FreeBSD 11.1

Every few months I take a little time out and evaluate the GPL/BSD Linux(y) space for readiness and usability. Always these operating systems prove themselves out quite handily for their indigenous niche, which is behind the scenes and in server rooms.

I like to evaluate systems like these to see if they’ll ever be ready for a breakout performance on the much more visible stage of front-room existence.

I start with VirtualBox on my MacBook Pro. I provide every VM about 4GB of RAM, about 40GB  of storage, and the understanding of what installation on a limited medium like this means for any OS. I won’t be pulling punches about raw performance, because in a VM, performance is not a priority. I evaluate these systems with the idea of “Mr. Average User” in my mind. How can “Mr. Average User” carry on with whatever I review?

Starting with FreeBSD 11.1, the installer was textual which was perfectly fine if a little low-brow. Most users are much more comfortable with pretty graphical installers right from the beginning. One oddity was that the FreeBSD boot manager did not detect the installation media and make the right choice to boot to the VM’s Virtual HD after primary installation was successful. I had to halt the system, remove the installation media, and start it again. Honestly if you were looking at a physical computer, the end user would likely remove the installation media from the USB port or DVD drive anyways, so this isn’t a problem. It does bear that Linux handles this much more elegantly.

The base system installs with CLI entry only. There is no GUI option, you have to resort to Google to get to that point. The command is fine, however getting into root if you don’t know how to by using “su” from a default install doesn’t work, your end-user account isn’t defaulted into the sudoers file, this could have been eliminated if I had added the right group to the plain user account, like “sudoers”, however I am unsure if FreeBSD follows that convention or not. In any case, all of this immediately drops the user into Google-Fu. We’ve already lost the most basic users now, and we’re only carrying on with those that have some geek experience.

Getting to the GUI level is a rather involved process. The nature of BSD has always been couched in my experience as “You get the system you asked for explicitly, not the one you implicitly assumed you would get.” So an installation of X comes with the core system and twm, a zero-frills window manager. Also, there are basic commands that need to be added with using the pkg tool, like vim and screen, although that is a lot less of a problem since other Linux platforms also don’t include some of these packages as default throw-ins. You have to install X, then you have to install your special Window Manager choice, like gnome3 for example. The actual installation is hands-off, which is very good to see, but users must come to FreeBSD with the notion that you aren’t going to get a polished Ford Mustang with just one ask. You should expect a stripped out Ford Fiesta without doors, first, and then add on extra components until you build yourself up to a Mustang.

I was finally able to get a Gnome3 X-Windows system up and running, only had to Google a few items, like adding my standard user to the wheel group for access to the su command, and then adding sudo and configuring that, to make it easier to add more software. There wasn’t any software management system in Gnome3, but I didn’t really look that hard for one either. The pkg installation routine is easy to understand and works well, generally. The one issue I did notice was that the mouse was quite difficult to use, but I expect that there would be some issues where it was a VM and I was asking it to run a lot of stuff all at once.

I find myself frequently referring to a metaphor from HG Wells’ Time Machine book. There are Morlocks and Eloi, and how the two groups can mingle as a way to discuss how these operating systems can be used by the two different kinds of people. FreeBSD is very much a Morlock system. There is no way a Morlock could find its way into an elevator, pick the surface, and have afternoon tea with an Eloi in terms of FreeBSD. In an Eloi’s viewpoint, FreeBSD is a smooth black box that makes little rattling noises, but beyond that is almost totally inert and worthless.

As always, FreeBSD is best for deep back office tasks. It has a lot of technical greatness, from the ZFS file system to the Fortuna PRNG, but it is best left to the basement level for the Morlocks to use. It would make an excellent server, but a terrible workstation.

 

 

On The Domain?

At work a funny question came up. Should we put an important user and their super slim executive-style laptop on the Windows Domain or just use a Local Account? There is really only one user who fits this bill, and so we’ll leave that obvious bit out because I don’t include names in any of my blog writing.

The question comes down to reliability. Can we trust that the Windows Domain account will always work? Eh, that’s the 64,000 dollar question, now isn’t it? The user cannot under any circumstances ever see “This laptop cannot form a trust relationship with the selected domain.” error that pops up rarely and irregularly around our Windows Domain.

