在機房裡面看到奇怪的 Raspberry Pi?

看到「The curious case of the Raspberry Pi in the network closet (2019) (blog.haschek.at)」這篇消息,這篇是 2019 當時的新聞,我當時就有看到,不過好像沒寫下來... 原文在「The curious case of the Raspberry Pi in the network closet」,基本上是個在機房裡面發現奇怪的設備,然後追查兇手的故事。

先整理一下事情,作者的父親 (看起來與作者都是這個行業的人) 在機房裡面發現一個奇怪的 Raspberry Pi 設備:

跟能夠進入機房的人確認後發現這不是他們帶進來的設備。另外他就請他爸把 SD card 裡面的東西倒出來再傳給他分析 (因為作者當時在遠端):

I asked him to unplug it, store it in a safe location, take photos of all parts and to make an image from the SD card (since I mostly work remote).

後面就是抓出這個設備是誰擁有的過程了,最後找到人交給 legal 處理。(這樣講好像太簡單了,但有興趣的人可以回去看作者的說明)

另外當年作者就有提到這個單位的 IT team 不大 (只有四個人),加上 BYOD 的政策,導入 802.1X 反而會帶來太多人力成本:

Good points. The problem is, there are over 1000 people coming and going every day, the site has a BYOD strategy and the IT team is 4 people. We tried implementing 802.1X for LAN devices but it was soo much overhead that we dropped that.

The thing of this case is that the person was only able to place the Pi there because he had a key to the network closet. That's game over no matter how many security protocols you implement

We did change the server passwords though

結果六年以後在 Hacker News 上被提起來,作者又來補充了一些事情,在 id=38923967 這邊提到這個點是一間學校,而他們是 contractor 的角色,所以有很多事情沒辦法直接推動:

OP here. What I didn't mention in the article is that this actually happened in a public School (small-ish for US standards as there are just ~1000 students and 100 teachers)

Hard to get the budget for serious switching hardware, even harder to get people who know how to manage them as I'm just an external contractor but can't exceed the alotted budget for my work there

另外在 id=38923991 這邊則是提到是歐洲,另外似乎是私下解決了,沒有上到法院:

OP here. Court records are thankfully not public in europe and it's even illegal to name names in public (unless it's about a public figure)

As far as I know there also were no court proceedings as this was handled internally

算是稍微補充了當年的一些難處...

Raspberry Pi 5 在 shutdown 狀態時的電力消耗過高問題

在「Reducing Raspberry Pi 5's power consumption by 140x」這邊看到的,講 Raspberry Pi 5 在 shutdown 狀態下電力消耗過高的問題。

依據 Jeff Geerling 提到,在 shutdown 狀態下仍然會消耗 1.2W~1.6W:

Because of this, a Pi 5 will still sit there consuming 1.2-1.6W when completely shut down, even without anything plugged in except power.

也有提到解決方法是把 POWER_OFF_ON_HALT 改成 1,他給的範例另外有多一些設定,但跟這次的功耗問題無關:

[all]
BOOT_UART=1
WAKE_ON_GPIO=0
POWER_OFF_ON_HALT=1

依照文章裡面的說明設定好,重開再 shutdown 測試就可以看到整個降下來了:

Save that configuration and reboot, then next time you shut down, you should see power consumption go down from 1-2W to 0.01W or even less:

應該算是某種 bug 或是 regression,後續預設值應該會修正?

Raspberry Pi 5 拿掉硬體的 H.264 encoding

HN 上看到「Raspberry Pi 5 has no hardware video encoding and only HEVC decoding (raspberrypi.com)」,原文指到 Gordon Hollingworth 的回覆這邊,可以看到這是上個月的消息了。

Raspberry Pi 一直都有硬體 H.264 encoding 的能力,不過這個在 Raspberry Pi 5 上被拿掉了,所以得用軟體壓。

官方有提到 Raspberry Pi 5 的 CPU 因為比之前快很多,單顆就有辦法做到 1080p60 (而 RPi5 有 4 CPU),所以除了 power consumption 以外應該不是大問題:

Obviously, the bad thing is the power consumption, but actually it only takes around 1 processor to encode 1080p60 with our default settings (which is still better quality than the PI 4 hardware encoder).

不過 HN 上猜是授權費用之類的問題,我在想是不是新的晶片組的 encoding license 都綁在一起,H.264 + H.265 得一包一起買,而 H.265 的授權費是眾所皆知的貴...

當 desktop 應該是還好,但就心裡有個底...

