Release notes for Excito Bubba 2&3 software version 2.6

Announcements of all software releases for Excito products
gonk
Posts: 93
Joined: 30 May 2012, 01:53

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by gonk » 19 Jul 2013, 05:16

johannes wrote:we are listening
Great!
johannes wrote:if a majority would think plain sync is crap we'll do something about it when we can.
Hear our voice!
johannes wrote:more features = more settings = less usable.
I've already argued against this with a good counter example so, no, I do not agree fully.

As a designer reaching minimalism and a high degree of usability is harder than delivering something that is on a lower quality level but that doesn't mean that you should stop trying or lower your standards just because you face a problem.

gonk
Posts: 93
Joined: 30 May 2012, 01:53

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by gonk » 19 Jul 2013, 05:31

Gordon wrote:Ah, but there you're wrong. Because it is in fact Excito (or OpenProducts) that you want to write a web based frontend to plug into their main administration pages. Since rbackup itself is a wrapper around rsync, it would make more sense to base the development of the web wrapper on rsync itself than on a shell based wrapper for it that is maintained by another developer and except for the initial idea of adding rotation mainly targets to mimic what the B3 can do out of the box.
May I remind you all about and promote my old feature request for an extensible admin interface?
http://forum.excito.net/viewtopic.php?f=10&t=4090

If that had gotten any response and attention then we enthusiasts could have integrated our ways of doing backup tasks using rsync/cron, rsnapshot or whatever with the B3 admin interface and shared those solutions to other users.

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Ubi » 19 Jul 2013, 07:40

It would indeed, but without a client-server model it would also create a gigantic security leak =)

gonk
Posts: 93
Joined: 30 May 2012, 01:53

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by gonk » 19 Jul 2013, 12:31

Ubi wrote:It would indeed, but without a client-server model it would also create a gigantic security leak =)
A client only or server only solution is not possible, to state the obvious. :)

As with any solution a proper architecture needs to be in place to ensure stability, scalability, performance, security and other important factors.

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Ubi » 20 Jul 2013, 03:21

and that brings us right back to whether this make business-sense to the manufacturer.

Hey, isnt linux open source and all so that anyone can contribute? How about the people who really want feature start getting of their behind instead of just asking others to do so.

gonk
Posts: 93
Joined: 30 May 2012, 01:53

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by gonk » 20 Jul 2013, 05:52

Ubi wrote:and that brings us right back to whether this make business-sense to the manufacturer.

Hey, isnt linux open source and all so that anyone can contribute? How about the people who really want feature start getting of their behind instead of just asking others to do so.
That's my whole point but is there a published API or supported way of extending the admin interface in a way that will survive software updates?

If not then the vendor should either supply it or publish all the source code and developer documentation for the admin interface.

Linux is open but is Excito's admin interface free GPL software?

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Ubi » 20 Jul 2013, 06:16

well the admin interface is in perl, so you can get to the source right now.
BEsides, your proposal would mean a completel overhaul, so an API is not really usefull, just like the current license is not really relevant. Your proposal means a complete alternative interface, built from scratch.

Gordon
Posts: 1356
Joined: 10 Aug 2011, 03:18

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Gordon » 20 Jul 2013, 07:37

Actually, the admin interface consists of two parts: a frontend that is built in PHP and a backend that consists of various Perl, Python and Bash scripts. Not everything that is installed on the B2/B3 can be controlled from within the frontend itself. For various functions the frontend simply links to the application's own frontend for controlling it and for some you simply have to know where to find them yourself; such as the Logitech Media Server (squeezebox).

Adding functionality therefore becomes a simple task of adding-/changing a link in the frontend and point it where you want it to go. It's up to you whether you want the pages you develop to give the same look and feel as the original admin pages. The difficult part here is to maintain the login status from the original pages and handle security accordingly.

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Ubi » 20 Jul 2013, 09:50

Indeed, as the main issue is that the user doing the requests is allways apache, no matter what login you have used in the frontend. If you let the frontend change root-level stuff, and you do not have a strong security model to execute the commands (I guess some sort of hash-key authentication works), it meanse that ANY php script on the entire server has now root permissions on some part of the system. If this extendable user interface is used for cron, your security model is now reduced to the strength of your FTP password.

Gordon
Posts: 1356
Joined: 10 Aug 2011, 03:18

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Gordon » 20 Jul 2013, 16:32

That was actually something that kept me busy for a while, as I wanted to move the admin pages to a less obvious named directory. The pages are NOT served by mod_php but by the fastcgi plugin; i.e. the person that logged on is the one running all the scripts (including the ones that build the web pages). As soon as you leave the /admin path the pages will be served by mod_php and you'll find you have no rights at all.

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Ubi » 21 Jul 2013, 04:12

afaik fastcgi can run as a specific, predefined user. This user however is not dynamically allocated depending on some login credential from a PHP page. If this were so, you need to have that PHP script run as root because apache cannot chuser to anyone.

Gordon
Posts: 1356
Joined: 10 Aug 2011, 03:18

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Gordon » 21 Jul 2013, 05:56

I hadn't gone in depth with this (I'm not so into CGI operation), but it appears that this is correct. :oops: Fastcgi does not spawn a new php instance that uses the users credentials. In fact it connects to one of three already active instances of php-cgi that indeed run as root (started by the bubba-adminphp service).

In any case, if you want to extend or change the admin interface, you should either put the new pages under /usr/share/web-admin/admin or repeat the trick of directing apache to let Fastcgi handle the pages for your chosen directory. As an alternative you could install sudo and allow apache to run the appropriate commands through this. You'll want sudo anyway if you ever intend to use rsync through ssh.

gonk
Posts: 93
Joined: 30 May 2012, 01:53

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by gonk » 21 Jul 2013, 09:17

Yet again you are diverging from the subject.

Gordon
Posts: 1356
Joined: 10 Aug 2011, 03:18

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Gordon » 21 Jul 2013, 11:12

That depends on what you consider to be subject. Since this release does not define any specific API to extend the admin interface, the whole discussion about it is essentially off topic and should go under feature requests. However if you do consider to get your hands dirty, you'll find in my post where to start looking.

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Release notes for Excito Bubba 2&3 software version 2.6

Post by Ubi » 21 Jul 2013, 12:25

gonk wrote:Yet again you are diverging from the subject.
1) Every post in this thread except the first is diverging from the subject
2) So what? Are you paying me to supply information in a manner chosen by you?

I for one think the diverged subject is actually more interesting, and it actually discusses a practical implementation of the feature request you have been whining about for a fairly long time =)

Post Reply