On Tue, Jun 2, 2015 at 8:03 AM Michael Rash <[email protected]> wrote:
> On Tue, Jun 2, 2015 at 5:20 AM, Rabin Yasharzadehe <[email protected]> > wrote: > >> >> On Tue, Jun 2, 2015 at 5:05 AM, Jonathan Bennett <[email protected]> >> wrote: >> >>> I strongly want to implement the juicessh plugin stuff. It will take >>> time, but it'll get there. >>> >> >> Looking forward to it. >> >> >>> One last note: the web site that was used for ip address lookup was >>> painfully slow. The new app doesn't do the lookup until a knock is >>> sent that uses "resolve ip", but I was often waiting 60 seconds or >>> longer for that lookup to finish. After looking a bit, I decided to >>> use http://whatismyip.akamai.com. It is *much* quicker to respond. I >>> might add an option to select which site to use in the future. It >>> seems that there should be a better way to get the public IP, but I >>> have yet to work out what that would be. Depending on a 3rd party web >>> site seems less than ideal, but again, I have no alternative yet. >>> >>> >> On my PC I use DNS query to resolve my external IP using opendns servers >> >> # dig myip.opendns.com @resolver1.opendns.com +short >> # or over tcp >> # dig myip.opendns.com @resolver1.opendns.com +short +tcp >> > > This might be good to add to the fwknop client since OpenDNS will have far > faster responses than the cipherdyne.org server ever could, although some > users prefer to resolve via SSL. Still, it would be good to have this as an > option. > Oh wow, that is ridiculously fast. I will see how difficult this is to make work. This also seems like an inherently better method than using an http lookup. > Thanks, > > --Mike > > > >> >> >> --Rabin >> >> >> >>> On Sat, May 30, 2015 at 8:23 PM, Michael Rash <[email protected]> >>> wrote: >>> > >>> > >>> > On Fri, May 29, 2015 at 10:50 PM, Jonathan Bennett < >>> [email protected]> >>> > wrote: >>> >> >>> >> >>> >> >>> >> On Fri, May 29, 2015 at 9:15 PM Michael Rash <[email protected]> >>> >> wrote: >>> >>> >>> >>> On Fri, May 29, 2015 at 4:03 PM, Jonathan Bennett < >>> [email protected]> >>> >>> wrote: >>> >>>> >>> >>>> I am making decent progress on the android implementation of >>> fwknop. I >>> >>>> have rewritten the user interface nearly from scratch. I do have a >>> couple >>> >>>> questions, though. >>> >>> >>> >>> >>> >>> Excellent. >>> >>> >>> >>>> >>> >>>> First, the existing android app is on the marketplace under the >>> company >>> >>>> Maximum Idea. It would seem more appropriate for the app to be >>> distributed >>> >>>> by Cipherdyne. I am certain there is some history there, but we >>> should >>> >>>> consider pulling the old apps and publishing under the Cipherdyne >>> name. >>> >>> >>> >>> >>> >>> Agreed - sounds like you are suggesting an official marketplace >>> account >>> >>> where fwknop apps are distributed, and your rewrite could serve as >>> the basis >>> >>> for the client app. This assumes you are ok with distributing your >>> app via >>> >>> the Cipherdyne account with you as the author, etc. >>> >> >>> >> >>> >> Exactly this. Once I'm mostly satisfied with what I've got, I'll put >>> the >>> >> source on github and get some code review & comments. Once we're >>> satisfied, >>> >> we should publish it officially to the play store. >>> > >>> > >>> > Ok, that sounds like a plan. Although I don't have an Android phone, I >>> have >>> > done a couple of modifications to the Android app using the Android >>> emulator >>> > on Linux. So, I should be able to help test. >>> >>>> >>> >>>> Also, in regards to capturing qr codes. There is an open source >>> project, >>> >>>> https://github.com/zxing/zxing. This is Apache 2 licensed. I can >>> call their >>> >>>> play store app. If it is not installed, the user is sent to the >>> play store >>> >>>> to install it. This is not a terrible solution, but it seems that >>> we could >>> >>>> include their library with our source and capture the qr code >>> without >>> >>>> calling an external app. I prefer making this work for not only the >>> ease of >>> >>>> use, but it also seems it would be more secure to stay within the >>> fwknop >>> >>>> process. Thoughts? >>> >>> >>> >>> >>> >>> Hmm, not sure about this one. There is precedent in fwknop currently >>> for >>> >>> calling external programs from both fwknop and fwknopd, but it is >>> done via >>> >>> execvpe() when available with no environment, and calling external >>> programs >>> >>> generally allows fwknop to minimize library dependencies. fwknop >>> executes >>> >>> wget in -R mode in order to resolve the external IP via SSL/TLS when >>> wget >>> >>> offers this feature, and means that fwknop does not itself have to >>> link >>> >>> against an SSL library. fwknopd executes firewall control binaries >>> directly >>> >>> (iptables, ipfw, etc.) instead of linking against libraries the >>> firewall >>> >>> projects may provide, and also even libpcap is an optional library >>> >>> dependency and can be eliminated at compile time if one is willing >>> to run in >>> >>> --udp-server mode. >>> >> >>> >> >>> >> My thoughts are that an Open Source Java library can be inspected and >>> >> generally trusted, but a precompiled app on the market cannot be >>> audited. >>> >> Probably not a huge issue. >>> > >>> > >>> > Yes, agreed. If this can be done within the realm of Java for the >>> Android >>> > app without requiring the fwknop C code to link against a new library, >>> then >>> > I'm all for it. And, from looking at zxing, this would probably be the >>> most >>> > likely path anyway. You'll likely still want to have your app extend >>> libfko >>> > for SPA packet creation just as the current Android app does, but the >>> zxing >>> > stuff would be independent of this. >>> > >>> >>> >>> >>> >>> >>> But, the above is for the C implementation of fwknop, fwknopd, and >>> >>> libfko. On Android, would the zxing integration be done with their >>> java code >>> >>> into your fwknop client java code? I see they seem to have a C++ >>> component, >>> >>> but I'm assuming you're referring to the Java stuff, correct? >>> >> >>> >> I've not dug into the option there all the way, but I believe they >>> have >>> >> made the central java lib available for inclusion into other projects. >>> >> >>> >>> >>> >>> If so, then integrating their java code into your client code would >>> be a >>> >>> nice win for ease of use for sure. Or are you thinking of >>> integrating the >>> >>> C++ code into libfko, and having a Java extension of this code like >>> the >>> >>> current Android app? >>> >> >>> >> I am planning to stay in the realm of java for the moment. I think it >>> >> makes sense to leave libfko alone. >>> > >>> > >>> > Ok, cool. >>> > >>> >> >>> >> >>> >> For now, I'm leaving it an external program with the intention to go >>> back >>> >> and try to integrate it once other things are working. >>> >>> >>> >>> >>> >>>> >>> >>>> With any luck, I might have a working prototype done this weekend. >>> >>> >>> >>> >>> >>> Very cool. >>> >> >>> >> It's looking like I'll have all the ui stuff working soon. I haven't >>> >> looked closely at the call to libfko yet. Hoping that's not too >>> complex. >>> >> I'll keep you all posted. >>> > >>> > >>> > Sounds great. >>> > >>> > --Mike >>> > >>> > >>> >> >>> >> >>> >> ~Jonathan Bennett >>> >>> >>> >>> >>> >>> Thanks, >>> >>> >>> >>> --Mike >>> >>> >>> >>>> >>> >>>> ~Jonathan Bennett >>> >>>> >>> >>>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> >>> Fwknop-discuss mailing list >>> >>> [email protected] >>> >>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >>> > >>> > >>> > >>> > >>> > -- >>> > Michael Rash | Founder >>> > http://www.cipherdyne.org/ >>> > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F >>> > >>> > >>> ------------------------------------------------------------------------------ >>> > >>> > _______________________________________________ >>> > Fwknop-discuss mailing list >>> > [email protected] >>> > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >>> > >>> >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> Fwknop-discuss mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >>> >> >> > > > -- > Michael Rash | Founder > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > ------------------------------------------------------------------------------ > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >
------------------------------------------------------------------------------
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
