NSLU2 Now More Useful

NSLUG writes "The WRT54G's not the only hackable kid on the block. Linksys has a new device out. The NSLU2 is a tiny network storage device running Linux and it's been hacked to add SSH, NFS, an iTunes server, etc. Tom's Hardware is running a series of articles on how to hack the NSLU2. The first article is here and the second is here. Check out this page for details on getting into the box."

ah that wonderful kernel

[Stevyn]

This is another example of why linux is so damn cool. That little kernel can go anywhere.

Linux embedded integrators are lazy

[Anonymous Coward]

It shouldn't be this easy to let hackers break into the system, and there really shouldn't be enough tools in the OS to allow more functionality than the designers spec'd out for the device.

Linux is a great thing, on the desktop. But in embedded systems, the kernel is too tangled to successfully create a small distribution that is at the same time useful and feature-limited.

This is where operating systems designed from the ground up with modularity in mind fit the bill. QNX, iTron, and VxWorks all get around this hacking problem by not providing the tools for hackers to change the system.

Re:Linux embedded integrators are lazy

[julesh]

It shouldn't be this easy to let hackers break into the system

Why would you want to prevent them? It drives sales of your products.

the kernel is too tangled to successfully create a small distribution that is at the same time useful and feature-limited.

I don't agree. It is perfectly possible to do this, and know several people who _have_ done it. The issue is, it isn't worth the effort. It would take several weeks of developer time to determine exactly what is needed and what isn't, whereas there's actually no problem with including unnecessary features. So that's what happens.

Don't get me wrong, I think QNX et al are very cool systems, and there are many situations where they are more applicable than Linux. But I don't see anything wrong with Linux here.

Re:Linux embedded integrators are lazy

[julesh]

You are aware that the process for gaining access involves removing the hard disk from it, attaching it to another computer so you can modify certain files, and then returning the hard disk. Not the kind of thing you can do over the network.

If a hacker has physical access to your hard disk, you've got a lot more to worry about than this.

"The choice of a point of view...

[Anonymous Coward]

... is the initial act of culture."
- Jose Ortega y Gasset

No. (was: Re:Linux embedded integrators are lazy)

[AmbyVoc]

You are totally missing the point. There is a difference in hacking and cracking.

The thing is highly likely be secure enough although it is modifiable (read: hackable). `Secure' doesn't have to mean `unhackable' you know.

As neat as this is...

[vasqzr]

As neat as this is, I can't help to wish there was a little more security in devices like this. What about when someone adapts some worm code to install a custom, ddos-zombie installation on the thousands of Linux-powered Linksys/etc routers out there?

Eh.

[iamdrscience]

It seems like there would be only a marginal intersection between the type of people that buy network attached storage devices and the type of people interested in hacking their network attached storage device. I mean, I would think most people who are able to hack their NSLU2 are also the type that have an extra computer around that they would use instead.

RAID?

[241comp]

Could it be hacked to run software RAID 1 or RAID 10 on the attached hard drives? That would make it more useful for small office environments.

Re:Linux embedded integrators are lazy

[bostonkarl]

Oh, please. Who are you with your shoulds and should nots. Did you read how folks originally broke into this box? They *physically* unplugged the USB2 disk from the NSLU2 and mounted the USB hard disk (which is NOT part of the NSLU2) directly to their Windows/Mac/Linux box(es). They then modified the password file from the Windows/Mac/Linux box. Being able to modify this device is a good thing. There is a collaberative spirit surrounding the newgroup associated with the folks developing *useful* applications to run on this the device. Linksys sells a very interesting and inexpensive piece of hardware with the NSLU2. A big reason it is inexpensive is that Linksys (1) lowers software development costs by using a ubiquitous operating system/software that it (Linksys) doesn't need to develop and (2) doesn't pay outrageous licencing fee for proprietary operating system/software that provides the same funcationality as freeware (Linux). QNX? You think the password file associated with QNX couldn't be modified in the same manner? VxWorks? Common.

Re:Linux embedded integrators are lazy

[bhima]

Provided you are selling your hardware at a profit no problem, but if you are using the hardware to subsidize the sales of services or consumables then big problem ala "iOpener"

Re:passwd files

[julesh]

*nix n00b question, maybe, but why not just blank the [root] password out?

Err... to stop anyone on your network from connecting and wiping all your data / nicking your pr0n collection?

One thing I have just noticed...

admin:sclzZZfodiRXY:502:501::/home/user/admin:/dev /null
test_user:scEPG0VnVyqmE:2000:501:::/dev/nul l
test2:scEPG0VnVyqmE:2001:501:::/dev/null
test3 :sc50wKPq.zChw:2002:501:::/dev/null

Its using the same salt for every password. This is horrendously insecure...

Re:Why ?

[Jeff DeMaagd]

If you want ssh, telnet and all the other toys, plug a real linux box into your network !

It is a real linux box. It was when it was packaged too.

The thing about this and WRT54G is that it can do things with more efficient hardware than setting up an inefficient ATX based system. These things consume watts, not hundreds of watts and are also fanless, lighter and more compact.

Re:The whole idea is crazy

[suso]

Wow, we're such a bunch of geeks. I can't believe there are all these people looking for the 10,000,000th post.

Think about AC power

[Tux2000]

I would think most people who are able to hack their NSLU2 are also the type that have an extra computer around that they would use instead.

Sure you could use an old PC for that job. But that PC has at least a 150W PSU, often 200W, 250W or more, and almost every PC has at least one noisy fan. My tests on my ex-router (really old Compaq 486 without harddisk) show that a PC needs at least 40W AC power when IDLE, and much more with newer CPUs. According to the Datasheet [linksys.com], the device is specified for 5VDC @ 2A. USB ports must be able to deliver 0.5A each, so the "real" machine needs nothing more than 5V @ 1A. This means you never put more than 10W into the device, with a low power USB storage device, 5W should be possible IMHO. With a common wallbrick PSU (50% heat, 50% output), this translates to 20W AC power under FULL LOAD. With a modern switching PSU (20% heat, 80% output), and a low power USB storage device, you need about 7W AC power. That's what a modern ATX PC draws in standby mode (so-called "off").

Did I mention that the NSLU2 has no moving parts?

Tux2000, not related to Linksys except that I own a hacked WRT54G.