Making opensource routers
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Alternative Title |
| |
| Title of Series | ||
| Number of Parts | 94 | |
| Author | ||
| License | CC Attribution 4.0 International: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/45861 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FrOSCon 20189 / 94
3
7
9
10
13
14
16
19
21
23
25
28
29
30
31
32
33
36
37
39
40
41
43
44
46
48
49
50
53
54
57
67
75
76
77
80
81
85
90
91
92
93
00:00
Router (computing)Open sourceFreewareOpen setRouter (computing)Open sourceXMLUMLLecture/ConferenceComputer animation
00:45
Time domainSession Initiation ProtocolAssociative propertyInternetworkingDemonDirect numerical simulationServer (computing)KnotOffice suiteTranslation (relic)Series (mathematics)Open sourceDomain nameDemonInternetworkingRouter (computing)SoftwareServer (computing)Resolvent formalismWindows RegistryDirect numerical simulationAssociative propertyLevel (video gaming)Computer animation
01:52
Session Initiation ProtocolTime domainAssociative propertyInternetworkingDemonDirect numerical simulationServer (computing)KnotTranslation (relic)Office suiteSeries (mathematics)Computer networkThread (computing)Direct numerical simulationSimilarity (geometry)In-System-ProgrammierungAuthorizationGeneric programmingRouter (computing)YouTubeInformation securitySoftwareAverageInternetworkingSeries (mathematics)MereologyComputer animation
04:02
Computer networkThread (computing)Router (computing)Computer hardwareInformation securityComputer wormRootCore dumpPowerPCComputer hardwareService (economics)SoftwareTelnetFirewall (computing)Connected spaceInformation securityInternetworkingCondition numberRouter (computing)Point (geometry)Projective planeSinc functionPropagatorAverageDomain nameServer (computing)Open sourceComputer wormMulti-core processorPowerPCData storage devicePresentation of a groupMultiplication signResultantLoginComputer animation
08:37
Open sourceFreewareRouter (computing)Computer hardwareNetwork topologyInformation securityComputer wormRootPowerPCCore dumpControl flowProcess capability indexFirmwareRootRouter (computing)Domain nameComputer animation
09:28
Open sourceControl flowDomain nameWritingData storage deviceRouter (computing)Process capability indexPoint (geometry)Fiber (mathematics)Computer animation
10:19
Open sourceControl flowProcess capability indexFeedbackServer (computing)Open sourceSoftwareExpressionCuboidNetwork topologyRootInternetworkingFeedbackDistribution (mathematics)Fiber (mathematics)Goodness of fitNormal (geometry)Meeting/InterviewComputer animation
11:36
FreewareOpen setFeedbackServer (computing)Modul <Datentyp>Open sourceService (economics)Information securityRootRepository (publishing)SoftwareRouter (computing)Physical systemOverlay-NetzComputer-generated imageryFunction (mathematics)Data storage deviceRevision controlSoftwareDistribution (mathematics)Computer hardwareOpen sourceLimit (category theory)Multiplication signPatch (Unix)AverageModule (mathematics)Information managementRadon transformUser interfaceRouter (computing)Repository (publishing)Data compressionProjective planeService (economics)Software developerComputer configurationCASE <Informatik>Information securityRootData storage deviceFirewall (computing)Functional (mathematics)Configuration spaceRoutingMaxima and minimaCore dumpAdditionQuicksortInstallation artComputer animation
17:07
DisintegrationInterface (computing)Function (mathematics)Server (computing)Computer networkRouter (computing)ForestCalculusUser interfaceAverageOpen setMereologyConfiguration spacePublic key certificateServer (computing)SoftwareFlow separationFunctional (mathematics)InternetworkingComputer fileComputer configurationAuthorizationVirtuelles privates NetzwerkComputer animation
19:16
DisintegrationInterface (computing)Function (mathematics)Server (computing)Computer networkOpen setFreewareMultiplication signRouter (computing)Information securityComputer animationLecture/Conference
19:57
Physical systemAxiom of choiceRollback (data management)Common Language InfrastructureData storage deviceOverlay-NetzFile systemMedical imagingServer (computing)Real numberDenial-of-service attackLecture/ConferenceComputer animation
20:47
