-### rndaddtoentcnt
+Hippotat - asinine IP over HTTP
+===============================
-Seeding the random number generator by writing to /dev/urandom does not update the entropy count.
+Hippotat is a system to allow you to use your normal VPN,
+ssh, and other applications, even in broken network environments
+that are only ever tested with "web stuff".
-This utility makes the RNDADDTOENTCNT ioctl call needed to do this.
+Packets are parcelled up into HTTP POST requests, resembling
+form submissions (or JavaScript XMLHttpRequest traffic),
+and the returned packets arrive via the HTTP response bodies.
-Used in startup scripts after initializing /dev/urandom with a presaved seed.
+Scenario
+--------
-Example:
+You're in a cafe or a hotel, trying to use the provided wifi.
+But it's not working. You discover that port 80 and port 443
+are open, but the wifi forbids all other traffic.
- dd if=/path/to/some/random-seed-file of=/dev/urandom bs=512 count=1
+Never mind, start up your hippotat client. Now you have connectivity.
+Your VPN and SSH and so on run over Hippotat.
+The result is not very efficient, but it does work.
- /path/to/rdnaddtoentcnt <entropy-bit-count>
+The design goal is that if the your barista's phone works OK,
+or the hotel concierge can see Google on their computer,
+you can use the internet properly, despite
+whatever breakage and nonsense.
-where entropy-bit-count is a number between 1 and (8 * 512) depending on how much you trust the seed file.
+So Hippotat is an alternative to the futile strategy of
+trying to report technical bugs, or stupid portblocks,
+in terrible wifi systems.
+
+Of course it can't always help.
+If the wifi is bad enough that one's hosts'
+devices don't work reliably either,
+hopefully you can probably get them to reboot the magic box,
+or maybe get some money off, if wifi was supposed to be included.
+
+Non-goals
+---------
+
+**Hippotat does not provide meaningful encryption**.
+You should use protocols over the top of it
+that you would be happy to run over the public internet:
+encrypted ones, like a VPN or SSH.
+
+Use of Hippotat is not intended to be undetectable,
+or even particularly hard to distinguish from other uses of HTTP,
+should someone want to go to the effort.
+Rather, it is intended to be deployed against idiocy, ignorance,
+and incompetence.
+
+Protection against interference is limited to
+trying to defend against off-path attackers, and
+arranging that formerly-on-path attackers'
+ability to do harm will expire reasonably soon.
+
+Hippotat is not designed to allow you to "leech" internet access
+from "closed" Wifi.
+It won't work if "normal web access" doesn't.
+You might try IP-over-DNS systems for that.
~ian / hippotat.git / blobdiff