NSLU2 Now More Useful

NSLUG writes "The WRT54G's not the only hackable kid on the block. Linksys has a new device out. The NSLU2 is a tiny network storage device running Linux and it's been hacked to add SSH, NFS, an iTunes server, etc. Tom's Hardware is running a series of articles on how to hack the NSLU2. The first article is here and the second is here. Check out this page for details on getting into the box."

ah that wonderful kernel

[Stevyn (691306)]

This is another example of why linux is so damn cool. That little kernel can go anywhere.

Re:ah that wonderful kernel

[Vo0k (760020)]

Unfortunately not always. [8052.com]
Anybody up to...?

Re:ah that wonderful kernel

[drinkypoo (153816)]

Windows NT scales neither up nor down as well as Linux does. It is really only suited to systems with between one and four processors, for example, and no current version of windows (including embedded versions, but besides WinCE which is a different operating system anyway) can handling running in less than about 32MB well. While you may end up with an older version of the linux kernel, you can still get older kernels with up to date security patches which will run on minuscule systems, say 4MB ram, no MMU, et cetera.

Windows can go many places, but not nearly as many as Linux.

Linux embedded integrators are lazy

[by Anonymous Coward]

It shouldn't be this easy to let hackers break into the system, and there really shouldn't be enough tools in the OS to allow more functionality than the designers spec'd out for the device.

Linux is a great thing, on the desktop. But in embedded systems, the kernel is too tangled to successfully create a small distribution that is at the same time useful and feature-limited.

This is where operating systems designed from the ground up with modularity in mind fit the bill. QNX, iTron, and VxWorks all get around this hacking problem by not providing the tools for hackers to change the system.

Re:Linux embedded integrators are lazy

[julesh (229690)]

It shouldn't be this easy to let hackers break into the system

Why would you want to prevent them? It drives sales of your products.

the kernel is too tangled to successfully create a small distribution that is at the same time useful and feature-limited.

I don't agree. It is perfectly possible to do this, and know several people who _have_ done it. The issue is, it isn't worth the effort. It would take several weeks of developer time to determine exactly what is needed and what isn't, whereas there's actually no problem with including unnecessary features. So that's what happens.

Don't get me wrong, I think QNX et al are very cool systems, and there are many situations where they are more applicable than Linux. But I don't see anything wrong with Linux here.

Re:Linux embedded integrators are lazy

[bhima (46039)]

Provided you are selling your hardware at a profit no problem, but if you are using the hardware to subsidize the sales of services or consumables then big problem ala "iOpener"

Re:Linux embedded integrators are lazy

[julesh (229690)]

You are aware that the process for gaining access involves removing the hard disk from it, attaching it to another computer so you can modify certain files, and then returning the hard disk. Not the kind of thing you can do over the network.

If a hacker has physical access to your hard disk, you've got a lot more to worry about than this.

not in this particular situation...

[da5idnetlimit.com (410908)]

buzbee specifically indicate that he just accessed the flash-partition containing the system using the usb connector on the device and mounting the drive so he could

all his copying, untarring, editing and modifying where made on the device network share-drive, him being short on space and all...

so you don't need to fiddle a lot with the box, except for plugging in usb, which any luser can do.(?)

he didn't even have to crack the password :
"As expected, the passwd file showed the user accounts I had created with a /dev/null for the shell. But there were two accounts that had a real shell: root and an interestingly named account--ourtelnetrescueuser, that looked like a back door account used for debugging or recovery purposes.

root:WeeOvKUvbQ6nI:0:0:root:/root:/bin/sh
bin:x :1:1:bin:/bin:
lp:x:4:7:lp:/share/spool:
mail:x: 8:12:mail:/var/spool/mail:
ftp:x:14:50:FTP User:/:
nobody:x:99:99:Nobody:/:
ourtelnetrescue user:scFf7ZMXBMl4I:100:100::/home/u ser:/bin/sh
guest:scEPG0VnVyqmE:501:501:::/dev/nu ll
admin:sclzZZfodiRXY:502:501::/home/user/admin: /dev /null

test_user:scEPG0VnVyqmE:2000:501:::/dev/null
te st2:scEPG0VnVyqmE:2001:501:::/dev/null
test3:sc50 wKPq.zChw:2002:501:::/dev/null

