Raspberry Pi Kernel/Firmware Upgrade/Downgrade

I’ve been looking at a problem with one of my Raspberry Pi projects freezing every now and again.  I have a suspicion from reading recent posts that it could be kernel related.  I found a good article here which also links to the rpi-update utility on Github here

The great thing here is the utility allows a downgrade.

I can also never remember how to find the current kernel version so, for me, this is what I use:

uname -srvm

Unattended Upgrades on my Raspberry Pi’s

I can never quite remember how I like my unattended upgrades configured on my Raspberry Pi’s so I’m just popping it here.  It should work for all versions!

nano /etc/apt/apt.conf.d/50unattended-upgrades


Unattended-Upgrade::Origins-Pattern {
        "origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation";

Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";

To check it:

unattended-upgrade --dry-run

Logs can be found at:





CTF Resources

This is really just a place for me to remind myself of useful resources I’ve used when undertaking CTF challenges 🙂

Cryptography Resources:

Dcode – the essential site for deciphering and decoding messages
Cryptii – Modular online encoding, encryption and conversion tool
quipqiup – a fast and automated cryptogram solver

Network Resources:

netcat (nc) -a feature-rich network debugging and investigation tool

BBC micro:bit expoloration

On a whim I nipped out and bought the only BBC micro:bit in stock at PB Tech in New Plymouth as I was curious to have a play and see where it might fit in between Raspberry Pi’s and Arduino’s for teaching kids.

I thought turning it into a simple digital watch would be a fun place to start learning so, below is the result.

The virtual micro:bits, below, are interactive so click on the ‘shake’ button to simulate shaking it in real life to display the time.

The code can also be found in my Github repo, here.  It will be the most recent version if I have made changes and haven’t had time, or have forgotten, to update this post 🙂


Pi-hole in a Docker Container on a Raspberry Pi

While I was disappearing down a rabbit hole investigating unbound as a DNS Privacy server, I came across Pi-Hole – A black hole for Internet advertisements.

I’ve always used uBlock Origin for ad blocking but that is a per client thing which is a bit of a hassle.

Pi-hole provides ad blocking for all clients on the network, seamlessly.  I just configure DNS on each client, via DHCP, to point towards the Pi-Hole server.

Obviously, I love Docker so it’s in a Docker Container on a Raspberry Pi.

Currently, I’ve sacrificed DNS privacy but I’ll work on that later in terms of getting Pi-hole to send all DNS queries through my own DNS server.

This is how I implemented it.  Obviously, these aren’t detailed instructions but more of a reference to jog my memory if I need it!

Note: Substitute the IP address of the host that the Container is running on for ${IP} and ${IPv6}

docker run -d \
    --name=pihole \
    --hostname=pihole \
    -p 53:53/tcp -p 53:53/udp -p 80:80 \
    -e ServerIP="${IP}" \
    -e ServerIPv6="${IPv6}" \
    -v pihole_data_1:/etc/pihole/ \
    -v pihole_data_2:/etc/dnsmasq.d/ \
    --restart=unless-stopped \



Raspberry Pi Docker Container to send all LAN DNS requests to Cloudflare’s DNS over TLS

I wanted to implement this on a Raspberry Pi that I have running Docker.  However, I wasn’t able to find an image in Docker Hub for the ARM architecture that the Raspberry Pi uses so I made my own based on the x86-64 image, here.

  • Place the Dockerfile and unbound.conf in the same directory.
  • Docker file:
FROM arm32v6/alpine:3.7
EXPOSE 53/udp
RUN apk add --update --no-cache -q --progress unbound && \
    rm -rf /etc/unbound/unbound.conf /var/cache/apk/*
COPY unbound.conf /etc/unbound/unbound.conf
ENTRYPOINT unbound -d
  • unbound.conf:
  verbosity: 0
  use-syslog: no
  qname-minimisation: yes
  do-tcp: yes
  prefetch: yes
  rrset-roundrobin: yes
  use-caps-for-id: yes
  do-ip4: yes
  do-ip6: no
  access-control: allow
  name: "."
  forward-ssl-upstream: yes


  • Build the Docker image:
docker build -t itinnovations/cloudflaretlsdns:latest .


