|
ante posted:
What does this mean
|
#
?
Aug 23, 2022 13:10
|
|
|
|
| # ? Apr 25, 2024 11:00 |
|
|
I would love to design the D1 into something, but a company called NXP is selling cheaper, more powerful, better documented processors. Ti is, as well. There are a few.
|
|
#
?
Aug 23, 2022 15:19
|
|
|
I'm a reformed embedded developer and I wish you godspeed, but please keep that thing away from me. The horror... The horror...
|
|
#
?
Aug 23, 2022 18:19
|
|
|
This just popped up in my news feed https://github.com/kingyoPiyo/Pico-10BASE-T Kind of neat. I guess it can emit valid UDP packets over cat5
|
|
#
?
Aug 23, 2022 18:23
|
|
|
Hadlock posted:This just popped up in my news feed I love this, very cool!
|
|
#
?
Aug 23, 2022 18:35
|
|
|
priznat posted:I love this, very cool! Wow, this is great, a tiny little thing you can drop on a hub and completely ruin DHCP!
|
|
#
?
Aug 23, 2022 18:59
|
|
|
Recently got a CO2 meter and decided to do some raspberry pi stuff with it. I have an original RBPi1B so I figured I'd run rust applications on it to make efficient use of limited resources, but this turned out to be more difficult than I expected. My options seem to be either upgrade the pi all the way from debian wheezy to a point where it can compile rust programs however slowly, or setting up my windows machine to build targeting the pi's architecture (this seems easier). Anyone done this before?
|
|
#
?
Aug 27, 2022 16:54
|
|
|
Looks like cross compiling rust is pretty straightforward sudo apt install gcc-arm-linux-gnueabihf rustup target add armv7-unknown-linux-gnueabihf https://medium.com/swlh/compiling-rust-for-raspberry-pi-arm-922b55dbb050 Here is the rust thread https://forums.somethingawful.com/showthread.php?threadid=3694683 Also, I'd just flash the latest version of Linux onto the board and install rust there too, just in case you need it. Rust is one of the easier languages to install and get to hello world, imo
|
|
#
?
Aug 27, 2022 17:16
|
|
|
Tried the upgrade route by using `apt-get update` `apt-get upgrade` etc etc yesterday but wound up completely breaking the thing. It felt like some bitrot may have taken place because it kept complaining about dead links to repositories (`raspberrypi.collabora.com`). Just putting the latest compatible version of raspberry pi OS on the SD card via my laptop or whatever seems a lot more feasible though, I'll try that. Thanks! Edit: yep with the latest raspberry pi OS on the SD card it was just curl rustup and done. Mata fucked around with this message at 21:53 on Aug 27, 2022 |
|
#
?
Aug 27, 2022 17:35
|
|
|
This may have already been posted here so apologies if it's a repeat but I found some luck using this https://rpilocator.com/ to snag some pi 4's at msrp when they were in stock for about 20 seconds earlier today.
|
|
#
?
Sep 1, 2022 04:02
|
|
|
This is now the unofficial RISC-V thread https://www.sifive.com/press/nasa-selects-sifive-and-makes-risc-v-the-go-to-ecosystem NASA is going to use RISC-V in all their future missions
|
|
#
?
Sep 6, 2022 21:55
|
|
|
Hadlock posted:This is now the unofficial RISC-V thread Interesting. What was NASA using in this space before? From what I remember they got a lot of mileage out of radiation-hardened early x86 and PowerPC chips prior to this… It also makes me wonder what manufacturing processes will be used.
|
|
#
?
Sep 6, 2022 21:58
|
|
|
Lol it's SPARC At least some of their software is targeting the LEON3
|
|
#
?
Sep 6, 2022 23:10
|
|
|
Hasturtium posted:Interesting. What was NASA using in this space before? From what I remember they got a lot of mileage out of radiation-hardened early x86 and PowerPC chips prior to this… It also makes me wonder what manufacturing processes will be used. They are still using the... rad750 ppc chip from ~1997. It's basically the G3 processor out of a blueberry iMac
|
|
#
?
