Dec 102014
 

This afternoon we started getting some unusual calls.  Now I hate those survey calls, or telemarketing calls wanting to sell you some kind of service.  I especially hate them when they’re delivered by a recorded voice, and there’s a special place in HELL for those which claim to have found “problems with your computer”.

My troubles started earlier this afternoon.  Having gotten home from work around 3PM, I make a call to my father to find out what was happening tonight, got no answer, and so I just hung up rather than leaving a message (it wasn’t important).  He rang back and we had a quick discussion.

Some time later, the phone rings.  Now, normally when the phone rings, it’s two bursts, then silence, then two more bursts, then silence … etc.  This had a different initial rhythm: one long burst, then silence, then the usual pattern.  I answered, only to be greeted by silence, then an automated voice.  I hung up straight away.

Normally that’d be the end of it.  Then history repeats itself, after 5 minutes the phone ring again.  Same pattern.  I answer, and get the same silence, followed by a voice recording.  I hang up, again.

Cue this happening about 3 or 4 times.  So I look up the Telstra website and found their help-desk number.  I also paid a visit to the Do Not Call register for good measure.  (We had done it before, but maybe it had expired?).  A computer system answers (typical), and after answering a few prompts, I’m told there will be a 7 minute wait.

Well, 7 minutes turned out to be 25 minutes, but who’s counting?  I guess Steven Travalgia is right about the “variable viscosity of time” theory, it certainly applies to help-desk queues!  That said, at least I wasn’t getting nuisance calls.

I explain the situation to the operator.  Naturally, not being the account holder, they cannot do much, but at least there’s a record of me calling, they mention they can enable tracing to find out what’s going on.  They give me a direct line for their unwanted calls department, and I reply stating I’ll take some logs of what happens and call that number when I have some evidence.

17:04 4 rings, dial tone on pick up
17:05 3 rings, stopped ringing before answer
17:12 2 rings, dial tone on pick up
17:52 Answered and recorded.

I recorded this (apologies for the clipping, my mic gain was up a bit high):

Now it’s worth noting that nothing currently plugged into the phone line can receive SMS messages.  Our phone line terminates in our garage at a ADSL2+ central splitter (installed by yours truly).

One CAT5e cable is divided into one ADSL circuit and 3 voice circuits and runs into the office, providing service for the ADSL router/modem, a multi-function fax/printer/scanner, a General Electric speaker phone (with corroding AA batteries, so maybe that phone will go in the bin now), a (Telstra-branded) cordless phone base station and a 56k modem.

The other feed coming out of the splitter box is original house wiring, and terminates upstairs with an old Telecom Australia Touchfone 200 that probably remembers the days of our house having a 6-digit number.  (Our line is that old.)

Nothing that will receive messages, or confuse the hell out of the delivery centre.  It seems if there’s nothing on the line, they just keep ringing persistently, making the service a very cheap and efficient way to harass someone at all hours of the night!

Sadly, a quick search does not tell one how to disable this service.  I have no reason to receive SMS messages on a land-line, I have a mobile for that.  If I find out how, I’ll be updating this.

Dec 042014
 

Just recently I’ve been looking into asynchronous programming.

Previously I had an aversion to asynchronous code due to the ugly twisted web of callback functions that it can turn into. However, after finding that having a large number of threads blocking on locks and semaphores still manages to thrash a machine, I’ve come to the conclusion that I should put aside my feelings and try it anyway.

Our codebase is written in Python 2.7, sadly, not new enough to have asyncio. However we do plan to eventually move to Python 3.x when things are a bit more stable in the Debian/Ubuntu department (Ubuntu 12.04 didn’t support it and there are a few sites that still run it, one or two still run 10.04).

That said, there’s thankfully a port of what became asyncio in the form of Trollius.

Reading through the examples though still had me lost and the documentation is not exactly extensive. In particular, coroutines and yielding. The yield operator is not new, it’s been in Python for some time, but until now I never really understood it or how it was useful in co-operative programming.

