From Newsgroup: comp.sys.raspberry-pi

This is getting ridiculous!

Once upon a time one just copied an image to a card, enabled ssh and
hey presto, you could log in as user pi with password raspberry.

No chance now.

I would point out that I'm not, in general, a complete numpty. I've
been using Pis (and other similar things) for many many years.


So, having found out why the above simple approach doesn't work I have
tried:-

Use rpi-imager, wasted first attempt because it wasn't obvious where
one entered user/password. Second attempt seemed to boot the Pi
OK but it never appeared on my LAN so not much help there. (At
least my first dd copied image appeared on the LAN)

Manually editing userconf.txt with my /etc/shadow encrypted
password from my Linux box got to a login prompt but the password
is somehow wrong.

Finally I managed to get a login working by creating a
~/.ssh/authorized keys file with the public key from my Linux
system in it. Phew!
--
Chris Green
·
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 26/01/2025 10:42, Chris Green wrote:

This is getting ridiculous!

Once upon a time one just copied an image to a card, enabled ssh and
hey presto, you could log in as user pi with password raspberry.

No chance now.

I would point out that I'm not, in general, a complete numpty. I've
been using Pis (and other similar things) for many many years.

So, having found out why the above simple approach doesn't work I have tried:-

Use rpi-imager, wasted first attempt because it wasn't obvious where
one entered user/password. Second attempt seemed to boot the Pi
OK but it never appeared on my LAN so not much help there. (At
least my first dd copied image appeared on the LAN)

Manually editing userconf.txt with my /etc/shadow encrypted
password from my Linux box got to a login prompt but the password
is somehow wrong.

Ah. There may be gotchas in there like EOL charaters and spaces that
have to be 'just right'

I generally generate the encryption using the tools suggested.

e.g. echo 'mypassword' | openssl passwd -6 -stdin

echo 'raspberry' | openssl passwd -6 -stdin

$6$5H2l9s5V5YBulBGU$xchi.2AQLn5P5IK/khNPC3uggf9dc5DjY9KKxZK7IdDPNV1Zzggaxg0DTstT8bpSMvRzUlc9vJ/mrPQPbfBX/

Note you never get the same string twice...

Here is a userconf.txt with user pi password raspberry...

pi:$6$c70VpvPsVNCG0YR5$l5vWWLsLko9Kj65gcQ8qvMkuOoRkEagI90qi3F/Y7rm8eNYZHW8CY6BOIKwMH7a3YYzZYL90zf304cAHLFaZE0

Finally I managed to get a login working by creating a
~/.ssh/authorized keys file with the public key from my Linux
system in it. Phew!

Ultimately that is a smoother way to access the Pi anyway
--
"The great thing about Glasgow is that if there's a nuclear attack it'll
look exactly the same afterwards."

Billy Connolly

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

I can offer some suggestions: use version 1.85 of the Imager program.
It has solved some of the password entry issues of the older version.
Also it allows you to use a different user name than pi, but I like pi
so I use it. Use the latest Raspberry Pi OS, either 64 or 32 bit as appropriate.

knute...



On 1/26/25 04:42, Chris Green wrote:

This is getting ridiculous!

Once upon a time one just copied an image to a card, enabled ssh and
hey presto, you could log in as user pi with password raspberry.

No chance now.

I would point out that I'm not, in general, a complete numpty. I've
been using Pis (and other similar things) for many many years.

So, having found out why the above simple approach doesn't work I have tried:-

Use rpi-imager, wasted first attempt because it wasn't obvious where
one entered user/password. Second attempt seemed to boot the Pi
OK but it never appeared on my LAN so not much help there. (At
least my first dd copied image appeared on the LAN)

Manually editing userconf.txt with my /etc/shadow encrypted
password from my Linux box got to a login prompt but the password
is somehow wrong.

Finally I managed to get a login working by creating a
~/.ssh/authorized keys file with the public key from my Linux
system in it. Phew!

--

Knute Johnson
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

Knute Johnson <knute2024@585ranch.com> wrote:

On 1/26/25 04:42, Chris Green wrote:

This is getting ridiculous!

Once upon a time one just copied an image to a card, enabled ssh and
hey presto, you could log in as user pi with password raspberry.

No chance now.

I would point out that I'm not, in general, a complete numpty. I've
been using Pis (and other similar things) for many many years.

