systemd timers vs cron

Chris Siebenmann recently posted an article on his excellent blog titled, “Systemd timer units have the unfortunate practical effect of hiding errors“.

I posted a comment in reply:

Switching from cron to systemd timers is definitely an operational change.

The emphasis on emails feels like status quo bias, though. Imagine the situation was reversed: that everything was using systemd timers and then someone wrote cron and people started switching to that. In that case, there is a similar operational change. You’d switch from having a centralized status (e.g. systemctl list-units --failed) and centralized logging (the journal, which also defaults to forwarding to syslog) to crond sending emails. Is that an improvement, a step backwards, neither or both? Either way, I’d say the most important thing is that you need to integrate the new tool into your environment.

FWIW, at my work, we are in the process of converting all of our cron jobs into systemd service and timer pairs. One of the big reasons for that is that we already have systemd failed units monitored by Icinga, so this eliminates a separate way of monitoring things (emails to root) in favor of our unified alarming system. Also, emails are not great if an “every minute” or “every five minute” cron job starts failing.

We also expect other advantages. For one, service units are easier to develop & debug, as you can just start them with systemctl, without having to fiddle with the cron definition to run it at “the next minute” and then remember to change it back to the production timings when you’re done. Also, systemd timers can be randomized to spread the load rather than having every system wake up at the same moment and start running e.g. daily jobs. (I’m aware that cronie has RANDOM_DELAY, but Debian & Ubuntu still use Debian’s vixie-cron which does not.)

Time will tell if this was a good idea or not. Assuming this goes well for us, the next phase will be to switch from crond to systemd-cron, a (third-party) systemd generator that creates service and timer units from crontabs. This will dynamically convert any package cron jobs.

If emails are what you want, systemd timers are definitely a step backwards in that regard. Emails can be done, and systemd-cron has a setup for them for the units it converts, but it is additional work. And for timer-triggered services that are provided by distro packages (i.e. not you), while you can use drop-in config files to add the relevant configuration, you have to do that per-service. This is extra work, and more importantly, you have to know about all such units you have installed, which does not scale.

Another, more general, option would be to wire up something to check for failed units and send an email based on that.

Raspberry Pi 3 Stratum 1 NTP Server

This is an update of the previous post. I’m now using Raspbian Buster with NTPsec (which I package in Debian).

Hardware:

I’m in the U.S., so I ordered only the GPS board and case from Uputronics to save on shipping.

Other GPS HATs (and cases) can be used. Consult the Stratum-1-Microserver HOWTO for GPIO pin changes.

1. Download a Raspbian Buster image, typically the Raspbian Buster Lite image, which is command line only.

2. Unzip the image:
$ unzip 2019-09-26-raspbian-buster-lite.zip

3. Write the image to a Micro SD card:
$ sudo dd if=2019-09-26-raspbian-buster-lite.img of=/dev/mmcblk0

4. Insert the SD card into the Raspberry Pi. Stick the heatsink to the processor. Assemble the case with the Raspberry Pi in it as you go. Connect the GPS antenna and place it near a window. Connect a keyboard, mouse, and monitor. Power up the Raspberry Pi.

5. Login as “pi” as the username and “raspberry” as the password. Set your own password:
$ passwd

Alternatively, add your own user and delete the “pi” user:

$ sudo adduser YOURUSERNAME
$ sudo usermod -a -G adm,audio,cdrom,dialout,games,gpio,i2c,input,netdev,plugdev,spi,sudo,users,video YOURUSERNAME
$ exit
Log back in with your username.
$ sudo deluser pi

6. Set your locale:

$ sudo apt update
$ sudo apt install locales
$ sudo dpkg-reconfigure locales

7. Set your time zone:
$ sudo dpkg-reconfigure tzdata

8. Set your hostname:

$ sudo vi /etc/hosts
$ sudo vi /etc/hostname

9. Optimize system performance:

$ sudo sed -i "s|$| nohz=off|" /boot/cmdline.txt
$ sudo vi /etc/default/cpufrequtils
Set: GOVERNOR="performance"

10. Reconfigure serial for GPS:

$ sudo apt -y purge bluez bluez-firmware
$ sudo sed -i "s|console=serial0,115200 ||" /boot/cmdline.txt
$ sudo vi /boot/config.txt
Add these lines to the end:
dtoverlay=pi3-disable-bt
enable_uart=1
dtoverlay=pps-gpio,gpiopin=18

11. Update and install software:

$ sudo apt -y dist-upgrade
$ sudo apt -y install cpufrequtils gpsd gpsd-clients pps-tools ntpsec ntpsec-ntpviz

Note: Installing ntpsec-ntpviz is optional, and skipping it will avoid bringing in Apache.

