On Fri, Oct 5, 2018 at 1:26 PM Robert Nelson <robertcnel...@gmail.com> wrote:
> So to meet (1), should we just use the "serial number" on the side of > the board, or mac address, etc...? I don't recall how that sticker is generated but if the board "knows" that value than I think this would be fine. MACs have the issue of broadcasting themselves over networks. I believe the point of this legislation, and IANAL, is to prevent the mass baby-cam like spying where all credentials are default and never changed. Thus, while the password is just a sticker on the board, it solves this requirement. A more user-friendly one is perhaps a QR code somewhere but has logistical and supply-chain complications. > > Or to meet (2), require use to change default password, the problem, > #2 States: "before access is granted"... My initial fix is "after > access is granted"... I would agree. > > Or Option 3: ship the boards blank... ;) Would also meet the requirement, but my wink-detection is working I think, so from a usability perspective, probably not ideal. > > and what about "root:root"... do we nuke "root" by default and just > let the user init it... Are you asking if the root password should be root and/or if we should allow root over ssh? If this was a server (and sometimes beagles tend to be), I think best practices would be: - no root login (over ssh or serial) - ssh via pubkey only But sometimes the beagle is just this hardware hacking tool, ya know? And in this case it's a big pain to remember the unique password when all you want this thing to do is dump a SPI flash and return the results. The problem is when a hardware-hacking beagle gets plugged into the internet with default passwords and then shuts down half the Internet so somebody's minecraft server gets taken down. I'm not sure what to recommend. I could see a path where there is the sticker password and then on first connect there are some init steps depending on use case. But if you connect with the browser first (which admittedly, I never do) then this flow probably wouldn't work. So, changing the default password to the sticker value would otherwise meet those requirements I think. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CAC7jEXeTOCzoJspqGFueMtGhxteriJurdoH%2Bgr-rBE0SUO%2B-Yw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