在 Raspberry Pi (32-bit) 上安裝 Tor

Raspbian (bullseye) 裡面的 Tor 版本太舊 (0.4.5.16-1):

0.4.5.16-1 (/var/lib/apt/lists/raspbian.raspberrypi.org_raspbian_dists_bullseye_main_binary-armhf_Packages)
 Description Language: 
                 File: /var/lib/apt/lists/raspbian.raspberrypi.org_raspbian_dists_bullseye_main_binary-armhf_Packages
                  MD5: 9106e8e4b3843ebd532ba2b89615a92e
 Description Language: 
                 File: /var/lib/dpkg/status
                  MD5: 9106e8e4b3843ebd532ba2b89615a92e

這個版本試著連上線的時候會發生像是這樣的錯誤訊息:

Oct  4 10:55:58 myserver Tor[991]: http status 400 ("Tor version is insecure or unsupported. Please upgrade!") response from dirserver 1.2.3.4:80. Please correct.

本來想說可以裝 Tor 官方的版本 (官方有提供 apt repository),結果發現官方不支援 Raspberry Pi 一代用的 armhf 了,只好另外找...

然後翻到「http://raspbian.raspberrypi.org/raspbian/pool/main/t/tor/」這邊有看到新版的 deb 檔案,但拉下來後發現 dependency 需要 libssl3,在 bullseye 上面沒辦法跑。

後來在 Reddit 上翻到有人貼出來的 workaround:「How do I update my TOR relay on a 32-bit armhf bullseye system (Raspberry Pi 3) to the latest version?」,方法是去 Debian 那邊挖 bullseye-backport:「Debian -- Package Download Selection -- tor_0.4.7.13-1~bpo11+1_armhf.deb」。

拉下來以後直接 dpkg -i 幹進去,然後重跑 Tor 看 /var/log/syslog 內容,發現就連上了。

不是最新版 0.4.8.x,但至少能用...?

Raspberry Pi 5 的一些細節出現了...

上一篇「Raspberry Pi 5」提到了一些來自 Raspberry Pi 官方的說明,後續各個媒體 (像是 YouTuber) 也都解禁放出不少資料可以參考了,其中電源的部分在「Answering some questions about the Raspberry Pi 5」這邊看到不認 USB PD 的 5V/5A 的問題,目前看起來是走獨規:

I also tested the Radxa USB-C PD 30W power adapter, which says it will output 5V at 5A, but the Pi only negotiates 3A with it right now. I've been in contact with Pi engineers and it seems like they have one on the way to test to see why it's not negotiating more.

另外看起來之後有機會支援 12V/2.25A (換算起來是 27W) 的充電頭,有機會透過韌體更新認得 PD?

I should also note the official adapter lists 12V at 2.25A output as an option, so maybe some future Pi could take that and run with it, for increased compatibility with more USB-C PD adapters (5V at 5A is a rarely seen, though it's an option in the spec).

不過即使走 5V/3A (15W),在一般的應用下是夠用了,到時候拿到來玩看看...

Raspberry Pi 5

Raspberry Pi 5 的消息出來了:「Introducing: Raspberry Pi 5!」。

價錢是 $60 (4GB RAM 版本) 與 $80 (8GB RAM 版本),目前看起來是 pre-order 階段。

Today, we’re delighted to announce the launch of Raspberry Pi 5, coming at the end of October. Priced at $60 for the 4GB variant, and $80 for its 8GB sibling, virtually every aspect of the platform has been upgraded, delivering a no-compromises user experience.

其中一個大賣點應該是效能了,宣稱與 RPi4 相比,CPU/GPU 效能是以前的兩倍到三倍,記憶體與 I/O 的頻寬也加倍了,所以應該是所有應用都會變快不少:

Today, that effort bears fruit, with the launch of Raspberry Pi 5: compared to Raspberry Pi 4, we have between two and three times the CPU and GPU performance; roughly twice the memory and I/O bandwidth; and for the first time we have Raspberry Pi silicon on a flagship Raspberry Pi device.

等到後續出貨應該就會有資料可以看了,不過從時脈就可以看出一些重點,上一代還是 1.5GHz (或是後來更新的 1.8GHz),這一代拉到 2.4GHz 了:

2.4GHz quad-core 64-bit Arm Cortex-A76 CPU

而後續也提到,在相同的 loading 吃電量比 RPi4 低,但因為 boost 的關係,瞬間最高吃電量從以前 RPi4 的 8W 變到 RPi5 的 12W:

Raspberry Pi 5 consumes significantly less power, and runs significantly cooler, than Raspberry Pi 4 when running an identical workload. However, the much higher performance ceiling means that for the most intensive workloads, and in particular for pathological “power virus” workloads, peak power consumption increases to around 12W, versus 8W for Raspberry Pi 4.

