
Don't Use Raspberry Pi for Everything - webtechgal
http://www.makeuseof.com/tag/stop-using-raspberry-pi-everything/
======
justforFranz
The author's points are valid. However, there's no recognition of the
tremendous marketing, documentation, training, community & ecosystem
surrounding the platform.

These things are real, they are as real as any code that's written. They are
as real as any hardware.

So yes, the Raspberry Pi is a great, fantastic introduction into this IOT
world. The security problems are real, that should be the first thing attended
to.

And then yes, once you get the basics down it should be easy to move to a
better platform/device/doohicky.

~~~
wmeredith
Now take this comment and insert WordPress instead of Raspberry Pi :) Ubiquity
and ease-of-use will win over security.

~~~
freehunter
My job is trying to get ambivalent people to take security seriously, and I'd
like to amend your statement. Ubiquity and ease-of-use will win over security
_as long as security professionals insist on cumbersome practices_.

Nonsensical password complexity rules.

The absolutely asinine technology we have to encrypt emails.

Third-party antivirus software.

Patches forcing a reboot (hell, patches _needing_ a reboot).

Encryption being an add-on or an option.

Bundling spyware and adware with brand new machines in order to reduce their
sticker price.

Let's Encrypt changed the world by making SSL certs as easy as they could ever
be. That's a very positive step. Likewise, no one has to wonder if their
iPhone is infected with malware. They just use it, without any security
training at all. Developers use PaaS because patching is hard and you never
know if it's going to break a production system. Now it's someone else's
problem.

What wins security is making it harder to _not_ be secure. Wordpress is still
a long way from that ideal.

~~~
flukus
> What wins security is making it harder to not be secure.

I find this is usually at odds with your original statement. Current security
practices are almost entirely a security/utility trade off, we make things
secure by locking systems down so the user can do less or has to jump through
hoops to do it. The iPhone is the perfect example of this, it's only secure
because it's limited in what can be installed or run by the user.

~~~
freehunter
You're right, I worded that wrong. I should have said "What wins security is
making it easier to be secure (rather than making it harder to do insecure
things). The iPhone went the second route. iOS is undeniably easy to use right
out of the box, and it's also really super secure. But if you want to
circumvent all of their security, it's actually pretty difficult. You have to
trade a lot of things for the ability to jailbreak your phone.

Windows went the other route. If you want to install unsigned drivers, you
have to reboot into a special mode, and next time you reboot you lose that
privilege again. If you want to install programs, you have to click yes on the
UAC pop-up. In the past, none of those roadblocks existed. Rather than making
it easier to have good security, they made it harder to do things insecurely.

Microsoft purposefully put in things to make it harder to be insecure, where
Apple (with the benefit of starting from scratch and not having to deal with
legacy cruft) was able to make being secure easier. Most people don't have to
jump through hoops to do things securely on the iPhone because it was built
from the ground up to make sure everything you need to do can be done within
the sandbox/walled garden.

Things like SSH keys that require you to upload a certificate to every server,
that's secure but all you're doing is making it harder to do things. People
are more likely to fall back to passwords, so your only option is to not let
them use passwords, which is just making it harder to be insecure. RSA tokens
are a middle ground, not really harder than a password but far more secure.
But a fingerprint scanner built right into a button you were going to press
anyway? _That_ is making security easier. It's good (enough) security and end
users don't even notice it, let alone have any opinion on it. It just works.
It's that easy.

------
RaspPiIdiote
"Don’t Spend $40 to Flash an LED Over the Web"

The new Pi Zero W's are $9 and the include wifi. I used to use arduinios or
MSPs for things because i didnt want to "waste" a full pi. But I mean, $4
savings with these NodeMCUs? vs. the platform I already know how to use that's
a normal computer that happens to have trivially easy to use IO pins? For one-
off type projects i just don't see how it's worth it for me. I'd rather spend
the four bucks and skip ahead to the interesting part of the project.

