<br><br><div><span class="gmail_quote">On 2/24/07, <b class="gmail_sendername">marc zonzon</b> <<a href="mailto:marc.zonzon@gmail.com">marc.zonzon@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 2/22/07, Paul Klapperich <<a href="mailto:maemo.org@bobpaul.org">maemo.org@bobpaul.org</a>> wrote:<br><br>> You could setup pubkey authentication on your home ssh server. Then you<br>> could add a script to the device such that when it connects it runs
<br>> something like:<br>> ssh -n -R2022:localhost:22<br>><br>Good idea, as your ssh is an outbound connection the local firewall<br>may accept it. But your command is incomplete, we must have something<br>like:<br>
ssh -n -R2022:localhost:22 <a href="mailto:myusername@myserver.com">myusername@myserver.com</a> sleep 3600<br>and you must be sure that the public key of the nokia user is accepted by<br><a href="mailto:myusername@myserver.com">
myusername@myserver.com</a><br>It would be helpful to replace sleep by a script that warn you, then sleep</blockquote><div><br>Yeah, I left it incomplete on purpose ;) I figured someone doing something like this should already know a bit about what they're doing, or read a little man page if not. ;)
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">> Then on your local computer you could "ssh user@localhost -p2022" to connect
<br>> into your device whenever it's on the internet, regardless of where it's<br>> connected from. You could manually erase the data, something like:<br>> for i in /home/user /media/mmc1 /media/mmc2; do<br>
> rm -rf $i<br>> done<br><br>We can do like that but it might be frustrating when you miss the<br>connection, or when it is interrupted before you finish, ...<br>I think this can only be an add-on to the second option.
<br><br>> Another trick I've used--actually to update computer labs--is to keep a<br>> script on your server, then have the device use scp to copy that script from<br>> the server and run it whenever it connects. In my case, the script was
<br>> simple. In your case the script would do nothing. To nuke your nokia,<br>> replace it with one that erases stuff. This will get it the next time it<br>> connects and wouldn't require you find know when the device connects.
<br><br>That's fine we use the same "download at boot and execute" to keep our<br>clients up-to-date. We just need to find how the script can be<br>triggered when the tablet connect to internet </blockquote>
<div><br> Since this is debian based, I would expect one could simply place an executable script in /etc/network/if-up.d/<br>My handheld got left at work this weekend, though, so I can't verify this right now...<br></div>
<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">(must not be difficult,<br>but I have not looked upon the tablet networking). Your emergency
<br>script can of course erase sensible data but also add a startup<br>service in /etc/init.d that shutdown the tablet if some special action<br>(say use some key) is not triggered. Making the use of the tablet<br>impossible except for you without reflashing.
<br><br>Better than scp you can download the script from an httpd server using<br>netcat, because outbound http connection on port 80 are always open on<br>any<br>access point your tablet may use.<br><br>> Other options would include writing a lot file to your home machine with the
<br>> IP connecting from. This could be used to track your device so you might be<br>> able help police recover it. Or you could delete important system files and<br>> your personal data to make the device worthless without a reflash.
<br><br>Too complicated just mail a message when you connect "I'm connected<br>from ip n° xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx", if you have<br>traceroute you can even traceroute to a known point to help locate the
<br>device. but I suppose it's of no use, some people complain that the<br>police is not even looking for their stolen child, what do you expect<br>for your tablet!</blockquote><div><br>Good point. I like SSH and SCP because they're secure, but I suppose I don't really care if someone finds my nuke script on my webserver, or notices an e-mail bounce around like you described.
<br><br>I was thinking of something like this, and thus I'd prefer is someone who stole my tablet used it, but without my private data and with some sort of log to help track it down:<br><a href="http://hosted.ap.org/dynamic/stories/T/TECHBIT_ALIENS_LAPTOP?SITE=FLDAY&SECTION=HOME&TEMPLATE=DEFAULT">
http://hosted.ap.org/dynamic/stories/T/TECHBIT_ALIENS_LAPTOP?SITE=FLDAY&SECTION=HOME&TEMPLATE=DEFAULT</a> <br></div><br><br></div><br>