Daniel Golle wrote:
>> Well, that's certainly true. It is not always possible to talk to the
>> outside world from inside that initial boot enclave. That's the detail
that
>> we need.
>> Do we even have a spare GPI(o) pin that can be used for this?
>> (It can't be used for
Daniel Golle wrote:
> On Mon, Apr 29, 2024 at 03:04:37PM -0400, Michael Richardson wrote:
>>
>> {sorry for the long delay, been unwell}
>>
>> Bjørn Mork wrote:
>> > Maybe it is possible to deploy the system with secure boot and a
t; supported, including playing with the BL2 code etc.
It won't work that way. If someone can easily turn off secure boot, then so
can malware.
I hope we can go the other way.
I'm willing to do the legwork, and I can sign an NDA if necessary, and then
communicate what needs to be said.
Bjørn Mork wrote:
> Michael Richardson writes:
>> Having orange and red pieces "secured" *does* mean that u-boot updates
would
>> have to come from openwrt.
> Does it? Is it possible to modify the BL2 to verify signatures of the
> BL31 and
oot (the u-boot checks the signature) linux kernel,
then nobody could change their kernel.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
__
the OAM board manufacturer, it just
doesn't work out.
ps: I'm willing to operate and secure the PK *I* junk that is needed to make
this all work. It won't pass PCI on round one, but I'm sure if that was
important, it could be done.
--
] Never tell me th
John Crispin wrote:
> On 12.04.24 15:30, Michael Richardson wrote:
>> Is the MT7981B specification available publically at this point?
>>
>> I can find a 7986 sheet on hackaday, but who knows how it differs
(marketing
>> people and their numbe
Is the MT7981B specification available publically at this point?
I can find a 7986 sheet on hackaday, but who knows how it differs (marketing
people and their numbers)
signature.asc
Description: PGP signature
___
openwrt-devel mailing list
openwrt-d
Bjørn Mork wrote:
> Michael Richardson writes:
>> I'd really like to find a way to work with your manufacturer to get an
>> IDevID certificate into each unit as it is manufacturered.
> For those of us who are not going to pay USD 100 for a document we
Thank you for the update.
I'd really like to find a way to work with your manufacturer to get an IDevID
certificate into each unit as it is manufacturered.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software
Bjørn Mork wrote:
> antennas. I realize that such a case will be relatively expensive. But
> without it all you have is yet another midrange dev board. This is
> your chance to make a device which shouts "OpenWrt!!!" whenever someone
> sees it. Just like the original WRT did. N
Dave Taht wrote:
> So I at least do not feel a huge urge to get on the 6ghz bandwagon at
> this time. I would actually, be happy cutting even more multiplexing
> latency out of the ath9k chips, and there is much fat left to be cut
> from the mt79 also, and the benefits of many peo
that 100km drive
to visit the device.
I would appreciate a switch chip, since that lets us do DSA and different
things with different ports, but I can live without it.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software
td, but mmc. So this would require even more in detail knowledge I
> don't have.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.
Janusz Dziedzic wrote:
>> > Finally buy: D-LINK DGS-1210-48 G1.
>>
> Also - HP 1920-24G JG924A works correctly.
> But what about future? Is there any new device we can buy and use
> openwrt there? Or even 2.5Gbps/5Gbps?
> So far just buy used/older devices.
mcr> Is
> Finally buy: D-LINK DGS-1210-48 G1.
Is this a device that is still for sale?
I have some control plane things that I'd like to test on a variety of
switches. I using the Zyxel GS1900 now.
signature.asc
Description: PGP signature
___
openwrt-dev
sts might need to know, such as seeing the status
page to see if the network is up.
> It might also be better if uhttpd could be configured to bind
> to a specific interface rather than knowing its IP upfront, but
> that might be impractical.
It's totally impractical.
--
M
Paweł Dembicki wrote:
> I am preparing support for the T4240RDB board. But I'm stuck with one
> problem:
> Qoriq target is powerpc64. But T4240RDB in u-boot is supported as
> mpc85xx family and requires a 32-bit compiler.
Seems like you might need to just use two build trees.
Jo-Philipp Wich wrote:
> Bluntly speaking, DSA is the thing that gives you one Linux network
> device per switch port and bridge VLAN filtering is the stuff that
> allows you declaring swconfig-esque VLAN port groups on top of an
> arbitrary bridge interface.
..
> Another con
ping the internet.
"so I suppose IP assignment is fine."
But they weren't because the router didn't assign a v6 prefix to the LAN.
Having ULAs available is critical to efforts to do HTTPS to the router.
Please do not change this default.
