» Uncategorized
Article posted on Mar 7
External temperature monitoring with Linux
- Posted by Ryan Finnie on March 7, 2010, 3:36 pm
At work, we moved into a new office last week. Part of that move involved moving the office network infrastructure from a massive server and work room into a small server closet. We're having some issues with cooling, so I decided to get some sort of ambient temperature monitoring going while we work on fixing the issue.
I found a few DIY articles (such as here and here) that use the Dallas Semiconductor 1-Wire bus. 1-Wire is a low-speed parallel communications bus where the entire bus is powered and controlled by a single master interface. The master is usually a serial device connected to a computer. The rest of the devices can either be daisy-chained, or wired in a star topology, much the same as home phone wiring can be split from the telco demarc to multiple phones. (Despite the name, two wires are needed for a 1-Wire bus, one carries data and power, the other is ground.)
They looked nice, but I didn't want to go the DIY route. Eventually I found iButtonLink, who makes and sells 1-Wire products. I bought the LinkUSBi master and a few T-Sense temperature probes. (The LinkUSB is a few dollars cheaper than the LinkUSBi, but the LinkUSBi also contains an ID chip, so you can verify operation of the bus even if no other devices are connected.) The iButtonLink products use RJ45 ports, so you can use Cat5 network cable to connect them together. The T-Sense probe has RJ45 ports on both ends, so you can daisy chain them if you like. I haven't done so, but if you wanted to do star topology instead, you could buy a 4-port biscuit block with 4 RJ45 ports, and then wire all of their pin 4s together and all of their pin 5s together. Then simply plug the master into one port (doesn't matter which, remember this is a parallel bus), and the sensors into the rest.
The products arrived Thursday, and I plugged the master into a server running Debian 5.0 Lenny. The LinkUSBi is a serial device with an internal FTDI FT232R USB UART, which was recognized by the ftdi_sio usb-serial module and set up as /dev/ttyUSB0. In case you have other ttyUSB devices on your machine, I devised this udev rule for more permanent device naming:
SUBSYSTEM=="tty", ATTRS{serial}=="?*", SYMLINK+="char/by-id/tty-$attr{serial}"
In this case it gives me /dev/char/by-id/tty-A800bZvc, but for the sake of simplicity I will continue to refer to the device as /dev/ttyUSB0 for the rest of this guide.
digitemp
Now, to read the temperatures. You'll want the digitemp package, which is pre-packaged in Debian and probably most other Linux distributions. Once it's installed, you'll need to know what program to use. Several are available for different DS masters, but in the LinkUSBi's case, you'll want digitemp_DS9097U. To begin, verify the bus is working correctly by walking it:
# digitemp_DS9097U -w -s /dev/ttyUSB0 DigiTemp v3.5.0 Copyright 1996-2007 by Brian C. Lane GNU Public License v2.0 - http://www.digitemp.com Turning off all DS2409 Couplers ... Devices on the Main LAN 28D1483C0200002F : DS18B20 Temperature Sensor 28E9393C020000C3 : DS18B20 Temperature Sensor 010EBED512000046 : DS2401/DS1990A Serial Number iButton
This shows the two DS18B20 temperature sensors (T-Sense probes), as well as the DS2401 embedded in my LinkUSBi. (The DS2401 literally does nothing but return a serial number. Still, as mentioned before it's useful to have to verify the bus is working correctly even if no other devices are plugged into it.)
Next you'll want to create a config file. I chose to store it in /etc/digitemp.conf.
