Category: Raspberry Pi

Posted on

My Pi 400 Travel Desktop

Good Morning from my Robotics Lab! This is Shadow8472, and today I am trying out my Raspberry Pi 400 as a lightweight daily driver. Let’s get started.

rPi 400

The Pi 400 is a special edition of Raspberry Pi – essentially a Pi 4 built into a keyboard. It’s missing a USB 2.0 port (made up for by the keyboard) and the 3.5mm audio jack. In theory, the miniature keyboard computer is perfect for travel – assuming you have a screen at your destination that is.

Choosing a Distro

My first thought was to try installing Arch. A brief search found an Arch on ARM project as vanilla Arch only supports x86 architecture. The instructions involved formatting a drive on the terminal. I bought a 256 GB SD card and did so on the first convenient rPi install I had – Kali linux.

It took a few failed attempts to install Arch. The pure open source method that reportedly works on the regular Pi 4 didn’t on my Pi 400, and the standard method wasn’t cooperative when installing a login manager and any of a few desktop environments. Running on a time crunch before leaving on a trip, I switched to DietPi, another lightweight distro I’ve worked with before for, but for a much different project. As with Arch, MATE was uncooperative, so I settled with XFCE. Special thanks to Balena Etcher for a special warning when formatting large drives.

Packing For a Trip

To shortcut setup, I copied my browser and LibreOffice data from my main desktop. LibreOffice worked for me, but didn’t carry the full dark mode – a problem I’ve encountered before, but ultimately decided to live with.

Firefox ESR –as installed from DietPi’s hedged garden– refused to accept my profile. Regular Firefox –installed from the apt repositories– was up to date and started as expected. Notably, it included my extensions – especially Bitwarden, my password vault.

A screen was not procured at my destination, so I packed one from home. The missing audio jack was also problematic, so I packed my Blue Yeti with plans to disable voice monitoring. For redundancy, I packed an HDMI monitor, but busted the ​​styrofoam while stuffing it into the slightly wrong box. As of writing, I have done nothing with sound.

Deployment

We left on our trip. Upon arriving, I found my over-packed tech bag lacked a long enough HDMI cable. I borrowed a longer one. The monitor signal kept flickering. For a while, I assumed I was overloading the Pi with a couple hundred browser tabs, but after a power blink and several reboots, it came out that the HDMI was bad. We bought a replacement, and it’s been working properly since.

Ejected Challenges

Arch wasn’t the only thing I had to back off from. I brought a couple additional Pi 4’s to have myself a nice, little network with Pi-Hole ad blocking, but Wi-Fi strength and configuration challenges meant those were both a no-go.

Another challenge I want to pull off is playing Stardew Valley. I copied the files over back home, but haven’t had time to try the conversion I found yet.

Takeaway

Finishing a project as a rule is better than stalling an overly ambitious one. I have an on-the-go workstation, even though it still lacks polish.

Of special interest, this week marks the 6th anniversary of my Robotics Lab. And some months ago, I decided I wanted to do a Sabbath year cycle. I’ve proven that I can be consistent at posting, even if I feel my quality slips some weeks. The facts of the matters is that weekly posts are getting a bit repetitive for me, so for the next year, I’m only going to post when I finish a major project, such as when I have the full software suite I have in mind for my homelab. After that, perhaps I’ll stick to monthly. We’ll see in a year’s time.

Final Question

Setting up a travel computer on the quick was a bit of a trick. What must-haves would you include in a similar package?

I look forward to hearing your answers in the comments below or on my Socials.

Posted on

MotionEye: One Step Closer to a Critter Cam

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am revisiting my naughty critter cam again. Let’s get started!

Project Recap

Earlier this year, I spent a week learning about DietPi, a lightweight OS for “System On a Chip” computers — notably Raspberry Pi, and Motion, an open source home surveillance platform. These fit great into my Raspberry Pi 3B+. I burned out after getting it to stream video to a webpage.

Version numbers have marched on since, and updates were in order. Long story short, it was simpler to reinstall and relive the week in the span of one day. I set the standard “new install” settings, and installed motion from within DietPi’s “hedged garden.” I copied a default config file at /etc/motion/motion.conf to /root (I am approaching this as a short-term/low security project) and struggled against the documentation. It led me to mess with mmalcam_params when all I needed was:

rotate 180
webcontrol_localhost false
stream_localhost false

These lines rotate the image and unlock Motion’s webUI.

