|
UPnP and why you will probably like it
From another thread:
Quote:
The sad joke is that Zeeshan has been seeing his blog posts about GUPnP and Rygel buried down by voters that don't get it (not that Zeeshan always helps, certainly) ;) and surely will be happy once the work he is leading is released. Then you still need to have the technology and business models implemented in the appliances you find in your way. Maybe one day the Internet caffes or the public libraries or even the schools will offer you a sit, network, monitor, keyboard and a charger to interact with your mobile device? Someone has to start somewhere. Like the ones that started years ago with the TVOut cables. |
Re: UPnP and why you will probably like it
Might this be an early insight into the expected new models?
Or in the 2010/2011 iteration? (as per the reference to harmattan) |
Re: UPnP and why you will probably like it
This is no insight about products, only a comment about technologies and trends.
|
Re: UPnP and why you will probably like it
So far, my experience with UPnP has been, "making the stuff geeks can do easy enough for their wives to do."
Up until now, I haven't seen any uses for UPnP that add functionality to a device. This use of UPnP to replace other services is interesting; sort of like the Open Source response to ZeroConf... |
Re: UPnP and why you will probably like it
Quote:
Quote:
|
Re: UPnP and why you will probably like it
Quote:
Yes :) ... and it may have been Microsoft users that seemed to kill its early wide spread adoption because of Windows security issues. Irony must be part of the Microsoft Corp. mission statement. :D |
Re: UPnP and why you will probably like it
Steve Gibson on the SecurityNow podcast considers UPNP a horrible security vulnerability. The Conficker worm is a UPNP client, as a matter of fact. If your router has UPNP on, the worm can ask the router to open all the ports it wants and it will do so to the requesting software with no questions asked. Yow.
|
Re: UPnP and why you will probably like it
Quote:
In this case his article here refers to vulnerabilities in Windows. http://www.grc.com/unpnp/unpnp.htm which was last updated on Dec 28, 2001 at 15:47. At the very least the information is 7+ years out of date. Instead of listening to Gibson do yourself a favor and simply read e.g. en.wikipedia.org/wiki/UPnP#Problems_with_UPnP As for your worm example. If a rogue application has root access on your computer you have more severe problems than UPnP. It could, for example, download some evil payload over HTTP. And most firewalls would allow this. There are various problems with UPnP but they are often not understood well or taken out of proportion. It is not necessarily used over the Internet. Think about LANs, for example. Nor is it necessarily used to give everyone access to all ports on a UPnP client. This depends on settings. A device (e.g. 'consumer modem') running a UPnP daemon can deny specific UPnP requests. The default settings on 'consumer modems' often use a whitelist allowing any user and any IP who can connect to the 'consumer modem' (in other words: on LAN/WLAN) to use the UPnP daemon. Even if that is not the case there is no serious form of authentication because it is based on ACLs with IPv4 addresses (hello BGP?!). It is used as a horrible hack to circumvent the issues of IPv4 and NAT. Horrible, yet in practice necessary. Whereas IPv6 would solve the need for UPnP, IPv6 has not rolled out everywhere yet, and it would still require users to run firewalls on their devices, with a rogue application having root access still being a problem. Meanwhile, the lack of authentication in UPnP can be addressed by using something like AuthPF. But for most users such solutions are not convenient enough. |
Re: UPnP and why you will probably like it
Quote:
|
| All times are GMT. The time now is 01:17. |
vBulletin® Version 3.8.8