Ryan Castellucci (they/them) 2d ago

Ever wanted to use SSH to connect to an embedded Linux system over the serial port instead of suffering through some janky login program that supports very limited terminal features?

Well, I did, and the tooling didn't exist, so I made it.

It also supports ppp automatically.

cc @AMS @chaos

https://github.com/ryancdotorg/ugetty

GitHub - ryancdotorg/ugetty: A modern, lightweight, multi-protocol getty.

A modern, lightweight, multi-protocol getty. Contribute to ryancdotorg/ugetty development by creating an account on GitHub.

GitHub
Show threadIrenes (many)1d ago
@ryanc @AMS @chaos huhhhhhhh. neat. if we did things that way we could use scp instead of our current workflow, which uses xmodem.
Show threadIrenes (many)1d ago
@ryanc @AMS @chaos (we don't trust our own LAN, so we have a workflow for bringing up new machines using the serial port)
Show thread0xC0DEC0DE07EA23h ago
@ireneista
That is an interesting trust boundary. I’m curious what makes you draw the line that close
@ryanc @AMS @chaos
Show threadIrenes (many)23h ago
@c0dec0dec0de @ryanc @AMS @chaos well, because it's been clear to us for a long time that there's a lot of stuff on any home network that absolutely does not deserve trust. we feel like recent botnet-router stuff has validated this approach, but at the time we started doing this that was a purely theoretical concern... we just felt it was clearly an important one.
Show threadBitslingers-R-Us22h ago
@ireneista @c0dec0dec0de @ryanc @AMS @chaos I like this. Even though I run my own NAT router / DNS / DHCP / et cetera, I don’t trust consumer devices on the same network. Corporations these days seem anti-security, which is to say they’re the ones actively doing evil things that we need to guard against.
Show thread0xC0DEC0DE07EA21h ago
@AnachronistJohn
I wouldn’t trust the software on my smart TV, but I don’t see an alternative to trusting my router and switches to route packets properly. I can see only trusting point-to-point comms between devices to an extent, but at done point I feel like I’d be chasing an elusive root of trust. Do those devices need to be running chipsets that I understand? If so, I’m fucked. I’m not Bunny Huang.
Understand that I’m not trying to argue against whatever your threat model is, just say that I’ve considered not trusting the DHCP server and the string parameters it passes in an ostensibly closed system and the engineering team decided that if you got that kind of toehold on the network, you could take the machine because there wasn’t any point in putting further effort into securing against that threat.
@ireneista @chaos @AMS @ryanc
Show thread0xC0DEC0DE07EA21h ago
@AnachronistJohn @ireneista @chaos @AMS @ryanc fuck, now I want to rearchitect this stupid boot setup we had with proper service units and maybe figure how to borrow the layering from container models instead of using a bare dm COW overlay and splatting a series of tarballs into it. Not that my employer wants this to be better or that I even work on that generation of the system or that that system image is anything but frozen for all time…
Show thread0xC0DEC0DE07EA
@AnachronistJohn @ireneista @chaos @AMS @ryanc nerdsniping myself is the worst.
Apr 9 at 11:27pmWeb