MotionEyeOS

The final deciding factor to reinstall started when I came across a new command for listing ports Linux will respond on:

ss -list

I found port 8765 with a login I couldn’t get in. Only after a total reinstall did I look up motionEye and find the default login is “admin” with an empty password. It’s a nice webUI, but it won’t share the camera with motion proper, and it took me a while to cycle through the different options to find the feed. My favorite feature is that it passed the “Oops, it lost power” test.

Push Notifications

MotionEye can run a commands when it sees something move, which can be anything from object detection to filter false positives to an automated squirt gun when it recognizes naughty behavior. My next major milestone though should be push notifications. On Linux, I can use notify-send over ssh, but I’d need to research an equivalent way for it to show up on Windows, Mac, and Android for other family members. In the long run, it will be simpler to dust off my Discord bot skills and give a LAN address.

So, that’s what I did. I made a bot that sends a hard coded message to a hard coded channel and closes itself as part of its startup function.

#!/usr/bin/python3

import os
import discord

intents = discord.Intents.default()
client = discord.Client(intents=intents)

#On startup: send message to and close program
@client.event
async def on_ready():
channel = client.get_channel(<channel_ID>)
await channel.send(f"Motion Detected!\nhttp://192.168.0.50:8765")
exit()

client.run('<Bot_Login_Token>')

MotionEye could run the bot once I placed it in /mnt/dietpi_userdata/, gave it permission to execute, and ensured it belonged to the dietpi user. Before too long, I had notifications through Discord to check Motion, and the hardest part of deployment was turning on the Pi’s power switch. For my “Show & Tell,” my father and I rigged up a cat tower and an LED work light on a stand to watch the stairs.

Takeaway

This temporary setup remains incomplete. For starters, the Discord bot wastes around four seconds logging in. I will eliminate this delay once I can get a signal from MotionEye into a running bot. Also of concern is that I want the bot ignoring humans – which means object detection, a field I’m not far into yet.

Final Question

Am I missing anything obvious on my road map? Let me know in the comments below or on my Socials!

Posted on

Pi Spycam: Prototype Deployment

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am trying to solve an animal misbehavior problem around the house, and we don’t know who’s done doing it. And I’m literally dusting off an old project to help. Let’s get started!

Blinkie Pie is a Raspberry Pi 3B+ with a case themed after a PacMan ghost. I modified the files to include a Pi camera module looking out its left eye, but got bogged down with computer vision trying to automate critter punishment. Well, in the present day, one or both of our cats keeps doing something in the same area of the house, and a video feed served over HTTP (to access via browser) could let us monitor things on a second screen. After a brief survey of open source projects, Motion looks to be exactly what I think I need. [1]

DietPi looks like a good base OS. The article I found says it’s based on Debian Buster [2], but I’m only after a short-term project. I checked on Pkgs.org and Motion is listed as in the Debian Buster ARM repositories. [3]

Modern DietPi is based on Debian Bookworm as I found out when I downloaded it. Motion was present, but setup was annoying. I’ll spare the blow by blow, but the terminal program serving as its installer doesn’t think like me. Sometimes it ran quite slow (Pi 3B+ being old?). Credit to the install script where credit is due, but it got hung up trying to update, so I had to drop out and unsnag it manually.

Motion was obtuse to get working. While pounding around for a solution, I found a curated list of software calling the project motionEye. It didn’t find the camera module until after a reboot or two. My only confirmation was terminal activity in response to motion in front of the camera. And working from the command line, I can’t check on Motion’s web interface. A few hours of diagnostic research later, I used curl over SSH and found data on Blinkie Pie’s localhost:8081, but not over network_ip:8081 – which is a wise default configuration with the base OS lacking a firewall, but annoying for my low security use case of monitoring cats. I overrode this setting with a config option at ~/.motion/motion.conf.

# Restrict stream connections to the localhost.
stream_localhost off

I now had images around once per second, but they were coming through upside-down because of how I mounted my camera module in its case. I Modified a similar setting to allow the webUI, but it was very limited. I’d spent a while Thursday night trying to solve this flip issue from the config file, but I only ended up jamming terms from documentation in ways that didn’t work. I circled back around on Friday afternoon and used a search function to find settings for both rotation and flip, but later realized the system only flipped vertically (probably because I used two lines).