Imho the better thing to consider w/ pi is that even the Pi Zero W consumes a
decent amount of power. So for some projects, that really matters.

~~~
Obi_Juan_Kenobi
You might compare the $9 figure with $1 for digispark clones, or $2-3 for nano
clones.

That said, I basically agree.

------
ChiliDogSwirl
"To start with, it runs Linux, which has a steep learning curve associated
with it and isn’t suited to beginners."

I couldn't take the article seriously after this. "Beginners" click icons and
run applications. This works under Linux like any other OS. Anything more
complex than that isn't going to be done by a "beginner" no matter what OS
you're using.

------
titanomachy
This article referenced the ESP8266 (specifically NodeMCU configuration) as a
cheap alternative for WiFi IOT projects that don't warrant the Pi's
complexity. I've played with this chip and was pleasantly surprised how easy
it was to get it working. The bare chips can be had for a couple of dollars,
or $15 for a development board which supports USB flashing.

Don't cheap out on the dev board, the cheapest ones use a shitty USB-serial
chip and it was a headache to get the drivers working. The adafruit one worked
out of the box.

~~~
Cymen
I really love the Wemos D1 mini. It fits in a standard breadboard with space
for a row of pins on each side. It's only $4 plus shipping from Wemos:

[https://www.aliexpress.com/store/product/D1-mini-Mini-
NodeMc...](https://www.aliexpress.com/store/product/D1-mini-Mini-
NodeMcu-4M-bytes-Lua-WIFI-Internet-of-Things-development-board-based-
ESP8266/1331105_32529101036.html)

For anyone thinking about trying ESP8266 programming, it's a great way to
start. For my one-of projects, I just put a whole D1 mini in and don't worry
about trying to optimize it to less components (why bother at $4/board?). Just
order at least a handful as shipping is slow.

------
aqsalose
The hardware limitations and the "danger of server maintenance" points are
valid. Only that

>That ever-so-slight delay between hitting a key and having it appear on
screen will eventually wear you down.

You don't need to run a full blown desktop. TTY is snappy enough on my model
2B.

It's a great "learn to hack stuff on a cheap small computer" platform for my
nephew (if I had a nephew [1]), and that's how it is advertised.

[1] On the other hand, I wonder how many RasPi users buy the thing because
they wish they would have had it when they were of the age to be someone's
nephew.

~~~
copperx
I use my Raspberry Pi as an always-on Emacs computer; all on a framebuffer.
It's very refreshing to be able to turn on a monitor and be able to write a
journal entry or manage a to-do list and then commit and push to a remote git
repository. There's nothing to distract you besides M-x tetris.

I once considered buying an AlphaSmart Dana for this purpose, but you can't
beat Emacs's keybindings (or vi's, if that's your thing).

------
voidr
> It’s Dangerously Insecure (In the Wrong Hands)

Just like any other programmable internet connected device.

> A Mini-PC or Tablet Would Probably Be Better

How does this solve the security problem mentioned above? IMHO it actually
makes it worse, because you are now connecting an even more powerful machine.

> Never open your Pi as a public facing server.

What if the purpose of my Pi is to be a public facing server?

> This is true of every website regardless of where it’s hosted, but it’s
> particularly problematic for the Raspberry Pi, which tends to be set up by
> hobbyists who aren’t intimately familiar with best security practices.

It is easier to install a web server and misconfigure security on a typical
desktop machine than it is on a Raspberry. It feels that the author has a
condescending view on raspberry hobbyists that is not backed up by any facts.

------
nategri
"Dongles, Dongles Everywhere"

Straw men, straw men everywhere!

------
jeffehobbs
This article does not really need to exist.

------
webtechgal
One point that caught my eye is:

"Linux enthusiasts perpetually claim that this year is the year that Linux
will finally make headway into the desktop for the everyday user — but it
never has and never will."

I guess the author has a (much coveted) crystal ball.

~~~
metalliqaz
Oh stop it. Is anyone seriously expecting Linux to take over the desktop
anymore? Ubuntu is embedded in Windows now for cripes sakes! Be happy with the
world's servers and cell phones.

~~~
yellowapple
The closest thing to a "Year of the Linux Desktop" is the growing popularity
of ChromeOS. Nowhere near rivaling Windows, sure, but not entirely obscure
either, and certainly not with a "steep learning curve" (come on MakeUseOf; it
ain't 2005 anymore, you can cool it with the tired "Linux is hard to use"
crap).