Obviously the answer is, since it’s Microsoft, apply the KISS Principle. We keep it simple, we keep it a local account, because we simply cannot trust Microsoft at all. Maybe the domain will work, maybe it won’t. Maybe Kerberos will work, maybe it won’t. Right up there with the worthlessness of Windows Domain GPO’s, will they apply? Well, they appear to, but they do nothing in practice. In my experience GPO’s are a mixed bag at best, sometimes they work, like home drives and printers, but sometimes they just bellyflop. We don’t really do much with GPO’s because Microsoft’s technology is so hilariously poor. Roll out software through the Domain? Hah. Never works. Fiddle with settings on the Domain? Never works. Never ever ever works. GPO’s are essentially a crock of shit at best, and a waste of time at worst.

So, if you have a mission critical user on a computer, do you use a Windows Domain? Only if you like putting 2×4’s up against your legs and whacking your ankles with a sledgehammer. Yeah, that’s the level of suffering and agony that is Windows. We’ll skip it, thanks.

I will say, I did briefly consider calling Microsoft Technical Support once a long time ago when we were looking at GPO’s for something in the long ago. But you know, that’s not a serious offer either, and creates way more work and suffering than just skipping the entire thing and declaring that whatever it is simply cannot be done. Not that any requests have actually come in that way, our interest in GPO’s were purely in-department wonderings. One foray into them, they don’t work, spread gasoline on everything and light a match and let it all burn.

It’s been a long time since I wrote this bit, but it still holds true and will for the rest of time. Microsoft is the worst company on Earth and I regret every experience coming into contact with them. I only use their “technology” because I have no other choice. Microsoft rules a kingdom of shit. May they all die in a fire.

So no, we won’t be using a Domain Account.

Cat’s Megamix

I have a 25 hour long playlist on Spotify that is solely composed of Cat relaxation music. Currently it’s playing throughout the house and especially for felines, and also for their hapless human lap-warmers, the slowly paced lullabies and carefully composed music interspersed with isochronic beat patterns have chilled all felines right to unconsciousness. Instead of mobbing the door leading to Ysabel’s welcome room, they are on my lap, or near me, totally lounging, sleeping, and napping. Even the new kitten digs the music, and has likewise fallen asleep.

It may be wishful thinking, but this music seems to be having the same effect as Felidae does.

There is another note of kismet in all of this. The way we discovered Ysabel, just how free and easy all this has been so far. Right down to the right gadgets and the service and the music to bring it all together. It feels effortless, although I freely admit that this has only just started, but perhaps if I stay optimistic everything will follow suit and work out for the best.

This all assumes the music doesn’t put me out like it is the cats. Who thought it, music enhanced introductions. What a marvel!

Hyundai – Never Again

This tale of woe begins in October of 2015. I take my 2007 Hyundai Santa Fe into Maple Hill Hyundai for an oil change, and I learn about a service campaign, there is a recall on the Valve Cover Gasket for all Santa Fe’s like mine. Maple Hill performs the operation; I get a new gasket and a new alternator and the oil change. I drive away happy; everything is back to normal.

At the end of 2017, I start noticing some odd lights in my car, and generally odd behavior starting to crop up. I’ve got 130000 miles on the vehicle, so I figure that it’s cold weather and old age. The gas tank needle gets daffy, not registering full tanks of gas, so I use the trip-o-meter to measure out 200 miles and then fill up from there. I can adapt. Then on really cold mornings, I notice the battery light flickers for a little bit, alternating with the seatbelt light, but after a few minutes both go out. I drive it around, and everything is normal.

Then we went to Chicago, Illinois to C2E2. The Santa Fe loaded with suitcases and comic books, I drive it into the parking structure, and that’s that. We have a wonderful time in Chicago, and then we pull it out of the parking structure. I notice that the battery light and seatbelt light have started to blink, but then it goes away and I figure that it’s business as usual. I drop off my niece and her boyfriend at their car and then drive off. As I approach the highway, the battery light and seatbelt light continue to flicker. We get on I-94, headed back to Michigan, and right after we cross from Illinois to Indiana, the battery light is on. Then TPMS, BRAKE, ABS, AIRBAG, all the lights turn on and Check Engine comes on. Then the lights get dimmer and dimmer, and we roll into a Walmart parking lot.

