在 Raspberry Pi (32-bit) 上安裝 Tor

Raspbian (bullseye) 裡面的 Tor 版本太舊 (0.4.5.16-1):

0.4.5.16-1 (/var/lib/apt/lists/raspbian.raspberrypi.org_raspbian_dists_bullseye_main_binary-armhf_Packages)
 Description Language: 
                 File: /var/lib/apt/lists/raspbian.raspberrypi.org_raspbian_dists_bullseye_main_binary-armhf_Packages
                  MD5: 9106e8e4b3843ebd532ba2b89615a92e
 Description Language: 
                 File: /var/lib/dpkg/status
                  MD5: 9106e8e4b3843ebd532ba2b89615a92e

這個版本試著連上線的時候會發生像是這樣的錯誤訊息:

Oct  4 10:55:58 myserver Tor[991]: http status 400 ("Tor version is insecure or unsupported. Please upgrade!") response from dirserver 1.2.3.4:80. Please correct.

本來想說可以裝 Tor 官方的版本 (官方有提供 apt repository),結果發現官方不支援 Raspberry Pi 一代用的 armhf 了,只好另外找...

然後翻到「http://raspbian.raspberrypi.org/raspbian/pool/main/t/tor/」這邊有看到新版的 deb 檔案,但拉下來後發現 dependency 需要 libssl3,在 bullseye 上面沒辦法跑。

後來在 Reddit 上翻到有人貼出來的 workaround:「How do I update my TOR relay on a 32-bit armhf bullseye system (Raspberry Pi 3) to the latest version?」,方法是去 Debian 那邊挖 bullseye-backport:「Debian -- Package Download Selection -- tor_0.4.7.13-1~bpo11+1_armhf.deb」。

拉下來以後直接 dpkg -i 幹進去,然後重跑 Tor 看 /var/log/syslog 內容,發現就連上了。

不是最新版 0.4.8.x,但至少能用...?

Raspberry Pi 5

Raspberry Pi 5 的消息出來了:「Introducing: Raspberry Pi 5!」。

價錢是 $60 (4GB RAM 版本) 與 $80 (8GB RAM 版本),目前看起來是 pre-order 階段。

Today, we’re delighted to announce the launch of Raspberry Pi 5, coming at the end of October. Priced at $60 for the 4GB variant, and $80 for its 8GB sibling, virtually every aspect of the platform has been upgraded, delivering a no-compromises user experience.

其中一個大賣點應該是效能了,宣稱與 RPi4 相比,CPU/GPU 效能是以前的兩倍到三倍,記憶體與 I/O 的頻寬也加倍了,所以應該是所有應用都會變快不少:

Today, that effort bears fruit, with the launch of Raspberry Pi 5: compared to Raspberry Pi 4, we have between two and three times the CPU and GPU performance; roughly twice the memory and I/O bandwidth; and for the first time we have Raspberry Pi silicon on a flagship Raspberry Pi device.

等到後續出貨應該就會有資料可以看了,不過從時脈就可以看出一些重點,上一代還是 1.5GHz (或是後來更新的 1.8GHz),這一代拉到 2.4GHz 了:

2.4GHz quad-core 64-bit Arm Cortex-A76 CPU

而後續也提到,在相同的 loading 吃電量比 RPi4 低,但因為 boost 的關係,瞬間最高吃電量從以前 RPi4 的 8W 變到 RPi5 的 12W:

Raspberry Pi 5 consumes significantly less power, and runs significantly cooler, than Raspberry Pi 4 when running an identical workload. However, the much higher performance ceiling means that for the most intensive workloads, and in particular for pathological “power virus” workloads, peak power consumption increases to around 12W, versus 8W for Raspberry Pi 4.

但也因為這樣,如果你拿 15W 的 USB-C 充電器時,他的 USB port 就只能提供 3W 的功率了 (剛好就是他提到的 5V/600mA):

When using a standard 5V, 3A (15W) USB-C power adapter with Raspberry Pi 5, by default we must limit downstream USB current to 600mA to ensure that we have sufficient margin to support these workloads. This is lower than the 1.2A limit on Raspberry Pi 4, though generally still sufficient to drive mice, keyboards, and other low‑power peripherals.

