalone version of it called Escape From The Web that can be downloaded here. It uses the Tornado framework instead of CherryPy (among some other differences) but from the user's perspective it is pretty much the same.
There's a whole lot of stuff included with PyCI that isn't covered in detail in the wiki. I plan to put up a downloadable x86 Qemu image with PyCI pre-installed for people to play with soon.
You know, my winning entry has a Quake-style drop-down console window. Hit the ESC key on any page in PyCI and it will bring down the terminal just like in Quake and Half-Life (in this case, running the ash shell). I would've used the tilda key but that might actually be used in an input element somewhere.
I know your post was in jest but PyCI actually does include some elements from a first-person shooter!
Yeah, I'm not sure why Ubiquiti chose to post so few screenshots of my entry (and they're really small). I posted a bunch (full-size) in my flickr photo stream: http://www.flickr.com/photos/18175109@N00/tags/pyci/ (they're all tagged with "pyci").
Why cut it off at age 20? Why cut it off at all? We all pay for "our" educational system every single year so why must we pay for something "we" can't use? Why must school be limited to children?
It seems to me, having spent some time doing IT work at several local schools that the 'kids' are treated as if they're several years younger than their actual age and teachers are asked to do a job somewhat, but not quite like teaching. Police officers roam the halls playing the role of fashion cop (e.g. "Take off that headband!") and administrative staff are shuffling around kids instead of papers.
We could do to have a few outsiders taking part in the "system" on a regular basis. It would bring to light the lunacy of the system and keep both the teachers AND the kids on their toes....and remember: If adults wouldn't be interested in the class kids won't be either.
-Riskable "As soon as you've gotten as good as you want you've given up on being better."
I could see why this might appear confusing... I'll break it down for you:
Microsoft has a monopoly. By bundling a web browser into their OS they are "setting the bar" for what most users web experience will be. Because Windows is a monopoly with such a huge installed base that means that every web designer has to take Microsoft's browser into account when they develop a web site. This concept isn't a problem by itself but it becomes a big problem (and an anti-competitive wedge) when...
1) Microsoft adds proprietary "features" or extensions to their browser that require web pages to be coded in a non-standard way in order for them to work. Other browsers are not at fault for not implementing these things... They are merely doing the right thing by adhering to the standard.
2) They don't update their browser for a very long time. By failing to upgrade the rendering engine of IE for nearly a decade they've essentially put a brake on improvements to the web. It stifles innovation. Even though other web browsers are more standards compliant developers can't take advantage of these improvements since they have to develop for the "lowest common denominator": Internet Explorer. This problem also makes developing for the web a lot more time consuming and difficult.
3) Their web (as in, the standards-based web) development tools are only good for developing sites that run in their own browser. They're marketing Internet Explorer development tools as general web development tools. (Some) Managers believe this marketing BS and then force these tools on their developers (or hire developers who are experts at using them). Microsoft's whole development tool library is designed to lock people into their platform (Windows + IE) making it extremely hard for competing browsers to enter this space (and for the web to progress!).
4) The whole point of all these things is to make "write once, run on any OS/browser" as difficult as possible. If people can use any web site or any web-based application on any platform then Microsoft will be forced to compete on features, price, quality, etc... These are all things they've worked so hard to avoid!
What it comes down to is that Microsoft is a convicted anti-competitive monopolist and there's no evidence so far that they've changed their tune. It is right to be sceptical of everything they do. Especially in regards to Internet Explorer and their constant push to undermine standards.
-Riskable http://riskable.com/ "When a government fails to police monopolies it is enabling tyranny."