But in order to use these accounts, I would need to have their passwords. I started down the path of cracking the passwords before I came out of my stupor and realized all I had to do was edit the passwd file and replace the encrypted password with a known encrypted password from one of my other accounts! I could also just add a valid shell to one of my accounts, but for starters, decided to just put a new password in for root and leave the rest of the accounts alone. "

See, just copying and pasting a configuration file...
even a luser ca do that (bis repetitam placient 8p )

Cheers

da5id

No. (was: Re:Linux embedded integrators are lazy)

[AmbyVoc (596135)]

You are totally missing the point. There is a difference in hacking and cracking.

The thing is highly likely be secure enough although it is modifiable (read: hackable). `Secure' doesn't have to mean `unhackable' you know.

Re:Linux embedded integrators are lazy

[bostonkarl (795447)]

Oh, please. Who are you with your shoulds and should nots. Did you read how folks originally broke into this box? They *physically* unplugged the USB2 disk from the NSLU2 and mounted the USB hard disk (which is NOT part of the NSLU2) directly to their Windows/Mac/Linux box(es). They then modified the password file from the Windows/Mac/Linux box. Being able to modify this device is a good thing. There is a collaberative spirit surrounding the newgroup associated with the folks developing *useful* applications to run on this the device. Linksys sells a very interesting and inexpensive piece of hardware with the NSLU2. A big reason it is inexpensive is that Linksys (1) lowers software development costs by using a ubiquitous operating system/software that it (Linksys) doesn't need to develop and (2) doesn't pay outrageous licencing fee for proprietary operating system/software that provides the same funcationality as freeware (Linux). QNX? You think the password file associated with QNX couldn't be modified in the same manner? VxWorks? Common.

Avaks RoadRunner 64

[koody (575863)]

A-Link has released two new ADSL-modems RoadRunner 64 and RoadRunner 64AP. Both have many advanced features, but the one that cought my eye was that they are Linux based. I bought the RoadRunner64 (without WLAN) and I've gathered some data about it.

You can find out more about the product either by looking at the RR64 feature sheet [a-link.com] or by checking out the guides and firmware [a-link.com] page.

The platform

Both versions use LSI Logic's HomeBASE platform with the AR901 network processor. The only difference is that the AP version has a WLAN module manufactured by Zydas.

The platform consists of AR901 processor (ARM922), the AR8203 analog-to-digital adsl chip and the AR229 USB/Ethernet chip. Note that the value of these parts is a measly $21 while I paid 80 EUR for the complete modem ;-)

Specs

Processor: ARM922 @ 200MHz integrated in the AR901 chip
Flash: 4MB
RAM: 16MB SDRAM
Ports: 4 RJ45, 1 RJ11, 1 power
Other: Zydas 802.11b WLAN (In RR64AP only)

One can simply ssh to the box. It has tftp support and you can mount nfs partitions, so setting it up to distribute kernels for a ltsp setup would be possible. Cool little gadget, I must say. Unfortunately the software isn't 100% yet, at least not the firmware I have (first release). I got the source by asking politely by e-mail, and after it suddenly borked on me, they changed it for a new one without any hassle.

$80 street price

[ediron2 (246908)]

Buy's got it for $71 if you use a $5 off coupon. Nobody /. 'em until I finish my order, though... thanks!

antivirus anyone?

[241comp (535228)]

How about someone installing ClamAV on this puppy? Have it auto-scan the HD every so often and keep your NAS nice and virus-clean!

Re:antivirus anyone?

[aldoman (670791)]

You could use this to secure an entire network, clamAV, mailscan and firewall.

As neat as this is...

[vasqzr (619165)]

As neat as this is, I can't help to wish there was a little more security in devices like this. What about when someone adapts some worm code to install a custom, ddos-zombie installation on the thousands of Linux-powered Linksys/etc routers out there?

Re:As neat as this is...

[EdMack (626543)]

What, a worm that breaks into your house, removes the hard-drive from your network storage and edits?

Shit, run!

Eh.