I’m panicking. My car is dying, I’m 125 miles from home, and it’s late Sunday night. After I chill out in the Walmart, we get back to the car, and I turn it on. Check Engine is still on, but everything else is off, and the car is behaving like everything is fine. So we tool around the parking lot a few times, and everything remains fine. So I get on the highway again. We get 25 miles down the road, and then the battery light starts to blink. Then again, everything goes downhill. The car gradually slows down, until I’m pretty much just crawling along on idle speed, the gas pedal is hilariously worthless. We turn a few times and get right up to the parking lot of an Econolodge. All that is left is one tiny little lamp in the instrument cluster, and it’s half-lit anyhow. The car is fully dead. Transmission is stuck in everything but park, and so I get out, and with Scott’s help, we try to push the Santa Fe up the little incline to the parking lot of the Econolodge Hotel. A stranger appears out of nowhere and runs over and asks if he can help, and all three of us push the Santa Fe to the middle of the empty parking lot. I turn the car off, but the panic sets in again because I can’t put the transmission in park. I wait a few minutes and try to turn the car on, I get accessories to come on, and the transmission goes to park. I turn everything off and get a room at that Econolodge.

Now, here is where we place a mental pin in the tale, keep this spot in mind because what happens next is full of consequence.

I wake up the next morning, I don’t know what is wrong with my car, and my first idea is to see if I can find a repair shop. There are lots of auto dealers around, there’s a Kia, there is a Chevy, and a Toyota, but no Hyundai. So I figure I need some sort of shop, so I search Yelp for “auto repair,” and I find Adam’s Towing and Service of Porter, Indiana. I call them, reach Adam, and tell him what happened to my car. He suggests that it’s the alternator and I ask for a tow so he can work on it. The tow guy comes, super amazing fellow, and they get my Santa Fe on the skid and tow it away. I follow after in a rental car I picked up from an Enterprise location in Burns Harbor. We get to Adam’s shop, and they start working on it. I take the rental back to Kalamazoo and drop off everything; we get a call from Adam, my car is ready. He replaced the Serpentine Belt, and the Alternator and everything is back to normal. We get back, drop the rental car and pick up the Santa Fe and drive it back to Kalamazoo. Everything is back to normal. While talking to Adam, he asks if there was anything about motor oil with my car, because the alternator was soaked with oil and that’s why it died. I remember back to the service campaign that Hyundai performed and immediately do a Google Search, and many other people have had the gasket go out on them and struggle with Hyundai about repairs. So I’m thinking that’s what is going on with my Santa Fe. I go to Maple Hill Hyundai, and I learn that the job cannot be cleared because the leak is coming from the Timing Cover Gasket and that repairing that is a $1200 to $1600 process. For me, that totals the Santa Fe.

So then I start talking with Hyundai Corporate, talk to many people about my problem, and I believe that the problem is still the valve cover gasket. That motor oil that was inside my engine got outside and killed the alternator. I’d like my money back from the repair job, and I’d like someone to fix the gasket, just like Hyundai did in October 2015. Just like all those other Santa Fe owners who had this EXACT SAME PROBLEM.

So then, after being told that it wasn’t covered by Maple Hill, I reached out to another shop where I had my brakes done previously and brought it to them. The owner said “How do they know where the leak is, did they clean the side of the engine and run a dye test?” and the answer is no. While we had the hood open, he also pointed out that the plastic cowl that covers the engine was missing nuts, and one was cross-threaded and abused badly by a torque driver. But I don’t know who did it, so who is to blame? Haven’t a clue, but there are only three shops in this tale, Maple Hill, Adam’s, and the place where it sits now.

So then this morning I call Hyundai and I relate the tale to the rep, updating with my misgivings about which gasket really is the problem, and that I want proof that it is either the valve cover gasket or the timing cover gasket, and that I don’t want my money back from the alternator fix, but I really want to prevent this from happening again because I want my car to work for me for a while longer if I can manage it. I relate the tale, and then when I mention Adam’s Towing and Service and the shop that will wash the engine block and run the dye test, the Hyundai rep stops me and tells me that I can stop right there. Hyundai refuses to honor any warranty, expressly or implicitly formed because I took my vehicle to an Independent Repair Facility. So, go back to the pin I mentioned about the momentous choice I made. I was stranded on the highway, no warranty from Hyundai, no clue it was the gasket, and so because I didn’t push the vehicle to a Hyundai dealership, I’m quite shit out of luck.