Thankfully, Sahand Saba has written a guide on how this all works:
http://sahandsaba.com/understanding-asyncio-node-js-python-3-4.html

I might put some more notes up as I learn more, but that guide explained a lot of the fundamentals behind a lot of event loop frameworks including asyncio.

Nov 052014
 

Just because I effectively turned down offers to work for you doesn’t mean I’m okay with your customers having a crack at my server:

Hi,

The IP 107.167.183.204 has just been banned by Fail2Ban after
3 attempts against SSH.


Here is more information about 107.167.183.204:


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=107.167.183.204?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       107.167.160.0 - 107.167.191.255
CIDR:           107.167.160.0/19
NetName:        GOOGLE-CLOUD
NetHandle:      NET-107-167-160-0-1
Parent:         NET107 (NET-107-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS15169
Organization:   Google Inc. (GOOGL-2)
RegDate:        2014-01-24
Updated:        2014-01-24
Comment:        *** The IP addresses under this netblock are in use by Google Cloud customers *** 
Comment:        
Comment:        Please direct all abuse and legal complaints regarding these addresses to the 
Comment:        GC Abuse desk (google-cloud-compliance@google.com). Complaints sent to 
Comment:        any other POC will be ignored.
Ref:            http://whois.arin.net/rest/net/NET-107-167-160-0-1

OrgName:        Google Inc.
OrgId:          GOOGL-2
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2006-09-29
Updated:        2013-10-18
Comment:        *** The IP addresses under this Org-ID are in use by Google Cloud customers ***
Comment:        
Comment:        Please direct all abuse and legal complaints regarding these addresses to the
Comment:        GC Abuse desk (google-cloud-compliance@google.com).  Complaints sent to 
Comment:        any other POC will be ignored.
Ref:            http://whois.arin.net/rest/org/GOOGL-2

OrgAbuseHandle: GCABU-ARIN
OrgAbuseName:   GC Abuse
OrgAbusePhone:  +1-650-253-0000 
OrgAbuseEmail:  google-cloud-compliance@google.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/GCABU-ARIN

OrgTechHandle: ZG39-ARIN
OrgTechName:   Google Inc
OrgTechPhone:  +1-650-253-0000 
OrgTechEmail:  arin-contact@google.com
OrgTechRef:    http://whois.arin.net/rest/poc/ZG39-ARIN

OrgNOCHandle: GCABU-ARIN
OrgNOCName:   GC Abuse
OrgNOCPhone:  +1-650-253-0000 
OrgNOCEmail:  google-cloud-compliance@google.com
OrgNOCRef:    http://whois.arin.net/rest/poc/GCABU-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#

Regards,

Fail2Ban

Geez, you’re getting as bad as another mob I could mention, although in your favour, you at least make it clear from the WHOIS data that it’s a guest on your network that’s stirring up trouble.

Oct 262014
 

Earlier this week I had an idea.  We’ve got an old clock radio that picks up interference from the fridge when it turns on and the buttons on it are starting to fail with age.

I thought: “Why not build a new one?”

So the requirements are simple.  We need a real-time clock, display driver, and of course, a receiver.  The unit we have spends most of its time tuned to 792kHz AM (4QG or “ABC Radio National”), so a simple direct conversion receiver was what I was thinking of.  But what about the LO?

Now I do have some clock radio ICs that implement the timing circuitry, alarm function and LED panel driver somewhere in a junk box.  You feed them with the 50Hz or 60Hz waveform that comes out of the transformer and they use that as the timing source.  Easy to use a 555 timer for the time source, and I’d make a traditional receiver.  Another option is to use a AVR microcontroller, I have a few ATMega8Ls in the junk box with a NXP I2C RTC chip which I also have a few of.

The ATMega8L has a couple of PWM channels one 16-bit and one 8-bit: could they be used as an LO?

