Uncategorized

Now and then, heavily used systems may need to have their swap usage cycled (reset) to increase performance. There are many occasions where even though a system has enough RAM, there may still be a growing swap usage. The steps I outline here are safe to run on a production host to reduce swap usage and return swap contents to RAM.

Check current swap use:

[email protected]:~# free -m
              total        used        free      shared  buff/cache   available
Mem:           7800        4822         383           1        2594        2668
Swap:          4095         429        3666
[email protected]:~#

We can see here that about 430MB of swap is used even though there is plenty of RAM available. In this case, the system gets average consistent use and has been up for 206 days. We want to also see what the swappiness setting is currently set at and maybe reduce it:

[email protected]:~# cat /proc/sys/vm/swappiness
60
[email protected]:~#

[email protected]:~# sysctl vm.swappiness=20
vm.swappiness = 20
[email protected]:~# cat /proc/sys/vm/swappiness
20
[email protected]:~#

This new setting of 20 should help the system swap less often. We now want to force the system to move swap contents back to RAM where it belongs. To do that, we’ll turn swap off, and WAIT approx. 30 seconds, then turn swap back on:

[email protected]:~# swapoff -a
[email protected]:~# swapon -a
[email protected]:~# free -m
              total        used        free      shared  buff/cache   available
Mem:           7800        5295         143           2        2360        2194
Swap:          4095           0        4095
[email protected]:~#

We can now see that swap contents has been moved to RAM and that swap has reclaimed space. It should be easy to write a cron job to check swap usage and periodically do this when swap usage goes above an acceptable threshold.

Those plug-in smart switches that are uniquitous in the market are only good to 10 amps. (most of them) I had one on my dehumidifier project to control when the dehumidifier would turn on and off (by turning it completely off, we save energy and money on the electric bill). After a couple years of use, the “plug in” smart switch died, likely because the dehumidifier draws close to or beyond the current limit of the small relay in those switches. I looked around on the ‘Net and was hard pressed to find something that would handle higher currents. The unit is on a 20A circuit so I needed to be sure that whatever I used was rated to switch that much current. Most of the relays that are out there for “arduino” projects seem to also be limited to 10 amps as well. Boo!

I found a relay on Amazon that was capable of switching up to 30 amps! I’m thinking “this ought to last”, but I need to build a circuit that can energize a 12V DC coil. The ESP8266 module runs on 5 volts, and doesn’t put out nearly enough voltage and current to drive the coil. I needed to add a 12 volt modular switching power source, a 5 volt regulator for the ESP8266, and a MOSFET transistor pack (triggered by the GPIO pin on the ESP8266) to switch the 12 volt supply and send DC to energize the relay coil. Here’s what I used to build this industrial strength appliance smart switch:

Of course, it goes without saying, I installed the open source Tasmota software on the ESP8266 module! I then set pin D1 to drive the relay:

12 VDC buck switching supply:

120-240VAC IN – 12VDC OUT

Here’s a picture of the ESP8266, 5VDC buck regulator, and MOSFET module all wired up on a PCB. This is what gives the switch its smarts and allows the automation system to control it over MQTT/WiFi:

Here you can see the large relay. It is DPDT (double pole, double throw), has a 12V coil, and the switch contacts are rated for 30A @250VAC:

This is the entire smartswitch build finished:

All enclosed in a sealed IP67 rated enclosure. This design can be used outdoors!

And of course, with power applied (it passed the smoke test!):

ABSTRACT

A neighbor (looking at you Chad) recommended cloudflare for my website and I figured I’d try it out.  Doing so entailed changing my NS records on my domain at the registrar.  This effectively moved all my DNS zone for the domain over to cloudflare.  Awesome!  Getting the benefits of cloudflare, only thing is, I realized that my old bash script which kept my home network IP tied to a DNS host name now no longer works.  I needed to update it.   So I set out to rewrite the script and figured I’d share it here, hopefully to help someone else wanting to have a DDNS hostname for a dynamic IP at home.  Without further delay, here’s the script, all that is needed is to plug in the values for the variable, set it in a crontab, and done:

#!/bin/bash

time=$(/bin/date)
myip=$(/usr/bin/curl -X GET "ipinfo.io/ip")
# Populate with your own cloudflare specs
myZoneID   = ""
myRecordID = ""
myKey      = ""
hostname   = ""
email      = ""

curl -X PUT "https://api.cloudflare.com/client/v4/zones/$myZoneID/dns_records/$myRecordID" \
        -H "X-Auth-Email: $email" \
        -H "X-Auth-Key: $myKey" \
        -H "Content-Type: application/json" \
        --data '{"type":"A","name":"'$hostname'","content":"'$myip'","ttl":1,"proxied":false}'

echo "$time IP Updated to: $myip for $hostname" >> /var/log/DNS-UPDATE-$(date +"%Y-%m-%d").log

In addition to updating your DNS record, this also keeps logs of the changes to preserve a history of IP address changes.

