Packaging

| categories: usb, ups, linux | View Comments

A few posts ago I described the proof of concept for making my Tripplite UPS work despite the braindamage in the USB interface. Well, that UPS is even more expensive now, because to avoid having to redo all those hacks on a major OS update, you have to package the code. This means wrapping up all the little configs and scripts and other packages that also need to be installed, so that installing the package does all or almost all of the work for you.

I was also reminded of the importance of proper licensing. My original hack was based on hubpower, which has no license. This means I would have to contact the author and ask for written permission in order to distribute his code (or a compiled version). So for my package to be public, I had to adjust it to use hub-ctrl, which includes the written permission along with the code. This is a necessary feature of open source code if you expect anyone else to build on it. No one is going to take the time to contact you to get written permission.

So, after some more debugging with the new component, and some packaging, I have a mostly working version of trippfix. I still haven't figured out how to disable hald-addon-hid-ups in the package. I have to manually kill it when rebooting. I do have a hal policy file, but it doesn't work. Hal goes away in EL7 (having been assimilated into the borg...I mean systemd), so it is not worth spending too much time on it.

Read and Post Comments

Let's Encrypt

| categories: web, https | View Comments

Let's Encrypt is a new Certificate Authority: It’s free, automated, and open. More importantly, the ACME protocol it uses to completely automate the process is open, so that other free / low cost CAs can be created.

The recommended ACME client, certbot, is huge, requires root access to your server, monkeys with your config files, and is generally Not For Me™. I created a convenient package for Fedora and RedHat linux based on ACME Tiny. You put your Certificate Requests into /var/lib/acme/csr, and acme-tiny takes care of registering and renewing the certs, which appear in /var/lib/acme/certs, which you can then point your web server at.

I still trust my own CA more, but the letsencrypt certificates are recognized by browsers by default - which is great for a public website like this one.

Read and Post Comments

Job the Sheltered

| categories: bible, climatechange, adversity | View Comments

Most people think of Job as someone who endured unusual suffering, yet remained faithful to God. I will argue that Job was someone sheltered from the suffering happening all around him, who then experienced that suffering for himself.

Job's Residence

In Genesis 10:23 we find that Uz descended from Shem through Aram. Job lived in the land established by Uz. (Job 1:1)

The Family and Times of Job

The Hebrews are descended from their namesake, Eber (Genesis 10:24). Eber had two sons, Peleg and Joktan. Peleg was named after the dividing of the earth. (Note, you can deduce quite a bit about the early history of mankind from the names of the kids). This could refer to the dividing of the people following the tower of Babel, as Nimrod was the same generation as Eber. But it could also mean that continental drift was much more recent and rapid than modern geologists believe. Since they are wrong about Noah's flood, they are likely wrong about the drift also. Although not necessarily - there was also the flood of Genesis 1:2 (or 1:9 if you don't believe 1:2 refers to water), which is not dated.

Climate Change

Jobab, or Job, was the nephew of Peleg, and the book of Job is full of references to the rapid changes in the earth, including Tsunami's (Job 12:15, 7:12), Vulcanism (18:15), Violent winds (1:19,27:20-21), Rapid Climate Change (6:15-18,38:29-30), Earthquakes (9:5-6) rapidly decreasing lifespans (8:8-9).

Was Job the nephew of Peleg the Job of "Job"? There is much debate, but we can place when the Job of "Job" lived thanks to the decreasing lifespans after the flood. Job lived 248 years, similar to sons of Peleg. If Peleg's nephew was not the Job, he was a least a contemporary of Reu - and so the point is moot for my argument. Job lived around 1787 AM1, a little over 100 years after the flood.

History or Fiction

Note that many people, including C.S. Lewis, consider the book of Job to be a work of fiction (I don't). It is quite obviously written as a stylized play, and real people do not talk like the characters of Job. However, a play can still be about real people. Even if the characters are fictional and the dialog is stylized, the play is set in a time period - and the imagery of the play is taken from the setting.

In general, much of the imagery of Job describes the aftershocks of the upheaval that exposed the earths mantel to release its water to flood the earth. The earths mantel today has enough water dissolved in ringwoodite (under tremendous pressure underground) to fill the oceans at least 3 times. When ringwoodite is brought to the surface, the water escapes as steam. Large amounts of steam would, of course, condense as rain.

Widespread Natural Disaster

Thanks to these unheavals (which may include rapid continental drift), the people of Job's time were constantly threatened by natural disaster. For instance, Tsunamis were a constant threat, so that a 24hr watch had to be kept on the sea. (Job 7:12) Far from being unusual, Job's disasters were actually quite common. Many were losing everything to winds, earthquakes, volcanic eruptions, climate change. And just as the Vikings began raiding and pillaging when climate change destroyed their farms, so many in Job's time resorted to the same. (Job 1:15) Others were reduced to living in caves, and Job despised them. (Job 30) Disaster was falling on the righteous and the wicked alike. (Ecclesiastes 9:3)

What was unusual, was how Job remained unscathed by all this. The reason is given in Job 1:10 - he had special protection. Satan's accusation was based on truth (as is every effective lie): Job lived a sheltered life. So in Job 1:12, God lifts his hand of protection.


