TinyPilot Cloud Feedback
We're currently designing TinyPilot Cloud, a service that gives you secure, remote access to your TinyPilot device from anywhere in the world.
We'd love to hear your feedback! What features do you want to see in TinyPilot Cloud? What questions do you have about the service?
Blog post: A Preview of TinyPilot Cloud
- MMike @micpom8460
My interest in TinyPilot is primarily security related, and usually when something is easy to implement it also introduces a less secure environment. I would be interested to know what measures TinyPilot Cloud will implement to protect customers security and privacy too.
I had a suggestion as well, what about a "home user" pricing option to connect a single device? It seems like a good portion of the customer base is DIY inclined and have just one TinyPilot unit. Thoughts?
Thanks
- Michael Lynch @michael2021-10-13 19:11:33.884Z
Thanks, good questions!
My interest in TinyPilot is primarily security related, and usually when something is easy to implement it also introduces a less secure environment. I would be interested to know what measures TinyPilot Cloud will implement to protect customers security and privacy too.
Yes, security and convenience are often at odds. Exposing a TinyPilot to the Internet certainly increases the attack surface, but we're making sure to limit the risk as much as possible. Here are some of the security measures we're planning to implement for the first release:
- Use an established third-party provider for authentication, such as Auth0 or Supertokens
- Build defense in depth by require password-based authentication at the device level. That way, even if an attacker compromises TinyPilot Cloud and reaches a TinyPilot device, they'd still have to brute-force the device-level password.
- Keep in mind that TinyPilot Cloud won't even know your device password, so it's not possible for an attacker to discover this even if they breach our database.
- Use Wireguard VPN to secure the communication channel between the Internet-facing TinyPilot Cloud Proxy Server and the TinyPilot device
- Use long, random subdomain names so that an attacker can't access customers' TinyPilot Cloud servers through port scanning or brute forcing DNS names, as the server will drop the connection if the client fails to supply the correct server URL in full.
- Apply standard mitigations to prevent common web app attacks such as CSRF, XSS, SQLi, framing, etc.
Please let me know if I can provide more detail on any of these.
I had a suggestion as well, what about a "home user" pricing option to connect a single device? It seems like a good portion of the customer base is DIY inclined and have just one TinyPilot unit. Thoughts?
Thanks, we're still thinking about pricing.
It's a challenge because we're a small company with a niche customer base, so it's difficult to go much lower. Companies like Tailscale and ZeroTier have millions in venture funding, so they can afford to take on free users while they grow, but TinyPilot is independent, so we have to plan for products that are self-sustaining.
- SIn reply tomichael⬆:salim kapasi @salzz4u
I am a DIY customer but still see the value and would be willing to pay the $30 for a single device! Hoping to see this service come to life.
- Diego @diego
Hello @salzz4u! Thank you for your message! Unfortunately, we do not yet have a timeline for this project, as very few customers have showed interest in it.
- LIn reply tomichael⬆:Ian @lfstudios10
Very interested in this however I’d say the initial cost is too high to make it useful for me. You’d need the standard batch features (update, shutdown, restart) as well as scripting support. Also, connecting a disk image to multiple units would be a fancy trick.
- Diego @diego
Hello @lfstudios10 - Thank you for your feeback! We'll take your comments into account. Unfortunately, we do not yet have a timeline for this project, as very few customers have showed interest in it.
- RIn reply tomichael⬆:Larry Mackey @RosCommonKid
We have thought about using TinyPilot to interface to user laptops for troubleshooting when the laptop needs a OS reset or similar issues. With all of our users geographically diverse that means we need something that is pretty much plug and play for a the users and for SysAdmin to interface remotely to the Tiny pilot from a home office or potentially even a hotel wifi
So maybe a way for a user smartphone interface to allow the local user to setup a wifi interface?
- Diego @diego
Hello @RosCommonKid - Thank you for posting your question in our Forum!
Unfortunately, we don't have anything like that, but we appreciate your feedback anyhow. We do have a FAQ you may want to check out, for setting up WIFI for a TinyPilot: How do I enable WiFi?. This can be done over SSH, and it shouldn't be that difficult to do it using a smartphone, with a Terminal Emulator such as Termux.
Let me know if you have further questions and/or comments, I'll be glad to answer them!
- MIn reply tomichael⬆:@Mario
Hi, I can to connect this tiny pilot at my pc even if my usb port is disabled ,is still capable to transmit data to the another pc ? Thanks
- Michael Lynch @michael2022-09-21 19:08:15.673Z
No, unfortunately TinyPilot requires the target computer to have a non-disabled USB port to connect.
- RIn reply tomichael⬆:@reeman
This is personal opinion btw. I think it really depends on the market segment you're trying to go after. Most DIY, home labs who I know among my circle like OSS, non vendor lock, no subscription based. But when we're doing it outside our home in professional settings, the goal would be the most robust, secure, easy to manage, so having to paid for subscriptions, hardware cost, expenses are expected.
Features:
- Centralize remote management with the same feature set you have currently in the device, but for more devices. Discovery, provisioning should be seamless.
- IAM+rbacs eg. view only, view and access console, full admin (tinypilot provisionings etc.). MFA requires.
- Automations: APIs and CLI
- Different level of subscriptions, eg. consider pricing model for free/community edition, individuals, small business, large/enterprise. Flexible payment plan (monthly vs. x annual prepaid)
- Audit trails and full logging