Welcome to madhatt.com

A Simple website from a computer geek in Colorado with dreams of moving to Alaska

My Travels Photo Gallery

My simple little setup at home

Here is a quick explanation of the setup I use at home to provide free WiFi to my neighbors.

I wanted to do something with the internet I pay for.  I have a business class connection and have more bandwidth then I use so I decided to provide free WiFi for my neighbors.

 

This is done with a few 2.4 Ghz radios, some open source software, and a little determination!

The Radios

I am using two Engenius 2611P Radios.

 

The First Radio is running Stock firmware and is used to wireless bridge my connection to one of my neighbors who lives outside the range of the other radio.  This shoots the "internet" over to his house in a secured fashion.

The other radio is running custom ROBIN firmware.  This firmware interacts with my wireless hotspot server which is used to authenticate and regulate the users of the system.

A user can access the system, create a user account and log on with very little hassle.  Of course certain website categories are not allowed to make sure nobody watches kiddy porn or something.

15 dB Omni Directional antenna.

I purchased this antenna off of eBay.  It runs about $80.  I works really well and hopefully will continue to do so.  The damn thing is almost six feet tall!

 

 

A simple Trixbox "Asterisk" backup script

Below are my instructions for a simple manual failover solution for Trixbox.

We use two servers at our company.  


Overall notes:  for this script to work well you should follow THESE instructions to set up SSH with no password.

You may find that some commands are wrapped on the screen, it should be easy to find these lines, just make sure you coorect them if you copy paste.


 

Primary Server - IP - 10.20.0.5 -  2 NICs one is public facing allowing for remote connections.

Backup Server - IP - 10.20.0.4 - Duplicate of main server, Same model of server

 

First the Primary Server.

Every Hour the server will run the following backup script.  the script will backup the following.

  • ETC and VAR folders - These are straight copied to the backup server with the exception of the /etc/sysconfig folder.  We do not directly back this up because if we did the backup server would assume the same IP addresses, thus breaking the Primary Server
  • MySQL tables - These are backed up to the backup server under the /tmp/mysqlbackups folder,  you will need to create this folder.
  • It will then invoke a script sitting on the backup server which will restore the MySQL databases on the backup server that were just copied over.
  • It will then copy the /etc/sysconfig folder contents to the backup server under the /network-repair-info/ folder



#!/bin/sh

#it is designed to keep two Trixbox servers synced for a soft failover

#Backup /etc folder
rsync -avz --delete --exclude 'sysconfig' /etc/ This email address is being protected from spambots. You need JavaScript enabled to view it..0.4:/etc/
echo etc done
sleep 1

#Backup /var folder
rsync -avz --delete --exclude 'log' /var/ This email address is being protected from spambots. You need JavaScript enabled to view it..0.4:/var/
echo var done
sleep 1

#backup mysql tables
mysqldump -u root -ppassw0rd information_schema > /tmp/mysqlbackups/information_schema.sql
mysqldump -u root -ppassw0rd asterisk > /tmp/mysqlbackups/asterisk.sql
mysqldump -u root -ppassw0rd asteriskcdrdb > /tmp/mysqlbackups/asteriskcdrdb.sql
mysqldump -u root -ppassw0rd asteriskrealtime > /tmp/mysqlbackups/asteriskrealtime.sql
mysqldump -u root -ppassw0rd endpoints > /tmp/mysqlbackups/endpoints.sql
mysqldump -u root -ppassw0rd meetme > /tmp/mysqlbackups/meetme.sql
mysqldump -u root -ppassw0rd mysql > /tmp/mysqlbackups/mysql.sql
echo all databases extracted
sleep 1

#Backup /tmp/mysqlbackups/ folder
rsync -avz --delete /tmp/mysqlbackups/ This email address is being protected from spambots. You need JavaScript enabled to view it..0.4:/tmp/mysqlbackups/

echo databases synced
sleep 1

#delete /tmp/mysqlbackups/ files
rm -rvf /tmp/mysqlbackups/*
echo old databases deleted
sleep 1

#run mysql restore command on slave server
ssh This email address is being protected from spambots. You need JavaScript enabled to view it..0.4 '/restoremysql'
echo restore of mysql is complete.
echo all done

#backup sysconfig folder
ssh This email address is being protected from spambots. You need JavaScript enabled to view it..0.4 'rm -rvf /network-repair-info/*'
rsync -avz --delete /etc/sysconfig/ This email address is being protected from spambots. You need JavaScript enabled to view it..0.4:/network-repair-info/


Now the Backup Server

The backup server has two scripts on it.

  • Restoremysql - this script is run every hour as part of the primary backup script it will restore the MySQL databases that were copied from the primary server.
  • Restore_Server - This script is run only in the event that you need to bring the backup server up as the main.

Restoremysql Script

 




#!/bin/sh

#this script will restore the mysql databases backed up from the main server

mysql -u root -ppassw0rd asterisk < /tmp/mysqlbackups/asterisk.sql
mysql -u root -ppassw0rd information_schema < /tmp/mysqlbackups/information_schema.sql
mysql -u root -ppassw0rd asteriskcdrdb < /tmp/mysqlbackups/asteriskcdrdb.sql
mysql -u root -ppassw0rd asteriskrealtime < /tmp/mysqlbackups/asteriskrealtime.sql
mysql -u root -ppassw0rd endpoints < /tmp/mysqlbackups/endpoints.sql
mysql -u root -ppassw0rd meetme < /tmp/mysqlbackups/meetme.sql
mysql -u root -ppassw0rd mysql < /tmp/mysqlbackups/mysql.sql

Restore_Server

This script is still under construction.  It's goal is to promote the backup server in the case that the primary fails.

