News items for tag english - Koos van den Hout

2021-09-15 Linux, serial devices that aren't modems and modemmanager 1 day ago
9 pin serial connector closeup from https://commons.wikimedia.org/wiki/File:9_pin_d-sub_connector_male_closeup.jpg I always noticed that I had to plug in the USB cable for the remote radio with the radio switched off, otherwise the Kenwood TS480 would switch into transmit mode and stay there until I powered the radio off.

Annoying, and I thought it was something in the serial initialization. Recently I was thinking about this and remembered something about query sequences on serial devices triggering weird behaviour in other devices. From what I read about the Kenwood serial protocol the chance of a few stray characters changing something in the radio is quite possible.

So I considered what Linux software could do a query as soon as a serial port is added to the system. Well, modemmanager was the ideal candidate for this:
Package: modemmanager
[..]
Description-en: D-Bus service for managing modems
 ModemManager is a DBus-activated daemon which controls mobile broadband
 (2G/3G/4G) devices and connections. Whether built-in devices, USB dongles,
 Bluetooth-paired telephones or professional RS232/USB devices with external
 power supplies, ModemManager is able to prepare and configure the modems and
 setup connections with them.
And indeed, simply removing modemmanager made the problem go away. I can now plug in the USB cable when the radio is on and nothing happens.

Tags: , ,
2021-09-11 Adding physical hardware temperatures in telegraf/influxdb/grafana 5 days ago
Grafana dashboard with host cpu temperatures After starting the collection of a lot of the system data I wanted with telegraf/influxdb/grafana one small part was missing: the temperature sensors. I like these, so I had a look and found the inputs.temp plugin in telegraf which is normally disabled.

Enabling it on hosts that have actual hardware to measure worked ok. On the Raspberry Pi systems it gives one temperature:
> SHOW TAG VALUES ON "telegraf" WITH key="sensor" WHERE host='joy'
name: temp
key    value
---    -----
sensor cpu_thermal_input
On the home server conway it gives quite a lot of temperatures:
> SHOW TAG VALUES ON "telegraf" WITH key="sensor" WHERE host='conway'
name: temp
key    value
---    -----
sensor coretemp_core0_crit
sensor coretemp_core0_critalarm
sensor coretemp_core0_input
sensor coretemp_core0_max
sensor coretemp_core1_crit
sensor coretemp_core1_critalarm
sensor coretemp_core1_input
sensor coretemp_core1_max
sensor coretemp_core2_crit
sensor coretemp_core2_critalarm
sensor coretemp_core2_input
sensor coretemp_core2_max
sensor coretemp_core3_crit
sensor coretemp_core3_critalarm
sensor coretemp_core3_input
sensor coretemp_core3_max
sensor coretemp_core4_crit
sensor coretemp_core4_critalarm
sensor coretemp_core4_input
sensor coretemp_core4_max
sensor coretemp_core5_crit
sensor coretemp_core5_critalarm
sensor coretemp_core5_input
sensor coretemp_core5_max
sensor coretemp_physicalid0_crit
sensor coretemp_physicalid0_critalarm
sensor coretemp_physicalid0_input
sensor coretemp_physicalid0_max
For the dashboard showing all relevant temperatures for a system this is a bit overkill and makes the dashboard hard to read. Solution: go for all the temperature sensors that end in 'input', with the variable in the dashboard defined as 'ending in input':
> SHOW TAG VALUES ON "telegraf"  WITH key="sensor" WHERE host='conway' AND sensor=~/input$/
name: temp
key    value
---    -----
sensor coretemp_core0_input
sensor coretemp_core1_input
sensor coretemp_core2_input
sensor coretemp_core3_input
sensor coretemp_core4_input
sensor coretemp_core5_input
sensor coretemp_physicalid0_input
So far this works with all physical systems.

Tags: , ,
2021-09-09 Collecting more system data with Telegraf for Influxdb/Grafana 1 week ago
Grafana host dashboard with telegraf data including entropy
Grafana host dashboard with telegraf data including entropy. The dip in entropy is caused by the dnssec-signzone process
I have been collecting certain system data for ages with rrdtool, but now I see what is possible with Telegraf collecting agent and after some initial attempts I'm all in favour and data is flowing.

