Current project: RTC

RTC
Real-Time Compiler; SCADA & IoT management program

– soft-programmable (programmable while running)
– programming changes carry out via database continuously running, rules saved real-time to database
– the initial database is H2 (easy to change to MariaDB/MySQL or any of the 11 databases supported by Slick)
– When attaching to a SCADA/IoT source, it will measure the frequency data is received, and alert when data does not arrive timely
– receiving data is stored into a sparse spreadsheet-type representation, where it can be used like a spreadsheet using the internal language
-responses are real-time, for example, iptables filters or SCADA-style supervisory controls
GraphQL to support various JS presentations (or web) for graphic visualization; the visualization will work on any web-based device, instead of requiring an X based HMI (Human Machine Interface)
– This project has just started, but it shares a lot of code with Scanner project (same repo) — this is not my first time in a rodeo
– The IoT component reads rsyslog (including markers)


Components used:

– Scala 2.13.10, with Akka 2.7 and Slick 3.4.1
– Reflection (self-programming/compiling)
– Possible add-ons: Camel, Rhino & JProlog


Not decided (yet):

– Should RTC clean-up iptables on startup?
– RTC should conform to existing iptables (denyhosts & Fail2Ban)


Firewall rules:

– Trying to co-exist with pre-existing firewalls
– Trying to not deteriorate performance, despite potentially blocking half the internet (~2 billion IPs)
– Flush firewalls, esp (INPUT)
– Allow for pre-amble (policy, internal, DMZ, pre-established)
– Allow for “all ports” CHAIN
– Different port CHAINs (e.g. imap|pop3|smtp, web, VoIP)


Sheet/Canvas:

– The “materialized view” of this is going to be a spreadsheet, think Visicalc/Excel/LibreOffice Calc
– But another view is going to be SCADA graphic view using JavaScript libraries

Project on GitHub:

https://github.com/tanelio

A Cure for phone spam, robocalls

Phone spam (robocalls) has reached epic proportions., especially since I want to receive important phone calls.

I realize, that I must be a bit older generation, still hanging on to a “land line” phone number, but that’s what makes this cure so easy.

In earlier posts I pointed out that I deployed a VoIP (Voice over IP) server — I have four phone numbers. Mainline (which I’ve kept for over 20 years, despite moving), another number for my wife (she’s starting a business), an 800 toll-free number in case my kids need to reach me, With four numbers, this effectively quadruples the number of spam calls I receive, though even with one number the spam calls drive me crazy. The Do-not-call is completely ineffective (unless you’re willing to litigate all the callers — for which I don’t even dream to have the time).

So, I present my solution, which worked REALLY WELL.

Using Asterisk phone server, on FreePBX — both deployed on my router (see earlier posts), small computer, very little energy, no fans…

All I needed to do, was an IVR (interactive Voice Menu), with a simple message: “You have reached the Otala Household, press XX for Taneli, press YY for Abigail…” Allow three tries for pressing the digits, and then just dump the call into a VMUL (Voice Mail, Unavailable). As it turns out, ANY human seems to be able to press the digits to get connected to the phones directly, but NO ROBOCALLER gets through.

Ok, I am a bit of phone fanatic, I have Polycom phones in every room of the house. And now I have regained trust that when the phones ring, there’s a real caller, i.e. I finally have a reason to pick up a ringing phone.

Other benefits…

  • Time conditions; during nighttime, all calls go into voice mail (unless caller identifies emergency).
  • Faxes (does anyone use them still) are also received (and printed)
  • My wife has her phones with a different ring-tone, so we even who is being tried to reach
  • The Follow-me feature will forward my calls to my cell phone when I’m traveling
  • The DISA feature allows me to call the system and choose the outgoing line, and dial globally with reduced rates
  • I can have phone numbers in almost any country/geography — good for relatives
  • I can receive text messages (SMS) as well

Unfortunately Google’s “Screen Caller” does not work as well on Androids, as you’d still be interrupted.

This is saving me to the tune of 4-8 spam phone calls per day, EVERY DAY.

Fan-Less Home router

Quiet Machine = Happy Wife.
Happy Wife = Happy Life.

4x Celeron(R) CPU J1900 @ 1.99GHz
No Fans, so quiet it’s next to the “TV”

Amazon link follows, to Qotom J1900

4 port (gigabit NIC), and Quad processor, with 8 GB of RAM, 32 GB of SSD.

Qotom makes a variety of FAN-less computers — they used to do up to 4 port computers, but the latest set includes 6 and 8 port computers, now supporting memory up to 32 GB.