Sep 7, 2022 04:41
|
|
|
Hadlock posted:They are still using the... rad750 ppc chip from ~1997. It's basically the G3 processor out of a blueberry iMac Every time I think about this fact I picture a bunch of colorful iMacs tumbling around in space like the personality cores at the end of Portal 2.
|
|
#
?
Sep 7, 2022 14:10
|
|
|
I'd like to access my pi from my desktop, but I am worried about security. If I enables SSH, is my pi available on the internet or only on LAN? Is it certain that I need to take extra stops to enable access from the internet? I'd only want to access it on lan for the security benefits. I haven't been able to find answer on google.
|
|
#
?
Sep 8, 2022 06:17
|
|
|
It should only be available on your local network, but there are steps to protect yourself. Have you changed the username away from the default? If not, do that. Then you can set your pi up to do private key authentication and disable password authentication. I did a quick google and I think this guide should work. Once that is set up, you can open up putty or mobaXterm or whatever you are using, connect to your pi, type in your key's password if you set that up, and you're good to go. Setting up private key authentication and disabling password logon means the pi will only accept a key it recognizes and never even bothers to let someone type a password. No one should be able to connect to your pi besides you, unless they were really determined. But no one doing drivebys looking for open ports is going to bother brute forcing your private key when there are plenty of people running unprotected VNC servers.
Cojawfee fucked around with this message at 06:35 on Sep 8, 2022 |
|
#
?
Sep 8, 2022 06:33
|
|
|
Most routers built after ~2005 won't allow any incoming traffic that didn't originate from inside your local network, no additional work should be needed there If you use SSH key auth + install fail2ban + disable password login, disable root login, you should be fine Most of my raspberry pi projects don't last long enough for me to care, personally, when I'm loving around on a project for a day or two, i just use u: pi pw: pi. There's not much value in hacking a pi, can't mine bitcoin, and it probably doesn't have access to your personal computer, and has high likihood of getting the disk wiped google "raspberry pi security hardening" there should be 20+ good articles that come up
|
|
#
?
Sep 8, 2022 06:34
|
|
|
Keisari posted:I'd like to access my pi from my desktop, but I am worried about security. If I enables SSH, is my pi available on the internet or only on LAN? Is it certain that I need to take extra stops to enable access from the internet? I'd only want to access it on lan for the security benefits. For some time the default OS disables password based SSH by default. Only key based is available (you can't brute force or guess that.). Also if your raspberry is behind a router you explicitly need to forward the ssh port. So by default its safe.
|
|
#
?
Sep 8, 2022 07:22
|
|
|
MikusR posted:For some time the default OS disables password based SSH by default. Only key based is available (you can't brute force or guess that.). Also if your raspberry is behind a router you explicitly need to forward the ssh port. So by default its safe. Cojawfee posted:It should only be available on your local network, but there are steps to protect yourself. Have you changed the username away from the default? If not, do that. Then you can set your pi up to do private key authentication and disable password authentication. I did a quick google and I think this guide should work. Once that is set up, you can open up putty or mobaXterm or whatever you are using, connect to your pi, type in your key's password if you set that up, and you're good to go. Setting up private key authentication and disabling password logon means the pi will only accept a key it recognizes and never even bothers to let someone type a password. No one should be able to connect to your pi besides you, unless they were really determined. But no one doing drivebys looking for open ports is going to bother brute forcing your private key when there are plenty of people running unprotected VNC servers. Hadlock posted:Most routers built after ~2005 won't allow any incoming traffic that didn't originate from inside your local network, no additional work should be needed there Thanks all! God drat, it sounds like after I've done all that my Raspberry Pi will be more secure than my laptop.  It also sounds like if I do those steps I can expose it to the internet to be able to securely play with it when away from home as well.Hadlock posted:
Yeah this one is my pihole so it's going to be around for a long time. It's my first Raspberry Pi and first Linux computer ever, so I want to easily connect to it and form a remote desktop so it can stay on the shelf but still be convenient. But yeah, wanted to make sure that no one can leverage it to break into my network. Also this all will probably apply on all other Linux based machines? So if I say, build a Linux based cluster computer and set it up away from home, I should be able to use this poo poo I learnt with my pi and more or less directly apply to those as well?
|
|
#
?
