Re: [leaf-user] Write Protect
Victor McAllister wrote: Write protected hardware requires physical access to the LEAF box. A software write protect has the advantage that you can set and unset the read and write access to the boot media with putty, ssh. I use two scripts loaded by local.lrp. Granted this is a little cumbersome because you have to keep a copy of three modules on your desktop machine and scp / winscp them over as needed. If you command a reboot, the machine is restored to read write status since the scripts are only run manually via ssh. I'm kind of puzzled why you would not run the delete script at boottime. How can you be sure that the system won't reboot without you knowing it? Statements as to computer security have been around since the early days. No system is ever really secure. If you want to make a system completely secure, you should enclose it in concrete and drop it in the ocean. All barriers fail if someone can get physical access to the system. Which roughly translates in that the highest level of security is reached by a system that is console operated only (and not connected to other computers, but that's not an option in this case). In regards to LRP and LEAF I've always respected that rule and never added any remote access to the box. No ssh, no https. Gordon -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
Gordon Bos wrote: Victor McAllister wrote: Write protected hardware requires physical access to the LEAF box. A software write protect has the advantage that you can set and unset the read and write access to the boot media with putty, ssh. I use two scripts loaded by local.lrp. Granted this is a little cumbersome because you have to keep a copy of three modules on your desktop machine and scp / winscp them over as needed. If you command a reboot, the machine is restored to read write status since the scripts are only run manually via ssh. I'm kind of puzzled why you would not run the delete script at boottime. How can you be sure that the system won't reboot without you knowing it? uptime 473 days if I do an uptime and it says 1 day - I will investigate why. (I use a WRAP with a 12 volt battery connected via diodes in parallel with the power supply. The dsl modem and switches are on a UPS. If the AC goes down, my network connection stays up for several hours so laptops can still have access. That is why the LEAF stays up even when the power goes down several times a year.). I only need to SCP the modules over to back up a configuration change. The files necessary for boot are still on the boot media, just not in ram. As you say, no security is perfect. Someone who reads this post, if they could break in, could figure out what modules to bring along. They would need SSH access which is only open to specific public IPs. Statements as to computer security have been around since the early days. No system is ever really secure. If you want to make a system completely secure, you should enclose it in concrete and drop it in the ocean. All barriers fail if someone can get physical access to the system. Which roughly translates in that the highest level of security is reached by a system that is console operated only (and not connected to other computers, but that's not an option in this case). In regards to LRP and LEAF I've always respected that rule and never added any remote access to the box. No ssh, no https. Gordon -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
On Mon, 2009-08-10 at 19:40 -0700, Victor McAllister wrote: On Mon, 2009-08-10 at 09:27 -0700, Mike Noyes wrote: You can obtain a write protect hardware option fairly easy now. It's not like it was seven years ago, when a hardware hack (ADM module using the LD017 controller chip) was necessary. http://reviews.cnet.com/usb-flash-drives/?filter=502909_14791771_ Write protected hardware requires physical access to the LEAF box. Victor, Indeed. A software write protect has the advantage that you can set and unset the read and write access to the boot media with putty, ssh. I use two scripts loaded by local.lrp. Granted this is a little cumbersome because you have to keep a copy of three modules on your desktop machine and scp / winscp them over as needed. If you command a reboot, the machine is restored to read write status since the scripts are only run manually via ssh. Please commit your script to our cvs repository. Thanks. ** #! /bin/ash # rm-ide by Victor McAllister # This script removes modules to prevent # access to the boot media - CF ide disk echo MODULES=ide-disk ide-detect ide-core BOOTDIR=/boot/lib/modules LIBDIR=/lib/modules for MODULE in ${MODULES} do rmmod ${MODULE} rm ${BOOTDIR}/${MODULE}.o rm ${LIBDIR}/${MODULE}.o done echo echo The modules needed for IDE access are not plugged into echo the kernel or located in the TWO modules directories. echo echo The Compact Flash is NOT accessible. #! /bin/sh # load-ide by Victor McAllister # echo Ths script installs ide modules to access Compact Flash echo First copy the files ide-core.o ide-dectect.o ide-disk.o echo using SCP to the /lib/modules directory. echo MODULES=ide-core ide-detect ide-disk LIBDIR=/lib/modules BOOTDIR=/boot/lib/modules for MODULE in ${MODULES} do insmod ${MODULE} cp ${LIBDIR}/${MODULE}.o ${BOOTDIR}/${MODULE}.o done if (lsmod | grep ide-) then echo echo Mount the CF possibly using: mount -t msdos /dev/hda1 /mnt echo echo modules necessary are also in /boot/lib/modules echo for possible backing up your configuration. else echo echo IDE modules not loaded - CF drive not accessible. echo Did you forgot to SCP the files to /lib/modules? fi ### -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, sourceforge/sitedocs -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
Write protected hardware requires physical access to the LEAF box. A software write protect has the advantage that you can set and unset the read and write access to the boot media with putty, ssh. I use two If you can, then somebody else can. Ultimately, there's no software scheme that can provide the surety of a well-engineered hardware protection. Is what you're protecting important enough to go lay hands on the box? -- Paul Rogers paulgrog...@fastmail.fm http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) -- http://www.fastmail.fm - Send your email first class -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
On Tue, 2009-08-11 at 08:53 -0700, Paul Rogers wrote: Write protected hardware requires physical access to the LEAF box. A software write protect has the advantage that you can set and unset the read and write access to the boot media with putty, ssh. I use two If you can, then somebody else can. Ultimately, there's no software scheme that can provide the surety of a well-engineered hardware protection. Is what you're protecting important enough to go lay hands on the box? Paul, In many situations it's not practical to perform on-site maintenance on a client's machine. Each level of write protection has advantages and disadvantages. -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, sourceforge/sitedocs -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
On Mon, 2009-08-10 at 13:02 -0700, Mike Noyes wrote: On Mon, 2009-08-10 at 14:39 -0500, Ralph Green wrote: This is pretty interesting. I thought no one was making them with write protect anymore. I have been using a USB to SD card adapter and SD cards, because the SD cards usually have a write protect switch. Now, I wonder if any of these write protectable USB drives use good NAND memory. Most of them these days are MLC(junk), instead of SLC. None of the drives in this list said anything in their specs about the type of flash chips they are using. Do you know any that use SLC(Single Level Cell) and have a write protect switch? If they were close to reasonably priced, I'd have to go buy a few. Ralph, I suggest you contact Kanguru and Imation directly, and ask them about the NAND memory they use. -snip- Ralph, From what I can tell, it looks like the Imation Pivot and Kanguru Defender Pro use SLC. http://www.google.com/search?q=Imation+Pivot+NAND+SLC http://www.imation.com/en/Imation-Products/USB-Flash-Drives--Accessories/Pivot-Flash-Drive/ http://www.google.com/search?q=Kanguru+Defender+Pro+NAND+SLC http://www.kanguru.com/defenderpro.html -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, sourceforge/sitedocs -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Write Protect
Subject was: Re: [leaf-user] Project Admin On Mon, 2009-08-10 at 08:39 -0700, Mike Noyes wrote: On Mon, 2009-08-10 at 10:18 +0200, Gordon Bos wrote: -snip- The concept of having read-only media to boot from has, in my opinion, not lost its validity. The thought of being able to reboot and loose anything a hacker has changed, is very assuring. Obviously you'll still need to plug the leak that the hacker discovered, but at least you have no immediate worry about others discovering the hackers backdoor. -snip- Gordon, Hardware write protect is something that concerns our project members. See: http://www.mail-archive.com/search?q=write+protectl=leaf-devel%40lists.sourceforge.net Gordon, You can obtain a write protect hardware option fairly easy now. It's not like it was seven years ago, when a hardware hack (ADM module using the LD017 controller chip) was necessary. http://reviews.cnet.com/usb-flash-drives/?filter=502909_14791771_ -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, sourceforge/sitedocs -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
