I heard a lot about Raspberry Pi boards but until now I had no need nor time to
work with one.
However, recently I purchased a Dodge Journey R/T and found that although I
love the car I am so disappointed with its software and hard-wired logic that I
decided to experiment a bit and fix the most annoying things.
Since almost everything inside the car is talking over the CAN bus I needed
some kind of a enclave inside the car where I could run my code and
inject/intercept CAN messages.
I strive for simplicity since I am a strong believer that achieving a goal with
the most simplest solution looks elegant, proves that you have deep knowledge
on the subject, and overall is beautiful by itself. Additionally to this, a
simple solution is easier to comprehend and to audit, hence it is much easier
to ensure the security of such a solution.
Over the last decade I stumbled upon numerous complicated firewalls erected on
the NAT boxes with tens (sometimes, hundreds!) of rules describing the traffic
flows and punched holes for some edge cases. Every time I wondered what kind
time 7 min.
In this brief article I am going to describe how I resolved a nagging issue I
had with setting up access to hosts which are not directly reachable, but where
you need to forward your connection through an intermediate host.
Previously, I was using the local SSH port-forwarding technique (although I
was configuring hosts I connect to in the ~/.ssh/config file instead of
using the command-line options). However, this approach turned out to be quite
inconvenient since every time I wanted to connect to a new host (and, possibly,
through a new intermediate host) I had to edit my
time 6 min.
None of the systems I administer or supervise have sudo installed with the
SUID bit set.
Every time I answer a question on how to do privileged work on these systems
(i.e. do tasks that require administrator privileges) with a proposal to SSH
under the privileged account directly to do such a work, whoever asked
time 15 min.