tech_monkey
Posts: 130
Joined: Fri Mar 09, 2012 6:12 pm

Re: SecuriPi

Sat Jul 28, 2012 6:59 pm

Why not use RFID tags. These could be stuck to the PI so that removal would damage the PI. Just place at least 3 readers around the event, and not only will you be able to detect that a PI has gone missing but you can track it as well. So you can catch the thief before he leaves the building.
Wavetrend make a few RFID goodies, they even do an RFID tag with a motion sensor built into it. Their micro tag range would probably be the most suitable. The RX211 Access Reader looks quite good as it can run in a stand alone mode, but if you want realtime location tracking then you would need a PI.
http://www.wavetrend.net/activduo-tags.php
http://www.wavetrend.net/activ-tags.php
http://www.wavetrend.net/readers.php

The only problem I would see is cost of implementing such a system
http://www.casatech.eu

twocvbloke
Posts: 60
Joined: Tue Jul 24, 2012 3:11 pm
Location: Co. Durham, UK
Contact: Website

Re: SecuriPi

Sat Jul 28, 2012 9:11 pm

What about one of them alarm systems they use in large electronics retail stores? Where they stick a pad onto the item in question, tether it up to an alarm device, and if the item is pulled too far from the tether, the thing breaks a circuit which trips the alarm and flashes a device number LED on the panel so people know which board has been taken, and hey presto, secured Pi boards... :mrgreen:

Certainly worked for Maplin yesterday when a fella near me was fondling some audio mixer thing and accidentally broke off the tag thing setting the alarm off (whose loud siren almost made me pass out cos I have seriously over-sensitive hearing, so it hurt!!!), I don't think he was trying to nick it, just wanting to view it thoroughly, he looked like he was in his late 50's and not exactly fit enough to run out of the store by himself.... :lol:

pygmy_giant
Posts: 1562
Joined: Sun Mar 04, 2012 12:49 am

Re: SecuriPi

Sat Jul 28, 2012 10:34 pm

C'mon fellas, lets not pussyfoot about - whats needed is an airport x-ray machine and a thorough patting down by security staff before release from the venue.

W. H. Heydt
Posts: 11274
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SecuriPi

Sat Jul 28, 2012 11:19 pm

twocvbloke wrote:What about one of them alarm systems they use in large electronics retail stores? Where they stick a pad onto the item in question, tether it up to an alarm device, and if the item is pulled too far from the tether, the thing breaks a circuit which trips the alarm and flashes a device number LED on the panel so people know which board has been taken, and hey presto, secured Pi boards... :mrgreen:
That's what tech_monkey is talking about: RFID tags. You need to buy enough tags to go around PLUS the readers to cover all the entrances/exits. It's the readers that are expensive. Other than that...RFID is a very good idea.

lewmur
Posts: 386
Joined: Sun Dec 25, 2011 3:20 pm
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 1:16 am

rurwin wrote:Only if you have previously ported Python to DexOS. That is a significant effort, particularly so since DexOS-the-person is probably very uninterested in doing it.
If the owner of the DexOS Pi isn't interested in protecting their Pi, then that's their problem. No solution is perfect but it would be silly to abandon a good one just because of a rare exception.

User avatar
Lob0426
Posts: 2198
Joined: Fri Aug 05, 2011 4:30 pm
Location: Susanville CA.
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 1:30 am

I really do not think that protecting all of the RasPi's is what is needed. Definitely the ones going to Jams and other public events. The fact that any such software would reside on the SD card does not mean it will not work. The average light fingered non professional thief is not very smart about such things. And the price point means there is not going to be many professional RasPi thieves. Physical security and some electronic monitoring, with appropriate warnings, not to attemp to disconnect will probably suffice. Imbedding tracking into every single kernel may be just a little overboard. you will be adding to memery usage and network usage. Besides, :cry: those of us that are paranoid about any tracking info will not be amused!
512MB version 2.0 as WordPress Server
Motorola Lapdock with Pi2B
Modded Rev 1.0 with pin headers at USB

http://rich1.dyndns.tv/
(RS)Allied ships old stock to reward its Customers for long wait!

