New Raspbian release "2016-11-25"

[spl23]

I, too, was surprised to see Flash player listed there. I thought all these years we had been told that there was and never would be Flash on ARM. Did Adobe have a change of heart?

Does this mean YouTube vids should "just work" in the browser, like they do on X86?

YouTube videos use native H.264 hardware acceleration, not Flash. But Flash video playback is used for e.g. videos on BBC News, and they will indeed work on Chromium with Flash player.

[gkreidl]

YouTube videos use native H.264 hardware acceleration, not Flash. But Flash video playback is used for e.g. videos on BBC News, and they will indeed work on Chromium with Flash player.

using HW acceleration with flash player?

[spl23]

YouTube videos use native H.264 hardware acceleration, not Flash. But Flash video playback is used for e.g. videos on BBC News, and they will indeed work on Chromium with Flash player.

using HW acceleration with flash player?

No, just software rendering.

[mattmiller]

My 2cents
Adding need to copy/create one file on the boot partition before taking it out of my Win10 machine was trivial
Truely trivial compared to the rest of the setup I normally setup my Pi up with (vnc and samba)

And once PiBakery catches up (Foundation really need to send it out to him a few days before gen release) it'll be even trivialler

It was just a mistake in communication now that the blog entry is up - that explains it much better than one line in the release notes.

[jahboater]

It was just a mistake in communication now that the blog entry is up - that explains it much better than one line in the release notes.

Yes the blog is great. Well written and explains the reasoning behind the change.

But the first line of the release notes:

* SSH disabled by default; can be enabled by creating a file with name "ssh" in boot partition

does actually say all you need to know to get going in one sentence. What else do you need?

[pi-anazazi]

"A webcam/CCTV system that a user wants to view while out might well use UPNP to tell the broadband router to punch a hole to allow access"

If you use UPNP you don't need a router/firewall at all...

[Paul Webster]

"A webcam/CCTV system that a user wants to view while out might well use UPNP to tell the broadband router to punch a hole to allow access"

If you use UPNP you don't need a router/firewall at all...

What does that mean? I am talking about UPNP on the inside not out over the Internet.

[mikerr]

Grumble grumble - might have been better to have the dummy file called ssh.txt
as its not so easy for newbies to create files with no extension in GUI like Windows & Mac

NOOBS has a bigger problem in relation to this:

Windows can't access the /boot partition at all to make the ssh file on a NOOBS setup,
then you really do need a keyboard & monitor attached to the pi to setup ssh...

[procount]

I was thinking about that too....
It is possible to use a NOOBSCONFIG script with NOOBS or PINN to create an ssh file on /boot during installation of Raspbian. Or a simple mod to partition_setup.sh should also do it. But these are both for offline installations and won't work when installing from the download server over the internet (unless these were incorporated into the download server files).
Maybe we need an option in NOOBS to enable ssh by creating this file?

[jmuller1984]

Hi,

I just installed the new OS from the web and run straight into this.

While it's the first line in the release notes, the change is very important for everyone expecting to fire up a fresh OS headless and expect the SSH server to be waiting for them.

Also it should also be noted that creating new ssh file in the new running system in /boot was not possible. Had to use raspi-config for this.

[hippy]

Windows can't access the /boot partition at all to make the ssh file on a NOOBS setup, then you really do need a keyboard & monitor attached to the pi to setup ssh...

Is /boot not the FAT32 partition which Windows can see ? If not then there is a problem there.

[B.Goode]

Windows can't access the /boot partition at all to make the ssh file on a NOOBS setup, then you really do need a keyboard & monitor attached to the pi to setup ssh...

Is /boot not the FAT32 partition which Windows can see ? If not then there is a problem there.

On a NOOBS Installer SD card the FAT32 partition visible to a Windows system is related only to the NOOBS Installer itself. The /boot partition for an installed Operating System such as Raspbian is embedded within an extended partition elsewhere on the card. It is that partition that needs to be modified to contain the ssh signal file. But without 3rd-party tools Windows can't make that modification.

[procount]

I am not able to try this myself yet, but for NOOBS users who want to enable SSH in a default installation, I think this small modification should work...

• Prepare the SD card in the usual way by formatting to FAT32 with SD formatter with format size adjustment on.
• Download the full NOOBS version from http://downloads.raspberrypi.org/NOOBS/ ... v2_1_0.zip
• Unzip the noobs file to the SD card (preferably using 7-zip)
• On the SD card, modify the /os/Raspbian/partition_setup.sh file
• After the 3 lines of sed commands, add the following line:

Code: Select all

echo "ssh" >/tmp/1/ssh

• Save the file, safely remove the SD card, put it in your RPi, boot into NOOBS and install Raspbian from the SD card

NOTE: To avoid NOOBS selecting a later version of Raspbian from the internet instead of the one on the SD card, it would be best to do this when NOT connected to a network.

[spl23]

If you are using NOOBS, you must have a keyboard and monitor connected to the Pi anyway (in order to interact with NOOBS itself), so the /boot/ssh option shouldn't be required; you can just boot the resulting Raspbian install and enable SSH via raspi-config or the GUI config application.

[B.Goode]

If you are using NOOBS, you must have a keyboard and monitor connected to the Pi anyway (in order to interact with NOOBS itself.)

Maybe you have overlooked the silent install and vncinstall options?

I agree that the NOOBS Installer does not make much sense without a local keyboard mouse and display, but it isn't true that you must have them.

