=^.^=

Documentary for Dinner: Vice: How to Get Away with Stealing (2012)

karma

A quick jaunt through the world of London fraudsters.

ClearOS 6.3 is Godawful, Keep Using 5.x

karma

I'm sure anyone who works for ClearFoundation and sees this will think "well, you can't please everyone!" but this is a list of things they have managed to horribly screw up that every admin needs to know before plunging head first into ClearOS 6.3 or worse, an earlier 6.x:

  • You can no longer limit or reserve bandwidth for a whole IP or IP range. I know the documentation says you can. You can't. This was apparently done in 6.2 then carried into 6.3 to make bandwidth management play along with multiwan - something that seemed to be possible for years until now. From the app's review tab:

    by Asad Siddiqui - June 20, 2012

    Following modifications are required;The bandwidth limitations are on network card interface only, there is no option of limiting bandwith on the basis of single IP address or range of IP addresses. Although this was provided in Clark Connect.This option may kindly be added in this application

  • Speaking of apps: WTF, apps? 6.x is clearly the Foundation's idea of caching in on "cloud" and "app" clichés. Software is no longer packaged, it is apped and you don't get your apps from a repo you get them from the marketplace. It's like they've tried to make a routing distribution appeal to a twelve year old girl. Routers are not something that should be built by people who have no concept of routing and making it approachable to those who do not is aggravating to those who do. This is not a desktop distribution, why are they trying to broaden their target demographic?

    I see what you did there. I couldn't disapprove more.

  • There is no way (at least that I've found so far) to uninstall apps in the webconfig. You must feel around and guess the package name then yum erase it.
  • Every god-damned page in the webconfig now has a huge, unnecessary app column taking up valuable space in the hopes that they might up-sell you on the commercial apps you already passed up on install. Fsck off, I'm trying to configure my firewall - I don't give a crap how many stars it has.
  • Even more of the setup process is done in the web interface now and god help you if you happen to put in a wrong name server or you may find yourself wondering why it's taking forever to not time out when it looks for new packages.
  • Registering with ClearSDN is now mandatory; you're SOL if you think you can set up the router without an active connection and drop it in later. Wonderful. ET phone home!
  • Kernel-devel doesn't actually contain the kernel sources and kernel-sourcecode is missing. You have to do it the hard way:
    wget http://mirror2-houston.clearsdn.com/clearos/community/6.3.0/dev/SRPMS/kernel-2.6.32-279.2.1.v6.src.rpm
    rpm2cpio kernel-2.6.32-279.2.1.v6.src.rpm > kernel.cpio
    cpio -idmv < kernel.cpio
    cd rpmbuild/SOURCES/
    cp linux-2.6.32-279.2.1.el6.tar.bz2 /usr/src/
    cd /usr/src/
    tar xjf linux-2.6.32-279.2.1.el6.tar.bz2
  • "Development Tools" package group has been replaced with clearos-centric clearos-devel. This pulls in 170 packages meant to help you design apps and whatnot but mostly useless if all you need is a C build environment.
  • No more free IPsec! There is still a paid-for "Dynamic VPN" app which provides this functionality but the old IPsec module has been dropped for good.

Doubtless I will have plenty more nasty things to say about this new major version as time goes on and it reveals its sins to me. Do check in from time to time.

The only nice thing I have to say is way to go on the 64 bit version - now if only they would provide Xen images in addition to every other virtualization platform that should NOT be used to run a router...

RENDER UNTO BETA WHAT IS BETA'S.

Reliable AJAX: Timeout and Retry XMLHttpRequest

karma

A lot of AJAX seems to rely on ideal conditions: a server that is both running and in good health, a reliable high speed internet connection, a lack of packet loss etc. Unfortunately, this is not always the case - what happens when your user triggers an event and the daemon is restarting or they are hopping access points/cell towers? What happens if the server load is sky high and only half of the requests are getting through? AJAX isn't a very robust technology but we can increase the odds of our XMLHttpRequest transactions succeeding with some rudimentary JavaScript.