So, having found out why the above simple approach doesn't work I have tried:-

Use rpi-imager, wasted first attempt because it wasn't obvious where
one entered user/password. Second attempt seemed to boot the Pi
OK but it never appeared on my LAN so not much help there. (At
least my first dd copied image appeared on the LAN)

Manually editing userconf.txt with my /etc/shadow encrypted
password from my Linux box got to a login prompt but the password
is somehow wrong.

Finally I managed to get a login working by creating a
~/.ssh/authorized keys file with the public key from my Linux
system in it. Phew!

I can offer some suggestions: use version 1.85 of the Imager program.

That is the version I'm using.

It has solved some of the password entry issues of the older version.
Also it allows you to use a different user name than pi, but I like pi
so I use it. Use the latest Raspberry Pi OS, either 64 or 32 bit as appropriate.

It's just over-complicated for something which should really be quite
simple.

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.
--
Chris Green
·
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.

Plenty of Pis (especially the compute modules) end-up in industrial kit,
maybe not much data on them, but you don't want them being used to
laterally attack other systems.

<https://www.legislation.gov.uk/uksi/2023/1007/schedule/1/paragraph/1/made>

"Passwords must be—
(a)unique per product; or
(b)defined by the user of the product."
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

Andy Burns <usenet@andyburns.uk> wrote:

Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.

Plenty of Pis (especially the compute modules) end-up in industrial kit, maybe not much data on them, but you don't want them being used to
laterally attack other systems.

<https://www.legislation.gov.uk/uksi/2023/1007/schedule/1/paragraph/1/made>

"Passwords must be—
(a)unique per product; or
(b)defined by the user of the product."

Ah, so it's legislation has caused this. :-)

Again I say, anyone who is actually deploying Pis in such a situation
needs to know what they're doing. If they don't know what they're
doing no amount of legislation is going to help much.


What really is getting to me is that the non-GUI user who wants to use
a Pi (or arduino or BBB) to moinitor the temperature in his garage
ends up having to jumpo through lots of unnecessary hoops to do it. To
a significant extent it's because the Pi has become much more 'mass
market'.

Oh well, I guess I can live with it. Rant over. :-)
--
Chris Green
·
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 1/26/25 12:20, Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's required.

I don't know but there appear to be a few people who can't get their
password into their Pi successfully.
--

Knute Johnson
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 26/01/2025 20:37, Knute Johnson wrote:

On 1/26/25 12:20, Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis?  Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.  Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.

I don't know but there appear to be a few people who can't get their password into their Pi successfully.

Most who cannot are people trying to use a foreign keyboard, which you
cannot set up in the imager
--
Chris
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 1/26/25 16:52, Chris Townley wrote:

On 26/01/2025 20:37, Knute Johnson wrote:

I don't know but there appear to be a few people who can't get their
password into their Pi successfully.

Most who cannot are people trying to use a foreign keyboard, which you cannot set up in the imager

There was a lot of back and forth about that on the Pi Forum last year.
I and several other folks suggested that it would be a good idea to be
able set your keyboard type in the Imager. And since I have one of
those foreign (the default is en_UK) keyboards it can be tricky until
you figure out what is going on.
--

Knute Johnson
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 26/01/2025 22:57, Knute Johnson wrote:

On 1/26/25 16:52, Chris Townley wrote:

On 26/01/2025 20:37, Knute Johnson wrote:

I don't know but there appear to be a few people who can't get their
password into their Pi successfully.

Most who cannot are people trying to use a foreign keyboard, which you
cannot set up in the imager

There was a lot of back and forth about that on the Pi Forum last year.
I and several other folks suggested that it would be a good idea to be
able set your keyboard type in the Imager.  And since I have one of
those foreign (the default is en_UK) keyboards it can be tricky until
you figure out what is going on.

Yes, not ideal, but you can always set a password that works with a UK keyboard, and then change it when you first connect
--
Chris
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 26 Jan 2025 at 20:23:47, Chris Green <cl@isbd.net> wrote:

Andy Burns <usenet@andyburns.uk> wrote:

Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.

Plenty of Pis (especially the compute modules) end-up in industrial kit,
maybe not much data on them, but you don't want them being used to
laterally attack other systems.

<https://www.legislation.gov.uk/uksi/2023/1007/schedule/1/paragraph/1/made> >>
"Passwords must be—
(a)unique per product; or
(b)defined by the user of the product."