# digitemp_DS9097U -i -c /etc/digitemp.conf -s /dev/ttyUSB0 DigiTemp v3.5.0 Copyright 1996-2007 by Brian C. Lane GNU Public License v2.0 - http://www.digitemp.com Turning off all DS2409 Couplers ... Searching the 1-Wire LAN 28D1483C0200002F : DS18B20 Temperature Sensor 28E9393C020000C3 : DS18B20 Temperature Sensor ROM #0 : 28D1483C0200002F ROM #1 : 28E9393C020000C3 Wrote /etc/digitemp.conf
You will be left with a file called /etc/digitemp.conf that looks something like this:
TTY /dev/ttyUSB0 READ_TIME 1000 LOG_TYPE 1 LOG_FORMAT "%b %d %H:%M:%S Sensor %s C: %.2C F: %.2F" CNT_FORMAT "%b %d %H:%M:%S Sensor %s #%n %C" HUM_FORMAT "%b %d %H:%M:%S Sensor %s C: %.2C F: %.2F H: %h%%" SENSORS 2 ROM 0 0x28 0xD1 0x48 0x3C 0x02 0x00 0x00 0x2F ROM 1 0x28 0xE9 0x39 0x3C 0x02 0x00 0x00 0xC3
You can rearrange the ROM mappings as you'd like. 1-Wire refers to devices by their 64-bit IDs; the numeric mappings are for digitemp's benefit. In my case, 28D1483C0200002F is the probe I'd like to use, so #0 is fine.
Now, let's see what's being returned:
# digitemp_DS9097U -q -c /etc/digitemp.conf -a Mar 04 22:22:43 Sensor 0 C: 25.38 F: 77.67 Mar 04 22:22:44 Sensor 1 C: 27.56 F: 81.61
Great, works fine. We'll soon need the data in a machine-readable format, so here's how to do that:
# digitemp_DS9097U -q -c /etc/digitemp.conf -o 3 -a 0 77.79 81.50
That output is tab-delimited, the first column being elapsed time (digitemp can pull data multiple times, but we won't be going into that so it will always be 0 here), and the rest of the columns are the probe values in order. "-o 3" is Fahrenheit; use "-o 2" for Celsius. In this case I only want the result of the first probe, so I can save some time by specifying a specific probe with "-t 0":
# digitemp_DS9097U -q -c /etc/digitemp.conf -o 3 -t 0 0 77.90
- Leave Comment
- Posted in Uncategorized
Article posted on Feb 18
Cisco PIX DNS fixup in Linux?
- Posted by Ryan Finnie on February 18, 2010, 7:12 pm
At work we have a Cisco PIX firewall for the office. It's decent (if a bit eccentric; that is, hard to configure), but occasionally I go through a thought exercise to see how this firewall could be replaced with a Linux firewall. Most of the functionality is easy in Linux (NAT, ACLs, VPNs, etc), but one thing I get hung up on is DNS fixup. Fixup is a monitoring service much like nf_conntrack/nf_nat in Linux, and in DNS fixup's case can rewrite responses depending on the context. Here's an explanation:
The players:
- Mallory is the PIX firewall, with the 10.0.0.0 network inside and the 9.9.9.0 network outside. (Despite conventional naming examples, Mallory is not malicious here, but otherwise has the same attributes.)
- Alice is the DNS server, 10.0.0.2 inside, 9.9.9.2 outside. Alice knows only about internal IPs in her DNS database.
- Bob is some server, 10.0.0.3 inside, 9.9.9.3 outside. Bob is listed with Alice as bob.corp.example.com, 10.0.0.3.
- Charlie is a client on the outside network.
- Dave is a client on the inside network.
Now, say Charlie (outside) queries bob.corp.example.com via Alice's external IP. Alice will respond with 10.0.0.3. Mallory intercepts the response, knows that Bob is 10.0.0.3 on the inside and 9.9.9.3 on the outside, so she rewrites the response as 9.9.9.3 and gives it to Charlie.
It also works in the opposite direction. Say www.example.com is a web server served by Bob, and DNS is hosted by an outside DNS provider which obviously returns 9.9.9.3 for www.example.com. Now say Dave (inside) queries www.example.com via Alice. Alice doesn't know about www.example.com, so she goes out to the Internet (through Mallory) to find it. The outside DNS responds with 9.9.9.3. Again, Mallory knows about Bob's mapping and will rewrite the response to 10.0.0.3 to Alice, which then gives the final answer to Dave.