Let me list a fraction of the improvements of IE8, should it be too hard for you to RTFA-s:
- Much improved compliance with the CSS 2.1 standards, compliance with certain most requested CSS3 features. This includes, but not limited to features such as display:inline-table,:after,:before, content attribute, counter-reset / counter-increment, box-sizing (implemented as -ms-box-sizing, similar to -moz-box-sizing as it's not finalized in CSS3), fixes on the p/div handling, CSS outline, improvements to text orientation rendering,
"Improved compliance" still isn't compliance. Why we're cynical: We've all been waiting for Microsoft to "catch up" to every other browser and it seems that their future holds nothing but further catch-up. I guess we'll all have to wait until IE 9 or Linux/Mac desktop dominance?
- Data URI support would dramatically simplify dynamic content generation in some instances, and improve the performance on pages with many small images (you can embed those images in the HTML and save yourself some 10-20 additional HTTP requests).
- More complete support for the CSS attributes related to page printing, such as @page, left/right/first page selectors, page-break-inside, widows, orphans properties.
- Kick-ass development and debugging tools that rival FireBug for Firefox (honestly, check the white-paper). If you're a web developer, you're probably using FireBug intensively, now you can debug with the same ease on IE.
So Microsoft is trying to court developers back to their platform by providing more proprietary development tools? I'm going to give you an imaginary quote from Microsoft-of-the-future: "Microsoft cannot guarantee that pages developed with their tools will work in other browsers"... Just like the old days! Build a site in Frontpage and who cares what it looks like in anything but IE? Here's some advice for developers: Microsoft's tools are only ever good for developing/debugging sites for Microsoft browsers.
- Hooks for AJAX navigation (I had to implement JS navigation on a project as recently as a week ago, and I know this will save me quite some time in the future, if the other browsers follow suit), DOM Storage (super-cookies:) ) that allow much richer offline storage, and combine this with ability to detect if the network is down/offline or not, and let your JS handle the situation! XHR has timeout now as well.
It is sad, really... More proprietary "features". Just what we DON'T need. Let me explain it to you: If you've added a feature to your browser that requires developers write code to take advantage of it you are undermining standards. I see no reason to trust Microsoft's implementation of this. In fact, I'm so jaded at this point I'm not in the "Well, we'll see" camp I'm in the "don't even think about using this" camp. When Microsoft's got a few YEARS of demonstrating real support for standards then I'll start reconsidering their platform/browser as something other than an anti-competitive wedge.
Here's some wisdom for everyone to copy down: Never implement a feature invented by Microsoft until an open source product implements it *completely* and *successfully*. Their history is too full of broken implementations of their own "standards" to trust them not to A) break it, B) claim patent rights on it, or C) make it so obfuscated and difficult to duplicate the only way to ensure compatibility is to use Microsoft's own products.
- CSS selectors API exposed to JS. Do you have any idea how *important* that is? Look at any popular JS library today: Prototype, jQuery, MooTools. They all *emulate* this
Let's talk about the real problem here: Cable TV channels are a huge waste of bandwidth. I don't care if The Perfect Channel(TM) is on my cable. I want it off. Give me NO channels and let me use that bandwidth for INTERNET ACCESS.
Right now your "Cable Internet" is using up about 10% of your coaxial cable while the other 90% is used to deliver TV channels. What a waste! If the FCC (or Congress) forced cable providers to be CABLE PROVIDERS (as in, they provide the wire and nothing else) then we could all have 100MB+ Internet access with the ability to choose from a nearly infinite array of "channels", P2P-distributed "shows", and any other content we wanted. If they truly want diversity, that is the best way to do it.
Using bandwidth for things other than TCP/IP (or similar protocols) is a waste.
KOffice 2.0 is built on KDE 4 which doesn't use the dizzying array of daemons/processes that KDE 3 does so your argument is (mostly) moot. There will still be kded but it has been slimmed down thanks to the enhancements in QT4. For example, the DCOP daemon(s) go away in KDE 4 (it uses dbus) and it has become much more modular without as many cross-dependencies (there was a huge push for "modular KDE" in 4).
Not sure how all of that will work in Windows (because KDE 4 and KOffice 2.0 will run on it) without dbus but it can't be as bad as the bloat that is OpenOffice.org (I love it but man it is a resource hog and slower than it should be).
