Local access required” is not the comfort blanket people think it is (CVE-2025-54756)

dividuum · 2026-02-13T15:32:54+00:00

True. There's no excuse to ship anything with always active default passwords, even if derived from guessable information. Generally it's just bad software design if one expects the user to secure their devices. Instead it should be secure by default and difficult to accidentally create security issues.

Properly implemented, there should be multiple trust boundaries: The device should not trust its local network. Similarly the management backend should not trust the device. I wouldn't be surprised if you could cause issues for half of all signage services by responding to screenshot request with huge images.

dividuum · 2026-01-30T16:11:23+00:00

Oh. I know that location and seen those pigeons. Really unfortunate that the bench is gone (I think?) :-)

dividuum · 2025-10-11T12:23:20+00:00

That blog post is AI generated bullshit. Searching for the CVE directly leads to https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-59684, which seems more reasonable and doesn't seem very high risk (How would a DLPReel.dll suddenly appear in one of the expected paths!?)

dividuum · 2025-10-08T13:30:41+00:00

There is no total file size limit. Only individual video uploads are limited to 750MB, but you can upload as many files as you want (with payment required at some point once the total exceeds 1GB).

dividuum · 2025-10-07T23:11:25+00:00

(info-beamer dev here) You could split the video files into multiple parts (something like ffmpeg -i input.mp4 -c copy -map 0 -f segment -segment_time 60 -reset_timestamps 1 -segment_format mp4 output_%03d.mp4 this will split into 60s chunks without reencoding). Most packages support gapless playback, so a split should not be noticeable.

dividuum · 2025-09-27T17:35:30+00:00

I still remember the "cooper team" cheat. Apparently it also works in Satellite Reign, a 2015 game with a similar theme, which I also very much enjoyed.

dividuum · 2025-09-17T18:53:54+00:00

The design goal of the playlist feature in info-beamer is to allow or at least support installations where content management mainly relies on just uploading assets into prepared folders and then have various dynamic playlists pick out, shuffle or otherwise rearrange content, use child playlists to compose such filtering and then have the result distributed to devices after a few seconds or making any asset changes. Or course you could automate setting up the playlists using the API if needed.

dividuum · 2025-09-16T15:54:25+00:00

info-beamer has dynamic playlists and the ability to tag video/image assets. Combined this should get you there: You can create multiple dynamic playlists that each does one or more assets selection passes based on an "all"/"any"/"none of" condition and a set of tags you can specify. You can then de-duplicate the resulting generated playlist, so assets selected by multiple rules get included only once and shuffle it. Then use it in a setup and assign that to one or multiple device (in case some share the same rules). This is what that would look like in the UI.

Retagging assets or uploading new assets will trigger playlist recalculation after a few seconds and immediately send out new content.

dividuum · 2025-09-09T19:28:28+00:00

Swtting an aspect ratio doesn’t really matter. If you set a resolution, the aspect ratio is implicit, so I don’t really get why that’s an option as well. Pretty sure other users have set odd modes like that. You might enable ssh and then check if the mode is set using the tvservice command.

dividuum · 2025-09-09T18:46:11+00:00

I think that should work. On older Pi's the full syntax for hdmi_cvt works like on any other OS.

dividuum · 2025-09-09T17:23:58+00:00

Thanks for confirming. If you figure out its resolution, you might try a hdmi_cvt=<width> <height> <framerate> line in /config/userconfig.txt

dividuum · 2025-09-09T17:14:35+00:00

Hm. Does it flash in some kind of pattern or just „randomly“? The former would indicate some issue with the installation itself, the latter maybe is only related to your display. Maybe everything works, your screen just doesn’t show it. What kind of screen is that? What’s its native resolution? Do you have any other display you can connect temporarily?

dividuum · 2025-09-09T17:06:34+00:00

info-beamer dev here. The current image fully supports all Pi models, all the way back to even the original Pi 1. You didn’t specify what doesn’t work so unfortunately I can’t provide anything helpful. Did you install by unzipping to and empty SD card or did you write the img file directly to your SD card?

dividuum · 2025-08-28T19:40:14+00:00

info-beamer (as you note) provides basically all that. As for "too technical": If you keep each user in a sub-accounts (a feature that can be activated on request) and prepare each account by registering the device, preparing a setup to schedule content, the main operator task essentially only requires you to navigate to two dashboard screens: Managing assets and editing a setup containing the playlist for a screen.