[iamdrscience (541136)]

It seems like there would be only a marginal intersection between the type of people that buy network attached storage devices and the type of people interested in hacking their network attached storage device. I mean, I would think most people who are able to hack their NSLU2 are also the type that have an extra computer around that they would use instead.

Think about AC power

[Tux2000 (523259)]

I would think most people who are able to hack their NSLU2 are also the type that have an extra computer around that they would use instead.

Sure you could use an old PC for that job. But that PC has at least a 150W PSU, often 200W, 250W or more, and almost every PC has at least one noisy fan. My tests on my ex-router (really old Compaq 486 without harddisk) show that a PC needs at least 40W AC power when IDLE, and much more with newer CPUs. According to the Datasheet [linksys.com], the device is specified for 5VDC @ 2A. USB ports must be able to deliver 0.5A each, so the "real" machine needs nothing more than 5V @ 1A. This means you never put more than 10W into the device, with a low power USB storage device, 5W should be possible IMHO. With a common wallbrick PSU (50% heat, 50% output), this translates to 20W AC power under FULL LOAD. With a modern switching PSU (20% heat, 80% output), and a low power USB storage device, you need about 7W AC power. That's what a modern ATX PC draws in standby mode (so-called "off").

Did I mention that the NSLU2 has no moving parts?

Tux2000, not related to Linksys except that I own a hacked WRT54G.

STABILITY

[interiot (50685)]

There are several important differences between a little system like this and an old computer:

• low power... makes the box silent, and the power-supply is simpler/cooler and likely to have a longer life
• simpler software... unlike an old box that potentially has a ton of different things running on it, this has a smaller set of very stable software that's likely to continue working forever
• easy backup/restore... the ROM image is 16MB, so it's something you can put a copy on all of your computers, and is trivial to restore. Whereas if your random machine lost its installation, how long would it take to do a re-install?
• it's small and cheap... yes, spare computers are cheaper, but whereas it's feasible to maintain and store 25 NSLU2's in my computer room, the same is not true of spare boxes... it'd be too noisy and much less stable.

Where we're going with this is having separate hardware to do each little network task. Since they're all running on separate CPU's, if one of them does die, the other ones will be fine, and will likely continue running for a long time.

• audio output/video playback (one per room)
• firewall/NAT/WiFi
• DMZ services
  • apache
  • sendmail
• network attached storage
• backup/restore
• X10 network interface
• ...

These are things you simply want to always work, and don't want to screw around too much.

RAID?

[241comp (535228)]

Could it be hacked to run software RAID 1 or RAID 10 on the attached hard drives? That would make it more useful for small office environments.

Re:RAID?

[turbine216 (458014)]

The unit already does scheduled disk-to-disk backups, without any hacking, which should cover whatever data integrity concerns you may have.

network attached accessories

[241comp (535228)]

Well, get a USB flatbed scanner with GPL drivers and you can have a network attached scanner. Come to think of it, there are probably lots of USB devices that one could share with this box. It could even do wiring closet security monitoring with a USB webcam and a remote machine which analyzes the images for movement. The possibilities appear endless (provided working drivers can be obtained and installed on the box).

Performance & # of USB ports

[Bushcat (615449)]

What's the real-world performance on this kind of device like? And why is it limited to two USB devices (other than the obvious fact that there are only two USB ports on the thing)? I'm considering one simply as a network backup device.

Re:Performance & # of USB ports

[Tux2000 (523259)]

Speed: The USB 2.0 Hi-Speed FAQ [usb.org] tells us that the maximum speed of USB 2.0 is 480 Mbit/s. The maximum speed of parallel ATA is 133 MByte/s = 1064 MBit/s, plus it does not have the "ATA over USB" protocol overhead. Serial ATA does 150 MByte/s = 1200 MBit/s, IIRC. The ethernet interface of the device supports 100 MBit/s. Modern harddisks can not deliver 133 MByte/s = 1064 MByte/s, but they become faster every day. Flash memory can be that fast, at least for reading.

Power: Each USB port must be able to deliver 5V @ 0.5A.

