K4 and Linux Infrastructure

> So, let's let the elephant in the room bellow a bit.
>
> Ahem, CYBER SECURITY.
>
> Now that you've put a popular, modern OS in the K4, and hooked it up to
> Ethernet (and therefore the Internet), you've just opened a stinking
> pile of attack vectors.
>
> And please don't think that no one will bother figuring out how to 'own'
> such a powerful connected processor.  If you spend anytime reading up on
> things like Distributed Denial of Service (DDOS) attacks, you will find
> that things like webcams and routers (which typically don't even have a
> 32-bit OS in them) have been marshaled to unleash frightening
> multi-gigabit attacks on various targets.
>
> Or, try the newest craze, dropping Bitcoin or other digital currency
> mining engines on unsuspecting machines, taking them over hog mode, and
> pegging the CPU at 100%, using your electric bill for their gain.
>
> Or, maybe the K4 will be the first ham radio to suffer from a
> ransom-ware attack, where the poor ham is asked to ante up some ransom
> (in bitcoin usually, to make it hard to track) to get control of his
> radio back.
>
> True, at least one or more other companies have already stepped out
> ahead, by putting Windows 10 in their radio.
>
> I'm just wondering if anyone at Elecraft has been tasked with dealing
> with the cyber security aspects of this new toy, and what plans you may
> have for outside pen testing, etc. have been made.
>
> At the very least, you should be using authenticated boot and
> authenticated flash, protected by a root certificate in an internal
> hardware trust anchor.
>
> 73,
>
> -- Dave, N8SBE
>
> -------- Original Message --------
> Subject: Re: [Elecraft] K4 and Linux Infrastructure
> From: Wayne Burdick <[hidden email]>
> Date: Sun, June 02, 2019 11:52 am
> To: Leroy Buller <[hidden email]>
> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
> <[hidden email]>
>
> x86, not PI (ARM). It's the controller for internal/external displays
> and streaming I/O, runs the server for remote clients, and serves as the
> present/future app engine.
>
> Additional details pending.
>
> 73,
> Wayne
> N6KR
>
>
>
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html

> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <[hidden email]> wrote:
>
> Much of that protection can be implemented at the router level (>90% of all sites) and the internal linux (fairly bullet proof) will deal with the radio talking to the world.
>
> It shouldn't be too difficult for Elecraft to refine security to the radio, you'd only need a few ports of network access, which if required, could be coded to set values (MAC address) up to the menu level...  or limited access into the linux side of the radio.
>
> I'm confident it has been considered and managed with the usual Elecraft elegance.
>
> Rick NHC
>
>
> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
>> So, let's let the elephant in the room bellow a bit.
>>
>> Ahem, CYBER SECURITY.
>>
>> Now that you've put a popular, modern OS in the K4, and hooked it up to
>> Ethernet (and therefore the Internet), you've just opened a stinking
>> pile of attack vectors.
>>
>> And please don't think that no one will bother figuring out how to 'own'
>> such a powerful connected processor.  If you spend anytime reading up on
>> things like Distributed Denial of Service (DDOS) attacks, you will find
>> that things like webcams and routers (which typically don't even have a
>> 32-bit OS in them) have been marshaled to unleash frightening
>> multi-gigabit attacks on various targets.
>>
>> Or, try the newest craze, dropping Bitcoin or other digital currency
>> mining engines on unsuspecting machines, taking them over hog mode, and
>> pegging the CPU at 100%, using your electric bill for their gain.
>>
>> Or, maybe the K4 will be the first ham radio to suffer from a
>> ransom-ware attack, where the poor ham is asked to ante up some ransom
>> (in bitcoin usually, to make it hard to track) to get control of his
>> radio back.
>>
>> True, at least one or more other companies have already stepped out
>> ahead, by putting Windows 10 in their radio.
>>
>> I'm just wondering if anyone at Elecraft has been tasked with dealing
>> with the cyber security aspects of this new toy, and what plans you may
>> have for outside pen testing, etc. have been made.
>>
>> At the very least, you should be using authenticated boot and
>> authenticated flash, protected by a root certificate in an internal
>> hardware trust anchor.
>>
>> 73,
>>
>> -- Dave, N8SBE
>>
>> -------- Original Message --------
>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>> From: Wayne Burdick <[hidden email]>
>> Date: Sun, June 02, 2019 11:52 am
>> To: Leroy Buller <[hidden email]>
>> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
>> <[hidden email]>
>>
>> x86, not PI (ARM). It's the controller for internal/external displays
>> and streaming I/O, runs the server for remote clients, and serves as the
>> present/future app engine.
>>
>> Additional details pending.
>>
>> 73,
>> Wayne
>> N6KR
>>
>>
>>
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html

> Paul,
>
> I believe you mistook the 'direction' of DDOS attack I was talking
> about.
>
> The K4 would not be the target of a DDOS attack, but rather an unwitting
> participant in launching a DDOS attack as part of robot army of IoT
> devices.
>
> Thousands of hacked IoT devices are for rent on the dark web, for any
> script kiddie that wants to attack a particular target.
>
> Also, it may be popular to use hacked web sites, or various documents
> with trojan horse loads to deliver ransom ware or bitcoin miners, but
> there are other known vectors, including various open ports found while
> scanning.  It may be the a router would be able to block access, but the
> very peer-to-peer nature of the K4 (controlling other K4's or being
> controlled by another K4 or PC, tablet, etc, means that routers would
> need to allow certain inbound connections through the router or
> firewall.  These allow for interesting attack vectors, which will
> certainly be exercised, if possible.
>
> 73,
>
> -- Dave, N8SBE
>
> -------- Original Message --------
> Subject: Re: [Elecraft] K4 and Linux Infrastructure
> From: Paul Gacek <[hidden email]>
> Date: Mon, June 03, 2019 4:00 pm
> To: "Dave New, N8SBE" <[hidden email]>
> Cc: Elecraft Reflector <[hidden email]>, Rick WA6NHC
> <[hidden email]>
>
> Dave
>
> DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal with
> effectively. If a million zombie Macs decide to simultaneously attack
> your end point your best chance is as Rick states, a device that makes
> up the perimeter defenses such as a firewall or cyber security
> alternative (i.e router, IDP). Most homes don’t have anything
> particularly sophisticated deployed and are therefore somewhat
> vulnerable. In truth DDOS attacks are quite rare and typically not aimed
> at Citizen Dave or his neighbors. Protection albeit optimistic is really
> in the realm of a corporate network but even then we have a few cases
> where iconic sites get hammered and go dark. Enabling the K4 to defend
> against DDOS is a little like building a house to withstand random bits
> of ISS dropping in unexpectedly; not something I’m expecting to be
> paying for.
>
> Unwanted ransomware or bitcoin mining programs are most likely the
> result of an unwitting end user at and end point (PC, Android etc) doing
> something that resulted in the malware ending up on their end point.
> Could be surfing to a suspect web site (www.PawnStorm4U.com) or even
> going to a compromised but reputable site such as NASA.gov.
> Alternatively, it could be someone opening a compromised PDF or
> Word/Excel attachment. The best protection here is to be cautious and
> mindful of what you do in the cyber world and absolutely make sure you
> are running the most uptodate OS (not XP) and to its most current patch
> level.
>
>
> Presumably but maybe not, the K4 won’t make available to the ham
> operator a browser that allows them to surf wherever nor an email client
> that they can read Excel attachments at the whim of the ham operator.
> That is best done outside of the K4.
>
>
> Hardening Linux, following best practices on coding and penetration
> testing are all things to be aware of and implement as appropriately.
>
>
> For those who might be interested in perusing details of some of these
> topics these links might be interesting;
> Secure Coding Practices
> https://msdn.microsoft.com/en-us/aa570401Hardening Linux
>
> https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.htmlPenetration
> Testing https://www.tenable.com
>
>
> With Elecraft’s proximity to Silicon Valley and presumably contacts
> abounding, I’m optimistic the K4 will do us proud and I won’t have
> to rely on Rocky and Bullwinkle to keep nefarious foreign agents out of
> my K4.
>
>
> Paul
> W6PNG/M0SNA
> www.nomadic.blog
>
>
>
>
>
>
> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <[hidden email]> wrote:
>
> Much of that protection can be implemented at the router level (>90% of
> all sites) and the internal linux (fairly bullet proof) will deal with
> the radio talking to the world.
>
> It shouldn't be too difficult for Elecraft to refine security to the
> radio, you'd only need a few ports of network access, which if required,
> could be coded to set values (MAC address) up to the menu level...  or
> limited access into the linux side of the radio.
>
> I'm confident it has been considered and managed with the usual Elecraft
> elegance.
>
> Rick NHC
>
>
> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
> So, let's let the elephant in the room bellow a bit.
>
> Ahem, CYBER SECURITY.
>
> Now that you've put a popular, modern OS in the K4, and hooked it up to
> Ethernet (and therefore the Internet), you've just opened a stinking
> pile of attack vectors.
>
> And please don't think that no one will bother figuring out how to 'own'
> such a powerful connected processor.  If you spend anytime reading up on
> things like Distributed Denial of Service (DDOS) attacks, you will find
> that things like webcams and routers (which typically don't even have a
> 32-bit OS in them) have been marshaled to unleash frightening
> multi-gigabit attacks on various targets.
>
> Or, try the newest craze, dropping Bitcoin or other digital currency
> mining engines on unsuspecting machines, taking them over hog mode, and
> pegging the CPU at 100%, using your electric bill for their gain.
>
> Or, maybe the K4 will be the first ham radio to suffer from a
> ransom-ware attack, where the poor ham is asked to ante up some ransom
> (in bitcoin usually, to make it hard to track) to get control of his
> radio back.
>
> True, at least one or more other companies have already stepped out
> ahead, by putting Windows 10 in their radio.
>
> I'm just wondering if anyone at Elecraft has been tasked with dealing
> with the cyber security aspects of this new toy, and what plans you may
> have for outside pen testing, etc. have been made.
>
> At the very least, you should be using authenticated boot and
> authenticated flash, protected by a root certificate in an internal
> hardware trust anchor.
>
> 73,
>
> -- Dave, N8SBE
>
> -------- Original Message --------
> Subject: Re: [Elecraft] K4 and Linux Infrastructure
> From: Wayne Burdick <[hidden email]>
> Date: Sun, June 02, 2019 11:52 am
> To: Leroy Buller <[hidden email]>
> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
> <[hidden email]>
>
> x86, not PI (ARM). It's the controller for internal/external displays
> and streaming I/O, runs the server for remote clients, and serves as the
> present/future app engine.
>
> Additional details pending.
>
> 73,
> Wayne
> N6KR
>
>
>
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html

> I believe these are all good points that elecraft should consider. As for
> myself I am a tinker-er and as such i can imagine many things i would like
> to do with the on board system. Personally I would like the option of
> "unlocking" access do that I could use the underlying linux system and
> would be willing to be responsible for the security of the system if I did
> so. I know there will be many who just want a good radio to operate and
> that is why I am suggesting that maybe this is a opt into thing with the
> caveat that if you unlock this your responsible to keep the radio secure.
>
> Jeff
> N5SDR
>
> On Mon, Jun 3, 2019, 3:35 PM Dave New, N8SBE <[hidden email]> wrote:
>
>> Paul,
>>
>> I believe you mistook the 'direction' of DDOS attack I was talking
>> about.
>>
>> The K4 would not be the target of a DDOS attack, but rather an unwitting
>> participant in launching a DDOS attack as part of robot army of IoT
>> devices.
>>
>> Thousands of hacked IoT devices are for rent on the dark web, for any
>> script kiddie that wants to attack a particular target.
>>
>> Also, it may be popular to use hacked web sites, or various documents
>> with trojan horse loads to deliver ransom ware or bitcoin miners, but
>> there are other known vectors, including various open ports found while
>> scanning.  It may be the a router would be able to block access, but the
>> very peer-to-peer nature of the K4 (controlling other K4's or being
>> controlled by another K4 or PC, tablet, etc, means that routers would
>> need to allow certain inbound connections through the router or
>> firewall.  These allow for interesting attack vectors, which will
>> certainly be exercised, if possible.
>>
>> 73,
>>
>> -- Dave, N8SBE
>>
>> -------- Original Message --------
>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>> From: Paul Gacek <[hidden email]>
>> Date: Mon, June 03, 2019 4:00 pm
>> To: "Dave New, N8SBE" <[hidden email]>
>> Cc: Elecraft Reflector <[hidden email]>, Rick WA6NHC
>> <[hidden email]>
>>
>> Dave
>>
>> DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal with
>> effectively. If a million zombie Macs decide to simultaneously attack
>> your end point your best chance is as Rick states, a device that makes
>> up the perimeter defenses such as a firewall or cyber security
>> alternative (i.e router, IDP). Most homes don’t have anything
>> particularly sophisticated deployed and are therefore somewhat
>> vulnerable. In truth DDOS attacks are quite rare and typically not aimed
>> at Citizen Dave or his neighbors. Protection albeit optimistic is really
>> in the realm of a corporate network but even then we have a few cases
>> where iconic sites get hammered and go dark. Enabling the K4 to defend
>> against DDOS is a little like building a house to withstand random bits
>> of ISS dropping in unexpectedly; not something I’m expecting to be
>> paying for.
>>
>> Unwanted ransomware or bitcoin mining programs are most likely the
>> result of an unwitting end user at and end point (PC, Android etc) doing
>> something that resulted in the malware ending up on their end point.
>> Could be surfing to a suspect web site (www.PawnStorm4U.com) or even
>> going to a compromised but reputable site such as NASA.gov.
>> Alternatively, it could be someone opening a compromised PDF or
>> Word/Excel attachment. The best protection here is to be cautious and
>> mindful of what you do in the cyber world and absolutely make sure you
>> are running the most uptodate OS (not XP) and to its most current patch
>> level.
>>
>>
>> Presumably but maybe not, the K4 won’t make available to the ham
>> operator a browser that allows them to surf wherever nor an email client
>> that they can read Excel attachments at the whim of the ham operator.
>> That is best done outside of the K4.
>>
>>
>> Hardening Linux, following best practices on coding and penetration
>> testing are all things to be aware of and implement as appropriately.
>>
>>
>> For those who might be interested in perusing details of some of these
>> topics these links might be interesting;
>> Secure Coding Practices
>> https://msdn.microsoft.com/en-us/aa570401Hardening Linux
>>
>> https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.htmlPenetration
>> Testing https://www.tenable.com
>>
>>
>> With Elecraft’s proximity to Silicon Valley and presumably contacts
>> abounding, I’m optimistic the K4 will do us proud and I won’t have
>> to rely on Rocky and Bullwinkle to keep nefarious foreign agents out of
>> my K4.
>>
>>
>> Paul
>> W6PNG/M0SNA
>> www.nomadic.blog
>>
>>
>>
>>
>>
>>
>> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <[hidden email]> wrote:
>>
>> Much of that protection can be implemented at the router level (>90% of
>> all sites) and the internal linux (fairly bullet proof) will deal with
>> the radio talking to the world.
>>
>> It shouldn't be too difficult for Elecraft to refine security to the
>> radio, you'd only need a few ports of network access, which if required,
>> could be coded to set values (MAC address) up to the menu level...  or
>> limited access into the linux side of the radio.
>>
>> I'm confident it has been considered and managed with the usual Elecraft
>> elegance.
>>
>> Rick NHC
>>
>>
>> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
>> So, let's let the elephant in the room bellow a bit.
>>
>> Ahem, CYBER SECURITY.
>>
>> Now that you've put a popular, modern OS in the K4, and hooked it up to
>> Ethernet (and therefore the Internet), you've just opened a stinking
>> pile of attack vectors.
>>
>> And please don't think that no one will bother figuring out how to 'own'
>> such a powerful connected processor.  If you spend anytime reading up on
>> things like Distributed Denial of Service (DDOS) attacks, you will find
>> that things like webcams and routers (which typically don't even have a
>> 32-bit OS in them) have been marshaled to unleash frightening
>> multi-gigabit attacks on various targets.
>>
>> Or, try the newest craze, dropping Bitcoin or other digital currency
>> mining engines on unsuspecting machines, taking them over hog mode, and
>> pegging the CPU at 100%, using your electric bill for their gain.
>>
>> Or, maybe the K4 will be the first ham radio to suffer from a
>> ransom-ware attack, where the poor ham is asked to ante up some ransom
>> (in bitcoin usually, to make it hard to track) to get control of his
>> radio back.
>>
>> True, at least one or more other companies have already stepped out
>> ahead, by putting Windows 10 in their radio.
>>
>> I'm just wondering if anyone at Elecraft has been tasked with dealing
>> with the cyber security aspects of this new toy, and what plans you may
>> have for outside pen testing, etc. have been made.
>>
>> At the very least, you should be using authenticated boot and
>> authenticated flash, protected by a root certificate in an internal
>> hardware trust anchor.
>>
>> 73,
>>
>> -- Dave, N8SBE
>>
>> -------- Original Message --------
>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>> From: Wayne Burdick <[hidden email]>
>> Date: Sun, June 02, 2019 11:52 am
>> To: Leroy Buller <[hidden email]>
>> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
>> <[hidden email]>
>>
>> x86, not PI (ARM). It's the controller for internal/external displays
>> and streaming I/O, runs the server for remote clients, and serves as the
>> present/future app engine.
>>
>> Additional details pending.
>>
>> 73,
>> Wayne
>> N6KR
>>
>>
>>
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>
>

> Actually there is more to think about than security here as well. What
> would elecraft do about users that break the system but misconfiguring
> stuff, etc... if they allow users to opt in I would fully expect users to
> have to agree to owning responsibility for any modifications. This would
> mean that if you have a problem with the radio and send it in and the
> problem is solved by reflashing the base image then you should be charged
> for wasting their time. I would also expect to have the base image given to
> users so we can fix our own mistakes.
>
>
> I think this problem will exist one way or another. Quite likely elecraft
> will be legally required to make available some or all of the base image of
> the radio due to software licences. It is also likely that someone will
> figure out how to get access to the underlying system. In my opinion
> elecraft can get out in front by setting expectations and telling users if
> you do this your on your own from a warranty perspective. It would be nice
> of them to limit that but they could have that void the whole warranty.
>
> It will be interesting to see how they handle this. This is precisely the
> reason I got put my deposit for the second group. I want to see how this
> shakes out before commiting which means I cant be the first one with the
> radio.
>
> Jeff N5SDR
>
>

> I believe these are all good points that elecraft should consider. As for
> myself I am a tinker-er and as such i can imagine many things i would like
> to do with the on board system. Personally I would like the option of
> "unlocking" access do that I could use the underlying linux system and
> would be willing to be responsible for the security of the system if I did
> so. I know there will be many who just want a good radio to operate and
> that is why I am suggesting that maybe this is a opt into thing with the
> caveat that if you unlock this your responsible to keep the radio secure.
>
> Jeff
> N5SDR
>
> On Mon, Jun 3, 2019, 3:35 PM Dave New, N8SBE <[hidden email]> wrote:
>
>> Paul,
>>
>> I believe you mistook the 'direction' of DDOS attack I was talking
>> about.
>>
>> The K4 would not be the target of a DDOS attack, but rather an unwitting
>> participant in launching a DDOS attack as part of robot army of IoT
>> devices.
>>
>> Thousands of hacked IoT devices are for rent on the dark web, for any
>> script kiddie that wants to attack a particular target.
>>
>> Also, it may be popular to use hacked web sites, or various documents
>> with trojan horse loads to deliver ransom ware or bitcoin miners, but
>> there are other known vectors, including various open ports found while
>> scanning.  It may be the a router would be able to block access, but the
>> very peer-to-peer nature of the K4 (controlling other K4's or being
>> controlled by another K4 or PC, tablet, etc, means that routers would
>> need to allow certain inbound connections through the router or
>> firewall.  These allow for interesting attack vectors, which will
>> certainly be exercised, if possible.
>>
>> 73,
>>
>> -- Dave, N8SBE
>>
>> -------- Original Message --------
>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>> From: Paul Gacek <[hidden email]>
>> Date: Mon, June 03, 2019 4:00 pm
>> To: "Dave New, N8SBE" <[hidden email]>
>> Cc: Elecraft Reflector <[hidden email]>, Rick WA6NHC
>> <[hidden email]>
>>
>> Dave
>>
>> DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal with
>> effectively. If a million zombie Macs decide to simultaneously attack
>> your end point your best chance is as Rick states, a device that makes
>> up the perimeter defenses such as a firewall or cyber security
>> alternative (i.e router, IDP). Most homes don’t have anything
>> particularly sophisticated deployed and are therefore somewhat
>> vulnerable. In truth DDOS attacks are quite rare and typically not aimed
>> at Citizen Dave or his neighbors. Protection albeit optimistic is really
>> in the realm of a corporate network but even then we have a few cases
>> where iconic sites get hammered and go dark. Enabling the K4 to defend
>> against DDOS is a little like building a house to withstand random bits
>> of ISS dropping in unexpectedly; not something I’m expecting to be
>> paying for.
>>
>> Unwanted ransomware or bitcoin mining programs are most likely the
>> result of an unwitting end user at and end point (PC, Android etc) doing
>> something that resulted in the malware ending up on their end point.
>> Could be surfing to a suspect web site (www.PawnStorm4U.com) or even
>> going to a compromised but reputable site such as NASA.gov.
>> Alternatively, it could be someone opening a compromised PDF or
>> Word/Excel attachment. The best protection here is to be cautious and
>> mindful of what you do in the cyber world and absolutely make sure you
>> are running the most uptodate OS (not XP) and to its most current patch
>> level.
>>
>>
>> Presumably but maybe not, the K4 won’t make available to the ham
>> operator a browser that allows them to surf wherever nor an email client
>> that they can read Excel attachments at the whim of the ham operator.
>> That is best done outside of the K4.
>>
>>
>> Hardening Linux, following best practices on coding and penetration
>> testing are all things to be aware of and implement as appropriately.
>>
>>
>> For those who might be interested in perusing details of some of these
>> topics these links might be interesting;
>> Secure Coding Practices
>> https://msdn.microsoft.com/en-us/aa570401Hardening Linux
>>
>> https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.htmlPenetration
>> Testing https://www.tenable.com
>>
>>
>> With Elecraft’s proximity to Silicon Valley and presumably contacts
>> abounding, I’m optimistic the K4 will do us proud and I won’t have
>> to rely on Rocky and Bullwinkle to keep nefarious foreign agents out of
>> my K4.
>>
>>
>> Paul
>> W6PNG/M0SNA
>> www.nomadic.blog
>>
>>
>>
>>
>>
>>
>> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <[hidden email]> wrote:
>>
>> Much of that protection can be implemented at the router level (>90% of
>> all sites) and the internal linux (fairly bullet proof) will deal with
>> the radio talking to the world.
>>
>> It shouldn't be too difficult for Elecraft to refine security to the
>> radio, you'd only need a few ports of network access, which if required,
>> could be coded to set values (MAC address) up to the menu level...  or
>> limited access into the linux side of the radio.
>>
>> I'm confident it has been considered and managed with the usual Elecraft
>> elegance.
>>
>> Rick NHC
>>
>>
>> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
>> So, let's let the elephant in the room bellow a bit.
>>
>> Ahem, CYBER SECURITY.
>>
>> Now that you've put a popular, modern OS in the K4, and hooked it up to
>> Ethernet (and therefore the Internet), you've just opened a stinking
>> pile of attack vectors.
>>
>> And please don't think that no one will bother figuring out how to 'own'
>> such a powerful connected processor.  If you spend anytime reading up on
>> things like Distributed Denial of Service (DDOS) attacks, you will find
>> that things like webcams and routers (which typically don't even have a
>> 32-bit OS in them) have been marshaled to unleash frightening
>> multi-gigabit attacks on various targets.
>>
>> Or, try the newest craze, dropping Bitcoin or other digital currency
>> mining engines on unsuspecting machines, taking them over hog mode, and
>> pegging the CPU at 100%, using your electric bill for their gain.
>>
>> Or, maybe the K4 will be the first ham radio to suffer from a
>> ransom-ware attack, where the poor ham is asked to ante up some ransom
>> (in bitcoin usually, to make it hard to track) to get control of his
>> radio back.
>>
>> True, at least one or more other companies have already stepped out
>> ahead, by putting Windows 10 in their radio.
>>
>> I'm just wondering if anyone at Elecraft has been tasked with dealing
>> with the cyber security aspects of this new toy, and what plans you may
>> have for outside pen testing, etc. have been made.
>>
>> At the very least, you should be using authenticated boot and
>> authenticated flash, protected by a root certificate in an internal
>> hardware trust anchor.
>>
>> 73,
>>
>> -- Dave, N8SBE
>>
>> -------- Original Message --------
>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>> From: Wayne Burdick <[hidden email]>
>> Date: Sun, June 02, 2019 11:52 am
>> To: Leroy Buller <[hidden email]>
>> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
>> <[hidden email]>
>>
>> x86, not PI (ARM). It's the controller for internal/external displays
>> and streaming I/O, runs the server for remote clients, and serves as the
>> present/future app engine.
>>
>> Additional details pending.
>>
>> 73,
>> Wayne
>> N6KR
>>
>>
>>
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
>

> Based on the lack of ability to chance the CW rise times, I suspect
> Elecraft will not give access to the processor, and OS.  I would not.
>
> Why?  If too many users change things, and break things, the radio will
> get a bad rep...  If Elecraft is smart, they will lock the users out of
> that level of access.
>
> 73s and thanks,
> Dave (NK7Z)
> https://www.nk7z.net
> ARRL Technical Specialist
> ARRL Volunteer Examiner
> ARRL Asst. Director, NW Division, Technical Resource
>
> On 6/3/19 2:04 PM, Jeff Scaparra wrote:
>> I believe these are all good points that elecraft should consider. As for
>> myself I am a tinker-er and as such i can imagine many things i would
>> like
>> to do with the on board system. Personally I would like the option of
>> "unlocking" access do that I could use the underlying linux system and
>> would be willing to be responsible for the security of the system if I
>> did
>> so. I know there will be many who just want a good radio to operate and
>> that is why I am suggesting that maybe this is a opt into thing with the
>> caveat that if you unlock this your responsible to keep the radio secure.
>>
>> Jeff
>> N5SDR
>>
>> On Mon, Jun 3, 2019, 3:35 PM Dave New, N8SBE <[hidden email]> wrote:
>>
>>> Paul,
>>>
>>> I believe you mistook the 'direction' of DDOS attack I was talking
>>> about.
>>>
>>> The K4 would not be the target of a DDOS attack, but rather an unwitting
>>> participant in launching a DDOS attack as part of robot army of IoT
>>> devices.
>>>
>>> Thousands of hacked IoT devices are for rent on the dark web, for any
>>> script kiddie that wants to attack a particular target.
>>>
>>> Also, it may be popular to use hacked web sites, or various documents
>>> with trojan horse loads to deliver ransom ware or bitcoin miners, but
>>> there are other known vectors, including various open ports found while
>>> scanning.  It may be the a router would be able to block access, but the
>>> very peer-to-peer nature of the K4 (controlling other K4's or being
>>> controlled by another K4 or PC, tablet, etc, means that routers would
>>> need to allow certain inbound connections through the router or
>>> firewall.  These allow for interesting attack vectors, which will
>>> certainly be exercised, if possible.
>>>
>>> 73,
>>>
>>> -- Dave, N8SBE
>>>
>>> -------- Original Message --------
>>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>>> From: Paul Gacek <[hidden email]>
>>> Date: Mon, June 03, 2019 4:00 pm
>>> To: "Dave New, N8SBE" <[hidden email]>
>>> Cc: Elecraft Reflector <[hidden email]>, Rick WA6NHC
>>> <[hidden email]>
>>>
>>> Dave
>>>
>>> DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal with
>>> effectively. If a million zombie Macs decide to simultaneously attack
>>> your end point your best chance is as Rick states, a device that makes
>>> up the perimeter defenses such as a firewall or cyber security
>>> alternative (i.e router, IDP). Most homes don’t have anything
>>> particularly sophisticated deployed and are therefore somewhat
>>> vulnerable. In truth DDOS attacks are quite rare and typically not aimed
>>> at Citizen Dave or his neighbors. Protection albeit optimistic is really
>>> in the realm of a corporate network but even then we have a few cases
>>> where iconic sites get hammered and go dark. Enabling the K4 to defend
>>> against DDOS is a little like building a house to withstand random bits
>>> of ISS dropping in unexpectedly; not something I’m expecting to be
>>> paying for.
>>>
>>> Unwanted ransomware or bitcoin mining programs are most likely the
>>> result of an unwitting end user at and end point (PC, Android etc) doing
>>> something that resulted in the malware ending up on their end point.
>>> Could be surfing to a suspect web site (www.PawnStorm4U.com) or even
>>> going to a compromised but reputable site such as NASA.gov.
>>> Alternatively, it could be someone opening a compromised PDF or
>>> Word/Excel attachment. The best protection here is to be cautious and
>>> mindful of what you do in the cyber world and absolutely make sure you
>>> are running the most uptodate OS (not XP) and to its most current patch
>>> level.
>>>
>>>
>>> Presumably but maybe not, the K4 won’t make available to the ham
>>> operator a browser that allows them to surf wherever nor an email client
>>> that they can read Excel attachments at the whim of the ham operator.
>>> That is best done outside of the K4.
>>>
>>>
>>> Hardening Linux, following best practices on coding and penetration
>>> testing are all things to be aware of and implement as appropriately.
>>>
>>>
>>> For those who might be interested in perusing details of some of these
>>> topics these links might be interesting;
>>> Secure Coding Practices
>>> https://msdn.microsoft.com/en-us/aa570401Hardening Linux
>>>
>>> https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.htmlPenetration 
>>>
>>> Testing https://www.tenable.com
>>>
>>>
>>> With Elecraft’s proximity to Silicon Valley and presumably contacts
>>> abounding, I’m optimistic the K4 will do us proud and I won’t have
>>> to rely on Rocky and Bullwinkle to keep nefarious foreign agents out of
>>> my K4.
>>>
>>>
>>> Paul
>>> W6PNG/M0SNA
>>> www.nomadic.blog
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <[hidden email]> wrote:
>>>
>>> Much of that protection can be implemented at the router level (>90% of
>>> all sites) and the internal linux (fairly bullet proof) will deal with
>>> the radio talking to the world.
>>>
>>> It shouldn't be too difficult for Elecraft to refine security to the
>>> radio, you'd only need a few ports of network access, which if required,
>>> could be coded to set values (MAC address) up to the menu level...  or
>>> limited access into the linux side of the radio.
>>>
>>> I'm confident it has been considered and managed with the usual Elecraft
>>> elegance.
>>>
>>> Rick NHC
>>>
>>>
>>> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
>>> So, let's let the elephant in the room bellow a bit.
>>>
>>> Ahem, CYBER SECURITY.
>>>
>>> Now that you've put a popular, modern OS in the K4, and hooked it up to
>>> Ethernet (and therefore the Internet), you've just opened a stinking
>>> pile of attack vectors.
>>>
>>> And please don't think that no one will bother figuring out how to 'own'
>>> such a powerful connected processor.  If you spend anytime reading up on
>>> things like Distributed Denial of Service (DDOS) attacks, you will find
>>> that things like webcams and routers (which typically don't even have a
>>> 32-bit OS in them) have been marshaled to unleash frightening
>>> multi-gigabit attacks on various targets.
>>>
>>> Or, try the newest craze, dropping Bitcoin or other digital currency
>>> mining engines on unsuspecting machines, taking them over hog mode, and
>>> pegging the CPU at 100%, using your electric bill for their gain.
>>>
>>> Or, maybe the K4 will be the first ham radio to suffer from a
>>> ransom-ware attack, where the poor ham is asked to ante up some ransom
>>> (in bitcoin usually, to make it hard to track) to get control of his
>>> radio back.
>>>
>>> True, at least one or more other companies have already stepped out
>>> ahead, by putting Windows 10 in their radio.
>>>
>>> I'm just wondering if anyone at Elecraft has been tasked with dealing
>>> with the cyber security aspects of this new toy, and what plans you may
>>> have for outside pen testing, etc. have been made.
>>>
>>> At the very least, you should be using authenticated boot and
>>> authenticated flash, protected by a root certificate in an internal
>>> hardware trust anchor.
>>>
>>> 73,
>>>
>>> -- Dave, N8SBE
>>>
>>> -------- Original Message --------
>>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>>> From: Wayne Burdick <[hidden email]>
>>> Date: Sun, June 02, 2019 11:52 am
>>> To: Leroy Buller <[hidden email]>
>>> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
>>> <[hidden email]>
>>>
>>> x86, not PI (ARM). It's the controller for internal/external displays
>>> and streaming I/O, runs the server for remote clients, and serves as the
>>> present/future app engine.
>>>
>>> Additional details pending.
>>>
>>> 73,
>>> Wayne
>>> N6KR
>>>
>>>
>>>
>>> ______________________________________________________________
>>> Elecraft mailing list
>>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> Help: http://mailman.qth.net/mmfaq.htm
>>> Post: mailto:[hidden email]
>>>
>>> This list hosted by: http://www.qsl.net
>>> Please help support this email list: http://www.qsl.net/donate.html
>>> ______________________________________________________________
>>> Elecraft mailing list
>>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> Help: http://mailman.qth.net/mmfaq.htm
>>> Post: mailto:[hidden email]
>>>
>>> This list hosted by: http://www.qsl.net
>>> Please help support this email list: http://www.qsl.net/donate.html
>>> ______________________________________________________________
>>> Elecraft mailing list
>>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> Help: http://mailman.qth.net/mmfaq.htm
>>> Post: mailto:[hidden email]
>>>
>>> This list hosted by: http://www.qsl.net
>>> Please help support this email list: http://www.qsl.net/donate.html
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>>
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html

> On Jun 3, 2019, at 6:07 PM, Al Lorona <[hidden email]> wrote:
>
> You guys have now reached the scenario I was trying to ask about last week, but obviously didn't make myself understood.
> When I asked if the K4 would be able to 'talk to the outside world', I meant an ability to initiate communications with a web site, a server, or something else.
> Yes, allowing users to get down to the operating system would probably be unmanageable. But what about loading 'apps', in the same way that you install apps on your phone? I could see a logging app, a reverse beacon app, or something else that would add real functionality to the radio. I'm sure that's been talked about... and I wonder what the thinking is along these lines.
> R,
> Al  W6LX
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html

>> On Mon, Jun 3, 2019, 5:45 PM Lynn W. Taylor, WB6UUT <
>> [hidden email]> wrote:
>>
>>> Seriously folks, think about the folks in Elecraft support and Service.
>>>
>>> Imagine spending an hour working through a problem just to find out that
>>> someone is running modified firmware (and this is firmware, not software
>>> for us to play with).
>>>
>>> It's an embedded system.  If you break it, you own both parts, and
>>> Elecraft would need a 100% reliable way to verify that you didn't
>>> introduce bugs.
>>>
>>> Let this idea go, folks.
>>>
>>> -- Lynn
>>>
>>> On 6/3/2019 3:31 PM, Dave Cole (NK7Z) wrote:
>>> > Based on the lack of ability to chance the CW rise times, I suspect
>>> > Elecraft will not give access to the processor, and OS.  I would not.
>>> >
>>> > Why?  If too many users change things, and break things, the radio
>>> will
>>> > get a bad rep...  If Elecraft is smart, they will lock the users out
>>> of
>>> > that level of access.
>>> >
>>> > 73s and thanks,
>>> > Dave (NK7Z)
>>> > https://www.nk7z.net
>>> > ARRL Technical Specialist
>>> > ARRL Volunteer Examiner
>>> > ARRL Asst. Director, NW Division, Technical Resource
>>> >
>>> > On 6/3/19 2:04 PM, Jeff Scaparra wrote:
>>> >> I believe these are all good points that elecraft should consider. As
>>> for
>>> >> myself I am a tinker-er and as such i can imagine many things i would
>>> >> like
>>> >> to do with the on board system. Personally I would like the option of
>>> >> "unlocking" access do that I could use the underlying linux system and
>>> >> would be willing to be responsible for the security of the system if
>>> I
>>> >> did
>>> >> so. I know there will be many who just want a good radio to operate
>>> and
>>> >> that is why I am suggesting that maybe this is a opt into thing with
>>> the
>>> >> caveat that if you unlock this your responsible to keep the radio
>>> secure.
>>> >>
>>> >> Jeff
>>> >> N5SDR
>>> >>
>>> >> On Mon, Jun 3, 2019, 3:35 PM Dave New, N8SBE <[hidden email]> wrote:
>>> >>
>>> >>> Paul,
>>> >>>
>>> >>> I believe you mistook the 'direction' of DDOS attack I was talking
>>> >>> about.
>>> >>>
>>> >>> The K4 would not be the target of a DDOS attack, but rather an
>>> unwitting
>>> >>> participant in launching a DDOS attack as part of robot army of IoT
>>> >>> devices.
>>> >>>
>>> >>> Thousands of hacked IoT devices are for rent on the dark web, for any
>>> >>> script kiddie that wants to attack a particular target.
>>> >>>
>>> >>> Also, it may be popular to use hacked web sites, or various documents
>>> >>> with trojan horse loads to deliver ransom ware or bitcoin miners, but
>>> >>> there are other known vectors, including various open ports found
>>> while
>>> >>> scanning.  It may be the a router would be able to block access, but
>>> the
>>> >>> very peer-to-peer nature of the K4 (controlling other K4's or being
>>> >>> controlled by another K4 or PC, tablet, etc, means that routers would
>>> >>> need to allow certain inbound connections through the router or
>>> >>> firewall.  These allow for interesting attack vectors, which will
>>> >>> certainly be exercised, if possible.
>>> >>>
>>> >>> 73,
>>> >>>
>>> >>> -- Dave, N8SBE
>>> >>>
>>> >>> -------- Original Message --------
>>> >>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>>> >>> From: Paul Gacek <[hidden email]>
>>> >>> Date: Mon, June 03, 2019 4:00 pm
>>> >>> To: "Dave New, N8SBE" <[hidden email]>
>>> >>> Cc: Elecraft Reflector <[hidden email]>, Rick WA6NHC
>>> >>> <[hidden email]>
>>> >>>
>>> >>> Dave
>>> >>>
>>> >>> DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal
>>> with
>>> >>> effectively. If a million zombie Macs decide to simultaneously attack
>>> >>> your end point your best chance is as Rick states, a device that
>>> makes
>>> >>> up the perimeter defenses such as a firewall or cyber security
>>> >>> alternative (i.e router, IDP). Most homes don’t have anything
>>> >>> particularly sophisticated deployed and are therefore somewhat
>>> >>> vulnerable. In truth DDOS attacks are quite rare and typically not
>>> aimed
>>> >>> at Citizen Dave or his neighbors. Protection albeit optimistic is
>>> really
>>> >>> in the realm of a corporate network but even then we have a few cases
>>> >>> where iconic sites get hammered and go dark. Enabling the K4 to
>>> defend
>>> >>> against DDOS is a little like building a house to withstand random
>>> bits
>>> >>> of ISS dropping in unexpectedly; not something I’m expecting to be
>>> >>> paying for.
>>> >>>
>>> >>> Unwanted ransomware or bitcoin mining programs are most likely the
>>> >>> result of an unwitting end user at and end point (PC, Android etc)
>>> doing
>>> >>> something that resulted in the malware ending up on their end point.
>>> >>> Could be surfing to a suspect web site (www.PawnStorm4U.com) or even
>>> >>> going to a compromised but reputable site such as NASA.gov.
>>> >>> Alternatively, it could be someone opening a compromised PDF or
>>> >>> Word/Excel attachment. The best protection here is to be cautious and
>>> >>> mindful of what you do in the cyber world and absolutely make sure
>>> you
>>> >>> are running the most uptodate OS (not XP) and to its most current
>>> patch
>>> >>> level.
>>> >>>
>>> >>>
>>> >>> Presumably but maybe not, the K4 won’t make available to the ham
>>> >>> operator a browser that allows them to surf wherever nor an email
>>> client
>>> >>> that they can read Excel attachments at the whim of the ham operator.
>>> >>> That is best done outside of the K4.
>>> >>>
>>> >>>
>>> >>> Hardening Linux, following best practices on coding and penetration
>>> >>> testing are all things to be aware of and implement as appropriately.
>>> >>>
>>> >>>
>>> >>> For those who might be interested in perusing details of some of
>>> these
>>> >>> topics these links might be interesting;
>>> >>> Secure Coding Practices
>>> >>> https://msdn.microsoft.com/en-us/aa570401Hardening Linux
>>> >>>
>>> >>>
>>> https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.htmlPenetration
>>> >>>
>>> >>> Testing https://www.tenable.com
>>> >>>
>>> >>>
>>> >>> With Elecraft’s proximity to Silicon Valley and presumably contacts
>>> >>> abounding, I’m optimistic the K4 will do us proud and I won’t have
>>> >>> to rely on Rocky and Bullwinkle to keep nefarious foreign agents out
>>> of
>>> >>> my K4.
>>> >>>
>>> >>>
>>> >>> Paul
>>> >>> W6PNG/M0SNA
>>> >>> www.nomadic.blog
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <[hidden email]> wrote:
>>> >>>
>>> >>> Much of that protection can be implemented at the router level (>90%
>>> of
>>> >>> all sites) and the internal linux (fairly bullet proof) will deal
>>> with
>>> >>> the radio talking to the world.
>>> >>>
>>> >>> It shouldn't be too difficult for Elecraft to refine security to the
>>> >>> radio, you'd only need a few ports of network access, which if
>>> required,
>>> >>> could be coded to set values (MAC address) up to the menu level...
>>> or
>>> >>> limited access into the linux side of the radio.
>>> >>>
>>> >>> I'm confident it has been considered and managed with the usual
>>> Elecraft
>>> >>> elegance.
>>> >>>
>>> >>> Rick NHC
>>> >>>
>>> >>>
>>> >>> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
>>> >>> So, let's let the elephant in the room bellow a bit.
>>> >>>
>>> >>> Ahem, CYBER SECURITY.
>>> >>>
>>> >>> Now that you've put a popular, modern OS in the K4, and hooked it up
>>> to
>>> >>> Ethernet (and therefore the Internet), you've just opened a stinking
>>> >>> pile of attack vectors.
>>> >>>
>>> >>> And please don't think that no one will bother figuring out how to
>>> 'own'
>>> >>> such a powerful connected processor.  If you spend anytime reading
>>> up on
>>> >>> things like Distributed Denial of Service (DDOS) attacks, you will
>>> find
>>> >>> that things like webcams and routers (which typically don't even
>>> have a
>>> >>> 32-bit OS in them) have been marshaled to unleash frightening
>>> >>> multi-gigabit attacks on various targets.
>>> >>>
>>> >>> Or, try the newest craze, dropping Bitcoin or other digital currency
>>> >>> mining engines on unsuspecting machines, taking them over hog mode,
>>> and
>>> >>> pegging the CPU at 100%, using your electric bill for their gain.
>>> >>>
>>> >>> Or, maybe the K4 will be the first ham radio to suffer from a
>>> >>> ransom-ware attack, where the poor ham is asked to ante up some
>>> ransom
>>> >>> (in bitcoin usually, to make it hard to track) to get control of his
>>> >>> radio back.
>>> >>>
>>> >>> True, at least one or more other companies have already stepped out
>>> >>> ahead, by putting Windows 10 in their radio.
>>> >>>
>>> >>> I'm just wondering if anyone at Elecraft has been tasked with dealing
>>> >>> with the cyber security aspects of this new toy, and what plans you
>>> may
>>> >>> have for outside pen testing, etc. have been made.
>>> >>>
>>> >>> At the very least, you should be using authenticated boot and
>>> >>> authenticated flash, protected by a root certificate in an internal
>>> >>> hardware trust anchor.
>>> >>>
>>> >>> 73,
>>> >>>
>>> >>> -- Dave, N8SBE
>>> >>>
>>> >>> -------- Original Message --------
>>> >>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>>> >>> From: Wayne Burdick <[hidden email]>
>>> >>> Date: Sun, June 02, 2019 11:52 am
>>> >>> To: Leroy Buller <[hidden email]>
>>> >>> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
>>> >>> <[hidden email]>
>>> >>>
>>> >>> x86, not PI (ARM). It's the controller for internal/external displays
>>> >>> and streaming I/O, runs the server for remote clients, and serves as
>>> the
>>> >>> present/future app engine.
>>> >>>
>>> >>> Additional details pending.
>>> >>>
>>> >>> 73,
>>> >>> Wayne
>>> >>> N6KR
>>> >>>
>>> >>>
>>> >>>
>>> >>> ______________________________________________________________
>>> >>> Elecraft mailing list
>>> >>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> >>> Help: http://mailman.qth.net/mmfaq.htm
>>> >>> Post: mailto:[hidden email]
>>> >>>
>>> >>> This list hosted by: http://www.qsl.net
>>> >>> Please help support this email list: http://www.qsl.net/donate.html
>>> >>> ______________________________________________________________
>>> >>> Elecraft mailing list
>>> >>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> >>> Help: http://mailman.qth.net/mmfaq.htm
>>> >>> Post: mailto:[hidden email]
>>> >>>
>>> >>> This list hosted by: http://www.qsl.net
>>> >>> Please help support this email list: http://www.qsl.net/donate.html
>>> >>> ______________________________________________________________
>>> >>> Elecraft mailing list
>>> >>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> >>> Help: http://mailman.qth.net/mmfaq.htm
>>> >>> Post: mailto:[hidden email]
>>> >>>
>>> >>> This list hosted by: http://www.qsl.net
>>> >>> Please help support this email list: http://www.qsl.net/donate.html
>>> >> ______________________________________________________________
>>> >> Elecraft mailing list
>>> >> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> >> Help: http://mailman.qth.net/mmfaq.htm
>>> >> Post: mailto:[hidden email]
>>> >>
>>> >> This list hosted by: http://www.qsl.net
>>> >> Please help support this email list: http://www.qsl.net/donate.html
>>> >>
>>> > ______________________________________________________________
>>> > Elecraft mailing list
>>> > Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> > Help: http://mailman.qth.net/mmfaq.htm
>>> > Post: mailto:[hidden email]
>>> >
>>> > This list hosted by: http://www.qsl.net
>>> > Please help support this email list: http://www.qsl.net/donate.html
>>> ______________________________________________________________
>>> Elecraft mailing list
>>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> Help: http://mailman.qth.net/mmfaq.htm
>>> Post: mailto:[hidden email]
>>>
>>> This list hosted by: http://www.qsl.net
>>> Please help support this email list: http://www.qsl.net/donate.html
>>>
>>>

> Seriously folks, think about the folks in Elecraft support and Service.
>
> Imagine spending an hour working through a problem just to find out that
> someone is running modified firmware (and this is firmware, not software
> for us to play with).
>
> It's an embedded system.  If you break it, you own both parts, and
> Elecraft would need a 100% reliable way to verify that you didn't
> introduce bugs.
>
> Let this idea go, folks.
>
> -- Lynn
>
> On 6/3/2019 3:31 PM, Dave Cole (NK7Z) wrote:
> > Based on the lack of ability to chance the CW rise times, I suspect
> > Elecraft will not give access to the processor, and OS.  I would not.
> >
> > Why?  If too many users change things, and break things, the radio will
> > get a bad rep...  If Elecraft is smart, they will lock the users out of
> > that level of access.
> >
> > 73s and thanks,
> > Dave (NK7Z)
> > https://www.nk7z.net
> > ARRL Technical Specialist
> > ARRL Volunteer Examiner
> > ARRL Asst. Director, NW Division, Technical Resource
> >
> > On 6/3/19 2:04 PM, Jeff Scaparra wrote:
> >> I believe these are all good points that elecraft should consider. As
> for
> >> myself I am a tinker-er and as such i can imagine many things i would
> >> like
> >> to do with the on board system. Personally I would like the option of
> >> "unlocking" access do that I could use the underlying linux system and
> >> would be willing to be responsible for the security of the system if I
> >> did
> >> so. I know there will be many who just want a good radio to operate and
> >> that is why I am suggesting that maybe this is a opt into thing with the
> >> caveat that if you unlock this your responsible to keep the radio
> secure.
> >>
> >> Jeff
> >> N5SDR
> >>
> >> On Mon, Jun 3, 2019, 3:35 PM Dave New, N8SBE <[hidden email]> wrote:
> >>
> >>> Paul,
> >>>
> >>> I believe you mistook the 'direction' of DDOS attack I was talking
> >>> about.
> >>>
> >>> The K4 would not be the target of a DDOS attack, but rather an
> unwitting
> >>> participant in launching a DDOS attack as part of robot army of IoT
> >>> devices.
> >>>
> >>> Thousands of hacked IoT devices are for rent on the dark web, for any
> >>> script kiddie that wants to attack a particular target.
> >>>
> >>> Also, it may be popular to use hacked web sites, or various documents
> >>> with trojan horse loads to deliver ransom ware or bitcoin miners, but
> >>> there are other known vectors, including various open ports found while
> >>> scanning.  It may be the a router would be able to block access, but
> the
> >>> very peer-to-peer nature of the K4 (controlling other K4's or being
> >>> controlled by another K4 or PC, tablet, etc, means that routers would
> >>> need to allow certain inbound connections through the router or
> >>> firewall.  These allow for interesting attack vectors, which will
> >>> certainly be exercised, if possible.
> >>>
> >>> 73,
> >>>
> >>> -- Dave, N8SBE
> >>>
> >>> -------- Original Message --------
> >>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
> >>> From: Paul Gacek <[hidden email]>
> >>> Date: Mon, June 03, 2019 4:00 pm
> >>> To: "Dave New, N8SBE" <[hidden email]>
> >>> Cc: Elecraft Reflector <[hidden email]>, Rick WA6NHC
> >>> <[hidden email]>
> >>>
> >>> Dave
> >>>
> >>> DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal with
> >>> effectively. If a million zombie Macs decide to simultaneously attack
> >>> your end point your best chance is as Rick states, a device that makes
> >>> up the perimeter defenses such as a firewall or cyber security
> >>> alternative (i.e router, IDP). Most homes don’t have anything
> >>> particularly sophisticated deployed and are therefore somewhat
> >>> vulnerable. In truth DDOS attacks are quite rare and typically not
> aimed
> >>> at Citizen Dave or his neighbors. Protection albeit optimistic is
> really
> >>> in the realm of a corporate network but even then we have a few cases
> >>> where iconic sites get hammered and go dark. Enabling the K4 to defend
> >>> against DDOS is a little like building a house to withstand random bits
> >>> of ISS dropping in unexpectedly; not something I’m expecting to be
> >>> paying for.
> >>>
> >>> Unwanted ransomware or bitcoin mining programs are most likely the
> >>> result of an unwitting end user at and end point (PC, Android etc)
> doing
> >>> something that resulted in the malware ending up on their end point.
> >>> Could be surfing to a suspect web site (www.PawnStorm4U.com) or even
> >>> going to a compromised but reputable site such as NASA.gov.
> >>> Alternatively, it could be someone opening a compromised PDF or
> >>> Word/Excel attachment. The best protection here is to be cautious and
> >>> mindful of what you do in the cyber world and absolutely make sure you
> >>> are running the most uptodate OS (not XP) and to its most current patch
> >>> level.
> >>>
> >>>
> >>> Presumably but maybe not, the K4 won’t make available to the ham
> >>> operator a browser that allows them to surf wherever nor an email
> client
> >>> that they can read Excel attachments at the whim of the ham operator.
> >>> That is best done outside of the K4.
> >>>
> >>>
> >>> Hardening Linux, following best practices on coding and penetration
> >>> testing are all things to be aware of and implement as appropriately.
> >>>
> >>>
> >>> For those who might be interested in perusing details of some of these
> >>> topics these links might be interesting;
> >>> Secure Coding Practices
> >>> https://msdn.microsoft.com/en-us/aa570401Hardening Linux
> >>>
> >>>
> https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.htmlPenetration
> >>>
> >>> Testing https://www.tenable.com
> >>>
> >>>
> >>> With Elecraft’s proximity to Silicon Valley and presumably contacts
> >>> abounding, I’m optimistic the K4 will do us proud and I won’t have
> >>> to rely on Rocky and Bullwinkle to keep nefarious foreign agents out of
> >>> my K4.
> >>>
> >>>
> >>> Paul
> >>> W6PNG/M0SNA
> >>> www.nomadic.blog
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <[hidden email]> wrote:
> >>>
> >>> Much of that protection can be implemented at the router level (>90% of
> >>> all sites) and the internal linux (fairly bullet proof) will deal with
> >>> the radio talking to the world.
> >>>
> >>> It shouldn't be too difficult for Elecraft to refine security to the
> >>> radio, you'd only need a few ports of network access, which if
> required,
> >>> could be coded to set values (MAC address) up to the menu level...  or
> >>> limited access into the linux side of the radio.
> >>>
> >>> I'm confident it has been considered and managed with the usual
> Elecraft
> >>> elegance.
> >>>
> >>> Rick NHC
> >>>
> >>>
> >>> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
> >>> So, let's let the elephant in the room bellow a bit.
> >>>
> >>> Ahem, CYBER SECURITY.
> >>>
> >>> Now that you've put a popular, modern OS in the K4, and hooked it up to
> >>> Ethernet (and therefore the Internet), you've just opened a stinking
> >>> pile of attack vectors.
> >>>
> >>> And please don't think that no one will bother figuring out how to
> 'own'
> >>> such a powerful connected processor.  If you spend anytime reading up
> on
> >>> things like Distributed Denial of Service (DDOS) attacks, you will find
> >>> that things like webcams and routers (which typically don't even have a
> >>> 32-bit OS in them) have been marshaled to unleash frightening
> >>> multi-gigabit attacks on various targets.
> >>>
> >>> Or, try the newest craze, dropping Bitcoin or other digital currency
> >>> mining engines on unsuspecting machines, taking them over hog mode, and
> >>> pegging the CPU at 100%, using your electric bill for their gain.
> >>>
> >>> Or, maybe the K4 will be the first ham radio to suffer from a
> >>> ransom-ware attack, where the poor ham is asked to ante up some ransom
> >>> (in bitcoin usually, to make it hard to track) to get control of his
> >>> radio back.
> >>>
> >>> True, at least one or more other companies have already stepped out
> >>> ahead, by putting Windows 10 in their radio.
> >>>
> >>> I'm just wondering if anyone at Elecraft has been tasked with dealing
> >>> with the cyber security aspects of this new toy, and what plans you may
> >>> have for outside pen testing, etc. have been made.
> >>>
> >>> At the very least, you should be using authenticated boot and
> >>> authenticated flash, protected by a root certificate in an internal
> >>> hardware trust anchor.
> >>>
> >>> 73,
> >>>
> >>> -- Dave, N8SBE
> >>>
> >>> -------- Original Message --------
> >>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
> >>> From: Wayne Burdick <[hidden email]>
> >>> Date: Sun, June 02, 2019 11:52 am
> >>> To: Leroy Buller <[hidden email]>
> >>> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
> >>> <[hidden email]>
> >>>
> >>> x86, not PI (ARM). It's the controller for internal/external displays
> >>> and streaming I/O, runs the server for remote clients, and serves as
> the
> >>> present/future app engine.
> >>>
> >>> Additional details pending.
> >>>
> >>> 73,
> >>> Wayne
> >>> N6KR
> >>>
> >>>
> >>>
> >>> ______________________________________________________________
> >>> Elecraft mailing list
> >>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> >>> Help: http://mailman.qth.net/mmfaq.htm
> >>> Post: mailto:[hidden email]
> >>>
> >>> This list hosted by: http://www.qsl.net
> >>> Please help support this email list: http://www.qsl.net/donate.html
> >>> ______________________________________________________________
> >>> Elecraft mailing list
> >>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> >>> Help: http://mailman.qth.net/mmfaq.htm
> >>> Post: mailto:[hidden email]
> >>>
> >>> This list hosted by: http://www.qsl.net
> >>> Please help support this email list: http://www.qsl.net/donate.html
> >>> ______________________________________________________________
> >>> Elecraft mailing list
> >>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> >>> Help: http://mailman.qth.net/mmfaq.htm
> >>> Post: mailto:[hidden email]
> >>>
> >>> This list hosted by: http://www.qsl.net
> >>> Please help support this email list: http://www.qsl.net/donate.html
> >> ______________________________________________________________
> >> Elecraft mailing list
> >> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> >> Help: http://mailman.qth.net/mmfaq.htm
> >> Post: mailto:[hidden email]
> >>
> >> This list hosted by: http://www.qsl.net
> >> Please help support this email list: http://www.qsl.net/donate.html
> >>
> > ______________________________________________________________
> > Elecraft mailing list
> > Home: http://mailman.qth.net/mailman/listinfo/elecraft
> > Help: http://mailman.qth.net/mmfaq.htm
> > Post: mailto:[hidden email]
> >
> > This list hosted by: http://www.qsl.net
> > Please help support this email list: http://www.qsl.net/donate.html
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html

> Missed reply all.
>
> At some level even if they do "only" have apps they will have this problem.
> App developers will need to be able to modify and test things. Also I doubt
> that there would be many apps if this is a separate process than mainstream
> linux/windows. why would a hobby developer want to build a separate thing
> just for one pretty expensive radio when they could just build the app for
> linux or windows and support everyone.
>
> Maybe they have some trick to make app onboarding easy.
>
> My 2 cents
> Jeff N6SDR
>

> Based on the lack of ability to chance the CW rise times, I suspect
> Elecraft will not give access to the processor, and OS.  I would not.
>
> Why?  If too many users change things, and break things, the radio will
> get a bad rep...  If Elecraft is smart, they will lock the users out of
> that level of access.
>
> 73s and thanks,
> Dave (NK7Z)
> https://www.nk7z.net
> ARRL Technical Specialist
> ARRL Volunteer Examiner
> ARRL Asst. Director, NW Division, Technical Resource
>
> On 6/3/19 2:04 PM, Jeff Scaparra wrote:
>> I believe these are all good points that elecraft should consider. As for
>> myself I am a tinker-er and as such i can imagine many things i would
>> like
>> to do with the on board system. Personally I would like the option of
>> "unlocking" access do that I could use the underlying linux system and
>> would be willing to be responsible for the security of the system if I
>> did
>> so. I know there will be many who just want a good radio to operate and
>> that is why I am suggesting that maybe this is a opt into thing with the
>> caveat that if you unlock this your responsible to keep the radio secure.
