Enabling Connectivity Checking in NetworkManager

classic Classic list List threaded Threaded
40 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Enabling Connectivity Checking in NetworkManager

Mathieu Trudel-Lapierre-3
Hi,

At UDS some of us discussed the connectivity checking feature of
NetworkManager, which landed not long before the Precise release.

Connectivity checking would be a big benefit in helping with properly
recognizing the cases where you're connected to wireless, but actually
behind a captive portal which catches and redirects requests --
sometimes not all that gracefully. The most frequent impact of this is
a corrupted apt cache when the files don't fail to be downloaded, but
instead contain http data from the captive portal.

I'd like to enable connectivity checking in NetworkManager. We'd use
http://start.ubuntu.com/connectivity-check.html, running the check
every 5 minutes starting from the connection being established.
start.ubuntu.com has already been in use for a while to verify
connectivity from the installer, IIRC.

The net impact of this change will be a slight modification in the
actual status reported by NM -- NM_STATE_CONNECTED_SITE, rather than
NM_STATE_CONNECTED_GLOBAL. Most applications that depend on
NetworkManager to check connectivity already handle (the old state
NM_STATE_CONNECTED which now maps to GLOBAL), CONNECTED_LOCAL,
CONNECTED_SITE and CONNECTED_GLOBAL as meaning that they have internet
connectivity, so I don't expect consequences for the vast majority of
applications.

As for the actual change, it is limited to the
/etc/NetworkManager/NetworkManager.conf file; to which the following
will be added:

[connectivity]
uri=http://start.ubuntu.com/connectivity-check.html
response=Lorem ipsum

See the manual page for NetworkManager.conf(5) for the details of what
these settings do.

Please let me know if you have questions or think there are good
reasons not to enable this feature. If there is no response by the end
of the week, I'd like to proceed with a enabling this in Quantal and
making sure it gets well tested.

Kind regards,

Mathieu Trudel-Lapierre <[hidden email]>
Freenode: cyphermox, Jabber: [hidden email]
4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Scott Kitterman-3
On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:

> Hi,
>
> At UDS some of us discussed the connectivity checking feature of
> NetworkManager, which landed not long before the Precise release.
>
> Connectivity checking would be a big benefit in helping with properly
> recognizing the cases where you're connected to wireless, but actually
> behind a captive portal which catches and redirects requests --
> sometimes not all that gracefully. The most frequent impact of this is
> a corrupted apt cache when the files don't fail to be downloaded, but
> instead contain http data from the captive portal.
>
> I'd like to enable connectivity checking in NetworkManager. We'd use
> http://start.ubuntu.com/connectivity-check.html, running the check
> every 5 minutes starting from the connection being established.
> start.ubuntu.com has already been in use for a while to verify
> connectivity from the installer, IIRC.
>
> The net impact of this change will be a slight modification in the
> actual status reported by NM -- NM_STATE_CONNECTED_SITE, rather than
> NM_STATE_CONNECTED_GLOBAL. Most applications that depend on
> NetworkManager to check connectivity already handle (the old state
> NM_STATE_CONNECTED which now maps to GLOBAL), CONNECTED_LOCAL,
> CONNECTED_SITE and CONNECTED_GLOBAL as meaning that they have internet
> connectivity, so I don't expect consequences for the vast majority of
> applications.
>
> As for the actual change, it is limited to the
> /etc/NetworkManager/NetworkManager.conf file; to which the following
> will be added:
>
> [connectivity]
> uri=http://start.ubuntu.com/connectivity-check.html
> response=Lorem ipsum
>
> See the manual page for NetworkManager.conf(5) for the details of what
> these settings do.
>
> Please let me know if you have questions or think there are good
> reasons not to enable this feature. If there is no response by the end
> of the week, I'd like to proceed with a enabling this in Quantal and
> making sure it gets well tested.

I think that a significant fraction of Ubuntu's user base is (reasonably) very
sensitive about privacy issues.  While this is no worse the the NTP check that
already exists (that is controversial), I don't think it  should be enabled by
default.

Scott K

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Ted Gould-2
On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:

> On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
> > As for the actual change, it is limited to the
> > /etc/NetworkManager/NetworkManager.conf file; to which the following
> > will be added:
> >
> > [connectivity]
> > uri=http://start.ubuntu.com/connectivity-check.html
> > response=Lorem ipsum
> >
> > See the manual page for NetworkManager.conf(5) for the details of what
> > these settings do.
> >
> > Please let me know if you have questions or think there are good
> > reasons not to enable this feature. If there is no response by the end
> > of the week, I'd like to proceed with a enabling this in Quantal and
> > making sure it gets well tested.
>
> I think that a significant fraction of Ubuntu's user base is (reasonably) very
> sensitive about privacy issues.  While this is no worse the the NTP check that
> already exists (that is controversial), I don't think it  should be enabled by
> default.
I think that for those who are concerned, this is trivial to disable.
But, I think what happens for those who are, is that Ubuntu "does the
right thing" by default.  If you're at a hotel or other location that
captures for a login page, you won't get your mail and apt and ... all
downloading bogus stuff.

