blog for the day
This commit is contained in:
Joey Hess
parent
4d592aaec2
commit
d0bcdd1726
2 changed files with 40 additions and 0 deletions
33
doc/design/assistant/blog/day_79__pairing_finished.mdwn
Normal file
33
doc/design/assistant/blog/day_79__pairing_finished.mdwn
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
Tons of pairing work, which culminated today in pairing fully working for
|
||||
the very first time. And it works great! Type something like "my
|
||||
hovercraft is full of eels" into two git annex webapps on the same LAN
|
||||
and the two will find each other, automatically set up ssh keys, and sync
|
||||
up, like magic. Magic based on math.
|
||||
|
||||
* Revert changes made to `authorized_keys` when the user cancels
|
||||
a pairing response. Which could happen if the machine that sent the
|
||||
pairing request originally is no longer on the network.
|
||||
* Some fixes to handle lossy UDP better. Particularly tricky at the end
|
||||
of the conversation -- how do both sides reliably know when a
|
||||
conversation is over when it's over a lossy wire? My solution is just
|
||||
to remember some conversatons we think are over, and keep saying
|
||||
"this conversation is over" if we see messages in that conversation.
|
||||
Works.
|
||||
* Added a UUID that must be the same in related pairing messages.
|
||||
This has a nice security feature: It allows detection of brute-force
|
||||
attacks to guess the shared secret, after the first wrong guess!
|
||||
In which case the pairing is canceled and a warning printed.
|
||||
* That led to a thorough security overview, which I've added to
|
||||
the [[pairing]] page. Added some guards against unusual attacks,
|
||||
like console poisioning attacks. I feel happy with the security
|
||||
of pairing now, with the caveats that only I have reviewed it (and
|
||||
reviewing your own security designs is never ideal), and that the
|
||||
out-of-band shared secret communication between users is only as good
|
||||
as they make it.
|
||||
* Found [a bug](https://github.com/yesodweb/yesod/issues/421)
|
||||
in Yesod's type safe urls. At least, I think it's a bug. Worked around it.
|
||||
* Got very stuck trying to close the sockets that are opened to send
|
||||
multicast pairing messages. Nothing works, down to and including calling
|
||||
C `close()`. At the moment I have a socket leak. :(
|
||||
I need to understand the details of multicast sockets better to fix this.
|
||||
Emailed the author of the library I'm using for help.
|
||||
|
|
@ -74,3 +74,10 @@ is escaped before going to the browser.
|
|||
.. seems it just doesn't support IPv6. The pairing code in git-annex
|
||||
does support ipv6, apart from this, it's just broadcasting the messages
|
||||
that fails. (Pairing over mixed networks is fine.)
|
||||
* If there are three assistants on the network, and 2 pair, the third is
|
||||
left displaying a "Pair request from foo" alert, until it's close.
|
||||
Or, if the user clicks the button to pair, it'll get to the
|
||||
"Pairing in progress" alert, which will show forever (until canceled).
|
||||
|
||||
It should be possible for third parties to tell when pairing is done,
|
||||
but it's actually rather hard since they don't necessarily share the secret.
|
||||
|
|
|
|||
Loading…
Reference in a new issue