With high to mediocre hopes, I deployed Blinkie Pie to watch over Sabbath. The image came out dark, so I found an old desk lamp I had stashed in a closet and left a few other lights on. The good news is that it was more stable than during tentative testing. The only difference I can think of I that I was only SSH’ing over Wi-Fi once instead of for two links.

To access the recordings, my first instinct was to use SCP, a program to transfer files over the SSH protocol. DietPi operating system does not include SCP by default. Instead, I logged in with the FISH protocol, which doesn’t require anything special on the other end besides SSH. Bonus: I could use it with Dolphin (KDE’s file browser). Unfortunately, the default motion detection settings mostly caught human family. Our little, white dog starred in a couple automated recordings, but my black Labrador was seen in one clip being ordered to lay down in the observation zone without any footage from when he got up and left. At no point did I see a cat who wasn’t being carried.

Takeaway

This project didn’t catch anycreature in the act, but I’m still satisfied with my progress this week, and I intend to follow it up later this month where I tweak the configuration to be more sensitive to smaller creatures.

Final Question

Have you any suggestions on tracking cats with Motion or a similar technology?

Works Cited

[1] C. Schroder, “How to Operate Linux Spycams With Motion,” linux.com,July 10, 2014. [Online]. Available: https://www.linux.com/training-tutorials/how-operate-linux-spycams-motion/. [Accessed Mar. 11, 2024].

[2] C. Cawley, “The 8 Best Lightweight Operating Systems for Raspberry Pi,” makeuseof.com, Nov. 7, 2021. [Online]. Available: https://www.makeuseof.com/tag/lightweight-operating-systems-raspberry-pi/. [Accessed Mar. 11, 2024].

Available:

[3]pkgs.org, [Online]. Available: https://pkgs.org/search/?q=motion. [Accessed Mar. 11, 2024].

Posted on

Call the Electrician

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

My house has been having intermittent electrical issues for a while, but they flared up enough to diagnose a couple weeks ago. It affected our computer room and the downstairs/backyard lights. Kitchen appliances and most other outlets were on other breaker circuits, thankfully.

It was Monday afternoon. Last week’s post was up, and I was tentatively researching February’s big project. My sister, Taz, asked for help moving her workstation to another room and off the faulty circuit. She warned me about her outlet sparking, so I equipped some leather gloves before I began jiggling out her UPS.

UPS:
Uninterruptible Power Supply.

The outlet crackled as blue arcs flashed within the empty, upper socket and along the blades of the UPS plug as I wrestled with it. The room lights flickered off a few times, adding to the gut feeling I was aboard a starship, working over a console ready to explode in my face.

I put an amount of effort befitting a temporary relocation while arranging Taz’s computer. The challenge was her Internet connection. With OpenWRT fresh in my mind, the hardest part was deciding on a previous project SD card to overwrite.

Each card’s identity was easily confirmed by mounting it and checking <disk>/etc/label. One Raspberry OS install stuck out as redundant now that I use BalenaEtcher for disk imaging.

We quickly ran into an important gap in my networking knowledge: DNS. I shelved PiHole last week in part because I couldn’t get OpenWRT’s DHCP server to properly advertise it as the DNS server. Manjaro/KDE was mostly in last week’s attempts – even allowing for a DHCP IP with a manual DNS, but Windows’ “manual” IP configuration got wiped each time I tested “automatic (DHCP)”. This led to confusion and frustration when Taz saw our hosted Minecraft server online, but not the authentication servers for lack of DNS.

DNS:
Domain Name Service – translates URL’s into IP addresses, a “phone book” for computers

DHCP:
Dynamic Host Configuration Protocol – Automatic IP address configuration, a matradee for networks.

The electrician gave our sparking outlet a checkup. He said that as first goodie on the breaker circuit, everything else is wired in series. When it shorts, everything else is affected before breaker pop. Our outlet has buckled under a heavy load over years’ time; we’ll minimize its usage until repairs happen this coming week. Fun fact: lights and sockets sharing a breaker is a code violation, but it could have been fine when the house was built.

In the meantime, I idled a day or two while trying/failing to fix my DHCP configuration for lack of search terms. OpenWRT’s Lu-Ci web interface strikes a good balance: it’s user-friendly without being baby or admin-proofed. Nevertheless, I took my issue to r/techsupport’s Discord, where I learned about DHCP-options. So far as I can tell, DHCP-options is just a lookup table. Option 6 specifies a list of IPv4 addresses as DNS servers:

6,192.168.0.2,192.168.0.20

Takeaway

Messing with a sparking outlet the way I did was stupid. A few days’ retrospect told me I should have had a fire extinguisher ready. Editing this the night before posting, it dawns on me that de-energizing the whole breaker circuit would have been better still. I’m thankful nothing happened and that the situation is stable enough to wait for a repair.