  1. Anno Mundi - "In the year of the world" 

Read and Post Comments

Standards Schmandards

| categories: usb, ups, linux | View Comments

The Good News

As part of upgrading my home data center to better serve Spanish House Ministries, I bought a new UPS unit with longer runtime and AVR. The good news is that the new Tripp Lite has a 50 minute runtime at 18% load (versus 35 minutes with my old APC 1500). It also has robust AVR (Active Voltage Regulation) that is confirmed to compensate for switchover to generator power.

The Bad News

The bad news is that they totally screwed up the USB port needed for the server to monitor the UPS. It locks up every few days, and even resetting the hub controller does not reset it - it ignores the reset and address assignment requests from the hub, i.e. it does not implement the mandatory reset feature of the USB 2.0 standard. Reviews indicate that even their proprietary Windows software is stymied by this defect, but Windows users accept it as par for the course, naturally. (Windows users have trouble distinguishing between hardware and software problems.)

Industry Standards to the Rescue

It can be reset by removing and reinserting the USB cable, however. So, since the USB 2.0 standard mandates that all hubs implement port power control (either individually, or at a minimum, turning off all ports on the hub), I can just power cycle the port. In the worst case, with a cheap hub, I might have to dedicate a hub to the UPS if nothing else could be turned off. Here are the relevant paragraphs from the USB 2.0 specification:

Optional Per Port Power Switching (PPPS)

Self-powered hubs may have power switches that control delivery of power downstream facing ports but it is not required. Bus-powered hubs are required to have power switches. A hub with power switches can switch power to all ports as a group/gang, to each port individually, or have an arbitrary number of gangs of one or more ports. A hub indicates whether or not it supports power switching by the setting of the Logical Power Switching Mode field in wHubCharacteristics. If a hub supports per-port power switching, then the power to a port is turned on when a SetPortFeature(PORT_POWER) request is received for the port. Port power is turned off when the port is in the Powered-off or Not Configured states. If a hub supports ganged power switching, then the power to all ports in a gang is turned on when any port in a gang receives a SetPortFeature(PORT_POWER) request. The power to a gang is not turned off unless all ports in a gang are in the Powered-off or Not Configured states.

Mandatory All Ports Off State

Although a self-powered hub is not required to implement power switching, the hub must support the Powered-off state for all ports. Additionally, the hub must implement the PortPwrCtrlMask (all bits set to 1B) even though the hub has no power switches that can be controlled by the USB System Software.

The Sad Reality

While most USB microcontrollers used in hubs properly implement one or both of these options (controlled by configuration pins), unfortunately, it seems that nearly all actual USB hubs in a box on the market ignore this mandatory feature, and just hardwire Vcc on all ports to 5V.

The Workaround

A few enterprising hardware hackers have fixed this with a soldering iron, but that was beyond the level of "enjoyable challenge" in getting this already ridiculously expensive (given my time spent) UPS to work. So I found a list of working hubs, and bought a Linksys USB2HUB4. I hooked it up just now and tested it. Woo Hoo! I can turn the LED lamp plugged into a port off and on! Now to wait for the USB port on the UPS to fail again and verify that a power cycle resets it. Assuming that works, I just need to add a hook to the NUT software on the server to power cycle the port whenever the UPS drops off the USB bus.

Read and Post Comments

Fedora CJDNS package accepted

| categories: mesh, linux | View Comments

One of my spare time projects for the last few months has been getting my Fedora package for CJDNS accepted. Today, it was approved.

CJDNS history

CJDNS was originally a project to address the increasing government censorship through DNS. The goal was to create a decentralized DNS replacement. DNS is a hard problem, because the government authorities also address legitimate issues like squatters on trademarked domains1.

As part of the infrastructure for CJDNS, CJD created an end-to-end IP6 vpn with cryptographic address allocation. This protects against spoofing of IPs, and Man-in-the-middle attacks. CJDs DNS solution was problematic, but the IP6 VPN was simple and elegant, and has taken off. All that is to explain why an IP6 VPN is named CJDNS when it has nothing to do with DNS. There have, of course, been efforts to rename the project, but none have gained much traction.

CJDNS addresses

A CJDNS node creates an elliptic curve public/private key pair. The truncated SHA-512 hash of the public key forms the IP6 address. To allow interoperation with the IANA internet, only IPs in the FC00::/8 net are used. FC00::/7 is reserved by IANA for private address spaces.

Source routing

The CJDNS protocol is source routed. This makes experimenting with new routing algorithms much easier, as other nodes don't need to know about your new algorithm. They just follow the route instructions provided by the source node, and send back an error packet if there is a problem (a peer no longer exists, for instance). I've been working on electric routing.


  1. In my opinion, the DNS censorship problem has been adequately addressed with namecoin. Namecoin domains typically point to traditional DNS servers. I've proposed an extension to namecoin that attempts to provide a decentralized replacement for traditional DNS servers. 

Read and Post Comments

« Previous Page -- Next Page »