Connect the Raspberry to an existing local area network by cable.
– I used the Ubuntu “Shared to other computers”-Network manager Setting to bridge my eth0 to my wlan0 connection providing internet access.
Connect via ssh to this device
– username: pi
– password: raspberry
– usually you don’t now the ip of the device use nmap 10.42.0.0/24 -p 22 to search for open ssh devices
Scan for local wifi networks: sudo iwlist wlan0 scan
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf and add your wifi connection data:
network={
ssid="networkname"
psk="password42!"
}
restart the wifi and bring it to connection sudo ifdown wlan0 && sudo ifup wlan0
Get the latest software status lists: sudo apt-get update
Update all installed software: sudo apt-get upgrade -y
Install common software to harden the system: sudo apt-get install x11vnc htop bmon fail2ban vnstat ufw
– x11vnc: nice tool to use VNC connections on the main x session
– htop: visualizes processes and load in color
– bmon: visualizes network traffic
– fail2ban: handles bruteforce attacks by banning Ips for a certain amount of time
– vnstat: counts network traffic over time
– ufw: makes it easier to handle ipables and configure your firewall
Start the Raspberry Pi 3 Configuration Programm: raspi-config
– expand file system to match your sd card size
– set hostname in advanced settings
Because local package sources currently only offers tinc 1.0* versions we need to compile tinc ourselfs to use the features like invite or join of 1.1.
## we need root privileges
sudo -i
apt-get install build-essential liblzo2-dev libssl-dev libncurses5-dev libreadline-dev libghc-zlib-dev
cd /usr/local/src
wget http://www.tinc-vpn.org/packages/tinc-1.1pre11.tar.gz
tar -xvzf tinc-1.1pre11.tar.gz
cd tinc-1.1pre11
./configure --prefix= --sysconfdir=/etc --localstatedir=/var && make && make install
Harder than it looks but controlling an 5m led stripe using the esp8266 by the open pixel control protocol took me a night (and might be the reason for extra bad english as i write this post directly after it). But it’s real fun!
There are several ways to make the controller blink, the easiest way is shown here:
For the duration of infintiy, it sends the static header consisting of 4 bytes ( prio, command and checksum) followed by 8bit red 8bit green and 8bit blue for each led of the stripe. It gets the blinking values by asking the source of random in linux. It lacks a bit of white as my power source got to its limits, so if you reimplement this use 5V and 1A per 30 leds.
Another thing to mention is the data length field which are bytes 3-4 of the header or \x02\xA6 as in the command above. This length needs to equal the amount of leds times three, so in this example 226 Leds where controlled as the bytes in network order end up to be 678.
This results in that little animation:
Another possibility is to send these packets by a small python script like that:
import socket
import time
from struct import *
HOST = 'your-hostname'
PORT = 2342
colors = [(255,255,255), (255,0,0) ,(0,0,255), (0,255,0) ]
for color in colors:
print "sending color {} {} {}".format(color[0],color[1],color[2])
data = [pack('b',0),pack('b',0), pack('!h',678)];
for i in range(0,226):
data.append(pack('BBB',color[0],color[1],color[2]))
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
for i in range(0,1024):
s.sendto("".join(data),(HOST,PORT))
time.sleep(0.5)
s.close()
import pdb; pdb.set_trace()
There are several tutorials and files for running wordpress in docker. For me nearly none of them worked, therefore i wrote my own rerunable docker-compose file, which I like to share here now:
For my audiobook-feeds github repository I needed docker to be able to use a host volume mount which contained a remote sshfs mount located on my local raspberry pi with a attached external hard drive. For my own sake of documentation and to offer you something to profit from, I created this small howto:
First of all, connect to your server and mount your remote device via sshfs using the -o allow_root flag. The allow_other option I tried first didn’t work for some reason.
I use them frequently and automatically downloaded by the Podcatcher BeyondPod onto my smartphone. In contrast to podcasts, I transfered my audiobooks to my smartphone by cable – which usually was very annoying. Therefore I wrote a little script that is able to close the gap by converting all my audiobooks into subscribable podcast feeds!
it serves a website to browse your audiobooks and subscribe to certain books
serves rss and atom feeds for import
it offers a simple password protection to prevent copy right issues
runs in docker container (see MakeFile and DockerFile)
works when placed in subdirs example.com/audio/ (e.g. reg for ssl without wildcard)
allows custom theming and uses material design as default theme
handles encoding of filenames at best effort
Screenshot of the first available version of my audiobook-feeds project
I use it on regular basis and would like others to enjoy it as much as I do. So please feel free to use, spread and contribute to it. And see you soon 🙂
I use them frequently and automatically downloaded by the Podcatcher BeyondPod onto my smartphone. In contrast to podcasts, I transfered my audiobooks to my smartphone by cable – which usually was very annoying. Therefore I wrote a little script that is able to close the gap by converting all my audiobooks into subscribable podcast feeds!
it serves a website to browse your audiobooks and subscribe to certain books
serves rss and atom feeds for import
it offers a simple password protection to prevent copy right issues
runs in docker container (see MakeFile and DockerFile)
works when placed in subdirs example.com/audio/ (e.g. reg for ssl without wildcard)
allows custom theming and uses material design as default theme
handles encoding of filenames at best effort
Screenshot of the first available version of my audiobook-feeds project
I use it on regular basis and would like others to enjoy it as much as I do. So please feel free to use, spread and contribute to it. And see you soon 🙂
I use them frequently and automatically downloaded by the Podcatcher BeyondPod onto my smartphone. In contrast to podcasts, I transfered my audiobooks to my smartphone by cable – which usually was very annoying. Therefore I wrote a little script that is able to close the gap by converting all my audiobooks into subscribable podcast feeds!
it serves a website to browse your audiobooks and subscribe to certain books
serves rss and atom feeds for import
it offers a simple password protection to prevent copy right issues
runs in docker container (see MakeFile and DockerFile)
works when placed in subdirs example.com/audio/ (e.g. reg for ssl without wildcard)
allows custom theming and uses material design as default theme
handles encoding of filenames at best effort
Screenshot of the first available version of my audiobook-feeds project
I use it on regular basis and would like others to enjoy it as much as I do. So please feel free to use, spread and contribute to it. And see you soon 🙂
Certain programs (e.g. sketchup) and games (surprisingly just a few worth the effort) require to maintain a windows computer or virtual machine. Therefore updates on a regular basis are non optional. But why do I have to watch them, blocking the computer for hours and finally failing completely ?
just wait for it …
… ok, we’ll need to do this again 🙂
… not a very valuable post, but sitting in front of an 3h force updating computer softens the sense for time wasting.
I host my families E-Mail server, which is a combination of dovecot, postfix, postgrey, nginx, webmailer, etc. It highly depends on CA trusted SSL/TLS-encryption and in order not to be filtered by spam filters the credibility of not beeing spam. Therefore I also host my own nameserver with a glue record an set several important records in it, and offer several DNSSec records to provide a reliable chain of trust. – with one point of failure: hosteurope.
Not capable to connect my chain to the registrar authothority by publishing my DS Record.
Therefore every authority, bad mood admin or hacker can interrupt the dns pathfinding of clients or usual mail server and man-in-the-middle my setup, generate fake certificates and read my families mail. Thanks to ‘beeing economicly not relevant and therefore nothing we offer’- hosteurope.
In conlusion, all the things I’ve done to increase security have been for nothing – at least until I change my domain host. Which I will do, and highly would advise to everyone who wants to harden their infrastructure after the nsa scandal.