So that’s the end of it. Hyundai walks away, from a service campaign that they botched, maybe, how can anyone tell? Nobody but the IRF even mentioned cleaning the engine and running a dye test! And what burns the most is that while I was regaling the Hyundai Corporate Rep with my tale of suffering, she searches for a Hyundai dealer in Chesterton, Indiana. Norris Hyundai. She then proceeds to waggle this Hyundai dealers location in my face, over the phone. If only I had pushed my dead 2000 pound Santa Fe to Norris Hyundai, then maybe Hyundai would talk to me. But because I was in the middle of the dark, with a dead car, work on Monday, and all the other stress, that I didn’t search for Norris and I didn’t PUSH MY CAR THERE, that there is nothing left to talk about and that I should have a nice day.

So I am done with Hyundai. I am done with the brand; I’m done with Maple Hill. There is no point in calling Fox Hyundai or Norris Hyundai, or anyone else. Hyundai only has one thought, and that is to hide in their fine print and treat me with such disrespect that it takes my breath away. They have no interest in their customers, no interest in repairing what is their fault. So I’m going to find out since it doesn’t matter now, I’m throwing in all the way with my new repair shop. This fellow will wash the side of the engine block, add the dye, and give me an authoritative answer as to which gasket is leaking. And then I’ll face the question of what to do from that point forward. It will answer the question, is it the timing cover gasket or the valve cover gasket? And if it is the valve cover, I might pay to have this new fellow do the work.

It is clear to me that Hyundai is uninterested in being human to me. They want to be a company, and that is their prerogative. It is my choice to associate with humans or companies, and I make my choices based on what I perceive to be the humanity of whom I am dealing with. Hyundai hides behind their fine print and their rules. That’s perfectly fine. I don’t want anything to do with a company like that. And if that means that I burn all the bridges to all the automakers in my life, then so be it. I have to make a stand, and I will live with the consequences. I will fucking walk if I have to. This deep violation of the Golden Rule is so upsetting to me that I cannot even see straight, so that’s fine Hyundai, hide behind your fine print and your rules and utterly fail to treat others as you would have them treat you.

There is a place in hell for you, and the punishment for a company is expressed regarding karma. You deserve what you get.

Cisco SmartInstall Vulnerability Mitigation

At work, I use Cisco gear everywhere. Recently the SmartInstall Hack has become a security concern. There is a vulnerability in the SmartInstall system that allows bad actors to send arbitrary commands to your network infrastructure.

So I started out knowing how my network is shaped, that I customarily keep the 10-net IP space organized by state, then by city, and then finally by kind of equipment. Out of the four octets, the first one has to be 10, the second one is the state, and the next is the city in that state, and finally, I prefer to keep all my infrastructure gear between 250 and 254.

I started with nmap because I wanted a memory refresher so that I wouldn’t miss a device.

nmap 10.1-10.1-10.250-254

This command provides me a handy report of all the places on the inside of my network where ssh or telnet (depending on the age of the gear) reside. I print off the list, and it becomes an authoritative checklist for all my infrastructure gear.

Then one at a time, either ssh or telnet into the infrastructure devices and issue these commands in one paste command:

conf t
no vstack
end
wr mem

I don’t care if the command fails, it’ll write NVRAM to Flash either way which suits me fine. Once I was sure I got all the equipment that could be affected, I know that at least for this vulnerability, we’re all done. There won’t be anything, at least for this, at work for me to worry over.

Now if you use vstack or SmartInstall, your mileage may vary, but I certainly don’t use it. The default is to leave it on, so the smart money is in forcing it off. Why leave it open as a vulnerability if you don’t have any chance of bad actors on your LAN? Because it is one less thing to worry over.

