Frank, did that interrupt the show?

Years ago we were working in a small office park with little single-story office buildings and the power went out. We were gathered by the windows enjoying the unscheduled social event. The power company came along and went around behind the building across the way. A bit later there was this humongous BOOM! You know the window glass vibrated from an obvious shock wave. What was hilarious was that the building over there immediately emptied out into the parking lot I guess with everyone fully expecting to find and have to avoid a crater. The power company tech came around the corner trying to clear his ears with his fingers. I guess the fuses in the green boxes next to each building blow with spectacular results.

I later found out that it is a common occurrence in debugging. Uh... not in any line of work I've ever been interested in. Power came back a little over 2 hours later.

Regarding the photo... For those of you who look closely at PCBs like I do... That is a 410. Those two relays can be NO or NC ergo the jumpers. That LTC1387 is the AUX port driver with RS-422 and RS-485 capability which is only in the 410. The missing SW2 would only bridge Rx and Tx lines and provide the optional termination resistance for 485. Since few use the 485 we opted not to populate the jumpers and let them wire that externally. Beyond all that is the expansion port driver and the battery (which you can yank out anytime you want without losing anything that would cost you a dime... FYI).

Is there ever going to be a Senior? I mean... Now that I'm 65 I thinking that's in order.

Those would be the 31x devices...

Yeah, that show was definitely interrupted.

Until about the following Wednesday, as I recall....

In keeping with the Standard that documentation should be an afterthought...

We're finally greatly expanding the amount of Help information built into each Series 4 JNIOR. When the operating system (JANOS) update to v2.0.1 is released (next few weeks) it will sport a new "Help System".

The HELP command at the dreaded command line basically has always just provided a brief syntax and option list for the subject command. The Help System currently has over 300 "Topics" covering presently some 15 "Categories". This is all accessible from the Command Line Console and from the WebUI. The HELP command now offers a lot more. The browser version of the Help is admittedly old-school in appearance. This is because the same information is available in textual form at the command line.

More interesting is that the system from the WebUI can auto-generate a complete and printable Users Manual specific to the JNIOR. That manual is pushing some 275+ pages at the moment. So, NO, not for printing but for saving as a PDF where references are linked for you. The manual is specific to the JNIOR because it will include Help information for installed applications. Okay, the Help for those will follow as the applications themselves update.

The Help is searchable.

http://honeypot.integpg.com/query.cgi?help=*

The JNIOR serves the Help System as public content. So the above gets you into the Help System on one of our JNIORs that sits on the open Internet. See if you can break it. But really if you see something questionable you can let me know and we will address it. The content is expanding.

If you have any questions... I'll try to make myself scarce. ;-)

The link I posted above gets you into a JNIOR on the public network and gives you access to the latest user manual information for the Series 4 JNIOR. This is accessible from the standard WebUI but since you need to login to access that I thought it would be interesting to slip the URL to the unprotected stuff. This is just for JANOS v2.0.1 (and of course later) which is not out there yet.

If you go to generate the printable (PDF savable) Users Manual I see that it wants a login. That is just to retrieve our logo. The rest of the document will render. It takes like 30 seconds to generate. Basically the system scans all of the available help data, generates a table of contents and an index, and creates a nicely formatted book with active links from all of it. It does almost all of that through the query.cgi access point. Oh, there is also an image on the page detailing digital inputs that would prompt for a password. I'll have to think about fetching those graphics and tagging them somehow as public.

The JANOS WebServer has both a standard root and a public root. So you can build a website that requires login or one that does not while still maintaining login for the WebUI and administration of your JNIOR.

So here is the question... Is there any issue with help information like this being available without authentication?

There is nothing secret in there but... it may mention the default user accounts and default passwords in one corner someplace.

By the way, the old-school bare HTML look is just CSS. In other words the fanciness can be added later. I know, we can make it come up and fill your entire screen with pictures of flowers and bees forcing you to scroll down on every page to find something, anything, worth reading.

