Re: [Xastir] FIXED No iGate, please help
On Thu, Feb 16, 2017 at 11:52 AM, Denwrote: > I believe you can accomplish the same commands with sudo as you would > without it after the sudo su. > For the most part, correct. There _can_ be issues with environment variables (sudo also sanitizes your environment for security reasons), but other than that rare issue i've found sudo a good replacement for su. A disturbing tendency i've noticed among novice users is to try to sudo any command that doesn't work as expected. As a sysadmin for a few hundred embryonic engineers I watch the sudo failures. Most of the time they're trying to install some package or other (which I often add to the standard build), but occasionally it seems to be some arbitrary command or code they've written. I've seen a user issue "command", which apparently failed so they tried "sudo command" - as if the broken C code they wrote will magically work if they run it as root. This sort of habit can/will lead to broken and hacked systems. No harm, no foul we are all just amateurs trying to have fun. Pleasure > communicating with you.. > yep, likewise. > Any suggestions on how to improve the Xastir mapping? > Get big companies to share their maps? The app-ification and profitization of the internet has resulted in fewer free resources. The folks that pay to have map databases created certainly have the right to do as they please with their property, but the desire to extract every nanocent of profit (either directly or in the form of harvested personal information which is then sold to marketers) has squeezed open source projects out of the picture. I prefer totally offline maps anyway, so I tend to use free data sources (like TIGER vector maps), spend some time with dbfawk to make them look the way I want, and go from there. The xastir team is on the lookout for free online sources, and not too long ago several new sources of topo and satellite maps were introduced. -Jason kg4wsv ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
- use good passwords (google that one, several articles available) - keep the OS patched regularly. turn on automatic updates if patching isn't part of your routine. Yes, a bad patch _can_ cause trouble but unless you have the vigilance of a paranoid sysadmin you're far more likely to be burned by lack of a patch than a bad patch. There are other things (turning off unused services, change passwords regularly, use layered defenses, etc) but if you cover these 3 you're unlikely to be compromised in a typical environment. I completely agree with Jason that there is a lot of little things that need to be done to secure a Raspberry Pi (or any other Linux box connected to the raw Internet). In addition to all that, the Raspberry Pi platform poses unique challenges since it uses flimsy storage (SD card), prone to power issues, can be in a high RF environment, etc. As such, I've been working on a Rpi hardening document document if anyone is interested: #Actually is RPi3 centric now http://www.trinityos.com/HAM/CentosDigitalModes/RPi/rpi2-setup.html --David KI6ZHD ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
Jason, Can not say exactly how I ran into this issuefollowing your tutorial but I did and it was the second time it happened to me. The first configuring a WeeWX pi. This discussion started when Chris appeared to have the same issue on 2/16 and was asking how to fix the pi boot refusal. I was trying to follow a couple of Xastir help files, not really keeping track until I rebooted and could not log in. The light went off and I knew what I did. This time I had the root password set up and could fix the issue. My input would be to avoid sudo su in tutorials where newbies, like me, may 'shoot' themselves, unknowingly. I believe you can accomplish the same commands with sudo as you would without it after the sudo su. No harm, no foul we are all just amateurs trying to have fun. Pleasure communicating with you.. Any suggestions on how to improve the Xastir mapping? 73 Den On 2/16/2017 12:20 PM, Jason KG4WSV wrote: I just did a quick read of http://tnc-x.com/TNCPi.pdf and while there is an apparently unneeded invocation of startx, there were no instructions to do it as root nor did I see prior instructions that would have left you in a root shell. Maybe I read too quickly or there are some out of date instructions floating around. I forgot instructions on how to change the root password after recommending everyone should - sorry about that. To change the root password: pi$ sudo passwd root New password for root: Retype new password: Root can override anyone's password without knowing the old one. You can change the pi user's password the same way, or by the usual unprivileged method: pi$ passwd Old password: New password: Repeat new password: -Jason kg4wsv ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