All the data I collected is already standard in telegraf, including entropy! Other data is also collected that is good to keep an eye on for performance.

I made some tweaks to the standard telegraf configuration: collect every 5 minutes, not exactly on the clock since I read The mystery of load average spikes which reminded me of my own experience Be very careful of what you measure. I also avoid gathering data on nfs filesystems (which come and go thanks to autofs).

I rolled out telegraf over all systems at home, and now there is a nice 'System info' dashboard in Grafana.

Tags: , ,
2021-09-05 Network traffic statistics in Influxdb/Grafana 1 week ago
Grafana dashboard with network traffic I continued my slow migration of statistics to Influxdb/Grafana and added the network traffic. I've been gathering this for ages in rrdtool, my earlier view was that I've been using rrdtool for network and other statistics since October 2002 so it is a bit of a change.

I updated the perl scripts that fetch network traffic statistics over SNMP to also add the data to influxdb. And it was simple to create a dashboard with that data. The overview pages with data for all interfaces for one measured host also link to detail pages per interface which also show the number of errors.

Tags: ,
2021-09-01 Wildcard certificates and zerossl via acme protocol 2 weeks ago
Encrypt all the things meme I'm personally not a huge fan of wildcard TLS certificates (risks with reuse of the private key) so I didn't try those yet, but based on my experiences with certificates with multiple names with zerossl I got a response: Stephen Harris on Twitter: Do they support wildcards and I just had to try. And it works! I requested a certificate:
        Requested Extensions:
            X509v3 Subject Alternative Name:
                DNS:gosper.idefix.net, DNS:*.gosper.idefix.net
And indeed it worked:
        Issuer: C = AT, O = ZeroSSL, CN = ZeroSSL ECC Domain Secure Site CA
        Validity
            Not Before: Sep  1 00:00:00 2021 GMT
            Not After : Nov 30 23:59:59 2021 GMT
        Subject: CN = gosper.idefix.net
[..]
            X509v3 Subject Alternative Name: 
                DNS:gosper.idefix.net, DNS:*.gosper.idefix.net
So that works too! The choice for gosper.idefix.net is because I already had dns records setup for dns-01 based verification of that name.

Tags: , ,
2021-08-30 Going all the way with zerossl: requesting a certificate with multiple names 2 weeks ago
Encrypt all the things meme I assumed the free tier of zerossl doesn't allow for certificates with multiple names but I guess I assumed wrong, because I just got issued a certificate with multiple names.

After debugging my earlier issues with zerossl and finding out I forgot the CAA record this time I tried a certificate with the subjectAltName extension in use with more than one name.
$ openssl req -in httprenewable/webserver-devvirtualbookcase.csr -noout -text
[..]
        Attributes:
        Requested Extensions:
            X509v3 Subject Alternative Name:
                DNS:developer.virtualbookcase.com, DNS:perl.virtualbookcase.com
And the certificate dance went fine with dehydrated:
$ ./dehydrated/dehydrated --config /etc/dehydrated/config.zerossl -s httprenewable/webserver-devvirtualbookcase.csr > tmp/certificate.crt
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for developer.virtualbookcase.com
 + Handling authorization for perl.virtualbookcase.com
 + 2 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for developer.virtualbookcase.com authorization...
 + Challenge is valid!
 + Responding to challenge for perl.virtualbookcase.com authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
 + Requesting certificate...
 + Order is processing...
 + Checking certificate...
 + Done!
$ openssl x509 -in tmp/certificate.crt -noout -text | less
[..]
            X509v3 Subject Alternative Name:
                DNS:developer.virtualbookcase.com, DNS:perl.virtualbookcase.com
The /etc/dehydrated/config.zerossl has the EAB_KID and EAB_HMAC_KEY values set to the ones associated with my account.

This means zerossl works as a complete secondary certificate issuer and I could switch over completely in case LetsEncrypt isn't available. Choice is good!