Ah, so it's legislation has caused this. :-)

Again I say, anyone who is actually deploying Pis in such a situation
needs to know what they're doing. If they don't know what they're
doing no amount of legislation is going to help much.

What really is getting to me is that the non-GUI user who wants to use
a Pi (or arduino or BBB) to moinitor the temperature in his garage

An RPi is overkill for a job like that.
An ESP32 or Arduino will keep things simple at far lower cost.

ends up having to jumpo through lots of unnecessary hoops to do it. To
a significant extent it's because the Pi has become much more 'mass
market'.

Oh well, I guess I can live with it. Rant over. :-)

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 26/01/2025 22:52, Chris Townley wrote:

On 26/01/2025 20:37, Knute Johnson wrote:

On 1/26/25 12:20, Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis?  Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.  Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.

I don't know but there appear to be a few people who can't get their
password into their Pi successfully.

Most who cannot are people trying to use a foreign keyboard, which you cannot set up in the imager

Why would you be using a keyboard at all on a headless Pi?
--
"What do you think about Gay Marriage?"
"I don't."
"Don't what?"
"Think about Gay Marriage."


--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 27/01/2025 06:35, Bob Martin wrote:

An RPi is overkill for a job like that.
An ESP32 or Arduino will keep things simple at far lower cost.

Or a Pi Pico W. Cheaper than an Arduino, networks, has 3 ADC S. Its perfect
--
“A leader is best When people barely know he exists. Of a good leader,
who talks little,When his work is done, his aim fulfilled,They will say,
“We did this ourselves.”

― Lao Tzu, Tao Te Ching

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

Bob Martin <bob.martin@excite.com> wrote:

What really is getting to me is that the non-GUI user who wants to use
a Pi (or arduino or BBB) to moinitor the temperature in his garage

An RPi is overkill for a job like that.
An ESP32 or Arduino will keep things simple at far lower cost.

But a Pi is much more accessible (in the sense of being easy to access
your data directly). It's just so much handier to communicate with,
as in the case of my Pi running on a boat in France, it does all the
work of connecting and so on as well as collecting data. In my case
it also drives two displays.

... and it's not exactly expensive, £33 for a 1GB 4B and a lot less if
you go for a Pi Zero.

I do have a couple of Arduinos and ESP32s but given that you really
need another computer to access them and do anything useful with the
data I always end up deciding that a Pi (or a BeagleBone Black) is
just so much easier as a standalone system.
--
Chris Green
·
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 27/01/2025 06:35, Bob Martin wrote:

An RPi is overkill for a job like that.
An ESP32 or Arduino will keep things simple at far lower cost.

Or a Pi Pico W. Cheaper than an Arduino, networks, has 3 ADC S. Its perfect

One of the reasons I have BeagleBone Blacks in my list of 'goto'
devices is that they have seven ADC inputs available on board. Thus
you have direct login like a Pi plus the ability to read voltages in a
very straightforward way.
--
Chris Green
·
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 27/01/2025 08:57, Chris Green wrote:

Bob Martin <bob.martin@excite.com> wrote:

What really is getting to me is that the non-GUI user who wants to use
a Pi (or arduino or BBB) to moinitor the temperature in his garage

An RPi is overkill for a job like that.
An ESP32 or Arduino will keep things simple at far lower cost.

But a Pi is much more accessible (in the sense of being easy to access
your data directly). It's just so much handier to communicate with,
as in the case of my Pi running on a boat in France, it does all the
work of connecting and so on as well as collecting data. In my case
it also drives two displays.

... and it's not exactly expensive, £33 for a 1GB 4B and a lot less if
you go for a Pi Zero.

I do have a couple of Arduinos and ESP32s but given that you really
need another computer to access them and do anything useful with the
data I always end up deciding that a Pi (or a BeagleBone Black) is
just so much easier as a standalone system.

My organically growing network uses Picos to collect the data and a Pi
Zero to receive it and display it and do what is needful with it.

If I wanted to store large quantities Id add maybe an SSD to the Zero. I
think the USB port would recognise that.

UIs are wherever possible Web based.
--
There is something fascinating about science. One gets such wholesale
returns of conjecture out of such a trifling investment of fact.

Mark Twain

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 26/01/2025 at 18:20, Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's required.

This, exactly.

Yet another example of 'we know better than you' and 'make it easier for
(some unknown version of) everyone'
--
Chris Elvidge, England
SHOOTING PAINTBALLS IS NOT AN ART FORM

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 1/27/25 11:48, Chris Elvidge wrote:

On 26/01/2025 at 18:20, Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis?  Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.  Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.