If you use OpenVPN on TCP over port 443 it looks *just* like HTTPS traffic. It does precisely what you're talking about. There's even a personal VPN service provider that offers exactly this service:
Let me first state that I'm a PCI Qualified Security Assessor. That means I am certified by PCI to perform audits and report back to banks whether or not a company is compliant or not. In other words, consider me authoritative on this matter.
When dealing with any PCI requirement the most important thing to think about is the INTENT. Is the intent of the logging requirements in section 10 of the PCI DSS to prevent anyone, anywhere, from EVER being able to modify log files? No! The intent is to prevent a compromised system from altering its own log files--hiding the fact that it has been compromised. As long as your logging solution handles this situation effectively you really don't have anything to worry about.
In my role as auditor I would never fail a syslog host just because it was writing to a standard ext3 volume. I *would* fault a company if their logging solution was poorly configured (insecure: say, running telnetd) or was write-accessible by the same admins that send all their log data to it (unless they were a small company--if you only have one or two admins there's only so much separation of privilege you can get away with). I'd also have problems with a syslog host that wasn't backing itself up on a regular basis (90 days online, 3 year archive).
If I were you I'd be more concerned with your logging system meeting the other requirements of the PCI DSS. If it is inherently insecure or fails to implement proper access controls (say, shared root account) who cares how the logging solution is configured?
Remember: Intent is everything. If in doubt, call your acquirer (i.e. your bank). They're the ones who ultimately have to decide whether or not your implementation is good enough anyway. The auditor just writes a report--the bank has to sign off on it.
One would imagine that if you have "the right to remain silent" then you do not have to say anything at all. If the court orders you to hand over the keys to your house that is a physical action you must take. If the court orders you to hand over your passphrase they are demanding speech. No court can get away with such nonsense because of the 5th amendment. It would be like ordering you to write a confession.
What the big ISPs want isn't just a two-tiered Internet where some traffic gets priority over another. They want two distinct Internets. One were you have control and another where they have control. They'll probably share the same tier-1 backbones but everything below that will be separated (imagine a router configured to send packets from their sources directly to you via a hyper-speed backbone whereas all other traffic gets routed through a dozen or so more hops on the "economy" backbone).
If you want a practical example of precisely how they they plan to violate network neutrality look at the DOCSIS 3.0 spec. It reserves about 80% of the bandwidth on the coaxial cable for video and telephone services that are exclusively provided by the cable company (i.e. no one else is allowed on). The other 20% of the bandwidth is provided as general Internet access (with the usual limited upload speed). This way they can be the gatekeeper for high-bandwidth content (i.e. video) and low-latency applications (i.e. VoIP) while every other business that wants access to their customers has to either pay to get on their high-speed channels or get stuck with the slow lane.
The telephone companies are already rolling out technologies that divide up fiber connections in a similar fashion. The "big plan" is to get paid extra for that exclusive, high-speed and low-latency channel into people's homes. It is a hugely anti-competitive situation.
If you provide streaming video to anyone on the Internet you will not be able to compete with the speed and quality of the video coming over Comcast's, AT&T's, and Verizon's dedicated pipes. If you're a VoIP provider that provides telephone service to anyone on the Internet you will not be able to compete with the low-latency and high quality of the big ISP's dedicated pipes. If you provide *any* service over the Internet all it will take for you to be crushed out of existence is for the big ISPs to start offering the same service on their dedicated, exclusive channels.
It isn't about prioritizing traffic. It is about dividing it up and destroying the free market that is Internet access in people's homes. It is literally "divide and conquer".
Slashdot Mirror
Dust is mostly made up of dead skin. If it is just your dead skin, well, a dust mask may be OK for you. However, keep in mind that people are regularly excreting small amounts of their medications through their skin and people also have a tendency to rub various medications (and who-knows-what else) onto themselves as well. Not to mention the various pesticides we regularly squirt onto our pets for flea and tick control. Coming in contact with such chemicals usually isn't a big deal (be careful, wash your hands, etc) but inhaling them is an entirely different matter (especially considering the half-life of some popular pesticides).