So: after digging around and locating my bought-years-ago and not-yet-used AVR programmer, and dusting off a breadboard that had an ATMega8L on it from a previous experiment I set to work.

This page explains in good detail how the PWM channels work. I started with those examples as a guide and tweaked from there.

For the PWM channel to work as a receiver LO, I want it to cover 540kHz to ~2MHz, with reasonable granularity. Question is, how far can I crank this? I have a 4MHz crystal, not the fastest I can use with this chip, but the absolute top of the range for the ATMegas isn’t much higher: 16MHz or maybe 20MHz. So if you’ve got a 16MHz crystal, you can expect to quadruple what I do here.

I started off with some blink code. If you take out all the delays, you get the following code:

#include <avr/io.h>
int main(void)
{
        DDRB |= (1 << DDB1);
        while (1)
        {
                PORTB ^= (1 << DDB1);
        }
}

and the following waveform:

Waveform done in software with GPIOs

Waveform done in software with GPIOs

The yellow waveform there is off one of the crystal pins. The cyan one is the PWM pin output, which in this case is a software driven GPIO. Even if this one worked, you wouldn’t want to do it this way unless your chip was doing only this task, and who’d use a programmable chip like an ATMega8L for that?

So, after reading through the documentation and examples, I loaded in the following code:

#include <avr/io.h>

#define TCCR1_COM1A     1
#define TCCR1_COM1B     0
#define TCCR1_FOC1A     0
#define TCCR1_FOC1B     0
#define TCCR1_WGM1      0xf
#define TCCR1_ICNC1     0
#define TCCR1_ICES1     0
#define TCCR1_CS1       1
#define TCCR1A_VAL      (                       \
                        (TCCR1_COM1A    << 6)   \
                |       (TCCR1_COM1B    << 4)   \
                |       (TCCR1_FOC1A    << 3)   \
                |       (TCCR1_FOC1B    << 2)   \
                |       (TCCR1_WGM1 & 0x3)      )
#define TCCR1B_VAL      (                       \
                        (TCCR1_ICNC1    << 7)   \
                |       (TCCR1_ICES1    << 6)   \
                |       (((TCCR1_WGM1 & 0xc) >> 2) << 3) \
                |       TCCR1_CS1)

int main (void)
{
        DDRB |= (1 << DDB1);
        OCR1A = 0x001;
        TCCR1A = TCCR1A_VAL;
        TCCR1B = TCCR1B_VAL;
        while(1);
}

The frequency can be adjusted by playing with OCR1A. If I leave it at 1 (basically as fast as the PWM can go) I get the following:

Waveform from AVR PWM

Waveform from AVR PWM

Bump it up one, and it sinks to 600kHz. Way too coarse for what I want sadly. I guess I was hopeful, but maybe the above might serve as a useful spring-off point for experiments with PWM.

Oct 042014
 

This was sent to me by email.  While I don’t normally air political issues here, I think the original author of this, whoever that was, makes some very valid points.


The politicians themselves, in Canberra, brought it up, that the Age of Entitlements is over:

The author is asking each addressee to forward this email to a minimum of twenty people on their address list; in turn ask each of those to do likewise. At least 20 if you can. In three days, most people in Australia will have this message.

This is one idea that really should be passed around because the rot has to stop somewhere.

Proposals to make politicians shoulder their share of the weight now that the Age of Entitlement is over

1. Scrap political pensions.

Politicians can purchase their own retirement plan, just as most other working Australians are expected to do.

2. Retired politicians (past, present & future) participate in Centrelink.

A Politician collects a substantial salary while in office but should receive no salary when they’re out of office.

Terminated politicians under 70 can go get a job or apply for Centrelink unemployment benefits like ordinary Australians.

Terminated politicians under 70 can negotiate with Centrelink like the rest of the Australian people.

3. Funds already allocated to the Politicians’ retirement fund be returned immediately to Consolidated Revenue.

This money is to be used to pay down debt they created which they expect us and our grandchildren to repay for them.