Physical systemAxiom of choiceRollback (data management)Common Language InfrastructureMultiplication signComputer animation
21:32
Physical systemAxiom of choiceCommon Language InfrastructureRollback (data management)SoftwareLattice (order)Uniform boundedness principleOcean currentState of matterComputer animationLecture/Conference
22:27
Physical systemAxiom of choiceRollback (data management)Common Language InfrastructureDefault (computer science)Bridging (networking)Distribution (mathematics)Interface (computing)Router (computing)Service (economics)Computer hardwareFunctional (mathematics)Distribution (mathematics)Moving averageState of matterComputer animation
23:50
Open setDistribution (mathematics)Installation artCommon Language InfrastructureInterface (computing)Default (computer science)Bridging (networking)Service (economics)Proxy serverConfiguration spaceServer (computing)EmailDistribution (mathematics)Web 2.0Router (computing)Direct numerical simulationWebsiteBitService (economics)Multiplication signFunctional (mathematics)InternetworkingProjective planeFunction (mathematics)InformationMetropolitan area networkMereologyAverageSoftwareVideo gameStatisticsEscape characterBridging (networking)Configuration spaceInterface (computing)Information securityRadon transformInstallation artTraffic reportingOpen setVirtualizationComputer animation
28:00
Service (economics)Distribution (mathematics)Proxy serverInstallation artConfiguration spaceUniform resource locatorTunisPort scannerGroup actionPlanar graphLie groupIP addressRouter (computing)PasswordComputer animation
29:12
PasswordAddress spaceTotal S.A.Proxy serverStatisticsLoginMultiplication signRouter (computing)NumberLevel (video gaming)Information securityStatisticsMetropolitan area networkWebsiteComputer animation
30:28
Port scannerWeb pageTotal S.A.Proxy serverStatisticsConvex hullTorusHill differential equationTime domainService (economics)Installation artDistribution (mathematics)Configuration spaceFirewall (computing)Physical systemComputer networkInformationBlock (periodic table)SoftwareProjective planeAdditionService (economics)Connected spaceRule of inferenceFirewall (computing)Communications protocolInformationPhysical systemDataflowOnline helpOpen sourceIntrusion detection systemBlock (periodic table)Computer animation
32:11
TelecommunicationOpen sourceQuery languageDirect numerical simulationContent (media)Software bugRule of inferenceDirect numerical simulationAddress spaceRule of inferenceInformationComputer wormServer (computing)LengthQuery languageConnected spaceWeb 2.0Figurate numberOpen sourcePublic key certificateEvent horizonMetadataForm (programming)Computer animation
34:19
InformationTransport Layer SecurityServer (computing)Extension (kinesiology)Serial portFingerprintRevision controlPoint (geometry)Rule of inferenceTelecommunicationInformationPublic key certificateEmailConnected spaceLecture/ConferenceComputer animation
35:06
FacebookContent (media)DisintegrationInformationCommon Language InfrastructureInterface (computing)ComputerComputer networkDigital electronicsProjective planeEmailSoftwareFigurate numberDressing (medical)Flow separationOpen sourceUser interfaceInformationLocal area networkCommon Language InfrastructureComputer animation
36:22
DisintegrationInformationCommon Language InfrastructureInterface (computing)ComputerComputer networkDemo (music)Maxima and minimaGamma functionPoint cloudFormal languageClient (computing)Router (computing)Address spaceConfiguration spaceServer (computing)Web pageLocal area networkWide area networkStandard deviationMoment of inertiaDirect numerical simulationCommunications protocolDirectory serviceElectric currentWeb pageDemo (music)User interfaceFluid staticsConfiguration spaceMereologyOpen setComputer configurationClient (computing)AuthorizationPublic key certificateBitComputer animation
37:20
StatisticsMaizeBitSimulationPoint cloudGoogolClient (computing)Multiplication signWebsiteFacebookSoftwareComputer animation
38:38
DisintegrationInformationInterface (computing)ComputerComputer networkRouter (computing)Point cloudRootInformation securityFunction (mathematics)Revision controlControl flowVirtual machineSoftwarePower (physics)Point cloudInformationRevision controlInstance (computer science)Information privacyNatural numberFitness functionInformation securityClosed setControl flowRouter (computing)State of matterComputer animation
