connectbox / connectbox-pi Goto Github PK
View Code? Open in Web Editor NEWConnectBox is a media sharing device based on small form factor computers like the Raspberry Pi
License: Other
ConnectBox is a media sharing device based on small form factor computers like the Raspberry Pi
License: Other
When we get to using the daughterboard to access to the internal USB ports on the Neo (for mainline), we may need to play with the device trees/overlays to get them to work.
There's a guy on the armbian forums that seems to have got it sorted, so for reference: https://forum.armbian.com/index.php?/topic/4470-nanopi-neo-internal-usb-seems-disabled/
If we’re supporting it, we need to run our test suite against it.
TASK [dns-dhcp : Start and enable dnsmasq] *************************************
fatal: [192.168.1.136]: FAILED! => {"changed": false, "failed": true, "msg": "Job for dnsmasq.service failed because the control process exited with error code. See "systemctl status dnsmasq.service" and "journalctl -xe" for details.\n"}
Mainline and Legacy kernel
Debian and Ubuntu OS
This is a dependency issue - dnsmasq
needs to be restarted after the wlan interface is brought up.
@matheweis suggested:
I was going to disable the auto start of dnsmasq and put post-up and pre-down callback in the interfaces configuration that started/stopped it, or something with similar effect if there is a better way.
Also, confirm whether this has been seen at boot.
Top-level folder name display toggle
Icon metadata prefix
This means that running the tests results on the SSID ultimately being of the form ssid-1[0-9]{9}. It should do what it's parents said, and leave things just the way it found it.
This will allow it to be used by an OpenWRT-based platform, albeit one that needs to implement the same interface provided by nginx with autoindex
and autoindex_format json
. It’s not clear that we’ll need to split out the admin interface at this stage, so let’s leave it where it is.
802.11b is probably unused, even in older smartphones (I can't ever remember seeing a 802.11b only smartphone) (https://mentor.ieee.org/802.11/dcn/14/11-14-0099-00-000m-renewing-2-4ghz-band.pptx).
We may be able to get better performance by having a g+n only network.
This might be achieved by use of the beacon_rate
and preamble
hostapd options. See: http://w1.fi/cgit/hostap/tree/hostapd/hostapd.conf
And also HT greenfield mode if the adapter supports it.
Create build to combine and minify JS, CSS, etc
Have build pull in current version of font awesome css assets automatically (or a tag)
Admin credentials pass over cleartext, which is bad. We'll probably have to self-sign a certificate, which means that admin connections will get certificate warnings (perhaps there's another way?)
@GeoDirk mentioned that a group chat interface is desirable (simple broadcast, not one-to-one chats) and that it should be visible from the front page. Chat history should not be maintained, but a 1h rolling window of histroy - don't keep messages longer than this duration, even if they aren't visible in the chat window.
Right after updating the channel, the admin interface says: "Error updating channel” - Unexpected error setting property: error”. Same applies for updating the hostname or SSID. The channel/ssid are successfully updated though.
This doesn’t happen when you’re connected via ethernet, but if you’re connected via wifi, the wifi will drop and if the device connects to another network the admin interface will never get the SUCCESS response back from the API
This involves side-by-side testing for debian vs ubuntu and mainline vs legacy for unit performance and battery life.
Sometimes the playbook fails on Armbian due to iptables not being installed. mikegleasonjr.firewall should ensure iptables is installed first.
(Specific image for this case was Armbian_5.25_Orangepizero_Ubuntu_xenial_default_3.4.113.img)
SSIDs are limited to 32 octets (http://standards.ieee.org/getieee802/download/802.11-2007.pdf). With the enabling of UTF-8 SSIDs and multi-byte characters, this means that it's quite easy to exceed the maximum length. We should reject updates via the API for SSIDs that exceed this length and constrain the interface (or give feedback) when the maximum length is reached.
There are two skipped tests, test33CharacterPlainSSIDSet
and test33CharacterUnicodeSSIDSet
that can be un-skipped once checking is being performed in the API.
@matheweis and @GeoDirk found that disabling bluetooth at the boot prompt on RPi devices and in systemd (to remove the red "failed" message during boot) improves wifi performance. We should at least offer this as a build time choice, if not make it the default.
Dev mode means that passwords are easy to break and ssh is enabled.
Currently using basic auth in nginx which makes logout implementation challenging. Consider implementing authentication in the admin UI so there is a session that can be cleared.