4. Politicians will no longer vote themselves a pay raise. Politicians pay will rise by the lower of, either the CPI or 3%.

5. Politicians lose their privileged health care system and participate in the same health care system as ordinary Australian people.

i.e. Politicians either pay for private cover from their own funds or accept ordinary Medicare.

6. Politicians must equally abide by all laws they impose on the Australian people.

7. All contracts with past and present Politicians men/women are void effective 31/12/14.

The Australian people did not agree to provide perks to Politicians, that burden was thrust upon them.

Politicians devised all these contracts to benefit themselves.

Serving in Parliament is an honour not a career.

The Founding Fathers envisioned citizen legislators, so our politicians should serve their term(s), then go home and back to work.

If each person contacts a minimum of twenty people, then it will only take three or so days for most Australians to receive the message. Don’t you think it’s time?

THIS IS HOW YOU FIX Parliament and help bring fairness back into this country!

If you agree with the above, pass it on.

Sep 292014
 

Well, it’s been a busy year so far for security vulnerabilities in open-source projects.  Not that those have been the only two bugs, they’re just two high-profile ones that are getting a lot of media attention.

Now, a number of us do take sheer delight in pointing and laughing when one of the big boys, whether they be based in Redmond or California, makes a security balls-up on a big scale.  After all, people pay big dollars to use some of that software, and many are dependent on it for their livelihoods.

The question does get raised though, what do you trust more?  A piece of software whose code is a complete secret, or the a piece of software anyone can audit?  Some argue the former, because anyone can find the holes in the latter and exploit them.  Some argue the latter, since anyone can find the holes and fix them.  Not being able to see the code doesn’t guarantee a lack of security issues however, and these last two headline-making bugs is definitely evidence that having the code isn’t a guarantee to a bug-free utopia.

There is no guarantee either way.

I’ve seen both open-source systems and high-end commercial systems both perform well and I’ve seen both make a dismal failure.  Bad code is bad code, no matter what the license, and even having the source available doesn’t mean you can fix it as first one must be able to understand what its intent is.  Information Technology in particular seems to attract the technologically inept but socially capable types that are able to talk their way into nearly any position, and so you wind up with the monstrosities that you might see on The Daily WTF.  These same people lurk amongst open-source circles too, and there are those who just make an honest mistake.  Security is hard, and it can be easy to overlook a possible hole.

I run Gentoo here, have done so now since 2004 (damn, 10 years already, but I digress…).  I’ve been building my own stage 3 tarballs from scratch since 2010.  July 2010 I bought my current desktop, a 6-core AMD Phenom machine, and so combined with the 512Kbps ADSL I had at the time, it was faster for me to compile stage 3 tarballs for the various systems (i386, AMD64 and about 6 different MIPS builds) than to download the sources.  If I wanted an up-to-date stage 3, I just took my last build, ran it through Gentoo Catalyst, and out came a freshly built tarball.

I still obtain my operating systems that way.  Even though I’ve upgraded the ADSL, I still use the same scripts that used to produce the official Gentoo/MIPS media.

This means I could audit every piece of software that forms my core system.  I have the source code there, all of it.  Not many Linux users have this, most have it at arms reach (i.e. an apt-get source ${PACKAGE} away), or at worst, a polite email/letter to their supplier (e.g. Netcomm will supply sources for their routers for a ~AU$10 fee), however I already have it.

So did I do any audits?  Have I done any audits?  No.  Ultimately I just blindly trust what comes down the wire, and to some, that is arguably no better than just blindly trusting what Apple and Microsoft produce.

Those who say that, do have a point.  I didn’t pick up on HeartBleed, nor on ShellShock, and I probably haven’t spotted what will become the next headline-grabbing bug.  There’s a lot of source code that goes into a GNU/Linux system, and if I were to sit there and audit it, myself, it’d take me a lifetime.  It’d cost me a fortune to pay a team to analyse it.

