October 25, 2017

Antoine Amarilli a.k.a a3nm

Debian on Raspberry Pi 3

I have a Raspberry Pi 3 and I wanted to install Debian on it. I know about Debian derivatives for the Raspberry Pi, such as Raspbian, but what I don't like about them is that I have to use a special APT repository, and have to trust images generated by these people. I already trust Debian, so why not install Debian on my Raspberry Pi as well?

Debian has a wiki page about the Raspberry Pi 3, but it looked pretty experimental. I tried it out, and I'm happy to report that I got it to work: generating the image myself, booting it up, and using the resulting system.

To generate the image, I just followed the instructions here. I fell into some traps, but @stapelberg just accepted my pull request to document them, so you can just follow the instructions and hopefully they should work.

Once the image is successfully generated in raspi3.img, you can simply write it to the SD card as explained in the instructions. For the last step, if your local network doesn't resolve the rpi3 hostname (mine didn't), you can simply use nmap to find its IP. Of course, don't do this if the administrator of your local network could be worried about a network scan, and adapt it to your IP range:

sudo nmap -p0 192.168.0.1-255

Then you can use the system. What I didn't test:

  • HDMI: there was no HDMI signal (i.e., no video display), I don't know whether this is a known limitation or a bug, and whether the system can be made to use the video. I didn't need it, so I didn't investigate.
  • Bluetooth and Wifi: there are comments about it here, but I didn't investigate either.
  • CSI, DSI, GPIO, sound, composite, etc.

What I did test:

  • Booting the system, network, SD card
  • Moving to non-snapshotted repositories for buster, doing apt-get update, apt-get dist-upgrade and rebooting (it still works)
  • USB port: mounting an USB mass storage device (USB key).
  • Reading the CPU temperature: this does not work currently, I get an error when trying to cat /sys/devices/virtual/thermal/thermal_zone0/temp, but it seems that a patch was checked in so it should work eventually.
  • Running stress -c 4 -i 10 -m 2 -d 10 --timeout 300, which worked OK.
  • Running cryptsetup. The results of cryptsetup benchmark are below. They are not great (probably due to the lack of hardware crypto support on the Raspberry Pi?). They probably mean that the CPU will be the bottleneck when reading/writing to an encrypted hard drive.
PBKDF2-sha1        92564 iterations per second for 256-bit key
PBKDF2-sha256     138115 iterations per second for 256-bit key
PBKDF2-sha512      96946 iterations per second for 256-bit key
PBKDF2-ripemd160   75155 iterations per second for 256-bit key
PBKDF2-whirlpool   33505 iterations per second for 256-bit key
#     Algorithm | Key |  Encryption |  Decryption
        aes-cbc   128b    14.7 MiB/s    16.1 MiB/s
    serpent-cbc   128b    12.8 MiB/s    13.6 MiB/s
    twofish-cbc   128b    15.3 MiB/s    16.3 MiB/s
        aes-cbc   256b    11.1 MiB/s    12.3 MiB/s
    serpent-cbc   256b    12.8 MiB/s    13.6 MiB/s
    twofish-cbc   256b    15.2 MiB/s    16.3 MiB/s
        aes-xts   256b    15.7 MiB/s    16.3 MiB/s
    serpent-xts   256b    13.9 MiB/s    14.0 MiB/s
    twofish-xts   256b    16.9 MiB/s    17.1 MiB/s
        aes-xts   512b    11.6 MiB/s    12.4 MiB/s
    serpent-xts   512b    13.9 MiB/s    14.0 MiB/s
    twofish-xts   512b    16.9 MiB/s    17.1 MiB/s

I just noticed that there are some default iptables rules (v4, v6) which prevent remote SSH connections. Hence, if you want to connect to your Raspberry Pi remotely, once you have made sure that it is secure to do so (in particular, changed the default password), you can issue:

sudo iptables -D INPUT 6
sudo ip6tables -D INPUT 4

You should also update /etc/iptables/rules.v4 and /etc/iptables/rules.v6 accordingly (remove the line with REJECT in each file).

by a3nm at October 25, 2017 12:36 AM

June 14, 2017

Nicolas Dandrimont a.k.a olasd

DebConf 17 bursaries: update your status now!

TL;DR: if you applied for a DebConf 17 travel bursary, and you haven’t accepted it yet, login to the DebConf website and update your status before June 20th or your bursary grant will be gone.

*blows dust off the blog*

As you might be aware, DebConf 17 is coming soon and it’s gonna be the biggest DebConf in Montréal ever.

Of course, what makes DebConf great is the people who come together to work on Debian, share their achievements, and help draft our cunning plans to take over the world. Also cheese. Lots and lots of cheese.

To that end, the DebConf team had initially budgeted US$40,000 for travel grants ($30,000 for contributors, $10,000 for diversity and inclusion grants), allowing the bursaries team to bring people from all around the world who couldn’t have made it to the conference.

Our team of volunteers rated the 188 applications, we’ve made a ranking (technically, two rankings : one on contribution grounds and one on D&I grounds), and we finally sent out a first round of grants last week.

After the first round, the team made a new budget assessment, and thanks to the support of our outstanding sponsors, an extra $15,000 has been allocated for travel stipends during this week’s team meeting, with the blessing of the DPL.

We’ve therefore been able to send a second round of grants today.

Now, if you got a grant, you have two things to do : you need to accept your grant, and you need to update your requested amount. Both of those steps allow us to use our budget more wisely: having grants expire frees money up to get more people to the conference earlier. Having updated amounts gives us a better view of our overall budget. (You can only lower your requested amount, as we can’t inflate our budget)

Our system has sent mails to everyone, but it’s easy enough to let that email slip (or to not receive it for some reason). It takes 30 seconds to look at the status of your request on the DebConf 17 website, and even less to do the few clicks needed for you to accept the grant. Please do so now! OK, it might take a few minutes if your SSO certificate has expired and you have to look up the docs to renew it.

The deadline for the first round of travel grants (which went out last week) is June 20th. The deadline for the second round (which went out today) is June 24th. If somehow you can’t login to the website before the deadline, the bursaries team has an email address you can use.

We want to send out a third round of grants on June 25th, using the money people freed up: our current acceptance ratio is around 40%, and a lot of very strong applications have been deferred. We don’t want them to wait up until July to get a definitive answer, so thanks for helping us!

À bientôt à Montréal !

by olasd at June 14, 2017 12:40 PM