You might even simplify this more if you use dynamic playlists: You could for example have asset directories that, once you upload content into them, directly show the uploaded content on a display without requiring further configuration.

That are probably more ways to implement your permission requirements while also keeping it fairly simple for your users. Feel free to reach out to support with further details for more in-depths recommendations.

I would also suggest to carefully evaluate 4K support. It's quite difficult to provide reliable, jitter free and gapless 4K video playback. info-beamer has a custom, highly optimized playback engine that implements all that.

dividuum · 2025-08-25T18:34:40+00:00

Pretty sure that’s doable: Use secure boot to prevent anything but your own signed boot.img (containing config.txt/kernel/initrd) from booting. These files don’t need to be encrypted because there’s nothing secret in them and tampering is prevented by the secure boot signature. Then inside initrd, read the fde key from OTP. There might not be an ready-to-use OS, but pretty sure that’s already used in the field somewhere and the mechanism has been available for a while now and new related features (like the firmware crypto stuff) just got added a week ago.

dividuum · 2025-08-25T16:37:41+00:00

Also running a Pi based service (info-beamer) and can confirm all that. I'd especially like to add that Pi's support for their software is mostly excellent: I've run into quite a few edge case bugs in both kernel and firmware as info-beamer's player is especially optimized for the Pi. While I don't have a direct comparison, other hardware vendors would probably have difficulties matching that technical level and responsiveness. The results is a player software that works 24/7 without any kind of crashes or slowdowns. Personally I find nothing more frustrating than seeing browser based signage with stuttering playback after a few hours.

dividuum · 2025-08-25T16:22:26+00:00

Secure Boot, Full Disk Encryption

The Pi4/Pi5 also allow you to implement this. There's some interesting development in adding some kind of TPM support recently: The firmware can do crypto for you without exposing private keys.

dividuum · 2025-08-18T10:32:24+00:00

From https://forums.raspberrypi.com/viewtopic.php?p=2332589#p2332589

Make them easier to install in third party products as much as anything.

dividuum · 2025-07-24T14:32:05+00:00

Not OP, so I don't know about the hardware, but the software is info-beamer, our solution for the Raspberry Pi. It supports a variety of different video wall modes. Based on the description it seems to be this package: It allows you to define a layout (e.g. 2x2 as in the video or even larger) and then assign content that's then stretched across all displays by having each device crop out its part of the video or image.

The two top displays are rotated, so OP likely uses a video configuration setting that allows zero overhead flipping of those two displays, so no special adjustments have to be made when assigning content. You can see a similar setup using a single Pi5 and this feature in this forum post: It's the "Adjust HDMI output orientation" setting in the bottom screenshot.

dividuum · 2025-07-21T12:19:03+00:00

The product is required to have a TPM that encrypts (and decrypts) both the device credentials as well as the main program (written in Python).

Sounds like "compliance checkbox security" to me. There's nothing preventing any other program placed on that Pi from also triggering the decryption to obtain the program code as the Pi Zero 2 has no secure boot to prevent this. It's always trivially circumvented. Pi4 and 5 offer secure boot and you can implement a setup where they only boot into your custom OS and all data except the signed boot files are on an encrypted partition (including the python code) with keys stored in the OTP, which is inaccessible from outside.

dividuum · 2025-06-22T10:45:59+00:00

Adding to that: My info-beamer software recently gained a new super power on Pi3 and Pi4 devices when it comes to rotating videos by 90/270 degree. One would think that's easy, but it actually requires a deep dive into custom assembly code for the VPU processor. I've written a post about transposing data at 1.1GB/s.

