pygmy_giant
Posts: 1562
Joined: Sun Mar 04, 2012 12:49 am

Re: SecuriPi

Mon Jul 30, 2012 11:04 am

Did he still need to wear the medallion after that?

I worked in a refrigerated warehouse for a while - ice on the floor was a problem - sometimes you would push the cages and all that would move was your feet.

User avatar
AndrewS
Posts: 3625
Joined: Sun Apr 22, 2012 4:50 pm
Location: Cambridge, UK
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 11:19 am

rurwin wrote:I once worked in a curing oven at 60C. For short periods your body is perfectly able to cope; however any exposed metal is too hot to touch. The fitter I was working with made the mistake of working bent over for a while so his medallion hung free and reached room temperature. Then he straightened up and it landed back on his chest. :-D
Something like the scene out of Raiders of the Lost Ark? :D

mikerr
Posts: 2802
Joined: Thu Jan 12, 2012 12:46 pm
Location: UK
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 11:32 am

gritz wrote:now it's "6V - 12V induces spasms with damp hands".

California would ban PP3 batteries tomorrow if such were true! Oh, and just because a car battery is capaple of delivering hundreds of amps without breaking into a sweat, Ohms Law means that it won't, unless you're the Tin Man.
If you happen to be wearing a metal watch when working on a car, the strap can bridge 12V to earth, rapidly heating and melting your skin.
Happened to my dad last month - he now has quite a large cut/gouge around his wrist.
Android app - Raspi Card Imager - download and image SD cards - No PC required !

User avatar
Burngate
Posts: 6159
Joined: Thu Sep 29, 2011 4:34 pm
Location: Berkshire UK Tralfamadore
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 11:39 am

Friend of mine was needing an earth spike for a stand-by generator. So he chose a piece of ground, nice damp earth, held the spike vertically and got his mate to hit it with the sledgehammer.
Everything went dark. And there was a large bang. And half the spike disappeared.
Turned out the main feed to the building ran under that piece of ground.

lewmur
Posts: 386
Joined: Sun Dec 25, 2011 3:20 pm
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 11:59 am

khh wrote:
Jim Manley wrote:It's not the voltage, it's the current flow that matters.
Well.. "Voltage hurts, but current kills".
Jim Manley wrote:If you want to very effectively kill yourself in a rapid fashion, wet your hands and grab the terminals of a 6 or 12 volt vehicle battery - I guarantee that if your fingers don't spasm off the terminals, you won't live to tell the tale.
You'd probably have to wet your hands with something conductive - like salt water - rather than regular water to get the conductivity needed.
Actually, your skin is salty enough that just wetting your fingers will make them more conductive. Try this. Hold the two probes of an ohm meter and check the resistance. Then wet your finger and try it again. Big difference.

khh
Posts: 49
Joined: Thu Jul 26, 2012 12:16 am

Re: SecuriPi

Mon Jul 30, 2012 12:13 pm

lewmur wrote:Actually, your skin is salty enough that just wetting your fingers will make them more conductive. Try this. Hold the two probes of an ohm meter and check the resistance. Then wet your finger and try it again. Big difference.
I know, I've done exactly that. But the resulting resistance is still to high for 12 volts to be fatal. I'm beginning to think you might actually have to put a nail through the skin or something to get a low enough resistance for it to kill.

lewmur
Posts: 386
Joined: Sun Dec 25, 2011 3:20 pm
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 1:05 pm

khh wrote:
lewmur wrote:Actually, your skin is salty enough that just wetting your fingers will make them more conductive. Try this. Hold the two probes of an ohm meter and check the resistance. Then wet your finger and try it again. Big difference.
I know, I've done exactly that. But the resulting resistance is still to high for 12 volts to be fatal. I'm beginning to think you might actually have to put a nail through the skin or something to get a low enough resistance for it to kill.
Much too high. Look at it this way. Medics use 3" paddles coated with saline jelly to restart your heart. And that's with several thousand volts.

pygmy_giant
Posts: 1562
Joined: Sun Mar 04, 2012 12:49 am

Re: SecuriPi

Mon Jul 30, 2012 1:08 pm

So, pooling all the wisdom since the last relevant post, are we saying that some sort of tazer device is the answer to the security issue at events?

