[mythtv-users] Re: Ways to improve TV Out quality[Scanned]

Garry garry at sneakyninja.net
Fri Jul 30 05:16:49 EDT 2004


Ben Buxton wrote:

>Jason Keirstead <mythtv at keirstead.org> uttered the following thing:
>  
>
>>On July 29, 2004 11:24 am, Mark Maas wrote:
>>    
>>
>>>>Functionality 1st, security 2nd in this case... sorry.
>>>>        
>>>>
>>>You're lucky i've got a pacemaker... Or you would be hearing from my
>>>lawyer.
>>>
>>>BTW, what was your IP again? ;-) I already got some usernames...
>>>      
>>>
>>I have to agree with the poster, I have my myth set up similarly.
>>
>>Who cares about security in this case?  What is the absolute worst that you 
>>could do (assuming you can get onto my home LAN to log into it), erase my TV 
>>shows? It's not like a myth box contains vital, secure data.
>>    
>>
>
>This is not the attitude to use for computer security.
>
>If someone manages to get into a box of yours, sure they may be nothing
>on the box you care about, but what about attackers who launch attacks
>from your box? Spammers are sending most spam from people whose boxes
>are insecure because 'they have nothing important', but you're seeing
>the results of this lax security in your mailbox.
>
>Always ensure that any system is secure, no matter how uninteresting the
>data is. What if your ISP cuts you off for abuse?
>
>If you must have a mythtv box configured like this, then _please_ do the
>net a favour and make sure no one can get in from the network. Physical
>security isnt important in most situations (mythtv boxes tend to be at
>home), but network security is vital for everything.
>
>  
>
At the risk of wandering O.T, I feel a reply is needed :-)

It's all about balance.

Whilst reading back on my posts I sound ever so slightly clueless, I'm 
not quite as dumb as I sound.

Back when I was adminning AS/400's running financial systems, security 
was top priority, screw the inconvienience. On the server now running my 
mail server and hosting my website, yes, security is a concern so it's 
ssh only, restricted access and another firewall. And on my Linux 
desktop, I log in as myself and sudo root when nessesary, and only then. 
(I am well aware of the damage root can do)

Regarding my firewall, no I didn't set that up myself. I recognised the 
fact that my knowledge wasn't deep enough, and a Linux Admin friend of 
mine was kind enough to sort that for me. (regular patches applied, no 
remote root login etc)

As for the Myth machine, it records locally and reads video files from 
another machine, which has a read only NFS share on it. It runs only 
enough to support Myth and is only accessible from the outside via port 
forwarding on the Firewall (to a nonstandard port, then .htaccess). 
Local usage is via IR remote only, and if someone can get to the 
keyboard, I've got bigger things to worry about.

But that being said, Myth is complicated enough to set up without 
security and permission hassles, so a little root access, and some chmod 
777's smooth the way :-)

(Could be worse, I could run IIS :-D )

-Garry.



More information about the mythtv-users mailing list