jks

So things got worse beginning with v1.337. I found one reason and have fixed that for today's v1.359 release. But there is still a performance problem I don't understand. v1.337 was a complex release with waterfall averaging and a lot of BBAI-related changes.

I haven't looked at it, but it is possible the denoiser and auto-notch can be moved from the Beagle to Javascript running on the browser. Assuming the browser is running on a decent device (desktop pc or recent mobile device) the performance should be sufficient to support it.

I see what's wrong. I'm building on your Kiwi now to test the fix. For BBAI we rolled back clang++ to g++ due to a terrible compiler bug that is affecting some new development. But the way it was rolled back wasn't quite right. The fix will be part of today's v1.358 release. Thanks for mentioning this!

Okay, looks like you're now running. Note that the debian account password has been changed to your Kiwi's serial number per the recent password security changes forum topic. Change it and the root password to whatever you like and of course don't forget to close the ssh port. Thank you again.

I see what's wrong. I'm building on your Kiwi now to test the fix. For BBAI we rolled back clang++ to g++ due to a terrible compiler bug that is affecting some new development. But the way it was rolled back wasn't quite right. The fix will be part of today's v1.358 release. Thanks for mentioning this!

Alright, v1.357 is out with an S-meter OV averaging adjustment slider on the admin config tab.

Remember that the averaging is defined as as threshold count of per-sample ADC overflow events for every 64k ADC samples. So when the slider is set to 1k (the default) it means that the OV indicator will only light if there have been >= 1k ADV OVs during the 64k period. Note that the 1k OV events don't have to be consecutive. It's a threshold over a fixed interval.

Alright, v1.357 is out with an S-meter OV averaging adjustment slider on the admin config tab.

Remember that the averaging is defined as as threshold count of per-sample ADC overflow events for every 64k ADC samples. So when the slider is set to 1k (the default) it means that the OV indicator will only light if there have been >= 1k ADV OVs during the 64k period. Note that the 1k OV events don't have to be consecutive. It's a threshold over a fixed interval.

He re-hosted his blog a while back. I fixed the links on kiwisdr.com but missed the one in the operating guide. It's now fixed. Thanks for pointing this out.

Okay, today's v1.336 release now applies the ip blacklist to incoming connections made via the proxy. Because the filtering in done in the Kiwi server instead of iptables a Kiwi log entry is made when the blacklist filter hits. iptables is still used for non-proxy connections for performance reasons.

The "ipt" shell alias now automatically includes the "-v" argument so you can see the packet counter for the iptable filtering rules. I.e. an incrementing packet count means the blacklist filter has been hit. Use "iptz" or "iptc" to clear the counters. These aliases can be used on the admin page console tab.

No, it should not be a problem. Only a near-field transmitter (like a ham transmitter running power) might be an issue.

Beginning with the v1.354 release the system makes a one-time check for the Debian Linux root account having no password set. And also the demo account named "debian" having the well-known default password ("temppwd") set or, alternatively, no password set. Note: these passwords are Linux passwords and are separate and distinct from the Kiwi admin password.

If either of these situations is found then the root and/or debian account passwords are changed as follows:

• If your Kiwi admin password has been set (i.e. not blank) then this password will be used.
  
• If no Kiwi admin password has been set then the Kiwi serial number will be used (written on top of Kiwi PCB in white silkscreen box; also found on "network" tab of admin page and in the log messages).
  

It is now more important than ever to remember your Kiwi admin password. Please write it down someplace. If you forget your password, and the Kiwi has irreplaceable data that is not backed-up (e.g. an extensively curated dx tags list), you will have to regain Linux root access the old fashioned way: purchase a Beagle serial-to-USB cable and boot Debian in single-user mode to reset the root password. Not fun!

The exact actions taken are shown in the Kiwi log the first time v1.354, or a later version, is run. Some examples:

Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: One-time check of Linux passwords..

If no further "SECURITY" messages appear then the root and debian passwords were okay and nothing was done.

Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: One-time check of Linux passwords..
Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: WARNING Linux "root" password is unset!
Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: Setting it to Kiwi admin password
Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: "root" password set returned status=0 (OK)
Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: WARNING Linux "debian" account password is set to the default!
Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: Setting it to Kiwi admin password
Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: "debian" password set returned status=0 (OK)

Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: One-time check of Linux passwords..
Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: WARNING Linux "root" password is unset!
Nov 28 20:25:01 kiwisdr kiwid[12888]: 00:00:37.951 ....      SECURITY: Setting it to Kiwi serial number (because Kiwi admin password unset)

These changes are necessary because Kiwis continue to be installed such that their ssh ports are accessible from the Internet with the root accounts having no password set. This makes them vulnerable to being found and infected by Internet viruses. This can happen if the Kiwi is behind a router but the ssh port is open though the router or if the Kiwi is directly connected to the Internet with a publicly routable address.

It is possible you have intentionally made the root password unset/blank to ease administration when your ssh port is properly secured from Internet access (there are better ways to do this, see e.g. the ssh man page and the file /root/.ssh/authorized_keys). In that case this change will overwrite your unset/blank password and you will have to restore it (e.g. with "passwd -d root").