Raspbian and btrfs

I've just got a brand new Raspberry Pi 4. For now I'm just playing around a bit with it. Until openSuSE Leap will be available, I'm using Raspbian Buster which comes by default with ext4. Since I want to have snapshots, the first thing I want to do is to convert the existing root partition into btrfs. So let's do this.

0. Get Raspbian

First, flash Raspbian to a SD card and boot it. I also recommend to run a system update after booting into Raspbian. There are plenty of tutorials on the internet, that are probably far better than what I can write.

1. Prepare initramfs

In Raspbian btrfs is included as module. In order to make the kernel mount a btrfs root filesystem, we need to build the corresponding initramfs. First install the necessary tools

Now we add the btrfs module to /etc/initramfs-tools/modules

Next is to build the initramfs

And tell the bootloader to load the initramfs, by editing /boot/config.txt

And then reboot the device, to check if everything is set up properly.
If the boot succeeds, shutdown the Raspberry and take the SD-Card to another computer. If you run at this stage into trouble, probably a filename is wrong and you should be still able to recover. Otherwise: Just start from scratch - at this point really nothing is lost.

2. Convert ext4 rootfs to btrfs

In my case I insert the SD card into my laptop. The SD card gets recognised as /dev/mmcblk0 and contains the following partitions:

To convert the filesystem to btrfs, we are now doing the following steps:

  1. Optional: Make sure, the rootfs is clean (run fstck)
  2. Convert ext4 to btrfs using btrfs-convert
  3. Mount new btrfs root
  4. Edit /etc/fstab
  5. Edit /boot/cmdline.txt

On my system, I have to do the following steps

Now we edit /etc/fstab and change ext4 to btrfs. We also need to disable the filesystem-check by setting the last two digits in the btrfs line to 0

IMPORTANT: Set the last two settings in /etc/fstab to 0 and 0. The last 0 is especially important for btrfs root, since fsck and btrfs do not go so well together.

Lastly we edit /boot/cmdline.txt. We neet to replace rootfstype=ext4 to rootfstype=btrfs and set fsck.repair=no

IMPORTANT: It is crucial to set fsck.repair=no. I was stuck at some weird "mounting failed: Invalid argument" errors, because the system wanted to perform a fsck and failed.

3. Now the fun starts

This is only the kickoff. Now the funny things, like subvolumes, snapshots ecc. start

Have a lot of fun! ­čÖé

Caveats

  • After a kernel update, you will need to run mkinitramfs again. Probably it's the best to only do manual kernel updates (even security updates) as otherwise your Raspi might not be able to boot again.

Additional notes

Check those notes, in case something went wrong. Those emphasis the steps I had to to to make this work

  • Fsck had cause me a lot of trouble. In case you run into mount invalid errors, check if you have disable fsck in /etc/fstab (the last zero) and in /boot/cmdline.txt
  • Apperently btrfs-convert doesn't change the UUID. If you find yourself with "device not found" or similar errors, this might has changed and you will need to change the UUIDs
  • After a Kernel update you will need to run mkinitramfs again. Keep that in mind (and maybe disable auto-updates)

Common pitfalls

Crappy image of the console output with the "mounting ... failed: invalid argument" error

I got this error message when I forgot to edit cmdline.txt. Make sure, you have configured /boot/cmdline.txt correctly (especially the rootfstype=btrfs and fsck.repair=no)

Lightning detector - Kickoff

I recently purchased a MOD-1016 chip for lightning detection in order to improve my weather station. The chip is based on the AS3935 chip and ships as a complete I2C-ready breakout module from embedded adventures.

First steps

I skip the following parts because I consider them trivial:

  • Soldering
  • Wiring to a Arduino Nano

The wiring part is actually the most tricky part, I will provide the schematics once I have a running system. For now I focus on getting the system online. The wiring on the following picture is accurate:

Wiring of the MOD-1016 to the Arduino Nano

I put everything together in a nice box to protect the electronics from the environment. In the end it will end up outdoors in my garden.
The box is IP55 compliant, so when deployed for real I will put it in additional plastic bag to avoid any issues that comes from rain. For the first experiments IP55 is fine. And this is how it looks like

Wired box, open

A small reader program is in my meteo repository (in the Lightning directory) on GitHub, and I let it run for 1.5 days.
I had some problems with the serial port on high baud rates, so i configured it for 9600 baud. The serial connection over this period was fine, but it seems that the location has too much interference.
All I got was constant "DISTURBER DETECTED"

Right now all I get out is "DISTURBER DETECTED"

Looks like I need some fine-tuning. I disconnected the device and will run some tests with my laptop on the go.

