Current project: RTC

RTC
Real-Time Compiler; SCADA & IoT management program

– soft-programmable (programmable while running)
– programming changes carry out via database continuously running, rules saved real-time to database
– the initial database is H2 (easy to change to MariaDB/MySQL or any of the 11 databases supported by Slick)
– When attaching to a SCADA/IoT source, it will measure the frequency data is received, and alert when data does not arrive timely
– receiving data is stored into a sparse spreadsheet-type representation, where it can be used like a spreadsheet using the internal language
-responses are real-time, for example, iptables filters or SCADA-style supervisory controls
GraphQL to support various JS presentations (or web) for graphic visualization; the visualization will work on any web-based device, instead of requiring an X based HMI (Human Machine Interface)
– This project has just started, but it shares a lot of code with Scanner project (same repo) — this is not my first time in a rodeo
– The IoT component reads rsyslog (including markers)


Components used:

– Scala 2.13.10, with Akka 2.7 and Slick 3.4.1
– Reflection (self-programming/compiling)
– Possible add-ons: Camel, Rhino & JProlog


Not decided (yet):

– Should RTC clean-up iptables on startup?
– RTC should conform to existing iptables (denyhosts & Fail2Ban)


Firewall rules:

– Trying to co-exist with pre-existing firewalls
– Trying to not deteriorate performance, despite potentially blocking half the internet (~2 billion IPs)
– Flush firewalls, esp (INPUT)
– Allow for pre-amble (policy, internal, DMZ, pre-established)
– Allow for “all ports” CHAIN
– Different port CHAINs (e.g. imap|pop3|smtp, web, VoIP)


Sheet/Canvas:

– The “materialized view” of this is going to be a spreadsheet, think Visicalc/Excel/LibreOffice Calc
– But another view is going to be SCADA graphic view using JavaScript libraries

Project on GitHub:

https://github.com/tanelio

Fan-Less Home router

Quiet Machine = Happy Wife.
Happy Wife = Happy Life.

4x Celeron(R) CPU J1900 @ 1.99GHz
No Fans, so quiet it’s next to the “TV”

Amazon link follows, to Qotom J1900

4 port (gigabit NIC), and Quad processor, with 8 GB of RAM, 32 GB of SSD.

Qotom makes a variety of FAN-less computers — they used to do up to 4 port computers, but the latest set includes 6 and 8 port computers, now supporting memory up to 32 GB.

When building a home router, I find it useful to have 8GB (or more) RAM, under no circumstances should you enable any swap memory (routers shouldn’t use swap). If you want to run other programs; I usually run, for example, Asterisk (VoIP, Voice Over IP, phone system) with FreePBX, and Ubiquity/Unifi Wireless controller software. You must make sure, that whatever other applications you run, they never, ever exceed (or come even close) to using all the RAM. It’s a good idea to leave half the RAM unused — it won’t stay unused, Linux will use it for cache.

What do I run on this “tiny” box?

  • Operating system; Linux 20.04.1 LTS (it’s good to stick to LTS versions)
    • One of the first things is to change runlevel from 5 (graphical) to 4 (multi-user) — there is no monitor (or mouse or keyboard) connected, so why waste memory & CPU to graphics?
  • iptables with an uptight configuration, almost entirely uni-directional
  • tftpboot for internal phone system
  • dhcpclient (for external connections) + dhcpd (for internal clients — it’s a bit crazy to need two class C’s for internal clients… we like gadgets)
  • dns (named/bind9) caching server for internal use
  • ntpd (local time beacon)
  • apcupsd (UPS software daemon)
  • sshd (supports sshfs)
  • rsyslogd (with remote logging enabled — LAN logging server)
  • smartd to monitor the health of the SSD
  • Denyhosts (an ill-tempered configuration) to keep script kiddies away
  • Postfix to get FreePBX emails out (out only, no receiving)
  • MariaDB 5.7 (to support FreePBX)
  • Asterisk 13.8 + FreePBX 14.0 + Apache2
  • MongoDB (to support Unifi)
  • Ubiquity Unify Wireless Controller 5.14 w/java-8-jdk

With all these, usually memory consumption is 2.6GB and with the four cores, CPU utilization hovers around 0.2. So, about 5 GB is for cache.

Connections… (via NetworkManager, /etc/netplan/)

  • enp1s0; local area network, hard-coded
  • enp2s0; one of AT&T’s fixed IPs, though get it anyway via DHCPD4 from AT&T modem
  • enp3s0; Comcast gigabit IP, get it via DHCPD4 from Comcast
  • enp4s0; a dynamic IP from AT&T modem

Networking/connectivity history

I’ve been on the Internet for a while, starting in 1983 Finland, using an X.29 modem (and an X.3 PAD) for which I wrote software to get it connected to a local area network for my company to use. At the same time, I registered my first domain, https://otala.com

Since then I’ve connected in many ways, many modems (Nokia’s 9,600 baud modems were well ahead of the competition) though that escalated quickly to 14kbps and eventually 56kbs modems — until the ISDN modems came about (at 128,000 baud). In 1985 I was installing my Internet connectivity software in Sweden, only to realize that the local telco only allowed pulse dialing, AND that the dialing was offset by one… so to dial ‘1’ you’d need to dial ‘2’ (two pulses), and so forth. Clever anti-competitive measure — blocking all other phones/modems from use in Sweden.

Sometime in 1993, I ended up building, in C, a full TCP/IP stack to our network communication software — I followed the RFC’s carefully. After our software was deployed to Nokia, I got a mysterious bug report — after a while, 10-30 minutes of idle time, the software would suddenly blow up. As it turns out, people were talking to a DEC (Digital Equipment Corporation) machine, and when te connection was left idle, the DEC would send “an out-of-bound” TCP packet, to keep the connection alive — knowing that the packet would be discarded since it was so out-of-sequence… but my TCP stack didn’t want to throw anything away, so it tried to allocate enough buffer space to keep all packets within this “new window,” of course there wasn’t enough memory so it blew up. Don’t follow RFC’s blindly. Fail gracefully.

In 1995, working at GlobalCenter in Sunnyvale, we deployed modems (or CPE’s) for Dial-up, or ISDN, with TCP/IP that would distribute the connection to the entire local area network, along with a local mail server.

The bottom line, is that I grew weary of trusting ANY SINGLE ISP… and since 2000 I have always had two to four internet connectivity providers, with a self built router for traffic shaping, and fail-over. I’m going to write short essays on the various configurations, including my favorite hardware choices.