CCitizenTO
Posts: 83
Joined: Sun May 20, 2012 2:14 am

Re: SecuriPi

Sun Jul 29, 2012 7:05 am

Naturally this discussion is going to focus more on PHYSICAL SECURITY than anything else. Since Physical Security is what keeps people from picking things up and walking off with them.

I would suggest perhaps for display purposes a clear acrylic case like the one shown earlier in this topic. It should be larger than the Pi and have holes for bolting the case down to something big and bulky like say a table. Additionally you may want to build two versions one which leaves the SD Card open to swapping (ideal for people who want to let other people use their Pi for testing) and one that prevents removal of the SD Card. Also you will want to make sure that the GPIO pins are accessible and other input and output ports are also handy in a manner similar to many of the existing cases. I dont believe we need to worry about leaving the DSI or I2C ports accessible at the moment since neither of them can be used at this point in time.

Also I think it is worth pointing out that you cant count on the Pi to do anything you set it up to do after it has been stolen because everything is stored on the SD card. There is no firmware or anywhere to hide things on the physical hardware of the Pi. So unless someone booted up the Pi with the same SD card such measures as having the Pi emailing you when booted would fail.

As for secret codes hidden in kernels and what not... I'd rather some jackass walk off with my $35 Pi than deal with any 'Big Brother' crap. I like the Pi as it is. Unlike conventional hardware for computers with firmwares on boards and stuff like that where spyware and viruses can hide there is no where for a virus or spyware to hide in a Pi because there is no onboard storage.

User avatar
alexeames
Forum Moderator
Forum Moderator
Posts: 2869
Joined: Sat Mar 03, 2012 11:57 am
Location: UK
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 8:42 am

CCitizenTO wrote:Also I think it is worth pointing out that you cant count on the Pi to do anything you set it up to do after it has been stolen because everything is stored on the SD card. There is no firmware or anywhere to hide things on the physical hardware of the Pi. So unless someone booted up the Pi with the same SD card such measures as having the Pi emailing you when booted would fail.
This is true and obvious and we can't get away from it. But the point is that, in my view, the kind of person who knows how to reimage an SD card is unlikely to be the kind of person to steal a Pi. It's just a tool in the armoury, that just might help. :D I can't really see the Police being too bothered about a $35 computer either. I also think, for events, physical security is the main way to go.
CCitizenTO wrote:As for secret codes hidden in kernels and what not... I'd rather some jackass walk off with my $35 Pi than deal with any 'Big Brother' crap. I like the Pi as it is.
I'd rather keep my Pi AND not deal with any 'Big Brother' crap. :lol: The thing I like about the emailing idea is that the owner can choose whether or not to use it. :D The duct taping of cables is brilliant because it's cheap, easy and you can make it look as if it's health and safety rather than "we're trying to stop you thieving gits from nicking our stuff". Also non-destructive to the venue as well.
Alex Eames RasPi.TV, RasP.iO

twocvbloke
Posts: 60
Joined: Tue Jul 24, 2012 3:11 pm
Location: Co. Durham, UK
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 9:32 am

W. H. Heydt wrote:That's what tech_monkey is talking about: RFID tags. You need to buy enough tags to go around PLUS the readers to cover all the entrances/exits. It's the readers that are expensive. Other than that...RFID is a very good idea.
Nope, not quite, RFID tags are wireless devices, what I was talking about is a physical tether on a wire, as in a wire that attaches to the sticky pad which forms a circuit, and if the circuit is broken, an alarm goes off...

Just like when you go to a mobile phone shop and want to look at the phones in detail, and they have a tether attached to the back of them, so it's physically anchored, but with a disconnection alarm to boot... :)

User avatar
Jim Manley
Posts: 1600
Joined: Thu Feb 23, 2012 8:41 pm
Location: SillyCon Valley, California, and Powell, Wyoming, USA, plus The Universe
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 10:52 am

AndrewS wrote:/proc (and /sys too) is a virtual filesystem, not 'real' files that can be edited ;)

