It might be time to change some of your passwords — again. But if you've used a Gmail password that's unique from other accounts, you might not have to worry.
A list of almost 5 million combinations of Gmail addresses and passwords was posted online on Tuesday. But the passwords seem to be old, and they don't appear to actually belong to Gmail accounts. Instead, it seems that many of the passwords were taken from websites where users used their Gmail addresses to register, according to some of the leak's victims as well as security experts.
For example, someone might have signed up for a website with the username "myaddress@gmail.com" and the password "mypassword." The list exposed this week makes it look like "mypassword" is the password for the Gmail account itself, but the user's actual Gmail password might be totally different.
The list was posted on a Russian Bitcoin forum on Wednesday, and US media started reporting on it overnight.
We can't confirm the authenticity of all the email addresses on the list, but a Mashable employee, Evan Engel, saw that his old Gmail password, which he hasn't used in years, is part of the leak.
A Google spokesman told Mashable that the company has "no evidence that our systems have been compromised," and security experts seem to agree that the passwords are either old Gmail passwords obtained through phishing, or are passwords that were actually used on other sites.
Matteo Flora, a computer security expert, reviewed the dumped file and found that around 60 email addresses were in his address book. After he alerted those people, 30 of them told him that the password either was never used for their Gmail accounts or was very old, Flora told Mashable.
Chester Wisniewski, a senior security adviser for security firm Sophos, told Mashable that he expects many of these accounts not to be valid. "There is no honor among thieves as they say, and often stunts like this are released as a sad attempt at gaining credibility among other criminals," he said.
Several Reddit users also confirmed that they found their email addresses in the leak, but that the associated password has never been their Gmail password.
"The password that I generally use for other services is shown in this list and not my gmail password," wrote a Redditor nicknamed InternetOfficer. "This proves that the hackers hacked into some other service where gmail address (or other email addresses) are used and got the password of that service not gmail password."
"The password it shows (or at least the first two characters) is NOT from a password I've ever used on Gmail," wrote another Redditor, "but it does match a password I've used on bullsh*t I absolutely don't care about."
Some hints in the dump seem to point to several different sites that could have been compromised.
Both Flora and some Reddit users have noticed that some email addresses are followed by a "+" sign and the name of a website. (If you add "+" and a word to your Gmail address, like "myaddress+mashable@gmail.com," emails to that address can automatically be archived in a folder with the word you choose.) This might indicate which websites have been compromised. Some of the sites that have been identified this way include friendster, filedropper, xtube and freebiejeebies.
Even if this dump is simply a collection of old passwords belonging to minor sites, the issue is always the same: password reuse. If you tend to reuse your passwords, check this website to see if your Gmail address is on the list.
If it is, change your passwords, and choose long ones that combine special characters and numbers. Password managers can help you keep track of your accounts.
"And stop being silly and use the same password for everything," Flora said.
Also, as usual, enable two-factor authentication on services that provide it, including Gmail. That way those accounts are more secure, even in the event that someone steals your password.
Oh, and don't freak out.
"Ignore the man behind the curtain, keep your PC up to date, use a strong password and a second factor whenever possible," Wisniewski said. "Keep calm and move along."
(Source: Mashable)
A blog from an aspiring InfoSec specialist about the world of Information Security and other technological ephemera.
Wednesday, September 10, 2014
Tuesday, September 2, 2014
My Experience with the GIAC GSEC Exam (Part 2)
In the first part of my experience with the GIAC GSEC exam, I promised I would let you all in on how the exam went. The following is to be my post exam report.
In no time, the lovely proctor showed up. She gave me the option to start early as there was an available seat in the time slot an hour before my scheduled exam time. I thought it over and agreed just as a line of the regularly scheduled testers walked in. One by one they were escorted into the testing room. Finally there was only me and someone I’ve never seen there. I asked what exam he was taking and surprisingly, it was for a TSA exam. Who knew there was an exam to be a TSA agent? Anyway, the proctor du jour came back and went through the usual “sign these forms to take the test routine” and went so far as to make him raise his pant legs to make sure there were no “prohibited materials” anywhere on his person. I had to get my dig in by informing him that we have to get our turn to search ‘em sometime in our lives… might as well be now. We all had a good laugh and in he went. Minutes later it was my turn.