如果要能夠讓 USB 可以供應足夠的功率 (像是外接的機械硬碟這種會吃比較多電的設備),需要使用 5V/5A 的充電器。

但這邊提到 RPi5 firmware 在偵測到 5V/5A 的充電器時會提高限制,而不是提到 USB PD,所以可以預期是特規?

For users who wish to drive high-power peripherals like hard drives and SSDs while retaining margin for peak workloads, we are offering a $12 USB-C power adapter which supports a 5V, 5A (25W) operating mode. If the Raspberry Pi 5 firmware detects this supply, it increases the USB current limit to 1.6A, providing 5W of extra power for downstream USB devices and 5W of extra on-board power budget: a boon for those of you who want to experiment with overclocking your Raspberry Pi 5.

供貨的部分反而沒有聊到太多,但 RPi4 最近的供貨還算可以,所以可以預期 RPi5 應該不會太差?

雙 Gigabit Ethernet 的 RPi CM 4 擴充卡

看到「Dual Gigabit Ethernet Carrier Board for Raspberry Pi Compute Module 4」這個東西,一張可以接 Raspberry Pi Compute Module 4 擴充的母卡。

這張卡有兩個 Gigabit Ethernet (1Gbps),以及兩個 USB 3.0 接口:

然後大家都想到類似的用途了,可以拿來當 router,還可以走 USB 拉出來,接個硬碟當個簡單的 NAS 用用:

The Dual Gigabit Carrier Board powered by Raspberry Pi Compute Module 4 is equipped with Dual Gigabit Ethernet ports and dual USB 3.0 ports, making it suitable for soft router applications, while keeping the hardware to minimal.

不過無線網路的部份得自己搞,在買 RPi CM 4 的時候得選擇有無線網路的版本,母卡 (擴充卡) 本身不負責這塊業務。

翻了一下資料,以前 CM3 (不是 CM3+) 也有廠商推出兩個網路孔的板子,不過當時是兩個 Fast Ethernet (100Mbps):「Compulab IOT-GATE-RPi Industrial IoT Computer is Powered by Raspberry Pi CM3 Module」。

這次推出的板子跑起 software router 效能不知道怎麼樣,單純就可玩性來看似乎是頗有趣東西?

用 Monitorix 代替自己搞的 MRTG

先前我家裡的有線電視網路上我放了一顆 Raspberry Pi 跑各種分析,包括用 MRTG 抓流量與溫度,還有用 SmokePing 抓網路狀況。

前幾天系統掛了,本來以為是 SD 卡掛掉,換了一張上去發現還是開不了機,後來才發現是板子掛了,記得這張板子是當年還在 K 社時 zonble 送的,記得是當年一代剛出沒多久很紅,算了一下這台也跑了七八年了...

網路上找了一下找到了便宜的 Raspberry Pi 3,弄了回來後裝一裝,剛好最近接觸 Monitorix 後發現裡面已經有很多現成的設定設好,只要開起來就可以自己抓到...

現在的版本自帶 HTTP server,但我希望透過 nginx 轉進去 (包成 HTTPS),這樣的話需要在 /etc/monitorix/monitorix.conf 裡加上:

url_prefix_proxy = https://rpi.gslin.com/

如果想要抓 Raspberry Pi 的電壓與溫度資訊,只要把檔案裡面的 raspberrypi = n 改成 raspberrypi = y 就可以了。

在 nginx 裡面把 /monitorix/monitorix-cgi 轉進去,像是這樣的設髮:

    location /monitorix {
        proxy_pass http://127.0.0.1:8080/monitorix;
    }

    location /monitorix-cgi {
        proxy_pass http://127.0.0.1:8080/monitorix-cgi;
    }

比起自己搞 MRTG 設定一堆 shell script 簡單多了,cfgmakerindexmaker 用起來還是不順手。

不過 Ubuntu 上要 20.04 才有內建包進來,18.04 看起來沒有:「Ubuntu – Package Search Results -- monitorix」,目前還沒有在 18.04 上跑的需求,之後遇到再看看要怎麼處理...