This, exactly.

Yet another example of 'we know better than you' and 'make it easier for (some unknown version of) everyone'

I'm willing to accept they know better than me. I think it is the right
way to go. i.e. Use a general provisioning script on first boot.

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked?
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 27/01/2025 08:57, Chris Green wrote:

Bob Martin <bob.martin@excite.com> wrote:

What really is getting to me is that the non-GUI user who wants to use >>> a Pi (or arduino or BBB) to moinitor the temperature in his garage

An RPi is overkill for a job like that.
An ESP32 or Arduino will keep things simple at far lower cost.

But a Pi is much more accessible (in the sense of being easy to access
your data directly). It's just so much handier to communicate with,
as in the case of my Pi running on a boat in France, it does all the
work of connecting and so on as well as collecting data. In my case
it also drives two displays.

... and it's not exactly expensive, £33 for a 1GB 4B and a lot less if
you go for a Pi Zero.

I do have a couple of Arduinos and ESP32s but given that you really
need another computer to access them and do anything useful with the
data I always end up deciding that a Pi (or a BeagleBone Black) is
just so much easier as a standalone system.

My organically growing network uses Picos to collect the data and a Pi
Zero to receive it and display it and do what is needful with it.

Well my boat's system uses just an ancient Pi B+ and I2C to collect
all the data, no other microcontrollers or anything.
--
Chris Green
·
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 27/01/2025 08:49, The Natural Philosopher wrote:

On 26/01/2025 22:52, Chris Townley wrote:

On 26/01/2025 20:37, Knute Johnson wrote:

On 1/26/25 12:20, Chris Green wrote:

Is there **really** such a big security issue with default login names >>>> and passwords on Raspberry Pis?  Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.  Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.

I don't know but there appear to be a few people who can't get their
password into their Pi successfully.

Most who cannot are people trying to use a foreign keyboard, which you
cannot set up in the imager

Why would you be using a keyboard at all on a headless Pi?

Clearly to access the Pi from another computer. Running headless doesn't
mean you don't way to access it
--
Chris
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 27/01/2025 11:48, Chris Elvidge wrote:

On 26/01/2025 at 18:20, Chris Green wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis?  Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one.  Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.

This, exactly.

Yet another example of 'we know better than you' and 'make it easier for (some unknown version of) everyone'

It has probably had a couple of hundred thousand bucks of EU taxpayer
money spent on deciding that 'it ought to be this way, to Protect the
Peepul'
--
Labour - a bunch of rich people convincing poor people to vote for rich
people by telling poor people that "other" rich people are the reason
they are poor.

Peter Thompson

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 27/01/2025 12:30, Pancho wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked?

I think it did.

But I now have a screen and keyboard and a micro HDMI and USB keyboard
for when it doesn't.

Its easy enough to run raspi-config after first boot
--
Labour - a bunch of rich people convincing poor people to vote for rich
people by telling poor people that "other" rich people are the reason
they are poor.

Peter Thompson

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 27/01/2025 12:29, Chris Green wrote:

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 27/01/2025 08:57, Chris Green wrote:

Bob Martin <bob.martin@excite.com> wrote:

What really is getting to me is that the non-GUI user who wants to use >>>>> a Pi (or arduino or BBB) to moinitor the temperature in his garage

An RPi is overkill for a job like that.
An ESP32 or Arduino will keep things simple at far lower cost.

But a Pi is much more accessible (in the sense of being easy to access
your data directly). It's just so much handier to communicate with,
as in the case of my Pi running on a boat in France, it does all the
work of connecting and so on as well as collecting data. In my case
it also drives two displays.

... and it's not exactly expensive, £33 for a 1GB 4B and a lot less if
you go for a Pi Zero.

I do have a couple of Arduinos and ESP32s but given that you really
need another computer to access them and do anything useful with the
data I always end up deciding that a Pi (or a BeagleBone Black) is
just so much easier as a standalone system.

My organically growing network uses Picos to collect the data and a Pi
Zero to receive it and display it and do what is needful with it.

Well my boat's system uses just an ancient Pi B+ and I2C to collect
all the data, no other microcontrollers or anything.

Really? What is on the end of the iI2C lines then?
--
Of what good are dead warriors? … Warriors are those who desire battle
more than peace. Those who seek battle despite peace. Those who thump
their spears on the ground and talk of honor. Those who leap high the
battle dance and dream of glory … The good of dead warriors, Mother, is
that they are dead.
Sheri S Tepper: The Awakeners.