I felt sorry for the other testers that opted out of ear plugs. I always take them whether I need them or not. It is just far more comfortable that way for me while I test. I think the woman sitting next to me was a little frustrated even though she did opt in for the ear plug option. When I hit my 15 minute break and stepped outside to stretch my legs, the proctor informed me that the woman thought I was cheating when she noticed me flipping through my index several times. The proctor went on telling me that this woman got a bit upset, exclaiming “He gets to take what?!” With a little bit of distraction, I went back in and continued the exam.
This exam is all about mental endurance. Even that 15 minute break is not enough to help out with the “attention deficit ‘oh squirrel’” I started getting towards the end. I had to continue to mention to myself that it will be over soon and to keep alert and focused on the task at hand. I eventually came down to the last question and saw that I had passed my exam. I also had a little over an hour and a half left on the clock.
I fell short of the 90% needing to get on the GIAC advisory board. This was a goal that I kind of wanted to accomplish. Those that do get the 90% or better get invited to a board with other certified professionals to discuss issues related to GIAC and SANS.
Let’s Get It Started…
So we left off last time with the idea of having practice exams to get a good feel for where you stand in your general knowledge of the topic objectives and having a good detailed index. Next, we answer the question, how do we even get this exam setup in the first place? To do this, head over to the SANS webpage, log in to your account, and under Certification Attempts, you’ll be able to schedule your exam at your nearest PearsonVUE testing facility. Luckily for me, my favorite testing center, ComputerMinds, was able to accommodate me for a morning slot. The process was really easy in my opinion and wasn’t too difficult to navigate. The only problem I had with the PearsonVUE page was that I couldn’t schedule the exam on the Saturday I wanted. I had to settle for a Friday. I think this had something to do with either it being too far into the future or that it was Labor Day weekend. I shrugged that issue off and chalked it up to some bad juju. I was ready to take my exam and looking forward to closing out this journey.Even the TSA Gets a Pat Down
The morning of my exam arrives and I’m awaken to the hellish sounds of the alarm clock. I knew I’d be fighting rush hour traffic and awful construction on the way so I tossed down a couple granola bars and started driving to the testing facility. In my excitement for taking the exam, I may have misjudged my arrival time and showed up two hours early. Luckily for me, my favorite certification instructor was there and we caught up on lost time. He eventually had to start his MCSA class and I was stuck in an empty lobby with a cup full of coffee in hopes to keep my mind alert during the upcoming security onslaught.In no time, the lovely proctor showed up. She gave me the option to start early as there was an available seat in the time slot an hour before my scheduled exam time. I thought it over and agreed just as a line of the regularly scheduled testers walked in. One by one they were escorted into the testing room. Finally there was only me and someone I’ve never seen there. I asked what exam he was taking and surprisingly, it was for a TSA exam. Who knew there was an exam to be a TSA agent? Anyway, the proctor du jour came back and went through the usual “sign these forms to take the test routine” and went so far as to make him raise his pant legs to make sure there were no “prohibited materials” anywhere on his person. I had to get my dig in by informing him that we have to get our turn to search ‘em sometime in our lives… might as well be now. We all had a good laugh and in he went. Minutes later it was my turn.
He Gets to Take What?!
