I finally got my weather station published to the web. Thanks to wview and Davis, you can see the temperature at my house. The install went fairly easily, with just one non-rpm'ed/yum prerequisite (radlib) requiring an install from source, along with wview. The first install didn't connect to sqlite correctly, but I fixed that with a fresh install and skipping wview's Davis-station specific setup. I am also considering migrating to Debian, but that's another topic.
I love the data views that wview provides. It shows trends at a glance that weather.com, NOAA, and NWS don't. Even online weather airport stations have no view that will let you see a trend -- they're all snapshots. With wview, I can tell when the temperature-dewpoint spread is closing.
The best part -- I can collect the data. I can export to MySQL. I can collect solar radiation stats to see if solar panels make sense at my location.
Next: Dial-in weather with Asterisk and Cepstral.
Sunday, November 21, 2010
Sunday, November 14, 2010
Upgrading to Asterisk 1.8 x64 Gotchas
I've been running Asterisk at home for a couple of years now. The initial setup using pbxinaflash was super-quick and provided a ton of cool features out of the box. Some other stuff needing tweaking, like the analog cards. (FYI: PBXIAF runs on top of FreePBX, which runs on top of Asterisk.)
So a few days ago, PBXInAFlash, releases a new version that includes support for video calls using discounted hardware video phones. Video calls have been available forever using software and computer cams. The availability of an affordable hardware phone means that there's a chance I can give one to my mom. What's the big deal with a hardware phone? My mom already knows how to use it. Everybody knows how to answer a hard phone.
Upgrading. The "supported " procedure is to upgrade to the same version of FreePBX that you'll be restoring to, and then do a backup. (Upgrade using module admin, then use the backup module...) So I installed the new release on top of my old Atom D510 server and wiped out all the old data. Restore. Restart Asterisk. Asterisk seg fault crash loop. FreePBX 2.8 doesn't validate every piece of input perfectly, so it can crash. You've been warned. I reinstalled and built from scratch, which is a great thing to be able to do, but not so great from a time perspective.
After installing the base phone system, it was up and running. My custom apps were not. The PBXinaFlash cust app scripts don't all support Asterisk 1.8 or x64. I run a few, and this is how I fixed them.
So a few days ago, PBXInAFlash, releases a new version that includes support for video calls using discounted hardware video phones. Video calls have been available forever using software and computer cams. The availability of an affordable hardware phone means that there's a chance I can give one to my mom. What's the big deal with a hardware phone? My mom already knows how to use it. Everybody knows how to answer a hard phone.
Upgrading. The "supported " procedure is to upgrade to the same version of FreePBX that you'll be restoring to, and then do a backup. (Upgrade using module admin, then use the backup module...) So I installed the new release on top of my old Atom D510 server and wiped out all the old data. Restore. Restart Asterisk. Asterisk seg fault crash loop. FreePBX 2.8 doesn't validate every piece of input perfectly, so it can crash. You've been warned. I reinstalled and built from scratch, which is a great thing to be able to do, but not so great from a time perspective.
After installing the base phone system, it was up and running. My custom apps were not. The PBXinaFlash cust app scripts don't all support Asterisk 1.8 or x64. I run a few, and this is how I fixed them.
- xtide. I go to the beach and I love xtide. PBXIAF tries to install the 386 rpms. Just go to Flaterco, down load the source and compile. Follow the instructions to the letter. ./configure will work but make will fail because you are missing headers. Install the following packages with yum install xxx:
libXt-devel-1.0.2-3.2.el5.x86_64
libICE-devel-1.0.1-2.1.x86_64
libXaw-1.0.2-8.1.i386
libXt-devel-1.0.2-3.2.el5.i386
libXaw-devel-1.0.2-8.1.i386
libXpm-devel-3.5.5-3.x86_64
libXpm-3.5.5-3.i386
libXmu-1.0.2-5.i386
libSM-devel-1.0.1-3.1.x86_64
libXmu-devel-1.0.2-5.x86_64
xorg-x11-util-macros-1.0.2-4.fc6.x86_64
libXaw-devel-1.0.2-8.1.x86_64
Then make and make install. Then you'll get another error from bad linking, which will look something like this: error while loading shared libraries: xxx.so.1: cannot open shared object file: No such file or directory. Use ldd on the tide command to see what's missing, then find that file and copy it to where the other ones are. It should look something like this:
ldd /usr/local/bin/tide
libtcd.so.1 => /usr/lib64/libtcd.so.1
libpng12.so.0 => /usr/lib64/libpng12.so.0
libz.so.1 => /usr/lib64/libz.so.1
libstdc++.so.6 => /usr/lib64/libstdc++.so.6
libm.so.6 => /lib64/libm.so.6
libgcc_s.so.1 => /lib64/libgcc_s.so.1
libc.so.6 => /lib64/libc.so.6
/lib64/ld-linux-x86-64.so.2
I think my command was copying libtcd.so.1 to /usr/lib64, where it was expected. Now xtide works. I also have an updated harmonics file. - Swift. I love Allison-8kHz. All my licenses were gone -- g729 as well as Cepstral. Thanks to gmail, I could recover them all, and got a free upgrade to the latest Cepstral Allison: Allison-8kHz for Linux (v5.x), which installed fine. The missing part was swift-app for Asterisk. There's a beta for that that's working.
