Hi Mathias, 2017-02-19 13:34 GMT+01:00 Mathias Kresin <d...@kresin.me>: > 19.02.2017 13:10, Alberto Bursi: >> >> After Mathias's commit (as noted by other mails above) the devices we >> are talking about have wifi disabled by default but you can enable it >> with the wps button. >> >> https://github.com/lede-project/source/commit/bcfbeae79f799cf1087d692e4869589eb20d2080 >> >> Imho makes no sense as in most cases you will have to configure them >> anyway to be of any use (you can't just place them in a network with >> default config as they lack a ethernet port), so this "wifi off by >> default" and "remapping wps button to rfkill" imho is only an annoyance >> and removal of a potentially useful button that could be used for other >> things (enabling/disabling something else with scripts after user setup). > > > I'm still the opinion that bringing up an unencrypted wireless without user > interaction is really bad idea.
Fully agree. Topic about having the Wi-Fi enabled by default is appearing from time to time, whenever someone is asking about support for device without an Ethernet interface. I don't think there is any good/secure enough approach which everybody would agree to implement by default in LEDE (but I might be wrong here). > The commit fixed the following problem: A user flashes one of the mentioned > devices and is not aware that the flash is finished or (s)he get distracted > in between. During this time period anyone can connect to the AP and can do > harmful things. [...] This is more like offtopic, but there is another one problem with similar devices. Lets forget now about "Wi-Fi enabled or not enabled by default" issue and assume we have a device which: - doesn't have Ethernet interface - serial access is not possible or very difficult to get - has _only one button_, configured as rfkill (because there must be some way to enable Wi-Fi after the flash) - is or could be supported in LEDE What will happen if the user breaks wireless configuration (it happens, I know it from experience) in this kind of device? Maybe, just by an accident, (s)he configured channel "17" instead of "7", saved changes, restarted Wi-Fi and... ended up with a nice paperweight. In this kind of situation, the "rfkill" button is useless (wireless configuration is broken, Wi-Fi can't be started). Failsafe mode can be enabled but is not accessible. AFAIK, there is no way to perform "firstboot"/"factory reset" in this situation. Of course, this is more like an extreme case (no Ethernet, no serial access, only one button), but IMHO it shows that if we want to support devices without Ethernet interface, we should make failsafe mode working for them. --- Cheers, Piotr _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