There I was… in the hot seat and ready to go. My testing cubicle was a little cramped to fit all the allowed material, but I managed. Wait! Allowed material? Yes, during the GSEC exam, you are allowed to have any printed material with you. No electronic funny stuff here. Just good ol’ paper and ink, or toner if you prefer. My space was limited so I stacked my books in heaps of three to the right. So books 1-3 are in one pile, and 4-6 are in another. I had my index to the left of me. This pretty well emulated how my practice exam sessions were setup.I felt sorry for the other testers that opted out of ear plugs. I always take them whether I need them or not. It is just far more comfortable that way for me while I test. I think the woman sitting next to me was a little frustrated even though she did opt in for the ear plug option. When I hit my 15 minute break and stepped outside to stretch my legs, the proctor informed me that the woman thought I was cheating when she noticed me flipping through my index several times. The proctor went on telling me that this woman got a bit upset, exclaiming “He gets to take what?!” With a little bit of distraction, I went back in and continued the exam.
This exam is all about mental endurance. Even that 15 minute break is not enough to help out with the “attention deficit ‘oh squirrel’” I started getting towards the end. I had to continue to mention to myself that it will be over soon and to keep alert and focused on the task at hand. I eventually came down to the last question and saw that I had passed my exam. I also had a little over an hour and a half left on the clock.
Post-Exam Technicalities
After I got the joy of knowing I had passed the exam I had been dreading, something very different happened compared to all other certification exams I’ve taken. Where is my printed score report? I didn’t really notice this at first. I was just having a good time with the proctor and gathering up my things from the lockers. Turning on my phone, I saw I had an email from SANS informing me that my score report is online and I have the option to get my certification framed. I asked the proctor and she told me that GIAC exams don’t get a printed score report. I’m glad she knew that so I wouldn’t have to call and raise hell with the GIAC people. I found this very strange, but it makes sense in this day and age of “going paperless.”I fell short of the 90% needing to get on the GIAC advisory board. This was a goal that I kind of wanted to accomplish. Those that do get the 90% or better get invited to a board with other certified professionals to discuss issues related to GIAC and SANS.
Walking into the Sunset…
And so ends my exam day. I didn’t ride off into the sunset on a horse (you need 90% or better for that), but I went home feeling good knowing that the next GIAC exam will be better. It gives me another goal to accomplish in the future. It was an amazing journey; one that will not be soon forgotten.Tuesday, August 12, 2014
Biggest Collection of Stolen Login Credentials
A Russian crime ring has amassed a gargantuan database of pilfered login credentials, including 1.2 billion unique username-password combinations and 542 million email addresses, Hold Security of Milwaukee said today. This makes it the largest known collection of stolen credentials to date.
According to Hold Security, the attackers used a botnet to hunt for sites vulnerable to SQL injection hacks. They compromised roughly 420,000 websites and lifted 4.5 billion username-password combinations in all; after eliminating duplicates, the number drops down to a no-less-impressive 1.2 billion unique login combos. Hold Security has not released the names of the victim sites.
What's puzzling is that the criminals have not put this goliath database to great use so far. They are not selling the records. They're merely using them to operate a spammer-for-hire service. Nevertheless, the incident underlines the persistent troubles of lax website security, inadequate monitoring, and single-factor authentication.
"At this stage of the game, using passwords for security is simply table stakes," David Rockvam, vice president of product management and marketing communications for Entrust, told us. "In order to truly protect our personal and financial information, second-factor authentication is a necessity."
Some companies "are not being proactive enough about security; therefore, they are ill equipped to detect these types of breaches," said Jay Kaplan, CEO of Synack. "In fact, it's likely that most of them do not even realize how many times they've been compromised, as it's very challenging to track compromises when you do not have a continuous security cycle to test against and prevent these types of attacks."
"Today, we have learned of a huge issue where it seems like billion passwords were stolen overnight," said John Prisco, CEO of Triumfant, "but in reality... crime rings have been stealing information for years. They've just been doing it undetected, because there hasn't been a concerted effort on the part of companies entrusted with this information to protect it. Vendors haven't delivered a truly defensive product until recently. For so many years, we've relied on antivirus, which just doesn"t work. Vendors are in a transition period where the most effective products are not yet widely deployed."
