02-09-2013, 01:40 PM
|
#16 |
|
Embedded Cheerleader
  
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
Today's release
Release at: http://www.mobileread.com/forums/sho...1&postcount=13
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan |
|
|
|
02-09-2013, 03:05 PM
|
#17 |
|
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
Posts: 5,115
Karma: 5288897
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW, K5 B011, K3 us, K4, DXG, XDA I&II, Omnia, Ematic E6 + E8 :) etc.
|
Did you update the zips?
__________________
Audiophile and electron bully. My tunes (for free) soundcloud.com/twobob. DONATE TO KUAL BY CLICKING THIS SIMPLE LINK Kung-Fu. Hard work over time to accomplish skill. A painter can have kung-fu... The musician can have kung-fu, or the poet who paints pictures with words and makes emperors weep. This, too, is kung-fu. Formless, nameless, the true master dwells within. Only you can free him. The album I'm headlining on at the moment: s.beatport.com/OCp9dT - FREE: 2012 Award winning set |
|
|
|
|
Enthusiast
|
|
|
02-09-2013, 03:25 PM
|
#18 | |
|
Embedded Cheerleader
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
Quote:
Although the Amazon network document wasn't updated today. Files now have a public home: http://hg.minimodding.com/repos/sys/kBBB.hg/ Public browse, download, and 'hg clone'
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan |
|
|
|
|
|
02-09-2013, 03:31 PM
|
#19 | |
|
Embedded Cheerleader
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
Quote:
Comment at top of rule-set was not changed today. Fixed and pushed. That really is the correct file - I downloaded it from MobileRead: http://www.mobileread.com/forums/sho...1&postcount=13 to create the repo.  Aren't public repos just great?
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan Last edited by knc1; 02-09-2013 at 03:35 PM. |
|
|
|
|
|
02-10-2013, 01:37 AM
|
#20 |
|
A garbling groftpot
Posts: 507
Karma: 3090000
Join Date: Feb 2012
Location: France
Device: IPad, Kindle PW, iPhone
|
Greetings kind sirs
Would this work in Europe? I'm supposing Amazon are using local servers but I have no idea which, no idea about much really, but I would love to stop my paperwhite phoning home. I need a simple package, though, being somewhat technologically challenged. Maybe you will have time at some point?
__________________
Have I wittered on enough to get a signature? Oh good, I can put a dropbox link here! On second thoughts, maybe I won't bother, and go just go back to weeding the garden. 
|
|
|
|
|
02-10-2013, 07:38 AM
|
#21 | |
|
Embedded Cheerleader
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
Quote:
But because of the geographic load balancing used by large networks, it is unlikely I have seen all of the EU address ranges. Still - better than nothing and that will improve once I get some EU volunteers (or ssh access to EU machines). My next step in this little project, will be to add Buttons for the KUAL launcher (Add, Remove, Report). Since everything about this BBB filter exists only in the user's USB storage mode area, next to the documents directory for books (as does everything about KUAL) - - - If you can copy a book over USB to the Kindle, you can copy this BBB stuff. Or, at least you will be able to when done. Thank you for your interest. You are the first one to comment other than my Kindle Koding partner, twobob.
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan Last edited by knc1; 02-10-2013 at 07:42 AM. |
|
|
|
|
|
02-10-2013, 10:11 AM
|
#22 |
|
A garbling groftpot
Posts: 507
Karma: 3090000
Join Date: Feb 2012
Location: France
Device: IPad, Kindle PW, iPhone
|
Marvellous! Thank you for the work you are doing on this. I dearly love my kindles, but I don't love the lack of privacy and the forced updates. I did manage the jailbreak and the launcher, but that stretched my electron moving skills to the limit.
__________________
Have I wittered on enough to get a signature? Oh good, I can put a dropbox link here! On second thoughts, maybe I won't bother, and go just go back to weeding the garden.
|
|
|
|
|
02-11-2013, 10:11 AM
|
#23 | |
|
Embedded Cheerleader
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
BBB-Next
The point raised (on another thread) here that NOT making the user wait for filtered connection attempts to time out was a good one.
