Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Gentlemen and ladies,
I've been looking at Dataplicity as a wormhole to run a personal webserver on a Raspberry Pi.
(https://www.dataplicity.com/ )
Has anyone used it? Are there any security concerns with using it?
A friend seems to think that it will open my entire LAN to outside skullduggery.
Thank you very much in advance for any and all insights.
P.S. He seems to think that Dataplicity is based in China. I can't
find any info on where it's based or who owns it.
Opinions? Conjectures?
Similar to SSH, but without the complex set-up required to get it working behind firewall and NAT.
1. SSH requires no complex setup, this is salesman talk. Besides, their product requires setup, too.
2. Apparently not open source.
3. I do not see Linux version for download.
4. No company information seen anywhere in their website.
Conclusion. I see no value in this project, none at all. But it definitely raises some red flags.
I don't want to manage the webserver, I want to use it so my friends can connect to my webserver from the outside world.
The Raspberry Pi is sitting on the desk right here in front of me, so managing it isn't a problem.
If you want your friends to connect to the web server via HTTP/HTTPS from the outside world, no additional packages are needed beyond the web server. (Ok, maybe also "SSL For Free" or else "Let's Encrypt", too.)
The prerequisites for that are that your ISP allows incoming connections on ports 80 and 443, and forwarding those two ports from your router to the web server on the Raspberry Pi on your LAN. The details of port forwarding vary from model to model.
That will allow incoming connections via your router's external IP address. If your address is doled out via DHCP and thus changes often, you might want a dynamic DNS address. Then if you have a regular domain name you can point a CNAME at the dynamic DNS service's A name.
Last edited by Turbocapitalist; 04-30-2021 at 09:56 AM.
says Amazon, US of NA etc.
So much for the server(s).
No idea where the company itself is based.
Visiting the site itself, just the usual google ads.
Beyond that, what previous posters said:
Not open source. Very bad.
Selling hot air for the lazy. Set up ssh or VNC or remote desktop yourself. Same level of comfort for your friends.
At this point it becomes irrelevant how secure the software itself is. Let's just hope it uses proven, free and open source Linux tools.
But surely they will syphon off some (personal) (meta) data for their gain.
Hmmm - such cynicism.
Seems to be based in Oxford from my quick searches. Has reasonable acceptance in the IoT field - be that of value as you wish.
Effectively just a VPN tunnel - has github clients, so why not "open source" ?. People can still run a business under FOSS - anyone heard of Redhat ?.
I spoke too quickly; the previous poster said "_apparently_ not open source". This is true - no indication of being dedicated to FOSS on their website.
However, I was able to find this without effort. So at least that part is opensource.
Frankly, I have no idea how the whole thing works; I just wanted to refute the wild China allegations.
But it seems to boil down to this sentence:
Quote:
Dataplicity is a remote terminal for your Pi.
It offers functionality similar to SSH, but it doesn't need any complex set-up to get it working behind firewalls and NAT.
So:
Quote:
Selling hot air for the lazy.
is a realistic assessment, just like:
Quote:
SSH requires no complex setup, this is salesman talk.
Running a business that sells hot (or even completely untempered) air through FOSS is not nefarious or even illegal, you are right there.
And the aspect of a 3rd party company sucking off your data still remains and is completely independent of that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.