There are many websites out there that will gladly take the details of your wifi network and in exchange for receiving those details, will generate an QR code that you can use to allow others easy access to your guest network, or business wifi. I strongly recommend against use of such sites as you can’t be sure they aren’t mining the data to build a repository of such information, and for what other purposes.

Instead, I used a freely available tool in Linux known as qrencode. Fortunately, qrencode is a simple program that you run locally on your linux machine (hell you could even roll up a linux VM to do this if you don’t have a machine with linux on it).

Installing qrencode in debian or ubuntu is as easy as:
sudo apt install qrencode

Once you have it installed, the format for generating the QR code is pretty straightforward:
qrencode -l H -t PNG -o qrwifi.png "WIFI:S:{SSID name of your network};T:{security type - WPA or WEP};P:{the network password};;"

So say your wifi name is “FBI VAN” with a password of “b0nehead” and has WPA encryption, your command to generate the QR would look like this:
qrencode -l H -t PNG -o qrwifi.png "WIFI:S:FBI VAN;T:WPA;P:b0nehead;;"

You would then see this QR code generated: (go ahead, scan it here!)

Once done, you have a nice QR code you can print and display for your guests. This makes it easy to get them connected, and they don’t have to worry about bothering anyone for the wifi password anymore. It’s a win on both sides.

ABSTRACT

So we recently moved to Northbridge (July 2020) and we were excited that (at the time) the NPS school district was not a GoGuardian customer.  Our family fought with our last school district in North Attleboro to stop deploying GoGuardian to our equipment at home for the reasons I documented back then.  The concept is simple:

  • MY house
  • MY home network
  • MY privately paid for internet
  • MY computers
  • MY electricity that was/is being paid for to run such an invasive application extension software

As a student/family privacy advocate, I believe the school should monitor it’s equipment and only on school grounds.  When it comes to family owned equipment used at home or anywhere off school campus, it should be HANDS OFF!  Students (and families) deserve a reasonable expectation of privacy in their own homes and on their own computers.

You should know that today (at the time of this writing) I telephoned the product team at GoGuardian, and asked them about their data collection and retention policies.  They refused to give me any information citing that I wasn’t their customer.   Tax dollars funded the acquisition and installation of this software in our schools, I think full disclosure is totally appropriate.

LATEST FINDINGS/HOW TO TELL IF YOUR SCHOOL IS WATCHING

So at home, it’s YOUR computer, and your child is logged in to process homework, or email a teacher.  How do you know your school is watching and recording all their browsing history?  Here’s how:

Ensure they are logged into their school account on chrome.  Once logged in, type this in the address bar:

chrome://extensions

You will see something like this showing GoGuardian is installed: (click for larger view)

 

Here you can see GoGuardian is installed and running on the browser.  ON YOUR COMPUTER!  Did you ever give your school system permission to install a monitoring agent on YOUR equipment?  No?  then you need to complain to the highest levels of administration up to and including your school committee.  They are hoping this goes unnoticed, but I bet if they held a public forum on it and went out asking for consent, that most people would decline when they fully understand that GoGuardian really does.  I’ll also note that it isn’t possible to remove this extension – the ability to remove it is managed by the school district’s Google Apps domain policy.

You can see here the permissions given to the GoGuardian browser extension – it’s disturbing:

Here’s a snapshot of the DNS queries I saw in our logs just after doing a test search for illicit materials on our machine: (click for larger image)

 

That right there friends, is GoGuardian “phoning home” on what I just did.  (in this case web browsing history and searching) was sent to GoGuardian, and whatever I did is now visible to school officials.  There are real ramifications to this kind of tracking (which I will not go into here) but simply put, you should contact your school system and demand removal of this invasive browser extension from running in your home.  Here’s a brief use case/reasons why:

  • when the equipment and network the application/extension is running on does not belong to NPS
  • students need to have a perceived sense of privacy within their own home and on family owned equipment.
  • on shared family owned equipment, the data collection could violate the privacy of any person who uses that equipment and unknowingly is operating within a chrome browser logged into that account.  People seldom check to see who chrome is logged in as – they just open a window and go online.
  • This also has the potential to implicate the “tracked” student in other people’s internet activity unfairly, on privately owned (but possibly shared) equipment.

Also the EFF (Electronic Frontier Foundation) has released an extensive study into the privacy matters and even legality of off-campus school surveillance.