Raspberry Pi 4 的 Type C 無法使用 Macbook Charger 供電的問題

Raspberry Pi 4 出來後有些災情 (畢竟又加了不少東西近去),在 Hacker News 上看到的 Type C 介面的充電問題:「Raspberry Pi 4 not working with some chargers (scorpia.co.uk)」,引用的原文可以在「Pi4 not working with some chargers (or why you need two cc resistors)」這邊看到,裡面提到了新的 Type C 供電介面在接某些充電器時不會供電 (包括了 Macbook 的充電器):

The new pi has been released and it has a USB Type-C connector for power however people are finding some chargers are not working with it (notably macbook chargers). Some have speculated that this is due to a manufacturer limitation on the power supplies however it is actually due to the incorrect detection circuitry on the Pi end of the USB connection.

這樣說有點偏頗,但是 Macbook 的充電器一向是 Type C 裡的指標,如果這顆充電器跟其他裝置配合上有問題,通常都是代表其他裝置的實作有問題... (噗)

這次發現的電阻問題看起來有點苦 (看起來需要改版子),目前文章作者建議的 workaround 主要就是「不要用那麼好的設備」,比較簡單的包括了 Type C 的線不要那麼好 (像是找充手機用的線就好,不要找拿可以跑 5A 的線),或是透過 Type A 轉 Type C 的線也應該可以避開這個問題,最差的情況應該是找其他的充電器:

Now onto some solutions. Assuming the issue you are having is caused by the problem discussed above, using a non e-marked cable (most USB-C phone charger cables are likely this type) rather than an e-marked cable (many laptop charger/thunderbolt cables and any 5A capable cable will be in this category) will allow for the pi to be powered. In addition using older chargers with A-C cables or micro B to C adaptors will also work if they provide enough power as these don’t require CC detection to provide power. Ultimately though the best solution in the long run will be for there to be a board revision for the pi 4 which adds the 2nd CC resistor and fixes the problem.

對於已經入手的人,如果真的中獎,workaround cost 應該還在可以控制的範圍...

Raspberry Pi 4 開賣,USD$35

Raspberry Pi 4 開賣,目前推出的是 Model B,最低規格的 1GB RAM 版本與之前 RPi 3 相同都是 USD$35,另外這次提供了以前沒有的 2GB 與 4GB 版本,分別是 USD$45 與 USD$55:「Raspberry Pi 4 on sale now from $35」。

有兩個比較大而且要注意的改變,第一個是電源接頭變成 Type-C 了:

We’ve moved from USB micro-B to USB-C for our power connector. This supports an extra 500mA of current, ensuring we have a full 1.2A for downstream USB devices, even under heavy CPU load.

另外一個是 HDMI 接頭換成 D Type:

To accommodate dual display output within the existing board footprint, we’ve replaced the type-A (full-size) HDMI connector with a pair of type-D (micro) HDMI connectors.

這兩個改變都需要準備額外的設備或是線材,其他的改變應該還好...

這次改版最明顯的是效能的增加,官方宣稱 CPU 速度是前一代的三倍:

A 1.5GHz quad-core 64-bit ARM Cortex-A72 CPU (~3× performance)

而在 GPU 相關的則是對 H.265 的 4Kp60 硬體解壓縮:

4Kp60 hardware decode of HEVC video

先前用 RPi 3 放客廳還是覺得不太夠,也許可以考慮看看這個...

前員工監控公司網路的抓包過程...

看到「The curious case of the Raspberry Pi in the network closet」這篇有趣的過程,先從開頭與最後面開始看。首先是他們在辦公室裡面發現有個奇怪的設備:

追查後發現不是公司的人放的,最後發現是前員工放的,後來轉給法務部門處理了:

I checked the DNS logs and found the exact date and time when the Pi was first seen in the network. I checked the RADIUS logs to see which employee was at the premises at that time and I saw multiple error messages that a deactivated account tried to connect to wifi.

That deactivated account belongs to an ex employee who (for some reason) made a deal with management that he could still have a key for a few months until he moved all his stuff out of the building (don't ask..).

中間的過程還蠻有趣的,包括研究是什麼擴充卡 (以及用途),然後從 SD card 上面挖資料,配合 Google 找線索,還有透過 WiGLE 定位,以及透過內部系統交叉比對,最後找到兇手...

然後發現是離職員工以搬東西當作理由,讓他在離職後還有辦公室鑰匙而導致的 XDDD