Newer Msxml XMLHTTP implementations support runtime-definable connection time-outs but that covers at best half of your audience and is therefore irrelevant to our needs. We will be implementing our own cross-browser compatible time-outs with the setTimeout() function. Once the time-out expires we will kill the XHR and repeat the process again, with a slightly longer time-out. The process is repeated as many times as necessary; each time increasing the duration. This is called backoff - similar in concept to but much less complicated than the exponential backoff algorithm Ethernet uses to recover from packet collisions.

The tricky part is to set the initial time-out to a value which gives the browser as long as reasonably possible to send and receive the request under strained conditions. Depending on how long the round trip takes in ideal circumstances a safe value can range anywhere from (plus) less than one second to several seconds - this is going to be unique to your application, resources and network so test thoroughly. If the time-out is too low we will be doing more harm than good by stopping and re-sending the request before it has even had a chance to complete. It might be sensible for you to give the last attempt a huge time-out.

The other major factor to consider is whether "the user knows best" in the given situation or not. If you are giving a visual cue to the user that there is AJAX activity happening in the background or if they expect to see something on the page update once the request has completed they might notice that things are taking a little long to react and re-trigger the event (read: hammer on the button like a mindless idiot). If you don't want them to interfere with the time-out and re-send procedure take that into account when setting up your trigger - the example we are going to use assumes the user knows best. If they hammer on the button the best case scenario is their request goes through faster than if they left it alone and the worst case scenario is once they stop hammering the time-out and re-load cycle will run its course from the top anyway.

// Initialize global variables
var attempts = 0;
var timeout = 1000;    // In miliseconds
var max_attempts = 5;  // Six from 0
var script_url = ''    // The location of the target processing script
var junk = '';         // The variables we're POSTing, probably set in trigger()
var t = '';

// Cross-Browser XMLHttpRequest()
function createXHR()
{
	try { return new XMLHttpRequest(); } catch(e) {}
	try { return new ActiveXObject("Msxml2.XMLHTTP.7.0"); } catch (e) {}
	try { return new ActiveXObject("Msxml2.XMLHTTP.6.0"); } catch (e) {}
	try { return new ActiveXObject("Msxml2.XMLHTTP.5.0"); } catch (e) {}
	try { return new ActiveXObject("Msxml2.XMLHTTP.4.0"); } catch (e) {}
	try { return new ActiveXObject("Msxml2.XMLHTTP.3.0"); } catch (e) {}
	try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) {}
	try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {}
	alert("Please enable ActiveX or update your browser.");
	return null;
}

// User calls this function, i.e. onclick event handler
function trigger()
{	
	// Re-set the time-out in case the user interrupts the cycle
	clearTimeout(t);
	attempts = 0;
	timeout = 1000;

	driver();
}

// Handle the state changes of the XHR
function callback()
{
	if (xmlhttp.readyState==4 && xmlhttp.status==200)
	{
		// Success! Re-set the time-out for the next round.
		clearTimeout(t);
		attempts = 0;
		timeout = 1000;

		xmlhttp = '';

		// Perform whatever action we need to do on success.
	}
	else
	{
		// Error handling/Request status indication
	}
}

// The guts of the request
function driver()
{
	xmlhttp = createXHR();

	xmlhttp.open("POST",script_url,true);

	t = setTimeout(function(){timedout();}, timeout);
	xmlhttp.onreadystatechange=function(){callback();}

	xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
	xmlhttp.send(junk);
}

// Run this if we time out
function timedout()
{
	if(typeof(xmlhttp) == 'object')
		xmlhttp.abort();

	if(attempts < max_attempts)
	{
		// We timed out. Back off the time-out a bit.
		attempts++;
		timeout = timeout + 200;
		// We're adding 200ms to the timeout each iteration, YMMV.
		// Maybe if attempts == max_attempts make the timeout really huge.