For now I have a running serial connection, the chip delivers some output, so I'm expecting that with some fine-tuning I should get this thingy running soon.

33C3 - Day 4

#33C3 at the Hamburg Congress Center

Puh, it's almost over. Day 4 and I'm exhausted.

There have been a lot of things going on. Very interesting talks and people, small games and projects and a huge amount of new impressions. I came here with the goal to inspire my passion about the constructive usage of technology for any purposes - and have found no disappointment in that sense ­čÖé

I've loads of Pictures still to process and hope I will find some time during my flights.


A very amusing suggestion is Konfusius' talk about Hebocon. That was a funny one.


So in the spirit of the 33C3 - Be excellent to each other. And have a great new year!

#33C3, #WorksForMe

Vortragstipp: Spiegelmining

Einen Einblick, welche Schl├╝sse aus Metadaten zu ziehen sind, und welche Informationen aus einem Datensatz von 100.000 Spiegel-Online Artikel gesammelt werden k├Ânnen hat David Kriesel auf dem 33C3 pr├Ąsentiert. Die Ergebnisse sind online unter folgendem Link einsehbar: http://www.dkriesel.com/spiegelmining

Link zum Talk auf media.ccc.de

Sehr spannend!

33C3 - Day 2

Good morning Hamburg! It's 10:00 in the morning an I am walking through the Apothekergarten towards the Congress Center. It's quiet on the streets.
In this moment I realize, that it's the time after Christmas. It's winter. It's the time of the year, where a lot of people took holidays to recover from the year, to reflect about all the things that have happened and that are going on. It's a time of peace.

Apothekergarten with the Frank-Hertz tower

Be excellent to each other!

I'm here at the 33C3 - The 33rd Chaos Communication Congress. It's awesome! ­čÖé

People here are very friendly. Due to general "Verpeiltheit" I've forgotten my Lenovo power supply unit. Also the nearby Saturn has none of those on stock (that's a shame! You have a Lenovo section but such crucial elements not on stock?!?)
Fortunately, since it's quite common I always find a way to charge it - From a huge power back with a lot of special adapters to some friendly people who borrow me their supply.
Lesson learned: If possible, always prefer a device that is quite common, so you can borrow equipment to and from other people.

 

There are still a lot of things going on. Stay tuned and remember: Be excellent to each other ­čÖé

Greetings from 33C3!

Greetings from the 33C3 from Hamurg! Here you get a Screenshot of the current internet conditions here. Awesome!

Internet on the Congress

Currently there are a lot of things to discover, and many interesting talks to attend, so I'm quite busy right now.

Will try to give some updates while I'm here, still too excited.

This year I couldn't participate in the CERT, since there are already too many people. Well, at least I feel safe here ­čÖé

Whats my IP Address in Python

Heute geht was weiter. Das n├Ąchste kleine Skript f├╝r euch: Wie kriege ich in Python meine ├Âffentliche IP Addresse heraus?

Ist ein 5-Zeiler

[Download]

Update [31.10.2016]

A friendly commenter posted a simple onliner:

In his commend he set an alias called webip:

Thanks ­čÖé

Stagefright Vulnerability

Die gehypte "Android-Superl├╝cke" Stagefright wird von Joshua Drake auf der BlackHat 2015 in Las Vegas vorgestellt. Es scheint ein Totalschaden zu sein, das mehrere Bugs ausnutzt um sich kompletten Zugang zum Smartphone zu verschaffen. Das knifflige ist, dass eine manipulierte MMS oder Hangouts Meldung ausreicht. Benutzerinteraktion ist nicht erforderlich.

Das sind die Infos die wir zur Zeit haben.