Now do the maths: You can see that already a single USB device can deliver more data than the ethernet port could transport. The CPU (according to http://www.batbox.org/nslu2-linux.html [batbox.org]) is an XScale CPU with 131.48 BogoMIPS, roughly comparable in Performance to a slow Pentium II. I'm sure it can't handle much more than 100 MBit/s Ethernet and two USB 2.0 ports.

Adding a second USB port is convenient to copy data directly between USB devices, e.g. for backup or upgrade purposes. But adding more USB ports costs 0.5A per port for the PSU, making it much more inefficient for each added port.

Tux2000

The whole idea is crazy

[ObviousGuy (578567)]

I don't get it.

Re:The whole idea is crazy

[Dr Reducto (665121)]

You have made Slashdot history, Obvious Guy.

I think that's ironic

[T.Hobbes (101603)]

well done

Re:The whole idea is crazy

[Draoi (99421)]

Congratulations!!! Woo .....

Ten Mil. Never thought I'd see the day.

Re:The whole idea is crazy

[VMaN (164134)]

A+ post... Will read again...

Re:The whole idea is crazy

[JPelorat (5320)]

Heh, actually, you did get it.

Re:The whole idea is crazy

[Inda (580031)]

Some of your past +5 Insightful and +5 Interesting posts have been... um... insightful and interesting.

This one is too short.

Did a big Flash "JACKPOT!!!" pop-up after hitting submit?

Re:The whole idea is crazy

[bfree (113420)]

I think it is safe to say that no-one in their wildest dreams could have picked a more ideal 10 millionth post then this! Ok, ok, the userid could be binary (maybe 10) and the date could be pretty (say 10/10/10 10:10) but the content of the post and even the username and email address, it nearly seems like a fix! I can see the next thinkgeek t-shirt already! I might even print my own!

Re:The whole idea is crazy

[titusjan (219930)]

Well, if it isn't ObviousGuy, my old FP nemesis...

It's no use trying to hide your real intentions by posting at +5 interesting. That's the oldest trick in the book, it doesn't fool anybody.

You think you've gotten 10^7th post because of all that money invested in a highspeed connection and a 2 by 4 reload button. You just got lucky! In the end my skilzz will beat your daddies money.

See you at 2^24th post.

How long will it take

[BubbaThePirate (805480)]

for you to ebay your /. account?
What a sad world we live in.
I got dibs!

Fast Times At /.?

[cyber0ne (640846)]

I don't get it.

THAT was the great and historic 10,000,000th post. Beautiful. I'm reminded of the "I don't know" written on the chalkboard in Fast Times At Ridgemont High.

Re:The whole idea is crazy

[The Ultimate Fartkno (756456)]

I hereby announce my line of high-quality t-shirts commemorating what will go down in history as a moment of sheer perfection in geekdom. The name, the post, the event... all so perfect for the occasion. Truly a singular moment, and we should all be proud to have been here.

The shirts will be available in S, M, L, XL, XXL, and Admin.

Babylon 5 decals are optional.

Re:The whole idea is crazy

[flatface (611167)]

Well, to make it easier for whoever's ordering the shirt, he is an admin [slashdot.org].. =)

Re:The whole idea is crazy

[suso (153703)]

Wow, we're such a bunch of geeks. I can't believe there are all these people looking for the 10,000,000th post.

Re:The whole idea is crazy

[selfsealingstembolt (590231)]

Well, there goes his account....

Take a look at his journal [slashdot.org].

Re:The whole idea is crazy

[MarsDefenseMinister (738128)]

Whoever owned ObviousGuy's account, please give it back. You've made your point, AND you got the 10 millionth post. There can be no greater glory to achieve, except for the respect of your fellow haX0rz and Slashdot citizens for being a good sport and returning the account.

And congratulations on a perfect 10 millionth post. Well done.

It will happen a lot sooner than that

[britneys 9th husband (741556)]

Some Slashdot history (thanks to $$$$$exyGal for the informative journal entry [slashdot.org]...