Hold Security's researchers do not believe the attackers are politically motivated or have any connection with the Russian government. Russian entities were among the websites compromised.
(Source: DarkReading)
Friday, August 8, 2014
My Experience with the GIAC GSEC Exam
What do you do when you decide to take an IT certification exam? What
path are you going to head down first? How long should this endeavor take? What
books or video prep classes should you invest in? All these questions go
through our minds when we take that first step into the realm of certification.
Since everyone learns differently, there is no silver bullet when it comes to
taking exams. Anyone who has gone through any sort of exam experience, whether
it be a mid-term, SAT, or IT certifications, should by now really understand
how they learn the best. What I’m going to give you is my experience and what I
did to prepare for the GSEC exam.
Collecting certs is to become a Pokemon Master! |
I am the Ultimate Pokemon Collector
My first step was really to decide whether or not the GSEC exam would
benefit me in the long run. It may sound silly to even ask this question. But
in the world of IT certifications, you must really take into consideration the
return on investment. A friend of mine, Ike, and I joked around with the
notion of certifications becoming like the characters from Pokemon, “gotta
collect them all.” There are so many out there and trying to do this to become
the ultimate Pokemon collector is just not feasible, nor financially
responsible (even if someone else is paying). I decided that the GSEC exam
would be a good ROI for me as I am retooling my skillset from a help
desk/system admin role to a security centric role. I have always been
interested in aspects of security, but it never really fit into my job
description. I figured I should change the job description and this would be a
great place to start.
The Doctor Will See You Now
After deciding I’d like to attempt the exam, I researched what the exam
is all about. People said it was a good supplement to the CompTIA Security+
exam, which I got when going through Western Governors University. If you are
reading this, you may have also read that attending the SANS Security
Essentials 401 class is a must. While this is not technically true, you can do
a challenge attempt, it is highly recommended. I attended a SANS event in
Austin, TX. I chose this one specifically for the fact that the man, myth, and
legend, Dr. Eric Cole would be teaching the SEC401 class. Dr. Cole is the
creator of the course and definitely knows his stuff. Unfortunately Dr. Cole
would not be joining us the length of the class as he was inducted into the
Infosecurity Europe Hall of Fame. He did, however, make the flight back from
Europe to finish out the class. This dude is dedicated to everything he does.
While he was away fighting fatigue by drinking frightening amounts of RedBull,
Keith Palmgren took the reins and guided the class through the SIX BOOKS we received
on the first day.
A gallon a day, keeps fatigue at bay. |
So you have gone through a SANS event in person or via vLive, did OnDemand training, or did the self-study option. What now? Read the books. You might not think you’d need to read every word after listening to or watching lectures, but this would really put a hurt on your final outcome. You will find details you missed, but that’s ok you’re going to find those details. You are now in the midst of the longest part of the process. Making the Index.
On Indexing and Losing Your Social Life
You may ask, why in the world do I need an index? Well, the GIAC GSEC
exam is open book. Remember back to the first day you took your SANS course?
You received a big heavy bag of books that gives a wide range of information ranging
from physical security to annual loss expectancy. Each of those books are heavy
in information, but unfortunately light on either a table of contents or an
index. If you are like the 99% of us who can’t recall what is on page 132 of
book 3 in seconds, take a deep breath and realize your social life is on hold
until you fix that void in your study plans by making The Index. Just like me,
you will find any and every excuse to want to stop making the index. Persevere
and you will be rewarded. I promise.