Ich denke auch, dass bis die Updates f├╝r alle zur Verf├╝gung stehen, Cyangenmod der einzig wirksame Schutz gegen die L├╝cke ist. Die haben sie n├Ąmlich schon gefixt. Die Workarounds helfen zwar die MMS-L├╝cke zu schlie├čen, ob dadurch aber auch Hangouts-Meldungen gefixt werden, kann ich zur Zeit nicht beurteilen. Betrachtet das ganze als eine Best-Efford Ma├čnahme und nicht als einen Ersatz f├╝r ein sauberes Update!

Workaround

Es gibt zur Zeit zwei Wege, um die Angriffsfl├Ąche zu reduzieren

  • Automatischen MMS-Download deaktivieren
    Achtung: Bis der Bug full disclosed wurde, kann ich jedoch nicht sagen, ob dadurch das Problem wirklich behoben wird. Es reduziert die Wahrscheinlichkeit ja, ist aber kein sicherer fix!

├ľffnen Sie die Hangouts App auf Ihrem Android-Telefon.
Tippen Sie auf Men├╝: Hangouts Android menu icon
Tippen Sie auf Einstellungen.
Tippen Sie auf SMS.

We don't do any pre-processing that involves stagefright. There are no technical details at all available about this vulnerability (for maximum hype), but you'd have to physically tap on the media and then click through a warning about playing media insecurely before stagefright got involved.

Das hei├čt, ein sauber installiertes TextSecure und ein deaktiviertes Hangouts sollten die Verwundbarkeit f├╝r Stagefright deutlich senken. Ob die L├╝cke durch Hangouts-Meldungen weiterhin ausgenutzt werden kann, kann ich zur Zeit nicht beurteilen.

  • Cyanogenmod
    Stagefright benutzt eine Reihe von bereits gemeldeten Bugs, die in den aktuellen Nightlies von Cyanogenmod (hoffentlich) bereits gefixed sind. DAS ist die einzig wirklich wirksame Ma├čnahme gegen Stagefright!

Leute, installiert euch TextSecure! Die App verschl├╝sselt euren gesamte Nachrichtenverkehr transparent (das hei├čt ihr merkt davon nichts), ist sehr einfach zu bedienen und f├╝r Android und iOS verf├╝gbar (nennt sich dort Signal).

Und es behebt m├Âglicherweise die Stagefright Sicherheitsl├╝cke, die in den kommenden Wochen noch genug gehyped werden wird. ... Zumal die DEFCON Hacking Conference in Las Vegas ansteht und das ein Publikumsmagnet sein wird ...

Auf die Gnade der Hersteller angewiesen

Die L├╝cke ist ein Totalschaden, der hoffentlich bald gefixed wird. Google hat f├╝rs Nexus 6 bereits Fix erstellt, die hoffentlich auch bald zur Verf├╝gung stehen werden. Stagefright benutzt eine Reihe von bereits gemeldeten Sicherheitsl├╝cken:

  • CVE-2015-1538
  • CVE-2015-1539
  • CVE-2015-3824
  • CVE-2015-3826
  • CVE-2015-3827
  • CVE-2015-3828
  • CVE-2015-3829

(Quelle: Google+ Post von Cyanogenmod)

Google ist bei seinen Nexus Ger├Ąten recht zuverl├Ąssig was Patchen von Sicherheitsl├╝cken anbelangt. Besitzer von anderen Herstellern sind auf deren Gnade angewiesen und werden sehr h├Ąufig einfach im Stich gelassen. Smartphones, die keine Updates mehr bekommen, sollten sich schleunigst nach einer Custom ROM wie Cyanogenmod oder OmniRom f├╝r ihre Ger├Ąte umschauen. Mit denen ist man ohnehin wesentlich besser dran, sofern man auf die Garantie des Herstellers verzichten kann (kann man in der Regel nach 1 Jahr ohnehin). Man muss ehrlich sagen, dass die Updatesituation bei Android-Smartphones teilweise schon sehr prek├Ąr ist ­čÖü

Links

Update - 06. August

[via heise] Google liefert anscheinend ab heute die ersten Patches f├╝r Stagefright aus und f├╝hrt den monatlichen Patchday ein. K├╝nftig will Google einmal im Monat ihre Ger├Ąte mit Sicherheitsupdates und Patches versorgen.