As far as I know, there is nothing in Linux to facilitate this. Yes, I know about split-horizon DNS, but it's a pain to maintain multiple zone copies, and Alice's DNS service would have to be moved to Mallory directly. The PIX does this all automatically for you (if you want; of course it can be disabled).
(Please, prove me wrong.)
- Leave Comment
- Posted in Uncategorized
Article posted on Feb 13
in.tcpmuxd: A secure, RFC compliant TCPMUX server
- Posted by Ryan Finnie on February 13, 2010, 3:41 am
Yesterday, on IRC, neale asked if it was wise to run a TCP service on port 1. sneakums replied it was not, since it was a registered service, "tcpmux". However, nobody immediately knew what "tcpmux" was; Wikipedia provided the answer.
TCPMUX is an ancient, horrible protocol. You connect to a TCPMUX server on port 1, then tell it which TCP service you actually wanted, and it forwards locally for you. Obviously fraught with security problems on the modern Internet. Nonetheless, I immediately wanted to write a TCPMUX server.
I started out by coding to the description in the Wikipedia entry, not knowing there was an RFC. We did find it (RFC 1078), and Neale and I went back and forth tweaking the code. Eventually I stopped with this:
#!/usr/bin/perl
while(<>) {
if($_ eq "HELP\r\n") {
print "tcpmux\r\n";
exit 0;
} elsif(lc($_) eq "tcpmux\r\n") {
print "+OK FINE\r\n";
} else {
print "-BLOW ME\r\n";
exit 0;
}
}
My friends, that is a fully functional, RFC 1078-compliant, completely secure TCPMUX server, in 11 lines of Perl. Neale has a bash version that he prefers, but I argue mine is better because it's strictly RFC-compliant (only accepts CRLF, etc). To use it, add this to /etc/inetd.conf:
tcpmux stream tcp nowait nobody /path/to/in.tcpmuxd
To use, telnet to port 1. (You can use nc, but you will have to do something like "echo -ne 'tcpmux\r\n' | nc localhost 1" because it will only recognize CRLF-terminated lines per the RFC.) in.tcpmuxd will accept and forward exactly one service, tcpmux. All others will be rejected with a kind explanation. "HELP" will also conveniently list all services it will forward.
You can also test this by telnetting to colobox.com port 1, which is running a fully functional TCPMUX server.
This service has been painstakingly checked for security flaws. A highly skilled team has gone through the entire codebase, line by line, and has determined that there are no known implementation or security flaws in the service. You're welcome.
- 3 Comments
- Posted in Uncategorized
Article posted on Jan 16
oui, an IEEE OUI database search utility
- Posted by Ryan Finnie on January 16, 2010, 4:17 pm
On Friday, I was grepping through DHCP logs, looking for a certain machine, and got sick of going to the IEEE web site to plug in the OUI to figure out the manufacturer of MAC addresses. This involved manually converting a "standard" format MAC address (00:04:f2:e6:93:16, for example) into an OUI format that would be accepted by the IEEE site (00-04-F2).
I found that my workstation already had several OUI databases installed locally (most notably one provided by the nmap package), and hacked together a 5 line Perl script to take a MAC address and use it to search one of the OUI databases. I later fleshed it out into a complete, releasable product. You can download the program from http://www.finnie.org/software/oui/.
At its simplest, give it a MAC address, and it will return a vendor.
$ oui 00:22:19:df:a8:2b 002219 Dell
You can give it multiple items to look up. These can be either a full MAC address or just an OUI, uppercase or lowercase, and can be in a variety of popular formats.
$ oui 00:30:48:88:1B:AF 0004f2e69316 000a.4137.c40a 00:26:99:8d:38:ea 00-50-8D 0004F2 Polycom 000A41 Cisco Systems 003048 Supermicro Computer 00508D Abit Computer
Note that oui was given 5 items, but only returned 4 results. oui searches for several common OUI databases that may be installed locally on your system (the most common would be nmap's database), and they can be quite out of date. Let's rectify that by downloading a current database from the IEEE.