                --Ted



--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Mario Limonciello-2


On Tue, Jul 10, 2012 at 2:06 PM, Ted Gould <[hidden email]> wrote:
On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
> On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
> > As for the actual change, it is limited to the
> > /etc/NetworkManager/NetworkManager.conf file; to which the following
> > will be added:
> >
> > [connectivity]
> > uri=http://start.ubuntu.com/connectivity-check.html
> > response=Lorem ipsum
> >
> > See the manual page for NetworkManager.conf(5) for the details of what
> > these settings do.
> >
> > Please let me know if you have questions or think there are good
> > reasons not to enable this feature. If there is no response by the end
> > of the week, I'd like to proceed with a enabling this in Quantal and
> > making sure it gets well tested.
>
> I think that a significant fraction of Ubuntu's user base is (reasonably) very
> sensitive about privacy issues.  While this is no worse the the NTP check that
> already exists (that is controversial), I don't think it  should be enabled by
> default.

I think that for those who are concerned, this is trivial to disable.
But, I think what happens for those who are, is that Ubuntu "does the
right thing" by default.  If you're at a hotel or other location that
captures for a login page, you won't get your mail and apt and ... all
downloading bogus stuff.

                --Ted

How exactly do you see this as a privacy issue?  It's no different than manually visiting a website every 5 minutes.  No PC specific ID has to be sent.

The exact same connectivity check already happens in the installer too.

--
Mario Limonciello
[hidden email]

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Stéphane Graber-2
In reply to this post by Ted Gould-2
On 07/10/2012 03:06 PM, Ted Gould wrote:

> On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
>> On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
>>> As for the actual change, it is limited to the
>>> /etc/NetworkManager/NetworkManager.conf file; to which the following
>>> will be added:
>>>
>>> [connectivity]
>>> uri=http://start.ubuntu.com/connectivity-check.html
>>> response=Lorem ipsum
>>>
>>> See the manual page for NetworkManager.conf(5) for the details of what
>>> these settings do.
>>>
>>> Please let me know if you have questions or think there are good
>>> reasons not to enable this feature. If there is no response by the end
>>> of the week, I'd like to proceed with a enabling this in Quantal and
>>> making sure it gets well tested.
>>
>> I think that a significant fraction of Ubuntu's user base is (reasonably) very
>> sensitive about privacy issues.  While this is no worse the the NTP check that
>> already exists (that is controversial), I don't think it  should be enabled by
>> default.
>
> I think that for those who are concerned, this is trivial to disable.
> But, I think what happens for those who are, is that Ubuntu "does the
> right thing" by default.  If you're at a hotel or other location that
> captures for a login page, you won't get your mail and apt and ... all
> downloading bogus stuff.
>
> --Ted
There are other ways to detect such cases without having the machine
connect to an external service.

Someone suggested on IRC to implement a doesnt-exist.ubuntu.com which is
essentially a record that Canonical would guarantee never to exist in
the ubuntu.com. zone.

If you can resolve or even access that host, then you are behind some
kind of captive portal/proxy.

--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com



--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (918 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Ted Gould-2
On Tue, 2012-07-10 at 15:11 -0400, Stéphane Graber wrote:
> There are other ways to detect such cases without having the machine
> connect to an external service.
>
> Someone suggested on IRC to implement a doesnt-exist.ubuntu.com which is
> essentially a record that Canonical would guarantee never to exist in
> the ubuntu.com. zone.
>
> If you can resolve or even access that host, then you are behind some
> kind of captive portal/proxy.

My standard DSL will resolve every address to Verizon's search engine to
"help me" figure out where I miss typed it.  I think you need some sort
of positive identification unfortunately, negative won't work here.

                --Ted


--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Ted Gould-2
In reply to this post by Mario Limonciello-2
On Tue, 2012-07-10 at 14:10 -0500, Mario Limonciello wrote:
> How exactly do you see this as a privacy issue?  It's no different
> than manually visiting a website every 5 minutes.  No PC specific ID
> has to be sent.
>
> The exact same connectivity check already happens in the installer
> too.