		// Play it again, Sam!
		driver();
	}
	else
	{
		// We failed. Set the timeout back to default for the next round.
		timeout = 1000;
		attempts = 0;
		xmlhttp = '';
		alert("Timed out while sending request to server.");
	}
}

Configuring APCUPSD on Gentoo for APC SmartUPS Over Serial

karma

Both of the Gentoo wiki links at the bottom of this article are more-or-less USB-oriented so here's a quick start for Serial connections. I use a USB to serial adapter so my serial device is named /dev/ttyUSB0, yours may be different if you use a regular serial port (i.e. /dev/ttyS0).

Emerge apcupsd:

# emerge apcupsc

Calculating dependencies... done!
[ebuild  N     ] sys-power/apcupsd-3.14.8-r1  USE="cgi nls snmp usb -gnome" 

Be sure to include the snmp USE flag if you will be configuring any UPSes with a networked management card later.

Edit /etc/apcupsd/apcupsd.conf to reflect:

## apcupsd.conf v1.1 ##
# 
#  for apcupsd release 3.14.8 (16 January 2010) - gentoo
#
# "apcupsd" POSIX config file

#
# ========= General configuration parameters ============
#

# UPSNAME xxx
#   Use this to give your UPS a name in log files and such. This
#   is particulary useful if you have multiple UPSes. This does not
#   set the EEPROM. It should be 8 characters or less.
#UPSNAME

# UPSCABLE <cable>
#   Defines the type of cable connecting the UPS to your computer.
#
#   Possible generic choices for <cable> are:
#     simple, smart, ether, usb
#
#   Or a specific cable model number may be used:
#     940-0119A, 940-0127A, 940-0128A, 940-0020B,
#     940-0020C, 940-0023A, 940-0024B, 940-0024C,
#     940-1524C, 940-0024G, 940-0095A, 940-0095B,
#     940-0095C, M-04-02-2000
#
UPSCABLE smart

# To get apcupsd to work, in addition to defining the cable
# above, you must also define a UPSTYPE, which corresponds to
# the type of UPS you have (see the Description for more details).
# You must also specify a DEVICE, sometimes referred to as a port.
# For USB UPSes, please leave the DEVICE directive blank. For
# other UPS types, you must specify an appropriate port or address.
#
# UPSTYPE   DEVICE           Description
# apcsmart  /dev/tty**       Newer serial character device, appropriate for 
#                            SmartUPS models using a serial cable (not USB).
#
# usb       <BLANK>          Most new UPSes are USB. A blank DEVICE
#                            setting enables autodetection, which is
#                            the best choice for most installations.
#
# net       hostname:port    Network link to a master apcupsd through apcupsd's 
#                            Network Information Server. This is used if the
#                            UPS powering your computer is connected to a 
#                            different computer for monitoring.
#
# snmp      hostname:port:vendor:community
#                            SNMP network link to an SNMP-enabled UPS device.
#                            Hostname is the ip address or hostname of the UPS 
#                            on the network. Vendor can be can be "APC" or 
#                            "APC_NOTRAP". "APC_NOTRAP" will disable SNMP trap 
#                            catching; you usually want "APC". Port is usually 
#                            161. Community is usually "private".
#
# netsnmp   hostname:port:vendor:community
#                            OBSOLETE
#                            Same as SNMP above but requires use of the 
#                            net-snmp library. Unless you have a specific need
#                            for this old driver, you should use 'snmp' instead.
#
# dumb      /dev/tty**       Old serial character device for use with 
#                            simple-signaling UPSes.
#
# pcnet     ipaddr:username:passphrase
#                            PowerChute Network Shutdown protocol which can be 
#                            used as an alternative to SNMP with the AP9617 
#                            family of smart slot cards.ipaddr is the IP 
#                            address of the UPS mgmtcard. username and 
#                            passphrase are the credentials for which the card 
#                            has been configured.
#
UPSTYPE apcsmart
DEVICE /dev/ttyUSB0

# POLLTIME <int>
#   Interval (in seconds) at which apcupsd polls the UPS for status. This
#   setting applies both to directly-attached UPSes (UPSTYPE apcsmart, usb, 
#   dumb) and networked UPSes (UPSTYPE net, snmp). Lowering this setting
#   will improve apcupsd's responsiveness to certain events at the cost of
#   higher CPU utilization. The default of 60 is appropriate for most
#   situations.
#POLLTIME 60