DUH! Just goes to show how late it is when I type most of my schlock. Thanks for reminding me. I work on so many different OS variants in a given day/week/month/year that I'm amazed I'm able to get anything done on any of them. No wonder vi didn't work at the command prompt on a Windows system (that didn't have MingW, a *n*x running virtually, etc.)! :D
As the late, great, Arte Johnson playing the tryicycle-pedaling German soldier on "Laugh-In" would say, "Vellllly intellesthting ... but schtoopit!"
... part of the reason for keeping the cost so low was so that it wouldn't be attractive to thieves, and even if it was stolen it would be easy to replace.
A lot of assumptions about the demand for the Pi made before the Fall of 2011 have been torn to shreds. It was interesting to see in Eben's recent interview on "Triangulation" with Leo LaPorte on TWiT.tv that, as late as mid-2011, estimates were as low as a few hundred boards! I realize that to tech-heads, $35 is Starbucks drink money, but, to educators who often dip into their own pockets to buy supplies for their classes, it's a lot of money, especially if it has to be multiplied by more than one, usually closer to 100 for the average teacher with at least three classes of different students to teach in high/secondary schools.

Even SillyCon Valley butts right up against the migrant-worker-dominated vast agricultural areas of the Salinas and Central/San Joaquin Valleys that feed a good chunk of the world as well as the U.S. Just getting the kids there to learn English is a challenge, much less the English in which math and science are taught. A lot of those kids live in cardboard and maybe plywood shanty towns, and the Pi today will be as rare as a Cray would have been in any schools 30 years ago.
The best things in life aren't things ... but, a Pi comes pretty darned close! :D
"Education is not the filling of a pail, but the lighting of a fire." -- W.B. Yeats
In theory, theory & practice are the same - in practice, they aren't!!!

pygmy_giant
Posts: 1562
Joined: Sun Mar 04, 2012 12:49 am

Re: SecuriPi

Sun Jul 29, 2012 1:16 pm

In addition to a cultural and economic factors there is also a demographic element at play. Assuming that the majority of posters on this thread are 30+ (showing my age - apologies if this is incorrect) , we probably became switched on to computers when they were an emerging home technology in the 80s. We have watched sci-fi become reality and get excited about what direction tech might take.

For my son tech is a fact of life. The GUI language of computers is something children now pick up alongside written and spoken language. They play computer games more than sport and learn IT at school from an increasingly early age.

I think this creates a different attitude in kids - they take tech for granted and see it as as disposable.

If you let them swarm around a table of Pis, they will not regard them with the same awe and reverence that perhaps we once did. Any corner shop keeper will also tell you that light fingured children are not a rarity. Really it is a form of flattery for the foundation for a child to become facinted by the Pi and slip it in their pocket.

Its sad that not all children have that opportunity - perhaps there is room for more initiatives to get them to deprived communities.

CCitizenTO
Posts: 83
Joined: Sun May 20, 2012 2:14 am

Re: SecuriPi

Sun Jul 29, 2012 3:36 pm

alexeames wrote: I'd rather keep my Pi AND not deal with any 'Big Brother' crap. :lol: The thing I like about the emailing idea is that the owner can choose whether or not to use it. :D The duct taping of cables is brilliant because it's cheap, easy and you can make it look as if it's health and safety rather than "we're trying to stop you thieving gits from nicking our stuff". Also non-destructive to the venue as well.
This is also true though I do think a clear acrylic case that is bolted down or chained to something would appear similarly as well. You're protecting the people from the Pi (who might be curious and poke it with their fingers and get shocked) as well as protecting the Pi from the people (who might try to swipe it).

User avatar
AndrewS
Posts: 3625
Joined: Sun Apr 22, 2012 4:50 pm
Location: Cambridge, UK
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 6:24 pm

CCitizenTO wrote:You're protecting the people from the Pi (who might be curious and poke it with their fingers and get shocked)
I remember Liz saying that because the RPi is designed to be used/poked/prodded by schoolkids, you can't get a shock from it :)

User avatar
alexeames
Forum Moderator
Forum Moderator
Posts: 2869
Joined: Sat Mar 03, 2012 11:57 am
Location: UK
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 7:02 pm

AndrewS wrote:
CCitizenTO wrote:You're protecting the people from the Pi (who might be curious and poke it with their fingers and get shocked)
I remember Liz saying that because the RPi is designed to be used/poked/prodded by schoolkids, you can't get a shock from it :)
You can't get much of a shock from 5V. Ever licked a 9V battery? This is (just over) half as much. :lol:
Alex Eames RasPi.TV, RasP.iO

User avatar
AndrewS
Posts: 3625
Joined: Sun Apr 22, 2012 4:50 pm
Location: Cambridge, UK
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 7:13 pm

alexeames wrote:You can't get much of a shock from 5V. Ever licked a 9V battery? This is (just over) half as much. :lol:
Despite the delicious-sounding name, I don't recommend that anybody licks their Raspberry Pi though :!: :lol:

pygmy_giant
Posts: 1562
Joined: Sun Mar 04, 2012 12:49 am

Re: SecuriPi

Sun Jul 29, 2012 7:38 pm

When I was at school there was one boy in our class who would, in physics lessons, crank the power supply right up to its highest setting and electrify his tongue so it would convulse.

