My DVB-T and DVB sat reception scrpts

(Can be changed with visudo, of course.)

What version are you running?

How recently updated?

Mine, which has been running Stretch for some time, is always fully up to date as of 'last Friday' because that is my offline backup + update day for all my systems, Sudo always prompts for a password if it hasn't been used for the last 5-3 minutes.

Admittedly, while ago sudo stopped prompting for passwords. That might have been when I upgraded to Stretch - I forget exactly when, but a month or three later sudo got updated and since then has asked for a password as you'd expect it to.

--
Martin    | martin at 
Gregorie  | gregorie dot org

Has always been the case from the very start of Raspberry Pi (Raspbian) until the latest versions. If it's different for you, you either changed it for user pi (and forgot about it?) or you are logged in as a different user.

That might explain the difference: I've never used the 'pi' user on mine and never connected a keyboard or screen to it.

The first thing I did, immediately after getting SSH logins to work (mine is a 2nd gen RPi B, so meant mounting its SD card on another Linux box, configuring sshd to start on boot and assigning it a static IP) was to set up a user with the same name as my normal login on my other machines so that "ssh hostname", would work on the RPi the same as my other hosts.

--
Martin    | martin at 
Gregorie  | gregorie dot org

Hello The!

12 Dec 18 15:17, you wrote to Martin Gregorie:

TNP> I ditched windoze for Linux in around 2004

TNP> But my internal network has been very very secure. My online servers are TNP> bombraded by ratware on a many per second basis., but they havent been TNP> cracked yet.

Sound very familiar.

TNP> I have to leave SSH world avialable in case they need attention when TNP> I TNP> am roaming, so thats constantly under attack. usually using 'root' BUT TNP> of course root access is disabled.

Even without SSH open it is still bombarded, as telnet and my Asterisk voip PBX.

TNP> Ought to set up a VPN tunnel :-)

That is what I have done. I mainly use Openvpn, but I have the MS type available as well. Firewalls and gsm networks do not always pass the command port for openvpn.

I have no clue about attacks on the VPN tunnels. I should think about a log rule in IPtables to accomplish that.

Kees

Well no worse than booting MSDOS with no users or passwords at all.

If its a personal computer and moderatelyy unconnected to the net, so what?

--
?But what a weak barrier is truth when it stands in the way of an  
hypothesis!? 

Mary Wollstonecraft

I dont think anyone attacks without good reason.

I mean, really, who cares about some bloke with a pi that is world writeable?

Not worth hacking.

You have perhap too much self importance. I very much dowubtrthat with the exception of my ex wife, anyone is intersted in malkiciolusly looking at the contents of my systems...boring as heck to anyone else.

Well I agree that its perhaps nota great idea if you are vulbnerable, but really, are you? And how much?

I dont do it myself, but thats more because its really not so hard to run with sudo/passwords. Or su - and the root password.

Most security discussions seem to be about fashion and arcane possibilities rather than real quantified risks.

It was a fact that I cuaght viruses when running windows. So I ran a virus checker.

It is a fact that since I used Linux, I have not caught a single one. So I don't scan for them.

--
?But what a weak barrier is truth when it stands in the way of an  
hypothesis!? 

Mary Wollstonecraft

and people wonder why there are so many botnets.

-- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. |

1) I do not run Windows. 2) I need to be in control of my 'puter all the time, in a flash.

Apart from the steering your car from the passenger seat, which is extremely dangerous, to protect your property you can do 2 things basically:

1) you can put locks on every door, passwords, cipher locks, steel sheets over the windows, a combination lock on the cookies jar, etc etc and that would make life very difficult if you actually had to live there. Or you could put a good fence with one lock around it, have some crockegators .. OK, hope you get the idea of a *firewall* for outside 'events'. Now you can get to the cookies and eat all of it without having to fiddle with keys and passwords.

On This World recently a Boeing went down. The complete idiot who programmed it to put the nose down if some sensor did see some low speed indicating stall was no pilot and did not seem to know that putting the nose down at very low altitude is basically crashing.

Many (160 people IIRC) were killed when the airspeed sensor failed an indicated a too low airspeed. The poor pilots did not know how to stop that computer.. had no root access.