# LOCKFILE <path to lockfile>
#   Path for device lock file. Not used on Win32.
LOCKFILE /var/lock

# SCRIPTDIR <path to script directory>
#   Directory in which apccontrol and event scripts are located.
SCRIPTDIR /etc/apcupsd

# PWRFAILDIR <path to powerfail directory>
#   Directory in which to write the powerfail flag file. This file
#   is created when apcupsd initiates a system shutdown and is
#   checked in the OS halt scripts to determine if a killpower
#   (turning off UPS output power) is required.
PWRFAILDIR /etc/apcupsd

# NOLOGINDIR <path to nologin directory>
#   Directory in which to write the nologin file. The existence
#   of this flag file tells the OS to disallow new logins.
NOLOGINDIR /etc


#
# ======== Configuration parameters used during power failures ==========
#

# The ONBATTERYDELAY is the time in seconds from when a power failure
#   is detected until we react to it with an onbattery event.
#
#   This means that, apccontrol will be called with the powerout argument
#   immediately when a power failure is detected.  However, the
#   onbattery argument is passed to apccontrol only after the 
#   ONBATTERYDELAY time.  If you don't want to be annoyed by short
#   powerfailures, make sure that apccontrol powerout does nothing
#   i.e. comment out the wall.
ONBATTERYDELAY 6

# 
# Note: BATTERYLEVEL, MINUTES, and TIMEOUT work in conjunction, so
# the first that occurs will cause the initation of a shutdown.
#

# If during a power failure, the remaining battery percentage
# (as reported by the UPS) is below or equal to BATTERYLEVEL, 
# apcupsd will initiate a system shutdown.
BATTERYLEVEL 2

# If during a power failure, the remaining runtime in minutes 
# (as calculated internally by the UPS) is below or equal to MINUTES,
# apcupsd, will initiate a system shutdown.
MINUTES 3

# If during a power failure, the UPS has run on batteries for TIMEOUT
# many seconds or longer, apcupsd will initiate a system shutdown.
# A value of 0 disables this timer.
#
#  Note, if you have a Smart UPS, you will most likely want to disable
#    this timer by setting it to zero. That way, you UPS will continue
#    on batteries until either the % charge remaing drops to or below BATTERYLEVEL,
#    or the remaining battery runtime drops to or below MINUTES.  Of course,
#    if you are testing, setting this to 60 causes a quick system shutdown
#    if you pull the power plug.   
#  If you have an older dumb UPS, you will want to set this to less than
#    the time you know you can run on batteries.
TIMEOUT 0

#  Time in seconds between annoying users to signoff prior to
#  system shutdown. 0 disables.
ANNOY 300

# Initial delay after power failure before warning users to get
# off the system.
ANNOYDELAY 60

# The condition which determines when users are prevented from
# logging in during a power failure.
# NOLOGON <string> [ disable | timeout | percent | minutes | always ]
NOLOGON disable

# If KILLDELAY is non-zero, apcupsd will continue running after a
# shutdown has been requested, and after the specified time in
# seconds attempt to kill the power. This is for use on systems
# where apcupsd cannot regain control after a shutdown.
# KILLDELAY <seconds>  0 disables
KILLDELAY 0

#
# ==== Configuration statements for Network Information Server ====
#

# NETSERVER [ on | off ] on enables, off disables the network
#  information server. If netstatus is on, a network information
#  server process will be started for serving the STATUS and
#  EVENT data over the network (used by CGI programs).
NETSERVER on

# NISIP <dotted notation ip address>
#  IP address on which NIS server will listen for incoming connections.
#  This is useful if your server is multi-homed (has more than one
#  network interface and IP address). Default value is 0.0.0.0 which
#  means any incoming request will be serviced. Alternatively, you can
#  configure this setting to any specific IP address of your server and 
#  NIS will listen for connections only on that interface. Use the
#  loopback address (127.0.0.1) to accept connections only from the
#  local machine.
NISIP 0.0.0.0