~~~
freehunter
The Linux systems that get brought up in these arguments have a lot of non-
default helper programs that obfuscate the underlying OS and remove really any
reason to be using Linux in the first place other than it's free and it runs
on everything.

I mean, yeah Android is nice. And it technically runs Linux. But so does my
wifi router... just because I plugged it in and logged into the web interface
doesn't mean I can, with a straight face, claim that I am a Linux user.

Does having a laptop that boots straight into a browser without showing
anything lower level than that really count as Linux? Does it really make me a
Linux user?

~~~
BlackLotus89
Yes it does. What kind of question is that? With the same logic you can claim
that no Windows user that doesn't know how to use "obscure" Windows tools is a
Windows user. What you are talking about is a "Power User" or admin. Fuck when
every Desktop would run ChromeOS would you still claim it wasn't the year of
the Linux desktop? Ubuntu tries to hide every "linuxy" aspect and make it user
friendly. So people using Ubuntu and not using any of the command line tools
aren't Linux users?

Making the choice running a system makes you a user of that system. If the
choice is conscious or not is unimportant. Most people only click on "the
internet" or office and it doesn't make them less Windows users. Or do you
need to be aware of what you are to be it?

~~~
freehunter
The difference is, Windows is Windows. It's a full OS from tip to tail. Linux
is a kernel, one that doesn't do a whole lot by itself. If you installed
Linux, you'd be very disappointed. But even installing Ubuntu is different IMO
than using Android or ChromeOS or a car infotainment system that may
technically be based on Linux but the end user would never be able to tell.

Likewise if I've used an ATM or a mall kiosk that was based on Windows, I'd
hardly call myself a Windows user. I'm not talking about an admin or a power
user. I'm talking about someone being aware at a basic level what kind of
system they're using. My grandma knows she's using Windows.

~~~
BlackLotus89
The problem we both have is when we define someone as a Linux or Windows
"user". In my opinion what counts for the year of the Linux Desktop isn't if
anybody _sees_ themself as Linux user, but rather if someone actually uses
Linux.

I think if we are evaluating what the market share of an os it doesn't matter
how it hides it presence. ATMs still are vulnerable to Windows exploits and
Linux PCs for Linux vulns and it doesn't need someone to identify with
something to be it. It's just the difference between calling oneself a * user
and being counted/seen as one.

> Does having a laptop that boots straight into a browser without showing
> anything lower level than that really count as Linux? Does it really make me
> a Linux user?

You maybe don't see yourself as one, but you are one. I don't think my Grandma
knew she was using Windows and it doesn't matter if she knew.

~~~
freehunter
In that case Linux won years ago. Nearly everyone has seen a billboard or mall
kiosk or in-flight entertainment system running on Linux, nearly everyone has
connected to a web page running on a Linux server, many people run Android-
powered TVs. Hell, my dog can push the ice dispenser on my Samsung smart
fridge, she's a Linux user too.

Debate's over. If you don't have to know you're using Linux, if you don't have
to see yourself as a Linux user, if all you have to do is be exposed to a
system that incidentally runs Linux in some odd capacity for it to be
considered Linux on the desktop, that's it. Linux won.

Bad news for everyone who is anti-Microsoft but visits Stack Overflow which
runs on Windows Server... wonder if those people are aware that they're now
considered Windows users?

------
nine_k
Using an RPi for _everything_ is indeed not a good idea! It's a poor choice
for e.g a HPC server of a 10G router.

Not using RPi for _anything_ is not a good idea either, it seems.

The RPi (and C.H.I.P., Arduino, etc) have a rather well-defined sweet spot:
small-scale hobby projects and study. At this niche, they are a good value for
the money (because tools, books, community, etc).

------
soneil
#1 is an interesting point. Use a $5 nodemcu instead of a $9 pi. Not only do
you save $4, but you get a free introduction to the world of horrible ssl
implementations!

------
joshstrange
I found the tangent into running linux on the RasPi a little odd... I agree
for IoT you probably don't need a RasPi but I love mine for RasPlex.

