[ale] Cross platform notification

Alex Carver agcarver+ale at acarver.net
Fri Jan 10 23:50:48 EST 2014


On 1/10/2014 16:02, JD wrote:
> On 01/10/2014 06:16 PM, Alex Carver wrote:
>> I was looking into notification methods that I could use for one of my
>> projects to send quick messages to multiple machines (pretty much every
>> desktop or mobile platform currently in use) on my local network.  I see
>> Growl seems to be available for nearly every platform and seems to be a
>> fairly simple protocol.  I just wanted to solicit opinions on this kind
>> of notification method.  The originating computer is going to be one of
>> the Linux machines and I've been experimenting with sending by bash
>> script which is nice, simple, and requires no libraries, just netcat.  I
>> might later write up a small transmitter in C but I think bash will
>> probably work well for now.
> 
> Netcat is a HUGE!!!!!!! security risk. I wouldn't ever use it beyond POC and
> only on an air-gapped lab network.

Netcat isn't a risk if it's transmission only.  I'm not using netcat in
receive mode, just in send mode to send a preformatted text file (the
headers of the GNTP protocol very similar to HTTP headers) to the
waiting receiver.  Regardless I may end up writing a small program that
uses normal sockets but the Growl protocol doesn't require a constant
connection.

> What sort of notifications?  Desktops, system to system, system to specific
> client?  system to any normal web-client?
> Any chance this will every be wanted over the internet in the future?

This is a notification from a daemon (or, more precisely, a helper
program/script between a daemon and the notification protocol) to any
device subscribed to said notifications (whether that's my phone, my
desktop, my laptop, or anything else.)  No web clients, ideally just a
service running on each client machine that delivers just a pop-up
message when a notification is sent (e.g. sort of like a notification
that pops up when an email is received in Thunderbird).

No chance this will be on the Internet.  This is purely a personal project.

> And ... isn't growl commercial?  What is the fallback if it isn't available?
> What about non-GUI client machines?

Growl appears to be open source. The protocol is completely documented
and published online.  non-GUI machines won't be the recipient of these
messages, only GUIs.  The transmitting machine is the only non-GUI
system in play.

> Is polling an option? If so, you could setup a REST web interface on a central
> box that clients can push and pull from. REST means it is trivial to make a
> client via a bash+curl script.

Polling is not an option in this case.  It must be initiated by the
server and transmitted to the clients only when desired.  The clients
can not be polling.  The bash process is part of the transmitter not the
receiver so bash in any form will not be pulling data, it will be
sending.  That's why I started investigating Growl since it seemed
fairly trivial to package and send a notification.  The bash script
literally has to create a five line file that looks a lot like HTTP
headers and then fire that over the network with netcat.  The receiving
Growl program handles the acceptance and display.

> XMMP? More effort to use (only slightly), but extremely flexible.

I'll look into it.  If I can use XMMP as simply as a text file fired
over the network with netcat then I'll consider it.  More important that
there are clients for all platforms.


> 
> Or place the messages into a file that every client has read access from. KISS
> does work after all.

Different OSes, not all of them can access random files on the machine
that will send the messages so that's out.  By the same token, there's
no guarantee that only one system will be sending notifications so a
central file is less likely.

> What are the authentication needs?

Growl authenticates with various one-way salted hashed passwords so I've
been using their protocol which in my case is using SHA256 one-way
hashing of a salted password.  It's a shared secret configuration (have
to enter the password on both ends and only hashes are transmitted).
That's probably more than I need since it's not live on the Intenret
just on my local network but I did it anyway.  See the link at the
bottom for the description of the authentication.

> What are the encryption needs? Anything sensitive involved .. even in the future?

I can potentially encrypt a packet (it's documented in the protocol) but
I don't need to, there's nothing secret.  These are literally simple
notifications (e.g. "Script done." or "The laundry is finished.")  But
if I needed it, it's documented in the protocol, too.  So something
simple like that is good.


Here's the protocol itself (the Growl For Windows page has the protocol
pretty printed so it's the most legible of the sources I've found online).
http://www.growlforwindows.com/gfw/help/gntp.aspx




More information about the Ale mailing list