This covers only the basic install and configuration for future reference. More info on Privoxy can be found on their website http://www.privoxy.org/.
apt-get install tor privoxy
vim /etc/privoxy/config
uncomment the following line:
forward-socks5 / 127.0.0.1:9050 .
If you need to browse internal hosts while connected:
forward 10.*.*.*/
Firefox: FoxyProxy
Chromium: Proxy Switchy
Documentation: http://www.privoxy.org/faq/misc.html#TOR
I have been watching progress on FreedomBox ever since watching a video of Eben Moglen a few years ago.
Turns out that that they recently announced the availability of their 0.1 preview release. As part of this there is one component that is extremely useful for RaspberryPi users (funnily the co-founder of RasperryPi is also called Eblen by first name – go figure) out there concerned about increasing snooping of private information by governments and corporations for a variety of reasons.
https://www.gitorious.org/freedombox-privoxy/freedombox-privoxy
This software combines the functionality of the Adblock Plus ad blocker, the Easy Privacy filtering list, and the (HTTPS Everywhere](https://www.eff.org/https-everywhere) website redirection plugin into a single piece of software to run on your FreedomBox. Combining these different plugins into software for your FreedomBox means that you can use them with almost any browser or mobile device using a standard web proxy connection.
Best of all this has already been made available via the Raspbian repositories (http://mirrordirector.raspbian.org/raspbian/pool/contrib/f/freedombox-privoxy/) so the install is extremely simple.
sudo apt-get install privoxy-freedombox
Note: make sure that you have the ‘contrib’ branch in the Raspbian repositories enabled in /etc/apt/sources.list
deb http://mirrordirector.raspbian.org/raspbian wheezy main contrib non-free
deb-src http://mirrordirector.raspbian.org/raspbian wheezy main contrib non-free
Kudos to James Vasile for the technical work !
To get some more idea on the usage of privoxy you can check this article.
By default OpenVPN only routes traffic to and from the OpenVPN Server. If you need all traffic from a client through the OpenVPN tunnel there are several options listed in the OpenVPN docs (http://openvpn.net/index.php/open-source/documentation/howto.html#redirect). Since I don’t have any control over the server in some cases I needed a client side solution. As I already have ufw running with Ubuntu I wanted to use the existing software.
Here is how to configure ufw to enable routing all traffic from your client machines through the OpenVPN Server.
Change default forward policy, edit /etc/sysctl.conf to permanently enable ipv4 packet forwarding. (Note: This will take effect at next boot).
sudo vim /etc/sysctl.conf
# Enable packet forwarding net.ipv4.ip_forward=1
And then configure ufw in /etc/default/ufw
sudo vim /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
Change /etc/ufw/before.rules to add the following code after the header and before the “*filter” line. Match the IP/subnet mask to the same one as in /etc/openvpn/server.conf.
sudo vim /etc/ufw/before.rules
# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES
Open openvpn port 1194
sudo ufw allow 1194
sudo service ufw start
The ability to connect Android 4.+ devices to Ubuntu using the USB Mass Storage interface has always been a pain. With Ubuntu 13.04 a new MTP back-end (gvfs-mtp) is going to be introduced, but I have had some issues with the 13.04 Beta so I found this backport PPA to Ubuntu 12.04 and 12.10
sudo add-apt-repository ppa:langdalepl/gvfs-mtp
sudo apt-get update
sudo apt-get install gvfs
sudo apt-get upgrade
Kudos to Phillip Langdale for the work and maintaining the PPA !
