The Banana Pi BPI-M7 single board computer is equipped with up to 32GB RAM and 128GB eMMC flash, and features an M.2 2280 socket for one NVMe SSD, three display interfaces (HDMI, USB-C, MIPI DSI), two camera connectors, dual 2.5GbE, WiFi 6 and Bluetooth 5.2, a few USB ports, and a 40-pin GPIO header for expansion.

  • TCB13@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    19
    ·
    edit-2
    1 year ago

    Yes you can, but then without a display and keyboard you won't be able to SSH into the thing right away. They're using small tricks like that to push people into their tool and you'll be seeing more of that crap in the future.

    • towerful@programming.dev
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      1
      ·
      1 year ago

      Don't you just touch SSH in the /boot dir after you flash, then you can SSH in as pi and password raspberry?

      • TCB13@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        13
        ·
        edit-2
        1 year ago

        The workarounds are either using their tool or doing what you suggested. Other SBCs do the reasonable thing and have it enabled by default like the Pi did in the past. This change simply pushes less-proficient users into using their tool.

        • SailorMoss@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          20
          arrow-down
          1
          ·
          1 year ago

          Having it enabled by default is a pretty massive security hole. I preordered the raspberry pi 1 when it launched and I don’t remember SSH ever being enabled be default in their images. Where did you hear it was enabled by default?

          • TCB13@lemmy.worldOP
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            7
            ·
            edit-2
            1 year ago

            I preordered the raspberry pi 1 when it launched and I don’t remember SSH ever being enabled be default in their image

            I was, I remember it being that way. They later on made it so you would be required to change the password after the first login.

            Having it enabled by default is a pretty massive security hole.

            Most people are running those in a home network that is isolated either way. Most people even share their entire hard drives on the network with little to no security and you're telling me a Pi with SSH access enabled by default is a risk? Professional deployments will be done by people who know how to change the passwords, port and use keys. There's no reason to consider that an issue because of those reasons.

            • AtariDump@lemmy.world
              link
              fedilink
              English
              arrow-up
              8
              arrow-down
              1
              ·
              edit-2
              1 year ago

              They later on made it so you would be required to change the password after the first login.

              That’s just good password security and reasonable.

              Most people are running those in a home network that is isolated either way. Most people even share their entire hard drives on the network with little to no security and you're telling me a Pi with SSH access enabled by default is a risk?

              See that qualifying word there? “Most”? That’s why they force SSH to be disabled and password changes. If you PERSONALLY can guarantee that no one will EVER put a freshly imaged RPi directly on the internet backed by a 10 million dollar/pound/euro guarantee per incident it still doesn’t matter; there’s still a need to change these defaults. I’ve seen the RPi’s deployed in a business environment and I 10000% know that vendors are fscking stupid and would leave default permissions enabled because they’re the lowest bidder.

              It’s people like you why we have massive botnets due to default security measures being ignored by major manufacturers.

              Good day sir.

              • lingh0e@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                6
                ·
                1 year ago

                Case in point: a number of years ago I knew a kid who was smart enough to flash Tomato on his router, enable SSH and even install a bunch of Entware packages. But he wasn't intelligent enough to change the SSH port from 22 or leave the remote access disabled.

                Fast forward a month or two and his ISP tells him that they traced some pretty serious botnet shenanigans to his IP.

                Just because someone is smart enough to use a device doesn't necessarily mean they're intelligent enough to use it safely.

              • TCB13@lemmy.worldOP
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                3
                ·
                1 year ago

                That’s just good password security and reasonable.

                Yes, that's my point, you don't need to disable it by default.

                See that qualifying word there? “Most”? That’s why they force SSH to be disabled and password changes. If you PERSONALLY can guarantee that no one will EVER put a freshly imaged RPi directly on the internet backed by a 10 million dollar/pound/euro guarantee per incident it still doesn’t matter; there’s still a need to change these defaults. I’ve seen the RPi’s deployed in a business environment and I 10000% know that vendors are fscking stupid and would leave default permissions enabled because they’re the lowest bidder.

                There are those things called licenses and liability liability waivers that are signed specially for those cases. The people doing deployments on business environment should know how to change password / use SSH keys and whatnot, if they don't that's not the Pi's problem.

                It’s people like you why we have massive botnets due to default security measures being ignored by major manufacturers.

                By enabling people who shouldn't be configuring Pi boards in the first place you're are the one creating botnets. They might be saved by the fact that it doesn't have SSH enabled by default just to be hacked later on when they decide to run a sudo wget ... | sh.