$ oui 00:26:99:8d:38:ea $ wget -O /tmp/oui-20100116.txt http://standards.ieee.org/regauth/oui/oui.txt --2010-01-16 15:04:12-- http://standards.ieee.org/regauth/oui/oui.txt Resolving standards.ieee.org... 140.98.193.16 Connecting to standards.ieee.org|140.98.193.16|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 2118408 (2.0M) [text/plain] Saving to: `/tmp/oui-20100116.txt' 100%[=====================================>] 2,118,408 1019K/s in 2.0s 2010-01-16 15:04:17 (1019 KB/s) - `/tmp/oui-20100116.txt' saved [2118408/2118408] $ oui -d /tmp/oui-20100116.txt 00:26:99:8d:38:ea 002699 Cisco Systems
Much better. If you want to permanently store that database, put it in /usr/share/oui/oui.txt; oui will look there first for a database.
You can also use oui to search one or more organization names.
$ oui -s avaya "university of california" 00040D Avaya 00126D University of California, Berkeley 001B4F Avaya 00E007 Avaya ECS
Let's take a look at how many registrations some companies have.
$ oui -s dell | wc -l 29
That's about 500 million possible MAC addresses, which sounds right for the world's largest PC manufacturer. Let's try my favorite server manufacturer, Supermicro.
oui -s supermicro "super micro" | wc -l 2
Ahh, not so much. What about Cisco? They seem to have a lot of devices out there on the ol' Internets.
$ oui -s cisco | wc -l 448
Wow. That's 7.5 billion possible MAC addresses.
We can also see how many registrations are currently marked "private". These are registrations where the IEEE keeps the manufacturer's identity private for a time, in exchange for a yearly fee.
$ oui -s -c '^PRIVATE$' | wc -l 43
A few notes: First, you will get no results if you just have the nmap database installed, as it uses a condensed format and filters out private registrations. Second, you can use regular expressions to match an organization (PCRE). Third, the -c flag forces the search to be case sensitive.
- Leave Comment
- Posted in Uncategorized
Article posted on Dec 23
I forgot about Christmas.
- Posted by Ryan Finnie on December 23, 2009, 6:14 pm
Literally.
Ever since a week before Thanksgiving, I've been working on a massive project for work. I'd like to talk about it in detail sometime later because even though it was an exhausting project, it was still very fun and interesting, but that's another post. It all culminated with an 8 day trip to Boston, which I got back from Monday night.
Friday night I was at my hotel, watching TV, when I thought to myself, "Man, they're advertising Christmas shopping earlier and earlier this year." Then I looked at a calendar: it was one week from Christmas.
I was aware of the dates as they passed, but frankly my mind wasn't processing them as they related to holidays, just various deadlines for work. I got home Monday, was still exhausted Tuesday (and the roads were very slick), and now it's 2 days from Christmas.
So yeah, I didn't get anybody anything. Sorry. To make penance, I whipped out the plastic and decided to donate to charity. I had planned on spending about $250, and was deciding between the American Civil Liberties Union and the Electronic Frontier Foundation, but at the last moment I said "what the hell" and donated $250 to each. They both do good work, and I am glad they are there when we need them.
- Leave Comment
- Posted in Uncategorized
Article posted on Nov 27
Outside dial tones on SPA500 series phones
- Posted by Ryan Finnie on November 27, 2009, 11:36 pm
I'm currently in the process of upgrading our phone systems at work. In the Reno and Salt Lake City offices, we had a Cisco Unified Communications VoIP system going back to 2001, with Cisco 7900 series phones. The 7900s used SCCP, a proprietary but decently understood protocol to talk with the call managers. Earlier this year, the call managers died. We had been preparing for this possibility, and had an Asterisk system ready that was able to talk SCCP to the 7900 phones. Unfortunately, the SCCP driver is graciously described as "beta" (remember, it's a proprietary protocol). Everything mostly worked, but we lost the ability to do 3-way conferencing via the phones. So now we're replacing them with Cisco SPA504G phones, which use the industry standard SIP protocol.