I’m also glad to have learned about DHCP options. Of note, I picked up this week that Raspberry Pi Wi-Fi radios were never going to win any performance prizes. My Internet slowdowns are not just me.

Final Question

I’m trying something new by isolating glossary terms in a column. They were a pain to figure out, but I think I can control them now. What do you think?

Let me know in either the comments below or on my Socials.

Posted on

Networking Is Magic

Good Morning from my Robotics Lab! This is Shadow_8472, and if you missed last week’s post, feel free to check it out. It… was a minor disaster. I tried setting up PiHole network adblocker, but my home router unexpectedly moved its local IP address in the process. I cleaned up what I could really quickly and noticed my little hackjob of a subnet router was running an end-of-life operating system. Today, I am fixing that oversight. Let’s get started!

Replacing My Hackjob Router

Hackjob Router was my consolation prize after a failed quest to implement the open source router firmware, OpenWRT, onto my Raspberry Pi 4B in early 2020 and another in 2021. Both times, the exact version I needed was still under development. Dealing with testing versions was too advanced of a magic spell for me. I did, however, find an easy tutorial within my reach, but it did little to advance me beyond an aspiring networking mage with smoke and mirrors, but no fire or glass. When I looked this week, the beta warning was lifted.

I downloaded OpenWRT and flashed it over Hackjob Router’s SD card. Sure enough, the web interface was complete. I’ve used at least half a dozen ranging from limited config options to full access. OpenWRT’s “Lu-Ci” web interface puts everything on display with a helpful tool tip. It is comparable to other network devices I’ve worked with, but is simpler to look at, and has slightly more functionality.

My final configuration was surprisingly easy for a project that’s been hanging for almost three years now. At no point did I gain a key insight directly from an online search. But mistakes were made, and background information was researched and shelved for later.

My first mistake was a wrong Wi-Fi password. When I finally located and corrected it, my connection to OpenWRT died. I quickly learned how to assign a static IP in KDE’s settings thanks to intuitive interface design. I researched br-lan, a virtual network interface used for assigning one IP to multiple physical interfaces, thinking I needed to add the physical Wi-Fi radio to the one automatically generated to host all of the one Ethernet port and “bridge” the two sides that way.

The problem was actually a bad netmask. IPv4 network addresses come in four eight-bit numbers between 0 and 255. Local networks mask off leading bits – typically in multiples of 8 (for example: 10.0.0.1/8). Routers can use DHCP to dynamically assign local IP addresses with in their assigned subnet. My subnet ranges between 192.168.1.0 and 192.168.1.255 – properly denoted 192.168.1.1/24. Originally, my trailing mask was /16, allowing DHCP to assign my workstation to 192.168.0.200. Correcting the mask made it behave.

An unanchored memory I have regarding this week’s research is that some devices can route packets directly between network interfaces as opposed to routing them manually. I doubt the Raspberry Pi 4 has this ability, but it would be nice to know for sure.

Takeaway

Networking is magic at times. I still have a long way to go before I understand enough to do everything I want to, but I’ve cleared a large and long-standing burrier toward that goal this week. This is in part thanks to OpenWRT’s Lu-Ci with its educational help tips about every drop-down menu, text field, and tick box.

Final Question

Do you ever study a known science and everything inside you insists it’s magic?

I look forward hearing your answers on in the comments below or on my Socials.

Posted on

I Went From Command Line to Discord Voice on Raspberry Pi

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

Starting From the Basics

I found myself in need of a separate Discord account connected to a voice server this past week. With one account on my main computer and myself unable to use Discord mobile, I chose to work with my Raspberry Pi 400. I downloaded a build of Debian 12 for the Pi, flashed it with balenaEtcher, and it booted to the command line with no Internet access.

I was challenging myself by trying to maintain a conversation while setting things up. As I lacked a free Ethernet connection, that meant working with Wi-Fi. I only got as far as failing to get wpa_supplicant up while only using far fewer tools than were assumed by the tutorials I was using. In the end, I moved a connection over from my main computer temporarily.

Desktop Environment

The MATE desktop environment has been good to me for my old laptop. Once I got it installed on the Pi, even it felt a bit heavy – a note for next time, I suppose. I was able to easily connect to Wi-Fi and restore my desktop’s Ethernet.