                Making things easier has this downside, you protect people so much, they don't ever learn and then things go bad they can't handle it and the damage is way way worse.

      • TCB13@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        4
        ·
        1 year ago

        https://roboticsbackend.com/enable-ssh-on-raspberry-pi-raspbian/

        On Raspberry Pi OS, ssh is disabled by default, so you’ll have to find a way to enable ssh + find the IP address + connect to it.

        The workarounds are either using their tool and/or fiddling on the SD card. Other SBCs do the reasonable thing and have it enabled by default. This simply pushes people into using their tool.

        • Oisteink@feddit.nl
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          edit-2
          1 year ago

          The extra menu in the flasher does the magic on the sd-card. I’ve been setting up headless pi’s since before 3b came out, and the same options are available today.

          The idea that ssh being enabled by default is reasonable is just like your opinion. Did you know you have to enable it during installation on both Debian and canonicals derivative? Maybe it’s still on by default on fedora (with root login enabled to help you!)

          If editing your config is fiddling then I struggle to see your use of an sbc.

          • TCB13@lemmy.worldOP
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            1 year ago

            Did you know you have to enable it during installation on both Debian and canonicals derivative?

            The difference is that Debian requires you to install with a screen/keyboard and/or use something generic like cloud-init not a proprietary tool that pushes people into telemetry and whatnot. Also a Pi is a lot less critical than a full system and almost always used by hobbyists. Professional users would change passwords / use keys so, yes, it makes absolutely no sense.

            • Oisteink@feddit.nl
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              1
              ·
              1 year ago

              The Debian installer can be pre-seeded and be automated. You can use cloud-init for non cloud installs but why would you? Preseed or use fai and let your config system handle the rest.

              I get that you love this board and think that “the establishment” is evil. But you come off as someone not having the knowledge to back your assumptions.

              Sometimes this will be the right board, sometimes a Pi is better. And sometimes 2-3 microcontrollers are a better fit. But the choice should not be based on telemetry in an optional imager, or the fact that your headless setup requires editing of config files.

              • TCB13@lemmy.worldOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 year ago

                I get that you love this board and think that “the establishment” is evil. But you come off as someone not having the knowledge to back your assumptions.

                No, no. I like “the establishment” as long as it doesn't turn out to end up like Google Chrome. Think about it, few things against the Pi:

                • Overpriced / last to market:
                  • Only the model 3B+ had gigabit ethernet - however still shared with the USB. At that time the majority of other brands already had gigabit for about two years. To make things worse also remember that in 2009 (yes 09) the "original" SBC, the SheevaPlug also had gigabit ethernet and it wasn't USB;
                  • In 2018 there were tons of SBCs with PCIe x2 on the market. The Pi only got it in 2023 and it's x1 only;
                • Questionable practices:
                  • We now have PCIe just to end up with a custom connector that is yet another push for selling more hats, boards and adapters. Other vendors did the right thing and used generic PCIe interfaces or the M2 format that is also very common and cheap to work with;
                  • Instead of pushing the OS to be something truly open by contributing to a project such as Armbian they've kept running their own thing - just image if every PC manufacturer out there developed a custom version of Windows/Linux just because they didn't feel like using generic MS Windows / Linux;
                  • Microsoft repo and key are automatically added to Raspberry Pis - even if not installed by default the fact that the repo is included leaks information and for what's worth "installation binaries come packed with some proprietary stuff, like telemetry and tracking". I believe we're all aware of the fact that VSCode isn't true open-source nor it plays nice;
                  • Showing the middle finger to consumers during COVID: I get it, profit matters but still they could've handled it better;
                  • Disabling SSH by default when the old policy of "mandatory password change on first login" was enough. The interesting part is that change was made close to the time when telemetry was included on their flasher app;

                Overall the Pi is isn't even great at anything specific besides "holding the hand" of beginners and whatnot. If you're looking for a networking / storage solution you're better using another SBC with real PCI and/or a Mini PC. If you're into electronics an ESP32 will be more than enough to drive a couple of GPIOs and will cost 3$, in short too little CPU for computing tasks and too much CPU for basic electronics. If you're under heavy industrial environments the Pi won't be up to your certifications or you'll require protective gear that is so expensive that a solution from Gateworks will be cheaper at that point.

                On a side note, just notice how the Pi bulldozed the Arduino business by simply integrating the GPIO in the CPU and then now they're going in the opposite direction into the classic "big CPU talks to small microcontroller architecture for low level stuff" with their "innovative" RP1 chip.