User avatar
abishur
Posts: 4477
Joined: Thu Jul 28, 2011 4:10 am
Location: USA
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 3:33 pm

My vote is also for some means of physical security. It would be awesome if that could be like the kingston laptop locks, but there's a hard enough time getting mounting holes ;-)

I don't believe built in software security is the way to go, there's just something a little to George Orwellian about it, ya know? That's certainly not meant to minimize the necessity of securing a pi in at an event, nor to minimize the reality that there are people out there who just suck and would rather steel what other people have worked to earn enough cash to buy.

I just think the emphasis should be on physically securing individual devices. Sadly, even at my Christian College we had a guy go through the dorms and steel a bunch of electronic equipment. The thing that kept my laptop from being stolen was that I had it physically locked to my desk.

I guess I would rather work at keeping the device from being stolen in the first place (a proactive approach if you will), rather than working at finding the device once it has been stolen (a reactive approach).
Dear forum: Play nice ;-)

Rabjerg
Posts: 31
Joined: Fri Jun 29, 2012 7:56 am

Re: SecuriPi

Mon Jul 30, 2012 4:35 pm

Image

Image

I'm for the mechanical solution.
For example something in this direction.

3mm steel or aluminum plate, with a 5mm base.
Can be mounted with 2x M6 screws, and have a Kensington Security Slot in the base.
The cover is screwed on with 3 Allen screws.
One could add a heartbeat monitor to the base pate, and if the base is lifted the alarm sounds, for this to be useful, one (or more) screw(s) should be mounted from below.

User avatar
Lob0426
Posts: 2198
Joined: Fri Aug 05, 2011 4:30 pm
Location: Susanville CA.
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 5:30 pm

I had my flashlight stolen at the Correctional Officer Academy. One guy was escorted out by men in suits. Turned out to be FBI, He had decided it would be the perfect cover to Rob Banks on his way to the Correctional Academy.

There is no GROUP of people that can be considered safe. This is just an unfortunate truth.

For the used at home RasPi there really is no need for any hardcore security. Your kids friends might steal it. But that is relatively easy to figure out. When you take them out into the public, to gain awareness or for tutoring or training, then measures will have to be taken. You are now dealing with people that you have little or no acqaintence with them. Also do not forget that coming up with costly measures wastes money that could be better spent.
512MB version 2.0 as WordPress Server
Motorola Lapdock with Pi2B
Modded Rev 1.0 with pin headers at USB

http://rich1.dyndns.tv/
(RS)Allied ships old stock to reward its Customers for long wait!

W. H. Heydt
Posts: 11283
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SecuriPi

Mon Jul 30, 2012 6:20 pm

My father used to use the line, "Locks are for honest people."

I suspect that some of the security suggestions are going off the deep end.

As I see it, there is one decision to be made: Who are we trying to stop?

I think the answer is: amateur opportunists (we're really not going to stop "pros", but the Pi is *probably* not the sort of thing "pros" would be interested in...not enough money in them).

The next criterion that I think should be taken into consideration is...how much does the solution cost? If it costs a significant fraction of the value of a Pi, it's overkill, unless one is displaying the Pi on frequent and regular basis (I could see some such solution for Liz & Eben, but not for monthly Jams...YMMV).

The metal fabrication system a couple of posts above is a case in point. *If* one has the materials and tools readily to hand, it's probably a cheap solution...scrap materials and a small time investment. If you have to buy it from someone else, not so much. As a commercial product, almost certainly uneconomical.

The takeaway I'm getting from the situation is, take *reasonable precautions (and just what those are is still a Work in Progress), including NEVER expose an SD card that contains something you care about (e.g. It will take a chunk of your time to recreate any work uniquely on that card).

So...at this point what are we left with?

1. Some degree of access control, like doors with people posted at the and sign in sheets.

2. Such relatively simple and cheap physical restraint, such as cables, cable ties, or screws/bolts securing a Pi and/or its case to an object large enough not to fit in a pocket or too heavy to carry easily.