SIGN THE PETITION TO REMOVE GOGUARDIAN FROM SCHOOLS

You can sign the petition here (I did): https://www.change.org/p/goguardian-ban-goguardian-in-schools-across-the-globe

HOW CAN MY SCHOOL MAKE THIS RIGHT?

Simple.  All the technology department needs to do is work with GoGuardian to prevent it’s extension from being deployed on non-school owned assets:

  • Work with GoGuardian to come up with a way to better control extension deployment by confining it to the following:
  • Define a Google Apps OU just for school-owned assets
  • Put all school-owned assets in that OU
  • Push GoGuardian policies to ONLY that OU containing school owned assets.

UPDATE 9/24

I spoke with Director Tiago Vital and Superintendent McKinstry today about the privacy concerns with the GoGuardian extension running on privately owned equipment.  Here are the key points:

  • McKinstry agrees that this extension running on “private property” is a bit concerning, wants to find a solution to exclude private computing equipment where possible.
  • Director Vital has actually looked into fixating GoGuardian to specific OUs within the NPS GApps domain, but mentioned it doesn’t appear that GoGuardian currently honors this in it’s current version.
  • Both Director Vital and Superintendent McKinstry agreed that a joint conference to discuss directly with GoGuardian, ways of excluding private equipment from the product deployment scope is desired and have invited me to join the call to present the concern from a parent’s point of view.
  • Time and date of such call is yet to be determined.

I will provide additional updates as they become available.

UPDATE 9/27

I got an email back from Director Vital which makes it clear GoGuardian does not wish to hear from/or involve in discussion, parents.  Here’s what the email said (and my response) click for larger view:

It should be noted that the claim of the extensions on non-chromebook devices are inaccurate.  Our family computer is a Linux (Ubuntu 20.04) machine running Chrome browser.  You can see from the screenshots above from that computer, that the extension was present and alive.  A test search for porn caused several DNS queries for goguardian servers to immediately show, indicating that the computer was talking to and sending data to GoGuardian.  This computer is private property, and we don’t consent to the residency of this executable extension (and code) belonging to GoGuardian, running on our private property (computer) in our home.

Since I learned that GoGuardian will not talk to parents – I went to my local police department (Northbridge Police) and filed a police report. (I’ll copy any developments herein as they happen)  I intend to fully pursue the legality of a school system and/or company placing executable monitoring agents in people’s homes on privately owned equipment.  I need parents to join this effort to preserve the expectation of privacy in our homes.  I also believe there are serious 4th amendment violations at work here.

UPDATE 9/30

I’ve kept an eye on our machine over the last couple days and there has no longer been any GoGuardian traffic.  The extensions also appear to be missing from Chrome now.  I suspect that the school has removed this extension somehow from being deployed to our equipment when the kids log on – THANK YOU!   I do ask that parents use this guide to check and verify if the GoGuardian extensions have disappeared from their chrome browsers also.  Please follow the steps above and please feel free to comment below.   NOTE: I believe this removal is only for PRIVATE at home equipment.  If your child is using school issued equipment at home or on campus, I believe you will still see this extension in use.   Please remember that the focus of this cause, is ONLY for removal of the goguardian extension from PRIVATE equipment used OFF CAMPUS.

D-Spot use overseas in hotel

One of several of my international trips (Adelaide, Australia) where I setup D-Spot tethered by USB to my iPad mini (t-mobile with unlimited international roaming @ edge speeds).  Since D-Star requires very little bandwidth, edge speeds were perfect and D-Spot performed awesomely.  Here you can see D-Spot and the iPad mini sitting in the window.  The following LEDs are lit:

  • Network ‘OK’ status (amber)
  • MMDVMHost ‘OK’ (blue)
  • DV Gateway ‘OK’ (red)

(click for larger view)

IMG_1060

You can see a video demo and buy D-Spot direct on this website!  D-Spot is $435.00

BUT WAIT!  What about the range performance?  Here’s how this D-Spot did from the window of the hotel when I was out on the town on foot, almost a MILE away from the hotel on the far left! (click for larger view)d-spot-track

D-Spot Testimonials

From Nick, KE6CZD

“Also, the 12v R/C batteries have been performing great….   I took my D-Spot with me today to a Ice Hockey game.  Deal is, NO RECEPTION ever inside this building.  Not even cell service.  So I parked my car outside and had great access to my favorite reflectors…”

From Patrick, KA1RB

“D-SPOT arrived last night and is on the air this morning! Great job putting it all together like that.

So far I have been using it with a direct link to my TP-link AC1750 with good success – good audio report and great range. Later today I’ll test the iPhone link to see how that works mobile.

Thanks again for a great product.”