Post #1,000,000 on Jun 15, ???? http://slashdot.org/comments.pl?sid=6038&cid=10000 00 [slashdot.org]
Post #2,000,000 on Mar 1, ???? http://slashdot.org/comments.pl?sid=16359&cid=2000 000 [slashdot.org]
Post #3,000,000 on Feb 13, ???? http://slashdot.org/comments.pl?sid=27908&cid=3000 000 [slashdot.org]
Post #4,000,000 on Aug 2, 2001 http://ask.slashdot.org/comments.pl?sid=37241&cid= 4000000 [slashdot.org]
Post #5,000,000 on Jan 2, 2002 http://slashdot.org/comments.pl?sid=49501&cid=5000 000 [slashdot.org]
Post #6,000,000 on May 20, 2003 http://slashdot.org/comments.pl?sid=64871&cid=6000 000 [slashdot.org]
Post #7,000,000 on Sep 18, 2003 http://slashdot.org/comments.pl?sid=79101&cid=7000 000 [slashdot.org]
Post #8,000,000 on Jan 16, 2004 http://developers.slashdot.org/comments.pl?sid=930 44&cid=8000000 [slashdot.org]
Post #9,000,000 on Apr 28, 2004 http://science.slashdot.org/comments.pl?sid=105698 &cid=9000000 [slashdot.org]
Post #10,000,000 on Aug 18, 2004 http://developers.slashdot.org/comments.pl?sid=118 344&cid=10000000 [slashdot.org]

Unfortunately, I couldn't tell what year the first three were posted, but from 4 million to 10 million, you can see the number of days it takes to post 1,000,000 comments:

4 million to 5 million: 153 days
5 million to 6 million: 138 days
6 million to 7 million: 121 days
7 million to 8 million: 120 days
8 million to 9 million: 102 days
9 million to 10 million: 112 days

First observation: Comment posting is slowing down on Slashdot!!! Slashdot is dying!!! Netcraft confirms it!!! OMGWTFBBQ!!!

(end troll mode)

Second observation: At the current rate of posting, it will take us 3 years to post 10 million more comments, or about 27 years to get to 100 million. So you can reschedule the celebration from 2525 to 2031, if not sooner.

Re: It will happen a lot sooner than that

[Omniscient Ferret (4208)]

I might have a different display setting, because I can see them:

Post #1,000,000 on June 15th, 2000 [slashdot.org]
Post #2,000,000 on Mar 1, March 1st, 1999 [slashdot.org]
Post #3,000,000 on February 13th, 2002 [slashdot.org]

Yeah. 2000, 1999, 2002. It's been noted elsewhere. [slashdot.org] Along with the others noted above, that's 2000, 1999, 2002, 2001, 2002...

Power consumption and price comparison

[Glyndwr (217857)]

Lots of people are claiming that this is much cheaper to run than a dedicated ATX server, but they are forgetting you need to power the hard disks too. In my (limited) experience, powering desktop 7200rpm disks from USB is very dicey, so you need externally powered hard disk boxes for them.

Based on UK prices turned up in 30 seconds by Google, so probably not the cheapest to be had, but never mind.

NSLU2: £60, 5V/2A power into device

Cheap USB hard disk box:£35, 50-80VA power into the PSU brick (based on the one on my desk). I'll use 70VA, to be on the safe side.

So, outfitting one of these for two hard disks would cost around £130. Assume a 60% efficiency plugpack for the NSLU2 (which seems conservative) and total power consumption would then be around 160VA.

In comparison, my server has an Athlon 900Mhz, a couple of fans, the same two hard disks, and a 300W PSU. Let's assume it's highly loaded and actually draws around 250VA; I'll ignore power correction factor for these calculations.

At 10p/kWh, the NSLU2 costs 39p per day to run, and the server 60p. If I upgraded to the NSLU2, it would take over 3 years to get a ROI from a purely financial point of view. Unless I've gotten something wrong, in which case I'm sure some clever slashdotter will correct me in a few seconds :o)

So, on purely financial grounds, perhaps hard to justify. Still, it's nifty, it's a hell of a lot smaller than my existing server, and it would reduce the noise in this room nicely by eliminated a few fans too.

