Tips on Running a Headless Raspberry Pi

A Raspberry Pi with a head.  Well, not the usual meaning of 'head,' I guess.  (Giraffe and Carcassonne box included for scale.)
A Raspberry Pi with a head. Well, not the usual meaning of ‘head,’ I guess. (Giraffe and Carcassonne box included for scale.)

I was recently helping out a friend with a headless Raspberry Pi setup, and thought it would be helpful to consolidate a few useful bits here. From here, you can set up all kinds of cool projects using the GPIO pins, set up a headless web server, or anything else you can think of. For my part, when I hurt my ankle a few months ago, I hooked the Pi into a hard-to-get-to stereo system and logged in remotely from the other side of the room to play music… I also used a headless setup to run the really long compile for the Sage computer algebra system a few months ago.

Continue reading

Advertisements

Hashes with Salt

Passwords being cracked by some really simple python code I wrote.  Who knew 'Tigger' was such a common root word for passwords?
Passwords being cracked by some really simple python code I wrote. Who knew ‘Tigger’ was such a common root word for passwords?

(These are notes adapted from a presentation I gave at the LakeHub workshop this week.  They owe a lot of debt to this article, which inspired the talk.  If you already know that you should just use bcrypt or something similar, and why, you can just skip to the ‘conclusions’ section.)

So let’s suppose you’ve just made a hot new website from which you’ll make a million dollars a year.  You get to the point of creating a database for all of your users who will be logging in and doing things like buying airplanes, so you put together a database table.  Maybe it looks something like this:

Name Email Password
Bill Gates bill@microsoft.com passw0rd

A few weeks after launch, you have two million users, and someone breaks into your server and steals the database. Of course, they don’t tell you that they did this; they’re much happier to keep the database, pull out a name and password, log in as someone else, and use your site to steal lots of money and undermine the basic building blocks of democracy and common decency.  After sending apologies to the userbase, you decide that your database structure was flawed.

Continue reading