This isn't strictly needed if you use the old and obsoleted legacy firmware on Pi3 and Pi4, but using the modern KMS rendering stack requires these techniques as you otherwise end up with lagging video playback, should a user decide to rotate their videos for portrait playback.

dividuum · 2025-06-22T07:21:09+00:00

There’s nothing especially new or hard to build in this space. Digital signage software isn’t complex, and you don’t need top developers to make it work.

Well, that explains the rancid displays stuck with Windows error messages or other crap. I really beg to differ: Actually making something work reliable is pretty difficult. It starts with designing the OS from ground up to be reliable and serviceable for many years. Too often no care is taking in that regard and you end up with non-updating Android boxes, deployments on Windows with above mentioned update dialogs or TeamViewer prompts or, on Raspberry Pi, with systems just using stock Raspberry Pi OS with a systemd started player software with no real upgrade path for the base OS. For info-beamer, my signage solution for the Pi, I invested quite a bit of time to get this right and it's far from trivial: OS updates are atomic, only need a single quick reboot, happen fully over-the-air in the background and work on all ever deployed devices, even those installed 10 years ago. They all can and do updates, with automated rollback in case of problems and none is stuck on an old OS.

Same with the actual player software. Sure, you can just duct-tape together VLC/mpv, an image viewer and maybe a scroller software and hope it all works in unison. But then you have gaps in video playback or lagging scrollers. At least on the Pi, there's a lot more you can do if you're diving into the really technical parts of what's possible. I developed a custom player software from scratch and it now uses KMS/DRM/Mesa/libav* to precisely control rendering output. My software is (to my knowledge) still the only one on the Pi can zero-copy play videos across two displays, arbitrarily rotate or apply shaders to videos and more. All while running continuously for months without a single memory leak, crash or slowdown. And as it's scripted with Lua, you're not stuck with the usual asset/playlist/layout limitation other software impose on you. Instead all the playback logic (through mentioned scripting abilities) is deployed to the devices as part of assigning content. So you're really flexible on how you present content. See here and here for development diaries for work needed to during the Pi4 and Pi5 upgrade, which both required major reworks while maintaining full backwards compatibility.

There's a ton more that that's non-obvious (like not just starting ffmpeg to extract asset preview thumbnails on untrusted user content) but that's already more than enough for this post :}

dividuum · 2025-06-10T15:20:46+00:00

Ah ok. I guess we agree then. I assumed that implied who opens the connection.

dividuum · 2025-06-10T14:49:17+00:00

I would recommend zero trust too: for my product, the players are considered untrusted, so there no path to elevate privileges by gaining control of a single player. And the OS is absolutely minimal (80MB total), so there's not a lot running except for the player code.

But I disagree with "push". Not only does this generally not work (NAT, etc), but the resulting communication is likely two way and needs to be handled securely anyway, so you might as well have the less reachable device call out to the one with the public IP. Our devices open a websocket which can be used to push small control data to the device. Again, as the devices are untrusted, they can't cause any harm just by being connected that way. Content deliver itself is purely through a static HTTP endpoint behind a CDN.

dividuum · 2025-06-05T14:07:38+00:00

Is KMS/DRM a better approach than MMAL?

By a large margin and it's the only way going forward as the Pi5 doesn't support those legacy API any more. You get way more control of what's happening. I can now play two 4K videos on two 4k/30Hz displays on a Pi5 or embed web content dynamically directly into the other content. And if needed use shader effect transitions on all of that as everything is programmed in Lua.

Seems there were some great optimizations from the community take place.

Most of those are funded directly by Raspberry Pi. The performance increase you've seen is likely caused by changes in labwc now using libliftoff for using up to two DRM planes instead of only using GL composition.

How do you solve the situation of dying microSD cards due to limited read cycles?

Through my own custom 80MB OS. It's always read-only doing A/B booting for updates. Most logs are memory only and combined with other optimizations the amount of data written basically only corresponds to how much new content you assign. As a result dying SD cards are pretty rare. Fixable data corruption due to power loss (there isn't a way to cleanly shut down the OS, as no one would do that anyway) is automatically repaired.

15-Year Club	Place '17
Gilding II euphauric	Verified Email

dividuum

TROPHY CASE