12. Configure gpsd:

$ sudo sed -i 's|DEVICES="|\0/dev/ttyAMA0 /dev/pps0|' \
/etc/default/gpsd
$ sudo sed -i 's|GPSD_OPTIONS="|\0-n|' /etc/default/gpsd
$ sudo mkdir -p /etc/systemd/system/ntpsec.service.d
$ sudo vi /etc/systemd/system/ntpsec.service.d/gpsd.conf
[Unit]
After=gpsd.service
Wants=gpsd.service

$ sudo mkdir -p /etc/systemd/system/gpsd.service.d
$ sudo vi /etc/systemd/system/gpsd.service.d/stationary.conf
[Service]
ExecStartPre=/usr/bin/gpsctl -t 'u-blox' -b -x '\\x06\\x24\\xFF\\xFF\\x02\\x03\\x00\\x00\\x00\\x00\\x10\\x27\\x00\\x00\\x05\\x00\\xFA\\x00\\xFA\\x00\\x64\\x00\\x2C\\x01\\x00\\x3C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00' $DEVICES

The stationary.conf bit is not required. This sends a command to the GPS to put it into “stationary mode”. By telling the GPS module that it is not moving, it can optimize its calculations, which should slightly improve timing performance. However, whether this matters for NTP-level accuracy is doubtful. I have no done any analysis.

13. Configure ntpd:

sudo vi /etc/default/ntpsec
Set:
IGNORE_DHCP="yes"


sudo vi /etc/ntpsec/ntp.conf
Add these two lines before the "pool" entries:
server 127.127.28.2 minpoll 1 maxpoll 1 prefer
fudge 127.127.28.2 refid PPS

Note: If you want to be able to set the clock without network access, also comment out:
tos minclock 4 minsane 3

15. Reboot:
$ sudo reboot

16. Check that things look right:
$ watch ntpq -p

After a bit, you should see “SHM(2)” selected, which will be indicated by an asterisk in front of that line.

When finished, you can kill the watch command with Control-C.

If the PPS is not working, first check the GPS status:
$ gpsmon

Once the GPS is locked, check the PPS status:
$ sudo ppstest /dev/pps0

Sources:

FreeBSD Code of Conduct

Slashdot linked to the FreeBSD Code of Conduct. The article claims there is some controversy, so that’s what the comments focus on. I wrote:

Having just read the Code of Conduct, it seem generally fine. Some of my concerns are that the rules are too broad, and some are that they are too narrow.

The “Comments that reinforce systemic oppression related to” wording seems super vague. This portion has the highest potential for abusive use. To be clear, I’m fine with all the protected criteria that come in that rule. I’d much prefer replacing that with “Harassing comments related to”

The “unwelcome comments” thing is pretty broad. If someone says to me on IRC, “I’m tired all the time.” and I say, “You should stop eating so much junk food and get some exercise.”, I’m now in trouble if they feel that comment is unwelcome. With this rule, the only option for me is to never engage in such a conversation. Is that helpful or harmful to building relationships and living fulfilling lives? I think it’s more harmful than helpful. Now, I agree that continually nagging that person to eat healthy is inappropriate. If this was limited to “repeated”, “after being asked to stop”, or similar, it would be better.

I have some concerns about the “dead” names thing. I get and agree with the point: use the names people pick for themselves. As long as this isn’t enforced robotically, it should be fine. There are some legitimate reasons to use names that were in use in times in the past. For example, I think citations to publications should use the name of the author at the time it was published, because the point of the citation is to help you find the publication. This is supported by, for example, an APA Style Blog post. The issue of whether to change one’s name is complicated for the individual and has implications for the wider community.