Firefox went on next because Discord doesn’t have a client for ARM processors outside the same Android app I cannot use, but the browser version loaded. It didn’t see my USB microphone, and neither did Firefox even after bumbling around with allowing web pages to see my mic. Only then did I find and enable the PulseAudio daemon so Firefox could see my mic and pass it to Discord.

pulseaudio --start

Since I was working quick and sloppy as root, I had to use the following instead:

pulseaudio --system

Takeaway

I can tell my skills are improving. I believe a full Arch install may be in my future.

Note

An interesting problem I keep running into is the system clock. Extreme low-end computers frequently don’t include the circuitry to measure time while power is otherwise off because of monetary cost and circuit board real estate. This week, it meant I had to reboot after connecting to Ethernet, though I could probably have found a way to manually set it.

Final Question

What is the craziest project you’ve ever done starting with a command line?

I look forward hearing your answers on in the comments below or on my Discord server.

Posted on

I Installed Android (Again, Pi 400)

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

Free, but not Free

Mobile computers are decades to years behind desktops, and usable free (as in freedom) and open source experiences lag behind accordingly. Android may be branded as open source, but Google did not build their Play Store into the platform’s primary draw by allowing a “free” experience. OEM’s (Original Equipment Manufacturers) making Android devices must play by the search giant’s rules or be prepared to start from scratch.

That iron grip on Android –tight as it may be– still affords room for hobbyist level projects. LineageOS will get compatible devices booted to Android without the need to compile AOSP (Android Open Source Project) yourself. Another project, the difficult-to-search-for /e/, takes the concept farther by removing many of the lingering hooks back to Google infrastructure and making an attempt at a cohesive end-user experience.

Raspberry Pi 400 (Tablet Edition)

A while back, I installed an unofficial build of LineageOS on my Raspberry Pi 400 as a precursor to installing a custom AOSP ROM on a phone. This first attempt was accidentally AndroidTV edition, leading to confusion and sadness. I re-installed it for last week’s blog, but even seeing it ask more phone/tablet-type questions than before didn’t feel like enough to base even a short blog on.

I hesitated when sideloading the F-Droid appstore last week. I couldn’t find their GPG keys to verify the download against, but I learned something in the process. Additional research this week still hasn’t yielded their keys, but I’ve learned that it might involve adding a key repository – sort of like how I couldn’t just start downloading images when I installed Podman on my laptop. However, I want to end up with /e/ instead, so I don’t feel the need to be as careful learning how to add a trusted key repository. Instead, I’ll just keep it offline.

About the only large challenge I solved was getting F-Droid’s install file onto LineageOS. Normally, I would just mount it and drop a file where it needs to go. That wasn’t an option here because I didn’t know where it belonged and the directories above it had locked down permissions. The simplest solution was to just move it over with a USB drive. It installed cleanly from there, and I ran out of time from working on long-term projects and shorter projects bloating beyond this week’s scope.

Takeaway

If you ever hit a road block learning to a safety measure, listen to it. Take reasonable alternate actions to remain safe and try to learn a bit about how to pass it correctly each time.

Final Question

What subjects have you had to conquer a chip at a time?

Posted on

I Didn’t Git It

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I tried adding a Git server to my Bitwarden server, and blew most of my time on a detour. Let’s get started!

Git

Git is an open source version control platform, not to be confused with GitHub, a website and hosting service implementing the software. Git is sort of like an Undo/Redo history, but you can switch off old changes and put the new ones on. It will be very useful –if not project saving– while building my social robot. The only problem is that I need to learn how to use it from a developer’s point of view.

I want to install a Git server. My target is my Raspberry Pi 3B+ hostname: BlinkyPie operating system: Raspberry OS lite. It’s already running my Bitwarden server to host passwords, and has plenty of space on its SD card for starting out and ample room in its CPU cycles.

Failed installation

As always, the first step in installing any piece of software in Debian family Linux distributions (distros) is to update repository information. sudo apt-get update The log put up a warning about the locale. I didn’t think much of it until Git didn’t install.

Logs are not always the easiest things to understand. They’re also not the easiest for search engines to decode when nobody has made attended to the exact wording. Even now, I have no idea what’s going wrong. What I do know is that when I tried messing with the locale configuration settings under raspi-config, the whole system would stop responding to any command I sent remotely logged in over SSH other than exit (ending the session). Further attempts to connect would fail until I rebooted from the physical switch and I would repeat the cycle.