Sep 8, 2022 07:41
|
|
|
Keisari posted:Thanks all! God drat, it sounds like after I've done all that my Raspberry Pi will be more secure than my laptop. Please don’t expose your raspberry pi’s SSH ports to the internet. PiVPN is right there! Install a WireGuard server onto it and set your other devices as clients. Duckdns will easily and freely handle the DDNS requirements you’ve got anyway. Expose the WireGuard ports and use WireGuard to access your home network while away.
|
|
#
?
Sep 8, 2022 12:21
|
|
|
As a data point, I have a pi's SSH port exposed to the internet, and it's got a domain name associated with its IP so it's super easy to find. At the very beginning when it was still on port 22, I would get a decent spam of mostly Chinese IPs trying default credentials. As soon as I changed the port to a random five-figure number, they slowed down to a trickle, like 5-10 per day.
|
|
#
?
Sep 8, 2022 14:17
|
|
|
tuyop posted:Please don’t expose your raspberry pi’s SSH ports to the internet. PiVPN is right there! Install a WireGuard server onto it and set your other devices as clients. Duckdns will easily and freely handle the DDNS requirements you’ve got anyway. Expose the WireGuard ports and use WireGuard to access your home network while away. Tailscale.
|
|
#
?
Sep 8, 2022 14:23
|
|
|
Subjunctive posted:Tailscale. Please elaborate.
|
|
#
?
Sep 8, 2022 14:41
|
|
|
Blue Footed Booby posted:Please elaborate. There’s almost nothing to elaborate on, it really just works. Any kind of device, log in with email, let other specific people access specific machines, works through all the bullshit NAT/double-NAT in the world. DNS just works, file transfer just works, no firewall-port-management etc. All the security properties of WireGuard but as close to “self-managing” as networking can really be. It’s honestly one of the best pieces of technology I’ve ever encountered. (It’s a bit trickier to get going on Steam Deck in a clean way, but the steps are on a blog post from the team.) https://tailscale.com/ — no referral code or anything, just good vibes
|
|
#
?
Sep 8, 2022 14:53
|
|
|
I already have PieVpn set up so I was mostly just thinking it would benefit folks maybe trying to choose between the two to have more than a name to go off of. PieVPN isn't exactly rocket science, so I have a hard time imagining anything else being THAT much easier or better since it's still wireguard, but it sounds worth considering for anyone starting fresh. Blue Footed Booby fucked around with this message at 16:09 on Sep 8, 2022 |
|
#
?
Sep 8, 2022 16:06
|
|
|
Keisari posted:Thanks all! God drat, it sounds like after I've done all that my Raspberry Pi will be more secure than my laptop. Yes, but, ideally you have what's called a "bastion host" (google it) where basically you have a single, hard-core 133t h4cker-pr00f node that's super locked down and only has one port open, like 38296, or whatever, you login to that, and then the rest of your nodes, depending on your network, only accept connections from CIDR range 192.168.xxx.xxx/19 or 10.xxx.xxx.xxx/4. Since the internet does not use 192.168 and 10.x for external routing, those other nodes will only talk to eachother, plus your one locked down hacker-proof node. TL;DR setup one node that you can reach from the internet, setup all the other nodes to only talk to that one node + eachother, which is easiest by just whitelisting those private-ip ranges Realistically SSH key auth is secure enough, provided you update ssh-* at least annually, but it's good to practice good security hygine At one company we had a bastion host setup for looker, an analytics software as a service; they connected to the bastion host and it was so old we'd lost the key to administrate it, was just sitting out there unpatched for like 2-3 years, had direct access to our production db + a handful of replicas, was fine, probably And yes, deffo change your ssh port to something besides 22, once you've generally figured out how things work. Everything defaults to 22 so to avoid a lot of headaches, change the port number last wireguard is cool and good too, don't know much about tailscale
|
|
#
?