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 27/01/2025 13:37, Chris Townley wrote:

On 27/01/2025 08:49, The Natural Philosopher wrote:

On 26/01/2025 22:52, Chris Townley wrote:

On 26/01/2025 20:37, Knute Johnson wrote:

On 1/26/25 12:20, Chris Green wrote:

Is there **really** such a big security issue with default login names >>>>> and passwords on Raspberry Pis?  Surely almost all of them are going >>>>> to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on >>>>> one.  Anyone installing any system which is going to be directly out >>>>> on the internet should be very aware of the risks and will do what's >>>>> required.

I don't know but there appear to be a few people who can't get their
password into their Pi successfully.

Most who cannot are people trying to use a foreign keyboard, which
you cannot set up in the imager

Why would you be using a keyboard at all on a headless Pi?

Clearly to access the Pi from another computer. Running headless doesn't mean you don't way to access it

Then you are not using it on the Pi are you? But on a different
machine...that is configured to use its keycodes already...
--
Of what good are dead warriors? … Warriors are those who desire battle
more than peace. Those who seek battle despite peace. Those who thump
their spears on the ground and talk of honor. Those who leap high the
battle dance and dream of glory … The good of dead warriors, Mother, is
that they are dead.
Sheri S Tepper: The Awakeners.

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 27/01/2025 12:29, Chris Green wrote:

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 27/01/2025 08:57, Chris Green wrote:

Bob Martin <bob.martin@excite.com> wrote:

What really is getting to me is that the non-GUI user who wants to use >>>>> a Pi (or arduino or BBB) to moinitor the temperature in his garage

An RPi is overkill for a job like that.
An ESP32 or Arduino will keep things simple at far lower cost.

But a Pi is much more accessible (in the sense of being easy to access >>> your data directly). It's just so much handier to communicate with,
as in the case of my Pi running on a boat in France, it does all the
work of connecting and so on as well as collecting data. In my case
it also drives two displays.

... and it's not exactly expensive, £33 for a 1GB 4B and a lot less if >>> you go for a Pi Zero.

I do have a couple of Arduinos and ESP32s but given that you really
need another computer to access them and do anything useful with the
data I always end up deciding that a Pi (or a BeagleBone Black) is
just so much easier as a standalone system.

My organically growing network uses Picos to collect the data and a Pi
Zero to receive it and display it and do what is needful with it.

Well my boat's system uses just an ancient Pi B+ and I2C to collect
all the data, no other microcontrollers or anything.

Really? What is on the end of the iI2C lines then?

Various things, for example several I2C temperature and humidity sensors,
some I2C A2D converters, etc.
--
Chris Green
·
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 27/01/2025 14:24, Chris Green wrote:

Well my boat's system uses just an ancient Pi B+ and I2C to collect
all the data, no other microcontrollers or anything.

Really? What is on the end of the iI2C lines then?

Various things, for example several I2C temperature and humidity sensors, some I2C A2D converters, etc.

And you think that none of these are, or contain, 'microcontrollers'?
--
"The most difficult subjects can be explained to the most slow witted
man if he has not formed any idea of them already; but the simplest
thing cannot be made clear to the most intelligent man if he is firmly persuaded that he knows already, without a shadow of doubt, what is laid before him."

- Leo Tolstoy


--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 27/01/2025 14:24, Chris Green wrote:

Well my boat's system uses just an ancient Pi B+ and I2C to collect
all the data, no other microcontrollers or anything.

Really? What is on the end of the iI2C lines then?

Various things, for example several I2C temperature and humidity sensors, some I2C A2D converters, etc.

And you think that none of these are, or contain, 'microcontrollers'?

Well almost everything does nowadays! However they do **present** as
a single chip with an I2C interface and nothing else. You don't have
to program them as you would an Arduino or an ESPE32. Thus all my
configuration and software is in the Pi and all it does is 'talk I2C'
down the wires.
--
Chris Green
·
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.
--
__ __
#_ < |\| |< _#
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All change with bookworm IIRC
--
In theory, there is no difference between theory and practice.
In practice, there is.
-- Yogi Berra

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 28/01/2025 08:51, The Natural Philosopher wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it
worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All  change with bookworm IIRC

UK law: Product Security and Telecommunications Security Act 2022 which
is amongst things, designed to stop devices, like routers for example,
from having default passwords that can easily be guessed. That's because
many people leave the passwords at the default settings and then such
devices are more easily roped into DDOS attacks.