System Failure and Backup

Things got really messed up to the point where I started worrying if I’d ever get my passwords back. I mentally went into recovery mode, trying to salvage what I could. I started by using dd to Duplicate the Disk onto the NAS so I could restore it if I messed it up worse. I also observed that my Bitwarden plugin has a limited-time retention of my password vault in case it can’t reach its host server. My vault was soon exported, where it would be safe in case of a total system wipe and reset.

With the only irreplaceable nugget safely tucked away, I unsuccessfully turned my attention to extracting the Docker image hosting Bitwarden, and settling for the contents of the home directory. This whole time, I was also researching what operating system I was going to replace Raspberry OS with. I seriously looked at Arch, Manjaro, and Apache, though that’s not something I can just do in a single day and expect satisfactory results: I gave repairing what I had one more chance.

Net Work: Nothing

After sifting through the tons of free tools for checking SD card integrity, I landed on linux.goeszen.com/how-to-test-an-sd-card-on-ubuntu. It tells of a tool that “comes with most debian based *nix systems” called dosfsck (also present on Manjaro). I told it to repair the SD card and test for bad clusters. It found a “dirty bit.” I won’t pretend to understand, but it appears to involve the computer’s CPU tracking modified data in RAM.

There was another error it found and repaired I wasn’t able to understand myself, but when I booted it back up, everything was back to the way it was before. The next step is to make another image and do some research before hacking another OS in there.

Takeaway

In retrospect, I probably should have checked if GoldenOakLibry, my Network Attached Storage (NAS) unit, can do Git easily. I’ll probably need more than the 64 GB of storage in the server’s card. Besides, I’m asking for trouble if I don’t at least schedule regular backups for something as important as passwords, even if I weren’t thinking in terms of potentially faulty SD card.

Final Question

On a scale of annoyed to paralyzed, if you had to roll a many sided die and yank that hard drive as if it were now destroyed, how much pain would you be in?

Posted on

BitWarden: My New Password Manager

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am switching my password manager from LastPass to Bitwarden. Let’s get started!

Introduction: Password Strength

It’s almost comical when a digital security expert starts a talk in a packed auditorium and asks, “How many of you use the same password everywhere you go?” and half the people raise their hands. A facepalm or two later and the speaker may start comparing it to how that’s like a company keying all their locks to the same key, regardless of department or security level. It’s a stupid, stupid, stupid idea, and I am guilty of doing it up until two or three years ago.

The absolute worst password you can use is one someone else has without permission. The next worst password is one someone else can quickly guess. Web Comic XKCD – Password Strength gives a concise explanation: long, simple passwords are easier to remember and harder to guess than short passwords butchered by special characters.

But you could have the strongest password in the world, and still be vulnerable if you’re using that password for all your accounts. If just one of your sites is compromised, an attacker now has a key ring to go try all the popular sites to try and let himself in, and you will need to spend a long time cleaning up.

Password Managers

But then, convenience. The human mind would rather not remember tens or hundreds of passwords that may be up to date or replaced. That is where a password manager comes in. You log in with your one master password, and it automatically fills in passwords as you go. Set up properly, it’s even faster than entering your one password each time everywhere you go, and a basic setup isn’t all that hard to do.

At this point, a password manager should sound like a major security vulnerability, akin to a nicely organized key cabinet in the lobby, but a properly designed password manager never knows your passwords except when and where they’re needed. Your master password is used to help scramble and unscramble your passwords on your own computers. The rest of the time, it’s a bunch of otherwise meaningless garbage to anyone trying to poke at it.

Furthermore: don’t “log in with <Platform X>”. Ever. Only if there’s no other way, and even then: take pause. Merged accounts are worse than using the same password because they are by definition using the same username as well. A break-in to one is a break-in to all linked accounts.

From LastPass to BitWarden

I am displeased to announce that LastPass today is chasing off a lot of their free users by making them choose between types of devices: desktop/laptop and mobile. I personally only use a tablet for one or two things, like reading my Bible or viewing PDF’s. This won’t affect me but maybe once a month or two when I’m not bothering to walk to a desktop. Still, I don’t like it. It’s not like they’re getting any of my money anyway.

I chose BitWarden because it kept coming up as a good alternative. Not only is it open source, but their code has been audited, and I can self-host it as well: all are highly desirable features whereas LastPass is -at most- only audited.

