Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[mike galos]

OK. Time to get real. Do you really want to
trust exposing your home's control system
to a system without ACLs? Sure, AHP should
support legacy systems but that doesn't
mean something like an Internet facing
system should have to. There's nothing
wrong with saying that the Internet Plug-in
requires XP or 2003.

Frankly, anyone putting an Internet facing
server out without reasonable security
these days is being either naieve or
foolish. IIS in XP and 2003 on an NTFS
ACL'd system is the minimum you should
consider. Less than that and you're just
inviting people to have "fun" with you some
night.

And, nothing personal to the X10 people,
but writing a new, secure web server that
will run on a non-secure system like
Windows 9x would involve a VERY significant
effort. MUCH more effort than writing AHP
itself in the first place.

Even doing it reasonably well on XP or 2003
would require doing SSL/HTTPS, Certificate
managment, WS-Security, SOAP-SEC, WSE (or
WSE2) and more. Do you really think they're
going to devote those resources just to
reinventing the wheel. And that would
include adding a security system on files,
registry and IPC on top of that while
running on an OS that supports none of it?

Get real. It'll either be insecure or be
restricted to run on only modern operating
systems. Those who think you can run on a
10 year old OS (with enhancements) that
wasn't designed for a secure distributed
environment are in fantasy land.

Sorry but the world is different than 1995.

[mike galos]

OK. Time to get real. Do you really want to
trust exposing your home's control system
to a system without ACLs? Sure, AHP should
support legacy systems but that doesn't
mean something like an Internet facing
system should have to. There's nothing
wrong with saying that the Internet Plug-in
requires XP or 2003.

Frankly, anyone putting an Internet facing
server out without reasonable security
these days is being either naieve or
foolish. IIS in XP and 2003 on an NTFS
ACL'd system is the minimum you should
consider. Less than that and you're just
inviting people to have "fun" with you some
night.

And, nothing personal to the X10 people,
but writing a new, secure web server that
will run on a non-secure system like
Windows 9x would involve a VERY significant
effort. MUCH more effort than writing AHP
itself in the first place.

Even doing it reasonably well on XP or 2003
would require doing SSL/HTTPS, Certificate
managment, WS-Security, SOAP-SEC, WSE (or
WSE2) and more. Do you really think they're
going to devote those resources just to
reinventing the wheel. And that would
include adding a security system on files,
registry and IPC on top of that while
running on an OS that supports none of it?

Get real. It'll either be insecure or be
restricted to run on only modern operating
systems. Those who think you can run on a
10 year old OS (with enhancements) that
wasn't designed for a secure distributed
environment are in fantasy land.

Sorry but the world is different than 1995.

[mike galos]

Sorry for the double post. It DID make my
point, though. The system errored out but
posted anyway and I'd bet that X10.com is
running something more sophisticated than
PWS on Windows 9x...

[coder since cp290]

"Mike Galos 4/11/2005 09:02 PM

OK. Time to get real. Do you really want to
trust exposing your home's control system
to a system without ACLs?"

You have a very limited view of the computing
world...  What if you have an apache server
on your windows box?  In that case, the
"ACLS" aren't imbedded in windows, but are
based on the web server and it's config.
That, to me, seems the best for folks that
don't want to trust IIS or may have a
platform suppoted by AHP that don't want or
need to upgrade to XP!

There are many network devices that provide
html access without requireing IIS or apache
- they provide a "stand-alone" web server.
Ever used a cisco box?



"Sure, AHP should
support legacy systems but that doesn't
mean something like an Internet facing
system should have to. There's nothing
wrong with saying that the Internet Plug-in
requires XP or 2003. "

You havent a clue......

"Frankly, anyone putting an Internet facing
server out without reasonable security
these days is being either naieve or
foolish."

I agree, BUT, that doesn't mean focrcing
folks to use XP or 2003...  It means
providing the proper security in such a way
that old systems will work, not not PROHIBIT
things like IIS!  I, personally, wouldnt
really consider any MS web server "secure"!
I sure don't see many sites on the web that
use it (in comparison to something like Apache!)

[coder since cp290]

"Mike Galos 4/11/2005 09:17 PM

Sorry for the double post. It DID make my
point, though. The system errored out but
posted anyway and I'd bet that X10.com is
running something more sophisticated than
PWS on Windows 9x..."

And you trust them to build a reliable web
interface to the cm15a?  Seems they cant't
even get their own website to work right!

[coder since cp290]

BTW...

X10 isn't even using IIS - check out the
error messages:

"Apache/1.3.20 Server at www.x10.com Port 80"

Why force users into a web server that even
X10 doesn't use?

[mike galos]

coder since cp290,

Get real, obviously they're running CGI on
Apache. And underneath it, no matter what
runs their http daemon, the system files
and resources are ACL'd.

I'll bet you they're not running X10.com on
an unsecured 9x box no matter what they're
using as a web server on top of it.

As for having a clue, I'm not the one
thinking that a 9x web server can be made
secure...

Oh, and if you do your homework, you'd know
that while Apache is more popular than IIS,
IIS is the leading server for large
commercial, secure websites. (Do your own
homework rather than listening to people on
Slashdot next time)

And, yes, I do this for a living and have
since before the CP290 was announced by BSR
for the Ohio Scientific Challenger series...

[mike galos]

"Why force users into a web server that
even  X10 doesn't use?"

So, you're saying X10 shouldn't support
Windows 9x since they obviously don't run
it on their website?

OK. That's the right conclusion for a silly
reason...

[tcassio]

This is not intended to champion either
appache or iis, but perhaps X10 uses apache
because its FREE, and iis is not.

Hee Hee.
T

[roger1818]

Wow!  This is turning into quite the
debate.  I will confess I am not a network
administrator and I suspect that the vast
majority of X10’s customers also aren’t.  I
don’t think that X10 would want to limit
their customer base for this plug-in to
such a small minority.  In order to support
a larger customer base they need to balance
the trade off between making it easy to
install and making it secure.

[mike galos]

Tcassio,

IIS comes with the operating system. It
doesn't cost anything.