For example, I would not want to be the guy cleaning out PCs in/from a retirement home. There's enough hormone replacement therapy going on in places like that you might wind up with gynomastia (well, probably not THAT much =).
Besides, a good respirator is much more comfortable than a dusk mask anyway.
I believe the cultural factor behind the work-averse attitude of today's youngsters lies directly with the fact that schoolwork is much harder and time consuming than Real Work. At least, that's been my experience. My job involves sitting in front of a computer--at home no less--for a mere 8 hours every day. I don't have to get dressed up, I don't have to do any homework, and my knowledge of trivia (specifics of certain time periods in history, English literature, rarely-useful-in-the-real-world mathematical formulas, etc) is never a factor. Not only that but my career advancement doesn't rely on passing a barrage of broad-spectrum tests on a quarterly or yearly basis.
Even if I worked in an office with a dress code the results would be similar: From the perspective of a child, Real Work doesn't appear to require much effort at all. In fact, just being present seems to be enough to get paid (and in some places I've worke I must concede that actually *is* all that's required for many positions).
If "kids these days" are hard to get motivated for absorbing trivia and performing rote tasks we have only ourselves to blame. I've said it before and I'll say it again: One has only to point a finger at the preceding generation to discover who is to blame for "kids these days."
The RouterStation and RouterStation Pro have 3 mini-PCI slots. You can use those to hook up ethernet adapters. I'm pretty sure you can get mini-PCI cards with breakout panels supporting 6 or more ports. I couldn't give you a specific product to use though.
At the very least I know there's dual-port mini-pci cards out there (gigabit, even). So you could add 4 ports with two cards and still have a slot left for a wireless card.
libopenssl isn't a general requirement of OpenWRT because all the default web-based interfaces (LuCI, X-WRT, etc) don't use SSL (not by default anyway). I suspect the reason for this is precisely because libopenssl is so large (from an embedded perspective).
PyCI requires the pyOpenSSL package because PyCI was built using the CherryPy framework which currently uses that module for SSL capability. The next release (3.2) will support the regular Python SSL implementation and I plan to get rid of the pyOpenSSL requirement when that happens.
The contest was for firmware images that can specifically run on Ubiquiti's RouterStation and RouterStation Pro products. However, you'll be happy to know that I included instructions on how to build your own firmware for any given platform/device. It really isn't that hard but it does take a while to compile (can take a few hours even on fairly modern systems).
I recommend you just grab the latest OpenWRT trunk release via svn (instructions at dev.openwrt.org) and copy the PyCI-OpenWRT-trunk.config file from the PyCI source package to that directory and rename it ".config". Then run "./scripts/feeds install -a", "make oldconfig", "make menuconfig", and then change the configured platform to the platform of your choice. After that you can run "make V=99" to compile your firmware. It'll show up under the trunk/bin directory.
For reference, the very same instructions are also included in the source code package under the "docs/build/html" directory.
There's no reason why it shouldn't run in Mac OS X. Just make sure you have the following installed:
Python 2.6+
pyOpenSSL (not the same as Python's built-in OpenSSL support)
python-sqlite3
You're probably just missing pyOpenSSL.
Oh come on, *every* advanced configuration interface includes the ability to shoot yourself in the foot! I even had a debate in the contest forum about whether or not I should add a timeout to the page that allows you to reboot your router: If the router didn't come back up after 5 minutes it would ask you if you've updated your resume recently.
Sadly due to time constraints I never got to implement that feature =)
FYI: PyCI runs in "God mode" by default but this behavior can be changed.
PyCI checks to make sure that no input element is currently selected before it drops down the terminal. So if you just clicked on a drop-down menu and hit ESC you'd get the expected behavior. Press ESC again and you get the terminal window.