但也因為這樣,如果你拿 15W 的 USB-C 充電器時,他的 USB port 就只能提供 3W 的功率了 (剛好就是他提到的 5V/600mA):

When using a standard 5V, 3A (15W) USB-C power adapter with Raspberry Pi 5, by default we must limit downstream USB current to 600mA to ensure that we have sufficient margin to support these workloads. This is lower than the 1.2A limit on Raspberry Pi 4, though generally still sufficient to drive mice, keyboards, and other low‑power peripherals.

如果要能夠讓 USB 可以供應足夠的功率 (像是外接的機械硬碟這種會吃比較多電的設備),需要使用 5V/5A 的充電器。

但這邊提到 RPi5 firmware 在偵測到 5V/5A 的充電器時會提高限制,而不是提到 USB PD,所以可以預期是特規?

For users who wish to drive high-power peripherals like hard drives and SSDs while retaining margin for peak workloads, we are offering a $12 USB-C power adapter which supports a 5V, 5A (25W) operating mode. If the Raspberry Pi 5 firmware detects this supply, it increases the USB current limit to 1.6A, providing 5W of extra power for downstream USB devices and 5W of extra on-board power budget: a boon for those of you who want to experiment with overclocking your Raspberry Pi 5.

供貨的部分反而沒有聊到太多,但 RPi4 最近的供貨還算可以,所以可以預期 RPi5 應該不會太差?

Raspberry Pi 的供貨開始穩定?

在「Chart confirms higher level of Raspberry Pi restocks」這邊看到的,看起來 Raspberry Pi 的供貨逐漸穩定下來了?

透過監控各網站的供貨情況來看,可以看到這一個月 RPi4 的出現機率高不少:

算是好消息吧?比起其他的 SBC 來說,Raspberry Pi 上軟體的 ecosystem 還是強太多。

不過話說最近用 Intel N100 的主機,整台機器包了 16GB RAM + 512GB SSD 才 US$170,然後可以灌官方的 Ubuntu 22.04,在比較吃計算資源的應用上感覺比 Raspberry Pi 4 強好多啊... 當然這東西沒有 GPIO,畢竟主打的方向不同,不過如果買個 USB 轉 GPIO 的介面來用其實也是可以...

Raspberry Pi 4 將可以透過有線網路安裝系統了

在「Raspberry Pi 4 to support Network install to a blank MicroSD card」這邊看到 Raspberry Pi 4 將可以透過有線網路安裝系統了:

The Raspberry Pi 4 will soon be able to install Raspberry Pi OS without the need for external hardware to flash the image.

先前都是透過其他機器先刷好 SD card 再放進去開機,之後可以透過有線網路直接裝,讓步驟簡單一些... 另外有提到這次會支援的只有 RPi4 與 CM4 機種,先前的版本還是得透過其他機器生出可開機的 SD card:

The Raspberry Pi Foundation simply changed the bootloader code to enable the Network install feature, and yes, it will only work with Raspberry Pi 4, CM4, and Raspberry Pi 400 keyboard PC, but not Raspberry Pi 3 and earlier models.

Raspberry Pi OS 64-bit 與 32-bit 的效能差異

前幾天提過「Raspberry Pi OS 64-bit 版本正式推出」,而 Phoronix 實際拿正式版測試 64-bit 與 32-bit 的系統差異了,在「Raspberry Pi OS 32-bit vs. 64-bit Performance」這邊可以看到每一個測試項目的結果。

測試的硬體是 Raspberry Pi 400,這台機器基本上就是 4GB 版本的 Raspberry Pi 4 加上週邊配件:

Using a Raspberry Pi 400 keyboard computer with 4GB of RAM, I ran some fresh benchmarks of Raspberry Pi OS in its default 32-bit build and then again with the new 64-bit build.

先講結果,在 Phoronix 的 33 個測試裡面,64-bit 全部都比 32-bit 好,而且是很明顯的差異:

Across the few dozen different workloads tested, switching Raspberry Pi OS 11 for the 64-bit version improved the performance on average by about 48%. See all the 32-bit vs. 64-bit Raspberry Pi benchmarks over on OpenBenchmarking.org.

之前 64-bit OS 還在 beta 的時候就已經知道這個情況了,所以不會覺得太意外。當時提出的解釋是指令集的差異,aarch64 提供的指令集比 armv6 有效率多了,這點在 2016 年的文章「64-bit ARM (Aarch64) Instructions Boost Performance by 15 to 30% Compared to 32-bit ARM (Aarch32) Instructions」這邊可以看到說明。

所以正式版出來以後,只要硬體有支援,基本上都建議裝 64-bit OS 了...