DietPi installation stats, which device is popular?

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
User avatar
MichaIng
Legend
Posts: 542
Joined: Sat Nov 18, 2017 5:21 pm

Re: DietPi installation stats, which device is popular?

Post by MichaIng » Sat Jun 02, 2018 2:09 am

@bronco
Next time, if you really care about users security, it would be great if you inform us via email, PM or something like that, before spreading this further into the web and by this increase potential risk, instead of helping to solve it :x.
And adult wording in such serious topic would be helpful as well, to enable us taking it serious and constructively. Otherwise it looks and feels more like an attack for whatever reason, instead of a security advice/hint.

But we got the point and working on a solution to disable folder list and read permissions, as well as bringing data directly into secure locations. Until that, FTP server disabled for now, as mentioned by Fourdee. So thanks for the hint after all, just please be discreet, if it should be necessary another time.

User avatar
MichaIng
Legend
Posts: 542
Joined: Sat Nov 18, 2017 5:21 pm

Re: DietPi installation stats, which device is popular?

Post by MichaIng » Fri Jun 08, 2018 5:14 pm

@bronco
We just release v6.9 with a huge security rework, related to our password handling, as well to the DietPi-Survey and DietPi-Bugreport upload and storage:
- Any sensible data was removed from survey.
- Upload is done via secured (pub host key) SFTP.
- Public upload user has no read, nor file list permissions.
- Everything is handled more transparent now: User dialog to opt in/out survey or even purge the uploaded data (by overwriting it with empty file).
- Files contain unique hardware id only, thus there is just 1 file each system, which will be overwritten with new upload. Of course we have no chance to track users setup a fresh system, without some (definitely!) unwanted account system.
- To have it transparent, we have a public report page that shows v6.9 statistics based on opt-in users: https://dietpi.com/survey/

Feel free to check, if it's bullet prove as expected.

Post Reply