So yeah, I already thought of that and took care of it. The only place where it actually overrides standard behavior is with jQuery-UI dialogs. By default the ESC key closes the dialog but PyCI overrides that feature. It isn't a big deal though... Just hit tab until you get to the cancel button.
I thought I had this in the docs somewhere but I'm not seeing it. Anyway... PyCI requires that python 2.6+ be installed along with pyOpenSSL (an ipk for which is included in the PyCI source package). The packages and dependencies add up to the following:
python_2.6.1-2_ar71xx.ipk: 2.4M
python-openssl_2.6.1-2_ar71xx.ipk 14k
python-sqlite3_2.6.1-2_ar71xx.ipk 40k
pyOpenSSL_0.9-1_ar71xx.ipk 45k
PyCI_0.5-1_ar71xx.ipk 793k
libopenssl_0.9.8k-2_ar71xx.ipk 493k
So in total you need about 3.7MB free (unless I'm forgetting something). Different platforms may have slightly larger (or smaller) binary sizes so your mileage may vary.
For reference, a mostly-fully-loaded (minus Quagga, Coova Chilli, and a few other lesser-used-by-consumers packages) RouterStation firmware with PyCI and l2sh included amounts to about 6.5MB. That includes all the layer7 scripts, ddns-scripts, qos stuff, ntpclient, all the aetheros drivers, drivers for USB storage, most of the firewall kernel modules, and more.
In short, you should be able to use PyCI on any OpenWRT system with at least 32MB of RAM and 8MB of flash ROM.
I appreciate this comment (thanks) but I thought I should mention that I'm not a programmer by trade. I'm actually a Systems Administrator/Security Consultant (CISSP, former PCI QSA). I taught myself Python two years ago and only just recently (within the past year or so) started programming real applications with it. Before that I never wrote anything except for shell scripts. So when I started this contest six months ago I had no idea how to write a web-based application from scratch let alone a contest-winning one.
All in all I'd say the most significant learning challenges during the six months I worked on this contest were:
* Learning how to really program with Python. I had to learn about metaprogramming, how to write decorators, list comprehensions, and lots of OOP things I had no concept of before the contest. My most advanced Python program before this was just a command line SSH tool.
* Learning JavaScript and then learning how to use jQuery and MochiKit (I also tested Dojo when I was first starting out but it was too big/slow for embedded).
* Learning how to write a layer-2 network protocol with a server and client. It took me a week of research and a week of programming to get it running--two weeks before the final draft was due. Kind of insane! The most annoying thing was the fact that there's almost ZERO official documentation and examples regarding layer-2 stuff using Python's socket module.
* Learning about QT and how to program using PyQT4 (for the speed test client GUI).
The good thing was I started out in the contest expecting it to be a learning experience and it sure turned out that way!
The RouterStation is much more powerful than your typical WRT54g but PyCI doesn't require a super-fast processor or huge amounts of RAM. On a RouterStation with 64MB of RAM PyCI takes up about 27% according to top. This will be reduced significantly in the future as I optimize things (the contest didn't give me much time to do that). Also, I'm pondering porting the whole thing from CherryPy + Mako to the Tornado framework which would speed things up and reduce the memory footprint considerably.
I don't think people will have any trouble at all running PyCI on a router with 32MB of RAM and 8MB of Flash ROM. Some pages might load a little slow but that shouldn't matter too much since you're not going to be configuring your router every day.
PyCI can configure networking (including wireless) on any OpenWRT-based Linux distribution. Essentially, what PyCI is configuring is /etc/config/network and /etc/config/wireless. These files utilize the Universal Configuration Interface (UCI) standard format.
For reference, I have plans in the future to fork PyCI into a more generic web-based administration tool more akin to webmin that works with more distributions than just OpenWRT. The necessary framework is already there and many plugins can already configure various aspects of any given Linux system.