--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

mm0fmf <none@invalid.com> wrote:

On 28/01/2025 08:51, The Natural Philosopher wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it
worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All  change with bookworm IIRC

UK law: Product Security and Telecommunications Security Act 2022 which
is amongst things, designed to stop devices, like routers for example,
from having default passwords that can easily be guessed. That's because many people leave the passwords at the default settings and then such devices are more easily roped into DDOS attacks.

Also the California Senate Bill 327:

"(b) Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision
(a) if either of the following requirements are met:

(1) The preprogrammed password is unique to each device manufactured.

(2) The device contains a security feature that requires a user to generate
a new means of authentication before access is granted to the device for the first time. "

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On Sun, 26 Jan 2025 11:13:20 -0600, Knute Johnson wrote:

I can offer some suggestions: use version 1.85 of the Imager program.
It has solved some of the password entry issues of the older version.
Also it allows you to use a different user name than pi, but I like pi
so I use it. Use the latest Raspberry Pi OS, either 64 or 32 bit as appropriate.

What about 1.9? (Just curious.)

<https://github.com/raspberrypi/rpi-imager/releases>
--
s|b
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 2025-01-26, Chris Green <cl@isbd.net> wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's required.

Probably not. People installing special-purpose distributions (media
player, dns filtering, hoem automazion etc.) may not even be aware that they need to change the SSH password when they only interact with some web
frontend.

Also, it is not just the data on the device that is at risk. There is also
the risk that such an exposed machine will be used as part of a botnet to attack other machines.

A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small percentage of these use the default password, that is way too much.

cu
Michael
--
Some people have no respect of age unless it is bottled.
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 28/01/2025 at 18:30, Michael Schwingen wrote:

On 2025-01-26, Chris Green <cl@isbd.net> wrote:

Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.

Probably not. People installing special-purpose distributions (media
player, dns filtering, hoem automazion etc.) may not even be aware that they need to change the SSH password when they only interact with some web frontend.

Also, it is not just the data on the device that is at risk. There is also the risk that such an exposed machine will be used as part of a botnet to attack other machines.

A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small percentage of these use the default password, that is way too much.

cu
Michael

But ssh is not enabled by default in Raspbian.
--
Chris Elvidge, England
UNDERWEAR SHOULD BE WORN ON THE INSIDE

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 2025-01-28, Chris Elvidge <chris@internal.net> wrote:

A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small >> percentage of these use the default password, that is way too much.

But ssh is not enabled by default in Raspbian.

Good point (I was not sure - I always enable it, since my pis run headless).

However, I *do* remember news about lots of pis with default passwords being exploited via ssh - but I can't find the sources for that.

Either way, making it difficult for the admin to mess things up is not a bad idea.

cu
Michael
--
Some people have no respect of age unless it is bottled.
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked? >>

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All change with bookworm IIRC

Sounds like I got off the RPiOS ship just at the right time before
they went completely nuts. Choice of distros is such a wonderful
advantage of Linux (even if there's less choice for the Pis than
for PC).
--
__ __
#_ < |\| |< _#
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

Theo <theom+news@chiark.greenend.org.uk> wrote:

mm0fmf <none@invalid.com> wrote:

On 28/01/2025 08:51, The Natural Philosopher wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it
worked?

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All change with bookworm IIRC

UK law: Product Security and Telecommunications Security Act 2022 which
is amongst things, designed to stop devices, like routers for example,
from having default passwords that can easily be guessed. That's because
many people leave the passwords at the default settings and then such
devices are more easily roped into DDOS attacks.

Also the California Senate Bill 327:

"(b) Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met:

(1) The preprogrammed password is unique to each device manufactured.

(2) The device contains a security feature that requires a user to generate
a new means of authentication before access is granted to the device for the first time. "

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327

They both seem to be about the original topic of log-in passwords,
not WiFi settings.
--
__ __
#_ < |\| |< _#
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 28/01/2025 21:31, Computer Nerd Kev wrote:

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 28/01/2025 06:14, Computer Nerd Kev wrote:

Pancho <Pancho.Jones@proton.me> wrote:

My main memory is the rPi imager also allowed headless Wifi set up,
which had not be possible/easy previously. I can't remember if it worked? >>>

WiFi is/was configured in wpa_supplicant.txt, and that worked fine
without the RPi imager program.