For another example, yesterday I was considering replying to a years-old mailing list comment, and quoting some text. The author of the quoted text is trans and has changed names. Am I required to edit the “On DATE, NAME wrote:” line? To be clear, in new text, I would address this person using their new name (and have actually done so). I said in a follow up comment: I actually struggled with this for several minutes before ultimately deciding to just drop the “On DATE, NAME” bit. I ultimately determined the answer to my own question, so I dropped the email before sending it.

I personally don’t see a problem with person A saying “*hugs*” to person B without (advance) consent. Though, this is situational. If someone says, “Sorry for the delay on this bug, I’ve been distracted. My dog died.”, I see no problem with “Sorry to hear about your dog. *hugs*”. On the other hand, something like “You’re such a special snowflake. *hugs*” is an improper ad hominem attack. Even in the first example, I do have a problem if they keep doing it after being told by person B to stop, so that rule is fine. On the other hand, saying “*backrub*” out of the blue does seem across the line. I’m struggling to think of an example where that would be unambiguously appropriate.

I’m not sure why the “as necessary to protect vulnerable people from intentional abuse” exception exists to the “outing” rule. Why would it be necessary or acceptable to out someone to protect them? I said in a follow up comment: In terms of the exception to the “outing” rule, I was assuming that the person being outed was the vulnerable person. I see my error now, and this makes sense.

“Publication of non-harassing private communication without consent.” is problematic as a blanket rule. If someone says something important publicly which is materially contradicted by private statements, that might be necessary (albeit tacky) to share, even if those private statements are non-harrassing.

“Knowingly making harmful false claims about a person.” I would strike harmful. Why is it necessary that the false claims be harmful?

Guns: Focus on agreement

This post, entitled, “Fuck you, I like guns” was posted to Facebook recently.

The positions from this article are: “I like guns and I don’t care what you want.” and “I don’t like guns and I don’t care what you want.” I don’t think people with those positions can have a productive discussion with each other.

I don’t think those extremes are as common as people like to claim. I think we’d do a lot better to focus on areas where we agree. For example, both sides agree that criminals shouldn’t have guns. We only prosecute 0.1% of background check denials. Except for paperwork mistakes, every single one of those people is committing a federal and state crime, which they have caused to be reported, and nothing happens. Can we investigate every single one?

There is also widespread support for “universal background checks”. Can we pass that (without lumping in other things)?

If you want to require licensing for gun purchases, I’m personally on board with that. For example, in my state, we could require the existing hunter’s safety course to purchase a rifle, and the existing concealed weapons permit course to purchase a pistol. I don’t think that’d be too controversial. I might ask for something in return, though. Since I’m licensed, let me take my concealed handgun into all gas stations instead of just some of them. Or, if that’s too much of a restriction on other’s property rights, maybe we can respect my property rights by repealing laws banning silencers so I can further protect my hearing at the range.

Can we repeal the common law duty to retreat at the same time as adding “violent” in front of “felony” in my state’s laws about self defense in the home to correct that oddity?

Can we treat private citizens who use force in self-defense the same way we treat cops who do the same, perhaps by bringing both situations closer to the middle?

If limiting things in the Bill of Rights is on the table, can we restrict the media just a little bit in how they report on these things? We know that copycat crimes are thing, and less sensationalism and glorification of the crimes would likely help.

Facts are Discriminatory

As reported on Ars Technica, the National Labor Relations Board’s Office of General Counsel, released a memo about James Damore’s complaint against Google after they fired him over his controversial memo. As I wrote on Reddit:

The NLRB memo concludes, “[His] statements about immutable traits linked to sex—such as…men’s prevalence at the top of the IQ distribution—were discriminatory and constituted sexual harassment notwithstanding… references”.

Imagine a male firefighter said (with citations to legitimate research), “Studies show that, on average, men have more upper body strength than women. That is a cause, other than bias, which could explain why there are more male firefighters than female firefighters, despite all of the fire department’s diversity efforts.” Can that be legitimately construed as discriminatory and constituting sexual harassment?

Imagine the firefighter further says, “While there are limits, we can change some aspects of how the work is performed to reduce the upper body strength required. This would help reduce the gender gap in a non-discriminatory way. This is more fair than having programs, mentoring, and classes only for women firefighters.” Does that help or hurt his position?