>>
>> Jeff
>> N5SDR
>>
>> On Mon, Jun 3, 2019, 3:35 PM Dave New, N8SBE <[hidden email]> wrote:
>>
>>> Paul,
>>>
>>> I believe you mistook the 'direction' of DDOS attack I was talking
>>> about.
>>>
>>> The K4 would not be the target of a DDOS attack, but rather an unwitting
>>> participant in launching a DDOS attack as part of robot army of IoT
>>> devices.
>>>
>>> Thousands of hacked IoT devices are for rent on the dark web, for any
>>> script kiddie that wants to attack a particular target.
>>>
>>> Also, it may be popular to use hacked web sites, or various documents
>>> with trojan horse loads to deliver ransom ware or bitcoin miners, but
>>> there are other known vectors, including various open ports found while
>>> scanning.  It may be the a router would be able to block access, but the
>>> very peer-to-peer nature of the K4 (controlling other K4's or being
>>> controlled by another K4 or PC, tablet, etc, means that routers would
>>> need to allow certain inbound connections through the router or
>>> firewall.  These allow for interesting attack vectors, which will
>>> certainly be exercised, if possible.
>>>
>>> 73,
>>>
>>> -- Dave, N8SBE
>>>
>>> -------- Original Message --------
>>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>>> From: Paul Gacek <[hidden email]>
>>> Date: Mon, June 03, 2019 4:00 pm
>>> To: "Dave New, N8SBE" <[hidden email]>
>>> Cc: Elecraft Reflector <[hidden email]>, Rick WA6NHC
>>> <[hidden email]>
>>>
>>> Dave
>>>
>>> DDOS is quite hard for any end point (PC, iPhone, K4 etc) to deal with
>>> effectively. If a million zombie Macs decide to simultaneously attack
>>> your end point your best chance is as Rick states, a device that makes
>>> up the perimeter defenses such as a firewall or cyber security
>>> alternative (i.e router, IDP). Most homes don’t have anything
>>> particularly sophisticated deployed and are therefore somewhat
>>> vulnerable. In truth DDOS attacks are quite rare and typically not aimed
>>> at Citizen Dave or his neighbors. Protection albeit optimistic is really
>>> in the realm of a corporate network but even then we have a few cases
>>> where iconic sites get hammered and go dark. Enabling the K4 to defend
>>> against DDOS is a little like building a house to withstand random bits
>>> of ISS dropping in unexpectedly; not something I’m expecting to be
>>> paying for.
>>>
>>> Unwanted ransomware or bitcoin mining programs are most likely the
>>> result of an unwitting end user at and end point (PC, Android etc) doing
>>> something that resulted in the malware ending up on their end point.
>>> Could be surfing to a suspect web site (www.PawnStorm4U.com) or even
>>> going to a compromised but reputable site such as NASA.gov.
>>> Alternatively, it could be someone opening a compromised PDF or
>>> Word/Excel attachment. The best protection here is to be cautious and
>>> mindful of what you do in the cyber world and absolutely make sure you
>>> are running the most uptodate OS (not XP) and to its most current patch
>>> level.
>>>
>>>
>>> Presumably but maybe not, the K4 won’t make available to the ham
>>> operator a browser that allows them to surf wherever nor an email client
>>> that they can read Excel attachments at the whim of the ham operator.
>>> That is best done outside of the K4.
>>>
>>>
>>> Hardening Linux, following best practices on coding and penetration
>>> testing are all things to be aware of and implement as appropriately.
>>>
>>>
>>> For those who might be interested in perusing details of some of these
>>> topics these links might be interesting;
>>> Secure Coding Practices
>>> https://msdn.microsoft.com/en-us/aa570401Hardening Linux
>>>
>>> https://www.computerworld.com/article/3144985/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.htmlPenetration 
>>>
>>> Testing https://www.tenable.com
>>>
>>>
>>> With Elecraft’s proximity to Silicon Valley and presumably contacts
>>> abounding, I’m optimistic the K4 will do us proud and I won’t have
>>> to rely on Rocky and Bullwinkle to keep nefarious foreign agents out of
>>> my K4.
>>>
>>>
>>> Paul
>>> W6PNG/M0SNA
>>> www.nomadic.blog
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Jun 3, 2019, at 7:58 PM, Rick WA6NHC <[hidden email]> wrote:
>>>
>>> Much of that protection can be implemented at the router level (>90% of
>>> all sites) and the internal linux (fairly bullet proof) will deal with
>>> the radio talking to the world.
>>>
>>> It shouldn't be too difficult for Elecraft to refine security to the
>>> radio, you'd only need a few ports of network access, which if required,
>>> could be coded to set values (MAC address) up to the menu level...  or
>>> limited access into the linux side of the radio.
>>>
>>> I'm confident it has been considered and managed with the usual Elecraft
>>> elegance.
>>>
>>> Rick NHC
>>>
>>>
>>> On 6/3/2019 11:50 AM, Dave New, N8SBE wrote:
>>> So, let's let the elephant in the room bellow a bit.
>>>
>>> Ahem, CYBER SECURITY.
>>>
>>> Now that you've put a popular, modern OS in the K4, and hooked it up to
>>> Ethernet (and therefore the Internet), you've just opened a stinking
>>> pile of attack vectors.
>>>
>>> And please don't think that no one will bother figuring out how to 'own'
>>> such a powerful connected processor.  If you spend anytime reading up on
>>> things like Distributed Denial of Service (DDOS) attacks, you will find
>>> that things like webcams and routers (which typically don't even have a
>>> 32-bit OS in them) have been marshaled to unleash frightening
>>> multi-gigabit attacks on various targets.
>>>
>>> Or, try the newest craze, dropping Bitcoin or other digital currency
>>> mining engines on unsuspecting machines, taking them over hog mode, and
>>> pegging the CPU at 100%, using your electric bill for their gain.
>>>
>>> Or, maybe the K4 will be the first ham radio to suffer from a
>>> ransom-ware attack, where the poor ham is asked to ante up some ransom
>>> (in bitcoin usually, to make it hard to track) to get control of his
>>> radio back.
>>>
>>> True, at least one or more other companies have already stepped out
>>> ahead, by putting Windows 10 in their radio.
>>>
>>> I'm just wondering if anyone at Elecraft has been tasked with dealing
>>> with the cyber security aspects of this new toy, and what plans you may
>>> have for outside pen testing, etc. have been made.
>>>
>>> At the very least, you should be using authenticated boot and
>>> authenticated flash, protected by a root certificate in an internal
>>> hardware trust anchor.
>>>
>>> 73,
>>>
>>> -- Dave, N8SBE
>>>
>>> -------- Original Message --------
>>> Subject: Re: [Elecraft] K4 and Linux Infrastructure
>>> From: Wayne Burdick <[hidden email]>
>>> Date: Sun, June 02, 2019 11:52 am
>>> To: Leroy Buller <[hidden email]>
>>> Cc: Elecraft Reflector <[hidden email]>, Lee Buller
>>> <[hidden email]>
>>>
>>> x86, not PI (ARM). It's the controller for internal/external displays
>>> and streaming I/O, runs the server for remote clients, and serves as the
>>> present/future app engine.
>>>
>>> Additional details pending.
>>>
>>> 73,
>>> Wayne
>>> N6KR
>>>
>>>
>>>
>>> ______________________________________________________________
>>> Elecraft mailing list
>>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> Help: http://mailman.qth.net/mmfaq.htm
>>> Post: mailto:[hidden email]
>>>
>>> This list hosted by: http://www.qsl.net
>>> Please help support this email list: http://www.qsl.net/donate.html
>>> ______________________________________________________________
>>> Elecraft mailing list
>>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> Help: http://mailman.qth.net/mmfaq.htm
>>> Post: mailto:[hidden email]
>>>
>>> This list hosted by: http://www.qsl.net
>>> Please help support this email list: http://www.qsl.net/donate.html
>>> ______________________________________________________________
>>> Elecraft mailing list
>>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>>> Help: http://mailman.qth.net/mmfaq.htm
>>> Post: mailto:[hidden email]
>>>
>>> This list hosted by: http://www.qsl.net
>>> Please help support this email list: http://www.qsl.net/donate.html
>> ______________________________________________________________
>> Elecraft mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/elecraft
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:[hidden email]
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>>
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html