Turns out that the Broadcom BCM2708 chip on the RPi has a hardware watchdog. This can be very useful if your RPi is located remotely and locks up. However, this would not the preferred method of restarting the unit and in extreme cases this can result in file-system damage that could prevent the RPi from booting. If this occurs regularly you better find the root cause of the problem rather than fight the symptoms.
echo 'bcm2708_wdog' >> /etc/modules
sudo modprobe bcm2708_wdog
sudo apt-get install watchdog chkconfig
chkconfig watchdog on
sudo /etc/init.d/watchdog start
sudo vim /etc/watchdog.conf
# Uncomment the line watchdog-device = /dev/watchdog
# You might also want to uncomment max-load-1, or add something like "max-load-1 = 24" to reset your Pi if the load average exceeds 24 in any 1-minute span.
sudo /etc/init.d/watchdog restart
The watchdog daemon will send /dev/watchdog a heartbeat every 10 seconds. If /dev/watchdog does not receive this signal it will brute-force restart your Raspberry Pi.
If you are feeling adventurous you can test the setup by launching one of the fork-bombs you can find out there. Just make sure you don’t have anything of importance running.
: (){ :|:& };:
Thanks to gadgetoid for the original tip !
Testing the RPi for some remote sensing application I needed to use a wireless connection as it would have been a pain to reach with an Ethernet cable.
sudo apt-get install wpasupplicant
See http://en.wikipedia.org/wiki/Wpa_supplicant
sudo lsusb
This should show output similar to this (depending on your USB adapter)
Bus 001 Device 004: ID 0bda:8176 Realtek SemicondRTL8188CUSuctor Corp. 802.11n WL:AN Adapter
If you want to use the cleartext PSK you could probably skip this step.
wpa_passphrase YOUR_SSID YOURCLEARTEXTWPAKEY
This should show output similar to this:
network={
ssid="YOUR_SSID"
#psk="YOURCLEARTEXTWPAKEY"
psk=c885c4288a0c68b989289586cb075c0ccd1729d2c035820d02ed813fc729f317
}
sudo vim /etc/network/interfaces
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid "YOUR_SSID"
wpa-psk c885c4288a0c68b989289586cb075c0ccd1729d2c035820d02ed813fc729f317
sudo shutdown -h now
Unplug ethernet cable
Power up the RPi and you should see another wireless DHCP assignment on the router
My normal combination on the big-server side would be Apache + MySQL (or PostgreSQL), but on the RPi this seems to be absolute overkill. For data-logging operations I would not use the local system anyway (looking at MQTT as well as Remote MongoDB datastore via REST Webservices).
After some poking around and reading up on the options I decided to go for the following combo: LightHTTPD + SQLite. Both are lightweight replacement of their fully-featured big-server counterparts (Apache HTTP & MySQL) and have very familiar configurations. There would be other options that have even less resource usage, but I really don’t have the time to start from scratch somewhere.
Another reason to go for this combination is that these are very well supported systems with regular security audits. Even though I am not planning to use my RPi’s for anything mission-critical this is always worth a consideration as you don’t need to unnecessarily introduce vulnerabilities to your network.
sudo apt-get install lighttpd php5 php5-cgi php5-sqlite
sudo lighty-enable-mod fastcgi
sudo lighty-enable-mod fastcgi-php
Further config changes can be also made via the config file.
sudo vim /etc/lighttpd/lighttpd.conf
sudo service lighttpd force-reload
sudo apt-get install sqlite3
sqlite3 /home/username/database_name.db
All other commands are standard SQL from the ‘sqlite>’ command prompt or via SQL scripts like
sqlite3 /home/username/database_name.db < sql_script.sql
< ?php
$db = new SQLite3('mysqlitedb.db');
$results = $db->query('SELECT bar FROM foo');
while ($row = $results->fetchArray()) {
var_dump($row);
}
?>
See PHP: SQLite3::query – Manual for more details.
Just got myself (actually it’s for our Office Manager back in OZ) one of these Chromebooks while in Europe (since Google Australia with their absolutely hopeless hardware strategy do not seem to be able to ship any devices – Nexus 4 anyone ?) .
Since the first days turned out to be a bit of a frustrating experience, I thought I share some of the findings as I had a hard time finding much useful info on troubleshooting ChromeOS.
