Zero Rating

December 17th, 2016 by rlaager

https://yro.slashdot.org/story/16/12/16/2014245/att-verizon-tell-fcc-to-back-off-on-net-neutrality-complaints

AT&T wants companies to pay to “sponsor” their zero-rated data. This is the obvious violation of net neutrality. Even if the zero-rating looks good for consumers in the short run (because they can watch video without counting it towards their usage), it is bad for consumers in the long run. Any new video service will count against consumers’ data caps, giving that company a disadvantage. They can only compete if AT&T, at their sole option, chooses to allow them to sponsor zero-rating, and if AT&T charges them the same rate. And even then, this idea of pay-for-access is terrible for many other reasons.

Posted in Computers, Law, Politics | No Comments »

Raspberry Pi 3 Stratum 1 NTP Server (Ubuntu)

November 21st, 2016 by rlaager

Hardware:

I’m in the U.S., so I ordered only the GPS board and case from Uputronics to save on shipping.

Other GPS HATs (and cases) can be used. Consult the Stratum-1-Microserver HOWTO for GPIO pin changes in step 12.

1. From Ubuntu Pi Flavour Maker, download the Ubuntu Server Minimal 16.04 image. Note that this is only available using BitTorrent (for bandwidth reasons).

2. Write the image to a Micro SD card.

3. Insert the SD card into the Raspberry Pi. Stick the heatsink to the processor. Assemble the case with the Raspberry Pi in it as you go. Connect the GPS antenna and place it near a window. Connect a keyboard, mouse, and monitor. Power up the Raspberry Pi.

4. Login with “ubuntu” as the username and “ubuntu” as the password. Set your own password:
passwd

5. Become root:
sudo -s

6. Generate the missing locale:
locale-gen en_US.UTF-8

7. Disable a broken service:
systemctl disable ureadahead

8. Resize the partition to fill your Micro SD card:
fdisk /dev/mmcblk0
“Delete the second partition (d, 2), then recreate it using the defaults (n, p, 2, enter, enter), then write and exit (w).” — Ubuntu Pi Flavour Maker FAQ

9. Set your time zone:
dpkg-reconfigure tzdata

10. Set your hostname:
vi /etc/hosts
vi /etc/hostname

11. Disable fake-hwclock, which otherwise breaks PPS in NTP at boot:
systemctl disable fake-hwclock.service

12. Disable Bluetooth, as we need the UART for GPS:
echo dtoverlay=pi3-disable-bt >> /boot/config.txt
echo enable_uart=1 >> /boot/config.txt
echo dtoverlay=pps-gpio,gpiopin=18 >> /boot/config.txt
systemctl disable hciuart
apt -y purge bluez bluez-firmware

13. Set maximum performance for consistent timing:
sed -i "s|$| nohz=off|" /boot/cmdline.txt
systemctl disable ondemand
echo 'GOVERNOR="performance"' > /etc/default/cpufrequtils

14. Install software:
apt update
apt -y dist-upgrade
apt -y install cpufrequtils gpsd gpsd-clients ntp pps-tools

15. Configure gpsd:

sed -i 's|DEVICES="|\0/dev/ttyAMA0 /dev/pps0|' \
    /etc/default/gpsd
sed -i 's|GPSD_OPTIONS="|\0-n|' /etc/default/gpsd
mkdir -p /lib/systemd/system/ntp.service.d
cat >/lib/systemd/system/ntp.service.d/gpsd.conf <<EOF
[Unit]
After=gpsd.service
Wants=gpsd.service
EOF

16. Edit ntp.conf
vi /etc/ntp.conf
to have this content:

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list

statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Specify one or more NTP servers.

# Stratum 0 (GPS)
server 127.127.28.2 minpoll 1 maxpoll 1 prefer
fudge 127.127.28.2 refid PPS

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool 0.ubuntu.pool.ntp.org iburst preempt
pool 1.ubuntu.pool.ntp.org iburst preempt
pool 2.ubuntu.pool.ntp.org iburst preempt
pool 3.ubuntu.pool.ntp.org iburst preempt

# Use Ubuntu's ntp server as a fallback.
pool ntp.ubuntu.com preempt

server 127.127.28.0 noselect
fudge 127.127.28.0 time1 0 refid GPS

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html
# for details.  This page might also be helpful:
#   http://support.ntp.org/bin/view/Support/AccessRestrictions
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Needed for adding pool entries
restrict source notrap nomodify noquery

17. Reboot:
reboot

18. Resize the filesystem:
sudo resize2fs /dev/mmcblk0p2

19. Check that things look right:
ntpq -p

20. Wait ~24 hours for everything to stabilize. You want to allow for the drift to be calculated. Once the PPS offset is tiny (e.g. 0.010 or so), you know things are good.