  • Start a container as a daemon from the above image:
docker run -d \
  --name=CloudflareTLSDNS \
  --restart=unless-stopped \
  -p 53:53/udp \


  • Configure all clients to point to the IP address of the Docker Host for DNS.

EDUP 802.11n Mini Wi-Fi Adapter Sleeping


I bought some EDUP 802.11 N Mini Wi-Fi Adapters from China.  They’re cheap and do a fine job plugged into my Raspberry Pi’s.

However, by default, they always go to sleep which makes it difficult to connect to them via ssh etc.  To fix this, here’s what I did:

To identify the USB WLAN Adapter I did the following:

$ lsusb

Bus 001 Device 004: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp. 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub


$ lsusb -t
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=dwc_otg/1p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/5p, 480M
        |__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=smsc95xx, 480M
        |__ Port 5: Dev 4, If 0, Class=Vendor Specific Class, Driver=rtl8192cu, 480M

From that I was able to derive that the WLAN adapter was using the rtl8192cu drivers.

A bit of Googling later, I was able to disable power management on the Wifi adapter, like this:

sudo nano /etc/modprobe.d/8192cu.conf

Add the following lines:

# Disable power management options
8192cu rtw_power_mgnt=0 rtw_enusbss=0



cat /sys/module/8192cu/parameters/rtw_power_mgnt

It should return 0 if the power management is off.

Bask in the glory of your WiFi adapter that stays up all the time 🙂

Deploy Watchtower in Docker

Watchtower is an application that will monitor your running Docker containers and watch for changes to the images that those containers were originally started from. If watchtower detects that an image has changed, it will automatically restart the container using the new image.

  • A 16 megabyte limit is set on the container, in this instance.
  • I’ve added a hostname for this container because Watchtower sends emails with the hostname of the Watchtower Docker container in the subject line.  By setting my own hostname instead of the default Docker generated hostname, I can glance at the email and see which of my hosts containers have just been updated.
  • Email notifications are configured using the container environment variables using the -e flags.  These can be omitted if you don’t want any notifications.
docker run -d \
  --name watchtower \
  --hostname=azure.dockerhost001 \
  --restart=unless-stopped \
  --memory=16mb \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e WATCHTOWER_NOTIFICATION_EMAIL_FROM=admin@yourdomain.com \
  -e WATCHTOWER_NOTIFICATION_EMAIL_TO=admin@yourdomain.com \
  v2tec/watchtower \

Deploy Portainer in Docker

Portainer is an Open-Source lightweight Management UI which allows you to easily manage your Docker Hosts or Swarm Clusters

  • Port 9000 of the container is published to the host
  • A 16 megabyte limit is set on the container, in this instance.
  • Data is persisted in a named volume called ‘portainer_data’
docker run -d \
  --name portainer \
  --restart=unless-stopped \
  --memory=16m \
  -p 9000:9000 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v portainer_data:/data \

The container can also be deployed using the more explicit –mount flag which became available for standalone containers in Docker 17.06.

docker run -d \
  --name portainer \
  --restart=always \
  --memory=16m \
  -p 9000:9000 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --mount source=portainer_data,destination=/data \

Install Docker and Compose on Ubuntu 16.04 LTS


apt-get update

apt-get install \
 apt-transport-https \
 ca-certificates \
 curl \

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

add-apt-repository \
 "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
 $(lsb_release -cs) \

apt-get update

apt-get install -y \
  docker-ce \

If you plan on using the –memory flag when creating containers, you may need to enable memory and swap accounting in the Kernel.

  1. Log into the Ubuntu host as a user with sudo privileges.
  2. Edit the /etc/default/grub file. Add or edit the GRUB_CMDLINE_LINUX line to add the following two key-value pairs:
    GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
  3. Save and close the file.
  4. Update GRUB.
    $ sudo update-grub

    If your GRUB configuration file has incorrect syntax, an error occurs. In this case, repeat steps 3 and 4.

    The changes take effect when the system is rebooted.

More detailed information can be found in the Docker Post-Installation Steps for Linux.