TWSBI Fountain Pen

A few months ago while talking with a friend about technology the conversation turned to throwback items that we enjoy using. I brought up my fondness for fountain pens, which always seems to surprise people. The idea of a pen as a writing instrument goes back a really long time. Around the turn of the last century, there was an explosion in patents related to fountain pens and how they hold and dispense ink as you write. After my conversation with my friend, I was inspired to go shopping a little bit. I had some money that I set aside for small little gifts to myself that I had set aside over the past number of years. I never really touch it, so the money sits in my accounts. I came across a company that sells a highly regarded fountain pen, called TWSBI. As I got to browsing the options on Amazon, I looked at my Lamy branded Fountain Pen and realized that it was good as entry level pens go, but I wanted to move up a notch. TWSBI seemed a good option. The pen I selected was the TWSBI Diamond 580AL Silver Fountain Pen with the medium nib. I also got the “Broad Nib” as many reviewers expressed pleasure at writing with both.

580AL_1024x1024.png

TWSBI 580AL Fountain Pen

I have to say that writing with it is quite an experience. I started writing with fountain pens back in college and found that the way the ink flows beat any other sort of pen hands down. Plus the way the nib moves on good paper makes writing longhand a pleasure. It can still work on rough stock, but it struggles with the rough material, and there is more skritch-skritch-skritch while writing on some of the lowest class papers out there.

The Lamy I have uses a piston-convertible insertable tank, while the TWSBI has its piston tank built into the frame of the pen itself. I find that the TWSBI holds more ink, way more ink than my Lamy ever did.

Another little bit to note, fountain pens aren’t meant for left-hand writers as far as I know. The ink doesn’t dry fast enough for the way a lot of left-handed writers have to use a pen. Although I don’t have many folks I know that are left-handed writers, so there is no way to see if they could use it or not without making a mess of their hands with the ink.

If you have a little bit of spending money, this pen can go a long way in both its look and its function to add a little something to your workaday life. It won’t solve problems or anything like that, but it is something nice to have that a lot of people appreciate. I always chuckle to myself when people remark on how I use a fountain pen, and what I do for a living, which makes people think I should be keyboard bound. Sometimes old things peak, and iterations afterward are all downhill from that peak. In a lot of ways, just like Windows 2000. LOL.

Extracting Cisco Unity 10.5 Voicemails

In my work, I wear many hats. Amongst these is VOIP Manager. It’s not really a job, or a position really but fits neatly under the heading of IT Manager, which is my position title. I oversee the companies Cisco CallManager and Unity systems.

Occaisonally when coworkers of mine leave employment, they sometimes leave behind voicemails in their Unity mailbox. I’ve been searching for a long while to find a convenient method to extract these voicemails out of Unity and into any other format that could be easily moved around so that other people could listen to the recordings and get somewhere with them.

I’ve tried a lot of options, and endless Google searches. I eventually discovered a rather involved method to acquire these messages. This method is something that I would categorize as “bloody hell” because it involves a lot of questionable hacking in order to procure the audio files.

The hack begins with Cisco Disaster Recovery System, known as DRS. If you have a Unity and CallManager system set up, like I do, you probably have already established the DRS and have it pointed somewhere where your backups live. In my case, I have the DRS pointed to a share that lives on my primary file server. So that’s where you start. You have to make sure that DRS is running, and that it generated good backups. This method essentally backdoors the backup system to get at the recordings that Unity takes.

In my Unity folder, I have two days worth of backups, and the files you need specifically are 2018-02-19-20-00-07_CUXN01_drfComponent.xml, and 2018-02-19-20-00-07_CUXN01_CONNECTION_MESSAGES_UNITYMBXDB1_MESSAGES.tar. Your filenames may be slightly different depending on what you named your Unity system. When I found these files, I didn’t even think anything of the XML file, but the tar file attracted my notice. I attempted to copy this to my MacBook and once there, attempted to unpack it with bsdtar. It blew up. As it turns out, Cisco made a fundamental change to DRS after Unity 7, they started encrypting the tar files with a randomized key, derived from the Cluster Security Password. My cluster is very simple, just Unity and CM, and I suppose also Jabber, but Jabber is worthless and so I often times forget it exists. It wouldn’t be that they would use .tar.enc, no, just .tar, which confuses bystanders. That is pretty much the way of things as Cisco, I’ve grown to appreciate.