I'd agree that it's an extreme situation, but technically any connection
would be.  For instance, my ISP or company would have a high likelyhood
that I'm running Ubuntu by watching for this.  For those who are
concerned, I don't believe the alternate installer does this check.
And, you could buy Ubuntu preinstalled on some machines :-)

                --Ted



--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Marc Deslauriers-3
In reply to this post by Stéphane Graber-2
On Tue, 2012-07-10 at 15:11 -0400, Stéphane Graber wrote:

> On 07/10/2012 03:06 PM, Ted Gould wrote:
> > On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
> >> On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
> >>> As for the actual change, it is limited to the
> >>> /etc/NetworkManager/NetworkManager.conf file; to which the following
> >>> will be added:
> >>>
> >>> [connectivity]
> >>> uri=http://start.ubuntu.com/connectivity-check.html
> >>> response=Lorem ipsum
> >>>
> >>> See the manual page for NetworkManager.conf(5) for the details of what
> >>> these settings do.
> >>>
> >>> Please let me know if you have questions or think there are good
> >>> reasons not to enable this feature. If there is no response by the end
> >>> of the week, I'd like to proceed with a enabling this in Quantal and
> >>> making sure it gets well tested.
> >>
> >> I think that a significant fraction of Ubuntu's user base is (reasonably) very
> >> sensitive about privacy issues.  While this is no worse the the NTP check that
> >> already exists (that is controversial), I don't think it  should be enabled by
> >> default.
> >
> > I think that for those who are concerned, this is trivial to disable.
> > But, I think what happens for those who are, is that Ubuntu "does the
> > right thing" by default.  If you're at a hotel or other location that
> > captures for a login page, you won't get your mail and apt and ... all
> > downloading bogus stuff.
> >
> > --Ted
>
> There are other ways to detect such cases without having the machine
> connect to an external service.
>
> Someone suggested on IRC to implement a doesnt-exist.ubuntu.com which is
> essentially a record that Canonical would guarantee never to exist in
> the ubuntu.com. zone.
>
> If you can resolve or even access that host, then you are behind some
> kind of captive portal/proxy.
>

That only works if the portal/proxy spoofs DNS. Some don't do that.

Seriously, there's a whole slew of software on the desktop that connects
to the Internet regularly, I don't see how this is any different. It's
easy to change for paranoid people, and enabling it would make Ubuntu so
much better for a majority of users.

Marc.




--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Andrea Corbellini-4
In reply to this post by Mathieu Trudel-Lapierre-3
On 10/07/12 20:41, Mathieu Trudel-Lapierre wrote:
> I'd like to enable connectivity checking in NetworkManager. We'd use
> http://start.ubuntu.com/connectivity-check.html, running the check
> every 5 minutes starting from the connection being established.
> start.ubuntu.com has already been in use for a while to verify
> connectivity from the installer, IIRC.

Isn't a check every 5 minutes a frequency a bit too high? I mean, if a
computer is connected to a "captive portal which catches and redirects
requests", then the chances that the connectivity will change during
time are very low. In my opinion, having a high frequency will just
cause unnecessary wakeups and will show boring data in tools used for
network debugging.

Also, what should happen if the connection to start.ubuntu.com times out
because of a network congestion? Has this case been discussed? (I wasn't
at UDS)

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Scott Kitterman-3
In reply to this post by Ted Gould-2
On Tuesday, July 10, 2012 02:06:32 PM Ted Gould wrote:

> On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
> > On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
> > > As for the actual change, it is limited to the
> > > /etc/NetworkManager/NetworkManager.conf file; to which the following
> > > will be added:
> > >
> > > [connectivity]
> > > uri=http://start.ubuntu.com/connectivity-check.html
> > > response=Lorem ipsum
> > >
> > > See the manual page for NetworkManager.conf(5) for the details of what
> > > these settings do.
> > >
> > > Please let me know if you have questions or think there are good
> > > reasons not to enable this feature. If there is no response by the end
> > > of the week, I'd like to proceed with a enabling this in Quantal and
> > > making sure it gets well tested.
> >
> > I think that a significant fraction of Ubuntu's user base is (reasonably)
> > very sensitive about privacy issues.  While this is no worse the the NTP
> > check that already exists (that is controversial), I don't think it
> > should be enabled by default.
>
> I think that for those who are concerned, this is trivial to disable.
> But, I think what happens for those who are, is that Ubuntu "does the
> right thing" by default.  If you're at a hotel or other location that
> captures for a login page, you won't get your mail and apt and ... all
> downloading bogus stuff.