People on forums will tell you that an index that is greater than 50
pages is too much and you learned too little. Others, like me, will tell you
that your index needs to be as long
as your index needs to be. My initial
index is 74 pages long. After taking a practice test, I know I need to add more
details (more on this later). Basically what I did was go page by page creating
an index of term, book, page number, and detail using an Excel spreadsheet. The
following is a rough sample of what I created:
Term
|
BK
|
Page #
|
Info
|
%systemroot%\system32\drivers\etc\hosts
|
1
|
67
|
Location of
Hosts file in Windows
|
/etc/hosts
|
1
|
57
|
Location of
hosts file in Linux
|
ACEs
|
5
|
91
|
Individual
permissions in the DACL.
|
I had my index spiral bound for added geek cred. |
The index needs to be detailed. The information cells I’ve included here do not match exactly what I have in my index since I don’t want to deal with copyright issues with SANS. But the more information you put here is less time you’ll flip through your book, skim the paragraph, and find your answer if you’ve forgotten some fact or just want to double check your answer. List a term, put in the book number, page number, and the definition word for word in the detail/info section. This is time consuming but will pay off come test time. Another bit of advice here is to not make your entries too long. Break up your entries into smaller portions. For example, I have three rows for HIDS alone, then one row each for HIDS – Advantages, HIDS – Challenges, and HIDS – Developments.
Commands were color coded depending on OS. |
Indexed and Ready… Right?
Hold on there cowboy (or girl). The index is finally complete. Take a
day or two to recompose yourself. In other words, bathe. Before you
go off to your testing facility, remember that SANS gives you two practice
exams to try out before you attempt the actual exam. Some of the SANS
instructors tell you to take one of those practice exams soon after the class
or self-study is finished. I knew before attending the SANS event in Austin, I
wanted to use my first practice exam to refine my index, so I did not take this
advice. I don’t really think this would hurt me in any way. But I don’t have
any numbers of my own to back up this claim. I took the first practice exam to
see how my rough draft version of my index would help me out. I got my results
back and at 80% I got my answer as to how to proceed with the index. Two things
were clear from this result: 1) Read the question and understand what it is
asking. I had multiple questions where it asked for the false statement where I picked the true statement instead (I probably missed 6-8% because of this). 2) There were a few tools and commands out
of place in the index and some terms I need to keep my eye out for during my
second read through the books.
I will be taking my exam in a few weeks and will let you know how everything goes. Until then, it will be many sleepless nights. Updates will follow once this journey is complete.
I will be taking my exam in a few weeks and will let you know how everything goes. Until then, it will be many sleepless nights. Updates will follow once this journey is complete.
Thursday, August 7, 2014
Raspberry Pi Powered by the Sun!
In The Beginning…
Ever since the Raspberry Pi came out, I was entranced by the
coolness factor of having a small pocket sized computer that cost just north of
thirty bucks. Hats off to those devoted for making this project a reality and
launching it to the world. The only problem for me at the time of Pi launch, was
the fact that I lived in a Windows world, and to an extent, still am. I had no
rad Linux skills. No formal or informal training. I got my hands on an
installation disc of Mandrake way back in the day when I did call center tech
support. The only way to get that geek cred in that place was to show you knew
your stuff. I took that disc, spun it up in my 32x CD-ROM drive, wiped my
Windows partition (you know, cause this open source stuff comes at a college
student budget), and stepped through the install. After it was all said and
done, Windows was back as soon as it had gone. FAIL. I had similar experiences
with Red Hat and Ubuntu, but I did manage to get wireless working on the former,
but it was too much of a pain to deal with when it was so easy to make it all
work in Windows.
Flash forward to today. I’m still in my Windows world due to
the place I work, but much more comfortable with Linux and even got my LPIC-1
certification. I’ve had my Raspberry Pi which was used to study for the
aforementioned cert and has since been sitting in a lonely dark drawer next to
a twice used wicked looking webcam I got from WGU. This dark and dreary future
was not what I had envisioned for the poor Pi. There are so many cool projects
out there and one that caught my eye was from a guy who had a web server
running off a Raspberry Pi that was powered by the sun and 4AA rechargeable
batteries. How cool does that sound?! I put this on my list of things I must
do. After about a year or so I finally decided to shed some light on this
project (did you see what did there?).
