Thanks, Srinath. I don't want to be dependent on the network connection, tho. And the raspi doesn't have enough memory to cache a bunch of images.
If I understand correctly, an invisible watermark might be used to establish ownership once an image has been copied. My intent is to prevent the image from being copied from the SD card in the first place. Henry On 2013-09-29, at 21:50 , Srinath Mantripragada <[email protected]> wrote: > If its networked, then you could use a framebuffer browser and load the > images over https. Cache it locally, in memory, in case the network goes down. > > Use Linux audit to alert if any command is executed and send it to a remote > syslog server. > > You can also try invisible watermark on images: > http://stackoverflow.com/questions/44101/invisible-watermarks-in-images > > > Sent from Yahoo! Mail on Android > > > From: Henry Olders <[email protected]>; > To: Montreal Linux Users Group <[email protected]>; > Subject: Re: [MLUG] raspberry pi for secure digital signage > Sent: Sun, Sep 29, 2013 12:14:47 PM > > > On 2013-09-28, at 15:42 , Jer <[email protected]> wrote: > > > On 13-09-28 02:40 PM, Henry Olders wrote: > >> Hello, all, > >> > >> I want to run my raspi as a device for digital signage, the idea being to > >> display images fullscreen in a slideshow, without any user intervention. > >> I've got that running very well, using the raspbian distro, openbox window > >> manager, and either qiv or feh as the image viewer. The slideshow starts > >> automatically on boot, and runs forever, which is what I want. > >> > >> Here is the problem: my client wants to prevent his images from being > >> copied, including being copied off of the SD card when physically removed > >> from the raspi. Encryption would accomplish this, so I'm looking at > >> getting truecrypt running on the raspi. > >> > >> The difficulty I foresee is that if someone plugs a keyboard and mouse > >> into the raspi when it's running, they can access a terminal emulator > >> which is already logged in as user pi, and (I think) copy the image files > >> out of the truecrypt container into an unencrypted directory. > >> > >> There may also be other security issues that people with more experience > >> know about. > >> > >> Any ideas or suggestions much appreciated! > >> > >> Henry > >> > > > > Use FBI instead which can run without anyone logged in. I use it for > > slideshows on the pi. You can also use the video player, I forget the name, > > but it is optimized for the pi. You don't need X at all, the framebuffer is > > all you need. > > > > Another option is to use a screen locker program that will show the > > slideshow. ie: Xscreensaver and use the GLSlideshow option. > > > > You could set permissions on the files so they are owned by root (or > > another user) and only readable by root/user, then run the slideshow > > program with sudo. > > > > The problem with encrypting the files is that if a reboot happens someone > > has to go type a password in. > > > > The client is aware that they are displaying the images on a screen and > > that anyone could record that screen? This is how I would steal them :) > > > > Jeremy > > Great suggestion for FBI, Jeremy! Thank you! Very helpful not to have any > user logged in. > > Re encrypting the files, I had in mind to use an authentication server. If > the SD card remains in the original raspi, the encrypted files would mount; > if the SD card were removed and run in another device, then authentication > would fail, although I suppose that isn't foolproof for a determined attempt > to break in. > > Henry > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