However, I at least have the choice of auditing parts of it.  I’ll never be able to audit the copies of Microsoft Windows, or the one copy of Apple MacOS X I have.  For those, I’m reliant on the upstream vendors to audit, test and patch their code, I cannot do it myself.

For the open-source software though, it’s ultimately my choice.  I can do it myself, I can also pay someone to do it, I’ve simply chosen not to at this time.  This is an important distinction that the anti-open-source camp seem to forget.

As for the quality factor: well I’ve spent more time arguing with some piece of proprietary software and having trouble getting it to do something I need it to do, or fixing up some cock up caused by a bug in the said software.  One option, I spend hours arguing with it to make it work, and have to pay good money for the privilege.  The other, they money stays in my pocket, and in theory I can re-build it to make it work if needed.  One will place arbitrary restrictions on how I use the software as an end user, forcing me to spend money on more expensive licenses, the other will happily let me keep pushing it until I hit my system’s technical limits.

Neither offer me any kind of warranty regarding to losses I might suffer as a result of their software (I’m sorry, but US$5.00 is as good as worthless), so the money might as well stay in my pocket while I learn something about the software I use.

I remain in control of my destiny that way, and that is the way I’d like to keep it.

Aug 192014
 

Well, it has been a long time since I last logged in on the Atomic MPC forums.  Years in fact.  I was at one time, quite active, particularly in what was the “Unix, Linux and Open Source” forum, back in the days when their forum software was an entirely in-house production.

Lately, my work has been very IT intensive, and while some days things go great, other days it’s a struggle.  And when it’s a struggle, the last thing one wants to look at is a computer.

Now when I was active on the Atomic forums, the threads used to move rather fast.  In their move to VBulletin we gained the ability to subscribe to threads and get notified of replies.  A feature I made quite extensive use of.  It was a useful way to keep track of what was happening.

One day I decided I had enough, rather than draw attention to myself with a leaving thread, I just quietly left.  I continued to watch the threads from a distance, and over time, the replies got less and less frequent as the threads slipped off the front page.  I hadn’t seen an email from Atomic for well over two years, until the other day.  Bam!  I had over 200 emails in one hit!

I thought this was just a one-off glitch, so I ignored it.  Then Bam!  A few days later it happened again.

I suppose it’s happened 4 or 5 times now.  What does it look like?

Atomic MPC spam

Atomic MPC spam

Yes indeedy, that’s my email inbox, and there is more crap from old threads that are old enough to be stored on wooden platter hard drives than legitimate email in my Inbox.

I’ve just recovered my account and hopefully unsubscribed myself from these notifications.  However, to the Atomic MPC mods, be warned, if this continues I will be taking this up with the ACMA as the constant barrage my server is copping is getting beyond a joke.

Aug 082014
 

Well, after my initial post about my experiment, I’ve collected a bit more information and I think I’ve settled on a solution and come up with a hypothesis of what’s going on.

Disposable coveralls

As I suspected, the disposible overalls did have a problem in the longevity department. Not a big one mind you. One pair got ripped when the leg brushed up against the corner of a drawer. Fixable with some tape. A few weekends back I wore them cycling from The Gap to Logan Central and back. This is a ~82km round trip (81.56 to be exact), and represents a fairly rigorous test. They got home intact, but the tape on the seams was starting to come adrift.

I also performed a shower-test on both these and the SMS fabric ones. The MP4 ones passed with flying colours. No seepage other than where I had made ventilation holes: and that could be fixed with a storm flap. My “poor-man’s bikesuit” idea could still work.

So the MP4 ones I have, good for emergencies, I’ll continue to carry a pair just in case.  They roll up to something the size of a drink bottle, and contribute bugger all weight, so for those times I am wearing normal clothes, they’ll be great to toss over when the weather turns foul.

