new release: Crossbar.io 17.3.1

#1

Hi,

happy to announce a new Crossbar.io release: 17.3.1

Get it on PyPI

https://pypi.python.org/pypi/crossbar/17.3.1

or directly from GitHub

https://github.com/crossbario/crossbar/tree/v17.3.1

Docker images will follow soonish. And we want to have snaps too.

This release brings a whole bunch of bug fixes and also a couple of new features:

https://github.com/crossbario/crossbar/blob/master/docs/pages/ChangeLog.md#crossbar-1731-2017-03-31

Two of which I'd like to point out .. pls see below.

I want to also raise awareness of 1 change we did:

Crossbar.io from PyPI and in general will now use _pinned_ and hashed dependencies for everything:

https://github.com/crossbario/crossbar/blob/master/requirements.txt

This is a security, repeatable build (well, sort of) and trust thing.

It also means that you really should install Crossbar.io into its own, dedicated virtualenv (or use Docker or snaps once we have them).

We've done a lot of testing. But this has gotten quite complex and feature rich, so please let us know if you experience any issues ..

Cheers,
/Tobias

1) Subscriber black-/whitelisting based on authid/authrole

Development (done by meejah) of this feature was sponsored by RECORD.evolution (https://iot.record-evolution.com/)

RECORD.evolution has been a Crossbar.io user basically since day 1, has a specialization in data-science, and is a consulting/project partner for Crossbar.io based IoT solutions.

Note: if you want a feature in Crossbar.io and get influence on our backlog priorization in exchange for some bucks, please get in touch! We'd love to move faster, but we need your support;)

2) Upcoming Tor support

We have the underlying infra for running WAMP transports over Tor (https://www.torproject.org/) now!

Credits go to meejah too here (he is a security addict very much like me, and the author of https://github.com/meejah/txtorcon).

This stuff gets me excited! Well, for the security/privacy geeks;)

What it means is: when a WAMP client connects to Crossbar.io over Tor, Crossbar.io will NOT be able to track the clients network identity or location of the client.

Of course it prohibits MITM attacks too.

And finally, when you combine that with the end-to-end encryption capabilities of Crossbar.io (WAMP-cryptobox), you will get an unmatched level of security, privacy and anonymity:

Even a host administrator (with full root access) of the machine running Crossbar.io will NOT be able to read or fuzz with any app payload.

It also means the same Crossbar.io router can be used by different stakeholders NOT sharing trust!

When this moves out of alpha, we will have addressed an issue raised 3 years ago

https://github.com/wamp-proto/wamp-proto/issues/81
https://en.wikipedia.org/wiki/Security_modes

by a guy who only ever filed this 1 issue on GitHub and then disappeared into nowhere.

I have some ideas what org he's working for;) Which would explain a lot .. in particular, the level of technical, security awareness/knowledge that shines through the question alone.

Anyway. We are now near at solving it. Even though it required some time (3 years).

···

---

0 Likes

#2

when we can update it from ubuntu repository as written hire ?
https://github.com/crossbario/crossbar/blob/master/docs/pages/installation/Installation-on-Ubuntu-Debian.md

i tryed to do step by step this manual and get crossbar v.0.13.2 as before

···

пятница, 31 марта 2017 г., 20:04:53 UTC+5 пользователь Tobias Oberstein написал:

Hi,

happy to announce a new Crossbar.io release: 17.3.1

Get it on PyPI

https://pypi.python.org/pypi/crossbar/17.3.1

or directly from GitHub

https://github.com/crossbario/crossbar/tree/v17.3.1

Docker images will follow soonish. And we want to have snaps too.

This release brings a whole bunch of bug fixes and also a couple of new
features:

https://github.com/crossbario/crossbar/blob/master/docs/pages/ChangeLog.md#crossbar-1731-2017-03-31

Two of which I’d like to point out … pls see below.

I want to also raise awareness of 1 change we did:

Crossbar.io from PyPI and in general will now use pinned and hashed
dependencies for everything:

https://github.com/crossbario/crossbar/blob/master/requirements.txt

This is a security, repeatable build (well, sort of) and trust thing.

It also means that you really should install Crossbar.io into its own,
dedicated virtualenv (or use Docker or snaps once we have them).

We’ve done a lot of testing. But this has gotten quite complex and
feature rich, so please let us know if you experience any issues …

Cheers,

/Tobias

  1. Subscriber black-/whitelisting based on authid/authrole

Development (done by meejah) of this feature was sponsored by
RECORD.evolution (https://iot.record-evolution.com/)

RECORD.evolution has been a Crossbar.io user basically since day 1, has
a specialization in data-science, and is a consulting/project partner
for Crossbar.io based IoT solutions.

Note: if you want a feature in Crossbar.io and get influence on our
backlog priorization in exchange for some bucks, please get in touch!
We’d love to move faster, but we need your support;)

  1. Upcoming Tor support

We have the underlying infra for running WAMP transports over Tor
(https://www.torproject.org/) now!

Credits go to meejah too here (he is a security addict very much like
me, and the author of https://github.com/meejah/txtorcon).

This stuff gets me excited! Well, for the security/privacy geeks;)

What it means is: when a WAMP client connects to Crossbar.io over Tor,
Crossbar.io will NOT be able to track the clients network identity or
location of the client.

Of course it prohibits MITM attacks too.

And finally, when you combine that with the end-to-end encryption
capabilities of Crossbar.io (WAMP-cryptobox), you will get an unmatched
level of security, privacy and anonymity:

Even a host administrator (with full root access) of the machine running
Crossbar.io will NOT be able to read or fuzz with any app payload.

It also means the same Crossbar.io router can be used by different
stakeholders NOT sharing trust!

When this moves out of alpha, we will have addressed an issue raised 3
years ago

https://github.com/wamp-proto/wamp-proto/issues/81

https://en.wikipedia.org/wiki/Security_modes

by a guy who only ever filed this 1 issue on GitHub and then disappeared
into nowhere.

I have some ideas what org he’s working for;) Which would explain a lot
… in particular, the level of technical, security awareness/knowledge
that shines through the question alone.

Anyway. We are now near at solving it. Even though it required some time
(3 years).


0 Likes