It was also a valid point about the firewall design, it **should** be using the proper "reset" and "reject" targets rather than "drop". Unfortunately, not even the most recent stock firmware supports the "REJECT" target ("reset" is a special case of "reject"). Since it is an objective to not introduce binary additions to the stock firmware with BBB ; The BBB project will have to continue making the user sit and wait for the "store" to time out (and everything else that is filtered). The next change will be to split up our monolithic firewall into interface specific chains in the filter table.  Finally! The "Store" feature finally timed-out with: Quote:
Now, where was I in typing this post? Oh, yeah . . . . The new per-interface rule tables. Code:
Chain ppp-in (0 references) pkts bytes target prot opt in out source destination Chain ppp-out (0 references) pkts bytes target prot opt in out source destination Chain usb-in (0 references) pkts bytes target prot opt in out source destination Chain usb-out (0 references) pkts bytes target prot opt in out source destination Chain wlan-in (0 references) pkts bytes target prot opt in out source destination Chain wlan-out (0 references) pkts bytes target prot opt in out source destination Control **PER INTERFACE** device. This change will actually make the firewall more efficient with less packet latency. Plus - KUAL buttons - RSN
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan Last edited by knc1; 02-11-2013 at 10:16 AM. |
|
|
|
|
|
02-11-2013, 07:40 PM
|
#24 |
|
Embedded Cheerleader
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
BBB-13042
Our usual 'manual' installation process (still):
Spoiler:
Reload the kernel's firewall rules: Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables-restore < /mnt/us/extensions/bbb/frags/added-bbb-13042.txt" Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL INPUT"
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- lo * 0.0.0.0/0 0.0.0.0/0
21 4059 usb-in all -- usb0 * 0.0.0.0/0 0.0.0.0/0
6 504 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
185 94842 wlan-in all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 ppp-in all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL wlan-in"
Chain wlan-in (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
233 121K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
4 1216 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
2 56 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
This structure allows for the easy automation of adding and removing services **PER INTERFACE**. I.E: It is unlikely that anyone will want to run rsync on anything other than the USB cable. And other services only make sense on interfaces other than the USB cable. It also allows modification **PER INTERFACE** of the BBB filter. Exactly how that might be useful is yet to be known, but it is there to help the automation also. After today's field test (minus one counter): Spoiler:
Now delete the BBB filter from all three output interface chains: Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; /mnt/us/extensions/bbb/config.d/del-bbb-13042.sh" Spoiler:
Next - work on some buttons - RSN.
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan |
|
|
|
|
02-11-2013, 08:27 PM
|
#25 |
|
Zealot
Posts: 120
Karma: 52745
Join Date: Aug 2010
Location: Maryland, USA
Device: dxg, k3w,k4nt,kpw
|
Great job! Thank you for the work you do!
Sometines I think that it could be easier to maintain the list of _trusted_ URLs than the list of BB-related ones. I'd even agree to limit access to my local wireless network, denying all attempts to get outside. In order to try this, I arranged an extra WiFi router with its WAN side turned Off. I quickly learned that the last kindle firmware catches these situations, and doesn't even connect to such wireless networks, keeping the airplane mode always On. I suspect the kindle version of wpa_supplicant, but, unfortunately, no chance to get deeper on that.. Is this a known problem? Any workaround for that? Am I missing something? Thanks. |
|
|
|
|
02-11-2013, 08:40 PM
|
#26 | |
|
Embedded Cheerleader
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
Quote:
The first step is to block everything that can be found ; And then identify the the "safe" ones (perhaps the 'sync' services, or things that are safe to access by 3G (which never downloads updates) ) ; And of course, there will be as many ideas of what is 'safe' as their are users. This is a very flexible structure now. Many of those things can now be turned into 'button presses'.
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan |
|
|
|
|
|
02-12-2013, 01:55 AM
|
#27 |
|
Embedded Cheerleader
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
An untested example of putting a hole in the filter
This target address is totally untested! Allowing it may smoke your Kindle or eat your Kat!
Looking at this entry in the Amazon-Network reference: Kpw: 54.240.0.0/12 Kpw: 54.240.128.0/18 ** If wanting to screen the sub-net ** Amazon Technologies Inc. AMAZON-2011L (NET-54-240-0-0-1) 54.240.0.0 - 54.255.255.255 Amazon Web Services, LLC AWSEMAIL-Z (NET-54-240-0-0-2) 54.240.0.0 - 54.240.63.255 Looking at the rule-set, you will find: Code:
# Packets leaving by Wifi :wlan-out - [0:0] -A wlan-out -d 23.0.0.0/12 -j DROP -A wlan-out -d 23.20.0.0/14 -j DROP -A wlan-out -d 50.16.0.0/14 -j DROP # Count and drop the sub-net first. -A wlan-out -d 54.240.128.0/18 -j DROP -A wlan-out -d 54.240.0.0/12 -j DROP Then if you (or a KUAL button) wants to make an exception to the provided filter rule-set ; Insert as RULE #1 (all exceptions, all device chains, are added as RULE #1): Code:
iptables -t filter -I wlan-out -d 54.240.128.0/18 -j ACCEPT When your done with the 'mail-to Kindle' function, take it out again with: Code:
iptables -t filter -D wlan-out -d 54.240.128.0/18 -j ACCEPT If wanting to enable this for 3G (also or only) - use the above rules with the substitution of ppp-out for wlan-out (Wifi). If someone wants to try this out, and report back here - would be nice to know if that is really the 'mail-to Kindle' service. WARNING: If you keep reading my posts, you will learn more than you probably ever cared to know about Linux network firewalls.