First, I do a fair amount of travelling for $WORK, so I know all about these.  
For people who travel, they already know about logging into the web page when
you get to the hotel.

This kind of check doesn't actually guarantee anything since different places
handle these things differently.  Even if the proposed check works, if a hotel
captures and redirects port 25 or 587 (yes, port 587 redirection happens,
although it's positively brain dead and rare) then your mail is still screwed.

If you're connected of not is on a port by port basis, so I don't think this
reliably solves the problem in any case.

Scott K

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Marc Deslauriers-3
On Tue, 2012-07-10 at 15:21 -0400, Scott Kitterman wrote:

> On Tuesday, July 10, 2012 02:06:32 PM Ted Gould wrote:
> > On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
> > > On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
> > > > As for the actual change, it is limited to the
> > > > /etc/NetworkManager/NetworkManager.conf file; to which the following
> > > > will be added:
> > > >
> > > > [connectivity]
> > > > uri=http://start.ubuntu.com/connectivity-check.html
> > > > response=Lorem ipsum
> > > >
> > > > See the manual page for NetworkManager.conf(5) for the details of what
> > > > these settings do.
> > > >
> > > > Please let me know if you have questions or think there are good
> > > > reasons not to enable this feature. If there is no response by the end
> > > > of the week, I'd like to proceed with a enabling this in Quantal and
> > > > making sure it gets well tested.
> > >
> > > I think that a significant fraction of Ubuntu's user base is (reasonably)
> > > very sensitive about privacy issues.  While this is no worse the the NTP
> > > check that already exists (that is controversial), I don't think it
> > > should be enabled by default.
> >
> > I think that for those who are concerned, this is trivial to disable.
> > But, I think what happens for those who are, is that Ubuntu "does the
> > right thing" by default.  If you're at a hotel or other location that
> > captures for a login page, you won't get your mail and apt and ... all
> > downloading bogus stuff.
>
> First, I do a fair amount of travelling for $WORK, so I know all about these.  
> For people who travel, they already know about logging into the web page when
> you get to the hotel.
>
> This kind of check doesn't actually guarantee anything since different places
> handle these things differently.  Even if the proposed check works, if a hotel
> captures and redirects port 25 or 587 (yes, port 587 redirection happens,
> although it's positively brain dead and rare) then your mail is still screwed.
>
> If you're connected of not is on a port by port basis, so I don't think this
> reliably solves the problem in any case.

Solving it for a good proportion of cases is better than not solving it
at all.

It drives me nuts that Evolution and gnome-xchat spew error messages
before I log into a portal, when this problem is already solved on other
operating systems by using essentially the same technique.

Marc.




--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Stéphane Graber-2
In reply to this post by Marc Deslauriers-3
On 07/10/2012 03:20 PM, Marc Deslauriers wrote:

> On Tue, 2012-07-10 at 15:11 -0400, Stéphane Graber wrote:
>> On 07/10/2012 03:06 PM, Ted Gould wrote:
>>> On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
>>>> On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
>>>>> As for the actual change, it is limited to the
>>>>> /etc/NetworkManager/NetworkManager.conf file; to which the following
>>>>> will be added:
>>>>>
>>>>> [connectivity]
>>>>> uri=http://start.ubuntu.com/connectivity-check.html
>>>>> response=Lorem ipsum
>>>>>
>>>>> See the manual page for NetworkManager.conf(5) for the details of what
>>>>> these settings do.
>>>>>
>>>>> Please let me know if you have questions or think there are good
>>>>> reasons not to enable this feature. If there is no response by the end
>>>>> of the week, I'd like to proceed with a enabling this in Quantal and
>>>>> making sure it gets well tested.
>>>>
>>>> I think that a significant fraction of Ubuntu's user base is (reasonably) very
>>>> sensitive about privacy issues.  While this is no worse the the NTP check that
>>>> already exists (that is controversial), I don't think it  should be enabled by
>>>> default.
>>>
>>> I think that for those who are concerned, this is trivial to disable.
>>> But, I think what happens for those who are, is that Ubuntu "does the
>>> right thing" by default.  If you're at a hotel or other location that
>>> captures for a login page, you won't get your mail and apt and ... all
>>> downloading bogus stuff.
>>>
>>> --Ted
>>
>> There are other ways to detect such cases without having the machine
>> connect to an external service.
>>
>> Someone suggested on IRC to implement a doesnt-exist.ubuntu.com which is
>> essentially a record that Canonical would guarantee never to exist in
>> the ubuntu.com. zone.
>>
>> If you can resolve or even access that host, then you are behind some
>> kind of captive portal/proxy.
>>
>
> That only works if the portal/proxy spoofs DNS. Some don't do that.
>
> Seriously, there's a whole slew of software on the desktop that connects
> to the Internet regularly, I don't see how this is any different. It's
> easy to change for paranoid people, and enabling it would make Ubuntu so
> much better for a majority of users.
>
> Marc.
Just to clarify, I'm not at all against that change, being one of the
ones who asked Mathieu to put that on this todo after looking at 2-3
implementation of that check in ubiquity alone that I'd love to get rid off.