We are moving towards a situation where artificial neural nets are going to run everything, in the medical world those already make diagnoses, in traffic those steer cars, in the military those are in autonomous weapons. Nobody can pull the plug so to speak [1].

Much scifi has been written about that, but the real situation is much worse already.

Computers and things run by those, are to serve us humans, and we need full control always.

It is a myth that your browser will get infected and taken over by some malware if you run the right software and know what you are doing that will never happen.

We live in a world where we now need a quadcore 2 GHz to send a simple email containing a few lines of ASCII text resulting in 10 MB junk being transmitted over the internet with likely many dangerous untested leaky infiltrated by Big Brother, advertising, tracing from google, what not. You have already been hacked. You read about hospitals being hacked, or big companies that are brought to a standstill and asked for money... The whole IT is run for a large part by people who 'sudo' all the time and still have no clue.

THAT is dangerous. Just in an other group we were discussing somebody who had all his company files controlled by what's it? 'dropbox'.

So, understand your 'puter, be root, or else play with something else.

It is all really simple, I come from an electronics background, in those days there were no computers available for the masses, processor for designs, we did everything with logic, analog, from the ground up to later microprocessors code, binary, asm. C, on most 'puters I run my own software, post this with the newsreader I wrote video processing and much is on my website. Screaming root is dangerous is a sign of total cluelessness, those people are dangerous themselves, sing that idiot song,

Basically you are wasting the time of everybody. I will leave it at that.

[1] those will outsmart many of you :-)

On a sunny day (11 Dec 2018 22:27:51 GMT) it happened A. Dumas wrote in :

exactly

It is very tempting to solve all your problems by running as root or as Windows administrator for everything.

But I resist the temptation and only use sudo when necessary - ie when a command fails as "pi".

Op 12-12-18 om 01:53 schreef Martin Gregorie:

I *did* say "standard user Pi doesn't need a password for sudo" :) (capital letter was wrong, though)

That's fine, but sometimes, in some situations, you will run into trouble because user 'pi' is hardwired into stuff. Like in raspi-config, I think; or at least it was. So that might be a reason to switch back to the standard user. Two solutions for your workflow:

- in .ssh/config on your other host(s), define Host mypi User pi which means you can still do martin@home:~$ ssh mypi

- on the Pi, on a recent install, do "sudo rm /etc/sudoers.d/010_pi-nopasswd" to remove the NOPASSWD directive for user pi. If it doesn't exist, edit /etc/sudoers using the visudo command (despite its name, it uses the standard editor which on Raspbian/Bash, if you didn't change it, is nano) to remove or edit the "pi ALL=(ALL) NOPASSWD: ALL" line there.

Or, you know, keep it if you're only using ipv4 on NAT and/or behind a firewall and you don't do stuff that might get you a virus. Web server should be safe because that runs as www-data.

For The Nat Phil: it isn't about secret stuff that might get stolen but your machine getting hijacked by botnets for spam or ddossing, which will make your isp block you from the internet.

especially those formed of raspberry pis unconnected to the internet!

Name me JUST ONE.

--
  ?A leader is best When people barely know he exists. Of a good leader,  
who talks little,When his work is done, his aim fulfilled,They will say,  
?We did this ourselves.? 

? Lao Tzu, Tao Te Ching

Hello NY!

12 Dec 18 20:53, you wrote to druck:

NY> That's the crucial point: it has the "protective cover" over the dangerous NY> "big red button" commands, so you have to consciously think "I need to use NY> sudo - so take care". It's not necessary to get users to prove that they NY> know the root password, unless you think that they will be malicious as NY> opposed to just absent-minded.

NY> I'm not sure that I know the (default) root password of my pi, since I NY> don't remember being asked to choose one during installation.

Raspberry should not, and has no root password. Sudo asks for the password of the user that will be given root access.

Kees

I haven't run into anything like that since I've had the RPi.

I may well have used sudoers but, since $EDIT points to microEmacs globally, thats certainly what it will use. I looked at nano once and decided it was so limited compared with microEmacs and vim that it wasn't worth bothering with.

That's where it is: inside my firewall on a wired IPV4 LAN.