SMS fabric? Good in very light and brief showers only. If it’s prolonged heavy showers for anything more than about 30 seconds you’ll get drenched.

It’d be interesting to have a closer look at the Tyvek ones originally recommended.  I might investigate at some point.

Breathalon Spray Suit

So I went back to the Breathalon spray suit, which, having bought it in 2008, is now starting to look a bit frayed, particularly around the hood.  That, and there’s my attempt at adding pocket access.  I do raise a sweat, but it’s minor, and soon evaporates when I stop. I find I’m a lot more comfortable.

How is this so though? Common sense would suggest I’d sweat like a pig! The material is breathable, and so the vapour can escape. If they’re loose enough, there is also a small wind current to draw vapour out. Crucially though, being non-porous, they do not absorb my sweat, and so I don’t have the wind-chill effect of sweaty clothing.  The key here is to have minimal clothing underneath that might absorb the sweat, as this then relies on your body heat to dry it out, and will take longer.

My nits with these?

  • The zip is one-way.  However you can ignore the zip and just use the velcro storm flap as a fly.
  • No pockets at all.
  • The hood isn’t well shaped, doesn’t track one’s head movement very well, and I found the elastic caused it to obstruct my field of view
  • The yellow colour is great for daytime high visibility, but there are no reflective bands for night use.  (I tried using self-adhesive ones, they didn’t stick very well.)

Otherwise, they’re durable and lightweight.

Castle Clothing Coveralls

I mentioned these in my last post.  Well, I bit the bullet, I bought a pair, something which also necessitated me getting a Visa card for the first time in my life (I can highly recommend these as a payment method).  I tossed up between this and buying another Breathalon spray suit, Mammoth Work Wear had these for £40 plus about £30 shipping, this worked out to be under AU$140.  The Breathalon suits are $150+ without shipping.

A heads up with the Mammoth Work Wear site: ignore the sizing advice they give in the drop-down box, you want to pay attention to the sizing chart table below.  The drop-down box suggested I’d be a size L, whereas the table suggested XL.  I went XL and they’re a perfect fit.

Fedex had estimated they’d arrive on Monday, they actually arrived this afternoon.  So I tried them out on the ride home tonight.

I sweat a little more, but not significantly so.  If anything, the lining means I don’t notice them sticking so much, so in that regard they’re more comfortable.  When I got home, yes there was moisture, but I wasn’t dripping, nor did I suddenly feel cold.

They feature a two-way zip (good), with press-studs on the storm flap (not so good, velcro worked better).  The hood (not a concealed hood, which IMO is a plus) is excellent, tracking my head movement very well, sits forward far enough to keep rain off one’s face, and doesn’t block my vision.  It didn’t pose a problem with the helmet either, keeping out of the way and didn’t impede movement or significantly muffle sound.

There is one pocket on the left at the front.  Too low to be considered a “breast” pocket, but well above the waistline.  They could use an identical one on the other side, and perhaps some side pockets, as I find I’ve got nowhere to put my hands.  That said, it’s a generously sized one.  You could fit a 7″ tablet in there no problems, so can easily fit a wallet, phone and keys.

The test will be longevity, and the summer humidity.  They look well-made so we’ll see.

Aug 062014
 

Unix-to-Unix Copy is a rather old way of sending files between Unix systems.  Before SMTP was invented, it was the de-facto way to shunt email around, and prior to NNTP, was also the backbone of Usenet.

Fast forward to today, we’ve got a lot of options open to us.  So why would I use a crusty old one like UUCP?

UUCP has one big advantage, it doesn’t assume your system is always online.

  • It might be a workstation at your workplace which is behind a corporate firewall.
  • It might be a more powerful desktop computer at home that’s usually in “sleep” mode to save power.

Because the initial connection can be established in either direction, it is ideal for a system that may not be directly reachable, but is able to poll on a regular schedule for instructions.  It’s also useful, since UUCP assumes some steps need to be taken to bring a link up, to perform tasks such as powering on a system using IPMI or Wake-on-LAN, wait for it to come up, perform a task, then have the machine power back down when finished.