> On Feb 16, 2017, at 10:44 AM, Denwrote: > > perhaps you could advise the new Pi user just how to protect themselves > definitely NOT a popular subject on the web The problem is that security is at best inconvenient, it isn't always trivial, and it's never ending. For a pi or any system on the 'net: - change the default root (or other admin) and default user (e.g. pi) passwords - use good passwords (google that one, several articles available) - keep the OS patched regularly. turn on automatic updates if patching isn't part of your routine. Yes, a bad patch _can_ cause trouble but unless you have the vigilance of a paranoid sysadmin you're far more likely to be burned by lack of a patch than a bad patch. There are other things (turning off unused services, change passwords regularly, use layered defenses, etc) but if you cover these 3 you're unlikely to be compromised in a typical environment. -j ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
I just did a quick read of http://tnc-x.com/TNCPi.pdf and while there is an apparently unneeded invocation of startx, there were no instructions to do it as root nor did I see prior instructions that would have left you in a root shell. Maybe I read too quickly or there are some out of date instructions floating around. I forgot instructions on how to change the root password after recommending everyone should - sorry about that. To change the root password: pi$ sudo passwd root New password for root: Retype new password: Root can override anyone's password without knowing the old one. You can change the pi user's password the same way, or by the usual unprivileged method: pi$ passwd Old password: New password: Repeat new password: -Jason kg4wsv ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
On Thursday, February 16, 2017 11:44:36 AM PST Den wrote: > Well, I stumbled on this anomaly and it looks like others have too where > you can 'shoot yourself'. Get locked out and not be able to get back in. > And so far, there is no recovery, except logging in as root. There are > way too many shoddy tutorials on the web that lure users into pulling > the trigger. "sudo su" then down the page "xstart" BAM Yes, far to many of those. > I'd prefer to have more control over my guns rather than to have them go > off unintentionally. It's kind of like having a modern rifle and finding the instructions on the web for a muzzleloader. Pour the powder in, stuff down a bullet, pull the trigger and BAM. > > Of course, change the Pi password and create a root password. Both > should be strong. Don't think I advised differently? Actually am tired > of helping people who did not take the simplest precautions right up front. > > KEN; > > perhaps you could advise the new Pi user just how to protect > themselves definitely NOT a popular subject on the web I'm working on a couple of RPi/radio combos that need to be properly configured and I'll try to write up the details. The problem is finding the ATU's to do it and staying focused...oh look 'Squirrel'...long enough. ... -- Ken - N7IPB Email: n7...@wetnet.net JID: n7...@jabber.wetnet.net PGP Sig: F42B EF90 3CD3 31C7 3056 122E 993A 7B2E 5138 C42A “I never am really satisfied that I understand anything; because, understand it well as I may, my comprehension can only be an infinitesimal fraction of all I want to understand” -Ada Lovelace signature.asc Description: This is a digitally signed message part. ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
Well, I stumbled on this anomaly and it looks like others have too where you can 'shoot yourself'. Get locked out and not be able to get back in. And so far, there is no recovery, except logging in as root. There are way too many shoddy tutorials on the web that lure users into pulling the trigger. "sudo su" then down the page "xstart" BAM I'd prefer to have more control over my guns rather than to have them go off unintentionally. Of course, change the Pi password and create a root password. Both should be strong. Don't think I advised differently? Actually am tired of helping people who did not take the simplest precautions right up front. KEN; perhaps you could advise the new Pi user just how to protect themselves definitely NOT a popular subject on the web 73 Den On 2/16/2017 11:08 AM, Jason KG4WSV wrote: On Feb 16, 2017, at 9:19 AM, Denwrote: I'll let you explore how to create a root password, which I recommend. Obviously those with more knowledge think we commoners, and the owner of the Pi, should not use. Well, the problem was that you shot yourself in the foot by running something as root. Maybe they're onto something. sudo is configured on by default for the pi user. Use of sudo instead of using a full root shell (su or sudo bash) or even worse logging in a root is considered best practice for security reasons. Using sudo allows minimal privilege escalation to accomplish a task and consequently minimizes risk. If your pi is to be exposed to the internet, or maybe even on a home network, the passwords _should_ be changed for both the pi and root users. Default passwords are extremely insecure - there are days when I see over 10k brute force login attempts against a dozen or so systems, where attackers are looking for me and my users to rely on default or dumb passwords. -j ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