You can actually run PyCI on any old Linux box with Python 2.6+ installed. A lot of the configuration screens won't be useful if it isn't OpenWRT though (pretty much all the network configuration screens won't work but Users and Groups configuration will work great =). So to answer your question: Yes, it'll run on any OpenWRT host with one caveat: You need enough space for the requirements.
PyCI requires Python 2.6 (more than just python-mini) which itself requires libopenssl which is over a megabyte. I forget the exact sizes but your OpenWRT router will probably need 8MB of flash ROM at a bare minimum. You can get around this requirement by using external storage (PyCI doesn't care where it's installed) and loading Python + PyCI there.
There's ipk files for PyCI, pyOpenSSL, and l2sh in the PyCI zip file on the wiki. The rule of thumb is this: If you can "opkg install python" with ~1MB free afterwards you can install and use PyCI.
I won't comment on the other entries since I haven't played around with them yet but I will say this: The primary advantage PyCI has over, say, LuCI, Tomato, DD-WRT, and X-WRT is that configuration screens in PyCI are infinitely configurable. When I say, "inifinitely configurable" I mean that all forms that can be dynamic are dynamic. For example, in Tomato and LuCI if you want to configure DNS you get two fields to enter that information (primary and secondary). In PyCI you can add as many as you want. There's examples of this all over the spectrum of configurable options.
Also, PyCI supports many features that the existing interfaces do not which is sort of the whole point of the contest. As another example, PyCI doesn't just let you configure firewall rules. It lets you configure your firewall rules and then see exactly which iptables command will be executed as the result of your changes.
My personal favorite unique feature of PyCI is the quake-style terminal. Even if PyCI doesn't have a configuration interface for something you can always just hit the ESC key to pull down a full terminal just as if you SSH'd into your router. It even works with full-screen apps like vi. I wrote a standalone version of it called Escape From The Web that can be downloaded here. It uses the Tornado framework instead of CherryPy (among some other differences) but from the user's perspective it is pretty much the same.
There's a whole lot of stuff included with PyCI that isn't covered in detail in the wiki. I plan to put up a downloadable x86 Qemu image with PyCI pre-installed for people to play with soon.
You know, my winning entry has a Quake-style drop-down console window. Hit the ESC key on any page in PyCI and it will bring down the terminal just like in Quake and Half-Life (in this case, running the ash shell). I would've used the tilda key but that might actually be used in an input element somewhere.
I know your post was in jest but PyCI actually does include some elements from a first-person shooter!
Yeah, I'm not sure why Ubiquiti chose to post so few screenshots of my entry (and they're really small). I posted a bunch (full-size) in my flickr photo stream: http://www.flickr.com/photos/18175109@N00/tags/pyci/ (they're all tagged with "pyci").
Why cut it off at age 20? Why cut it off at all? We all pay for "our" educational system every single year so why must we pay for something "we" can't use? Why must school be limited to children?
It seems to me, having spent some time doing IT work at several local schools that the 'kids' are treated as if they're several years younger than their actual age and teachers are asked to do a job somewhat, but not quite like teaching. Police officers roam the halls playing the role of fashion cop (e.g. "Take off that headband!") and administrative staff are shuffling around kids instead of papers.
We could do to have a few outsiders taking part in the "system" on a regular basis. It would bring to light the lunacy of the system and keep both the teachers AND the kids on their toes. ...and remember: If adults wouldn't be interested in the class kids won't be either.
-Riskable
"As soon as you've gotten as good as you want you've given up on being better."
I could see why this might appear confusing... I'll break it down for you:
Microsoft has a monopoly. By bundling a web browser into their OS they are "setting the bar" for what most users web experience will be. Because Windows is a monopoly with such a huge installed base that means that every web designer has to take Microsoft's browser into account when they develop a web site. This concept isn't a problem by itself but it becomes a big problem (and an anti-competitive wedge) when...
1) Microsoft adds proprietary "features" or extensions to their browser that require web pages to be coded in a non-standard way in order for them to work. Other browsers are not at fault for not implementing these things... They are merely doing the right thing by adhering to the standard.
