GTALUG Q&A July 14th, 2020

1 Notes from GTALUG Meeting 2020-07-14

1.1 Have you checked NTP recently? (Chris)

  • Upgrading DDWRT on a DIR-632 showed off that ntp config had been broken for years
  • Also router was pointing to DNS on a host that had been gone for years 🙂
  • I always used to use echo dmpeers | ntpdc to check synchronization
  • That apparently stopped working, probably years ago
  • The modern thing is the following:
root@karush:/var/log# ntpq -p
      
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 1.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 2.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 3.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 LOCAL(1)        .LOCL.          10 l  537   64    0    0.000   +0.000   0.000
 nash.int.linuxd 44.190.6.254     3 s   25   64    1    0.464  -19.446   0.000
 bellman.int.lin .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
 time2.facebook. .FB...           1 u  119   64    2  271.399  +102.36   0.000
 192.168.0.63    .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
 hpaq.int.linuxd 45.79.13.206     3 s   54   64    1    0.283   -4.946   0.000
 karush.int.linu .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
*ntp1.torix.ca   .PTP0.           1 u   19 1024    3   48.489   -5.496  79.828
+68-69-221-61.nb .ROSS.           1 u   23 1024    3  138.782  +25.387  39.417
+ntp2.wiktel.com .GPS.            1 u   23 1024    3   72.396   -7.548  79.119
+montreal.ca.log 172.105.103.85   3 u   27 1024    3  112.404  +22.622  40.738
+208.67.72.50    128.227.205.3    2 u   24 1024    3  101.382   -9.729  95.870
+clock.sjc.he.ne .CDMA.           1 u   37 1024    3  106.625  -11.264  97.836
+ntp16.doctor.co 50.205.244.28    2 u   42 1024    3  133.717  +24.106  39.239
+time.cloudflare 10.14.8.68       3 u   42 1024    3  111.500  +22.664  38.322
+198.255.68.106  192.168.1.193    2 u   40 1024    3  117.507  -13.853  95.332
+strongbad.voice 200.98.196.212   2 u   43 1024    3   60.177   -8.618  78.205

1.1.1 (Bob B) Can anybody explain what all that stuff in the ntpq output means?

  • Some answers can come from “official NTP”…
  • lol RTFM!
  • still, good question, I’m happy to read thru it……. no, you are correct….. that’s a great page!
  • Chris did a “broad strokes” explanation of much of what was in there, which he hopes gives enough background that the deep detail of the “official” explanations aren’t as overwhelming.

Scott S pointed out – Info on REFID

1.2 (Bob B) What are people using for centralized authentication at home labs? Really don’t want AD.

1.3 (Scott S): Opensource Physical Resource management

  • Room and Equipment bookings.
  • Integrations, MQTT, API
  • Hacklab needs this sort of thing from two perspectives:
    • With COVID-19 still around, they’d like to be able to trace where people have been and where and what physical resources they have touched
    • There is a need to arrange fair bookings for resources like 3D printers, as they now have some fairly reliable ones that will attract a lot of usage requests
  • No real answers came up in discussion
  • Later link added: List of Open Sourced Software for Resource Scheduling and Booking

1.4 Question: (cbbrowne) Has anyone been making use of the new-ish packaging systems?

AppImage
a packaging format
Snappy
Canonical sponsored central app repo
Flatpak
central app repo, but individuals may host too

In principle, these are supposed to make it easier to deploy applications where you want faster evolution than distributions offer. (E.g. – [https://wiki.debian.org/DebianReleases][Debian takes For-Ever to get new versions out…]])

  • Nobody seemed to be too much a fan of this
  • It was suggested that this concept was popular for developers that want to do their own thing, and that hate the idea of distribution makers renaming any of their stuff. This suggests a lack of appreciation for policy, which is why distribution makers do that sort of renaming…

1.5 Question: (cbbrowne) Anyone using mesh networks yet? (802.11s)

  • now supported (if your hardware does) on OpenWRT
  • bridges networks together to give better network coverage by having devices talk to all the routers around them
  • Easy? Hard? Security pains-in-the-neck?
  • new router standards are coming out – 802.11ax aka WiFi6 so probably a good idea to wait

1.6 Question: (cbbrowne) anyone been playing with the modern terminal fonts that are emerging?

  • Inconsolata
  • Mononoki
  • Ubunto Mono
  • There are barrels more of these
  • Some amount of trying to be kewl
  • some amount of trying to be readable+distinguishable (0!=O) even in small font sizes

1.7 Security Question of the Month: Have you updated your router firmware lately?

  • OpenWRT just had a new major version (v19) released in May
  • DDWRT has per-device upgrades; how their versioning system is not especially clear
    • Did an upgrade from “v24” (from 2013) to “v3.0” (2019), that’s not overly clear!
    • DDWRT has some pretty proprietary stuff; means they can support Broadcom
  • OpenWRT is a bit better known than pfSense
    • OpenWRT pretty attractive for a place like Hacklab
    • can run Ansible against it!
    • Specialized Ansible for OpenWRT
    • UCI commands (can be seen in the LUCI Web UI) generate configuration; you could use these commands yourself
    • Also consider using Ansible commands + Ansible templates
  • Probably worth looking into pfSense on slightly better hardware
  • Ubiquity edge routers are good for non-wifi contexts

1.7.1 Recommended OpenWRT Routers

1.8 CHUWI LarkBox