Family Photo Chest Part 14: The Tracks are Built, Bring on the Locomotive

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am technically ready to start my first batch of scanning photos. Let’s get started!

Early Start

I am tired of this project going seemingly forever. Whatever I’m getting done, I want working this week. My plan has been to scan directly into the DivideScannedImages script for GIMP, and for that I need the XSANE plugin (Scanner Access Now Easy for Xorg GUI server). Every version I found was ancient and obsolete. Turns out installing the plain XSANE included its own GIMP plugin, as confirmed by xsane -v and looking for a line about GIMP. Just know that if you’re trying to check the version over SSH, that it really wants an Xorg server: export DISPLAY=’:0′ worked for me.

GIMP has a powerful scripting language built in. With it, you can automate most anything, all be it with a little difficulty. You can even use it to script events when launching GIMP with the -b flag (b as in batch). I took a look at it. It doesn’t look that bad to learn. It’s heavy on the parentheses, but I’d hesitate to directly call it LISP.

I got as far as calling the XSANE plugin on boot from within the DivideScannedImmages script. I was a little short on time to struggle through getting it just right, so I reached out for help on a GIMP Discord, but then I began to reconsider everything.

Progress Rejected

I’ve been a bad programmer. So many dead ends. So many side projects distracting from the main goal. I have an unknown deadline for this project, and I really need to cut the fancy stuff I’ve been working on and do something that actually works.

I also got to thinking, Who am I designing this for? I had been working on a command line setup for me, and my mother has graciously offered to help with scanning a little bit at a time. She doesn’t do the command line outside Minecraft. As a good programmer, I need to consider my end user’s needs, and she needs a graphical workspace.

Thinking like my mother would think, I made a directory on my desktop for shortcuts related to this project. So far, I’ve made launchers for XSANE, the network share for the pictures, and GIMP. I may develop it later.

My new vision is to just use the tools I have: XSANE to scan and save locally and GIMP to separate and deskew pictures automatically and store them in the digital archive before someone either deletes or offloads the original scans. I can make a text file with miscellaneous metadata for each batch. A manual review can flag photos that will need additional touchup.

Testing the Workflow

I used a couple pictures from when I was little to test my workflow. I laid them on the scanner with a bit of tweak. I spent several attempts learning about the limits of the scanner. The scan head doesn’t actually reach the full scan bed. If I’m not careful, pictures will get pinched under the edges. It’s very easy to accidentally overlap pictures. All good reasons for finding a preview of each scan.

Deskew isn’t a miracle, but when I did a side-by side comparison on a sample size of my two test pictures, it got one almost perfect and reduced the the tweak from the other, but my sister said the deskewed one might be a little fuzzier.

Takeaway

I cannot emphasize this point enough: good programmers build software for end users. It’s fine to hack together a piece of software you understand, but if you want to share your creation with someone else, you’ve got to make a relatable front end.

Final Question

What elements of a project have you given up for the sake of an end-user?

BitWarden Operational and SSH Housecleaning

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am giving my BitWarden server a bit of a shake down, and since that didn’t take as long as expected, I have a story or two from rearranging my SSH keys. Let’s get started!

Server Fully Operational

Picking up from last week, I installed a BitWarden home server on BlinkiePi and set it up with a static IP making sure it had a unique hostname. To test it, I plugged it directly into my home router. I had to generate and install a self-signed security certificate so the browser plugin could recognize my server once I had directed its traffic appropriately.

I started early this week, expecting the firewall to be crazy complicated and maybe an exercise in futility, but that wasn’t the case. I found a package literally named “uncomplicated fire wall” (ufw). It installed no problem and I was easily able to reject unrecognized traffic by default, then allow ports for SSH and BitWarden.

I then went ahead and installed BitWarden plugins on my remaining computers, trying and failing to follow all the important steps from memory until I gave in and looked up the tutorial again. Later on in the week, I wanted to ensure my setup could withstand a power blink, so I cut power and and later restored it. I expected I’d need to spend a few hours trying to figure out how to get it auto started, but it’s almost like this project wants to short me of content, because I was able to reach its web interface no problem.

SSH Keys Between My Computers

I don’t like entering passwords every time I want to log into a system. SSH keys are way faster and more secure because the host machines are essentially letting you in as you essentially scan an ID instead of stopping to perform a secret handshake that can be more easily faked.

I did some research a while ago, and I found questions as to if the rsa method of making keys was still okay to use. To be honest, if it wasn’t, OpenSSH would probably push an update blocking its usage or at least notifying users that it’s been cracked wide open.

Nevertheless, when I redid my SSH easy access network, I used ed25519 to make my keys, and I transferred them over with ssh-copy-id to move them from one computer to another. I have three workstations I flip flop between, as well as my new password server and my Pi400 hack router. Now that I think about it, I could include the NAS and the Pi4 serving as our entertainment center, but that will wait for a later date.

