Archive for the ‘networks’ Category

Setting up an APC UPS on Linux with apcupsd

Sunday, December 31st, 2006

In the time that I’ve been living in my current home, there have been a couple of power interruptions, but nothing that was more than a blip until the past week. For quite some time, I’ve used an APC SmartUPS as a line conditioner to feed power to my network gear. It wasn’t until I experienced an outage that would have outlasted the batteries that I turned to making the device work as a trigger to shut down the network.

Most of the shut-down is conceptually simple. All of the network equipment (firewall, AP, switch, hubs, DSL modem, ATAs) is solid-state and can be powered down abruptly. The main piece of equipment that I need to take some care on is the Asterisk server. Fortunately, there’s apcupsd, a software package that will speak to the APC in it’s so-called smart mode. When the power goes out and the battery drains to a pre-set level, apcupsd can initiate a system shutdown.

Most APC devices these days interface with the computer over USB, though a somewhat strange protocol. To speak it, you need to enable USB support in Linux for Human Interface Devices (HIDs), but with a special “hidden” mode (the CONFIG_USB_HIDDEV kernel option).

As a basic first step for USB support, you’ll need to build support for your host controller. Most controllers these days follow the Open Host Controller Interface (OHCI), though a Intel and Via chips use the alternative Universal Host Controller Interface (UHCI) instead. To find out which one you have, probe your PCI bus to see the controller. It will helpfully tell you which one to use:

root@ups:~ # lspci -v | grep USB
00:13.0 USB Controller: ATI Technologies Inc IXP SB400 USB Host Controller (prog-if 10 [OHCI])
00:13.1 USB Controller: ATI Technologies Inc IXP SB400 USB Host Controller (prog-if 10 [OHCI])
00:13.2 USB Controller: ATI Technologies Inc IXP SB400 USB2 Host Controller (prog-if 20 [EHCI])

The final controller is the Extended Host Controller Interface (EHCI), better known as a USB 2.0 controller. UPSes don’t operate at high speeds, so all you need are the host controller and the human interface drivers:

root@ups:~# modprobe ohci-hcd
root@ups:~# modprobe usbhid

Now, plug in the UPS. If your distribution is set up right, the udev system will create the /dev/usb/hiddevX device interface to talk to the UPS. You can see it by looking at the kernel messages:

usb 2-2: new low speed USB device using ohci_hcd and address 2
hiddev96: USB HID v1.10 Device [American Power Conversion Smart-UPS 750 XL FW:630.3.D USB FW:1.4] on usb-0000:00:13.1-2

At this point, I could follow the standard gentoo path of emerge apcupsd and do the basic configuration. The halt scripts on Gentoo are even configured to automatically turn off the UPS after shutdown, so I didn’t have to do anything special to power down my rack once the shutdown completed.

Jeers! to TiVo for taking three years to figure out WPA

Tuesday, November 21st, 2006

This afternoon, I received the latest TiVo newsletter. My TiVo and I have been drifting apart for years, in large part because TiVo seems to be falling behind. Today’s newsletter bragged about how the current TiVo software update now has WPA:

MORE SECURITY: Choose either WEP or WPA security for your wireless networks (WPA requires the TiVo Wireless Network Adapter) [Networking nerds cheer.]

Actually, we don’t cheer you. We wonder what took you so long.

A serious network engineer would never use WEP, because it is unsafe at any key length, and we’ve known that for more than six years. WPA was announced on October 31, 2002. (I remember that date because I was speaking on wireless security the day after the announcement, and the audience asked about it.) WPA-certified products have been available since 2003.

In 2003, my home wireless LAN was running WPA. When I discovered that my TiVo could only support WEP, I grudgingly pulled an Ethernet cable into the living room because I didn’t feel the need to downgrade my network security to WEP.

In September 2004, I was invited to be part of a security panel at the Wi-Fi Security Seminar in Washington, D.C. Before the panel took the stage, I vividly remember talking with David Cohen of Broadcom, who was leading the marketing efforts for the Wi-Fi Alliance on WPA2. In our discussion, David pointed out that many consumer electronics devices were supporting WPA, and that there was no reason why anybody needed to use WEP. When I pointed out to him that TiVos only supported WEP and that they had no apparent plan to support WPA, he was shocked. I never imagined that the situation would remain unchanged for the next two years.

