Comments (11)
@anarcat
I have no problem with keys since obviously I use them plenty, but I'm not convinced the feature has much right to exist without allowing for passwordless login. SSH servers come a dime a dozen. Ones that are specifically optimized for Kindle and Kobo do not. I repeat, you say "ewwwwwwwwwwwwwwwwwwwwww", I say "yesssssssssssssssssssss".
Should I put some warning in the guide related to passwordless login (which I also use since the beginning)?
@offset-torque If there isn't any notice in there I suppose there better should be, but I think the menu phrasing Login without password (DANGEROUS)
is fairly self-explanatory. Anybody who ignores that is clearly aware that any potential risk is negligible only if you run with wifi (or the server) always off except for a number of minutes here and there on a trusted local network.
from koreader.
How does this thing get updated anyways?
It doesn't because it requires a bunch of platform-specific patches that are a right PITA to keep in sync, and I already maintain fully-featured bundles for Kindle & Kobo, as you mentioned.
(And, unfortunately, the KOReader patches are trickier than the one used there, so the work isn't 100% portable).
i.e., I'd be very happy to just murder the SSH plugin entirely.
from koreader.
As for the original issue, yes, your analysis is correct, the horribly old version being used doesn't support modern key formats.
from koreader.
i.e., I'd be very happy to just murder the SSH plugin entirely.
That would be a shame. I use an updated dropbear version in my meson branch (2022.83). What I would drop is the "no password" patch, which I have not bothered to port.
from koreader.
That's the other viable approach, true ;).
I... don't particularly care either way, we're increasingly going to be fielding issues either way (either about unsupported key formats if we do nothing; or about the lack of easy auth and/or sftp (which was also mildly annoying to deal with) if we drop the patches).
from koreader.
What I would drop is the "no password" patch, which I have not bothered to port.
I wouldn't. I'd rather just drop it in that case. It works better than FTP, SCP, and Telnet, and the security aspect couldn't be less relevant.
The "but ewww..." in the OP I'd rephrase as "oh yes, yes, yes."
from koreader.
not sure i can parse your comment there @Frenzie but i definitely mean "ewww" and by "ewww" i mean "passwords are evil, but password-less accounts are evil from an outer plane of existence that we shouldn't bring in this reality", if you want to rephrase. ;)
and if that's a patch, then, ewwwwwwwwwwwwwwwwwwwwww. :)
in any case, it looks like you fine folks have your hands full here... IMHO less patches sounds good (and i certainly don't mind having to use SSH keys!) but i'll let the maintainers decide what's best here.
from koreader.
password-less accounts are evil from an outer plane of existence that we shouldn't bring in this reality
- What is the threat model here in the KOReader context?
- What is the worst case scenario?
@Frenzie
Should I put some warning in the guide related to passwordless login (which I also use since the beginning)?
from koreader.
@anarcat Also note that if we don't offer this people will use Telnet more.
So the threat model if anything is slightly worse (standard port, not requiring any port scan) and the user experience is significantly worse.
from koreader.
from koreader.
Because the second sentence there has nothing to do with anything. ;-) We neither do nor have any intention to.
from koreader.
Related Issues (20)
- FR: Colour saturation on Kobo Libra Colour HOT 17
- FR: [Android]Ability to use other virtual keyboards HOT 1
- Can't open books from library when files are associated on some Pocketbooks HOT 12
- Pdf annotations not migrated properly HOT 29
- Android app does not write highlights to PDF if app is closed HOT 1
- FR: be able to add a vertical line between two columns HOT 1
- koreader doen't launches on kindle PW5 (8GB) HOT 4
- Missing text in Weblate HOT 2
- FR: Display note in differend line in bookmarks list HOT 3
- Alignment of ruby text is affected by -epub-text-align-last HOT 1
- "Move to archive" action triggers directory metadata and cover refresh HOT 1
- Moving a book to another folder deleted my notes, highlights, bookmarks, and reading progress HOT 9
- FR: Open links in PocketBook web browser HOT 5
- Hot swapping dictionaries unavailable on NT devices HOT 3
- Some PDFs have stopped opening. HOT 9
- FR: Right Click Mouse Support HOT 6
- Building APK fails because of unknown switch of 7z HOT 5
- FR: Paginated Bookmark details HOT 1
- Timer related features stopped working HOT 1
- Can not open feeds from Newsdownloder plugin after last update HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from koreader.