On Mon, 2009-08-10 at 09:27 -0700, Mike Noyes wrote: Subject was: Re: [leaf-user] Project Admin On Mon, 2009-08-10 at 08:39 -0700, Mike Noyes wrote: On Mon, 2009-08-10 at 10:18 +0200, Gordon Bos wrote: -snip- The concept of having read-only media to boot from has, in my opinion, not lost its validity. The thought of being able to reboot and loose anything a hacker has changed, is very assuring. Obviously you'll still need to plug the leak that the hacker discovered, but at least you have no immediate worry about others discovering the hackers backdoor. -snip- Gordon, Hardware write protect is something that concerns our project members. See: http://www.mail-archive.com/search?q=write+protectl=leaf-devel%40lists.sourceforge.net Gordon, You can obtain a write protect hardware option fairly easy now. It's not like it was seven years ago, when a hardware hack (ADM module using the LD017 controller chip) was necessary. http://reviews.cnet.com/usb-flash-drives/?filter=502909_14791771_ Gordon, Kanguru and Imation look like they have this segment targeted. http://www.kanguru.com/kanguruusbflash.html http://www.imation.com/en/Imation-Products/USB-Flash-Drives--Accessories/ -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, sourceforge/sitedocs -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
Howdy, This is pretty interesting. I thought no one was making them with write protect anymore. I have been using a USB to SD card adapter and SD cards, because the SD cards usually have a write protect switch. Now, I wonder if any of these write protectable USB drives use good NAND memory. Most of them these days are MLC(junk), instead of SLC. None of the drives in this list said anything in their specs about the type of flash chips they are using. Do you know any that use SLC(Single Level Cell) and have a write protect switch? If they were close to reasonably priced, I'd have to go buy a few. Good day, Ralph On Mon, 2009-08-10 at 09:27 -0700, Mike Noyes wrote: You can obtain a write protect hardware option fairly easy now. It's not like it was seven years ago, when a hardware hack (ADM module using the LD017 controller chip) was necessary. http://reviews.cnet.com/usb-flash-drives/?filter=502909_14791771_ -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
My USB sticks (I have three.) that I use for my routers are two Imation 32 MB and one Memorex 128 MB drive. I purchased them a few years ago and decided to use them in my leaf boxes when I upgraded USB drives for personal and work use and my leaf boxes. I think that one may be able to find the Imation drives floating around somewhere but the Memorex one I picked up at Target for a song since they were closing them out. I don't know what technology they are using. I'd have to check. Take Care, Fred Stevens On 8/10/09, Ralph Green sfrea...@sbcglobal.net wrote: Howdy, This is pretty interesting. I thought no one was making them with write protect anymore. I have been using a USB to SD card adapter and SD cards, because the SD cards usually have a write protect switch. Now, I wonder if any of these write protectable USB drives use good NAND memory. Most of them these days are MLC(junk), instead of SLC. None of the drives in this list said anything in their specs about the type of flash chips they are using. Do you know any that use SLC(Single Level Cell) and have a write protect switch? If they were close to reasonably priced, I'd have to go buy a few. Good day, Ralph On Mon, 2009-08-10 at 09:27 -0700, Mike Noyes wrote: You can obtain a write protect hardware option fairly easy now. It's not like it was seven years ago, when a hardware hack (ADM module using the LD017 controller chip) was necessary. http://reviews.cnet.com/usb-flash-drives/?filter=502909_14791771_ -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
On Mon, 2009-08-10 at 14:39 -0500, Ralph Green wrote: This is pretty interesting. I thought no one was making them with write protect anymore. I have been using a USB to SD card adapter and SD cards, because the SD cards usually have a write protect switch. Now, I wonder if any of these write protectable USB drives use good NAND memory. Most of them these days are MLC(junk), instead of SLC. None of the drives in this list said anything in their specs about the type of flash chips they are using. Do you know any that use SLC(Single Level Cell) and have a write protect switch? If they were close to reasonably priced, I'd have to go buy a few. Ralph, I suggest you contact Kanguru and Imation directly, and ask them about the NAND memory they use. http://www.kanguru.com/kanguruusbflash.html http://www.kanguru.com/about.html#contact http://www.imation.com/en/Imation-Products/USB-Flash-Drives--Accessories/ http://www.imation.com/en/Contact-Us/ Please report any information gleaned back to our list. Thanks. -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, sourceforge/sitedocs -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Write Protect