To add insult to injury, the upgrade doesn’t help the TiVo customers who are already using 802.11. TiVo WPA support doesn’t work with just any wireless adapter like the one that most users already have stuck into the USB port. Oh no, it requires the use of the TiVo-branded wireless adapter! The TiVo adapter lists for $60, which is a pretty high price premium over a “standard” USB-to-802.11 network adapter. With careful shopping, you can get a regular Linksys/D-Link/Netgear adapter for $20 or less.

Automatically refreshing election results in San Francisco

Tuesday, November 7th, 2006

I’m at a post-campaign party right now, and we’re all huddled around the computer watching the San Francisco election results. At first, the common injunction to whoever was sitting at the computer was to “hit refresh” to see if new results were posted. I quickly tired of hitting refresh, so I cooked up a small CGI script to fetch the results, and embedded them in a page to automatically update.

The CGI is pretty simple. The nice thing about the San Francisco results is that they’re plain text embedded in a pair of <pre> tags, so all the CGI has to do is grab the text between the tags:
#!/usr/bin/perl -w

use CGI;
use LWP::Simple;
use Time::Piece;

# Get results from between

 and 

my $sf_results_html = get ‘http://www.sfgov.org/site/election_index.asp?id=47578’;

my @htmlbeforepre = split ( ‘

', $sf_results_html );
my @htmlafterpre = split ( '

‘, $htmlbeforepre[1] );
my $sf_results_txt = $htmlafterpre[0];

# write up page, with date
my $page = new CGI;
print $page->header;
print $page->start_html(‘SF Election results’);

my $t = localtime;
print “Date retrieved by CGI = $t\n”;

print “\n

\n";
print $sf_results_txt;
print "\n

\n”;

print $page->end_html;

Then, to automatically refresh it, I embedded in an server-side include that refreshed every three seconds. (Though, on further reflection, perhaps I should have set the timeout to be longer.)




Auto Refreshing election results




Page generated on



Welcome!

Thursday, October 26th, 2006

It certainly has taken me long enough to start my own blog. I’ve been at it since December 2002, when I first started blogging for O’Reilly.

Professionally, I’m a network engineer, which means that I’m a plumber for your data. Fortunately, when networks have trouble, the results may be ugly, but at least they’re generally sanitary. I took up residence in Silicon Valley after graduating from college and worked for a series of security companies. During those heady years, I liked to say that “I help build the Internet,” which generally worked as an explanation until the Al Gore “inventing the Internet” controversy. In those early years of my career, I learned that network address translation is evil, and that just sticking a firewall up doesn’t make your network secure.

In 1999, the large company I worked for acquired a little company that made wireless LAN hardware. I thought that 802.11 was the coolest technology I’d ever worked with. In those days, it was enough to walk up to somebody with a laptop and an 802.11 card, ask for a website, and pull it up in a browser. Even though it wasn’t fast, and certainly wasn’t secure, I knew I had to be a part of it. I now work on 802.11 full time, and I’m a voting member of the IEEE 802.11 working group.

Somewhere along the way, I had to prove that my liberal arts education was good for something more than just engineering, and I wrote a few books for O’Reilly. The only one that most people have read is my book on 802.11, which is now in its second edition. Writing is good for a variety of reasons. For me, one of the most tangible benefits is that it keeps me busy learning about new technologies. In 2005, I spent a good chunk of my free time learning about HDTV by using MythTV. To keep myself busy in 2006, I decided to start running Asterisk at home to learn about VoIP.

In my career so far, I’ve held a variety of positions that have required a great deal of travel. Leaving my own country has shown me that there’s a whole world out there that lives differently from me, and it’s been one of the best ways to help me appreciate where I do live. I started with most of my travel in Europe, though lately, I’ve been spending more time in Asia. Sadly, the list of the fifteen countries that I’ve visited does not yet include either Italy or Ireland.

While I’m traveling, I often take photographs. I have no professional training, so I rely on the large capacity of memory cards to take lots of pictures and throw most of them away. In this space, I’ll only be showing off the few pictures that are worth looking at.