Let’s Get To Work
To kick this thing off, I went back to that old project page
and got some information on power consumption of the Pi. Knowing I’m going to
run this headless, that would save on the load drawing from the battery if I
had attached some sort of touch screen. I tried to figure out the math behind
how long it would run on a full charge before shutting down and going to bed
which lead me to ask, what battery pack should I use? The original idea had AA
batteries which fit the project scope, but I wandered over to my favorite
maker’s page, adafruit.com. Searching the shop, I was happily greeted with my
power answer and a plethora of parts and/or kits for everything Raspberry Pi.
The parts I finally opted for are as follows:
· Medium Solar Panel (6V, 2W) https://www.adafruit.com/products/200
· USB / DC / Solar Lithium Ion/Polymer charger https://www.adafruit.com/products/390
· Lithium Ion Battery Pack - 3.7V 4400mAh https://www.adafruit.com/products/354
· Male DC Power adapter - 2.1mm plug to screw terminal block https://www.adafruit.com/products/369
· PowerBoost 500 Basic - 5V USB Boost @ 500mA from 1.8V+ https://www.adafruit.com/products/1903
· 2 x JST 2-pin cable http://www.adafruit.com/products/261
· Large Plastic Project Enclosure - Weatherproof with Clear Top http://www.adafruit.com/products/905
· Waterproof Metal On/Off Switch with Red LED Ring http://www.adafruit.com/products/916
PowerBoost 500 Basic with USB connector soldered on. |
USB/DC/Solar LiIon/LiPo charger with capacitor soldered on. |
Next, the battery had to have the JST cable soldered on. I left them long just in case I needed the extra length when fitting this all inside the enclosure. The last soldering to be done was to solder the two remaining JST cables together for the link between the charger and the PowerBoost. I did not show the soldering steps because if I can do it, you can too. Believe me. Finally the solar panel came with a plug that would not fit the USB charger. Easy fix was to nip the tip and add the 2.1mm plug.
That’s Great, But Does It Work?
Testing the PowerBoost 500 with the battery. |
Ok, so that’s one part down. What about the solar panel and
charger? Taking the solar panel, battery, and charger outside, I connected it
all together. Again the LEDs that indicate charging came to life! Success x 2!
It may seem pretty basic to a lot of you out there, but it’s small things like
this that amaze me. Also, keep in mind I am the son of someone who has taken
electrical engineering classes, yet still stuck his finger in a light socket to
see if the power was still on.
Putting it all together with all components working should
yield a working solar powered Raspberry Pi, right? I’m usually cynical when it
comes to situations like these and usually expect the worst, so I won’t be
disappointed when that outcomes happens. But today, things just clicked.
Moments like this put a big smile on my face. The Cynicism Demon was slayed.
Now to the next part of this project. Getting the Pi to run headless.
Prep the Pi
Since I used this Raspberry Pi to use as study for the
LPIC-1 exam, a lot of the work was already done. But that was so long ago and
it needed an update. More requirements popped up such as static IP address on
the wlan0 interface and remote desktop. I also ran into the problem of having
forgotten my user pi password since it was setup so long ago and so quickly
neglected, thrown into a locked drawer, and forgotten about. But times change, things
are brought out back into the light. Used for new purposes. First thing’s
first, get wireless working.
For the wifi adapter, I had a very tiny Wi-Fi USB adapter
from Edimax (EW-7811Un) being used in a security lab I setup earlier this year.
When I got this adapter, I envisioned using it for the Pi, so the lab will
suffer a little bit but these are so cheap on Amazon, I’ll be grabbing another
soon. Setting up Wi-Fi was a little more difficult since I didn’t have a mouse
to click on things (one USB for the Edimax and the other for a keyboard).
These are the steps I took to get Wi-Fi working on my
network:
1)
Plug in the Edimax
2)
Power on the Raspberry Pi
3)
Ctrl+Esc and run wpa-gui.
4)
Tab through to the Manage Networks tab and fill
in the blanks for SSID, Authentication, Encryption, and PSK.