On Mon, 2009-08-10 at 09:27 -0700, Mike Noyes wrote: You can obtain a write protect hardware option fairly easy now. It's not like it was seven years ago, when a hardware hack (ADM module using the LD017 controller chip) was necessary. http://reviews.cnet.com/usb-flash-drives/?filter=502909_14791771_ Write protected hardware requires physical access to the LEAF box. A software write protect has the advantage that you can set and unset the read and write access to the boot media with putty, ssh. I use two scripts loaded by local.lrp. Granted this is a little cumbersome because you have to keep a copy of three modules on your desktop machine and scp / winscp them over as needed. If you command a reboot, the machine is restored to read write status since the scripts are only run manually via ssh. ** #! /bin/ash # rm-ide by Victor McAllister # This script removes modules to prevent # access to the boot media - CF ide disk echo MODULES=ide-disk ide-detect ide-core BOOTDIR=/boot/lib/modules LIBDIR=/lib/modules for MODULE in ${MODULES} do rmmod ${MODULE} rm ${BOOTDIR}/${MODULE}.o rm ${LIBDIR}/${MODULE}.o done echo echo The modules needed for IDE access are not plugged into echo the kernel or located in the TWO modules directories. echo echo The Compact Flash is NOT accessible. #! /bin/sh # load-ide by Victor McAllister # echo Ths script installs ide modules to access Compact Flash echo First copy the files ide-core.o ide-dectect.o ide-disk.o echo using SCP to the /lib/modules directory. echo MODULES=ide-core ide-detect ide-disk LIBDIR=/lib/modules BOOTDIR=/boot/lib/modules for MODULE in ${MODULES} do insmod ${MODULE} cp ${LIBDIR}/${MODULE}.o ${BOOTDIR}/${MODULE}.o done if (lsmod | grep ide-) then echo echo Mount the CF possibly using: mount -t msdos /dev/hda1 /mnt echo echo modules necessary are also in /boot/lib/modules echo for possible backing up your configuration. else echo echo IDE modules not loaded - CF drive not accessible. echo Did you forgot to SCP the files to /lib/modules? fi ### -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[Leaf-user] Write Protect HD's
Back in my days as a computer tech at a small VAR here in Vancouver, we had an order for equipment for a kiosk type application. The customer insisted on write protecting the drives, so we found some Quantum SCSI disks that had a small jumper on the drive labelled WP Once that was shorted, you could not write at all to the disk. I don't know if there are any drives being made now that have the same feature, but I have seen it out there. Regards, Cam. --__--__-- Message: 4 Date: Fri, 28 Sep 2001 13:50:50 -0700 (PDT) From: Jeff Newmiller [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: LEAF list [EMAIL PROTECTED] Subject: RE: [Leaf-user] Floppys On Fri, 28 Sep 2001 [EMAIL PROTECTED] wrote: A bit off topic. =20 Some time ago I've read about write protecting a hard disk. This was done via tweaking with the IDE cables, if I=B4m not wrong you ju= st cut one of the cables, insert an on/off switch an voila!!! Problem is... I can't remember where I have seen that =20 Does anybody knows about this??? It would be perfect to have a write pro= tected hard disk Sorry to disapoint you, but it is physically impossible to read from an ide (or scsi) hard disk if any signal wires have been cut in the ribbon cable. I know it sounds like it ought to work but it won't, because the hard disk read-write registers have to be written to in order to give the command to read some data. I doubt that any type of hard disk interface would support such hardware interference with usable results. I can hope that someday, this false rumour will be laid to rest. =20 Unfortunately, with the long memory of incomplete web archives I guess that will be about the same time people stop believing the Email tax is now being debated in Congress, and that Microsoft is paying people to pass on chain letters. There _are_ rare hard or flash disks with built-in write protect switches, but that is a function unrelated to the interface cable signals. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user