40:17
Point cloudConfiguration spaceRAIDFile formatCommon Language InfrastructureDatabaseData storage deviceInstance (computer science)Module (mathematics)RoutingRevision controlCommon Language InfrastructurePoint cloudHard disk driveRouter (computing)Computer configurationWeb 2.0Computer animation
41:24
Point cloudRAIDConfiguration spaceFile formatCommon Language InfrastructureDatabaseData storage deviceSoftwareBit rateRouter (computing)Computer hardwareRight angleComputer animation
42:06
Open setFreewarePoint cloudFormal grammarRAIDACIDSample (statistics)Common Language InfrastructureDatabaseData storage devicePartition (number theory)Link (knot theory)Classical physicsBit rate
42:53
Digital video recorderRouter (computing)Heat transferStreaming mediaSoftware protection dongleRouter (computing)Software protection dongleDisk read-and-write headSoftwareBitPlastikkartePointer (computer programming)Hard disk driveCore dumpLocal area networkStreaming mediaDigital video recorderComputer animation
44:39
Pointer (computer programming)BitRadon transformKernel (computing)XMLComputer animation
45:53
Pointer (computer programming)Human migrationNumeral (linguistics)Radon transformSmoothingProcess (computing)NeuroinformatikFormal languageWeb 2.0Gastropod shellOpen setBootingEmailBinary codeFunctional (mathematics)Revision controlComputer architectureBookmark (World Wide Web)Cartesian coordinate systemBitMereologyPatch (Unix)TDMAKernel (computing)Electronic mailing listRouter (computing)Scripting languageRadical (chemistry)Network topologyControl flowComputer animation
50:59
CurvatureOpen setPointer (computer programming)Virtual machineWindowPhysical systemNetwork topologyState transition systemRadon transformOpen set
51:55
Pointer (computer programming)FreewareOpen sourceAreaBootingRouter (computing)Computer animationXML
Transcript: English(auto-generated)
00:07
Hi everybody, thank you for coming and listening to my talk and My name is Mihai Hushetsky and I will be talking about routers that we make and
00:21
Why we are making routers, how did we started making them and How open source makes our routers great and How open source is actually powering up our routers and what it allows us to do
00:41
So Who we are I'm from a Company, it's called CZNIC and we are actually check top-level domain registry and How did we get to making routers We are actually doing much more than just a registry
01:04
Legally, we are some association of companies That actually compete with you with each other. So the only common goal is to make working internet and Yeah, make the internet as best as possible
01:22
so we are run as a nonprofit because that's the only thing that they agree on and We are making some open source contributions and we are making some open source software especially when it is connected to internet and
01:41
Making internet a better place so We are developing Bert routing daemon That you might know We are developing not DNS resolver and not DNS server But we are also Helping to educate generic public in Czech Republic we are
02:04
Producing some books and for example, we translated ProGet We have a trick author that is writing really great book about IPv6 and updating it Every few years
02:21
Depending on how IPv6 adoption proceeds. We even made a TV series that explained people how to handle internet and That they shouldn't trust everything how they should buy online and on that scam and stuff like that
02:40
so we are trying to Do a lot of good in general and at the end we are making Wi-Fi out this As part of that so Apart from that we also run a Czech national C-certs team, which is a
03:05
team of people that are monitoring security threats and coordinating with ISPs and Other similar teams around the world about security threats and yeah security on the internet That's going to get important as we go again as we go along
03:25
So how it all started how did we get to making routers We had this big question that we wanted to have answered How safe are the home users from network attacks? Is somebody attacking network?