[spl23]

If you are using NOOBS, you must have a keyboard and monitor connected to the Pi anyway (in order to interact with NOOBS itself.)

Maybe you have overlooked the silent install and vncinstall options?

I agree that the NOOBS Installer does not make much sense without a local keyboard mouse and display, but it isn't true that you must have them.

99% of people who use NOOBS will have a local keyboard and display.

By the time you are getting down to the subset of people who are using NOOBS, without local keyboard and display, who do need to enable SSH, who have no other way of doing it, you are talking about a vanishingly small number of users...

[B.Goode]

you are talking about a vanishingly small number of users...

It may be a small number, but such users don't 'vanish': they turn to the forums in confusion and frustration. And historically your free resource of volunteers has tried to help them...

[klintkrossa]

What collections of morons decided that was a good idea? How brain dead is that?

If there is no SSH why is there no RealVNC?
one or the other.

[lpsw]

I think it's a good decision for the Pi ecostructure. Hope the gaggle IoT device manufacturers out there follow your lead.

What collections of morons decided that was a good idea? How brain dead is that?

I was one of the collection, and I stand behind the decision. We have a responsibility to protect our users, and the combination of a known password and an open SSH port is an accident waiting to happen. The majority of Pi users won't even know what SSH is, so disabling it by default is reasonable - can you think of another OS for non-Power Users which enables SSH by default? With a fixed password?

[HawaiianPi]

The warning prompt mechanism is broken.

I updated my September Jessie Pixel install as indicated in the blog,

Code: Select all

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install -y pprompt

and upon reboot I got the warning, but the default "pi" user password has most definitely been changed. To confirm it I opened a terminal and tried su - pi, and after entering raspberry it gave me an authentication failure. I also restarted and tried logging into pi/raspberry and was told I had an incorrect password, so something is definitely wrong with the code that checks to see if the prompt needs to be displayed.

I am not logged in as "pi" because I created my own user account. The "pi" user account was secured by setting a long random password, then locked (sudo passwd -l pi), but every time I restart I get the warning.




Removing pprompt...

EDIT: Even after removing ppromt and rebooting I still get the warning when I log in as my user via SSH.

While I can appreciate why you did this, and fully agree that Raspbian needs to be more secure, it seems it needs a bit more testing.

I'm guessing the problem is due to me changing the pi account password from my own user account. So now I'll have to undo everything I already did to secure the pi account in the first place just so I can login as pi and re-secure it.

[spl23]

The warning prompt mechanism is broken.

I updated my September Jessie Pixel install as indicated in the blog,

Code: Select all

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install -y pprompt

and upon reboot I got the warning, but the default "pi" user password has most definitely been changed. To confirm it I opened a terminal and tried su - pi, and after entering raspberry it gave me an authentication failure. I also restarted and tried logging into pi/raspberry and was told I had an incorrect password, so something is definitely wrong with the code that checks to see if the prompt needs to be displayed.

I am not logged in as "pi" because I created my own user account. The "pi" user account was secured by setting a long random password, then locked (sudo passwd -l pi), but every time I restart I get the warning.


Removing pprompt...

That's surprising - I would expect pprompt to fail by giving a false negative rather than a false positive. I'll try and recreate the situation you describe tomorrow.

Out of interest, can you please check to see if you have the whois package installed? It installs mkpasswd, which is required for the password check, and should install as a result of the dist-upgrade, but it may be that the install failed on your system. The output of "apt-cache policy whois" would be interesting - also what does "mkpasswd aaa" return?

[HawaiianPi]

That's surprising - I would expect pprompt to fail by giving a false negative rather than a false positive. I'll try and recreate the situation you describe tomorrow.

Out of interest, can you please check to see if the whois package has installed? It is required for the password check, and should install as a result of the dist-upgrade, but it may be that the install failed on your system. The output of "apt-cache policy whois" would be interesting.

The whois package is installed (has been for a while), but I'll go over to my Pi3 and edit the output into this post in a sec...

In the meantime, I edited my post above after you quoted it.

EDIT: Even after removing ppromt and rebooting I still get the warning when I log in as my user via SSH.

While I can appreciate why you did this, and fully agree that Raspbian needs to be more secure, it seems it needs a bit more testing.

I'm guessing the problem is due to me changing the pi account password from my own user account. So now I'll have to undo everything I already did to secure the pi account in the first place just so I can login as pi and re-secure it.

[EDIT] output of apt-cache policy whois...

Code: Select all

~ $ apt-cache policy whois
whois:
  Installed: 5.2.7
  Candidate: 5.2.7
  Version table:
 *** 5.2.7 0
        500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages
        100 /var/lib/dpkg/status
~ $

[spl23]

EDIT: Even after removing ppromt and rebooting I still get the warning when I log in as my user via SSH.

pprompt is the GUI warning - the warning in the CLI is in raspberrypi-sys-mods. Given that doesn't require acknowledgement, it hopefully shouldn't be a show-stopper if you have to live with it for a while!

[HawaiianPi]

Thanks for the quick replies. See edit above for requested output and my guess at what the problem might be.

[spl23]

If you have whois installed - which it seems you do - I wonder if it is the case that locking the pi user's password causes something to change in its entry in the shadow file which means grep can't find anything. I'll have a look at that tomorrow.

Just to be 100% sure - can you please tell me what "mkpasswd aaa" returns on your system?

Apologies for the inconvenience - as with all such changes, there's no way we can test every single configuration that users will have before release, so there will always be a few cases where a system is in a state we hadn't anticipated. We'll try and get a fix out for this asap.