3. A machine that can routinely scan a set of addresses to determine if a particular Pi has "gone dark", at which time that Pi can be checked to see if it's a reboot or something more. The machine could be another Pi or it could be a PC...doesn't matter which so long as *that* machine is reasonably secure. (A shell script running an infinite loop with an audible alarm if one of a list of IP addresses doesn't answer a ping would do. This should be simple enough that even my--very minimal--shell scripting skills would have a chance of making one work.)

User avatar
Lob0426
Posts: 2198
Joined: Fri Aug 05, 2011 4:30 pm
Location: Susanville CA.
Contact: Website

Re: SecuriPi

Mon Jul 30, 2012 6:33 pm

W. H. Heydt wrote:My father used to use the line, "Locks are for honest people."

I suspect that some of the security suggestions are going off the deep end.

As I see it, there is one decision to be made: Who are we trying to stop?

I think the answer is: amateur opportunists (we're really not going to stop "pros", but the Pi is *probably* not the sort of thing "pros" would be interested in...not enough money in them).

The next criterion that I think should be taken into consideration is...how much does the solution cost? If it costs a significant fraction of the value of a Pi, it's overkill, unless one is displaying the Pi on frequent and regular basis (I could see some such solution for Liz & Eben, but not for monthly Jams...YMMV).

The metal fabrication system a couple of posts above is a case in point. *If* one has the materials and tools readily to hand, it's probably a cheap solution...scrap materials and a small time investment. If you have to buy it from someone else, not so much. As a commercial product, almost certainly uneconomical.

The takeaway I'm getting from the situation is, take *reasonable precautions (and just what those are is still a Work in Progress), including NEVER expose an SD card that contains something you care about (e.g. It will take a chunk of your time to recreate any work uniquely on that card).

So...at this point what are we left with?

1. Some degree of access control, like doors with people posted at the and sign in sheets.

2. Such relatively simple and cheap physical restraint, such as cables, cable ties, or screws/bolts securing a Pi and/or its case to an object large enough not to fit in a pocket or too heavy to carry easily.

3. A machine that can routinely scan a set of addresses to determine if a particular Pi has "gone dark", at which time that Pi can be checked to see if it's a reboot or something more. The machine could be another Pi or it could be a PC...doesn't matter which so long as *that* machine is reasonably secure. (A shell script running an infinite loop with an audible alarm if one of a list of IP addresses doesn't answer a ping would do. This should be simple enough that even my--very minimal--shell scripting skills would have a chance of making one work.)
Good post!
Though I still want to use the thermite! ;)
512MB version 2.0 as WordPress Server
Motorola Lapdock with Pi2B
Modded Rev 1.0 with pin headers at USB

http://rich1.dyndns.tv/
(RS)Allied ships old stock to reward its Customers for long wait!

tufty
Posts: 1456
Joined: Sun Sep 11, 2011 2:32 pm

Re: SecuriPi

Mon Jul 30, 2012 7:00 pm

My grandfather's favourite game was to pop the bonnet of his olde 'comma' van and put a finger on the top of one of the sparkplugs, with the engine running. Then he'd ask his victim to grab some random tool from the cab. Of course, touching the metalwork of the van would complete the circuit and the victm would get a shock. So would my grandfather, but he'd be expecting it.

Hurts like hell, a 400v ignition coil shock. Had a few of 'em in my time. Digicam flash caps are good for an unpleasant surprise, too.

pygmy_giant
Posts: 1562
Joined: Sun Mar 04, 2012 12:49 am

Re: SecuriPi

Mon Jul 30, 2012 8:58 pm

Now were getting somewhere - all we have to do is employ your granfather's trick and park a van next to a metal table with a decoy Pi on it - gfaw, gfaw, that'll learn 'em!

User avatar
Jim Manley
Posts: 1600
Joined: Thu Feb 23, 2012 8:41 pm
Location: SillyCon Valley, California, and Powell, Wyoming, USA, plus The Universe
Contact: Website

Re: SecuriPi

Tue Jul 31, 2012 2:19 am

pygmy_giant wrote:Now were getting somewhere - all we have to do is employ your granfather's trick and park a van next to a metal table with a decoy Pi on it - gfaw, gfaw, that'll learn 'em!
In my misspent "ute" as My Cousin Vinny would say, I would hook up an ignition coil to my big ol' Lionel O-27 model railroad power pack with the two big throttle handles that rotated forward and back, and make big sparks (including a Jacob's Ladder) with the 0 ~ 30 volts AC at several amps it could put out (it could melt paper clips laid across the tracks). There were warning labels all over that power pack about not doing stupid things with it, which would have included melting paper clips and grabbing wires with wet hands if their lawyers had been teenaged ;)