03:43
Is somebody attacking home users? This average Joe that is just browsing YouTube. Is he safe? How often is he attacks? What are the attackers trying to do and Yeah, we had no clue
04:02
We know all what what is happening on our servers, but our servers are Usually they serve some purpose so they have wire services and these attacks can be targeted at them and Attackers probably learned about our servers from the services that they are offering
04:24
So what happens with average people at home? so we wanted to know that and So we started a project to actually assess what's going on on the
04:41
On the devices that you have at home and that are facing the internet so we created the first tourist router and Goal wasn't to create a hardware router. The goal was to create some
05:02
probe that we could give to people and Actually monitor the threats that are coming in so We were researching how to do that and in the end we found out that No device actually meets our requirements. So we had to create one and
05:25
We created our first tourist router We gave it for free in Czech Republic because it was financed from the money that we get for Czech domains so We thought that we should give it back to people who were buying the domains and
05:44
And since we were making router we decided to make it As we thought that the rotors should be made so we created a way to propagate Security updates to the users make it so that those updates will be automatically installed
06:06
but and we gave obviously people root account on their routers because it's Device that is running in their network. So they should be able to control it somehow and
06:20
we had just one condition on those people who were given the router and that was that they will allow us to monitor some stuff and run some security research on top of those devices and One point was that we were collecting firewall locks to figure out who's attacking them and
06:44
Optionally we allowed them to run some kind of honey pots for some services We have we call it mini pot. Basically. It's a service that opens up a port for example telnet port and When attacker tries to connect it asks for credentials and
07:04
When attacker provides the credentials it closes the connection So it just collects the credentials that attackers are using to connect to telnet HTTP and stuff like that and We also allowed people to run some kind of honeypot. I will get to that later and
07:26
Hardware wise we had dual core power PC 2 gigs of RAM and 250 megs of storage so That was something that we couldn't find in any router on the market
07:43
That easily at the time so The result was that we gave it to people we run some security research on top of it and Our CSET team guys were happy they had plenty of data they could do
08:04
quite some research they found some Ways of attack some new attacks they found some worms that were going through the internet and Yeah, it was great source of data They were doing presentations around the world about what they found and by the way they were mentioning the
08:27
project that we created and And plenty of people were actually interested Not only in the results, but also in the router because they were saying that they would like to have such a router for themself router that is quite powerful can be made into doing quite a lot of things and
08:47
With root account not having to figure out the way how to flash unoriginal firmware and losing warranty and stuff like that So We were interested whether it's just our impression or whether people actually want such a device and
09:07
We ended up with Turis Omnia which was a our answer to that question We created a router that We wanted people to be able to actually buy because the first one was made from
09:23
Money for check domain, so we didn't want to Sell it or give it to people abroad who never ever buys check domain so we created a Turis Omnia and we run Indiegogo campaign to basically figure out whether people are really interested and
09:43
We found out that they are interested. So we made it happen and nowadays you can buy it in normal shops we made it even more powerful than the old router and We tried to put everything interesting inside
10:02
so We have our v7 2 gigs of RAM 8 gigs of storage Both Wi-Fi's 2.4 and 5 yards AC We put in SFP port so you can use fiber directly We have some mini PCI Express slots mSATA USB 3 everything and
10:27
It ships with open source software and Again users get root account and they can modify it They can even refresh it. We have plenty of users that are not using our software, but their favorite distribution and
10:45
We have normal screws reality people open up the box we are not voiding the warranty and Yeah, we are trying to be a Good We are trying to be good
11:00
So as we put everything in We get get a feedback for Omnia and the feedback was that price tag between two and three 300 euros is quite high That who needs SFP. I don't have a fiber at home who needs Ethernet ports. I'm using just Wi-Fi
11:22
Who needs Wi-Fi I'm using only internet internet port and Why just five internet ports I I have 20 devices I need more And Why only two USB trees I have plenty of stuff that I need to attach
11:40
so Yeah, as you can see those requests kind of conflict which with each other so We try to address all of those and we came up with something new and the new thing is called tourist mocks and We tried to make everybody happy
12:01
Again and we made it modular so You have a base module that you can start with it has RV 8 to course some rim and USB 3 and nothing more and then you have a optional modules that you can buy and put it together like legal and
12:24
Make the router that perfectly fits your needs. So that's how we got to producing the hardware and That's our latest Step in producing hardware and trying to address people's needs
12:44
Currently, it's still on Indiegogo and should be available in retail probably beginning of the next year So we were talking about the hardware Now what makes our after special the I would say that the most important stuff is
13:05
That We are using free and open source software on those You get access to our repositories. You can take a look at the software. You can contribute back some patches
13:21
We also have quite enough resources so you can run various services that you would like There is plenty of open source software available in our repositories so you can install Additional software and yeah, you are running your average well You are running clean distribution on your router. So you get all the advantages of that