# NISPORT <port> default is 3551 as registered with the IANA
#  port to use for sending STATUS and EVENTS data over the network.
#  It is not used unless NETSERVER is on. If you change this port,
#  you will need to change the corresponding value in the cgi directory
#  and rebuild the cgi programs.
NISPORT 3551

# If you want the last few EVENTS to be available over the network
# by the network information server, you must define an EVENTSFILE.
EVENTSFILE /var/log/apcupsd.events

# EVENTSFILEMAX <kilobytes>
#  By default, the size of the EVENTSFILE will be not be allowed to exceed
#  10 kilobytes.  When the file grows beyond this limit, older EVENTS will
#  be removed from the beginning of the file (first in first out).  The
#  parameter EVENTSFILEMAX can be set to a different kilobyte value, or set
#  to zero to allow the EVENTSFILE to grow without limit.
EVENTSFILEMAX 10

#
# ========== Configuration statements used if sharing =============
#            a UPS with more than one machine

#
# Remaining items are for ShareUPS (APC expansion card) ONLY
#

# UPSCLASS [ standalone | shareslave | sharemaster ]
#   Normally standalone unless you share an UPS using an APC ShareUPS
#   card.
UPSCLASS standalone

# UPSMODE [ disable | share ]
#   Normally disable unless you share an UPS using an APC ShareUPS card.
UPSMODE disable

#
# ===== Configuration statements to control apcupsd system logging ========
#

# Time interval in seconds between writing the STATUS file; 0 disables
STATTIME 0

# Location of STATUS file (written to only if STATTIME is non-zero)
STATFILE /var/log/apcupsd.status

# LOGSTATS [ on | off ] on enables, off disables
# Note! This generates a lot of output, so if         
#       you turn this on, be sure that the
#       file defined in syslog.conf for LOG_NOTICE is a named pipe.
#  You probably do not want this on.
LOGSTATS off

# Time interval in seconds between writing the DATA records to
#   the log file. 0 disables.
DATATIME 0

# FACILITY defines the logging facility (class) for logging to syslog. 
#          If not specified, it defaults to "daemon". This is useful 
#          if you want to separate the data logged by apcupsd from other
#          programs.
#FACILITY DAEMON

#
# ========== Configuration statements used in updating the UPS EPROM =========
#

#
# These statements are used only by apctest when choosing "Set EEPROM with conf
# file values" from the EEPROM menu. THESE STATEMENTS HAVE NO EFFECT ON APCUPSD.
#

# UPS name, max 8 characters 
#UPSNAME UPS_IDEN

# Battery date - 8 characters
#BATTDATE mm/dd/yy

# Sensitivity to line voltage quality (H cause faster transfer to batteries)  
# SENSITIVITY H M L        (default = H)
#SENSITIVITY H

# UPS delay after power return (seconds)
# WAKEUP 000 060 180 300   (default = 0)
#WAKEUP 60

# UPS Grace period after request to power off (seconds)
# SLEEP 020 180 300 600    (default = 20)
#SLEEP 180

# Low line voltage causing transfer to batteries
# The permitted values depend on your model as defined by last letter 
#  of FIRMWARE or APCMODEL. Some representative values are:
#    D 106 103 100 097
#    M 177 172 168 182
#    A 092 090 088 086
#    I 208 204 200 196     (default = 0 => not valid)
#LOTRANSFER  208

# High line voltage causing transfer to batteries
# The permitted values depend on your model as defined by last letter 
#  of FIRMWARE or APCMODEL. Some representative values are:
#    D 127 130 133 136
#    M 229 234 239 224
#    A 108 110 112 114
#    I 253 257 261 265     (default = 0 => not valid)
#HITRANSFER 253

# Battery charge needed to restore power
# RETURNCHARGE 00 15 50 90 (default = 15)
#RETURNCHARGE 15

# Alarm delay 
# 0 = zero delay after pwr fail, T = power fail + 30 sec, L = low battery, N = never
# BEEPSTATE 0 T L N        (default = 0)
#BEEPSTATE T