User avatar
DexOS
Posts: 876
Joined: Wed May 16, 2012 6:32 pm
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 7:49 pm

You just need one of these (controlled by a PI of cause )
http://www.youtube.com/watch?v=b0ZFWe3U ... re=related
Batteries not included, Some assembly required.

User avatar
Jim Manley
Posts: 1600
Joined: Thu Feb 23, 2012 8:41 pm
Location: SillyCon Valley, California, and Powell, Wyoming, USA, plus The Universe
Contact: Website

Re: SecuriPi

Sun Jul 29, 2012 10:17 pm

alexeames wrote:You can't get much of a shock from 5V. Ever licked a 9V battery? This is (just over) half as much. :lol:
It's not the voltage, it's the current flow that matters. It's very unlikely that anyone could be electrocuted by a Pi (especially if a keyboard is plugged in ;) ) unless the power supply wires were inserted beneath the surface of the skin across the heart. However, everyone should maintain a healthy respect for electricity, whether it's DC or AC, high voltage or low voltage. It only takes a few hundred milliamps of current to cause myocardial infarction (a heart attack) by electrocution interrupting the normal heartbeat, and the voltage at those current levels can be as low as a few volts if it passes directly through the heart muscle. If you want to very effectively kill yourself in a rapid fashion, wet your hands and grab the terminals of a 6 or 12 volt vehicle battery - I guarantee that if your fingers don't spasm off the terminals, you won't live to tell the tale.
The best things in life aren't things ... but, a Pi comes pretty darned close! :D
"Education is not the filling of a pail, but the lighting of a fire." -- W.B. Yeats
In theory, theory & practice are the same - in practice, they aren't!!!

khh
Posts: 49
Joined: Thu Jul 26, 2012 12:16 am

Re: SecuriPi

Sun Jul 29, 2012 10:45 pm

Jim Manley wrote:It's not the voltage, it's the current flow that matters.
Well.. "Voltage hurts, but current kills".
Jim Manley wrote:If you want to very effectively kill yourself in a rapid fashion, wet your hands and grab the terminals of a 6 or 12 volt vehicle battery - I guarantee that if your fingers don't spasm off the terminals, you won't live to tell the tale.
You'd probably have to wet your hands with something conductive - like salt water - rather than regular water to get the conductivity needed.

User avatar
AndrewS
Posts: 3625
Joined: Sun Apr 22, 2012 4:50 pm
Location: Cambridge, UK
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 1:42 am

DexOS wrote:You just need one of these (controlled by a PI of cause )
http://www.youtube.com/watch?v=b0ZFWe3U ... re=related
:shock: It's a slippery slope from there to ED 209 ;)
"Put down Jim's Raspi. You have 20 seconds to comply!"

W. H. Heydt
Posts: 11274
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SecuriPi

Mon Jul 30, 2012 2:16 am

Jim Manley wrote:
alexeames wrote:You can't get much of a shock from 5V. Ever licked a 9V battery? This is (just over) half as much. :lol:
It's not the voltage, it's the current flow that matters. It's very unlikely that anyone could be electrocuted by a Pi (especially if a keyboard is plugged in ;) ) unless the power supply wires were inserted beneath the surface of the skin across the heart. However, everyone should maintain a healthy respect for electricity, whether it's DC or AC, high voltage or low voltage. It only takes a few hundred milliamps of current to cause myocardial infarction (a heart attack) by electrocution interrupting the normal heartbeat, and the voltage at those current levels can be as low as a few volts if it passes directly through the heart muscle. If you want to very effectively kill yourself in a rapid fashion, wet your hands and grab the terminals of a 6 or 12 volt vehicle battery - I guarantee that if your fingers don't spasm off the terminals, you won't live to tell the tale.
Dredging up memories that are way too old... IIRC it take 100mA to kill and the DC impedance of a human being is about 100K-Ohms.