13:46
Main one being security updates And Yeah, because it's your device you bought it you deserve to have a root account on it which is something that
14:00
nowadays vendors are trying to make as hard as possible and Since it started as a security research project. We still have some security features and we are pretty open regarding everything you get full schematics online and
14:23
Yeah, when we were running the campaign it happened to us a few times that somebody asked some hardware question and It was late in the night and Before our hardware guys woke up and were ready to actually answer it. Somebody figured out from the schematics and
14:43
answered so yeah, that's great and So I would like to speak more about the software and Show you a few examples of what is really great and cool and what you can do with the
15:04
Open-source software on your router if you get some of the software is actually Kind of limited that it needs powerful hardware as well so Yeah I will start from the Linux distribution that we are using
15:24
We are based on Distribution called open wrt if you ever heard about it. It's distribution. That's targeting Embedded devices, but most common use case is using it on routers
15:41
Thanks to it. It's optimized for small devices Packages are small doesn't eat all much RAM They have quite some quite some packages already prepared and They have some extra functionality for routers, that's why we basically choose it
16:04
they have They are doing a lot of Wi-Fi development and testing some firewall development as well and they have a Nice web user interface that you can use to configure almost anything although
16:24
Sometimes it's it can be quite confusing for end-user because sometimes there is just too many options and You don't know what what to do and their way of doing stuff because they are their average target is
16:44
Router that has something like 8 megs of storage 8 megs of RAM so they have to Compress everything usually you get a highly compressed root FS and You will get something like 1 meg of storage
17:02
Extra that you will try to use for extra packages and configuration We don't have to be that restricted so Our OS that is running in our routers is based on open wrt and
17:22
For our users we created a much simpler web interface named forest It's trying to provide basic and even some advanced functions in a simple way so Even average Joe can understand them and set it up
17:42
from the advanced functionality one thing that Even I as a experienced user will appreciate is Open VPN server setup if you ever tried to set up Open VPN
18:00
It's actually not that hard Just few configuration options, but then the hard part is you actually have to create certification authority and create a certificate and Somehow take care of that part and
18:21
Yeah, that's something that's hard to explain to beginners So we integrate it into our web Interface and with few clicks you can create certification authority create certificates for individual devices enable open VPN server and Let Your devices in you just download the configuration file that has everything embedded put it on your device and you connect
18:48
Another example what we try to make the simple is Create separate SSID for Wi-Fi so people can get kind of guest network for devices that they don't trust and
19:05
Give them internet access like IOT and Yeah, because we wanted to make it as simple as possible for people to use we
19:20
spend some time Making sure that we can update and that those updates are It is that it is possible to install those updates automatically so our users can enable automatic updates set up the router and
19:42
That router will stay in the corner work Sometimes get update updates itself and then just send you email. Hey, I just updated few packages There were some security issues. They are no longer there. You are protected
20:01
Apart from that because we have much more Resources at our disposal what we are also doing differently is File system we are not using heavily compressed Images with some overlay on top we have 8 gigs of storage on Omnia so
20:29
We can use real file systems for Grown servers and desktops, so we picked butter FS because it's the coolest file system out there for Linux and
20:45
It has some nice features that we are using The most important one is snapshots It's really handy and We are doing snapshots all the time
21:02
Just to make sure that You have something to get back to if something goes wrong We are making snapshots automatically before each update we are also making snapshots automatically once a week and we also wrote a simple tool that will that can be controlled from CLI and
21:26
It will allow you to actually create Snapshots manually when you need to for example if you are Going to try to Reconfigure your whole home network you have you have been to some community meeting with
21:46
You bring to some conference Then you went with your friends to some pop and when you get back from pop you have this great idea how to Reconfigure everything so
22:00
you can do you can create snapshot before you start and Then when you finally figure out that the idea wasn't really great, and you no longer can connect to your device from any port You can just press the reset button for long enough, and it will roll back to the last
22:22
Snapshot before the current state So it's really handy And you can repeat that if your last state was broken already You can revert even more you can compare the snapshots take a look what what was there and
22:42
Try to figure out what went wrong So we think that this functionality is really handy if you are doing stuff with your router and It's really important that you have it accessible with just one hardware button And you are able to river roll back to the previous snapshot even if you cannot connect to the router
23:12
Another thing that we can do thanks to having plenty of resources at our disposal is Linux containers containers are also quite popular nowadays and
23:23
What we are using them for is that some of our users Really like the way their distribution work, and they are really accustomed to their favorite distribution
23:41
So they prefer to run services The way their distribution offers them So if they want to set up some tour or web server or IRC server or mail server or DNS server on their router