In the last few weeks/months, I've been preparing to make this process as smooth as possible from a user perspective, since this is the most visible aspect to the employees. One of the features of the 7900 phones is a separate tone when reaching an outside line. When you pick up the phone, you hear a standard North American dial tone (350 + 440 Hz). When you press 9, however, that changes to a different dial tone, to signal that you are "outside" and can dial as if you were at a regular POTS phone. Here is a sample audio file of that process. I always found the order to be backwards; I figured the "inside" dial tone should be non-standard, and once you hit 9, you'd be presented with a standard North American dial tone. Oh well.
The SPA504G can be programmed to generate an outside dial tone, but it defaulted to a single 440 Hz tone, which just did not sound right. It's customizable, so I started looking for what DTMF combination the 7900's outside dial tone is. I didn't find anything online, and while many of the tones on the 7900s are sent to the phone by the call manager, the outside dial tone is hard-coded in the phone's firmware. I could have probably figured it out if I had an oscilloscope, but I didn't have access to one. Random fiddling came close, but it still sounded off.
Through some reading, I eventually figured out that "special tone frequencies" are always in multiples of 40, 50 and 90 Hz. This apparently makes it easier to determine what two tones are being sent in a DTMF sequence. A dial tone is 350 + 440 Hz (90 Hz difference), a ringing tone is 440 + 480 Hz (40 Hz difference), and a busy signal is 480 + 620 Hz (90 + 50 Hz difference). With that, I was able to narrow down the possibilities, and came up with 440 + 530 Hz for Cisco's outside dial tone. The low tone is 90 Hz higher than the 350 Hz low tone of the dial tone, and the high tone is 90 Hz higher than the low tone.
If you happen to be in my same situation (or if you just want to use an outside dial tone that sounds better than that stupid single 440 Hz outside dial tone that the SPA504G defaults to), go to Admin, Advanced, Regional, Call Progress Tones, Outside Dial Tone, and use this:
440@-19,530@-19;10(*/0/1+2)
Note that to actually get the phone to play an outside dial tone, you must configure your dial plan to support it. That means that after every 9, enter a comma. Here's my current dial plan:
(3xxx|*22xx|*23xx[0-9*#].|*2x|*3xxx|9,11|9,911|[346]11|0|9,[2-9]xxxxxx|9,1[2-9]xx[2-9]xxxxxx|9,011xx[0-9*#].)
Note that all leading 9s need to have a comma after for this to work. See, for example, 9,11|9,911. The user can still either dial 911 or 9911 in an emergency, it's just the outside dial tone will play after the first 9.
By the way, for that example wav file I showed above, I had considered recording the actual sound coming from the phones with a microphone, but I decided to do it all in Audacity instead. That's right, it was completely computer-generated. All I had to do was use Audacity's tone generator on separate channels (for example, one channel with a 350 Hz tone and one channel with a 440Hz tone for the regular dial tone), and then combine everything down into a single mono channel.
- Leave Comment
- Posted in Uncategorized
Article posted on Nov 16
Fear and Loathing in Second Life
- Posted by Ryan Finnie on November 16, 2009, 9:40 pm
I signed up for a Second Life account a few years ago, but I rarely used it. It really wasn't that fun for me. Later, I learned that simply being in Second Life wasn't the fun part; it was creating and building that was interesting. However, building anything lasting required a premium account ($9.95 per month), which "entitles" you to buy 512m2 of land via the in-world economy. So last December, I bought some land.
It was quite a steal, as far as in-world land goes. I paid L$8500 (approx. $34) for a 1536m2 plot at the edge of a sloping green hill region, overlooking a "protected" beach region. (Protected means nobody can actually buy the land, it simply remains empty.) The view was excellent. The seller had literally just put the land up for sale, and I had just happened to find it via the land sale search when he did. This is the sort of land that could easily go for double that.
I started working away, building objects and sometimes buying others. At first I just was doing random things with the land, but I later decided to build the Finnix Information Center. (More information about that is available in this Finnix blog post.)