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan Last edited by knc1; 02-12-2013 at 02:04 AM. |
|
|
|
|
02-12-2013, 03:27 AM
|
#28 |
|
A garbling groftpot
Posts: 507
Karma: 3090000
Join Date: Feb 2012
Location: France
Device: IPad, Kindle PW, iPhone
|
Now I don't even begin to understand the "how" of this, but if it would be possible to allow access to the "email to kindle" and the store without Amazon getting a report on everything I do or "upgrading" , by allowing only 3g access that sounds interesting. Can it me done? A switch to turn wifi off and leave 3g on? Would it block big brother or just slow him down?
Please ignore me if I am being an ignorant pest......
__________________
Have I wittered on enough to get a signature? Oh good, I can put a dropbox link here! On second thoughts, maybe I won't bother, and go just go back to weeding the garden.
|
|
|
|
|
02-12-2013, 07:32 AM
|
#29 | |
|
Embedded Cheerleader
Posts: 4,066
Karma: 3801329
Join Date: Feb 2012
Device: Intel 4004
|
Quote:
That is the point of the structure I designed. It will take research to learn what Internet addresses Amazon uses for which purpose. But your/my example (If my guess based on name of registered owner is correct) - - 'e-mail to Kindle' works over either Wifi or 3G. Over 3G there is a charge, over Wifi is free (at least in the USA). So now the user can choose to block or accept either type (with the default of being blocked). Just add that 'ACCEPT' exception to the filter rule for either 3G or Wifi or both or neither (neither is the default). And to your other (implied) question, also mentioned by another poster* - - - This, at the moment, does not prevent you from using your Kindle on your OWN home Wifi - it is only blocking the public Wifi use. Even when using your OWN home Wifi, it blocks access to Amazon. It just requires more research to learn just what to 'ACCEPT' to allow the (commercial) 'Free Wifi' public services. Of course, that will have to be the end-user's decision - since Amazon will get a report of which Hot Spot you are using. So today, I have to go learn how to make 'Buttons' for it. Once that is done, the end-user will not require USBnetworking to use the 'Block Big Brother' (BBB) add-in. - - - - * TWO INTERESTED USERS - Durn but this project is getting a lot of interest now!
__________________
"Hack is just a four letter word." - - With apologies to B. Dylan |
|
|
|
|
|
02-12-2013, 07:33 AM
|
#30 |
|
Fanatic
Posts: 520
Karma: 2155774
Join Date: Apr 2011
Device: 2x Sony PRS-350 (silver, blue); PRS-300 (†), Kindle Paperwhite
|
HI
Is there a more ore less easy way to use WIKIPEDIA without beeing logged into my Amazon account? Or better: Use Wikipedia without beeing logged into my account AND block everything else. In and out. I just want to use Wikipedia without big brother watching me an nothing else. No mail, no buying books, ... What I am able to do? A am able to copy files over SSH to the reader (finally managed that point...). What I'm not able to do? Managing this job with the help of general explanations. I'm no Linux man. For this task I've set up a virtual OpenSuse in VirtualBox. Thanks |
|
|
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | Search this Thread |
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Big Brother Revisited | adamselene | Kindle Developer's Corner | 7 | 02-11-2013 08:06 AM |
| Amazon - Big Brother or Benefactor? | poohbear_nc | Amazon Kindle | 6 | 10-15-2010 01:49 PM |
| Seriously thoughtful Say hello to Big Brother | ardeegee | Lounge | 4 | 11-04-2009 05:08 PM |
| Big Brother is watching UK | kaas | Lounge | 9 | 08-22-2008 09:57 AM |
| Big Brother at work | Francesco | Lounge | 0 | 12-08-2004 06:02 PM |
All times are GMT -4. The time now is 07:43 AM.