24:02
They prefer to do it in their own distribution So we are offering we have a LXC tools integrated that's something that Done on OpenWrt site already somehow we just
24:23
Polished it a little bit and integrated it better and You can with few clicks in web UI you can install some Linux distribution Into container it will automatically get its virtual
24:41
Interface assigns to one bridge and Yeah, you can start using it. As I was saying that we started from a
25:00
security research project one part of the security research project that was really interesting and People asked us how for a long time. We actually split up from the router project and created a separate project for it This functionality is called Haas
25:22
Honeypot as a service and Basically the reasoning and how this works is honeypots are cool and you want to see and learn those attackers to some honeypot and see what they are trying to do and
25:40
Yeah, make life a little bit harder for them, right? but There's still some small risk that they might actually escape from the honeypot depending on how well you manage it and Even if they don't escape they might try to do something nasty in there
26:04
and Yeah, the average Joe wouldn't try to install honeypot on his router He would be scared so there is a easy solution let somebody else run the honeypot and We would gladly do that for you
26:21
so With this project You can register on our website You get a special token and then you download Just proxy software it is Easily doable on our routers because we have it integrated very well
26:43
Now some distributions already have this software packaged So it might be available in your distribution and you can install it on your server as well and after a little configuration When somebody tries to access your device over SSH
27:01
this software will actually do man in the middle on name and send him to our servers and He will end up in our honeypot while thinking that he successfully got into your Device and You get all the output
27:22
You get to see what was going on. You get see some statistics you are completely safe and I think can happen to you and All those information actually go to our C search team that also Does some research on top of it and if they found something interesting they let other
27:43
C search teams around the world to know so you are having fun and you are contributing to the general safety on the internet at the same time I will show you how it looks
28:04
This is uh, yeah, it's it's big is it big enough Cool so this is um my honeypot So When I logged in I have various devices had here and
28:26
I Picked my home router and you can see who was trying to get in whether they succeeded and What username password they used? Their IP addresses where they were from and at the end you see from which country I learned their most attackers
28:46
It looks like somebody in France has something against me and if you You can also click at individual sessions and see what they were looking for
29:03
So this guy was looking for Some bitcoins The other guy was just looking around and wanted to see what's what's in there and Even if you don't participate actively and
29:23
Don't send us your logs so you can view it like this on the website We have some statistics that are available publicly. You can see how many people is participating Number of sessions and stuff like that you can also download
29:45
The data that we collected only mice so you don't know Who was the guy that was attacked, but you know everything about the attackers so if you are security researchers, you might want to take a look and
30:01
We also have The same map just from that data from everybody so you see That People from France attacking my router is not that common and Most of the time it's people from China and US
30:23
It's just specialty of my router that is hated by French guys Yeah so yeah, that's one of the software that we developed we started and
30:42
Now we forked it and now is a separate project Apart from that we are using some software that other people developed and we are integrating it To make sure that it provides our users with some additional features and additional services that they may like
31:02
One of the projects that we are integrating is called Suricata and That's helpful if you are if you need more than average firewall It's a intrusion detection or intrusion prevention system. Oh, it works somehow with network flows
31:23
It looks much deeper into The traffic than your average firewall it looks even into data and is able to understand how how protocols work and Extract the data that are interested in some structured way
31:40
It can either lock the information or it can even in some setups So block the connections it can alert you somehow and there is plenty of open source rules that you can download and try to integrate and You can write your own rules
32:01
Just a few examples what it can do Nowadays everything is encrypted that would be nice, but it's not so Plenty of traffic is encrypted, but what is usually unencrypted is DNS queries which contains quite some interesting informations like
32:25
What server were you trying to address when you went to this public web hosting that contains thousands of servers or Even if you are establishing encrypted connection During the initial
32:42
Connection you exchange some information Which usually contains the server certificate which usually contains the name that you were trying to access And you also get some IP make address Length of connection how much data was transferred and stuff like that
33:03
So you can collect plenty of metadata about the traffic even though if you even if you can't Get the actual traffic so What you can do that what can you use it for you can monitor devices you don't trust figure out
33:26
What's your fridge doing when you are not home? What's your TV doing when you are not watching it? Where is it connecting? and There is plenty of open source rules that are trying to detect some of the
33:42
Suspicious activity like there are rules that are trying to match some known worms There are rules that are trying to make some common This allowed behavior like If you are working in company It's in some evil companies. It's disallowed to use IRC
34:04
This allowed to connect to Jabber This allowed to use Dropbox which I would maybe even agree with And stuff like that. So there are rules for quite some events and you can try to integrate them