2) They don't update their browser for a very long time. By failing to upgrade the rendering engine of IE for nearly a decade they've essentially put a brake on improvements to the web. It stifles innovation. Even though other web browsers are more standards compliant developers can't take advantage of these improvements since they have to develop for the "lowest common denominator": Internet Explorer. This problem also makes developing for the web a lot more time consuming and difficult.
3) Their web (as in, the standards-based web) development tools are only good for developing sites that run in their own browser. They're marketing Internet Explorer development tools as general web development tools. (Some) Managers believe this marketing BS and then force these tools on their developers (or hire developers who are experts at using them). Microsoft's whole development tool library is designed to lock people into their platform (Windows + IE) making it extremely hard for competing browsers to enter this space (and for the web to progress!).
4) The whole point of all these things is to make "write once, run on any OS/browser" as difficult as possible. If people can use any web site or any web-based application on any platform then Microsoft will be forced to compete on features, price, quality, etc... These are all things they've worked so hard to avoid!
What it comes down to is that Microsoft is a convicted anti-competitive monopolist and there's no evidence so far that they've changed their tune. It is right to be sceptical of everything they do. Especially in regards to Internet Explorer and their constant push to undermine standards.
-Riskable
http://riskable.com/
"When a government fails to police monopolies it is enabling tyranny."
"Improved compliance" still isn't compliance. Why we're cynical: We've all been waiting for Microsoft to "catch up" to every other browser and it seems that their future holds nothing but further catch-up. I guess we'll all have to wait until IE 9 or Linux/Mac desktop dominance?
More catch-up: Data URI is already supported in everything else and the page printing CSS attributes are just more standards compliance catch-up.
So Microsoft is trying to court developers back to their platform by providing more proprietary development tools? I'm going to give you an imaginary quote from Microsoft-of-the-future: "Microsoft cannot guarantee that pages developed with their tools will work in other browsers"... Just like the old days! Build a site in Frontpage and who cares what it looks like in anything but IE? Here's some advice for developers: Microsoft's tools are only ever good for developing/debugging sites for Microsoft browsers.
It is sad, really... More proprietary "features". Just what we DON'T need. Let me explain it to you: If you've added a feature to your browser that requires developers write code to take advantage of it you are undermining standards. I see no reason to trust Microsoft's implementation of this. In fact, I'm so jaded at this point I'm not in the "Well, we'll see" camp I'm in the "don't even think about using this" camp. When Microsoft's got a few YEARS of demonstrating real support for standards then I'll start reconsidering their platform/browser as something other than an anti-competitive wedge.
Here's some wisdom for everyone to copy down: Never implement a feature invented by Microsoft until an open source product implements it *completely* and *successfully*. Their history is too full of broken implementations of their own "standards" to trust them not to A) break it, B) claim patent rights on it, or C) make it so obfuscated and difficult to duplicate the only way to ensure compatibility is to use Microsoft's own products.
Let's talk about the real problem here: Cable TV channels are a huge waste of bandwidth. I don't care if The Perfect Channel(TM) is on my cable. I want it off. Give me NO channels and let me use that bandwidth for INTERNET ACCESS.
Right now your "Cable Internet" is using up about 10% of your coaxial cable while the other 90% is used to deliver TV channels. What a waste! If the FCC (or Congress) forced cable providers to be CABLE PROVIDERS (as in, they provide the wire and nothing else) then we could all have 100MB+ Internet access with the ability to choose from a nearly infinite array of "channels", P2P-distributed "shows", and any other content we wanted. If they truly want diversity, that is the best way to do it.
Using bandwidth for things other than TCP/IP (or similar protocols) is a waste.
KOffice 2.0 is built on KDE 4 which doesn't use the dizzying array of daemons/processes that KDE 3 does so your argument is (mostly) moot. There will still be kded but it has been slimmed down thanks to the enhancements in QT4. For example, the DCOP daemon(s) go away in KDE 4 (it uses dbus) and it has become much more modular without as many cross-dependencies (there was a huge push for "modular KDE" in 4).