UUCP over the Internet

Now, UUCP can and does work directly over the Internet.  in.uucpd runs from inetd, and basically fires up uucico each time someone connects to it. But: it is unencrypted and insecure. It’s not what you want exposed on today’s public Internet.

UUCP does support SSL, and there are ways to make stunnel work with packages like Taylor UUCP. This still requires some significant setup and an additional open port.

There’s another way. Thanks to the OpenBSD community, we have OpenSSH, and it is very trivial to set up a secure UUCP link using public key authentication, to lock down the public key to only be used with uucico, and to effectively secure communications between your hosts.

Generating the SSH key

Since this is going to be used with an automated service, one needs to make it a passwordless key. Go for something secure in terms of the key length and algorithm: I used 4096-bit RSA. To do this, log in as root then:

# su uucp -
$ ssh-keygen -t rsa -b 4096 -N '' -C 'UUCP key'
Generating public/private rsa key pair.
Enter file in which to save the key (/var/spool/uucp/.ssh/id_rsa): 
Your identification has been saved in /var/spool/uucp/.ssh/id_rsa.
Your public key has been saved in /var/spool/uucp/.ssh/id_rsa.
The key fingerprint is:
c3:42:5d:77:a9:c2:3a:da:bd:98:6a:5d:03:62:79:19 UUCP key
The key's randomart image is:
+--[ RSA 4096]----+
|          . . .. |
|       .E. . ..  |
|      ...+   .   |
|     .+.+ o .    |
|     ..oSo .     |
|       .o.o      |
|       + + .     |
|      o oo.      |
|     ...o ..     |
+-----------------+
$

You have a choice. You can either: make a keypair for each host, and set up authorized_keys so the hosts can log into eachother, or you can use the same keypair for all hosts. I went the latter route, as I’m not that paranoid. Whilst still logged in as the UUCP user:

$ echo 'command="/usr/sbin/uucico -l" '$(< .ssh/id_rsa.pub ) > .ssh/authorized_keys

Now, securely transfer the UUCP user’s .ssh directory between your hosts. This will allow uucp to log in.

Populating known_hosts

The easiest way to do this, is to log into each host as the UUCP user, then run a script like this:

$ for h in host1 host2 host3 ; do ssh $host true; done

Check each key carefully, answer yes if you’re satisfied.

UUCP Log-in script

Taylor UUCP, has the ability to define a “port” that runs an arbitrary application. You could put a call to SSH here, but there’s another trick I use. As root:

# cat < /usr/local/bin/uussh
#!/bin/sh
echo -n 'Address: '
read user host wake

if [ -n "${wake}" ]; then
        timeout=60
        until ping6 -c 1 -w 1 -n "${host}" 2>&1 >/dev/null \
                        || ping -c 1 -w 1 -n "${host}" 2>&1 >/dev/null \
                        || [ $timeout -le 0 ]; do
                timeout=$(( ${timeout} - 1 ))
                /usr/bin/wol ${wake} 2>&1 > /dev/null
        done
fi

exec /usr/bin/ssh -x -o StrictHostKeyChecking=no -o batchmode=yes ${user}@${host}
EOF
# chmod 755 /usr/local/bin/uussh

Now we can define one “SSH” port, that will automatically wake a computer if needed, wait for it to become alive, then initiate the SSH link. The chat script will specify the host name.

Taylor UUCP configuration

Now we come to UUCP itself. First, let’s create this special port. Edit /etc/uucp/port and add the following:

port ssh
type pipe
command /usr/local/bin/uussh

Now, we’ll set up login usernames and passwords for each host. The easiest way is to do this from a local shell, then distribute the generated passwords.

