PDA

View Full Version : Manually setup TV in MyRemoteApp / direct IP communication?



maldex
02-25-2012, 09:09 PM
Hi there

I'd like to use our Galaxy P6800 (Android 3.2, MyRemote 2.0.1) against a 46PFL8606K(Q5551-0.14.95.0). Since we want to disable intra-BSS communication (WiFi device can't talk to other WiFi device directly) i was wondering how to setup the TV manually?

We hook up the TV to the wired network which is fully (TCP/UDP/ICMP) reachable from wireless, but in a different IP-Subnet. The Accessoint does Routing and not bridging between, being also the end for broadcasts.
(192.168.2.x --AccessPoint--> 192.168.1.x)

So IP-wise, the tablet can reach the TV, Ping works.

Is there a way to manually setup the TV in the MyRemote app? Is that way of communication between MyRemote and TV actually possible withouth broadcasting?

if broadcasts would be necessary, how would they look like aside from dst: 192.168.1.255?

(sorry, i have a some understanding of networking but are quite new to "multi media". Just trying to figure out whether we have to sacrifice security for functionality ;) )

cheers & thx
Josh

smart
02-25-2012, 09:41 PM
Hi,

seems that you have a quite "tricky" setup! As far as I know, the TV and the MyRemote app device have to be in the same network. And the MyRemote has to be connected via WiFi. Using 3G and a VPN is not working.

So I assume, you won't succeed by having the TV and the MyRemote in different subnets. I do not know a possibility to setup the setup manually.

Why do you want to have both devices in different subnets? What are the security reasons you mentioned?

maldex
02-25-2012, 11:13 PM
Just simple security. WiFi devices should not talk to each other. If you can achieve a controlled way through a firewall, you always prefere that. And with today's smart devices, they can cause easely quite some havoc as well, imagine a bot-net running on iPhones? massive! :)

Besides some networking paranoia i just don't want another microwave sender around me when i can use cables. I'd rather switch off that radio unit.

I guess i'm asking for too much again, but it's annoying if the technology is in place but the implemenation lacks a certain basic feature set?!

Is there any documentation of the protocol being used? The JointSpace API does not fully cover the same functionality...

cheers
Josh

maldex
02-25-2012, 11:16 PM
Blocking traffic between members of a wifi network is in the 802.11 specification when being in infrastrucutre/accesspoint mode. A very basic feature, just very few end-user-accesspoints implement it. Usually "enterprise" AP's have that by default set. FYI :)

smart
02-26-2012, 10:05 AM
Just simple security. WiFi devices should not talk to each other. If you can achieve a controlled way through a firewall, you always prefere that.
I want to understand the security reason. What is not controlled, when the devices talk to each other directly?


And with today's smart devices, they can cause easely quite some havoc as well, imagine a bot-net running on iPhones? massive! :)
What is a havoc?
I can image, that bot-nets might also consist of modern phones. How should that direct wifi communication block prevent a bot-net?


Besides some networking paranoia i just don't want another microwave sender around me when i can use cables. I'd rather switch off that radio unit.
Shouldn't there be a way to implement an ap without a seperate subnet, for this? Like a WLAN-Bridge?

smart
02-26-2012, 10:09 AM
Blocking traffic between members of a wifi network is in the 802.11 specification when being in infrastrucutre/accesspoint mode. A very basic feature, just very few end-user-accesspoints implement it. Usually "enterprise" AP's have that by default set. FYI :)

The ap I use, has such a feature. I have turned on the communication between the devices. I did that, since it made sense for me, that the can exchange information without the ap in the middle to reduce bandwidth.

Still don't see any security issue.
But the problem you are facing seems to have nothing to do with that setting. The basic point is, that both devices has to be in the same subnet.

maldex
02-27-2012, 08:00 PM
Jap, issue seems to be that it must be in the same broadcast domain. Traversing an IP router definitely fails :(

Why such a feature makes sense? Imaging a Hotel, the customers in the rooms should be able to access the internet but not each other. You don't want Customer A to be able to hack Customer B's laptop, and vice versa.
Extending that thought, iPhone hat the funny root-access-issue, a mid-sized hotel provides me with at least a dozend iPhones nowadays. Writing the bot self-replicating (worm), a often-traveler imposes the electronic similar risk as someone traveling with a contagious disease.
Nothing guarantees you that your Android or Windows mob is "secure".

We have quite a few devices on that particular WiFi where we don't "trust" all of them. Additionally, every device that offer a service is vulnerable on this service (simplest DoS). Not sure how far security goes into mobile and multimedia devices, but everyone who has the MyRemote app loaded can mess with our TV, whether we want or not. No way to control that, is it?