Not sure how all of that will work in Windows (because KDE 4 and KOffice 2.0 will run on it) without dbus but it can't be as bad as the bloat that is OpenOffice.org (I love it but man it is a resource hog and slower than it should be).
If you use OpenVPN on TCP over port 443 it looks *just* like HTTPS traffic. It does precisely what you're talking about. There's even a personal VPN service provider that offers exactly this service:
https://vpnout.com/
Let me first state that I'm a PCI Qualified Security Assessor. That means I am certified by PCI to perform audits and report back to banks whether or not a company is compliant or not. In other words, consider me authoritative on this matter.
When dealing with any PCI requirement the most important thing to think about is the INTENT. Is the intent of the logging requirements in section 10 of the PCI DSS to prevent anyone, anywhere, from EVER being able to modify log files? No! The intent is to prevent a compromised system from altering its own log files--hiding the fact that it has been compromised. As long as your logging solution handles this situation effectively you really don't have anything to worry about.
In my role as auditor I would never fail a syslog host just because it was writing to a standard ext3 volume. I *would* fault a company if their logging solution was poorly configured (insecure: say, running telnetd) or was write-accessible by the same admins that send all their log data to it (unless they were a small company--if you only have one or two admins there's only so much separation of privilege you can get away with). I'd also have problems with a syslog host that wasn't backing itself up on a regular basis (90 days online, 3 year archive).
If I were you I'd be more concerned with your logging system meeting the other requirements of the PCI DSS. If it is inherently insecure or fails to implement proper access controls (say, shared root account) who cares how the logging solution is configured?
Remember: Intent is everything. If in doubt, call your acquirer (i.e. your bank). They're the ones who ultimately have to decide whether or not your implementation is good enough anyway. The auditor just writes a report--the bank has to sign off on it.
One would imagine that if you have "the right to remain silent" then you do not have to say anything at all. If the court orders you to hand over the keys to your house that is a physical action you must take. If the court orders you to hand over your passphrase they are demanding speech. No court can get away with such nonsense because of the 5th amendment. It would be like ordering you to write a confession.
What the big ISPs want isn't just a two-tiered Internet where some traffic gets priority over another. They want two distinct Internets. One were you have control and another where they have control. They'll probably share the same tier-1 backbones but everything below that will be separated (imagine a router configured to send packets from their sources directly to you via a hyper-speed backbone whereas all other traffic gets routed through a dozen or so more hops on the "economy" backbone).
If you want a practical example of precisely how they they plan to violate network neutrality look at the DOCSIS 3.0 spec. It reserves about 80% of the bandwidth on the coaxial cable for video and telephone services that are exclusively provided by the cable company (i.e. no one else is allowed on). The other 20% of the bandwidth is provided as general Internet access (with the usual limited upload speed). This way they can be the gatekeeper for high-bandwidth content (i.e. video) and low-latency applications (i.e. VoIP) while every other business that wants access to their customers has to either pay to get on their high-speed channels or get stuck with the slow lane.
The telephone companies are already rolling out technologies that divide up fiber connections in a similar fashion. The "big plan" is to get paid extra for that exclusive, high-speed and low-latency channel into people's homes. It is a hugely anti-competitive situation.
If you provide streaming video to anyone on the Internet you will not be able to compete with the speed and quality of the video coming over Comcast's, AT&T's, and Verizon's dedicated pipes. If you're a VoIP provider that provides telephone service to anyone on the Internet you will not be able to compete with the low-latency and high quality of the big ISP's dedicated pipes. If you provide *any* service over the Internet all it will take for you to be crushed out of existence is for the big ISPs to start offering the same service on their dedicated, exclusive channels.
It isn't about prioritizing traffic. It is about dividing it up and destroying the free market that is Internet access in people's homes. It is literally "divide and conquer".