I don't use a GUI on it because I'm old school enough (miniMop, George 3, VME/B, FLEX, MS-DOS, vos, mvs, OS/9, Guardian, OS/400, several Unices and Linux in about that sequence) that I still do most development from the command line because I hate being slowed down by the continual switching between mouse and keyboard that most GUIs need.

Agreed.

As another, slightly paranoid, precaution I have my ADSL router locked up really tightly. Its configured to reject all attempts to connect through it from the outside. In fact it can't be seen at all from outside: this is checked periodically with Gibson Lab's ShieldsUp tool.

What about incoming mail? I use getmail to collect that from my ISP's smarthost, a cronjob checks for incoming every 10 minutes.

--
Martin    | martin at 
Gregorie  | gregorie dot org

Somebody who likes running virtual currency miners as well as blackhats running botnets. If either can have malware sit on a Pi and just chug away without it being noticed or disturbed they'd be happy as pig in a mudpool.

Maybe, maybe not. More to the point: if you pick up bad security habits while learning to run an RPi and then ditch Windoze in favour of Linux you're liable to make a good target for blackhats.

Same here, but I do run rkhunter on my bigger Linux systems.

Since its easy to avoid running anything with higher privileges than it needs, install ad-blockers etc on your web browser and set your firewall up securely, it just makes sense to do that stuff as a matter of course, just like having a regular backup and system upgrade schedule and using version control on files you care about.

--
Martin    | martin at 
Gregorie  | gregorie dot org

It may or may not have had in-cockpit controls - that hasn't come to light yet. Whats we know about this crash so far is that:

- the autotrim system was not mentioned in the manuals for this 373 version and it was the first 737 to have this feature.

- the pilots had received no training about it at all and so did not know how it worked or how to disable it: a direct result from the lack of documentation.

- 737 autotrim has a major bug: it gets confused if the dual AOA sensors disagree. In this case one had failed so of course they disagreed.

- the crew for the previous flight had a less serious occurrence of the same problem, which they overcame, but didn't tell anybody about it.

And equally damning, nobody understands how a neural net actually recognises the situation/image/sound/whatever and worse still, there is not the slightest possibility that a neural net will ever be able to explain why it made a decision.

Please don't call these things AI - they are no more AI than the cascaded decision tables (that fuelled the early '80s AI bubble) were. They are

*not* any form of AI - merely trainable pattern recognition systems.

In my book it should be forbidden to call anything an AI unless it can output an understandable report showing how it came to make a decision and act on it.

--
Martin    | martin at 
Gregorie  | gregorie dot org

I ditched windoze for Linux in around 2004

I have done.

But my internal network has been very very secure. My online servers are bombraded by ratware on a many per second basis., but they havent been cracked yet.

I have to leave SSH world avialable in case they need attention when I am roaming, so thats constantly under attack. usually using 'root' BUT of course root access is disabled.

Then there are no end of attempts to hack the wordpress/joomla/other CMS that I don't and won't have installed...

Ive tried to break into my domestic site when Ive been away and couldn't do it.

Ought to set up a VPN tunnel :-)

--
"I am inclined to tell the truth and dislike people who lie consistently. 
This makes me unfit for the company of people of a Left persuasion, and  
all women"

There is not the slightest possibility that a scientific theory will be able to explain why *it* works either. Except in terms of eiother a more fundamental scientific theory or ultimately a metaphsyical assumption.

Why is gravity?

There is no ansewer to that. Gravity as a model of behaviour works. But we dont know WHY it works, excpet that if it didnt work in the way that it does the world wouldn't BE te world of our experience.

Our models and gravity is a human imagined MODEL - not a 'thing in itself out there' -; are *consistent with experience*. In the end that is as good as it gets.

Neural net is an attempt to model inductive reaosning - that is find p[atterns in [phenonema, and thsoe [patrterns may become theories.

In that sense I would expect neural nets to be able to come up with some kind of 'well this is the pattern match that works' kind of explanation if interrogated correctly.

So I dont think neureal nets are any more or less inexplicable than human logoc and perception

--
Canada is all right really, though not for the whole weekend. 

"Saki"