--
Michael
> Baptiste Jonglez writes:
> ULA IPv6 prefixes (Unique Local Addresses, RFC 4193) are not routable
> on the Internet. As such, they have very limited use, and enabling
> them by default causes more problems than it solves:
> - if an OpenWrt device already has external IPv6 c
please forgive me stupidity, I couldn't understand the last part of your
recommendation:
Daniel Golle wrote:
> Hence, to achieve reproducible builds we will either have to resort to
> identical containers/VMs for building or get rid of the BuildID hash
> alltogether (or use a differ
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
Thank you for this great report!
I did not know codeberg existed, but when I looked, discovered I already had
a login!
I would go with codeberg.
It's okay that many community repos are on git, git makes cloning easy.
Who is funding codeberg, and how stable is that funding?
"Codeberg is not a co
operations more
sustainable, inspiring others to follow. "
if Google could just turn over/upstream their code base.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@s
I haven't used the UML target in the past year, but I have used it a lot
before.
The ability to do hostfs mounts is very nice.
If it went away, I'd be sad, it's not a disaster as you say.
--
] Never tell me the odds! | ipv6 mesh networks [
] Mic
Rich Brown wrote:
> - Having a firm feature freeze date decreases stress. If a particular
> feature is done/substantially working, it goes in. If it's not quite
> ready, it can skip this release, and get into the next release. (The
> alternative is what I think happened with DSA.
oading.
Why do you configure this with two layers of bridge?
I think that bridge1 is hardware offloaded, right?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.c
ment on how to do
better/secure onboarding.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
est having a standard names .json
file that can be fed into uci in some way. I think that this solves a lot
problems. Have to make sure that vfat support is included in the base image
because... users.
--
] Never tell me the odds! | ipv6 mesh networks [
]
process will not satisfy the UK and US regulations on it's own.
Would a (secret) key hash of the MAC address satisfy it?
The UK https://www.ncsc.gov.uk/ people I spoke with said that it would
technically satisfy
https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101
Enrico Mioso wrote:
> I wasn't sure about uci-defaults being the correct way to do it - I was
> under the impression it could happen that my script gets ran when it's
> too early and /etc/config/wireless hasn't been generated yet.
> If this isn't the case, then I think it's fine!
en you should ahve the public key you can copy
over. I think that sysupgrade also an option to skip the check, but I can't
double check that from my laptop at the moment.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Sof
Stijn Segers wrote:
> Op woensdag 6 januari 2021 om 11u22 schreef Michael Richardson
> :
>> The 1900-8/8HP are discontinued by ZyXEL, but the GS1900-16 and 24E seem
to
>> still be in production.
> How do you know? At least the 8 and 8HP are still be
e working
meetings if the group wants.
The need for a PPPoE username/password is one of the challenges.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://ww
long run.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https
some configurable service to periodically download and install
certificates
> from an external host might be desirable (that's how I do it with my NAS
> boxes at home).
You need a name is DNS, then it's just a dns-01 challenge.
--
] Never tell me the odds!
routers are critical parts of the home IoT ecosystem.
OpenWRT is shipped in millions of devices by manufacturers too lazy to bother
doing much.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelma
the OpenWRT LuCI interface.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
vents.
(The MOX has a private key that is stored across such events, for instance)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/
often wifi), this won't work that well.
> now user only have to check :
> 1. page has valid certificate
> 2. the subdomain is match with device's ssh host key
> and this verify it's the device we wanted.
--
] Never tell me the odds!
I'd pick one of
the brainpool curves: will browsers support them, I have no idea.
EdDSA is really a different algorithm, and browsers do not support them yet.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
__
Paul Spooren wrote:
> On 30.08.20 12:32, Michael Richardson wrote:
>> Paul Spooren wrote:
>> > I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS, as the
former
>> > will be included in OpenWrt 20.x per default.
>>
>
based tool?
uhm, okay. I can live with that for sure.
I care more about what's in the certificate than the algorithm.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelm
#x27;t operate with the /usr/share/libubox/jshn.sh.
But, whatever.
In the end, I've managed to create a file for /etc/umdns/foo.json which does
what I needed, and I'd like to document that better.
--
] Never tell me the odds! | ipv6 mesh networks [
] Mic
Thank you kindly for this work.
Baptiste Jonglez wrote:
> The student project of Biyun and Zhao has just finished.
> The goal was to develop a simplified web interface for OpenWrt, integrated
> in LuCI and complementary to the current LuCI interface.
I watched the video.
I have som
ere are already
plans for that.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.
y.