Currently we map key directory names to specific icons in the client interface. We will be providing instructions to connectbox administrators about how to layout files and directories on their USB stick place in order to take advantage of the iconography, so instead of constraining them to a small predefined mapping, let’s direct them to the FontAwesome Icon List and tell them that they can name their directories based on the FA icon names. e.g. a directory called paint-brush maps to http://fontawesome.io/icon/paint-brush (and the logic puts the element in the fa-paint-brush
class).
@furnox / @kldavis4 , is one of you able to help with this?
Thanks for the suggestion, @GeoDirk
Originally mentioned by @algebur . A windows-formatted USB key has a folder called System Volume Information
which shows in the interface. We should filter this out, as it’ll never have any end-user managed files.
Similarly for .DS_Store
directories that might be present on USB keys used on a Mac.
fatal: [192.168.88.33]: FAILED! => {"changed": false, "cmd": "apt-get install python-apt -y -q", "failed": true, "msg": "E: Could not get lock /var/cache/apt/archives/lock - open (11: Resource temporarily unavailable)\nE: Unable to lock directory /var/cache/apt/archives/", "rc": 100, "stderr": "E: Could not get lock /var/cache/apt/archives/lock - open (11: Resource temporarily unavailable)\nE: Unable to lock directory /var/cache/apt/archives/\n", "stderr_lines": ["E: Could not get lock /var/cache/apt/archives/lock - open (11: Resource temporarily unavailable)", "E: Unable to lock directory /var/cache/apt/archives/"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nSuggested packages:\n python-apt-dbg python-apt-doc\nThe following NEW packages will be installed:\n python-apt\n0 upgraded, 1 newly installed, 0 to remove and 52 not upgraded.\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "Suggested packages:", " python-apt-dbg python-apt-doc", "The following NEW packages will be installed:", " python-apt", "0 upgraded, 1 newly installed, 0 to remove and 52 not upgraded."]}
I’ve seen this when the unattended upgrades are running. We haven’t discussed whether we’d expect these devices to automatically upgrade if/when they have internet connection - if we don’t, then we can simply remove the unattended-upgrades
package and this shouldn’t happen again.
There’s an ht_capab
line in hostapd
that sets chipset specific parameters. We should do this so we’re using the features of the device. The group_vars/rt5372
has incorrect parameters (my bad) and this issue is to capture them.
There’s a separate issue to make sure we enable them on our shipping image.
If someone is locked out of the admin UI, there’s no way to get back in.
We need to allow triggering of a reset-to-defaults action if a particular file is present on the USB stick. The file should be automatically removed after the reset-to-defaults action. For ease of implementation, and to avoid having a periodic task, this action should only happen at boot time. i.e. one workflow would be:
_reset.txt
in the root of the USB stick),It’s reasonable to expect connectbox owners to place files in the root directory of their USB stick, and to name their directories as something that doesn’t currently match our mapping (or that doesn’t correspond to a font-awesome icon once #44 has been implemented).
@furnox / @kldavis4 , are you interested in taking a shot at this? Better ideas on how to achieve this?
Thanks for the suggestion, @GeoDirk.
@GeoDirk requested that popular content is highlighted on the front page. This might be something like a top 10 popular files. This need not be accurate to the minute i.e. we can batch process the webserver logs and create a file that describes the top content.
The hostapd config is the example config, with only minimal changes. It should be reviewed and updated with sensible settings, and config lines removed if they're the defaults.
We should at least consider:
country_code
(and how it would be set - perhaps in the admin interface as a part of language selection for the interface)Doco: hostapd
Remove travis integration and reimplement the single test using requests.
By default, the Raspberry Pi's are coming with keyboards configured for the UK. It would enhance our configuration if the keyboard layout was defaulted to the 'US' layout.
All that needs to be done is modify the one line in /etc/default/keyboard to look like this:
XKBLAYOUT="us"
When someone connects to the wifi there’s no indication what they need to do next. While entering an http URL will bounce them to the connectbox interface, one with an explicit https protocol won’t and a site that uses HSTS also won’t.
Look at using a standard captive portal workflow on connect.
Ubuntu names wlan interfaces based on the MAC of the adapter. This breaks config like hostapd.conf
where we need to provide the wlan interface name. We can revert to the old naming with a symlink under /etc ( @matheweis knows what) or using some boot params per: https://github.com/ConnectBox/wifi-test-framework/blob/master/ansible/roles/setup-system/tasks/main.yml#L25
I don’t mind which one we use.