At one point, the land immediately south of my land went up for sale, at L$10000 ($40) for 1024m2. I bought it, not knowing what I'd do with it, but it was still a good deal. I set it for sale at L$30000 ($120) in case anyone really, really wanted it, but in the meantime, I just used the area for various projects. But about 2 months later, someone bought it! I made a quick buck.
Keep those numbers in mind: L$30000 for 1024m2. That was fairly typical of the area. Just like in real life, in-world land is driven by mostly aesthetic factors. Is the area cluttered? Do the neighbors have big fences butting up against your property? Good neighborhood? What's the terrain like? Grass or rocky? This area was one of the best areas you could get. It was on a small slope, and had an unobstructed easterly view of a protected region on the beach. The only way you could do better was to find land directly on the beach.
Well, one day, Linden Labs decided to un-protect that region and sell it off to developers. Literally overnight, a strip mall moved in next door and blocked my view of the beach. At this point, I had started losing interest in Second Life again, so having "just another plot of land" wasn't worth me maintaining. As a great leader once said, "It's been swell, but the swelling's gone down."
Eventually, I dismantled the Finnix Information Center. I wanted to sell the land, so I started looking at other land for sale in the area, and it was pretty dismal. I ended up selling 1024m2 of the 1536m2 directly to a neighbor (it filled in the square of her land, making it 4096m2) for L$4000 ($16). For the other 512m2, I put it up for L$2500.
It sat there for months.
I logged in tonight, saw that it had not been sold, and then thought, "Wait a minute. I'm paying $10 per month to try to sell this land for $10!" I went on land sale search, saw that the cheapest 512m2 plot was L$800, and set mine to L$786 ($3.14). It was sold within 3 minutes. By a guy who immediately put it up for sale for L$940 ($3.76).
So that's it. I bought 1536m2 for L$8500 and sold it for L$4786. That's pretty dismal, considering at its height, I sold the equivalent of 1536m2 for L$45000. Now, part of it is the economy, both real-life and in-world. I've noticed that items like clothing seem to sell for about the same types of prices they sold for a year ago, but the in-world land market seems to have collapsed. Here's my working guess: That 1536m2 plot of land may only cost L$5000, which is $20 of your real-world money, but it then costs $18 per month in the form of land use fees. ($10 per month is basic premium access with 512m2 of land use rights, but everything above that amount of land costs extra monthly fees. An extra 1024m2 is an extra $8 per month.)
So it costs a decent chunk of change just to continue owning land. $18 may not have been much a year ago, but you may be tighter for money now. However, items like clothing don't have to live anywhere. They're either on you, or stored in your inventory. So you don't need to own land to buy and use clothing, so you don't need a premium membership. Therefore, the price of in-world clothing has remained pretty stable, while the price of land has crashed.
It's funny how closely the in-world land market is mimicking the real-world housing market. Fly around Second Life and you'll see a LOT of land available, most of it very cheap. But just like how I can't buy a house in the real world now -- even though I'd love to and it's a buyer's market -- there's not a lot of interest in in-world land ownership because of how much it cost to keep that land. And just like how there are many foreclosed homes in the real world, there is a lot of abandoned land in-world. Land is usually abandoned when a user stops paying for their account without first selling off their land. Eventually Linden Labs will take this land and sell it at auction, much like a real-world bank.
That's Second Life economics on a macro scale. As for my personal situation, I blame the strip mall.
Anyway, I went into my account and set it back to the Free account type. I'm still playing with building in-world, but these days I'm on OSGrid. It's a Second-Life compatible grid that uses OpenSimulator, and the land is free, since you're running your own OpenSim server. Come on by! The region name is "Undef Lagoon" on OSGrid.
- Leave Comment
- Posted in Uncategorized
Article posted on Nov 7
A traceroute down memory lane
- Posted by Ryan Finnie on November 7, 2009, 1:24 am
If you downloaded Red Hat Linux 9 from BitTorrent in April 2003, you probably (partly) have me to thank.