The next tool you need is from a site called ADHD Tech. Look for their DRS Backup Decrypter. Its a standalone app on Windows and you need it to scan and extract the unencrypted tar data.

The next utility you will need is the DRS Message Fisher. Download that as well. I will say that this app has some rough edges, and one of them is that you absolutely have to run it in Administrator mode, otherwise it won’t function properly.

Start the DRS Message Fisher, select the tar file that has your message archive in it, decrypted, and then you can sort by your users aliases. Click on the right one, then it will present you with a list of all the voicemails the user has in that backup set. You would imagine that selecting all the messages would extract all the voicemails in individual files, but that is not how this application behaves. My experience is that you really should extract one message at a time, because the app dumps its saving folder after every request and cannot understand multiple selections even though you can make multiple selections. It is also eight years old, so that it functions at all is a miracle.

You start at the top, click the first message and then “Extract Message Locally” which should open a window and show you the result WAV file you need. I learned that without Administrator mode, you never ever get that folder, it just opens up your Documents folder and does nothing constructive. In case you need help finding it, look for it here:

C:\Program Files (x86)\Cisco Systems\DRS Message Fisher\TEMPMsgs

With the app in Administrator mode, and a message selected, click the button mentioned above. This will open the TEMPMsgs folder and show you the WAV file. Click and drag this anywhere else to actually save it. Then advance to the next message and extract, and so on and so forth until you have all the messages extracted. There wont be any actual useful data in the filename, it’s just a UUID, so I suppose we should be happy we are getting the audio and count our blessings.

Once you have all the WAV files you need, then you can dump the voicemail account and move on.

What a mess. I look at Cisco and marvel at the configurability of both Call Manager and Unity, but watch it trip embarrassingly hard on things like this. Apparently nobody ever cared that much to address voicemail survivability and extraction. As far as I know, this overwrought and wretched procedure is required to meet that particular need. It goes without saying, this is wholly and completely unsupported by Cisco TAC, so save yourself the headache of running full-speed into that bulkhead.

In many ways, this solution, if you can call it that, is getting voicemail survivability by dumpster diving. Ah well, it’s Cisco, complaining is very much like going down to the river and screaming at it to change course. You’d probably get further with the river.

Giving Chrome Some Pep

I’ve been using Google Chrome on my Macbook Pro for a long while, and I’ve noticed that some websites take some time to get moving along. In some ways, it feels like the browser is panting and trying to catch its breath. So today, while trying to solve a work problem I accidentally stumbled over a neat way to give my Chrome browser a little bit of a boost in performance. It seems to benefit when I use sites that are interactive, like my work help desk site or PNC online banking for example.

The trick is, create a small RAM drive on the system, and then copy the Chrome profile over, link to that profile so Chrome can find it, and then start to use Chrome. As Chrome works, things like settings and cache data go to RAM instead of the HD on my MacBook Pro. Then I use rsync to copy data into a backup folder just in case my MacBook pro suffers a kernel panic or something else that would accidentally dump the RAM drive.

There are a few pieces to this, mostly from scripts I copied off the network.

I copied the script called mount-tmp.sh and made only a few small adjustments. Specifically changed the maximum RAM drive size to 512MB.

Then I created two different bash scripts to check-in the profile to the RAM drive and then to check-out the profile from the RAM drive back to the HD. Since I wrote them from scratch, here they are:

check-in.sh


#!/bin/bash
/Users/andy/mount_tmp.sh
mv /Users/andy/Library/Application\ Support/Google/Chrome/Default ~/tmp
ln -s /Users/andy/tmp/Default /Users/andy/Library/Application\ Support/Google/Chrome/Default
rsync -avp -delete /Users/andy/tmp/Default /Users/andy/Library/Application\ Support/Google/Chrome/Default_BACKUP
echo “Complete.”

check-out.sh


#!/bin/bash
rsync -avp -delete /Users/andy/tmp/Default /Users/andy/Library/Application\ Support/Google/Chrome/Default_BACKUP
rm /Users/andy/Library/Application\ Support/Google/Chrome/Default
mv /Users/andy/tmp/Default /Users/andy/Library/Application\ Support/Google/Chrome
/Users/andy/mount_tmp.sh umount
echo “Complete.”