Do not use WPA (or for that matter WEP) connections with ChromeOS. I had extreme difficulties browsing webpages on the Chrombook. Some pages would load, some pages would not load at all. There seemed to be no consitency to it as some would load one day, but not another. Somewhere in the Google Groups there seemed to be people reporting issues with wireless connections using WEP. It turned out that the Wireless Modem Router (Telekom Austria supplied Pirelli PBS modem) where I was staying was set to WPA encryption only by default. Once I figured out how to set the unit to WPA2 (which these days should really be the default anyway) things started to actually work consistently. Check the sections below (specially chrome://diagnostics) to see how you can find out what’s going wrong.
However to save some trouble & frustrations, before you do anything make sure your Chrombook connects using WPA2 !
CTRL+ALT+T will launch the Chrome Shell which is a slightly odd and very cut-down command line shell. Other than a ‘ping’ utility and some debug tools there really seems to be only the ‘ssh’ command that would be very useful to connect to remote systems. Unfortunately the SSH implementation is quite unusual compared to my normal OpenSSH client.
To make some serious mods to the Chromebooks you need to boot into Developer mode. On the Samsung 303C ARM Chromebook this is achieved by holding ESC + Refresh buttons when pushing the power button to turn the unit on. Probably best left alone unless you know what you are doing.
The Raspbian Install process is fairly well documented using the Raspbian Installer. This is just to document common tasks after the stock install.
apt-get install sudo vim ntpdate git-core binutils make gcc
adduser USERNAME sudo
For those Ubuntu users there is no ‘admin’ group in Raspbian (Debian Wheezy).
sudo ntpdate -u au.pool.ntp.org
Probably best to choose an NTP Server closest to your location or provided by your ISP
Using Hexxeh updater.
wget http://goo.gl/1BOfJ -O /usr/bin/rpi-update && sudo chmod +x /usr/bin/rpi-update
sudo rpi-update
Thanks to the excellent work of Gordon Henderson (https://projects.drogon.net/raspberry-pi/wiringpi/) this is a C-based program to read/write to the Raspberry Pi GPIO pins.
cd /usr/share
git clone git://git.drogon.net/wiringPi
cd wiringPi
git pull origin
./build
Output:
wiringPi Build script ===================== The wiringPi I2C helper libraries will not be built. WiringPi library [UnInstall] [Compile] wiringPi.c [Compile] wiringPiFace.c [Compile] wiringSerial.c [Compile] wiringShift.c [Compile] gertboard.c [Compile] piNes.c [Compile] lcd.c [Compile] piHiPri.c [Compile] piThread.c [Compile] wiringPiSPI.c [Compile] softPwm.c [Compile] softServo.c [Compile] softTone.c [Link (Dynamic)] [Install] GPIO Utility [Compile] gpio.c [Link] [Install] All Done.
gpio readall
Output:
+----------+------+--------+------+-------+ | wiringPi | GPIO | Name | Mode | Value | +----------+------+--------+------+-------+ | 0 | 17 | GPIO 0 | IN | Low | | 1 | 18 | GPIO 1 | IN | Low | | 2 | 21 | GPIO 2 | IN | Low | | 3 | 22 | GPIO 3 | IN | Low | | 4 | 23 | GPIO 4 | IN | Low | | 5 | 24 | GPIO 5 | IN | Low | | 6 | 25 | GPIO 6 | IN | Low | | 7 | 4 | GPIO 7 | IN | Low | | 8 | 0 | SDA | ALT0 | High | | 9 | 1 | SCL | ALT0 | High | | 10 | 8 | CE0 | ALT0 | High | | 11 | 7 | CE1 | ALT0 | High | | 12 | 10 | MOSI | ALT0 | Low | | 13 | 9 | MISO | ALT0 | Low | | 14 | 11 | SCLK | ALT0 | Low | | 15 | 14 | TxD | ALT0 | High | | 16 | 15 | RxD | ALT0 | High | +----------+------+--------+------+-------+
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
sudo vim /etc/apt/sources.list.d/10gen.list
#add the following line:
deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen
sudo apt-get update
sudo apt-get install mongodb-10gen python-pip python-dev build-essential
pip install pymongo