                …and I'm not the only person with that 1 2 opinion it seems.

                Sometimes this will be the right board, sometimes a Pi is better. And sometimes 2-3 microcontrollers are a better fit. But the choice should not be based on telemetry in an optional imager, or the fact that your headless setup requires editing of config files.

                I do agree with you there, I know the the Pi is better in education, hobbyists and people who aren't that proficient with electronics and computers however it opens the door to a lot of potencial market abuse, Apple-style and whatnot. At the end of the day it is overpriced and it isn't really good at anything - not even in ethics - as specialized options in those niches (ESP32, Arduino, Other SBCs, MiniPCs…) are better for said use cases.

                It looks a lot like the Pi Foundation knows about this market-fit issue and is just trying to push more and more stuff into the hobbits as a way to keep growing and making money. The SSH/telemetry/app bundle thing isn't objectively bad alone, but people aren't complaining and it is just opening the door to a LOT of more custom stuff and eventually a closer ecosystem and a situation like Chrome market dominance.

                What the next step for them? A cloud service that you need to use / pay to develop stuff for the Pi? :)

            • Oisteink@feddit.nl
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              How is a pi (or other single-board computers) less critical than “a full system”? Do you have any idea how many pi’s are out there running serious stuff? Where I work I bump into them all over - including in security systems and door-access.

              This one has two 2.5gb ports, 8 to 32gb ram. This is serious stuff for an sbc, clearly overkill for your pihole install. What’s not equally serious with banana pi is support. I went to their wiki, it lists Android and Debian (previous version) “images” but no download links, so it’s hard for me to verify that this board boots with sshd running or not. Like I said Debian does not, and for a good reason. Raspberry pi os pulls from raspbian, and they pull from Debian.

              You can run Ubuntu LTS, fedora or others on your pi.

              The telemetry is bad news - soon we will be out of food because someone knows what size of sd-cards you use, and the number of installs you do. So better go buys a silly board, track down some ancient image of an install someone did at some point where they managed to compile the nic drivers and include the binary blob. Because nobody gets to force you to add an empty file to your sd-card!

              • TCB13@lemmy.worldOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Where I work I bump into them all over - including in security systems and door-access.

                Yes and like me you're perfectly capable of changing a default password / using SSH keys for those critical use cases. People who use them for serious things also know how to properly handle security and in the other cases security isn't required at the level they pushing for. A simple "change password on first login" was enought.

                What’s not equally serious with banana pi is support. I went to their wiki, it lists Android and Debian (previous version) “images” but no download links, so it’s hard for me to verify that this board boots with sshd running or not

                https://www.armbian.com/download/?device_support=Standard support&arch=aarch64

                In case you aren't aware the Banana Pi are a platinum member of Armbian and they provide money, code and general support to the project and actively tell people to use Armbian is they don't want Android. They also the the same with OpenWRT for specific models. This is true open-source collaboration, not what the Pi Foundation does, and leads to long term, well supported boards with kernel updated and paid support for enterprise customers. And why isn't the Pi Foundation also contributing to Armbian? Simple, they want to keep things for themselfs.

                Making things easier for you Armbian are builds of Debian or Ubuntu with tweaks for SD cards, low level device tree overlays, kernel tweaks and everything required to have a barebones Debian system for SBCs.

                The telemetry is bad news - soon we will be out of food because someone knows what size of sd-cards you use, and the number of installs you do. So better go buys a silly board, track down some ancient image of an install someone did at some point where they managed to compile the nic drivers and include the binary blob. Because nobody gets to force you to add an empty file to your sd-card!

                The Pi is better in education, hobbyists and people who aren’t that proficient with electronics and computers however it opens the door to a lot of potencial market abuse, Apple-style ecosystems and whatnot. At the end of the day it is overpriced and it isn’t really good at anything - not even in ethics - as specialized options in those niches (ESP32, Arduino, Other SBCs, MiniPCs…) are better for said use cases. It looks a lot like the Pi Foundation knows about this market-fit issue and is just trying to push more and more stuff into the hobbits as a way to keep growing and making money. The SSH/telemetry/app bundle thing isn’t objectively bad alone, but people aren’t complaining and it is just opening the door to a LOT of more custom stuff and eventually a closer ecosystem and a situation like Chrome market dominance.

                What the next step for them? A cloud service that you need to use / pay to develop stuff for the Pi? :)