Sep 8, 2022 18:19
|
|
|
Completely aside from VPN & high-security stuff, if you have a Pi on your home network and you want to keep using password login for convenience over keyfiles, you can restrict which IP addresses that sshd will allow to login. sshd_config example: code:This is much less secure than a keyfile. But in situations where you maybe hand out your wifi password to friends and friends-of-friends on the regular, it is a bit of added mitigation against someone unwittingly bringing a compromised machine onto your network that starts port-scanning everything. (or snoopy nerds if you have bad friends)
|
|
#
?
Sep 8, 2022 18:39
|
|
|
Hadlock posted:Most routers built after ~2005 won't allow any incoming traffic that didn't originate from inside your local network, no additional work should be needed there While it's almost certainly not applicable to this situation, it's probably important to note the horrors of UPnP near a sentence like that.
|
|
#
?
Sep 9, 2022 00:57
|
|
|
Subjunctive posted:There’s almost nothing to elaborate on, it really just works. Any kind of device, log in with email, let other specific people access specific machines, works through all the bullshit NAT/double-NAT in the world. DNS just works, file transfer just works, no firewall-port-management etc. All the security properties of WireGuard but as close to “self-managing” as networking can really be. It’s honestly one of the best pieces of technology I’ve ever encountered. I may be redoing a bunch of networking this fall so I’m going to look into that. Never could get my hostnames to work over WireGuard or OpenVPN. Everyone just tells me to read the DNS documentation lol.
|
|
#
?
Sep 9, 2022 01:14
|
|
|
Subjunctive posted:There’s almost nothing to elaborate on, it really just works. Any kind of device, log in with email, let other specific people access specific machines, works through all the bullshit NAT/double-NAT in the world. DNS just works, file transfer just works, no firewall-port-management etc. All the security properties of WireGuard but as close to “self-managing” as networking can really be. It’s honestly one of the best pieces of technology I’ve ever encountered. this is pretty cool, I've got my phone routing all it's traffic through my pi-hole at home.
|
|
#
?
Sep 9, 2022 16:10
|
|
|
Apparently you can do 2fa for ssh now? kind of neat https://ubuntu.com/tutorials/configure-ssh-2fa#1-overview Basically after your ssh key is accepted, you then need to open up Google Authenticator app on your phone and plug in a rotating, random six digit number. Since chinese or russian hackers won't have physical access to your phone (unless you're in to some really, really deep poo poo) they won't be able to login to your computer even if you accidentally leak your ssh key on a public github repo, or whatever Re: domains you can buy a domain through amazon or google dns, and via route53 or google clouddns you can do cool poo poo like generate valid SSL certs using letsencrypt which can talk to those apis on those cloud providers. A domain is like $12 a year and I'm pretty sure it's like less than a dollar a year to do anything fancy with it. As long as your raspberry pis can talk to the internet, they'll be able to read/update themselves with your latest Real Domain stuff I have a couple of amusing domains I use for side projects, .us domains are like $11 a year and you can make all sorts of amusing stuff like ____octop.us; redoctop.us, interstellaroctop.us, zoctop.us, dococtop.us etc etc At one point I owned miramar.cc which translates to "see the sea dot see sea" 
Hadlock fucked around with this message at 19:59 on Sep 9, 2022 |
|
#
?
Sep 9, 2022 19:49
|
|
|
That's nothing new, been doing that on my home server for years and years. It's skipped by an SSH key I have on my personal devices but means I can still log on by the less secure password method from a computer without one
|
|
#
?