I'm not sure I like the idea of having NM poke that same address every 5
minutes as it sounds like a pretty easy way for anyone to accurately
count the number of Ubuntu machines currently running in any given network.

Sadly it's not how it was implemented in Network Manager, but I think
I'd have preferred to have this check be exposed over DBUS so that
applications like ubiquity can use that call to query the connectivity
on demand.
This would also have allowed to extend the check to work with other
protocols, letting the client application query for a specific host and
protocol if it wants to (with the default being whatever is defined in
NetworkManager.conf).

--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com




--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (918 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Scott Kitterman-3
In reply to this post by Marc Deslauriers-3
On Tuesday, July 10, 2012 03:27:07 PM Marc Deslauriers wrote:

> On Tue, 2012-07-10 at 15:21 -0400, Scott Kitterman wrote:
> > On Tuesday, July 10, 2012 02:06:32 PM Ted Gould wrote:
> > > On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
> > > > On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
> > > > > As for the actual change, it is limited to the
> > > > > /etc/NetworkManager/NetworkManager.conf file; to which the following
> > > > > will be added:
> > > > >
> > > > > [connectivity]
> > > > > uri=http://start.ubuntu.com/connectivity-check.html
> > > > > response=Lorem ipsum
> > > > >
> > > > > See the manual page for NetworkManager.conf(5) for the details of
> > > > > what
> > > > > these settings do.
> > > > >
> > > > > Please let me know if you have questions or think there are good
> > > > > reasons not to enable this feature. If there is no response by the
> > > > > end
> > > > > of the week, I'd like to proceed with a enabling this in Quantal and
> > > > > making sure it gets well tested.
> > > >
> > > > I think that a significant fraction of Ubuntu's user base is
> > > > (reasonably)
> > > > very sensitive about privacy issues.  While this is no worse the the
> > > > NTP
> > > > check that already exists (that is controversial), I don't think it
> > > > should be enabled by default.
> > >
> > > I think that for those who are concerned, this is trivial to disable.
> > > But, I think what happens for those who are, is that Ubuntu "does the
> > > right thing" by default.  If you're at a hotel or other location that
> > > captures for a login page, you won't get your mail and apt and ... all
> > > downloading bogus stuff.
> >
> > First, I do a fair amount of travelling for $WORK, so I know all about
> > these. For people who travel, they already know about logging into the
> > web page when you get to the hotel.
> >
> > This kind of check doesn't actually guarantee anything since different
> > places handle these things differently.  Even if the proposed check
> > works, if a hotel captures and redirects port 25 or 587 (yes, port 587
> > redirection happens, although it's positively brain dead and rare) then
> > your mail is still screwed.
> >
> > If you're connected of not is on a port by port basis, so I don't think
> > this reliably solves the problem in any case.
>
> Solving it for a good proportion of cases is better than not solving it
> at all.
>
> It drives me nuts that Evolution and gnome-xchat spew error messages
> before I log into a portal, when this problem is already solved on other
> operating systems by using essentially the same technique.

I've got absolutely no objection to this if it's defaulted off for people like
you that want it.  

My MUA and IRC client of choice just let me know they can't connect.  There's
no spew of error messages.  If the problem is spew of error message when
connectivity is lacking (which can happen for lots of reasons), I think this
is the wrong way to solve it.

Scott K

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Mathieu Trudel-Lapierre-3
In reply to this post by Andrea Corbellini-4
On Tue, Jul 10, 2012 at 3:21 PM, Andrea Corbellini
<[hidden email]> wrote:

> On 10/07/12 20:41, Mathieu Trudel-Lapierre wrote:
>>
>> I'd like to enable connectivity checking in NetworkManager. We'd use
>> http://start.ubuntu.com/connectivity-check.html, running the check
>> every 5 minutes starting from the connection being established.
>> start.ubuntu.com has already been in use for a while to verify
>> connectivity from the installer, IIRC.
>
>
> Isn't a check every 5 minutes a frequency a bit too high? I mean, if a
> computer is connected to a "captive portal which catches and redirects
> requests", then the chances that the connectivity will change during time
> are very low. In my opinion, having a high frequency will just cause
> unnecessary wakeups and will show boring data in tools used for network
> debugging.
>
> Also, what should happen if the connection to start.ubuntu.com times out
> because of a network congestion? Has this case been discussed? (I wasn't at
> UDS)

