From: Andrea Arcangeli <andrea@suse.de>
To: "Wilkerson, Bryan P" <Bryan.P.Wilkerson@intel.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: KLive: Linux Kernel Live Usage Monitor
Date: Tue, 30 Aug 2005 22:31:20 +0200 [thread overview]
Message-ID: <20050830203120.GX8515@g5.random> (raw)
In-Reply-To: <194B303F2F7B534594F2AB2D87269D9F06EFAE48@orsmsx408>
On Tue, Aug 30, 2005 at 10:08:38AM -0700, Wilkerson, Bryan P wrote:
> they're work, I'm not sure I'd trust or use the data unless it was
> somehow authenticated.
I doubt many testers would be willing to register on yet another website
just for this. So I doubt adding authentication is a good idea.
However if you really want to authenticate I could add an email based
authentication method similar to the CPUShare authentication method that
is already implemented and fully secure.
Then I can add a button to hide all not authenticated users from the
listing. Things will be substantially more complicated on the server
side, so I'd rather prefer that we solve the below points first.
> 2. Some of us sit behind corporate firewalls and proxies that have
> oppressive rules that would have made Stalin proud. The solution must
> be proxy aware and if it used HTTP, even better because it's more likely
> to work anywhere. The proxy settings could also be a .config thing.
I can easily add a second entry point to the server that can pass
through the proxy no problem.
> 3. Again security; I haven't cleared this with my corporate superiors
> but I'm not sure they'll like the fact that anyone could intercept the
> data and compute how many people in the company are running Linux test
> kernels. I know this almost sounds anti-open but we're breaking them in
> slowly to the model and I don't think they are ready for this one just
> yet. :)
Sure I understand, KLive wasn't thought in terms of corporate firewalls
that must hide anything behind the firewall (I wonder how the proxy
prevents the people to search in google though, I bet a few of the
cleartext search queries and the syn and tcp timestamp sequence numbers
will reveal much more than whatever could ever be sent to klive in
cleartext ;).
Then I guess all you need is that I use a https instead of http for the
secondary entry point discussed above (assuming your proxy lets you do
https).
Still the routing points of the internet could count the syn packets
that you send to klive.cpushare.com and by watching the statistics with
many computers coming from the same host md5-sum they may be able to
guess which is the "host" that corresponds to the IP that is sending
the many syns.
So before I add features for your special needs I'd rather make sure
that you can live with this worst case condition of the "syn" guessing
coming from your proxy and with destination klive.cpushare.com.
Thanks a lot!
next prev parent reply other threads:[~2005-08-30 20:31 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-30 17:08 KLive: Linux Kernel Live Usage Monitor Wilkerson, Bryan P
2005-08-30 17:44 ` linux-os (Dick Johnson)
2005-08-30 20:31 ` Andrea Arcangeli [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-08-30 3:09 Andrea Arcangeli
2005-08-30 8:01 ` Sven Ladegast
2005-08-30 8:29 ` Rogier Wolff
2005-08-30 8:53 ` Sven Ladegast
2005-08-30 9:40 ` Rogier Wolff
2005-08-30 9:54 ` Bernd Petrovitsch
2005-08-30 15:10 ` Andrea Arcangeli
2005-08-30 16:33 ` Alan Cox
2005-08-30 16:16 ` Andrea Arcangeli
2005-08-30 16:56 ` Alan Cox
2005-08-30 16:40 ` Andrea Arcangeli
2005-08-31 18:32 ` Pavel Machek
2005-09-01 15:19 ` Andrea Arcangeli
2005-08-30 16:36 ` Jesper Juhl
2005-08-30 22:11 ` Bill Davidsen
2005-08-31 1:49 ` Andrea Arcangeli
2005-08-31 19:14 ` tony.luck
2005-08-31 19:47 ` Andrea Arcangeli
2005-09-05 18:26 ` Andrea Arcangeli
2005-08-30 14:45 ` Andrea Arcangeli
2005-08-30 14:36 ` Alan Cox
2005-08-30 22:43 ` Sven Ladegast
2005-08-30 23:25 ` Alan Cox
2005-08-30 23:19 ` Sven Ladegast
2005-08-31 13:34 ` Alan Cox
2005-08-31 14:28 ` Sven Ladegast
2005-08-31 21:23 ` Andrea Arcangeli
2005-08-30 14:56 ` Andrea Arcangeli
2005-08-31 18:20 ` Pavel Machek
2005-09-01 15:23 ` Andrea Arcangeli
2005-09-01 12:26 ` Sven Ladegast
2005-09-05 22:05 ` Marc Giger
2005-09-05 23:13 ` Andrea Arcangeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050830203120.GX8515@g5.random \
--to=andrea@suse.de \
--cc=Bryan.P.Wilkerson@intel.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox