D 2019-05-18T20:37:44.623
L How\sto\sRun\sa\sNaked\sPiDP-8/I
N text/x-markdown
P 5b622a42f0d8dd86b43fb15b5450bb1d193375f9
U tangent
W 4377
# The Situation
> "The S in IoT stands for Security." — [TVS blog][tvs]
The PiDP-8/I binary OS images shipped from [this site][site] are fairly well locked down. They ship with the normal Raspbian default user name changed to an uncommon name, that user has a very strong default password which you are forced to change on first login to something different, the OS won't accept a weak password by default, and there are no networked services running.
(OpenSSH must be [manually reawakened][sshd] after installation, and, once done, the default configuration on Raspbian is quite secure.)
Yet, some people want their PiDP-8/I to just be an appliance: they want it to turn on and run the PDP-8 simulator: no user names, no passwords. I resist shipping OS images configured this way because Raspbian is a full-featured operating system. When networked, it is capable of being a powerful island for an attacker on the network. Even some of the most heavily-protected web services have been taken down by small armies of lesser systems — such as networked *printers* — pounding on them in concert.
I refuse to build OS images that contribute to this problem.
I also do not believe in restricting access to technical information, even when making use of that information is highly inadvisable, so in that spirit, I will shortly describe how to discard the provided security provisions.
Before I get to that, you may want to consider using the [serial or Telnet console options][stco] instead. Those methods have fewer security problems, yet achieve much the same end.
[sshd]: /doc/trunk/README.md#sshd
[stco]: /wiki?name=Serial+or+Telnet+PDP-8+Console
## Getting Rid of the Login Prompt
The first thing you have to do on logging in is change your user name back from `pidp8i` to `pi`, because some changes we will make below only work properly with user `pi` due to hard-coded configuration files in the stock OS.
Give these commands, being *very careful* how you type them, because you can lock yourself out of the system if you fat-finger them:
$ exec sudo -i
# systemctl stop pidp8i
# killall -u pidp8i -9
# usermod -l pi -d /home/pi -m pidp8i
# groupmod -n pi pidp8i
# exit
Now log back in as user `pi`, with the same password you had for user `pidp8i` prior to this change.
If you have the PiDP-8/I PCB attached to your Pi and you try to restart the simulator, the front panel will not light up now. This is because the PiDP-8/I software was built with the knowledge that the default user name was `pidp8i`. You need to rebuild and reinstall it to fix this:
$ cd ~/pidp8i
$ rm .fslckout
$ fossil user default pidp8i
$ fossil open ~/museum/pidp8i.fossil release
$ ./configure && tools/mmake && sudo make install
$ sudo systemctl restart pidp8i
That should light the panel back up.
Now we can finally set up auto-login:
$ sudo raspi-config
Then go to **Boot Options** → **Desktop / CLI** → **Console Autologin**.
It will offer to reboot your system to test this. It should succeed.
## Attaching the Console to the Simulator by Default
Instead of booting to a Linux command prompt, you may prefer to have the Raspbian console attached to the PiDP-8/I simulator console, so that you see the program you're simulating: OS/8, TSS/8, Spacewar! or what have you.
The simplest way I can think of to do that is:
$ echo pidp8i >> ~/.profile
$ sudo reboot
That should drop you into the SIMH console after the host OS boots.
If you need to get back to Linux, there are a couple of ways.
If you just need to run a single command, you can press <kbd>Ctrl-E</kbd> and then run your command from the `sim>` prompt with the `!` shell escape:
sim> !df -h
...disk free space report...
sim> c
...simulation continues...
If you need to do more than that, I recommend quitting out of SIMH via <kbd>Ctrl-E</kbd> `quit`. Do your Linux work, and when done, re-start the simulator and re-attach to it:
$ sudo systemctl restart pidp8i
$ pidp8i
## License
Copyright © 2017-2019 by Warren Young. This document is licensed under the terms of [the SIMH license][sl].
[tvs]: http://www.testandverification.com/iot/s-iot-stands-security/
[site]: /
[sl]: /doc/trunk/SIMH-LICENSE.md
Z 9210b160945004fa51df506512d38a20