Great point. I've been considering the implications of that particular
frequency. It's the default in NM, and it seems like a reasonable one,
but I agree such amount of regular traffic might be an issue for
start.ubuntu.com ;)

As for whetehr the connection might change during that delay, it's far
more about being able to properly catch the change from "captive" to
internet access reliably and without delay than the other way around,
so perhaps there's something to be fixed there, and stop the check
once it's been successful, or at least delay it further.

Mathieu Trudel-Lapierre <[hidden email]>
Freenode: cyphermox, Jabber: [hidden email]
4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Marc Deslauriers-3
In reply to this post by Stéphane Graber-2
On Tue, 2012-07-10 at 15:29 -0400, Stéphane Graber wrote:

> On 07/10/2012 03:20 PM, Marc Deslauriers wrote:
> > On Tue, 2012-07-10 at 15:11 -0400, Stéphane Graber wrote:
> >> On 07/10/2012 03:06 PM, Ted Gould wrote:
> >>> On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
> >>>> On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
> >>>>> As for the actual change, it is limited to the
> >>>>> /etc/NetworkManager/NetworkManager.conf file; to which the following
> >>>>> will be added:
> >>>>>
> >>>>> [connectivity]
> >>>>> uri=http://start.ubuntu.com/connectivity-check.html
> >>>>> response=Lorem ipsum
> >>>>>
> >>>>> See the manual page for NetworkManager.conf(5) for the details of what
> >>>>> these settings do.
> >>>>>
> >>>>> Please let me know if you have questions or think there are good
> >>>>> reasons not to enable this feature. If there is no response by the end
> >>>>> of the week, I'd like to proceed with a enabling this in Quantal and
> >>>>> making sure it gets well tested.
> >>>>
> >>>> I think that a significant fraction of Ubuntu's user base is (reasonably) very
> >>>> sensitive about privacy issues.  While this is no worse the the NTP check that
> >>>> already exists (that is controversial), I don't think it  should be enabled by
> >>>> default.
> >>>
> >>> I think that for those who are concerned, this is trivial to disable.
> >>> But, I think what happens for those who are, is that Ubuntu "does the
> >>> right thing" by default.  If you're at a hotel or other location that
> >>> captures for a login page, you won't get your mail and apt and ... all
> >>> downloading bogus stuff.
> >>>
> >>> --Ted
> >>
> >> There are other ways to detect such cases without having the machine
> >> connect to an external service.
> >>
> >> Someone suggested on IRC to implement a doesnt-exist.ubuntu.com which is
> >> essentially a record that Canonical would guarantee never to exist in
> >> the ubuntu.com. zone.
> >>
> >> If you can resolve or even access that host, then you are behind some
> >> kind of captive portal/proxy.
> >>
> >
> > That only works if the portal/proxy spoofs DNS. Some don't do that.
> >
> > Seriously, there's a whole slew of software on the desktop that connects
> > to the Internet regularly, I don't see how this is any different. It's
> > easy to change for paranoid people, and enabling it would make Ubuntu so
> > much better for a majority of users.
> >
> > Marc.
>
> Just to clarify, I'm not at all against that change, being one of the
> ones who asked Mathieu to put that on this todo after looking at 2-3
> implementation of that check in ubiquity alone that I'd love to get rid off.
>
> I'm not sure I like the idea of having NM poke that same address every 5
> minutes as it sounds like a pretty easy way for anyone to accurately
> count the number of Ubuntu machines currently running in any given network.

Meh, there are countless other things that can be used for that
currently...apt requests, ntp, browser user-agent strings, etc.

>
> Sadly it's not how it was implemented in Network Manager, but I think
> I'd have preferred to have this check be exposed over DBUS so that
> applications like ubiquity can use that call to query the connectivity
> on demand.

I'm confused...Network Manager already exposes connectivity information
over dbus, and that's what apps are supposed to use...


> This would also have allowed to extend the check to work with other
> protocols, letting the client application query for a specific host and
> protocol if it wants to (with the default being whatever is defined in
> NetworkManager.conf).

Well, the idea is apps ask Network Manager, so it can be configured in a
central location, and not have every app try and override the default...

Marc.