When building a home router, I find it useful to have 8GB (or more) RAM, under no circumstances should you enable any swap memory (routers shouldn’t use swap). If you want to run other programs; I usually run, for example, Asterisk (VoIP, Voice Over IP, phone system) with FreePBX, and Ubiquity/Unifi Wireless controller software. You must make sure, that whatever other applications you run, they never, ever exceed (or come even close) to using all the RAM. It’s a good idea to leave half the RAM unused — it won’t stay unused, Linux will use it for cache.

What do I run on this “tiny” box?

  • Operating system; Linux 20.04.1 LTS (it’s good to stick to LTS versions)
    • One of the first things is to change runlevel from 5 (graphical) to 4 (multi-user) — there is no monitor (or mouse or keyboard) connected, so why waste memory & CPU to graphics?
  • iptables with an uptight configuration, almost entirely uni-directional
  • tftpboot for internal phone system
  • dhcpclient (for external connections) + dhcpd (for internal clients — it’s a bit crazy to need two class C’s for internal clients… we like gadgets)
  • dns (named/bind9) caching server for internal use
  • ntpd (local time beacon)
  • apcupsd (UPS software daemon)
  • sshd (supports sshfs)
  • rsyslogd (with remote logging enabled — LAN logging server)
  • smartd to monitor the health of the SSD
  • Denyhosts (an ill-tempered configuration) to keep script kiddies away
  • Postfix to get FreePBX emails out (out only, no receiving)
  • MariaDB 5.7 (to support FreePBX)
  • Asterisk 13.8 + FreePBX 14.0 + Apache2
  • MongoDB (to support Unifi)
  • Ubiquity Unify Wireless Controller 5.14 w/java-8-jdk

With all these, usually memory consumption is 2.6GB and with the four cores, CPU utilization hovers around 0.2. So, about 5 GB is for cache.

Connections… (via NetworkManager, /etc/netplan/)

  • enp1s0; local area network, hard-coded
  • enp2s0; one of AT&T’s fixed IPs, though get it anyway via DHCPD4 from AT&T modem
  • enp3s0; Comcast gigabit IP, get it via DHCPD4 from Comcast
  • enp4s0; a dynamic IP from AT&T modem

Networking/connectivity history

I’ve been on the Internet for a while, starting in 1983 Finland, using an X.29 modem (and an X.3 PAD) for which I wrote software to get it connected to a local area network for my company to use. At the same time, I registered my first domain, https://otala.com

Since then I’ve connected in many ways, many modems (Nokia’s 9,600 baud modems were well ahead of the competition) though that escalated quickly to 14kbps and eventually 56kbs modems — until the ISDN modems came about (at 128,000 baud). In 1985 I was installing my Internet connectivity software in Sweden, only to realize that the local telco only allowed pulse dialing, AND that the dialing was offset by one… so to dial ‘1’ you’d need to dial ‘2’ (two pulses), and so forth. Clever anti-competitive measure — blocking all other phones/modems from use in Sweden.

Sometime in 1993, I ended up building, in C, a full TCP/IP stack to our network communication software — I followed the RFC’s carefully. After our software was deployed to Nokia, I got a mysterious bug report — after a while, 10-30 minutes of idle time, the software would suddenly blow up. As it turns out, people were talking to a DEC (Digital Equipment Corporation) machine, and when te connection was left idle, the DEC would send “an out-of-bound” TCP packet, to keep the connection alive — knowing that the packet would be discarded since it was so out-of-sequence… but my TCP stack didn’t want to throw anything away, so it tried to allocate enough buffer space to keep all packets within this “new window,” of course there wasn’t enough memory so it blew up. Don’t follow RFC’s blindly. Fail gracefully.

In 1995, working at GlobalCenter in Sunnyvale, we deployed modems (or CPE’s) for Dial-up, or ISDN, with TCP/IP that would distribute the connection to the entire local area network, along with a local mail server.

The bottom line, is that I grew weary of trusting ANY SINGLE ISP… and since 2000 I have always had two to four internet connectivity providers, with a self built router for traffic shaping, and fail-over. I’m going to write short essays on the various configurations, including my favorite hardware choices.