5)
Tab to the Current Status tab and try to
Connect. I had to reboot my Pi before it would connect to my access point.
6)
Upon connection, you’ll see the IP address
populate on the Current Status tab.
Once I got connected to the access point and was able to
successfully ping outside of the network it was time for updates. A quick
apt-get command and everything was all set. So static IP shouldn’t be too hard,
right? I spent about thirty minutes to an hour fighting with having the wlan0
interface retaining a static IP. Here are the steps I took to resolve this:
1)
Bring up LXTerminal
2)
Type: sudo nano /etc/network/interfaces
3)
Change the line “iface wlan0 inet dhcp” to read
“iface wlan0 inet manual”
4)
Change the line “iface default inet dhcp” to
read “iface default inet static”
5)
Add these lines after the above line: “address
192.168.xxx.xxx” “netmask 255.255.255.0” and “gateway 192.168.xxx.xxx” where
xxx is your subnet and host octets.
I also checked wpa_supplicant.conf to make sure it all
looked fine (and it did) by using the following command:
Sudo
nano /etc/wpa_supplicant/wpa_supplicant.conf
This shows SSID, PSK, encryption type, etc. Basically
everything you see in wpa_gui. I changed nothing in here. Now, the above
solution is a little weird. Why not just set wlan0 to static? At first I did
and got nowhere fast. The only thing I could ping was the loopback interface
and my static IP address. Couldn’t ping the gateway IP although I did specify
it. The above solution was the only thing I could come up with and make work
after rebooting a few times to make sure it auto connects.
At this point, static IP and wireless are working. Just need
to make remote desktop work. For this project, I do not need to access the
Raspberry Pi desktop from outside of my network. For this feature you may press
your luck with Google. Also, this is for connecting from a Windows based laptop to
the Pi. I’m using xrdp for my remote desktop solution. I had already installed
this feature when studying for the LPIC-1 exam, but here are the steps to
install it:
1) Bring up LXTerminal.
2) Type: “sudo apt-get install xrdp”
3) If it asks for your password, please feed the pi the password.
4) This should begin installing your software for remote deskop, xrdp.
5) Restart the Pi. This should get the Remote Desktop Protocol server running.
6) You can verify this when the Pi boots up by finding the line: [OK] Starting Remote Desktop Protocol server : xrdp sesman. My Pi boots directly to the desktop so I have to be quick to find this line when it boots. If yours boots to command line, you’ll be able to easily find this line.
1) Bring up LXTerminal.
2) Type: “sudo apt-get install xrdp”
3) If it asks for your password, please feed the pi the password.
4) This should begin installing your software for remote deskop, xrdp.
5) Restart the Pi. This should get the Remote Desktop Protocol server running.
6) You can verify this when the Pi boots up by finding the line: [OK] Starting Remote Desktop Protocol server : xrdp sesman. My Pi boots directly to the desktop so I have to be quick to find this line when it boots. If yours boots to command line, you’ll be able to easily find this line.
Great! RDP is up and running on the Raspberry Pi! Let’s jump back to the Windows world for a second.
1) On the Windows laptop, bring up Remote Desktop Connection and enter in the static IP address we gave the Pi and hit Connect. You may get a security warning, hit OK since we know you got a nice safe Pi.
2) You’ll be presented an XRDP login prompt showing Module, Username, and Password. Leave the module defaulted to sesman-Xvnc and type in your username and password (the default username is “pi” and the default password is “raspberry”).
3) Click OK and peer through the Windows to the world of Pi.
Now, I had trouble on this part of the process because I didn’t remember the password I set for the user “pi” so long ago. There are a couple options to fix this:
1) From an LXTerminal window, use the “sudo raspi-config” command to run the starting config and change the password that way.
2) From an LXTerminal window, use the “sudo passwd” command.
I used option 1 which was quick and simple.