Sep 9, 2022 21:23
|
|
|
Keisari posted:Yeah this one is my pihole so it's going to be around for a long time. It's my first Raspberry Pi and first Linux computer ever, so I want to easily connect to it and form a remote desktop so it can stay on the shelf but still be convenient. But yeah, wanted to make sure that no one can leverage it to break into my network. To add to what other have said, not that you've said you were going to, but I wanted to mention to be careful exposing a dns server to the internet. Pi-hole's forums and subreddit are full of posts where users become drive-by targets, since there's many dns-based attacks that open servers can be used for. If you didn't want to vpn all your traffic, split tunneling with any of the vpn solutions mentioned would be a way to send your dns traffic through your Pi-hole when away. All, various vpn solutions allow you to set exceptions per-network (admittedly, I've only done this with Wireguard), so you can disable the vpn on your phone while at home.
|
|
#
?
Sep 11, 2022 14:42
|
|
|
Hadlock posted:There's not much value in hacking a pi There's all sorts of crime that sees value in compromising any Internet-connected device. For instance, DDoS attacks. Also, if you gain access to the LAN, it makes it much easier to go after other devices on the LAN, including the desktop everybody assumes is the high-value target (it isn't necessarily). Please, everybody, stay on top of the security patches.
|
|
#
?
Sep 11, 2022 20:38
|
|
|
Yeah, an exposed and vulnerable Pi is certainly a valuable asset for lateral movement inside your network perimeter, if nothing else.
|
|
#
?
Sep 12, 2022 11:10
|
|
|
Hadlock posted:Re: domains you can buy a domain through amazon or google dns, and via route53 or google clouddns you can do cool poo poo like generate valid SSL certs using letsencrypt which can talk to those apis on those cloud providers. A domain is like $12 a year and I'm pretty sure it's like less than a dollar a year to do anything fancy with it. As long as your raspberry pis can talk to the internet, they'll be able to read/update themselves with your latest Real Domain stuff If you want to try having a domain for free, you can use services like https://sslip.io which will automatically point to [your-ip].sslip.io, then you can set up an automatic-TLS on your server like Caddy or Nginx Proxy Manager which will obtain and renew a free TLS certificate. Big disclaimer: most home internet connections have dynamic IPs which change semi-regularly. To have a 'permanent' IP, you need to either ask your ISP to give you a static IP (mine gave me one for free, but I understand it's not common - if they ask you to pay for it, just buy a regular domain instead) or check if both your home connection and your clients (mobile etc.) support IPv6 and use that.
|
|
#
?
Sep 12, 2022 11:37
|
|
|
Fliptwist posted:This may have already been posted here so apologies if it's a repeat but I found some luck using this https://rpilocator.com/ to snag some pi 4's at msrp when they were in stock for about 20 seconds earlier today. Thanks for posting this, I finally got a 4 last week to replace my 3B+. I’m absolutely loving the new feature of being able to use Ethernet and USB at the same time without crashing!
|
|
#
?
Sep 16, 2022 14:16
|
|
|
I snagged a Zero 1.3 from BerryBase in Germany (I'm in Denmark). Everyone wants the W and 2 W, so there were hundreds in stock. Only one per customer, though.
|
|
#
?
Sep 16, 2022 15:08
|
|
|
|
| # ? Apr 25, 2024 11:00 |
|
|
KozmoNaut posted:I snagged a Zero 1.3 from BerryBase in Germany (I'm in Denmark). Everyone wants the W and 2 W, so there were hundreds in stock. Only one per customer, though. Crazy. A few years ago I ordered a 0W from them, which was one per customer. And I added a normal 0 to meet a shipping minimum, I could have bought a whole box. Still haven't found a use yet. All my projects that are worth using a pi profit from having the wireless.
|
|
#
?
Sep 16, 2022 15:23
|
|
