
Show HN: Monitor.io – remote monitoring and debugging for socket.io - drewblaisdell
http://drewblaisdell.github.io/monitor.io/
======
stephenr
No auth? And it's over telnet so any auth will still be transmitted in
plaintext. What next, it will ship with hard coded "admin" "password" for
auth?

This is exactly why the version of devops where developers with no
sysadmin/server management/etc experience try to manage servers scares the
shit out of me.

~~~
jasonlotito
There are numerous ways to ensure this isn't accessible via an external
source. Indeed, even if it did come with username/password authentication, or
2-factor authentication, it still would be an exploit waiting to happen if
exposed.

You shouldn't be putting these things out on the open web in the first place.

So "No auth" isn't a bad thing, as there are better tools to ensure
authorization is done before ever getting access.

Edit: should to shouldn't

~~~
mrinterweb
This could be secured with a private network and a firewall. It would be nice
if the readme mentioned the security vulnerability this exposes, and maybe a
suggestion on how to secure the telnet port. I am sure that someone is going
to install this without thinking to secure the telnet port.

~~~
majelix
Spoiler alert: Your "private" network isn't.

------
jdp23
This seems like very useful debugging information.

But, what about security? Can anybody who discovers the port telnet in?

~~~
drewblaisdell
Great point. I am working on adding an option for requiring a
username/password to make this safe for production. It should be pushed in the
next couple days.

~~~
ultrafez
If you make it listen on 127.0.0.1 only, you'll only be able to connect to it
from a shell on the local machine, which will alleviate all of your security
issues.

~~~
drewblaisdell
Good idea—I just pushed an update with this functionality.

------
drewblaisdell
I pushed an update with "localOnly" mode, which prevents all connections from
non-localhost IPs.

monitor.io could potentially be used in production now if you telnet in from a
shell on the local machine.

------
_almosnow
This looks very useful, thanks, and thanks again for making it open source and
free.

Have you run some tests to measure (degradation of) performance?

------
biesnecker
Show HN: RemoteBackdoor.io -- remote monitoring and "debugging" for anything.

[http://i.imgur.com/2tjbLx1.gif](http://i.imgur.com/2tjbLx1.gif)