On Thursday, February 16, 2017 10:08:31 AM PST Jason KG4WSV wrote: > > On Feb 16, 2017, at 9:19 AM, Denwrote: > > > > I'll let you explore how to create a root password, which I recommend. > > Obviously those with more knowledge think we commoners, and the owner of > > the Pi, should not use. > Well, the problem was that you shot yourself in the foot by running > something as root. Maybe they're onto something. > > sudo is configured on by default for the pi user. Use of sudo instead of > using a full root shell (su or sudo bash) or even worse logging in a root > is considered best practice for security reasons. Using sudo allows minimal > privilege escalation to accomplish a task and consequently minimizes risk. > > If your pi is to be exposed to the internet, or maybe even on a home > network, the passwords _should_ be changed for both the pi and root users. > Default passwords are extremely insecure - there are days when I see over > 10k brute force login attempts against a dozen or so systems, where > attackers are looking for me and my users to rely on default or dumb > passwords. And one additional item to add to Jasons excellent comment. Never, never, never put a pi on the internet without either putting it behind a firewall or installing the appropriate firewall rules on the pi itself. Out of the box there is NO protection other than your password and those are far to easy to crack. Put it behind your home router, or better yet put it on it's own subnet, and enable a port forward if you must have Internet access. And for good measure, pick some other port number instead of the standard ssh port that everyone attacks and have that on the Internet facing side. The shear number of attacks on standard ports is incredible and if you have a system or two directly on the Internet, like I do, you put into place all kinds of additional tools to combat the bad guys. For most casual use putting your RPi behind your home firewall and perhaps forwarding a port or two works, but be careful. There are far too many compromised devices out there and it's getting worse. -- Ken - N7IPB Email: n7...@wetnet.net JID: n7...@jabber.wetnet.net PGP Sig: F42B EF90 3CD3 31C7 3056 122E 993A 7B2E 5138 C42A “I never am really satisfied that I understand anything; because, understand it well as I may, my comprehension can only be an infinitesimal fraction of all I want to understand” -Ada Lovelace signature.asc Description: This is a digitally signed message part. ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
> On Feb 16, 2017, at 9:19 AM, Denwrote: > > I'll let you explore how to create a root password, which I recommend. > Obviously those with more knowledge think we commoners, and the owner of the > Pi, should not use. Well, the problem was that you shot yourself in the foot by running something as root. Maybe they're onto something. sudo is configured on by default for the pi user. Use of sudo instead of using a full root shell (su or sudo bash) or even worse logging in a root is considered best practice for security reasons. Using sudo allows minimal privilege escalation to accomplish a task and consequently minimizes risk. If your pi is to be exposed to the internet, or maybe even on a home network, the passwords _should_ be changed for both the pi and root users. Default passwords are extremely insecure - there are days when I see over 10k brute force login attempts against a dozen or so systems, where attackers are looking for me and my users to rely on default or dumb passwords. -j ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
I tried to answer Chris both privately and this list. had issues that the list did not like my formatting. Think eventually my reply made it... not sure though 73 den I'm just playing with Raspian, but I'm not running Xastir on it, it was W2DEN who was doing that. My current work is with Direwolf to make an igate out of an Rpi. On Wed, Feb 15, 2017 at 4:25 PM, Chris Viningrewrote: Curt, What Distro are you using? I tried with the instructions that came with the TNC-Pi running Raspbain Pixel and it keep locking up at the password when it rebooted. Chris Viningre 70 W. Roadrunner Salt Flat, Texas 79847 C:(915) 504-1510 chrisvinin...@gmail.com Amateur Radio Operator: WS5B https://www.qrz.com/db/ws5b http://www.reverbnation.com/chrisviningre On Wed, Feb 15, 2017 at 8:16 AM, Curt Mills wrote: Good deal! On Wed, Feb 15, 2017 at 7:08 AM, Den wrote: Just needed to add the Internet Server Interface Control with my APRS Passcode. Who knew? Well now I do! 73 Den On 2/15/2017 9:12 AM, Den wrote: I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My tracker shows up on the Xastir map as it should. The issue is Xastir will not iGate. It will digipeat but not iGate. The Pi is WiFi to my local internet router which looks OK... I have gone over the settings multiple times with out success. Using a different rig / computer etc. my tracker gets iGated without issue. Switch to the Pi and no luck. Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a successful digipeat) and -3 the other computer running APRSIS32 with many igates. You can find me on aprs.fl. Any help would be appreciated. ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir -- Curt, WE7U http://we7u.wetnet.net http://www.sarguydigital.com ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