In 2002, I helped build a pair of datacenters in Reno, NV and Raleigh, NC. They were technologically wonderful, built to the same standards as Exodus datacenters. Lots of bandwidth, redundancy everywhere, futuristic security. One of the design principles was that we could take a potential client into a node room and say, "pull any two cables you'd like". With limited exception (downlink Ethernet to individual clients was only single redundancy) we succeeded, but never actually got to show that off. They were great datacenters, but we could barely sell anything, and they mostly went unused until the company's demise in 2004.
So we had massive amounts of bandwidth (by 2002 standards; two 155Mbps OC3s and a 45Mbps DS3 per site, provisioned from an OC12 that could effectively double the bandwidth in the future), and only a dozen clients, if that. I set up a mirror of as many Open Source projects as I could find, but that only ate up about 20Mbps on average.
On March 31, 2003, Red Hat Linux 9 was released. This was the first Red Hat product to be officially offered via BitTorrent. BitTorrent had been released about a year earlier, and was just starting to gain traction. RHL9 was arguably the first major worldwide test of a major software release. So hey, I had all this bandwidth, and there were thousands upon thousands of people downloading RHL9 through BitTorrent. I threw up a seed machine in the Reno datacenter, and watched the slurping begin.
Unfortunately, the official BitTorrent client could only seem to push about 50Mbps of torrent traffic before hitting a wall. So I added another server. And another. And another. And then 4 in Raleigh. All told, I was pushing 400Mbps of traffic across 8 machines and two datacenters into the mesh, and was often seeding at least half of the traffic of that single torrent. I believe that lasted for 3 or 4 weeks.
The company went out of business in 2004 (for non-BitTorrent-related reasons of course), and I was later hired by the company responsible for maintaining and eventually turning down the Reno datacenter. We had our network (and the remaining clients) migrated out of the datacenter by the middle of December, but due to a dispute with the eventual purchaser of the datacenter space, I was told to keep the datacenter "operational" through December 31, 2004. To do so, I left one Linux server running, connected to the only remaining transit (an OC3), and routed our remaining IP space to it, a /20. An entire /20.
So for 2 weeks at the end of 2004, I had a single server, sitting in the middle of a 50,000 square foot world-class datacenter, with a dedicated OC3 running directly to it, and 4096 IPs at my disposal. I actually can't remember what I ended up doing with it, except for putting up a web server with a test page that responded to all IPs. I'm sure it was more profound than that.
(In case you're wondering, Linux, at that time, did NOT like having 4096 sub-interfaces. They would all eventually work, but bootup would take at least 10 minutes. It seemed adding each new interface introduced a higher non-linear delay.)
- 1 Comment
- Posted in Uncategorized
Article posted on Oct 27
Commentary: Toyota floor mat recall
- Posted by Ryan Finnie on October 27, 2009, 12:52 am
Late last month, Toyota announced they would recall 3.8 million Toyota and Lexus cars due to floor mat safety, the largest ever US recall. Action details have not been released yet, but it is known that the recall was prompted by a high-speed crash of a Lexus ES 350 in California because of the accelerator pedal getting stuck full-throttle against the floor mat, killing all four people in the car. It was later determined this occurred because of improper installation of the all-weather floor mats, but how this will relate to the recall is uncertain.
Shortly after the announcement, I decided to do some tests with my own car, a 2009 Toyota Prius with OEM all-weather floor mats. I determined that, when properly installed, the floor mats have almost no chance of budging, leaving plenty of room between the lip of the floor mat and the fully depressed accelerator pedal. The driver side mat is held in place by two hooks embedded into holes in the floor. If the hooks were not installed (they come with floor mat kit, not the car), the mats include rubber spikes that dig into the floor carpet. These spikes will keep the mats in place during sudden jolts, but would tend to drift forward over time (which would happen on many cars before the introduction of hook anchors). However, the Prius has a raised left foot rest that, in its normal position, the mat butts up against, restricting movement. I'm not sure all recalled cars include this root rest, though.