One nice surprise I found was when I was copying a key from my main desktop on the 400’s subnet to one of my machines on the wider home network, and when my desktop didn’t recognize the computer, but the Pi400 did, the router vouched for the host I was reaching out to.

Takeaway

I suppose I could improve my setup with auto updates. That will mean another hole punched in the firewall, but in all reality, that’s a topic across my network for another day.

Final Question

If you were to spend a week in space, what games would you feel obliged to play along the way?

BitWarden: My New Password Manager

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am switching my password manager from LastPass to Bitwarden. Let’s get started!

Introduction: Password Strength

It’s almost comical when a digital security expert starts a talk in a packed auditorium and asks, “How many of you use the same password everywhere you go?” and half the people raise their hands. A facepalm or two later and the speaker may start comparing it to how that’s like a company keying all their locks to the same key, regardless of department or security level. It’s a stupid, stupid, stupid idea, and I am guilty of doing it up until two or three years ago.

The absolute worst password you can use is one someone else has without permission. The next worst password is one someone else can quickly guess. Web Comic XKCD – Password Strength gives a concise explanation: long, simple passwords are easier to remember and harder to guess than short passwords butchered by special characters.

But you could have the strongest password in the world, and still be vulnerable if you’re using that password for all your accounts. If just one of your sites is compromised, an attacker now has a key ring to go try all the popular sites to try and let himself in, and you will need to spend a long time cleaning up.

Password Managers

But then, convenience. The human mind would rather not remember tens or hundreds of passwords that may be up to date or replaced. That is where a password manager comes in. You log in with your one master password, and it automatically fills in passwords as you go. Set up properly, it’s even faster than entering your one password each time everywhere you go, and a basic setup isn’t all that hard to do.

At this point, a password manager should sound like a major security vulnerability, akin to a nicely organized key cabinet in the lobby, but a properly designed password manager never knows your passwords except when and where they’re needed. Your master password is used to help scramble and unscramble your passwords on your own computers. The rest of the time, it’s a bunch of otherwise meaningless garbage to anyone trying to poke at it.

Furthermore: don’t “log in with <Platform X>”. Ever. Only if there’s no other way, and even then: take pause. Merged accounts are worse than using the same password because they are by definition using the same username as well. A break-in to one is a break-in to all linked accounts.

From LastPass to BitWarden

I am displeased to announce that LastPass today is chasing off a lot of their free users by making them choose between types of devices: desktop/laptop and mobile. I personally only use a tablet for one or two things, like reading my Bible or viewing PDF’s. This won’t affect me but maybe once a month or two when I’m not bothering to walk to a desktop. Still, I don’t like it. It’s not like they’re getting any of my money anyway.

I chose BitWarden because it kept coming up as a good alternative. Not only is it open source, but their code has been audited, and I can self-host it as well: all are highly desirable features whereas LastPass is -at most- only audited.

The actual switch once I had my personal server up was easier than getting the dogs ready for a walk. All my passwords were moved in a single transaction, categories and all.

Personal BitWarden Server

First of all, IF YOU DON’T KNOW WHAT YOU’RE DOING, JUST SET UP A REGULAR ACCOUNT! That said, I want to challenge myself, and I believe this is reasonably within my grasp. I closely followed sensiCLICK’s Full Guide to Self-Hosting Password Manager Bitwarden on Raspberry Pi on my BlinkiePie, my Pi 3B+ using a fresh, minimal install of a Raspberry OS.

I don’t really have much to say here because I don’t understand a lot of the new stuff I did. There were some instructions that had changed in the months since the video was released, but there were notes in the chapter titles. The tutorial ironically didn’t encourage its viewers to change the default password of ‘raspberry’ as you should. I changed the hostname, gave it a static IP, and not much else. I’ll need to save locking it down for another week when I have more time to propagate BitWarden across the rest of my devices that need it.

Takeaway

Passwords, like locks, are a balance between how badly people want in vs how badly you want to keep them out. Short passwords are easier to enter (if they can be remembered), long passwords keep attackers out longer.

Final Question

How many unique passwords do you use?

Family Photo Chest Part 13: Early Prototype Workflow

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am merging a couple projects into one and hoping they stick. Let’s get started!

Overview

I’ve been piecing bits of my photo trunk project workflow together now for way too long. Right now, the architecture is looking like I’ll be scanning sets of pictures to a directory on a Network Attached Storage, then I can use a cluster of dedicated microcomputers from another unfinished project to separate and deskew the raw data into individual files. These files will then live permanently on the NAS.