In general, I think that this decision needs to up-leveled to as a build
option. There are many cases where I would agree: you want the box to die
rather than potentially come up insecurely.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Ric
Makefile include path were to include all the top
levels of all the feeds (feeds/* ), then:
include lang/python/python3-package.mk
would work, and it would pick up whichever one was first in the list of
feeds.
--
] Never tell me the odds! | ipv6 mesh netw
e odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
openwrt-devel mailing list
openwrt
led on:
include $(INCLUDE_DIR)/../feeds/packages/lang/python/python3-package.mk
which I found ugly, but it worked.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@san
odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
openwrt-devel mailing list
openwrt-
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
D
So, no new boards that have <4M flash, or <32M ram, or no patches providing
fixes for existing targets that are at that level?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
]
ver tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
__
I like it. but, determining how to tweak options is
really arcane.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
seeing a build failure
that causes you to want to patch the file.
Also, the latest libpcap (1.9.0) has cmake support, which might make things
easier?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
David Johnson wrote:
> It seems its quite hard to find a board that is fully supported by
> openwrt that has 2x mini pci-express, 2x ethernet ports (WAN, LAN), >
> 64M flash
The Turris Omnia has three mini pci-express. Two have radios already in them,
and
the third is open. I have
lEDE, or leDE (en francais!) or something.
asciidoc for the web site content is okay; maybe someone will contribute a
snazier style sheet (but not me; I'm pathetic at CSS too)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandel
penwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
ecap, bad guy + physical access = game over, no matter what you
try
> to do...
probably.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://w
ICMP port-unreachable code would be nice to have here.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
sign
by", if we can find
a way to do that in-protocol. (wow. it's been 18 years since I worked at ssh...)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http:/
we use a password (or hash) stored in eeprom?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
openwrt-devel mailing list
openwrt-
Richard Clark wrote:
>> Hi Richard,
>>
>> the link status is not propagated to the netdev because there's an
>> external switch chip between the CPU and the RJ45 plug on the outside.
>>
>> There currently is no mechanism to propagate switch port states to Linux
>> netd
Steven Barth wrote:
>> Steven Barth wrote:
>> > - Added support for 464XLAT (CLAT)
>>
>> Is this signaled in some way by DHCPv6?
>> If so, I imagine that there is an RFC# which says how it works, could be
>> listed here, so that google will find CC when people look for it
Steven Barth wrote:
> - Added support for 464XLAT (CLAT)
Is this signaled in some way by DHCPv6?
If so, I imagine that there is an RFC# which says how it works, could be
listed here, so that google will find CC when people look for it...
I actually think that this is a terribly important fe
Imre Kaloz wrote:
> Designated Driver fits the best as a name, but it's a mocktail (but at
> least tastes good).
+1
And, it would be be nice if all the "drivers" were up-to-date... :-
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.o
| ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
openwrt-devel mailing list
openwrt-devel@lists.op
Alpha Sparc wrote:
> I believe it is due to the hardware NAT not supported.
So, really, nothing to do with wifi drivers at all.
You don't need (hardware) NAT if you run IPv6...
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://
ally know how to measure
such a thing?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
end
> up using it to daisy-chain another AP off of.
So, what I want to do ought to be possible, I've just failed to get it
configure properly.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| ne
's what it winds up meaning having the hardware under the kernel, rather
than next to the kernel.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http:/
can
spread elsewhere --- the trend is though, that this too would be subject to
hardware offload.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http
Russell Senior wrote:
> Everyone should have one. At this price (or similar), there isn't a
> good reason to not have several:
>
http://www.ebay.com/itm/USB-To-RS232-TTL-UART-PL2303HX-Auto-Converter-USB-to-COM-Cable-Adapter-Module-/310676792112
> ... particularly if you've g
e); bit for ingress/downlink you still need a properly
> configured shaper until the DSLAMs/MSANs/BRASs learn BQL fq_codel
> (which might take a while)
Yes, I was ignoring that part.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Ric
more than 99% of the real link
capacity (if you can determine it...sigh), the LCP messages should bypass
that part.
DSL with the modem built-in ought to auto-adjust the bandwdth viaBQL
perfectly...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael
How do you know it's not the DSLAM being unstable?
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
power gurus that the solar panel is mostly a joke...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ru
ent? The AR9331 uses the Ath9K wifi driver?
I'm thinking about ease of sticking it in a tree with a solar panel.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m
7;t
reach much beyond 50Mb/s, which has become a problem as many have VDSL2/FTTH.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/
nters for fq_codel, even if somehow
it's fast enough to move 100Mb/s+ of traffic.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/
84 matches
Mail list logo
