[ale] Cross platform notification

Alex Carver agcarver+ale at acarver.net
Sat Jan 11 16:26:01 EST 2014


Right that's understandable but that's NOT what I'm doing with netcat.
I'm using netcat to SEND, not receive.  The receiving program is a full
program that does only one function not a random netcat listening on a
port.  The daemon that I want to give the ability to send notifications
to other clients has its output formatted and sent via netcat to those
clients:

$ daemon.program | notifier.processing.script &

#notifier script:
if ( input == some.condition )
   cat condition.message.file | netcat remote.client notification.port
fi

There's no listener here at all with netcat.

On 1/11/2014 13:19, JD wrote:
> I've seen nc used to create an unauthenticated listener that could run any shell
> command from a remote location. That is like having telnet without the login
> running under whatever authority the nc process has.  THAT is most definitely a
> risk to system security in my book.
> 
> Others are welcome to different opinions.
> 
> On 01/12/2014 04:01 AM, Matt Hessel wrote:
>> Netcat isn't really a security risk.  It's just convienent.  Most of what it
>> does can be done with creative scripting and bash.
>>
>> On Jan 10, 2014 11:55 PM, "Alex Carver" <agcarver+ale at acarver.net
>> <mailto:agcarver%2Bale at acarver.net>> wrote:
>>
>>     On 1/10/2014 16:50, Pete Hardie wrote:
>>     > XMPP is a fairly widespread protocol, and libraries exist for the
>>     > sending end to hook into for most languages
>>
>>     Most languages but if it's able to be used by bash then I'll consider
>>     it.  Not every transmitter is going to be a fully compiled program.  I
>>     really do want to occasionally set up a simple bash script that fires
>>     off a preformatted text file at the destination receiver.  I have
>>     already tested that with Growl, simple text file with the GNTP headers
>>     as per the protocol spec, transmit with netcat and notifications pop up
>>     on the receivers.  No libraries needed.
>>
>>
>>     >
>>     > On Fri, Jan 10, 2014 at 7:02 PM, JD <jdp at algoloma.com
>>     <mailto:jdp at algoloma.com>> wrote:
>>     >> On 01/10/2014 06:16 PM, Alex Carver wrote:
>>     >>> I was looking into notification methods that I could use for one of my
>>     >>> projects to send quick messages to multiple machines (pretty much every
>>     >>> desktop or mobile platform currently in use) on my local network.  I see
>>     >>> Growl seems to be available for nearly every platform and seems to be a
>>     >>> fairly simple protocol.  I just wanted to solicit opinions on this kind
>>     >>> of notification method.  The originating computer is going to be one of
>>     >>> the Linux machines and I've been experimenting with sending by bash
>>     >>> script which is nice, simple, and requires no libraries, just netcat.  I
>>     >>> might later write up a small transmitter in C but I think bash will
>>     >>> probably work well for now.
>>     >>
>>     >> Netcat is a HUGE!!!!!!! security risk. I wouldn't ever use it beyond POC and
>>     >> only on an air-gapped lab network.
>>     >>
>>     >> What sort of notifications?  Desktops, system to system, system to specific
>>     >> client?  system to any normal web-client?
>>     >> Any chance this will every be wanted over the internet in the future?
>>     >>
>>     >> And ... isn't growl commercial?  What is the fallback if it isn't available?
>>     >> What about non-GUI client machines?
>>     >>
>>     >> Is polling an option? If so, you could setup a REST web interface on a
>>     central
>>     >> box that clients can push and pull from. REST means it is trivial to make a
>>     >> client via a bash+curl script.
>>     >>
>>     >> XMMP? More effort to use (only slightly), but extremely flexible.
>>     >>
>>     >> Or place the messages into a file that every client has read access from.
>>     KISS
>>     >> does work after all.
>>     >>
>>     >> What are the authentication needs?
>>     >>
>>     >> What are the encryption needs? Anything sensitive involved .. even in the
>>     future?
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
> 



More information about the Ale mailing list