flightaware employees this way are able to install any software they want without asking the owner and have entrance to YOUR network
anybody who hacks flightaware website can control OUR RASPBERRYS immediately
there is no need for all these remote features just for sharing data!
PiAware is no different from any number of other auto-update household devices like DVRs, thermostats, etc. The vast majority of users appreciate this convenience and we take the responsibility seriously. Additionally, most computing systems (e.g., Windows, MacOS, iOS, etc) are auto-update now as well, and those are closed source, unlike PiAware.
i made this post before we had mailed. so again - thank you for this unexpected and unusual quick and open-minded response!
you are right when saying that much things today have similar built in risks - but exactly this is the problem - risk without need.
of course i disabled the two switches when setting up the feed a few days ago. additionally i disabled for user pi sudo without forcing password.
what is about this ‘faup1090 thing’ you wrote in the email?
Hi, Tom, I’m Daniel and I think you might have me confused with David.
There’s risk with everything but the need here is pretty great – most people don’t manage their devices themselves (just installed the SD card and walked away) and this allows us to push out valuable improvements like MLAT. However, if you’re able to manage it all yourself, I’m glad you got it configured how you want it.
now after some weeks feeding fa i still can’t find a reason to force those of us - not wanting auto-update - running piaware as root which is undoubtable an open door for very bad things. did i miss something? if so - let me learn …
Don’t run your financial programs on the same Pi as Flightaware. If you keep the pi limited to that app, then you minimize damage in the event it is overtaken. Use different passwords for each pi.
Oliver Jowet (here as obj) wrote a fork of dump1090 dump1090-mutability to address the root issue. You can always run it. Don’t expect FA to provide the same level of support for it they do for their own particular flavor of dump1090.
A steep learning curve is a good thing.
and start contributing updates (either porting those changes to stock piaware, or updating piaware-mutability to current piaware).
Both are on my todo list but they are low priority. If they are important to you, then constructive contributions will get them done a whole lot faster than a stream of complaints about how terrible everything is.
Go and look at the github repo I linked. It has my changes to run as non-root. It needs updating for current piaware, or current piaware needs updating to take the relevant changes. It is not a trivial piece of work, especially if you want to get it to the point where it’s suitable for including in the standard piaware package.
I am not going to start on this work just because you’re complaining about it - you complain about everything.
Sorry Tom, but I’m afraid I’m with obj in this case - just about every post you’ve done on here has been a complaint - apologies if that is not what you intended, but that is how they are coming across.
We’re in the middle of evaluating PiAware (currently just for an antenna survey for 1090) in a commercial/enterprise context. We put the Pi on it’s own VLAN (DMZ) and firewalled it off (whitelist with DPI and networked-based IPS+IDS). I’m wouldn’t be so worried about the auto-update feature but I really don’t like that you can execute arbitrary commands from the FlightAware website. These accounts don’t have two-factor authentication (nor does the send command feature) so if the account tied to a PiAware unit were to be compromised it’s essentially a backdoor into the network.
If we decide to use a PiAware based receiver, our plan would be to create a new FlightAware account just for the receivers for compartmentalisation purposes, also, I’d be looking through the Debian configuration as well to see if anything needs hardening and to see if the auto-update mechanism is appropriately secure (Eg: HTTPS? packages digitally signed? etc.).