I'm just playing with Raspian, but I'm not running Xastir on it, it was W2DEN who was doing that. My current work is with Direwolf to make an igate out of an Rpi. On Wed, Feb 15, 2017 at 4:25 PM, Chris Viningrewrote: > Curt, What Distro are you using? I tried with the instructions that > came with the TNC-Pi running Raspbain Pixel and it keep locking up at > the password when it rebooted. > Chris Viningre > 70 W. Roadrunner > Salt Flat, Texas 79847 > C:(915) 504-1510 > chrisvinin...@gmail.com > Amateur Radio Operator: WS5B > https://www.qrz.com/db/ws5b > http://www.reverbnation.com/chrisviningre > > > On Wed, Feb 15, 2017 at 8:16 AM, Curt Mills wrote: > > Good deal! > > > > On Wed, Feb 15, 2017 at 7:08 AM, Den wrote: > > > >> Just needed to add the Internet Server Interface Control with my APRS > >> Passcode. > >> > >> Who knew? Well now I do! > >> > >> 73 > >> Den > >> > >> On 2/15/2017 9:12 AM, Den wrote: > >> > >>> I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My > >>> tracker shows up on the Xastir map as it should. The issue is Xastir > will > >>> not iGate. It will digipeat but not iGate. > >>> > >>> The Pi is WiFi to my local internet router which looks OK... I have > gone > >>> over the settings multiple times with out success. > >>> Using a different rig / computer etc. my tracker gets iGated without > >>> issue. Switch to the Pi and no luck. > >>> > >>> Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a > >>> successful digipeat) and -3 the other computer running APRSIS32 with > many > >>> igates. > >>> You can find me on aprs.fl. > >>> > >>> Any help would be appreciated. > >>> > >>> > >> ___ > >> Xastir mailing list > >> Xastir@lists.xastir.org > >> http://xastir.org/mailman/listinfo/xastir > >> > > > > > > > > -- > > Curt, WE7U > > http://we7u.wetnet.net > > http://www.sarguydigital.com > > ___ > > Xastir mailing list > > Xastir@lists.xastir.org > > http://xastir.org/mailman/listinfo/xastir > ___ > Xastir mailing list > Xastir@lists.xastir.org > http://xastir.org/mailman/listinfo/xastir > -- Curt, WE7U http://we7u.wetnet.net http://www.sarguydigital.com ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
Curt, What Distro are you using? I tried with the instructions that came with the TNC-Pi running Raspbain Pixel and it keep locking up at the password when it rebooted. Chris Viningre 70 W. Roadrunner Salt Flat, Texas 79847 C:(915) 504-1510 chrisvinin...@gmail.com Amateur Radio Operator: WS5B https://www.qrz.com/db/ws5b http://www.reverbnation.com/chrisviningre On Wed, Feb 15, 2017 at 8:16 AM, Curt Millswrote: > Good deal! > > On Wed, Feb 15, 2017 at 7:08 AM, Den wrote: > >> Just needed to add the Internet Server Interface Control with my APRS >> Passcode. >> >> Who knew? Well now I do! >> >> 73 >> Den >> >> On 2/15/2017 9:12 AM, Den wrote: >> >>> I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My >>> tracker shows up on the Xastir map as it should. The issue is Xastir will >>> not iGate. It will digipeat but not iGate. >>> >>> The Pi is WiFi to my local internet router which looks OK... I have gone >>> over the settings multiple times with out success. >>> Using a different rig / computer etc. my tracker gets iGated without >>> issue. Switch to the Pi and no luck. >>> >>> Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a >>> successful digipeat) and -3 the other computer running APRSIS32 with many >>> igates. >>> You can find me on aprs.fl. >>> >>> Any help would be appreciated. >>> >>> >> ___ >> Xastir mailing list >> Xastir@lists.xastir.org >> http://xastir.org/mailman/listinfo/xastir >> > > > > -- > Curt, WE7U > http://we7u.wetnet.net > http://www.sarguydigital.com > ___ > Xastir mailing list > Xastir@lists.xastir.org > http://xastir.org/mailman/listinfo/xastir ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
Re: [Xastir] FIXED No iGate, please help
Good deal! On Wed, Feb 15, 2017 at 7:08 AM, Denwrote: > Just needed to add the Internet Server Interface Control with my APRS > Passcode. > > Who knew? Well now I do! > > 73 > Den > > On 2/15/2017 9:12 AM, Den wrote: > >> I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My >> tracker shows up on the Xastir map as it should. The issue is Xastir will >> not iGate. It will digipeat but not iGate. >> >> The Pi is WiFi to my local internet router which looks OK... I have gone >> over the settings multiple times with out success. >> Using a different rig / computer etc. my tracker gets iGated without >> issue. Switch to the Pi and no luck. >> >> Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a >> successful digipeat) and -3 the other computer running APRSIS32 with many >> igates. >> You can find me on aprs.fl. >> >> Any help would be appreciated. >> >> > ___ > Xastir mailing list > Xastir@lists.xastir.org > http://xastir.org/mailman/listinfo/xastir > -- Curt, WE7U http://we7u.wetnet.net http://www.sarguydigital.com ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir
[Xastir] FIXED No iGate, please help
Just needed to add the Internet Server Interface Control with my APRS Passcode. Who knew? Well now I do! 73 Den On 2/15/2017 9:12 AM, Den wrote: I have XASTIR running on a Pi 3 B with a TNC-Pi. All looks good. My tracker shows up on the Xastir map as it should. The issue is Xastir will not iGate. It will digipeat but not iGate. The Pi is WiFi to my local internet router which looks OK... I have gone over the settings multiple times with out success. Using a different rig / computer etc. my tracker gets iGated without issue. Switch to the Pi and no luck. Call used is W2DEN. SSID -5 is my tracker, -7 the Pi Xastir (with a successful digipeat) and -3 the other computer running APRSIS32 with many igates. You can find me on aprs.fl. Any help would be appreciated. ___ Xastir mailing list Xastir@lists.xastir.org http://xastir.org/mailman/listinfo/xastir