Allow specification of the ssid, channel and hostname via txt files in the root of the USB stick. These files will be read and applied only at boot-time and the changes will be done via the same script that is used to perform actions on behalf of the admin interface. These config files should not be deleted, so they reapply on next reboot (unlike the reset file in #53)
Sometimes the php5-fpm package can't be found on Armbian
(Specific image for this case was Armbian_5.25_Orangepizero_Ubuntu_xenial_default_3.4.113.img)
Currently the nginx config is tightly coupled to the icon-only interface. We want to allow groups to use the device to display a regular website instead of the icon-only interface.
There is a separate task ( #127 ) to exposing a toggle in the admin interface to switch between icon-only mode and website mode. Until that is done we'd need to provide an icon-only image, and a website image.
We don’t have any captive portal logic for Android or Windows (phone/desktop) so I’m expecting that we’re still trapped inside the captive portal browsers (I don’t have devices to test, though)
The following resources should be sufficient to show what needs to be implemented:
This is for administrators to see what files are being downloaded.
It might be something that we display in the admin interface (though perhaps it needs to be locked down more aggressively if that's the case).
It might also be something that's uploaded to a central site when an internet connection is detected. If this were the case, we could use a unique identifier present on the hardware (say a serial number, or the MAC of the wireliess interface) to identify the connectbox. We may want to disable upload stats by default, and we may want to show the link to the stat summary in the connectbox admin interface. We may want to hash the identifier if it helps with privacy.
This allows us to provide a single image, and have groups enable website or icon-only by using the admin interface.
Builds on #126
#28 removed the ability to ship content on the Pi, and have it appear in the client interface alongside content that is stored on the USB device. Being able to ship content seems like a good feature, so we should add this back in.
a /boot/dtb
directory is created on each kernel update, however we create an overlay in that directory on our initial run in order to activate the internal USB ports. It’s hard to create that overlay on each kernel update, so we have a problem.
Thoughts:
Raspbian 2016-11-25 disabled ssh by default, so our instructions to download the image and run ansible need to be changed to include instructions on enabling ssh.
There might be other things that come up when running against this version too.
https://downloads.raspberrypi.org/raspbian/release_notes.txt
The admin interface currently exposes a method to set the tx power but it’s not currently hooked up to do anything. It’s likely that we can do something with iw dev <devname> set txpower <auto|fixed|limit> [<tx power in mBm>]
, but I don’t know how to make that stick across a reboot, short of putting it in an ifup type script.
I think it’s worth considering the use-cases for adjusting tx power - under what circumstances will the default be inappropriate, and can we simplify the interface so that it has low power (short range) and max power?
Despite the Raspbian Nov 2016 Security Update disabling ssh, we still enable it in order to run the playbooks. So, the current state is that we would ship a pi with the default password on the pi account, and sudo enabled and ssh enabled, which is bad*
I’d like to harden the install a bit, and I want to make sure we’re not going to make it hard for device developers, mass provisioners or single-device provisioners. Please discuss :-) - @kldavis4 @matheweis @GeoDirk comments most welcome
*: e.g. A malicious party could place malware in the file share, change config to start tracking users, have an internet-connected connectbox participate in a botnet.
Build 254 failed due to problems on the AWS side. It timed out waiting for ssh access with the following error:
Error applying plan:
1 error(s) occurred:
* Resource 'aws_subnet.default' does not have attribute 'id' for variable 'aws_subnet.default.id’
The terraform destroy then failed with:
Error applying plan:
1 error(s) occurred:
* aws_vpc.default: DependencyViolation: The vpc 'vpc-37803851' has dependencies and cannot be deleted.
status code: 400, request id: 65192abf-2a43-42f0-95ac-39d50361033c
The immediate followup terraform apply then failed with:
Error applying plan:
1 error(s) occurred:
* aws_subnet.default: Error creating subnet: InvalidSubnet.Conflict: The CIDR '10.0.1.0/24' conflicts with another subnet
status code: 400, request id: a8b911bc-3300-4f1d-99c7-2074165a1fef
Then the final terraform destroy failed with the same sort of dependency violation:
Error applying plan:
1 error(s) occurred:
* aws_vpc.default: DependencyViolation: The vpc 'vpc-37803851' has dependencies and cannot be deleted.
status code: 400, request id: adc58245-20e4-48b1-a1c2-211b6ba1c90c
The first problem is new since I fixed terraform apply. The failure also happened in build #278 but I re-ran it before capturing the output.
While this is certainly a pain while developing and testing, this might not be a problem for deployment if we don't expect people to access the device via ethernet interface.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.