--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Marc Deslauriers-3
In reply to this post by Scott Kitterman-3
On Tue, 2012-07-10 at 15:36 -0400, Scott Kitterman wrote:

> On Tuesday, July 10, 2012 03:27:07 PM Marc Deslauriers wrote:
> > Solving it for a good proportion of cases is better than not solving it
> > at all.
> >
> > It drives me nuts that Evolution and gnome-xchat spew error messages
> > before I log into a portal, when this problem is already solved on other
> > operating systems by using essentially the same technique.
>
> I've got absolutely no objection to this if it's defaulted off for people like
> you that want it.  

This is useful for non-power users. Power users already know how to turn
the appropriate knobs to turn unwanted features off.

>
> My MUA and IRC client of choice just let me know they can't connect.  There's
> no spew of error messages.  If the problem is spew of error message when
> connectivity is lacking (which can happen for lots of reasons), I think this
> is the wrong way to solve it.

I disagree.

Marc.



--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Mathieu Trudel-Lapierre
In reply to this post by Marc Deslauriers-3
On Tue, Jul 10, 2012 at 3:39 PM, Marc Deslauriers
<[hidden email]> wrote:
[...]
> I'm confused...Network Manager already exposes connectivity information
> over dbus, and that's what apps are supposed to use...

Yes, and that will still work ;)

>
>> This would also have allowed to extend the check to work with other
>> protocols, letting the client application query for a specific host and
>> protocol if it wants to (with the default being whatever is defined in
>> NetworkManager.conf).
>
> Well, the idea is apps ask Network Manager, so it can be configured in a
> central location, and not have every app try and override the default...

On the other hand, it *does* become a much more valid test if the
application can ask for a particular host specifically, and a port --
then you know whether that exact service is reachable; which is not
necessarily the case otherwise. For instance, at home I'm clearly
connected and not behind a captive portal, yet my ISP blocks outgoing
port 25. Evolution could be thought to know to ask *something* over
DBus (or via a library) to know the current status of $mailhost :25.
The library or DBus service should know what the process for figuring
out whether what comes up from the request to port 25 should look
like.

That said, in this form it's getting pretty far out of the scope of
this email, and also out of what NetworkManager should, IMO, focus on.

Mathieu Trudel-Lapierre <[hidden email]>
Freenode: cyphermox, Jabber: [hidden email]
4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Jeremy Bicha-2
In reply to this post by Mathieu Trudel-Lapierre-3
On 10 July 2012 14:41, Mathieu Trudel-Lapierre <[hidden email]> wrote:
> Connectivity checking would be a big benefit in helping with properly
> recognizing the cases where you're connected to wireless, but actually
> behind a captive portal which catches and redirects requests --
> sometimes not all that gracefully. The most frequent impact of this is
> a corrupted apt cache when the files don't fail to be downloaded, but
> instead contain http data from the captive portal.

The corrupted apt caches are a hugely annoying bug. I have this
problem at work which sadly uses captive portals. Worse, there's not a
user-friendly way of fixing apt once this bug is triggered; it breaks
really bad.

I was thinking that it could be fixed by making apt smart enough to
not accept invalid data. But if NM can fix it, then I for one for
would be pretty happy.

It sounds though like apt still needs to be smarter or NM needs to be
smarter because there is still an up-to-5-minute window for things to
break.

Jeremy

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Stéphane Graber-2
In reply to this post by Marc Deslauriers-3
On 07/10/2012 03:39 PM, Marc Deslauriers wrote:

> On Tue, 2012-07-10 at 15:29 -0400, Stéphane Graber wrote:
>> On 07/10/2012 03:20 PM, Marc Deslauriers wrote:
>>> On Tue, 2012-07-10 at 15:11 -0400, Stéphane Graber wrote:
>>>> On 07/10/2012 03:06 PM, Ted Gould wrote:
>>>>> On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
>>>>>> On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
>>>>>>> As for the actual change, it is limited to the
>>>>>>> /etc/NetworkManager/NetworkManager.conf file; to which the following
>>>>>>> will be added:
>>>>>>>
>>>>>>> [connectivity]
>>>>>>> uri=http://start.ubuntu.com/connectivity-check.html
>>>>>>> response=Lorem ipsum
>>>>>>>
>>>>>>> See the manual page for NetworkManager.conf(5) for the details of what
>>>>>>> these settings do.
>>>>>>>
>>>>>>> Please let me know if you have questions or think there are good
>>>>>>> reasons not to enable this feature. If there is no response by the end
>>>>>>> of the week, I'd like to proceed with a enabling this in Quantal and
>>>>>>> making sure it gets well tested.
>>>>>>
>>>>>> I think that a significant fraction of Ubuntu's user base is (reasonably) very
>>>>>> sensitive about privacy issues.  While this is no worse the the NTP check that
>>>>>> already exists (that is controversial), I don't think it  should be enabled by
>>>>>> default.
>>>>>
>>>>> I think that for those who are concerned, this is trivial to disable.
>>>>> But, I think what happens for those who are, is that Ubuntu "does the
>>>>> right thing" by default.  If you're at a hotel or other location that
>>>>> captures for a login page, you won't get your mail and apt and ... all
>>>>> downloading bogus stuff.
>>>>>
>>>>> --Ted
>>>>
>>>> There are other ways to detect such cases without having the machine
>>>> connect to an external service.
>>>>
>>>> Someone suggested on IRC to implement a doesnt-exist.ubuntu.com which is
>>>> essentially a record that Canonical would guarantee never to exist in
>>>> the ubuntu.com. zone.
>>>>
>>>> If you can resolve or even access that host, then you are behind some
>>>> kind of captive portal/proxy.
>>>>
>>>
>>> That only works if the portal/proxy spoofs DNS. Some don't do that.
>>>
>>> Seriously, there's a whole slew of software on the desktop that connects
>>> to the Internet regularly, I don't see how this is any different. It's
>>> easy to change for paranoid people, and enabling it would make Ubuntu so
>>> much better for a majority of users.
>>>
>>> Marc.
>>
>> Just to clarify, I'm not at all against that change, being one of the
>> ones who asked Mathieu to put that on this todo after looking at 2-3
>> implementation of that check in ubiquity alone that I'd love to get rid off.
>>
>> I'm not sure I like the idea of having NM poke that same address every 5
>> minutes as it sounds like a pretty easy way for anyone to accurately
>> count the number of Ubuntu machines currently running in any given network.
>
> Meh, there are countless other things that can be used for that
> currently...apt requests, ntp, browser user-agent strings, etc.
None that gives you the guarantee of happening at a given interval.
NTP happens on boot and whenever an interface is brought online, so you
can't really know how many machines that's.

With the connectivity check running exactly every 5 minutes, you can
take a one hour sample of the http traffic on a network, divide by 12
and have a pretty accurate estimate of the number of machines on it.

Given a longer log, you could probably get an even more accurate count
by looking at the exact time different between checks to detect new
machines being turned on or machines disappearing.

>> Sadly it's not how it was implemented in Network Manager, but I think
>> I'd have preferred to have this check be exposed over DBUS so that
>> applications like ubiquity can use that call to query the connectivity
>> on demand.
>
> I'm confused...Network Manager already exposes connectivity information
> over dbus, and that's what apps are supposed to use...

What I'm saying is that I'd rather a "function" be exported over DBUS
than a "status"/"event".
So that when something needs to know whether they have connectivity they
trigger that test and possibly pass it some more information so that
Network Manager can test it "properly".

Querying the page in the background and poking the application back is
the difficult part of that process, not having a test service up and
running. So I could see quite a few software developers wanting to use
the capability in Network Manager but with their own test service and
possibly with a different protocol.

>> This would also have allowed to extend the check to work with other
>> protocols, letting the client application query for a specific host and
>> protocol if it wants to (with the default being whatever is defined in
>> NetworkManager.conf).
>
> Well, the idea is apps ask Network Manager, so it can be configured in a
> central location, and not have every app try and override the default...

Sure, in most cases they won't have to and so shouldn't mess with the
default, though I still think being able to override the default is
valuable as it'd let some developers have a way of preventing expensive
API calls when something is wrong on their side too.


For example you could have https://status.launchpad.net/nm.html be
checked by python-launchpadlib, acting as both a connectivty check and
as a service check.

If something wrong happens to LP, an admin could change that page, which
would prevent anyone using that page as a test from querying the API and
increasing the load on the application servers.

> Marc.


--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com




--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (918 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Enabling Connectivity Checking in NetworkManager

Scott Kitterman-3
In reply to this post by Marc Deslauriers-3
On Tuesday, July 10, 2012 03:46:18 PM Marc Deslauriers wrote:
> This is useful for non-power users. Power users already know how to turn
> the appropriate knobs to turn unwanted features off.

Only if they know about it.  Even most power users don't go digging through
their system's setting after each upgrade to see what's new that they might
want to change (OK, maybe they do on Gnome, because it doesn't take long, but
I don't thinke KDE users do).

On a related note, does the Plasma (KDE) NM widget have the U/I to manipulate
this?

Scott K

--
ubuntu-devel mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
12