As has been noted by others, there are plenty of electrolytes in our bodies that make just great conductors, including our entire bloodstream, every nerve, all of our muscle tissue and, oh year, sweat glands in our skin that don't need to actually be emitting sweat to be thoroughly conductive if they're wetted externally (hence my requirement that your hands be soaked). The U.S. National Institute of Occupational Safety Hazards (NIOSH, the industry counterpart to the federal government's Occupational Safety and Health Administration - OSHA) states that resistance across the body (hence, through the heart) can easily be only 100 ohms with wet hands (and there's no mention of it needing to be saline or salt water).

That would result in over 100 mA of DC current, which is sufficient to cause ventricular fibrillation (interruption of the heartbeat by coronary muscle seizure). DC always passes directly through the body while AC can be transmitted along the surface of the skin if the frequency is high enough, as someone indicated above. If that level of current continues more than momentarily, death is inevitable (that's why I stated that the victim's hands had to remain in firm contact with the terminals). The precise amount of time needed to cause death will vary depending on the physical condition and health of the victim.

If any prospective perps attempt to lift any Pi under my cognizance, I'll have it appropriately wired and I've been practicing my best Dirty Harry impersonation: "In all the excitement, I lost track ... was it six volts or was it twelve? Do you feel lucky today, punk? Well, do ya?" :lol:
The best things in life aren't things ... but, a Pi comes pretty darned close! :D
"Education is not the filling of a pail, but the lighting of a fire." -- W.B. Yeats
In theory, theory & practice are the same - in practice, they aren't!!!

User avatar
Burngate
Posts: 6159
Joined: Thu Sep 29, 2011 4:34 pm
Location: Berkshire UK Tralfamadore
Contact: Website

Re: SecuriPi

Tue Jul 31, 2012 9:02 am

I've been watching this thread, since it started, and a couple of things which occurred to me don't seem to get a mention.
First off, it seems to me Jim Manley lost two things rather than one - the Pi, and the data on the SD card. All the talk is about physically securing the Pi. But what about that data?
I suppose it's rude to ask Jim if he had backed up his Pi-finity! - of course he had, don't we all? That reminds me, I won't be long, just got to do a backup while I remember.
And an update - did you get your Pi back?

W. H. Heydt
Posts: 11283
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SecuriPi

Tue Jul 31, 2012 6:09 pm

Burngate wrote:I've been watching this thread, since it started, and a couple of things which occurred to me don't seem to get a mention.
First off, it seems to me Jim Manley lost two things rather than one - the Pi, and the data on the SD card. All the talk is about physically securing the Pi. But what about that data?
I suppose it's rude to ask Jim if he had backed up his Pi-finity! - of course he had, don't we all? That reminds me, I won't be long, just got to do a backup while I remember.
And an update - did you get your Pi back?
IIRC from Jim's initial posts, there were a few hours work on the card after the last backup, so--yes and no on the backup.

I agree about you point regarding SD cards. While one would be out the cost of a card--which is, fortunately, minimal--the solution to that problem is: never put a Pi on display with a card that has data you don't want to lose. Best practice is probably to create cards specially for display purposes.

Still... If I can get my shell script working, it should fire an alarm on any condition that causes there to be no response to a ping. That would include power down or disconnect from the network, ought to include SD card removal, and (unfortunately) would include a reboot (*that* would be a false alarm).

However, I seem to have hit bash and bounced...I know what I want to do and--approximately how to do it--but the bash syntax is...unfriendly. My key problem is how to get the output from "ping -c 1 -w 1 $LINE | grep "0 received" " tested for being greater than a null string. If I could get that into a variable or into a working IF statement, I'd be in business, since if that is true, then a alarm should go off (at present, the alarm is just a statement that it has happened and what IP address it applies to.

If I get the script working, I'm willing to supply it to anyone who wants it. It's pretty simple minded. It just scans a list of IP addresses (though it would work on URLs as well...probably) in an endless loop testing each one to see if it's live.