I was able to get the floor mat in a position where the accelerator was stuck full, but the floor mat was uncomfortably forward. The mat was 4 inches in front of the hooks, and was covering over half of the foot rest.
It's important to note that in the California crash, it has not yet been revealed if the all-weather floor mats were OEM or not, just that they were improperly installed by the dealership. At this point, I'm not sure what could be done to improve the floor mat installation from an engineering perspective, as the hooks seem extremely durable and are unlikely to break off. But remember, NHTSA recalls are not always about fixing engineering problems. It's possible the NHTSA and Toyota just want to get cars back into the dealership to verify that floor mats are properly installed with the retention hooks present. Again, very few details of the recall have been announced yet.
The mats include a warning that you should take very seriously: do NOT install any third party floor mats on top of the existing floor mats. They are designed to stay firmly in place when properly installed, but anything laid on top of it has a much greater risk of slipping.
So that's my thoughts on the floor mats themselves. When properly installed, the floor mats should be safe. However, the California crash brings up another safety aspect: how to recover from an out of control vehicle.
First, let me explain how the Prius works. You get in, hold down the brake pedal, and press the Start button to start the car. The shifter is relatively normal, a multi-directional shifter that allows you to select Reverse, Neutral, Drive, and Engine Brake (uses engine power to help brake down large hills easier). The Prius includes a separate dedicated button for the Brake function, though on other vehicles this is usually integrated into the shifter. To shut down the car, stop movement, and while holding down the brake pedal, press the Power button. You can even do this while in Drive or Neutral, hitting Power while not in motion will automatically engage the brake before shutting down. In addition, if you try to shit to Reverse or Brake while in forward motion (even while accelerating), the vehicle will instead change to Neutral.
As you can see, the driver in the California crash had several options for stopping acceleration. Of course I'm not criticizing his judgment (you can never know how you'll react in an emergency situation), but the first thing you should do in an out of control car is shift to Neutral while braking. This is universal, and should work for any vehicle. In the Prius (and presumably some other Toyota vehicles), you have several other options, but shifting to Neutral while braking should be the first choice. Inexperience with the particular car's shifter may have been a factor in the crash, as it was a loaner car.
And then there's the Start button. I took my Prius out to test and started accelerating. In an emergency, I could see looking at the dash, seeing the Start button and attempting to press that as a first choice. So I did so and... nothing happened. Even in a controlled situation, this actually surprised me. I expected, at the very least, the car would shift to Neutral if the Start button were pressed while accelerating. You can hold the Power button down for a full 5 seconds while the vehicle is on to kill power, but 5 seconds is a lot in an emergency.
If there's one engineer safety change to come out of this, it should be that. At the very least, pressing the Start button while in motion should shift to Neutral. Otherwise, short of more details emerging, I believe this recall is mostly about proper floor mat installation, and not necessarily a defect
- Leave Comment
- Posted in Uncategorized
Article posted on Oct 26
It's only slower if you consider "time"
- Posted by Ryan Finnie on October 26, 2009, 10:48 am
FedEx Ground® Is Faster to More Locations Than UPS Ground, or so says the the commercial I saw during baseball last night. I nearly burst out laughing when I heard this. UPS Ground shipments from the Bay Area to Reno (250 miles) regularly arrive overnight, while FedEx will almost always hold the shipment at the destination if it got there "too fast". This morning I came in and a coworker was complaining about how a FedEx Ground shipment shipped today from Dallas to Reno (1900 miles), and FedEx lists it as taking 7 business days. Business, not regular days -- it should arrive next Wednesday.
Don't get me wrong, I'm not exactly a UPS fan. My biggest complaint is, incredulously, "The UPS Store" is not considered an authorized UPS shipping center. If you're shipping a package on a UPS account that is worth more than $1000, their web site spits out an form that a driver or authorized shipping center must sign for. "The UPS Store" cannot sign for this, you must instead schedule a pickup or take it to their distribution center.
But it's still better than FedEx.
- Leave Comment
- Posted in Uncategorized