Update: hmmm, PC guide [pcguide.com] reckons it's more like 10W for a hard disk under use, suggesting the rather high sounding 50-80VA max draw are probably for 10,000rpm disks spinning up or something. Even assuming 15W to be on the safe side changes things around a lot; assume 75% efficient PSU plugpacks just to look on the bright side, and we get 20W per hard disk and 13W for the device = 13p per day. Break even is now about 9 months; not too shabby, given the other benefits.

Re:Power consumption and price comparison

[WuphonsReach (684551)]

Most 5400rpm drives are 6-7W idle and ~10W when seeking. The 7200rpm drives are a bit more power hungry, 7-10W idle and 10-13W seeking. Dunno about 10k RPM drives, but for a low-power fanless server you'd want to stick with cool running 5400rpm drives anyway. (Those numbers are from the manuf websites.)

Here in the northeast US, 10W of power draw costs $0.60/mo. Figure a 25W low-power CPU like a VIA C3, another 10W for the motherboard, plus 2x7.5W for a pair of 250GB 5400rpm drives in RAID1. That *should* clock in at around 50W on average, and maybe 40W if the disks spin down. The NSLU2 draws 10W (max) plus another 15W for the (2) USB hard drives for a total of 25W (being conservative). So the cost savings is around $1/mo.

Unit price for the NSLU2 is $80, plus another $50 for a pair of USB enclosures. Definitely cheaper then building a mini-ITX system (est $300-$400, not including drives).

All that being said, I prefer my toaster-sized mini-ITX linux server.

Re:AAAAAARGH!!

[pigeon (909)]

Don't worry about it, this machine has no wireless and no routing, which the wrt has. And oh, I killed my WAP54 (similar to the wrt) while flashing... talking about aaaagh.

Re:AAAAAARGH!!

[aldoman (670791)]

The WRT54G is a superb router - it's product's like this which made Cisco by them out because they were starting to verge on their low end devices which cost 10x as much.

Of course, no-one got fired for buying Cisco but I'm sure we will see a hell of a lot more of these sorta devices at remote sites and for 'glue'.

Re:AAAAAARGH!!

[strictfoo (805322)]

Lucky for you, the NSLU2 stands for "LINKSYS Network Storage Link for USB 2.0 Disk Drives"
so you can have both the WRT54G and the NSLU2, unless you were looking for two items to hack.

Re:passwd files

[julesh (229690)]

*nix n00b question, maybe, but why not just blank the [root] password out?

Err... to stop anyone on your network from connecting and wiping all your data / nicking your pr0n collection?

One thing I have just noticed...

admin:sclzZZfodiRXY:502:501::/home/user/admin:/de v /null
test_user:scEPG0VnVyqmE:2000:501:::/dev/nul l
test2:scEPG0VnVyqmE:2001:501:::/dev/null
test3 :sc50wKPq.zChw:2002:501:::/dev/null

Its using the same salt for every password. This is horrendously insecure...

Re:Why ?

[Jeff DeMaagd (2015)]

If you want ssh, telnet and all the other toys, plug a real linux box into your network !

It is a real linux box. It was when it was packaged too.

The thing about this and WRT54G is that it can do things with more efficient hardware than setting up an inefficient ATX based system. These things consume watts, not hundreds of watts and are also fanless, lighter and more compact.

Re:Why ?

[HaloZero (610207)]

Space and spare hardware are issues for me. As a college student living in the dorms, I kindof really have to choose what I bring to school with me. Currently, I bring my WinXP tower for game-playing (and, as of now, mass-storage), my PowerBook, and an old school ThinkPad 600E as a network appliance linux utility. Say I need more storage, I'd have trouble finding space for another box between everything else (UPS, tower, storage for books, etc). Also, my complete-computer boxes often find their way into the hands of my friends, who are computationally less fortunate, so I don't always have spare hardware to run such an appliance from. Sure, there's the ThinkPad, but it lives in a ventilated drawer, for the most part, firewalling, scanning the network, etc. If I wanted a networkable mass storage device (NAS), this would work great. Further, the disks are reconfigurable. I'm sure you could even make it into an even more reliable solution by integrating mirror-RAID across the two USB disks. Just get two enclosures, two hard disks of the same size, and, presto, mirrored network backup. And a toy, to boot! (Boot. Haha.)

Your point is valid, but, this solution would be great for me.