If you give this a shot as well, I would love to hear from you about your experiences with this little speed improvement hack! Hope you enjoy!

Moment of Geek: Raspberry Pi as Thermal Canary

A few days ago I had run into a problem at work. The small Mitsubishi Air Conditioner had decided to take a cooling nap in the middle of the day. So my office, which is also the machine room at work was up around 85 degrees Fahrenheit. I was used to this sort of thing, summers bringing primary cooling systems to their knees, but this time I had a huge A/C unit in the ceiling that I elected not to have removed and left in place, just in case. So I turned it on, set it’s thermal controller to 70 degrees and the room temperature tumbled in about ten minutes. Right after the room temperature was normal, and I had service out to visit me about my little wall-mounted A/C unit, the damn thing started functioning normally again. The tables turned on IT, where for our users, this is what happens to them. They can sit there and struggle, and then we arrive and the machines behave themselves like nothing at all was wrong.

So I had the big A/C, and it’s smaller wall-mounted unit both running overnight and faced a problem. I want to know what the temperature is in my machine room without having to buy a TempPageR device. I had one long ago, and it was rather expensive. I looked on my desk and noticed my Raspberry Pi, just sitting there, doing nothing of consequence. I did a brief cursory search on Google, and I knew the Raspberry Pi had a CPU Temperature interface hidden somewhere, and I was happily surprised to find a website detailing how to use this exact feature in Python programming language to write a temperature log, and optionally graph it. It was mostly copypasta, adapting things I had found online pretty much by copy and paste and hammering them here and there to work. I have programming skills, but they are rather dated and rusty. Plus I’ve never used Python, specifically. So my first effort was successful, I got a 1-second temperature logger in place. I was rather happily satisfied with my efforts, but I knew I would not be happy with Celsius, but I knew the temperature was colored by the CPU in the Raspberry Pi itself, so the reported temperature was quite higher than the room temperature.
I started to tinker. First searching for the equation to convert C into F. So I got it, 115 degrees. When I turned on the big A/C device, and its thermal controller displayed the ambient room temperature in F, 74. So I did some math and subtracted a constant 44 degrees from the CPU temperature, which “calibrated” the CPU temperature to be a rough approximation to the room temperature. Some eagle-eyed readers may notice that my math is off, but after I had moved the Pi over to the server stack, I had to adjust for a higher CPU temperature because of it being further away from the wall A/C unit. So now I had a 1-second temperature logger. I turned on graphing, and the entire program crashed and burned, I wasn’t running the application in an X-Windows environment, so I tore the graphing library and code out because I was never going to use the graphing feature anyways.

That, of course, was not enough to replace the TempPageR device. I needed some alarm system to alert me to what was going on. I thought of some interfaces, email, SMS, iMessage, email-to-telephone-call cleverness and each thought brought me against different versions of the cliffs of insanity. I could have probably smashed and hacked my way to a solution involving some ghastly labyrinth of security settings, passwords hashed with special algorithms that are only available on ENIAC computer simulators that only run on virtualized Intel 8086 processors with the Slovenian language pack loaded and using the Cyrillic character set; An arrangement that was an epic pain in the ass. So earlier in the day, I had tripped over an app advertisement for Slack so that it could use incoming data from the Pingometer website. I have a Pingometer account, a free one because I’m a cheap bastard. The single pinger externally checks my fiber optic connection at work, keeping AT&T on their toes when it comes to outages. The Pingometer website uses incoming Slack webhooks. An incoming Slack webhook comes from some source that makes a really simple web browser call using HTTP. It wraps JSON into HTTP and sends the request to Slacks servers. Slack then does everything needed to make sure the message is pretty and ends up on the right Slack channel, on the right team; this was my alert mechanism.

So I did another Google search, found the intersection between Linux, Python, and Slack and some more copypasta and some tinkering and I had a Python app that displayed the room temperature in Degrees F, and made my Slack a noisy mess, as it was sending incoming webhook requests every second. One more tweak, which was a super-simple IF-THEN block, set my high-temperature mark at 90 degrees F and let it go.