W. H. Heydt
Posts: 11283
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SecuriPi

Tue Jul 31, 2012 7:02 pm

Addendum... I've got the script working except for a single exasperating point...

Works to detect present or absent IP addresses, but where the device isn't found (0 received pings), the statement

if [ $TESTPI==$NOSTR ]; then

gives "[: too many arguments".

($NOSTR="" by the way.)

It still does the right thing...but I can't for the life of me see what causes that error message. I've tried modifying the stuff inside the [ ] as many ways as I can think of, but none of it gets rid of that @#$%^&* error message and still works.

pygmy_giant
Posts: 1562
Joined: Sun Mar 04, 2012 12:49 am

Re: SecuriPi

Tue Jul 31, 2012 8:57 pm

my bash esperience is probably less than yours and by the sound of it just as infuriating

what drove me round the twist was that bash is picky about whitespace

maybe you need to insert some spaces?

it does weird pre-interpretation substitutions aswell so sometimes quotes are need around variable names

i got a script working by randomly changing stuff and then learned how and why it had to be that way afterwards!

W. H. Heydt
Posts: 11283
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SecuriPi

Tue Jul 31, 2012 9:15 pm

pygmy_giant wrote:my bash esperience is probably less than yours and by the sound of it just as infuriating

what drove me round the twist was that bash is picky about whitespace

maybe you need to insert some spaces?
Tried that.

it does weird pre-interpretation substitutions aswell so sometimes quotes are need around variable names
Tried that...both parends and curly braces for each of the variables and for both of them together.

i got a script working by randomly changing stuff and then learned how and why it had to be that way afterwards!
Puts you ahead of me.

User avatar
rurwin
Forum Moderator
Forum Moderator
Posts: 4258
Joined: Mon Jan 09, 2012 3:16 pm
Contact: Website

Re: SecuriPi

Tue Jul 31, 2012 9:33 pm

Does this help?

Code: Select all

[email protected] ~ $ TESTPI=fred
[email protected] ~ $ NOSTR=joe
[email protected] ~ $ if [ $TESTPI == $NOSTR ]; then echo hello; fi
[email protected] ~ $ NOSTR=fred
[email protected] ~ $ if [ $TESTPI == $NOSTR ]; then echo hello; fi
hello
[email protected] ~ $

W. H. Heydt
Posts: 11283
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SecuriPi

Tue Jul 31, 2012 10:21 pm

rurwin wrote:Does this help?

Code: Select all

[email protected] ~ $ TESTPI=fred
[email protected] ~ $ NOSTR=joe
[email protected] ~ $ if [ $TESTPI == $NOSTR ]; then echo hello; fi
[email protected] ~ $ NOSTR=fred
[email protected] ~ $ if [ $TESTPI == $NOSTR ]; then echo hello; fi
hello
[email protected] ~ $
That part works...and has for some time. Now put an else clause on it. Also, try it where both strings are zero length.

W. H. Heydt
Posts: 11283
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SecuriPi

Tue Jul 31, 2012 11:21 pm

After a little web browsing...I think I have answer to the "too many arguments" message.

Wait for it...

It's bug in bash.

I guess I get to live with it, since the behavior is otherwise correct.

User avatar
liz
Raspberry Pi Foundation Employee & Forum Moderator
Raspberry Pi Foundation Employee & Forum Moderator
Posts: 5202
Joined: Thu Jul 28, 2011 7:22 pm
Contact: Website

Re: SecuriPi

Tue Jul 31, 2012 11:32 pm

Burngate wrote:I've been watching this thread, since it started, and a couple of things which occurred to me don't seem to get a mention.
First off, it seems to me Jim Manley lost two things rather than one - the Pi, and the data on the SD card. All the talk is about physically securing the Pi. But what about that data?
I suppose it's rude to ask Jim if he had backed up his Pi-finity! - of course he had, don't we all? That reminds me, I won't be long, just got to do a backup while I remember.
And an update - did you get your Pi back?
Jim's Pi never reappeared - but I've managed to liberate one from a photoshoot Eben was doing, and I'm sending that to him as a replacement.
Director of Communications, Raspberry Pi

Return to “General discussion”