Shut it
February 2, 2019 at 10:39 AM by Dr. Drang
I got a Raspberry Pi 3 Model B for Christmas and finally started using it. If “finally” seems like the wrong word, I will clarify: I’m not talking about the Christmas a month ago, I’m talking about the Christmas 13 months ago.
I bought a power supply, case, and microSD card for the Pi right away, but I never got it up and running. I dithered so long because I couldn’t decide what to do with it. My first thought was to set it up to run the Wolfram Language, which can be installed and run for free (for non-commercial use) on the Pi. That’s still kind of appealing, but I’m more interested in learning R and ggplot (to that end, Kieran Healy’s Data Visualization was recent Christmas gift to myself).
Then I thought about using the Pi as a Homebridge server, but that would mean committing to a bunch of smart devices in my house, and although I’m kind of interested in hearing other people’s experiences in home automation, I’m not sure I want to do it myself. I’ve never felt it burdensome to flip a light switch.
I could always set up the Pi as a general-purpose server to do command-line things from my iPad via Prompt. I already have that, though, because both of my iMacs (home and office) run continuously and have the tools I like already installed. Rosemary Orchard has an interesting variation on this: a Pi she travels with as a portable server for times when she doesn’t have good internet access. But for that I’d need a Pi Zero W; mine doesn’t have WiFi.
Update Feb 2, 2019 4:01 PM Apparently my Pi does have WiFi, even though most of the setup guides I’ve seen for it discuss Ethernet connections only. Even so, if I were going to travel with a Pi, it’d be the tiny Zero W.
A couple of weeks ago, Nathan Alderman was on a Slack channel I visit, talking about installing an internet ad-blocking service called Pi-hole on his Mac mini. He was having some trouble with its configuration because Pi-hole is more easily installed in its native environment, a Raspberry Pi. I’d never heard of Pi-hole before, but it seemed like a perfect fit for my dust-gathering Model B. Last weekend, I spent about an hour and a half setting it up on my home network, and it’s been successfully blocking crap from my devices ever since.
There is an ethical issue to using an ad blocker. People who want to make a living creating things on the internet should be paid for their work, and advertising is the most common way to get paid. And I’m not offended by the presence of advertising on other media. Newspapers, magazines, radio, and TV have always had ads, and I don’t go out of my way to block them. But when I’m looking at a newspaper while eating breakfast, the newspaper doesn’t look back at me, taking note of the cereal I’m eating, the clothes I’m wearing, and whether it looks like I’ve put on a few pounds recently. Internet ads do, and it’s that—along with the invisible trackers on so many sites—that offends me. So I’ve used ad blockers despite my qualms.
Pi-hole differs from browser-based ad blockers in that it works at the network level. It acts as a local DNS server that simply doesn’t serve content from sites on its block list. So the voluminous cruft associated with so many modern websites doesn’t even get to your browser to be sifted through. And a single configuration works for all the devices on your network.
I followed these instructions, which start at ground zero and take you through the entire configuration of both the Raspbian OS and Pi-hole itself. There are a few places in process where you’ll have to do a small bit of thinking on your own:
- After using a desktop or notebook computer to flash the OS onto the microSD card, you’ll have to mount the SD card on your desktop OS and add an empty file name “ssh” to the root directory of the card. This will give you SSH access to the Pi from any computer on your network. On a Mac, the mounted card will be found in the
/Volumes
directory, and its name should be obvious. Open Terminal,cd
into the card’s directory and run the commandtouch ssh
. - To SSH into the Pi (after you’ve put the microSD card into it, connected it to your network, and powered it up), you’ll need to know its IP number. I found it by running the Eero app on my iPhone and scrolling through the connected devices list.
- The Pi-hole configuration process has more questions than are listed in the instructions, but generally you should accept the defaults. I got the upstream DNS providers (what Pi-hole passes queries off to after it’s done its filtering) from the Advanced Settings section of the Eero app’s Network Settings. Also, I set my Pi’s IP address and gateway manually so it would have a permanent IP number instead of one that could be reassigned by the router through DHCP.
- At the end of the Pi-hole configuration, you’ll be given a password for the admin web interface. Write it down and put it into whatever system you use to hold your passwords. The Pi-hole admin web interface can be reached at
http://<ipnumber>/admin
After configuring Pi-hole, reboot the Pi; you should have a functioning ad blocker.
To test it, I changed the DNS settings on my iMac to point to the IP number of the Pi and tried out several pages. It worked for a while and then I did something I’m still not sure of that killed the WiFi connection. It wasn’t a problem with the Eero, as all my other devices were still connected. I rebooted the iMac, its WiFi connection came back, and I haven’t had any trouble with it since.
With a successful test under my belt, I took the big plunge: changing the DNS settings in my router to point to the IP address of the Pi. That required a reboot of the Eero. When it came back, ads were blocked from all of my devices. And my wife’s, too, which led to some difficulties.
First, she couldn’t follow links from Twitter on either her iPhone or iPad. I assumed this had something to do with the t.co
domain that Twitter uses for links in tweets. That turned out to be correct, but what was weird was that I could follow those links from all of my devices. I looked in her settings and mine but couldn’t find any reason for this. Going to the Pi-hole admin page and adding t.co
to its whitelist solved the problem.
But that got me thinking that other services she uses might be blocked. The people who set up blocklists for Pi-hole, I figured, are probably very militant and will block more than a normal person will want blocked. I was particularly concerned with Instagram and Facebook; Pi-hole could make them unusable.
So we started with Instagram. My wife went to her timeline and started clicking links to see what worked and what didn’t. Most links worked, but a couple didn’t. I looked at the ones that didn’t and they were definitely the kinds of quasi-advertisements that Pi-hole adherents would want to block. “Yeah,” said my wife, “but my friends post these and I like to see them.”
I realized right then that Pi-hole wasn’t going to work network-wide. We didn’t bother checking links in Facebook or, god forbid, Pinterest. I reset the Eero to go back to using my ISP’s DNS servers, and then set the DNS on all of my devices to point to the Pi. This isn’t what the Pi-hole folks intended, but it works perfectly for us. I get the blocking I want, and my wife doesn’t get the blocking she doesn’t want.
In the week since setting up Pi-hole, I’ve had to add only one other domain to the whitelist: bit.ly
. I guess I understand why a service that hides what you’re clicking on could seem nefarious, but that’s too severe even for me.
Here’s what the Pi-hole admin dashboard looks like:
Early on, I added a recommended set of blocklists, thinking it would overwrite the defaults. Instead, it added to them, and I think there are a bunch of duplicates in that 1.6 million figure in the red box. Now that I understand the system a little better, I’ll probably delete all the blocklists and start over with a fresh set.
Overall, I’m pleased with Pi-hole. It was easy to get started and has given me no trouble since I finalized its setup. I’m not sure I’d buy a Pi specifically for it, but it’s a nice service to add if you already have one.