Progress is rarely linear though. My end goal for this week hopped around quite a bit, but in the end I felt like I did nothing but figuring out how not to proceed: ground work with no structure. Routers are hard when you’re trying to learn them on a schedule!

Lack of Progress

In a perfect world, I would have been well on the way to configuring a cluster node by now. In a less unreasonable one, I would have had my Pi 4 OpenWRT ready to support the cluster. Late-cycle diagnostics chased me into an even more fundamental problem with the system: Wi-Fi connectivity.

During diagnostics, I’m learning about how different parts of the system work. Physical connection points can be bridged for a single logical interface, and Ethernet cables can support separate ipv4 and ipv6 connections. I can’t configure the Ethernet (on either logical interface) the way I want because that’s how I’m connecting to the Web UI and SSH. I end up stuck using two computers besides the two router Pi’s (OpenWRT and a Raspian hack router that actually works) because I don’t like switching my Ethernet cables around on the switch, but I need to do that anyway when I have to copy a large block of text. In short: the sooner Wi-Fi gets working, the better.

I understand I am essentially working with a snapshot. It’s been tidied up a bit, but bugs still exist. Wi-Fi is apparently one of those things that’s extra delicate; each country has its own region, among other complexities. On the other hand, I don’t know if that’s actually the case, as diagnostics are ongoing.

Takeaway

I’m probably going to work on this one in the background for a while. The OpenWRT help forum’s polish at least in part makes up for routers being dull to learn. If it takes too long, I do have other projects, so I may need to replace the cluster with a more readily available solution.

Final Question

Have you ever had upstream bugs that kept you from completing a task?

“Beowulf Cluster:” Part 6: OpenWRT Installed

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I’m installing OpenWRT Linux router distribution on a card for a Raspberry Pi 4. Let’s get started!

Background

A while ago, at the beginning of lockdown, I was gifted a few microcomputers I wanted to arrange into a cluster, maybe even turn them into a model supercomputer. I was planning on using OpenWRT, but it wasn’t –and technically still isn’t– available for the Pi 4 outside the use of snapshots. I compromised by configuring a minimal Raspian installation, but I’ve yet to figure out how to program the firewall to disallow computers on its Local Area Network (LAN) from going anywhere online without my say so in addition to keeping them hidden from the Wide Area Network (WAN).

My efforts back then were still possibly the most useful project I’ve done to date: I’ve been using that card as my main Wi-Fi receiver for my workstation. I conjecture it should be just fine with a Pi 4 (1 GB RAM), but since all my more qualified Pi 4’s are busy, my fancy Pi 400 has been serving in that capacity.

Installation

As noted above, OpenWRT for the Pi 4 is only officially available as a snapshot. These builds often lack recommended packages, including any GUI I might want to explore. This is where community builds come in. My research converged on one by wulfy23.

The GitHub’s readme’s took me a while to understand, in part because of all the options. I gathered that there were “factory” builds and “system” builds. Factory builds are for fresh installs, and system builds are for upgrading existing systems. At that time, there were as many as three builds for download, and choosing the right one seemed almost arbitrary.

My first time installing, I totally forgot to check the provided SHA256SUM before unzipping it and dd’ing it to SD card and booting. I landed in a terminal that kept mixing the prompt with other messages. Reaching out to a support thread on the OpenWRT forum, I learned about the web interface, and how to connect to it.

The URL I was given failed every time, even my workstation alone with the router on my switch. I ended up going directly for the IP: 192.168.1.1. I was met with an inadequate dark mode I couldn’t find the settings for. I expect they’re probably there, and I spent a small amount of time looking for them by tossing reasonable sounding URL’s around and hoping for the best, but comparing notes among other tabs in the interface, I think the chances of happening across the specific one I need are slim.

Installation Take Two

I went through the same process another day, and found only a single version for download from the same place. The SHA256SUM checked out, and instead of unzipping it first, I learned about zcat, a little command line utility that can unzip a file to be piped into another command. I piped it directly into dd per an example installation I spotted my first go around installing OpenWRT.

I provided a root password and found a different theme that didn’t force a partial dark mode on me in short order. I found built in tools for ad blocking network wide, settings for managing network interfaces, and most importantly to this project: a fire wall. Alas, the fire wall remains something I have little practical understanding of. I’d like to believe I have a mid-range understanding of what it can do, but my only real hope is copying lines and hoping they do what I want – the last thing one wants in a firewall intended for actual security. No. A custom firewall is at least a week in and of itself.

Takeaway

I really like trying to do two weeks worth of topics in a single week. It usually doesn’t work. Granted: I did have a rusty introduction to both parts of the topic I wished to fuse into one this week. I’m looking forward to remembering zcat in the future.

Final Question

What neat, little tips and tricks have you picked up during a larger project?