# Low battery warning delay in minutes
# LOWBATT 02 05 07 10      (default = 02)
#LOWBATT 2

# UPS Output voltage when running on batteries
# The permitted values depend on your model as defined by last letter 
#  of FIRMWARE or APCMODEL. Some representative values are:
#    D 115
#    M 208
#    A 100
#    I 230 240 220 225     (default = 0 => not valid)
#OUTPUTVOLTS 230

# Self test interval in hours 336=2 weeks, 168=1 week, ON=at power on
# SELFTEST 336 168 ON OFF  (default = 336)
#SELFTEST 336

Start APCUPSD:

# /etc/init.d/apcupsd start

Add apcupsd to the default runlevel:

# rc-update add apcupsd default

If you want apcupsd to power off your UPS when it shuts down your system in a power failure, add apcupsd.powerfail to the shutdown runlevel:

# rc-update add apcupsd.powerfail shutdown

Verify you are able to communicate with the UPS with this configuration:

# apcaccess status
APC      : 001,051,1223
DATE     : 2012-08-14 21:19:08 -0400  
HOSTNAME : mdma
VERSION  : 3.14.8 (16 January 2010) gentoo
UPSNAME  : UPS_IDEN
CABLE    : Custom Cable Smart
MODEL    : SMART-UPS 1400 RM
UPSMODE  : Stand Alone
STARTTIME: 2012-08-14 21:16:51 -0400  
STATUS   : ONLINE 
LINEV    : 120.9 Volts
LOADPCT  :  40.5 Percent Load Capacity
BCHARGE  : 100.0 Percent
TIMELEFT :  10.0 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
MAXLINEV : 120.9 Volts
MINLINEV : 119.6 Volts
OUTPUTV  : 120.2 Volts
SENSE    : High
DWAKE    : 000 Seconds
DSHUTD   : 020 Seconds
DLOWBATT : 02 Minutes
LOTRANS  : 103.0 Volts
HITRANS  : 132.0 Volts
RETPCT   : 000.0 Percent
ITEMP    : 43.6 C Internal
ALARMDEL : 5 seconds
BATTV    : 28.0 Volts
LINEFREQ : 60.0 Hz
LASTXFER : Automatic or explicit self test
NUMXFERS : 0
TONBATT  : 0 seconds
CUMONBATT: 0 seconds
XOFFBATT : N/A
SELFTEST : NO
STESTI   : 336
STATFLAG : 0x07000008 Status Flag
DIPSW    : 0x00 Dip Switch
REG1     : 0x00 Register 1
REG2     : 0x00 Register 2
REG3     : 0x00 Register 3
MANDATE  : 06/04/98
SERIALNO : XXXXXXXXXXXXX
BATTDATE : 10/19/07
NOMOUTV  : 115 Volts
NOMBATTV :  24.0 Volts
EXTBATTS : 0
FIRMWARE : 72.9.D
APCMODEL : KWD
END APC  : 2012-08-14 21:19:51 -0400

Now we'll do a serious test; tail the log and unplug the UPS then plug it back in. You should see something like:

# tail -f /var/log/apcupsd.events 
2012-08-14 21:17:05 -0400  apcupsd 3.14.8 (16 January 2010) gentoo startup succeeded
2012-08-14 21:23:04 -0400  Power failure.
2012-08-14 21:23:10 -0400  Running on UPS batteries.

Broadcast message from root@mdma (Tue Aug 14 21:23:10 2012):

Power failure on UPS UPS_IDEN. Running on batteries.
2012-08-14 21:23:11 -0400  Mains returned. No longer on UPS batteries.
2012-08-14 21:23:11 -0400  Power is back. UPS running on mains.

Broadcast message from root@mdma (Tue Aug 14 21:23:12 2012):

Power has returned on UPS UPS_IDEN...

If you would like to be notified of events by e-mail edit the scripts in the /etc/apcupsd directory and change the SYSADMIN variable to your preferred e-mail address.

More Reading:

Documentary for Dinner: Psywar (2010)

karma

A Metanoia Films production, Psywar investigates the history of propaganda and its integral role in modern polyarchy.

Excellent soundtrack and narration.