AC has the added interesting characteristic that if the frequency is high enough, the current will flow across the skin and not through the body. Nikola Tesla did demonstrations in which he would garb a terminal with each had with 1 MV across them...of very high frequency. He wore conductive gloves to protect from RF burns, if I'm not mistaken.

So while I agree that one should respect electrical and electronic equipment and take suitable precautions, the chance of sustaining injury from *electrical* causes from a Pi are...rather low.

gritz
Posts: 449
Joined: Sat Jan 28, 2012 2:33 am

Re: SecuriPi

Mon Jul 30, 2012 2:22 am

khh wrote:
Jim Manley wrote:It's not the voltage, it's the current flow that matters.
Well.. "Voltage hurts, but current kills".
Jim Manley wrote:If you want to very effectively kill yourself in a rapid fashion, wet your hands and grab the terminals of a 6 or 12 volt vehicle battery - I guarantee that if your fingers don't spasm off the terminals, you won't live to tell the tale.
You'd probably have to wet your hands with something conductive - like salt water - rather than regular water to get the conductivity needed.
I worry about the frailty of the average computer geek sometimes! First we had the whole "50°C is too hot to touch" thing and now it's "6V - 12V induces spasms with damp hands".

California would ban PP3 batteries tomorrow if such were true! Oh, and just because a car battery is capaple of delivering hundreds of amps without breaking into a sweat, Ohms Law means that it won't, unless you're the Tin Man. If anyone is so conductive that they'll burst into flames from the input of a bicycle dynamo then I'd suggest that they try a lower salt diet.

*Obviously this post isn't meant as a licence to test one's threshold to electrical discombobulation. I do however feel the need to mock. 12v thru mebbe 100k Ohm minimum hand to hand (wet skin) is microamps. Not a big deal.

User avatar
AndrewS
Posts: 3625
Joined: Sun Apr 22, 2012 4:50 pm
Location: Cambridge, UK
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 3:31 am

gritz wrote:
Jim Manley wrote:If you want to very effectively kill yourself in a rapid fashion, wet your hands and grab the terminals of a 6 or 12 volt vehicle battery - I guarantee that if your fingers don't spasm off the terminals, you won't live to tell the tale.
I worry about the frailty of the average computer geek sometimes! First we had the whole "50°C is too hot to touch" thing and now it's "6V - 12V induces spasms with damp hands".

I do however feel the need to mock. 12v thru mebbe 100k Ohm minimum hand to hand (wet skin) is microamps. Not a big deal.
Careful - you don't want Jim to get his Navy buddies to fill your pockets with thermite ;)

User avatar
Lob0426
Posts: 2198
Joined: Fri Aug 05, 2011 4:30 pm
Location: Susanville CA.
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 4:21 am

Lets see:
Don't lick a RasPi. They do not taste like a raspberry and it may hurt the RasPi, but it will not kill you if you do!

Do not imbed a RasPi in your chest, It may kill you if the surgery doesn't.

You can tickle your tongue with 9v but the RasPi puts out only a little more than half that. So would a RasPi tickle if you licked it. (see post above about licking RasPii).

Do not wet your hands with salt water before touching the car battery, Though I think this is because you are more likely to drop it on your foot and cause damage, than being shocked to death.

And Computer geeks are frail because 50C (122F) is to hot for their fingers. Of course that would be different if you were sitting in a room that hot!

Think I got it now :lol:
512MB version 2.0 as WordPress Server
Motorola Lapdock with Pi2B
Modded Rev 1.0 with pin headers at USB

http://rich1.dyndns.tv/
(RS)Allied ships old stock to reward its Customers for long wait!

User avatar
rurwin
Forum Moderator
Forum Moderator
Posts: 4258
Joined: Mon Jan 09, 2012 3:16 pm
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 8:33 am

I once worked in a curing oven at 60C. For short periods your body is perfectly able to cope; however any exposed metal is too hot to touch. The fitter I was working with made the mistake of working bent over for a while so his medallion hung free and reached room temperature. Then he straightened up and it landed back on his chest. :-D

Return to “General discussion”