The actual switch once I had my personal server up was easier than getting the dogs ready for a walk. All my passwords were moved in a single transaction, categories and all.

Personal BitWarden Server

First of all, IF YOU DON’T KNOW WHAT YOU’RE DOING, JUST SET UP A REGULAR ACCOUNT! That said, I want to challenge myself, and I believe this is reasonably within my grasp. I closely followed sensiCLICK’s Full Guide to Self-Hosting Password Manager Bitwarden on Raspberry Pi on my BlinkiePie, my Pi 3B+ using a fresh, minimal install of a Raspberry OS.

I don’t really have much to say here because I don’t understand a lot of the new stuff I did. There were some instructions that had changed in the months since the video was released, but there were notes in the chapter titles. The tutorial ironically didn’t encourage its viewers to change the default password of ‘raspberry’ as you should. I changed the hostname, gave it a static IP, and not much else. I’ll need to save locking it down for another week when I have more time to propagate BitWarden across the rest of my devices that need it.

Takeaway

Passwords, like locks, are a balance between how badly people want in vs how badly you want to keep them out. Short passwords are easier to enter (if they can be remembered), long passwords keep attackers out longer.

Final Question

How many unique passwords do you use?

Posted on

“Beowulf Cluster:” Part 6: OpenWRT Installed

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I’m installing OpenWRT Linux router distribution on a card for a Raspberry Pi 4. Let’s get started!

Background

A while ago, at the beginning of lockdown, I was gifted a few microcomputers I wanted to arrange into a cluster, maybe even turn them into a model supercomputer. I was planning on using OpenWRT, but it wasn’t –and technically still isn’t– available for the Pi 4 outside the use of snapshots. I compromised by configuring a minimal Raspian installation, but I’ve yet to figure out how to program the firewall to disallow computers on its Local Area Network (LAN) from going anywhere online without my say so in addition to keeping them hidden from the Wide Area Network (WAN).

My efforts back then were still possibly the most useful project I’ve done to date: I’ve been using that card as my main Wi-Fi receiver for my workstation. I conjecture it should be just fine with a Pi 4 (1 GB RAM), but since all my more qualified Pi 4’s are busy, my fancy Pi 400 has been serving in that capacity.

Installation

As noted above, OpenWRT for the Pi 4 is only officially available as a snapshot. These builds often lack recommended packages, including any GUI I might want to explore. This is where community builds come in. My research converged on one by wulfy23.

The GitHub’s readme’s took me a while to understand, in part because of all the options. I gathered that there were “factory” builds and “system” builds. Factory builds are for fresh installs, and system builds are for upgrading existing systems. At that time, there were as many as three builds for download, and choosing the right one seemed almost arbitrary.

My first time installing, I totally forgot to check the provided SHA256SUM before unzipping it and dd’ing it to SD card and booting. I landed in a terminal that kept mixing the prompt with other messages. Reaching out to a support thread on the OpenWRT forum, I learned about the web interface, and how to connect to it.

The URL I was given failed every time, even my workstation alone with the router on my switch. I ended up going directly for the IP: 192.168.1.1. I was met with an inadequate dark mode I couldn’t find the settings for. I expect they’re probably there, and I spent a small amount of time looking for them by tossing reasonable sounding URL’s around and hoping for the best, but comparing notes among other tabs in the interface, I think the chances of happening across the specific one I need are slim.

Installation Take Two

I went through the same process another day, and found only a single version for download from the same place. The SHA256SUM checked out, and instead of unzipping it first, I learned about zcat, a little command line utility that can unzip a file to be piped into another command. I piped it directly into dd per an example installation I spotted my first go around installing OpenWRT.

I provided a root password and found a different theme that didn’t force a partial dark mode on me in short order. I found built in tools for ad blocking network wide, settings for managing network interfaces, and most importantly to this project: a fire wall. Alas, the fire wall remains something I have little practical understanding of. I’d like to believe I have a mid-range understanding of what it can do, but my only real hope is copying lines and hoping they do what I want – the last thing one wants in a firewall intended for actual security. No. A custom firewall is at least a week in and of itself.

Takeaway

I really like trying to do two weeks worth of topics in a single week. It usually doesn’t work. Granted: I did have a rusty introduction to both parts of the topic I wished to fuse into one this week. I’m looking forward to remembering zcat in the future.

Final Question

What neat, little tips and tricks have you picked up during a larger project?

Privacy Policy