 

There is something satisfying about being able to hack something together, cobble it actually, and have it work without blowing up on the terminal, blowing up Slack, or otherwise failing. So now I have a $35 Raspberry Pi running as a rough temperature alarm, it’ll send alerts to Slack and let me and my System Admin know at the same time over Slack. I’m quite happy with how it all worked out. No obnoxious email settings, ports, security frameworks, awkward and obtuse hashing routines, just a single JSON-formatted HTTP call and BAM. All set. An alarm, with a date and time stamp and a temperature, delivered right onto my iPhone with automatic notifications from Slack, so it wakes me up if I need it.

So anyways, without further ado, here is the code:


from gpiozero import CPUTemperature
from time import sleep, strftime, time
import json
import requests

# Set the webhook_url to the one provided by Slack when you create the webhook a
t https://my.slack.com/services/new/incoming-webhook/
webhook_url = ‘https://hooks.slack.com/services/####/#####’

cpu = CPUTemperature()

def write_temp(temp):
with open(“cpu_temp.csv”, “a”) as log:
log.write(“{0},{1}\n”.format(strftime(“%Y-%m-%d %H:%M:%S”),str(temp)))
if temp > 90:
slack_data = {‘text’: “{0},{1}\n”.format(strftime(“%Y-%m-%d %H:%M:%S”
),str(temp))}
response = requests.post(
webhook_url, data=json.dumps(slack_data),
headers={‘Content-Type’: ‘application/json’}
)
if response.status_code != 200:
raise ValueError(
‘Request to slack returned an error %s, the response is:\n%s’
% (response.status_code, response.text)
)

while True:
temp = cpu.temperature
temp = (9.0/5.0 * temp + 32) – 44
write_temp(temp)
sleep(1)


It has been forever since I’ve needed to program anything. Once I was done, and I saw it work the way I wanted it to, I was quite happy with myself. I haven’t felt this particular sense of accomplishment since my college years. It was quite a welcome feeling.

Walking Down Memory Lane

Some notable events from other July 1st’s

2003 – Installed a network aware fax machine, and then attached it to Groupwise. My god, Groupwise. This is such a walk down memory lane! And this of course was the first of a repeated meme that online shared mailboxes at work are upsetting to people because they aren’t “private”, in the same way that a regular fax machine is “private” by hovering over it and muscling out anyone who might try to use it. It of course begs the question, what are you transmitting at work that is “private”, that you shouldn’t be doing at say, a FedEx shop or Office Depot?

2003 – Toppenish, Washington was in the news because a keyword blocker at a library got upset because it found something it didn’t approve of in the text of the domain name itself. Nowadays we don’t search domains for text fragments, we actually categorize them.

2004 – Again with the Fax Machine. In this case, not having long distance on the line requiring the use of an AT&T calling card, with a 60-digit calling sequence just to send a fax far away. And the merry mixups when people who work for an Institution for Higher Learning demonstrate no higher learning by being unable to comprehend digits. Ah, those were the days.

2004 – Farhenheit 9/11 – Hah, those were the days, weren’t they? When it only felt like scandals were rare and maybe all the crazy conspiracy theories were just theories. Oh, the memories.

2006 – Sharing the photos of the bathroom rebuild. It was a long while ago that we tore the guts out of that bathroom and updated it.

2007 – At O’Hare, running through security, on my way to visit family in Syracuse.

2008 – Another trip to Syracuse. This time through Detroit.

2009 – The problem with the cloud is poor security and access points everywhere. What happens when people plant incriminating evidence via a route, like junk mail, that you pay very little attention to – and then make an anonymous tip about the evidence? It was an interesting consideration and helps reinforce how important it is to keep everything digital tidy.

2013 – I wrote a lot of things about the security threat that our very own NSA represents. And little did he know that in 2017, the tools they collected and wrote would leak out and turn into WannaCry ransomware attack. Thanks NSA!

2015 – Facebook Notifications get an enhancement and they can accept a GPG Public Key, so all the Facebook Notifications over email are all encrypted. This was a really good proof-of-concept option from one of the worlds biggest Internet sites, alas it won’t ever take off because GPG is an all-or-nothing technology, and since you aren’t going to have all, all you get is nothing. It was this day that I also gave a lot more thought to The Golden Rule and started to reshape my life around it as a moral compass.