- That darn analog cards. I light up my home's antique POTS lines with a Digium 410 and a couple of FXO modules. These were a pain to set up in the initial version, too. Since then, Asterisk has moved from the ZAP architecture to DAHDI, and I though that was where my problem was. Wrong. My problem was the same one that I had the first time. Default settings are for KewlStart instead of LoopStart. Once I changed all the configs to FXO_LS instead of FXO_KS it worked again. This means I can use my antique rotary-dial phone with mechanical bells to dial out my SIP trunk.
- The IAX trunk to my Mom's house stopped working. I run this over a vpn link. (IPSec ESP w/AES256 so noone can listen in....) FreePBX has a new interface for configuring trunks, inbound and outbound in separate sections. (User and Peer). Keep you configs straight with ServerA/UserA at one end and ServerB/UserB at the other. Then I could dial my mom, but she couldn't dial me. My version of Asterisk requires CallTokens by default. Turned that off in the trunk config and it worked again. (I'd have to implement CallTokens if it wasn't running over a VPN and I wanted to resist DOS attacks.)
- Video Calls. No problems here -- just enable h.263 and configure the phones.I can even do video calls between the Nortel IP 1535 and the Bria Softphone.
Saturday, November 6, 2010
Top 5 things to do with cheap Intel Atom servers and Free Software
Intel introduced the low-power, affordable Atom chipset a couple years ago. The earlier models included the Atom 230 and 330, running single and dual-cores, respectively, at 1.6 GHz. Frugal with power at 8 watts, it could even run 64-bit. The first-gen Atom motherboards/chipset kits had two chief weaknesses: they maxed out at 2 GB of RAM, and they used RealTec network-interface cards (at least the Supermicro mboards did). RealTecs sometimes crash Linux when the incorrect driver loads, and the RT NICs don't do jumbo frames. The crashes are patchable but it adds a couple hours to your install. (Do not, repeat not, buy the old models no matter how cheap they are. Stick to the D510 series.)
Intel has since released the Atom D510. The processor is up to a 13-watt draw, runs at about the same speed, and still runs 64-bit. What makes these chipsets better is that they max out at 4 GB of RAM and use genuine Intel Gig NICs that are widely supported and can run jumbo frames. This is a big leap, because the configured price of a fully-built mini-server around the platform remains the same. Supermicro has some great Atom motherboards that can support a home or small office doing various things. (The D525 has since come out. Compare the two here.)
Newegg has some good deals on the Supermicro Atom Rack Server and the tower server for about $70 less. Or you can just buy a motherboard and roll your own. My tower server with D510 runs just under 40 watts with 4 GB of RAM, CD, and hard disk.
What can you do with it? There are a number of Linux and BSD appliances that are free.
1) Run your own telephone switch. FreePBX is an awesome, OS-included version of Asterisk that has a clean web GUI. PBX-In-a-flash is based on FreePBX but has a few extras (nonstandard enhancements like dial weather by airport code and dial your local tide schedule) thrown in. Why would you want to run your own PBX? You can do stupid phone tricks, like really cheap phone service at $.01/minute and $1.50/month per number with Vitelity, for one. Or your own conference line. Or your own trunks over VPNs to other offices. Or just blacklist phone numbers and send telemarketers to their own voice-mail hell.
Keep in mind that to light up your home phone lines, you may need an additional analog card from Sangoma or Digium. (FXS and FXO are different, but can run on the same card.) Once you figure out how cool SIP is, you'll want to replace your house phones with SIP phones. However, you can get started with SIP free using the Xlite soft phone. The iPhone/iPod/iPad version is $7.99. It's perfectly true that you can make phone calls cheap with a Linksys PAP2T or Vonage, but if you're a telephone control freak and want to wage war on telemarketers, Asterisk is for you.