Working with enterprise networks just makes you paranoid at home as well :)

Also afaik, enabling the devices to talk to each other goes anyway through the AP anyway. AP receives ethernet frame and just sends it out again, but without any additional filtering. Afaik, never sniffed yet.

Yes, it'd be possible to enable a further SSID and make a dedicated network for the TV, but that's slightly over the top. I can live with the original IR remote as well, was just curious whether there is a possibility anyway. Seems that MyRemote is not going to be used here, thanks for the talk anyway :)

cheers
Josh

smart
02-28-2012, 07:11 AM
For sure, in a hotel you have some special use case. You want to allow each to access the internet, but no one should risk getting a virus. So forbidding communication might be a practical way to improve that.

For you at home, it makes sense, that those devices can talk to each other. You want to controll the TV, so you might allow the communication. And for the remote, it should detect all devices, so it has to use some broadcasts, which makes it necessary to have all in the same subnet.

Thought a little about the hotel and the principle and the only way this might be solve would be, that a TV registers at a Philips server with an user id. Then the MyRemote registers at the same external Philips server and then they communicate with that one in the middle. This would work also in the hotel. Each TV might get an id and pw. The MyRemote will connect to it through the internet with that id and pw.

But this is also an overhead, which is not necessary, since you might want to trust your own devices at home...

maldex
02-28-2012, 12:35 PM
A house with multiple flats all the same wifi. Similar to a hotel, and from what i saw we're the only one with a Philips TV :)

The idea with registering device and remote is not necessarely a better solution. Remember you'd have the two devices bound to each other in an external system, but that they both can talk to each other is not given. (exept they always detour through the external server).

There is actually one simple solution: rely on simple TCP/UDP based communication instead/aditionally to the broadcasting. (as you access your wired-harddisk/printer/whatever from wifi).

If the TV would expose a proper set of TCP/IP or UDP/IP services i could allow just my tablet to our service
e.g.

192.168.2.17 -> 192.168.1.2:567 Allow
ANYTHINGELSE -> 192.168.1.2:ANY drop

of coarse i'd have to tell the tablet (.2.17) that the TV is reachable on 1.2. But this is networking basic, the same since 15yrs. And i was assuming that the App and TV talk proper IP, but they obviously don't :) (device lookup with broadcast is still possible and a industry standart (like the network neibourhood in windows), but as soon as you found your peer you switch to direct connection.)

So it comes down to security vs flexibility. -> for the flexibility of using the MyRemote app i have to enable WiFi on the TV, reduce WiFi security and there is no further way to secure the TV.
Seen from a security perspective i also have to remove the cable since the TV would bridge wired and wireless networks, short-circuiting any firewalling between.

I complety agree with you that this exceeds the usual home-requirements. It just pisses me off that Multimedia developer don't think 1 step further.

cheers
Josh

smart
02-28-2012, 03:00 PM
of coarse i'd have to tell the tablet (.2.17) that the TV is reachable on 1.2. But this is networking basic, the same since 15yrs.
Yes, for sure, it would be easy for me and for many users here. But I assume, there are many users who have no knowledge of network details and don't want to know them. Maybe one should be able to access advanced settings to switch to an expert mode.

I also like abstracting from technical details in many cases, but also want to have the possibility to create special setups. It depends. In some cases, I want to easily setup things, and the current implementation is really very easy to setup.

I thought of showing picture with MyRemote remotely on the TV. Imagine, you have taken a picture and want to show it immediately on your TV for the people at home. You could create a VPN connection to your home network and you could show it on your TV. Unfortunately MyRemote only works with wifi. It gives a hint to enable wifi and refuses to work...

maldex
02-28-2012, 04:07 PM
that was exactely what i was asking: manual setup of the peer. Something like a "advanced" button or "expert settings" or something like this.

Don't get me wrong, i appreciate if something works for nomal-users which are not too into technology. I just find that this could be better solved, independend of ease-of-use.

And right, displaying pictures from your phone or even streaming movies would be a really nice extension. I'd also like it if the TV could stream a video to the tabled, like i could watch TV in the bedroom :)

But this has no relation with what we were discussing here. Tabled and TV can talk to each other, i'm critisising how they talk, but what they talk is a other topic :)

Cheers
Josh

maldex
02-28-2012, 04:11 PM
Good it's question of your security, but if Philips would talk over defined TCP Ports, you expose this port to the internet on the firewall and there you go, control your TV from everywhere. Again, TCP basics :)