There are two potential issues that come to mind here, and they're both only applicable for those who expose their web server to the Internet. While it's debatable if this is a good idea, the hing is: It will happen.

1. A JNIOR is not a dedicated webserver. Like you indicated yourself, a request can take about 30 seconds to process. So, you're potentially exposing your device to a Denial of Service attack here. This DoS could even happen with something usually rather harmless, like a bot indexing your public website.
2. The help system itself could offer a new attack surface by exposing any potential bugs within the CGI script.

Well, the 30 seconds is just the time it takes the script to generate The BOOK of JANOS which is all of the Help information formatted formally into a book or Users Manual. That is just an option. Once that is generated it is cached until the unit is rebooted for whatever reason. So there is no further such delay. That Honeypot JNIOR on the open Internet has a record uptime of 23 weeks or so. That mostly being interrupted by our sticking Release Candidate code out there for validation (like now).

But yeah, exposed units are at risk. This one is constantly under attack. The default website shows a map of where IP addresses causing failed logins are located. I had planned to address DoS attacks with detection and grey listing but we haven't yet have it present itself as a concern. Attacks focused on bugs generally require prior knowledge of the vulnerabilities and JANOS is a mystery to most. Worse for attackers, identified bugs are quickly fixed and updates can be immediately available. Um... Then there are those still running JANOS v1.6 and even earlier. Uh... and those running JNIOR3.

There are JNIORs on the open Internet. I had once thought to run a bot to find them. I know they are used to provide cell phone control of those big fancy estate gates crazy rich people put at the end of their long driveways. In providing support there are some JNIORs we notice that can be remotely managed and not through a VPN connection. Golf courses use them in lightning detection to manage sirens. A bot just would need to hit Port 23. The banner identifies the JNIOR (Serial number, OS version, etc.) without need to attempt login. Fast and painless.

Actually, I wonder if the spiders walk CGI content?

I think the common sense now is to make the default-attack-surface of devices as small as possible. Maybe you can provide an easy option to enable the built-in help function via HTTP.

The problem with anything password-protected, especially when using plain HTTP authentication, is that you'll see many brute-forces on it, which also consumes resources and potentially wear down stuff like flash memory, especially if they need to write something after every failed attempt.

Modern web spiders are known to walk "dynamic content" too, especially if there are plain hyperlinks pointing towards it. They may ignore content that's protected by obvious one-time tokens like session IDs, but they don't ignore everything behind the question mark in the URL by default.

We are going to be handing these out at CinemaCon. Well... to select individuals (of our choice) who might have an interest in such things.

Book_Of_JANOS.jpg
If you are wondering what these are... they contain these pieces of paper with information rendered on both sides all glued together in a logical fashion.

Um... If you are going to be at CinemaCon stop by our Booth 2409A in the Augustus ballroom. Er... it doesn't seem that we will be all that hard to find at this show. We should get together and commiserate.

Bruce, I would love one! I'll trade you a tour of the setup at the Colosseum lol!

When JANOS v2.1 releases it will include an extended Help system. Through the WebUI you can ask the JNIOR to generate this document.

Basically, I had one of my JNIORs generate it and I printed the result to a PDF. There is even a Registry key that tells it to shift even and odd pages left and right to leave binding space. Then using the Adobe booklet print mode, the document was printed on our color printer. Okay, so with some cover art, a guillotine cutter and a hot glue binder we published these ourselves. It is nice to hold an actual book. It doesn't require batteries or recharging! You can even add non-volatile notes to the pages.

If you click the link back in post #35 it opens the Help system on a honeypot JNIOR we have sitting on the open Internet (running a release candidate v2.1). Click the '[Printable Manual]' link at the top. Then save the result to a PDF. That is the book... and with functional links! The links don't work on this paper stuff. I haven't figured that out yet.

Maybe I could autograph the hard copies at the show. Hahahaha...

Real paper. Soooooo cool Bruce. Wish I was there to pick one up.

I don't understand...does it have Wifi? How long does the battery last?

It has a "paper white" display with nonvolatile memory.