They're all good. The models prior to Raspberry Pi 4 are using cores that don't have any of those security flaws. The Pi 4 uses a newer core that would be vulnerable to Spectre variants 1, 2, 3a and 4, but the Raspbian Linux kernel has been built with Spectre mitigations, so there are currently no known working exploits.
Since the Raspberry Pi's are so cheap, everybody should be doing their web browsing them to improve security. If you don't want to give up your speedy and power hungry x86 desktop, you could
Quoting: "A Raspberry Pi is a tiny computer designed for makers and all sorts of Internet-of-Things types of projects. Make magazine has an article [makezine.com] about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices."
"... run Chromium remotely on a Raspberry Pi using X11 over Ethernet to make it display on your desktop."
What is the best way to do that?
Plug your cross-over Ethernet cable in between the Pi and your desktop computer, then ssh into the Pi and run "chromium." Easy as pie.
Might even work without a cross-over cable, if the Pi or your desktop supports auto-crossing (never tested it myself).
Technically you don't need ssh for this private cross-connect local network, but I find getting X11 to work over the network without ssh to be a lot more fiddly than just using ssh to take care of everything.
You might have to edit/etc/ssh/ssh to enable the "F
I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices.
Seems to me this is just Bruce whining about having to do some work to secure a Pi. Sure, it would be nice if NOOBS shipped in a fully secure state out-of-the-box, but really, none of this is impossible to secure with a little tweaking -- unlike my x86 machine, which doesn't get BIOS updates and microcode security patches from Intel because my old Ivybridge processor isn't among their latest generation...
Intel intends for me to upgrade to their latest version of x86, but I've had it with their crappy insecu
If graphics hackers are so smart, why can't they get the bugs out of
fresh paint?
Which Raspberry PI are best for Internet access? (Score:3)
Re: (Score:2, Informative)
They're all good. The models prior to Raspberry Pi 4 are using cores that don't have any of those security flaws. The Pi 4 uses a newer core that would be vulnerable to Spectre variants 1, 2, 3a and 4, but the Raspbian Linux kernel has been built with Spectre mitigations, so there are currently no known working exploits.
Since the Raspberry Pi's are so cheap, everybody should be doing their web browsing them to improve security. If you don't want to give up your speedy and power hungry x86 desktop, you could
Raspberry PI: Internet security? (Score:2)
But... Problems?
Securing a Raspberry Pi [schneier.com] (Sept. 12, 2017)
Quoting: "A Raspberry Pi is a tiny computer designed for makers and all sorts of Internet-of-Things types of projects. Make magazine has an article [makezine.com] about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices."
17 security tips for your Raspberry Pi [raspberrytips.com]
Eben Upton - Founder - Raspberry Pi Foundation: Why Raspberry Pi isn't vulnerable to Spectre or Meltdown [raspberrypi.org] (Jan. 5, 2018) But... Later there seemed to be doubts.
Parent comment: "... run Chromium remotely on a Raspberry Pi using X11 over Ethernet to make it display on your desktop."
What is the best way to do that?
Re: (Score:0)
"... run Chromium remotely on a Raspberry Pi using X11 over Ethernet to make it display on your desktop."
What is the best way to do that?
Plug your cross-over Ethernet cable in between the Pi and your desktop computer, then ssh into the Pi and run "chromium." Easy as pie.
Might even work without a cross-over cable, if the Pi or your desktop supports auto-crossing (never tested it myself).
Technically you don't need ssh for this private cross-connect local network, but I find getting X11 to work over the network without ssh to be a lot more fiddly than just using ssh to take care of everything.
You might have to edit /etc/ssh/ssh to enable the "F
Re: Raspberry PI: Internet security? (Score:1)
Re: (Score:0)
I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices.
Seems to me this is just Bruce whining about having to do some work to secure a Pi. Sure, it would be nice if NOOBS shipped in a fully secure state out-of-the-box, but really, none of this is impossible to secure with a little tweaking -- unlike my x86 machine, which doesn't get BIOS updates and microcode security patches from Intel because my old Ivybridge processor isn't among their latest generation...
Intel intends for me to upgrade to their latest version of x86, but I've had it with their crappy insecu