21. At this point, wait for midnight to roll around so the stats are rotated. Then wait at least another 4 hours.

22. Calculate the correct offset for the GPS serial data:
awk '/127\.127\.28\.0/ { sum += $5 ; cnt++; } END { print sum / cnt; }' /var/log/ntpstats/peerstats

23. Subtract that value from the GPS’s time1 in /etc/ntp.conf. If this is the first time you’re doing it, the existing value is zero, so just flip the sign.

24. Restart ntp:
sudo systemctl ntpd restart

25. The offset on the GPS line should now be less than 3 or so. You can repeat steps 21 through 24 if want to try to get closer.

26. Remove noselect from the GPS line in /etc/ntp.conf:
sudo vi /etc/ntp.conf

27. Restart ntp:
sudo systemctl ntpd restart

Sources:

Posted in Computers, Open Source | No Comments »

Nexenta Upgrade Failure

February 4th, 2016 by rlaager

I’m documenting this mainly for myself, but if you’re ending up here based on a Google query, I hope it helps!

I tried to upgrade our Nexenta storage system (currently running 4.0.3FP3). After apt-get downloaded packages, I received this error:
Download complete and in download only mode
Upgrade is in progress. Please DO NOT interrupt...
Creating Upgrade Checkpoint...
Feb 03 19:13:23 EXCEPTION: FormatError: Failed to parse menu.lst: section content not complete
Uncaught exception from user code:
com.nexenta.nmu.FormatError: Failed to parse menu.lst: section content not complete
at /usr/perl5/5.12/lib/NZA/NMUUtil.pm line 731
NZA::NMUUtil::_mark_rootfs('syspool/rootfs-nmu-008', 0, '') called at /usr/perl5/5.12/lib/NZA/NMUUtil.pm line 817
NZA::NMUUtil::clone_rootfs() called at /usr/bin/nmu line 526

Nexenta tech support found that the issue was empty BOOTADM blocks in /syspool/boot/grub/menu.lst:
#---------- ADDED BY BOOTADM - DO NOT EDIT ----------
#---------------------END BOOTADM--------------------

The fix is to remove those and run bootadm update-archive -v.

If I understood correctly, the cause may have been using beadm destroy in the shell instead of setup appliance checkpoint ... in nmc.

Posted in Computers | No Comments »

Thoughts on Antivirus

October 31st, 2013 by rlaager

I get this question a fair amount. Here is the latest version from someone on Facebook: “To all the computer wizards out there: Which antivirus do you suggest putting on a computer?” My response…

Short version: Spend your money on backups instead.

I think I am in the minority in the industry on this, but I tend to recommend “none”. Antivirus software is a bit like insurance. You are going to pay something (dollars, at least some slowdown, and potential problems) all the time to potentially avoid paying a big something later.

No antivirus software can completely protect you from reckless behavior, and if you’re responsible, the risk is probably acceptably low. By “responsible”, I mean things like: don’t open attachments or click on links you were not expecting, regularly apply updates to your OS and browser, and only install software from trustworthy sources.

For the typical home user, the cost of recovering from a virus is pretty minimal, if you have backups. That is where you should focus your energy and/or money. And always test your backup method to make sure you can actually get your files off of it!

Update: Running Microsoft Security Essentials is probably reasonable. It’s free; you get it as part of Windows Updates.

Posted in Computers | No Comments »

My tcpdump Idiom

September 22nd, 2013 by rlaager

This is how I like to run tcpdump these days:
sudo tcpdump -U -s 0 -w - port 80 | tee DESCRIPTION-$(date +%s).pcap | tcpdump -lvvnr -

This dumps out a .pcap file I can open in Wireshark later, but also shows the tcpdump human-readable representation in real-time.

Posted in Computers, Open Source | No Comments »

« Previous Entries