Re: Books


I think there are two main reasons:
  1. The operator lacks the experience and knowledge to properly implement security
  2. They have that knowledge and make a conscious decision that for the device's intended use, security isn't that important.
Sometimes we get wrapped in our 'professional' or even personal view of how things should be done, however, what we see as important may not be so for someone else.

John D. Hays
PO Box 1223, Edmonds, WA 98020-1223 

On Wed, Mar 20, 2013 at 8:42 AM, Kristoff Bonne <kristoff@...> wrote:

Hi Jeff,

Sadly enough, there seams to be one thing that people do not seams to "port over" to the pi: security conciderations.

When we worked on unix machines, there where some core ideas like "you shall not run applications run as root unless really necessairy", etc.

If I see that people happily run the whole application as root/sudo only because they need access to a GPIO pin, or do not even bother to change the password of the "pi" user, I get a very bad feeling in my stomach!

Concidering the spread of ipv6 -where devices are becoming more and more accessable from the web- and embedded devices (like the pi) controlling more and more critical infrastructure; making sure these devices are properly protected in not a luxury anymore!!!

Kristoff - ON1ARF

On 20-03-13 15:50, Jeff Francis™ wrote:

  The beauty of the Pi is that it's a Linux box.  Pretty much anything (including books, tutorials, code examples, etc.) that applies to full-sized Linux boxes applies to the Pi.  The only real difference is that it's smaller and has some handy IO ports right on the board.  Think of the Pi as running Linux on a mid-90s era home PC.  It's about the same speed, power, storage, and RAM, but with the benefit of much newer software.  If you know linux, there's zero learning curve to using the Pi.

Join to automatically receive all group messages.