D 2019-05-18T20:37:44.623
L How\sto\sRun\sa\sNaked\sPiDP-8/I
N text/x-markdown
P 5b622a42f0d8dd86b43fb15b5450bb1d193375f9
U tangent
W 4377
# The Situation

> "The S in IoT stands for Security." — [TVS blog][tvs]

The PiDP-8/I binary OS images shipped from [this site][site] are fairly well locked down. They ship with the normal Raspbian default user name changed to an uncommon name, that user has a very strong default password which you are forced to change on first login to something different, the OS won't accept a weak password by default, and there are no networked services running.

(OpenSSH must be [manually reawakened][sshd] after installation, and, once done, the default configuration on Raspbian is quite secure.)

Yet, some people want their PiDP-8/I to just be an appliance: they want it to turn on and run the PDP-8 simulator: no user names, no passwords. I resist shipping OS images configured this way because Raspbian is a full-featured operating system. When networked, it is capable of being a powerful island for an attacker on the network. Even some of the most heavily-protected web services have been taken down by small armies of lesser systems — such as networked *printers* — pounding on them in concert.

I refuse to build OS images that contribute to this problem.

I also do not believe in restricting access to technical information, even when making use of that information is highly inadvisable, so in that spirit, I will shortly describe how to discard the provided security provisions.

Before I get to that, you may want to consider using the [serial or Telnet console options][stco] instead. Those methods have fewer security problems, yet achieve much the same end.

[sshd]: /doc/trunk/README.md#sshd
[stco]: /wiki?name=Serial+or+Telnet+PDP-8+Console


## Getting Rid of the Login Prompt

The first thing you have to do on logging in is change your user name back from `pidp8i` to `pi`, because some changes we will make below only work properly with user `pi` due to hard-coded configuration files in the stock OS.

Give these commands, being *very careful* how you type them, because you can lock yourself out of the system if you fat-finger them:

    $ exec sudo -i
    # systemctl stop pidp8i
    # killall -u pidp8i -9
    # usermod -l pi -d /home/pi -m pidp8i
    # groupmod -n pi pidp8i
    # exit

Now log back in as user `pi`, with the same password you had for user `pidp8i` prior to this change.

If you have the PiDP-8/I PCB attached to your Pi and you try to restart the simulator, the front panel will not light up now.  This is because the PiDP-8/I software was built with the knowledge that the default user name was `pidp8i`.  You need to rebuild and reinstall it to fix this:

    $ cd ~/pidp8i
    $ rm .fslckout
    $ fossil user default pidp8i
    $ fossil open ~/museum/pidp8i.fossil release
    $ ./configure && tools/mmake && sudo make install
    $ sudo systemctl restart pidp8i

That should light the panel back up.

Now we can finally set up auto-login:

    $ sudo raspi-config
    
Then go to **Boot Options** → **Desktop / CLI** → **Console Autologin**.

It will offer to reboot your system to test this.  It should succeed.


## Attaching the Console to the Simulator by Default

Instead of booting to a Linux command prompt, you may prefer to have the Raspbian console attached to the PiDP-8/I simulator console, so that you see the program you're simulating: OS/8, TSS/8, Spacewar! or what have you.

The simplest way I can think of to do that is:

    $ echo pidp8i >> ~/.profile
    $ sudo reboot

That should drop you into the SIMH console after the host OS boots.

If you need to get back to Linux, there are a couple of ways.

If you just need to run a single command, you can press <kbd>Ctrl-E</kbd> and then run your command from the `sim>` prompt with the `!` shell escape:

    sim> !df -h
    ...disk free space report...
    sim> c
    ...simulation continues...

If you need to do more than that, I recommend quitting out of SIMH via <kbd>Ctrl-E</kbd> `quit`.  Do your Linux work, and when done, re-start the simulator and re-attach to it:

    $ sudo systemctl restart pidp8i
    $ pidp8i


## License

Copyright © 2017-2019 by Warren Young. This document is licensed under the terms of [the SIMH license][sl].


[tvs]:  http://www.testandverification.com/iot/s-iot-stands-security/
[site]: /
[sl]:   /doc/trunk/SIMH-LICENSE.md
Z 9210b160945004fa51df506512d38a20