FreePBX/Asterisk on Ubuntu 20.04 router

I recently started to build/update my FreePBX Asterisk server, and noticed that there were no CDR (Call Detail Records) being recorded…

Despite googling around it, I could not find a good solution, until I noticed that the libraries being pulled in from ‘/usr/lib/odbc/’ had version 5 in them, and my installation had version 8…

So, I had downloaded the wrong ODBC library (why does FreePBX/asterisk use ODBC anyway?).

ls -la /usr/lib/odbc/        
total 80160
drwxr-xr-x   2 root root      4096 Aug 17 15:03 ./
drwxr-xr-x 112 root root     12288 Aug  7 13:09 ../
lrwxrwxrwx   1 7161 31415       16 Mar  9 01:18 libcrypto.so -> libcrypto.so.1.1
-rwxr-xr-x   1 7161 31415 23772232 Mar  9 01:18 libmyodbc8a.so*
-rwxr-xr-x   1 7161 31415 23793016 Mar  9 01:18 libmyodbc8w.so*
lrwxrwxrwx   1 7161 31415       13 Mar  9 01:18 libssl.so -> libssl.so.1.1

Meanwhile, the file /etc/odbcinst.ini shows

cat /etc/odbcinst.ini 
[MySQL]
Description=ODBC for MySQL
Driver=/usr/lib/odbc/libmyodbc5w.so
Setup=/usr/lib/odbc/libodbcmy5S.so
FileUsage=1

On to the solution… You’ll find the installation instructions (or FreePBX on Ubuntu) at https://wiki.freepbx.org/display/FOP/Installing+FreePBX+14+on+Ubuntu+18.04

And the offending part is at “Install MySQL ODBC Connector / The MySQL ODBC connector is used for CDRs. “

mkdir -p /usr/lib/odbc
curl -s https://cdn.mysql.com/Downloads/Connector-ODBC/5.3/mysql-connector-odbc-5.3.11-linux-ubuntu18.04-x86-64bit.tar.gz | \
  tar -C /usr/lib/odbc --strip-components=2 --wildcards -zxvf - */lib/*so

Should basically be substituted with:

mkdir -p /usr/lib/odbc
curl -s https://dev.mysql.com/get/Downloads/Connector-ODBC/5.3/mysql-connector-odbc-5.3.14-linux-glibc2.12-x86-64bit.tar.gz | \
  tar -C /usr/lib/odbc --strip-components=2 --wildcards -zxvf - */lib/*so

And, now you’re getting the ODBC 5 drivers, instead of the 8 drivers (which might be compatible calling-wise, but not name-wise).

The /usr/lib/odbc should now look like:

root@nuc:~# ll /usr/lib/odbc/
total 80160
drwxr-xr-x   2 root root      4096 Aug 17 15:03 ./
drwxr-xr-x 112 root root     12288 Aug  7 13:09 ../
lrwxrwxrwx   1 7161 31415       16 Mar  9 01:18 libcrypto.so -> libcrypto.so.1.1
-rwxr-xr-x   1 7161 31415 17239614 Oct 28  2019 libmyodbc5a.so*
-rwxr-xr-x   1 7161 31415 17259773 Oct 28  2019 libmyodbc5w.so*
-rwxr-xr-x   1 7161 31415 23772232 Mar  9 01:18 libmyodbc8a.so*
-rwxr-xr-x   1 7161 31415 23793016 Mar  9 01:18 libmyodbc8w.so*
lrwxrwxrwx   1 7161 31415       13 Mar  9 01:18 libssl.so -> libssl.so.1.1

After download the 5.3 drivers restart asterisk with

service asterisk restart

And you should start seeing CDR records in FreePBX.

Welcome to PointyHair

The name is shamelessly borrowed from Dilbert cartoon — but there is a story behind it…

A colleague, had a somewhat silly question, once… so he sent the question in an email, where he spoofed the sender address as manager@pointyhair.com — I looked at the question, and it was silly indeed, so I wrote a reply, but then I thought…

What if the domain name is available? But, YES, it is… I registered the domain name right away, set up a mail server, set forwarding to my colleagues email address (without rewrite), and then replied to his spoofed email.

You should have seen how quickly he appeared at my desk — “how on earth did this email, with a spoofed address, come back to me?!?!?”

(It’s ridiculously easy to spoof [fake] a Sender Address in an email… it’s ‘impossible’ to get a reply to a spoofed address to come back to you — I say impossible, though, there are ways, which I will not divulge in a blog post)

I kept the email address for a while, but it seems too many spiders pick random addresses from the ‘net, so you would not believe the amount of spam that address collects.

Meanwhile — being a VPEng / CTO, and being as far as possible from the Dilbert manager (in everything except my hair), I thought I’ll keep the domain for good.

This Blog [will] contain topics such as Software development, VoIP Asterisk, DNS, Ideal home routers, Computer design, Hardware, …