34:24
Currently we don't have anything That advanced to make it easy But we plan to extend it at some point So Just an example what you can get from the encrypted communication you have
34:41
No clue what's going on afterwards, but at the beginning you know who issued the certificate What was it issued for and stuff like that? So Even if the collection is encrypted and you don't see actually HTTP Headers, you see the certificate which also tells you quite some information
35:05
and just some example how rules look like and Yeah, I said that Suikata is something that we don't develop. It's a Separate open source project, but we like them
35:22
and we try to integrate it and We integrated it and we created the software we call Pakoni It uses Suikata currently just to collect the information about your traffic and figure out what was going on and
35:44
it can collect those information Aggregate it and then you can watch it in either CLI or in simple web interface And it can also alert you when new device shows up on your local network
36:02
So that can be handy if you get an email if something new is on your network and You have to figure out then by yourself whether it is the new fridge that you bought or whether it is your neighbor so
36:20
just more example We actually created a demo web page demo.tourist.cz That is actually showcasing our simplified web interface It's just static web pages so
36:42
You don't get to configure that much but part of it is The open VPN configuration that I was talking about It also has few options but Mostly you just enable it create certification authority and then you just name the client
37:05
click create and then get config for the client and that's how you manage your certification authority a little bit easier than open SSL and The stuff that I was going to show you right now is the Pakoni
37:25
You can see what device Was trying to connect you can see where it was trying to connect and Yeah, how much data it sent received how long it was there and you can filter it by
37:45
Client or you can filter it by the destination so you can see who was using Facebook on your local network and For how long and How much data did they transferred or you can just select your TV and see?
38:05
Where your TV is going? What website is your TV using? I found out that my TV really likes Baidu. I don't know why But it's spending quite some time there
38:20
So yeah, it gives you more insight into what's going on in your home network and You might find Some devices that you might not want to trust anymore so that's one of the examples of software that
38:43
There is a really great and big and powerful software that somebody else is doing and we just integrated and give our users Plenty of advanced features other software that kind of makes sense is for example next cloud
39:08
Some people or some of our users were asking for it and When you take a look at it it kind of makes sense If you are thinking about next cloud you want to have your data secure and
39:24
And So you want to run the latest Released version with all the fixes and all the security updates. That's what we are doing for our software and You want to make sure that your data states private? so you want to host your next instance on infrastructure you trust and
39:46
And Yeah, we are kinda ultimate self-hosting for that because it will be hosted in your flat Behind your closed doors, and if somebody breaks up into your apartment Then probably he can get much more valuable information than your next cloud
40:05
Already so yeah, it's kind of natural fit so we are working on that as I was speaking about our modular router. We created one that has four USB ports
40:24
Now one module with four USB ports, so you can attach multiple hard drives and use it for for example next cloud What we already have in place is easy VPN, so you can connect from anywhere
40:41
To your next cloud instance we have automatic updates, so you are always on the latest secure version we even have next cloud packages ready, and we have a CLI wizard that will guide you through setting up your next cloud instance we still need to
41:01
Put it into simplified web UI and Recently we also got us in our Web UI option how to format and mount our hard drives It's the first version of this plug-in We need to extend it to support rate because if you are storing important data on your
41:26
Router you want to have a rate on your router, right? So that's something that we are working towards too. Yep The question was whether it will be hardware or software rate
41:45
We will be using software rate because we are using USB drives mostly and What we are thinking about is We really like butter FS and butter FS supports rate as well
42:00
So we are thinking about using butter FS rate one of the Cool features of using butter FS over classic links arrayed is that you don't have to have our drives with the same size and It will distribute data, and you don't have to think that much about how you are doing it
42:28
With not the same size drives you can do it even with links rates, but you have to think about it and Make the partitions and mirrors and stuff But with butter FS it will do everything for you
42:43
So that's what we are looking for that's what we are planning to use and One more Example of what people are actually doing with their routers that is a little bit on the
43:04
Not that obvious side Is there's this software called TV head end That you can install on our routers and people are doing it Then you get a DV BT dongle put it into your router
43:21
you get a External hard drive attach it to your router, and then you just turn your router into DVR So you can record the shows on TV You can stream your TV into your local network and Another software that we have available is mini DLNA so you can even
43:51
Make the shows that you record it available on your local network in a way that even your dump smart TV understands
44:04
so that's just One example for crazy stuff that you can do There is much more software that is available and Yeah, it's up to your imagination, but you turn your relative into
44:22
It's just another device that is powerful. It's running 24-7 and can run any software you can imagine so Thank you for your attention I have a few more pointers if you want to look some some stuff up and
44:43
Now I would like to open for questions Thank you Okay, so how much of your work goes upstream and what's the experience trying to upstream?