2) Run a great firewall like pfSense. It's based on FreeBSD but has a great Web GUI so you can avoid learning the subtle differences between BSD and Linux. pfSense comes in embedded and full. For the Atom server, running the full version is no sweat. And I run SNORT inline on two interfaces with no issues. A full SNORT IPS signature subscription for home use is just $30/year. And pfSense does not just IPSEC point-to-point VPNs, but also WebVPN. Try that on your Cisco ASA 5505, and you'll be paying a couple grand for the equipment, licenses, and subscription. Check out the plugins for pfSense and you'll see how much you can do with one small box. pfSense 2.0 is almost out of beta and there's a 64-bit version. (Plugins include FreeSwitch, an open-source competitor to (open-source) Asterisk, so if you want, you can even run a PBX on your firewall.)
3) Storage: Run FreeNAS and you'll be able to scale reasonably out of the box. The Atom Motherboard has six SATA slots and two GB NICs that do jumbo frames. Hello iSCSI. With 2TB disks, that's 12 TB of storage. FreeNAS offers CIFS (Windows), Apple (AFP), iSCSI, and NFS mount points. Add a serious SATA RAID card to get even more disk IO performance out of your little Atom box. Obviously, I would recommend the tower server case for FreeNAS because it has room for more disks.
4) Run Apache/PHP/MySQL applications. Run Fedora, CentOS, whatever. You can run your own apps at home on top of your favorite flavor of Linux/BSD. One of my favorites is Gallery2. There's even semi-free apps (free for no enterprise features) like Movable Type (you're reading this on an MT platform), and even run more than one on the same mini-Server.
5) Collect data. Run a weather station. Run a log server. Run a crazy blog and see who hits it with which keywords. Collect IPS events from multiple firewalls and correlate them.
Intel has since released the Atom D510. The processor is up to a 13-watt draw, runs at about the same speed, and still runs 64-bit. What makes these chipsets better is that they max out at 4 GB of RAM and use genuine Intel Gig NICs that are widely supported and can run jumbo frames. This is a big leap, because the configured price of a fully-built mini-server around the platform remains the same. Supermicro has some great Atom motherboards that can support a home or small office doing various things. (The D525 has since come out. Compare the two here.)
Newegg has some good deals on the Supermicro Atom Rack Server and the tower server for about $70 less. Or you can just buy a motherboard and roll your own. My tower server with D510 runs just under 40 watts with 4 GB of RAM, CD, and hard disk.
What can you do with it? There are a number of Linux and BSD appliances that are free.
1) Run your own telephone switch. FreePBX is an awesome, OS-included version of Asterisk that has a clean web GUI. PBX-In-a-flash is based on FreePBX but has a few extras (nonstandard enhancements like dial weather by airport code and dial your local tide schedule) thrown in. Why would you want to run your own PBX? You can do stupid phone tricks, like really cheap phone service at $.01/minute and $1.50/month per number with Vitelity, for one. Or your own conference line. Or your own trunks over VPNs to other offices. Or just blacklist phone numbers and send telemarketers to their own voice-mail hell.
Keep in mind that to light up your home phone lines, you may need an additional analog card from Sangoma or Digium. (FXS and FXO are different, but can run on the same card.) Once you figure out how cool SIP is, you'll want to replace your house phones with SIP phones. However, you can get started with SIP free using the Xlite soft phone. The iPhone/iPod/iPad version is $7.99. It's perfectly true that you can make phone calls cheap with a Linksys PAP2T or Vonage, but if you're a telephone control freak and want to wage war on telemarketers, Asterisk is for you.
2) Run a great firewall like pfSense. It's based on FreeBSD but has a great Web GUI so you can avoid learning the subtle differences between BSD and Linux. pfSense comes in embedded and full. For the Atom server, running the full version is no sweat. And I run SNORT inline on two interfaces with no issues. A full SNORT IPS signature subscription for home use is just $30/year. And pfSense does not just IPSEC point-to-point VPNs, but also WebVPN. Try that on your Cisco ASA 5505, and you'll be paying a couple grand for the equipment, licenses, and subscription. Check out the plugins for pfSense and you'll see how much you can do with one small box. pfSense 2.0 is almost out of beta and there's a 64-bit version. (Plugins include FreeSwitch, an open-source competitor to (open-source) Asterisk, so if you want, you can even run a PBX on your firewall.)
3) Storage: Run FreeNAS and you'll be able to scale reasonably out of the box. The Atom Motherboard has six SATA slots and two GB NICs that do jumbo frames. Hello iSCSI. With 2TB disks, that's 12 TB of storage. FreeNAS offers CIFS (Windows), Apple (AFP), iSCSI, and NFS mount points. Add a serious SATA RAID card to get even more disk IO performance out of your little Atom box. Obviously, I would recommend the tower server case for FreeNAS because it has room for more disks.
4) Run Apache/PHP/MySQL applications. Run Fedora, CentOS, whatever. You can run your own apps at home on top of your favorite flavor of Linux/BSD. One of my favorites is Gallery2. There's even semi-free apps (free for no enterprise features) like Movable Type (you're reading this on an MT platform), and even run more than one on the same mini-Server.