That’s about it for prepping the Pi. I haven’t really come up with what I want to do with the Pi. Should it be a web server, ftp server, etc.? or should it be used for a surveillance machine, like Ike created. Or should it be used for weather reports? Time will answer that question. But to finish out the build, we need to look at fitting all this stuff in a box.
What’s In the Box?!
So many drawn diagrams. So much planning. |
Next order of business was obtaining the material for the
shelves. I went to the local hardware store and got a sheet of Lexan cut to the
above dimensions. Fit perfectly in the box. Next was to place the PowerBoost
and the LiPo charger to know where to drill holes. All the places were marked
on the Lexan and the drilling began. This was my first time drilling into
polycarbonate. I read a lot on how to drill this stuff so it would not crack.
Everyone agreed to clamp the Lexan to wood and drill with a drill press. I was
not able to get my hands on a drill press, so I was careful to be as vertical
as possible with my trusty drill. Lessons learned on the test pieces of Lexan
showed that slow and steady wins the race here. On to the actual pieces. They
turned out perfect. The circuit boards were screwed in place with the nylon
screws, spacers, and nuts. As they say, measure twice, cut once. This was very
true here. So the first shelf is done, on to the second shelf. Only three holes
needed to be cut for this one: two for the bolts to hold up the shelf and one for
the capacitor on the charger.
If that last hole was not made, the Pi would not
be able to fit inside the box. Taking measurements of the capacitor, I marked
the location where that hole would be drilled. However, something occurred to
me. The capacitor is not perfectly vertical. So I made the hole, but used a
dremel to widen the area where the Lexan and the capacitor kept touching. Easy
fix, but that made the top shelf look a little janky. No one will see it since
the piece will be covered anyway.
PowerBoost, Charger, and Battery all layed out in the enclosure. |
Another step that doesn’t really need to be documented but
you’ll notice in the photos, I used a dremel to cut off the top of the bolts
that are used for supporting the Lexan shelves. This was done so I could work
with the shelves a little easier and just set them into the box instead of
putting the shelves on the bolts and screwing everything into place. I’m going
to cap them with locking nuts to prevent any sharp edges and make it look a
little more finished.
Everything at this point was looking great, but another
thing popped into my head. If I continue on with the plan I had in mind, I
would have to take the box apart to turn off the Pi. I need a power switch I
can easily have access to. Back to my layout drawing. I saw the space I needed
for a switch. Again, Adafruit.com to the rescue. I ordered the on/off switch
listed above in the parts list. This switch did not come pre-wired. This was a
good thing for me. That means I get a bonus for learning how to wire up the
switch. Again, I took measurements to get the vertical and horizontal placement
correct on the side of the box. I required a 16mm hole drilled into the side of
this box, but living in an imperial world, I wasn’t able to source a 16mm drill
bit, so I went with a 5/8” bit and milled out the extra .1mm. No big deal, and
the hole looked pretty clean.
Testing the external power button. The LED makes it look good! |
Quickly, I hooked up all the cables to the appropriate
jacks, screwed the shelves in place, and used some double sided tape to keep
the battery in place and also to keep the Pi case from being knocked around on
the top shelf. Screwed the top cover in place and voila, a solar powered
Raspberry Pi computer!
Praise the Sun!
At this point, I am feeling really good about this project. How amazing is it when you learn new skills and overcome challenges. I learned a lot in regards to planning for a project of this scale, making a soldering job look nice, how a switch is wired up, and more. I haven’t done any long term testing as to how long the Pi will run into the night when only running on battery. However, I find it amazing that this pocket computer can inspire so many people to come up with bright ideas and make them a tangible item. Some of the notable pages that helped me complete this project are as follows:
· How to make a Raspberry Pi solar-powered FTP server
· Adafruit.com
· Ike the Network Guy
· Raspberry Pi Forums
Finally, for all you Sun Bro’s out there, Praise the Sun!
Subscribe to:
Posts (Atom)