45:11
Okay upstreaming Yeah, obvious question and kind of difficult one Because nobody wants to speak about what we didn't manage
45:26
Upstreaming regarding Omnia we managed together with some community guys to get basic support in vanilla Linux kernel so apart from SFP and LEDs
45:40
You can get your Omnia running latest vanilla kernel So regarding OpenWrt the situation is little bit trickier Back then when we started they were still using SVN and there were some discussions about
46:00
That they don't like how they are doing releases back then we forked them and then they forked themselves and Then they reworked how they are doing releases and they worked their version control system and
46:22
Nowadays, they are doing it in a really great way in the same way so But in the meantime, we actually released our devices so we still have to maintain what we released and We are now in process of rebasing on top of newer
46:43
OpenWrt release The tricky part is that we promised our users automatic updates that wouldn't break anything So we need to make sure that there is a smooth migration path from the old release to the new release That's something that the OpenWrt doesn't have to
47:04
So yeah, we are trying to rebase on top of the new release and as part of that We are trying to clean up our patches and send as much as possible upstream There's stuff that never will be upstreamed
47:20
like Some Customizations that we are doing because we don't have to care about size That much we care about functionality more so Sometimes OpenWrt people are a little bit radical in cutting down the size
47:42
and We are trying to take a more conservative approach on that side but we are trying to upstream as much as possible with a Yeah, but we are starting right kinda now and We are also we also have to do
48:00
support for The devices that we have out and we are making a new device But with the new device Situation is actually much better because we learned and If you take a look at U-boot and Linux mailing list, you will already see the patches going in for Turismox and
48:27
We are building on top of latest U-boot upstream and with the kernel we are trying to stick with 4.14 that is a TS that went to 18.06 OpenWrt
48:41
but my colleague is sending patches to the latest Vanilla Linux as well and trying to get upstream support for it as well For customizations about OpenWrt There is still quite some stuff that we have to go through and clean up and send upstream
49:03
But we are trying to work on it Yep, is it possible to deploy our own applications on the router? The deploy your own applications on the router. Yeah, sure With a few
49:23
Yeah, you have to be aware of few things first is it's Rmv7 or Rmv8 so different architecture than your desktop. So Depends on your favorite language. What's your favorite language? I like Python if you like Python then you are fine
49:44
Because you don't have to compile binaries and we actually have Python and In our team we have plenty of people that love Python as well. So For example the web UI that you saw is written in in Python and
50:02
Our back on is written I believe in Python as well, so Scripted languages like Python or shell are really fine and you can install it easily When you get into more troubles is when you try to compile something
50:20
then you need to cross compile it and You either need to statically link it on your computer and copy the binary or you have to use SDK from OpenWRT and try to integrate it with that and Then it gets a little bit tricky
50:43
Because not sometimes well for the current releases that we have in 1505 or SDK doesn't work always and especially as it is all trees
51:00
It doesn't build well on the new systems so We are actually Using some old LTS on our build machine To be able to actually build for these old device for for the old tree that we have So it gets a little bit tricky
51:22
If you are looking for the long-term window The easiest way is to get your package into OpenWRT Into packages feed and then we will compile it automatically when we migrate to 1806
51:46
Okay another question No more okay, so Thank you again
52:03
And if you will think about another question later on we have a booth in Mensa area and you can drop by see our rotors for ourself play Tetris on them and Ask us anything about them. Thank you