5) Collect data. Run a weather station. Run a log server. Run a crazy blog and see who hits it with which keywords. Collect IPS events from multiple firewalls and correlate them.
Monday, October 4, 2010
Restricted Airspace Updates: new KML files for Google Earth
I have updated the KML files for US special use airspace files again. After looking around for some prohibited areas with which I am familiar, I noticed they were missing. They weren't missing in the file, but when a different type of restricted airspace overlies a prohibited area, you can't see the prohibited area in Google Earth. Thus I have created a prohibited-area-only KML file. The special use file includes all of the different types of special use areas, including the prohibited areas. As usual, all of them are in the kml file archive, which is sortable by date using the smart index feature of Apache.
Also, when you use FAA data, be sure to escape special SQL characters in the names. I think there's an O'Brien restricted area. Be aware, there are single quotes in special use area names.
Also, when you use FAA data, be sure to escape special SQL characters in the names. I think there's an O'Brien restricted area. Be aware, there are single quotes in special use area names.
Sunday, October 3, 2010
View Airport Weather Stations in Google Earth: Updated AWOS KML file
I have an updated AWOS KML file that will show you the telephone number, frequency, and AWOS type for the airports listed in the FAA's AWOS text file. You can download it here. As always, the KML archive is here.
This file uses the airport's latitute and longitude rather than the AWOS' latitude and longitude, which is missing in some cases in the FAA's file.
Also, the FAA files seem to have arbitrary layout changes from release to release, as well as some data quality issues. (Missing data, data out of alignment, etc.) I'm glad I don't have to produce this stuff on deadline.
This file uses the airport's latitute and longitude rather than the AWOS' latitude and longitude, which is missing in some cases in the FAA's file.
Also, the FAA files seem to have arbitrary layout changes from release to release, as well as some data quality issues. (Missing data, data out of alignment, etc.) I'm glad I don't have to produce this stuff on deadline.
Saturday, August 7, 2010
Updated Special Use Airspace KML
After losing a disk, I finally got around to rebuilding the database and scripts to generate KML files from the FAA's NFDC subscription. First to be redone is the Special Use Airspace KML. Microsoft's SQL Server 2008 does a far better job of importing files than SQL 2005 did. The airspace KML archive is here.
Tuesday, June 8, 2010
Upgrading to MT 5: Comment Login via...
I just upgraded to Movable Type 5, and I'm testing the different comment sign-in possiblities. MT5 supports OpenID, LiveJournal, Vox, TypePad, Google, Yahoo, AIM, Wordpress.com, Yahoo!JAPAN, livedoor, and Hatena. You'll see these choices if you hit the sign in link below.
I have also enabled SSL with a self-signed cert, so if you're shy about signing in to comment via http, just switch it to https by typing the s in your link bar. And no, I have not found a way to globally change signins to SSL in MT 5.
I have also enabled SSL with a self-signed cert, so if you're shy about signing in to comment via http, just switch it to https by typing the s in your link bar. And no, I have not found a way to globally change signins to SSL in MT 5.
Friday, June 4, 2010
How to dial up encryption so high in Apache that it breaks IE and Chrome
So you want to require strong encryption in Apache's httpd 2.0? So strong that Firefox is the only browser that can connect?
In /etc/httpd/conf.d/ssl.conf, edit the two lines as below:
SSLProtocol TLSv1
SSLCipherSuite HIGH
Then go to
/etc/httpd/conf/httpd.conf and edit your
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
Then
apachectl configtest
to check for typos.
Finally
/etc/rc.d/init.d/httpd restart
What this does is make browsers do
TLSv1 DHE-RSA-CAMELLIA256-SHA only.
You can then watch your SSL handshakes fail from IE and Chrome. If you want to require strong encryption across browsers, edit ssl.conf to look like this:
SSLProtocol TLSv1
SSLCipherSuite AES256-SHA
Then you'll have reasonably strong encryption.
In /etc/httpd/conf.d/ssl.conf, edit the two lines as below:
SSLProtocol TLSv1
SSLCipherSuite HIGH
Then go to
/etc/httpd/conf/httpd.conf and edit your
<Directory> </Directory>to include the following line:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
Then
apachectl configtest
to check for typos.
Finally
/etc/rc.d/init.d/httpd restart
What this does is make browsers do
TLSv1 DHE-RSA-CAMELLIA256-SHA only.
You can then watch your SSL handshakes fail from IE and Chrome. If you want to require strong encryption across browsers, edit ssl.conf to look like this:
SSLProtocol TLSv1
SSLCipherSuite AES256-SHA
Then you'll have reasonably strong encryption.
Tuesday, February 2, 2010
Subscribe to:
Posts (Atom)