Was...

All change with bookworm IIRC

Sounds like I got off the RPiOS ship just at the right time before
they went completely nuts. Choice of distros is such a wonderful
advantage of Linux (even if there's less choice for the Pis than
for PC).

Well I stick to PIOS simple because it is the documented standard.
Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have
learnt its magic spells.

And it knows which underlying files to frig with. And gets the syntax right.

To be honest although it is possible to do everything over ssh, the
chances of losing connectivity while messing with the network are high
and a HDMI screen and a USB keyboard are not hard to rig up with the appropiate adapters.
--
To ban Christmas, simply give turkeys the vote.

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 2025-01-28, The Natural Philosopher <tnp@invalid.invalid> wrote:

Well I stick to PIOS simple because it is the documented standard. Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have learnt its magic spells.

If you don't like networkmanager, it is easy to switch to the old method
after installation of the base system:

https://github.com/mschwingen/hardware/tree/master/YOGA_GPIB/software

apt install isc-dhcp-client ifupdown resolvconf
apt purge modemmanager network-manager ppp avahi-daemon

got me to a state where the classic configuration using
/etc/network/interfaces just works.

To be honest although it is possible to do everything over ssh, the
chances of losing connectivity while messing with the network are high
and a HDMI screen and a USB keyboard are not hard to rig up with the appropiate adapters.

I had a serial console connected, but that is only activated at a later
step. I sued raspberry pi imager to setup ssh pre-boot, but you can easily
do that using a text editor.

cu
Michael
--
Some people have no respect of age unless it is bottled.
--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

In article <vnbqo3$21n98$4@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

Well I stick to PIOS simple because it is the documented standard. >Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have >learnt its magic spells.

There's also nmtui, which works in the same places nmcli does, but is much easier to navigate.
--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet? --- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 29/01/2025 21:14, Scott Alfter wrote:

In article <vnbqo3$21n98$4@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

Well I stick to PIOS simple because it is the documented standard.
Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have
learnt its magic spells.

There's also nmtui, which works in the same places nmcli does, but is much easier to navigate.

Indeed yes. Does it cover all the options? I never got around to using
it. My configuration was nicely handled by nmcli...

My concern about reinstalling the trad. method is that the Gods of Linux
will move away from the standard so much that it will ultimately stop
working because no one is developing it.

So I am biased towards command line tools for network manager.

YMMV
--
Of what good are dead warriors? … Warriors are those who desire battle
more than peace. Those who seek battle despite peace. Those who thump
their spears on the ground and talk of honor. Those who leap high the
battle dance and dream of glory … The good of dead warriors, Mother, is
that they are dead.
Sheri S Tepper: The Awakeners.

--- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

In article <vnffc9$2s8gn$6@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

On 29/01/2025 21:14, Scott Alfter wrote:

In article <vnbqo3$21n98$4@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

Well I stick to PIOS simple because it is the documented standard.
Networking is handled by the Network Manager and it gets tricky to set
that up without a console screen/keyboard at least - but there is a
great utility called nmcli I think that 'does everything' once you have
learnt its magic spells.

There's also nmtui, which works in the same places nmcli does, but is much >> easier to navigate.

Indeed yes. Does it cover all the options? I never got around to using
it. My configuration was nicely handled by nmcli...

I don't know how much coverage nmtui provides in comparison to nmcli. I've used it to set up WiFi on new installs and to connect to/disconnect from already-configured VPNs (haven't tried using it to configure a VPN).
--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet? --- Synchronet 3.20c-Linux NewsLink 1.2

From Newsgroup: comp.sys.raspberry-pi

On 28/01/2025 18:30, Michael Schwingen wrote:

On 2025-01-26, Chris Green <cl@isbd.net> wrote:
Also, it is not just the data on the device that is at risk. There is also the risk that such an exposed machine will be used as part of a botnet to attack other machines.

This is true. Malware may get inside your networking by exploiting a
Windows vulnerability, but it may short lived if detected by anti-virus
or cleared by rebooting if non-persistent. However, it can quickly scan
the local network to find other systems to infect.

A Raspberry Pi with a default password makes a great a great botnet host
as it wont have any additional security software, and will generally be
left switched on permanently, with very infrequent software updates.

---druck
--- Synchronet 3.20c-Linux NewsLink 1.2