Tags: , ,
2021-08-19 Trying zerossl as backup certificate provider 4 weeks ago
Encrypt all the things meme Based on the recent article Here's another free CA as an alternative to Let's Encrypt! I decided to check my options for having an alternative to LetsEncrypt.

Not because I have or had any problems with LetsEncrypt, but I like having a backup option. So I started with zerossl as option.

Sofar I did the whole registration and certificate request dance purely with the dehydrated client, but that gives an error on a certificate request:
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for developer.virtualbookcase.com
 + Handling authorization for perl.virtualbookcase.com
 + 2 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for developer.virtualbookcase.com authorization...
 + Challenge is valid!
 + Responding to challenge for perl.virtualbookcase.com authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
 + Requesting certificate...
 + Order is processing...
ERROR: Order in status invalid
Creating a zerossl account with a webbrowser and setting the EAB_KID and EAB_HMAC_KEY to the values from my zerossl account also doesn't help, that also ends with
$ ./dehydrated/dehydrated --ca zerossl --config /etc/dehydrated/config.zerossl -s httprenewable/webserver-devvirtualbookcase.csr > tmp/certificate.crt
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for developer.virtualbookcase.com
 + Handling authorization for perl.virtualbookcase.com
 + 2 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for developer.virtualbookcase.com authorization...
 + Challenge is valid!
 + Responding to challenge for perl.virtualbookcase.com authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
 + Requesting certificate...
 + Order is processing...
ERROR: Order in status invalid
I realized a certificate for multiple names isn't supported by the free tier of zerossl. Removing one of the names from the certificate still made it end up in status 'invalid'.

Also re-creating the account in dehydrated after creating the zerossl account and setting the EAB_KID and EAB_HMAC_KEY variables correctly didn't solve things yet. The same request works fine with LetsEncrypt so the issue is something with dehydrated / zerossl.

Update: Sharing my woes gave a suggestion: Stephen Harris on Twitter: "@khoos You have a CAA record for virtualbookcase.com that might be blocking it." / Twitter and Stephen is absolutely right: I set up CAA records ages ago for all my domains. And the zerossl CAA document I can find absolutely agrees I need to add a CAA record allowing certificates by sectigo.com.

Updated: And after waiting for DNS propagation and trying again I now have a zerossl.com certificate:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:7b:c8:e9:ad:fd:14:ad:5c:ae:a2:57:fe:45:d9:41
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C = AT, O = ZeroSSL, CN = ZeroSSL ECC Domain Secure Site CA
        Validity
            Not Before: Aug 19 00:00:00 2021 GMT
            Not After : Nov 17 23:59:59 2021 GMT
        Subject: CN = perl.virtualbookcase.com

Tags: , ,
2021-08-17 Specific categories in contests can help win 1 month ago
I received the results of the Canada winter contest I participated in last December and my remark In total I got 3 different Canadian stations in the log and I entered my log. It won't be the winner in the DX category, but I appreciate the fact that the Radio Amateurs of/du Canada organize this so I do my part in making the scoring possible. works out differently: I am "First Place for The Netherlands in the category Single Op Single Band 20 meter".

Tags: , ,
2021-08-13 Next bitcoin extortion scam 1 month ago
Yet another bitcoin extortion scammer, this time using address 1Gkg3g7GGbsKktkkbgKNfL6MMGZ1xCoGJC. The reports read like she/he has tried it in multiple languages. Until this moment no bitcoins have ended up with the scammer.

Earlier items about bitcoin extortion scams: Earlier, earlier, earlier, earlier, earlier, earlier (although I think bitcoin is generally a really bad idea and a huge scam)

Tags: , ,
2021-08-05 Phishing for accounts which expire shortly is extra funny! 1 month ago
Yesterday I switched to a different Internet provider and now the phishing trying to convince me I need to give my account details for the old account to avoid the account being closed is extra funny!

And although they all state they are the kzdoos.xs4all.nl webmail there is no such thing for the abusers to try any login credentials at.

Tags: , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newstag.cgi,v 1.34 2020/12/31 15:36:31 koos Exp $ in 0.019550 seconds.