toggle quoted messageShow quoted text
I think there are two main reasons:
- The operator lacks the experience and knowledge to properly implement security
- They have that knowledge and make a conscious decision that for the device's intended use, security isn't that important.
Sometimes we get wrapped in our 'professional' or even personal view of how things should be done, however, what we see as important may not be so for someone else.
John D. Hays
PO Box 1223, Edmonds, WA 98020-1223
On Wed, Mar 20, 2013 at 8:42 AM, Kristoff Bonne <kristoff@...>
Sadly enough, there seams to be one thing that people do not seams
to "port over" to the pi: security conciderations.
When we worked on unix machines, there where some core ideas like
"you shall not run applications run as root unless really
If I see that people happily run the whole application as
root/sudo only because they need access to a GPIO pin, or do not
even bother to change the password of the "pi" user, I get a very
bad feeling in my stomach!
Concidering the spread of ipv6 -where devices are becoming more
and more accessable from the web- and embedded devices (like the
pi) controlling more and more critical infrastructure; making sure
these devices are properly protected in not a luxury anymore!!!
Kristoff - ON1ARF
On 20-03-13 15:50, Jeff Francis™ wrote:
The beauty of the Pi is that it's a Linux box. Pretty
much anything (including books, tutorials, code examples,
etc.) that applies to full-sized Linux boxes applies to
the Pi. The only real difference is that it's smaller and
has some handy IO ports right on the board. Think of the
Pi as running Linux on a mid-90s era home PC. It's about
the same speed, power, storage, and RAM, but with the
benefit of much newer software. If you know linux,
there's zero learning curve to using the Pi.