Slackware

Deploying 4096-bit HTTPS on the Raspberry Pi 2 was a bad idea

Who would have thought, right? :-)

After installing my certificate from Let’s Encrypt last week I was immediately confronted with the fact that I had made the wrong choice in regard to key sizes. By using a 4096-bit private key I was relying too heavily on the RPi2’s CPU. This became abundantly clear as page load times were increased by 500 – 1000ms.

HTTPS for WordPress on a Raspberry Pi 2

So you’re hosting your own WordPress blog on a Raspberry Pi 2 and want to join the HTTPS everywhere movement to ensure optimal privacy for your visitors. That’s great, but what kind of performance penalty can you expect as CPU intensive tasks are hardly a favorite with the RPi2. Is the extra computational cost of encrypting data and doing handshakes going to significantly slow down your site?

Well, you can probably answer that question yourself as your browser has just loaded this page over a secured TLS connection. Though WordPress can still serve static content generated by my caching plugin, there is no hiding the additional burden of doing handshakes and encryption. On my RPi2, the extra overhead is between 500 – 1000ms depending on latency.

Downtime and the perils of Slackware current

I woke up this morning to a mail informing me that WordPress had been upgraded to version 4.4.1. Shortly after I tried to access my blog to verify that everything had gone smoothly, but unfortunately my webserver showed no sign of life. Since I’ve previously had a few hard learned lessons with the RPi2, that made me a bit uneasy. A couple of hours later though, as I was reviewing my logs, the problem became pretty obvious:

Slackware Linux is moving to eudev

Some big news was revealed through the Slackware Current (pre-release) changelog today as the switch from udev to eudev was finally announced.

And this is a big deal because?

udev, which is a device manager for the Linux kernel was absorbed into systemd back in 2012 with a notion of fully supporting systems not running systemd.

As a response to the merging of udev into systemd, the Gentoo eudev project (an udev fork) officially launched a few months later. Their goal was to provide better compatibility with existing software, older kernels, various toolchains and anything else required by users.

WordPress on Raspberry Pi 2, six months down the road

So the last report from my Slackware based RPi2 hosting project ended on a cliffhanger (pun intended), as I was just recovering after suffering data corruption, the occasional kernel panic and random errors. Suspecting the instability might be caused by my overly optimistic approach to overclocking and overvolting, I decided to turn things down a few notches.

Slackware ARM on the Raspberry Pi 2- 38 days later

Excited by the prospect of hosting my blog on the new Raspberry Pi 2, I decided lately to wave goodbye to the local datacenter and unleash a Slackware Linux box into the wild (full story here).

Everything went (mostly) without a hitch until I wanted to get back in sync with the Slackware-current tree. After applying the available updates and issuing a reboot, the system seemed operational and nothing from the logs gave any indication of imminent failure.

WordPress on Raspberry Pi 2 running Slackware ARM

Two weeks ago, I decided to move this blog from its old hosting and deploy it on a Raspberry Pi 2. The geek in me could no longer resist the urge to discover if a $35 worth computer could replace the need for commercial hosting. Besides, what a great opportunity to finally get my hands on Slackware’s official ARM port.

RPi2 setup:

Raspberry Pi 2 Model B
Raspberry Pi 2 Micro USB Power Cable 1.2A
MicroSDHC Ultra UHS-I 32GB

LAMP setup:

Slackware ARM current
Package series: a, ap, d, l, k, n (and a few from “x”).
Apache 2.4.12 (rebuilt)
MariaDB 5.5.40 (rebuilt)
PHP 5.4.40 with mod_proxy_fcgi and php-fpm (rebuilt)

Non stock packages:
Modsecurity 2.9.0
Fail2ban 0.9.1

Why use Slackware and not a hard float port?

A hardware floating-point unit you say, well I’d never heard of it.

How to configure KMail with GPG on Slackware Linux 14.1

No additional software is required on a full Slackware 14.1 install.
Slackware 14.1 ships with KDE 4.10.5.

Prerequisites

If you don’t already have a key pair (secret and public key), then your first order of business is to create one. The preferrable option is to use the CLI with the command:

gpg --gen-key

KDE provides two graphical tools for working with GPG, namely KGpg and Kleopatra.  KGpg will walk you through the initial setup using an interactive wizard and subsequently create the needed key pair and config files (do not use Kleopatra for your initial setup).
If you’re importing an existing private key then make sure to change the default trust level afterwards.