$ for src in host1 host2 host3 host4; do
   [ -d $src ] || mkdir $src
   for dest in host1 host2 host3 host4; do
      [ -d $dest ] || mkdir $dest
      if [ $src != $dest ]; then
         passwd=$( dd if=/dev/urandom bs=12 count=1 2>/dev/null | base64 )
         echo "$dest $src $passwd" >> $src/call
         echo "$src $passwd" >> $dest/passwd
      fi
   done
done
$ for h in host1 host2 host3 host4; do scp $h/* root@$h:/etc/uucp/; done

Now we have separate usernames and passwords on each host. We can finish up with the /etc/uucp/sys file:

commands rmail rnews gruntreceive-uucp
chat-timeout 120

These are some initial instructions that apply to all hosts. Here, I give permission to run rnews, rmail and gruntreceive-uucp, and I tell it to wait 2 minutes before giving up.

The following is an example of a host that sleeps and needs to be woken first:

system host1
chat Address: uucp\shost1.local\saa:bb:cc:dd:ee:ff\n\c login: \L Password: \P
port ssh
time any
call-login *
call-password *
protocol t
forward-from ANY
forward-to ANY

The following, is an always-on host.

system host2
chat Address: uucp\shost2.some.domain\n\c login: \L Password: \P
port ssh
time any
call-login *
call-password *
protocol t
forward-from ANY
forward-to ANY

Phoning home and scheduling retries

In the case of satellite systems behind some resticted network, assuming you have a way of tunnelling out of the network, you can “phone home” on a regular basis. You also want to periodically call uucico on all hosts to check if there’s any scheduled work on. This is done via /etc/crontab:

* * * * * uucp /usr/sbin/uucico -r1 -q
0 * * * * uucp /usr/sbin/uucico -r1 -s main_hub -c

The first line is a good idea on all hosts. It checks each minute for work to do, and calls uucico to do it.

The second line is the phone-home bit. In this case, it phones home to a system called main_hub, which in my case, is my public web server. You’ll want this second line on your satellite systems. It basically unconditionally phones home, and checks for instructions.

Great, UUCP works, what now?

Well, now you have a way of sending files between hosts. Two services that run well over UUCP worth investigating:

  • grunt: is a tool for securely running commands on another host. It can work over email or UUCP and uses GnuPG signature verification for authentication.
  • Many MTAs support UUCP as a back-end, such as Postfix. Very handy for sending reminders to yourself in a manner that is guaranteed to be noticed and not get buried in spam.
Aug 032014
 

Well, for a few weeks now I’ve been (metaphorically) tearing my hair out, trying to figure out why I had such bad antenna problems on VHF.  HF, I still have work to do as right now, the RF just induces currents where it pleases, including in my microphone cabling, but that’s a different matter.  VHF until recently had been rock solid.

I tried replacing coax, re-terminating leads, checking solder joints, replacing antennas.  Yesterday, I re-wired the entire antenna system, doing away with the BNC connectors in the top box and hard-wiring the antenna mounts to the coax inside.  Rode up to Ashgrove today thinking I had fixed the problem.

Nope.

Each bump in the road, I watched the S-meter graph move from S9 to S4 and back again.

What could it be?  Why is it that it only occurs when I’m mobile, and not stationary?  There’s a bad link somewhere, but where?  No amount of jiggling cables was locating the problem.  Finally today, I decided to take a peek inside the FT-857D.

Ohh, well that would do it!

Ohh, well that would do it!

I looked closely at the point where the N connector solders to the PCB. I noticed a small line around the wire where it met the solder blob. So I picked at it with pliers, and pulled it away from the blob: it was a dry joint!

Tomorrow, I shall know if this was the final problem.  At least I don’t run full power on FM, my license only affords me 30W continuous, so the only time I do 50W is when I’m doing SSB at which point it’s only on voice peaks.

Update: It’s been a few days, the difference is like the difference between chalk and cheese.  Prior to the fix my set was deaf as a post, and it’s not hard to see why!