1 Notes from GTALUG Meeting 2020-07-14
1.1 Have you checked NTP recently? (Chris)
- Upgrading DDWRT on a DIR-632 showed off that ntp config had been broken for years
- Also router was pointing to DNS on a host that had been gone for years 🙂
- I always used to use
echo dmpeers | ntpdc
to check synchronization - That apparently stopped working, probably years ago
- The modern thing is the following:
root@karush:/var/log# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 0.debian.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 1.debian.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 2.debian.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 3.debian.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 LOCAL(1) .LOCL. 10 l 537 64 0 0.000 +0.000 0.000 nash.int.linuxd 44.190.6.254 3 s 25 64 1 0.464 -19.446 0.000 bellman.int.lin .XFAC. 16 s - 128 0 0.000 +0.000 0.000 time2.facebook. .FB... 1 u 119 64 2 271.399 +102.36 0.000 192.168.0.63 .XFAC. 16 s - 128 0 0.000 +0.000 0.000 hpaq.int.linuxd 45.79.13.206 3 s 54 64 1 0.283 -4.946 0.000 karush.int.linu .XFAC. 16 s - 128 0 0.000 +0.000 0.000 *ntp1.torix.ca .PTP0. 1 u 19 1024 3 48.489 -5.496 79.828 +68-69-221-61.nb .ROSS. 1 u 23 1024 3 138.782 +25.387 39.417 +ntp2.wiktel.com .GPS. 1 u 23 1024 3 72.396 -7.548 79.119 +montreal.ca.log 172.105.103.85 3 u 27 1024 3 112.404 +22.622 40.738 +208.67.72.50 128.227.205.3 2 u 24 1024 3 101.382 -9.729 95.870 +clock.sjc.he.ne .CDMA. 1 u 37 1024 3 106.625 -11.264 97.836 +ntp16.doctor.co 50.205.244.28 2 u 42 1024 3 133.717 +24.106 39.239 +time.cloudflare 10.14.8.68 3 u 42 1024 3 111.500 +22.664 38.322 +198.255.68.106 192.168.1.193 2 u 40 1024 3 117.507 -13.853 95.332 +strongbad.voice 200.98.196.212 2 u 43 1024 3 60.177 -8.618 78.205
1.1.1 (Bob B) Can anybody explain what all that stuff in the ntpq output means?
- Some answers can come from “official NTP”…
- lol RTFM!
- still, good question, I’m happy to read thru it……. no, you are correct….. that’s a great page!
- Chris did a “broad strokes” explanation of much of what was in there, which he hopes gives enough background that the deep detail of the “official” explanations aren’t as overwhelming.
Scott S pointed out – Info on REFID
1.2 (Bob B) What are people using for centralized authentication at home labs? Really don’t want AD.
- 389DS (Ldap)
- SSSD – System Security Services Daemon
- FreeIPA
- How about using Ansible scripts to deploy SSH keys?
1.3 (Scott S): Opensource Physical Resource management
- Room and Equipment bookings.
- Integrations, MQTT, API
- Hacklab needs this sort of thing from two perspectives:
- With COVID-19 still around, they’d like to be able to trace where people have been and where and what physical resources they have touched
- There is a need to arrange fair bookings for resources like 3D printers, as they now have some fairly reliable ones that will attract a lot of usage requests
- No real answers came up in discussion
- Later link added: List of Open Sourced Software for Resource Scheduling and Booking
1.4 Question: (cbbrowne) Has anyone been making use of the new-ish packaging systems?
- AppImage
- a packaging format
- Snappy
- Canonical sponsored central app repo
- Flatpak
- central app repo, but individuals may host too
In principle, these are supposed to make it easier to deploy applications where you want faster evolution than distributions offer. (E.g. – [https://wiki.debian.org/DebianReleases][Debian takes For-Ever to get new versions out…]])
- Nobody seemed to be too much a fan of this
- It was suggested that this concept was popular for developers that want to do their own thing, and that hate the idea of distribution makers renaming any of their stuff. This suggests a lack of appreciation for policy, which is why distribution makers do that sort of renaming…
1.5 Question: (cbbrowne) Anyone using mesh networks yet? (802.11s)
1.6 Question: (cbbrowne) anyone been playing with the modern terminal fonts that are emerging?
- Inconsolata
- Mononoki
- Ubunto Mono
- There are barrels more of these
- Some amount of trying to be kewl
- some amount of trying to be readable+distinguishable (0!=O) even in small font sizes
1.7 Security Question of the Month: Have you updated your router firmware lately?
- OpenWRT just had a new major version (v19) released in May
- DDWRT has per-device upgrades; how their versioning system is not especially clear
- Did an upgrade from “v24” (from 2013) to “v3.0” (2019), that’s not overly clear!
- DDWRT has some pretty proprietary stuff; means they can support Broadcom
- OpenWRT is a bit better known than pfSense
- OpenWRT pretty attractive for a place like Hacklab
- can run Ansible against it!
- Specialized Ansible for OpenWRT
- UCI commands (can be seen in the LUCI Web UI) generate configuration; you could use these commands yourself
- Also consider using Ansible commands + Ansible templates
- Probably worth looking into pfSense on slightly better hardware
- Ubiquity edge routers are good for non-wifi contexts
1.7.1 Recommended OpenWRT Routers
- Archer C7-1750
- Ubiquity Edge Router X er-X ka
- Turris Routers, running a vendor extended OpenWRT
1.8 CHUWI LarkBox
- On IndieGoGo
- Tiny, 6.1cmx6.1cmx4.3cm
- Celeron J4115
- 6GB RAM
- Intel Graphics, HDMI
- No ethernet 🙁
- $230 CAD
- Teardown video, some nice potential for repurposing into other form factors.
- Going a diffferent route, the Tiny/Mini./Micro PCs from the Major Vendors (Lenovo/HP/Dell)