Friday, 14 March 2014

NTP the *#x+ does that mean?

Linux command ntpq should have defined it's columns within a man page but left it to the Internet to remember, so this page is dedicated to me staying sane:

The character in front of server hostnames from ntpq -p
" " Unresponsive peer, high stratum, Local
* The peer currently being used for time sync
# Fail over peers ready to take over in case one of the first six + peers fail
o Good peer using PPS
+ Good peer and has been included in the final set
Out of threshold, usage discarded
x Out of threshold, usage discarded

refid - how does the remote peer sync time? Popular options:

LOCL - This local host
GPS - GPS satellites, atomic clock source
PPS - Pulses Per Second, mostly from applicable GPS receivers
CDMA - Mobile phone networks using CDMA

st column - stratum of the remote peer

t column:
l = local time source
u = unicast (almost always this is true)
m = multicast
b = broadcast

when - last polled, default in seconds (h - hours, d - days)
poll – how often to poll peer
reach – 8-bit left-shift register - 377 for a perfect peer, 0 for a useless one
delay – Round trip time in milliseconds
offset – The difference for this peer between the local time and the weighted average of our set of peers
jitter – The variance in latency on the network to peer

Hope the above helps someone!

Wednesday, 5 March 2014

Load balancing interfaces on Debian/Centos using round Robin

Nothing like holding a IBM server worth more than your car in your hands (and thinking - do not drop it repeatedly... :-)

So basically we have two of these awesome servers ready for action, ample network ports, and a need to communicate directly with each other... which leaves only one geek option :-) - lets bond those free interfaces and kick some ass and speed and failover wise!

I know you can define the following in config files but with one server in production mode I couldn't afford a network restart going wrong (additionally I'm 50KM away from the facility in Johannesburg).

Instead I opted for the command route and adding them to /etc/rc.local in the rare event a server reboots. The commands (I was using eth2/eth3 so it may need tweaking for re-use).

If you experience any issues with more than 2 ports it may require a change to ALB mode (balance-alb) which load balances transceived frames using a MAC change method.

Application Server - Centos - installed by default?:
modprobe bonding mode=balance-rr miimon=100
ifconfig bond0 netmask up
ifenslave bond0 eth2
ifenslave bond0 eth3

Database Server - Debian - package: ifenslave-2.6:
modprobe bonding mode=balance-rr miimon=100
ifconfig bond0 netmask up
ifenslave bond0 eth2
ifenslave bond0 eth3
ip a add dev eth1
ip link set up dev eth1

The results:

[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  2.13 GBytes  1.83 Gbits/sec


Monday, 6 January 2014

Server uptime!

While going through my timesheet for this months billing I noticed the following blob I copied from a companies IBM server, pretty impressive:

12:27:22 up 707 days, 12:14,  2 users,  load average: 0.44, 0.45, 0.48

Ubuntu 8.04.2 \n \l

Linux www 2.6.24-23-server #1 SMP Wed Apr 1 22:14:30 UTC 2009 x86_64 GNU/Linux

Chain OUTPUT (policy ACCEPT 3868M packets, 4572G bytes)

Sunday, 29 December 2013

Nelson Mandela Funeral Plane Spotting

During the recent funeral of our best leader ever Nelson Mandela, I managed to spot a few aircraft as they entered South African air space, including:

USAF Air Force 1
USAF Air Force 2
USAF Military Airlift Command - C17

Very cool indeed!

How has the NSA changed the world?

The Internet has been abuzz since Snowden leaked some really precious information about the way the NSA has infiltrated the world. To be honest I never suspected the level of spying to be quite as bad as it's turned out to be... being a non-US citizen it concerns me even more as they seem to have no limit and do this all in the name of keeping the US safe while we now know it goes far beyond this...

The economic impact must be huge for the US overall, some of the additional security steps we've taken as "foreigners" and I'm sure many other's also have:

1. Secure only access to our site - all unencrypted traffic is automatically redirected to SSL
2. Additional web application security and code reviews
3. Making mainly use of a non-US approved open source cipher or open source ciphers regarded as highly secure for all communications
4. Moved all hosting away from US companies
5. Replaced PPTP VPN links for all sensitive VPN traffic
6. Secured e-mail transfer by enabling and encouraging encryption
7. Secured webmail and changed all e-mail passwords
8. Discountinued use of Dropbox, Twitter and many Google applications like gmail, google+ and chrome
9. Replaced all Cisco devices suspected of backdoors
10. No closed source software allowed, everything must be open source.
11. Android phones changed to Cyanogenmod and firewalled
12. Many additional changes planned...

How has your ways of communicating changed, leave me a comment?

Thursday, 26 December 2013

$2.36 SSL certificate ranking on Qualys SSL Labs test

I spotted a holiday sale on SSL certificates for $2.36 and dashed to grab three for $7.09, ironically even less than what I've paid GoDaddy in the past for a single certificate. My next task was to see what ranking I could get on the Qualys SSL Labs test (thank you Qualys for the test, it's great), the result shows what can be done with a low cost certificate:

Saturday, 21 December 2013

Old CCTV camera revamped with a Raspberry Pi - Version 1

A couple of months back our CCTV IP camera got smacked by lightning, shopping around for a new one never reached the point of buying as I couldn't find anything in South Africa that really matched what I wanted to do...

Recently I started thinking of using my Raspberry Pi to replace the CCTV camera and finally got some time this weekend to play around with version 1. So my journey started... I painted the old exterior of the camera housing for a shiny new look, added an old Cisco 1700 series router fan into the mix for some cooling, added a heatsink and Real Time Clock (DS1307) to the Pi. The network cable provides the 5 volt to power the fan and the Pi while connecting it back down to the router.

I plugged in an old webcam I have lying around (Lifecam NX-3000) and got motion up and running on Raspbian 7 to send all motion files to a remote server using sshfs, so far the setup is working like a charm!

Version 2 will include a GPS (for use as a stratum 1 time server), Arduino board for all sorts of sensors (temperature, humidity etc), additional webcams, 3G dongle for backup connectivity, SDR for ADS-B and a USB hub so stay tuned for the next CCTV version post...

Moday 23rd December 2013 Update - Added a second webcam to the Pi, the Logitech C270 3MP, both are working great and the C270 has a great image quality, will post some photos in my next blog update.