 




#!/bin/sh

#This script will bring this server up as the main server
#Amportal is not set to start on boot so replace the rc.local file so that it will start on boot
mv /etc/rc.d/rc.local.backup /etc/rc.d/rc.local

#A iptables line has been added to restrict access to the SIP provider to block registration
#this command blocks all traffic help with registration when /sbin/iptables -A OUTPUT -s 64.197.13.6 -j DROP
#The below command will unblock the SIP Provider IP
/sbin/iptables -D OUTPUT -s 64.197.13.6 -j DROP

#now make a backup of the current sysconfig settings
tar -cvf /sysconfigbeforebackup.tar /etc/sysconfig/*

#now remove all old sysconf info
rm -rvf /etc/sysconfig/*

#copy current sysconfig info
cp -r /network-repair-info/* /etc/sysconfig/
#restart server
reboot

And that is it for now.  if you see any problems or better ways to do it please leave a comment for all to see!

Best Thank You Letter Ever!

So I helped a lady the other day change her flat.  It ended up being a 3 hour ordeal with taking her to the tire shop to get it fixed but she was such a nice lady.

My mother always taught me to help others without accepting anything in return but I have to admit I was very pleasantly surprised  with I got home and found 2 bottles of wine "which we talked about during the tire fixing ordeal" and the below letter.  She was such a nice lady!!

 

 

Busy Times...

It has been very busy as of late around here!  I haven't been able to post anything but have been really busy with the wifi business.  Got the whole project networked but are now refining the system as it's our first.

 

Anyway, I'll find something to post in the next few days so my website doesn't seem so stagnent.

Mesh Network: 21 Nodes, Downtown Coverage

This project is my first. (still in deployment)

 

Objective:

Providing mesh wireless to a downtown district in a tourist heavy town.

 

Budget:

Minimal - all wireless radios are leased to the customer to cost is major factor

 

Plan of attack:

Deploy a central internet gateway protected with content filter, intrusion detection, and other common firewall features.  From this central location the mesh radios will pass the internet along each leg of the network.  While this does not offer much redundancy it is a cheaper way to go!  My original design called for 22 nodes but after starting to deploy them I learned quickly that the radios lost too much speed as the signal passed through the network.  This was corrected by the addition of several backhaul radios that in effect create multiple gateways in the network.

 

This is a complete overview of the network.  Each dark green node is a gateway (or backhaul)  each light green dot is a node radio.  I use the radios in a zig-zag pattern when possible to bounce the signal down the street.

 

View of a backhaul / Mesh Node sitting on a roof. This will be hard mounted before the winter to protect against theft.

 

Temporary proof of concept mounting pole.  Simple concrete filled 5 gallon bucket.  I originally placed a Styrofoam block in the bottom of the bucket and then filled it with concrete.  The idea was to create a weather proof void in the bucket.  It worked great!  it was just too small so I had to use external enclosure.

 

Simple design but seems to be very effective!

 

Picture of the mesh radio I use with the modified antenna on it.  These little units are of a smart design.  I hope they last for a long time!

 

Good Video about the Abuse of the TSA

Below is embedded a video of the TSA over reaching there own rules.  This is what is wrong with America.  We have become a nation of pussies who allow our government to 

  • Check our IDs for interstate travel
  • View us in a naked state
  • Touch our private areas.

I'm sorry if anyone who reads this feels that these steps are necessary to protect our skies.  If you believe this then I feel sorry that you do not have the ability to understand what is going on here.

 

Our government takes our rights away in such small chunks... and there always to enhance our "security"

 

Terrorist is define partially as - A person who terrorizes or frightens others.

The US Government is the real Terrorist. - I am afraid of what you will do next.  

  • You fund a agency that humiliate and intimidate your own population for no reason.
  • You fund a agency that lies to your citizens.
  • You fund a agency where you know the head of that agency PERSONALLY profits from the sale of the equipment used to violate our constitutional rights.
  • You do not listen to the thousands of complaints from your citizens telling you how unjust the TSA is.
  • You ignore the scores of videos on the internet depicting the Gestapo like tactics the TSA employ

 

But they are only have the problem...  the other half is you America!  American's have become so complacent with our lack of freedoms.

  • We allow almost any new law to come into affect so long as that law "protects us" from someone
  • We bow our heads and say "yes" when asked to be photographed "nude", or have our private parts touched by a stranger.
  • We are scared, helpless children waiting for our authority figures to tell us what is acceptable.
  • We gladly support the TSA with our votes.
  • We are scared to revolt, as to do so is "terrorism"

It's time for American's to revolt for what is right...  We are a nation who's rights and privileges are decreasing daily.  Our founding fathers would be so ashamed of what we've become.

 

Mt Belford - July 2011 - 14,193 ft

 

Over the July 4 weekend Sam I climbed Mt. Belford.  This 14,193 foot mountain really was a fun one to climb.

We were saddened by the news that two other hikers died less than 1 mile from we were camping.  Lighting is a bitch!

Other than that we were lucky to have great weather and no rain.

 

HERE is a link to the photo gallery

 

And here are a few pictures for your viewing pleasure.

Trail Sign with Mt. Belford in the background. View from the corner of one of the switchbacks on the mountain... there were over 25 of them!
Me on the Summit A Picture from Sam,  The best view in town!

 

funny website a friend showed me

 

http://kennethnash.site11.com/  -- Kenneth Nash Sr. website.

 

This site shows why you ALWAYS clear your phone before selling it.

Easy Unix Script to take time lapse pictures

It's no surprise that I'm a big fan of Alaska,

So I have a page on my website HERE where you can see my favorite webcams in Alaska.  Last night I thought it would be cool to take images every hour of all my webcams then in a few months to a year I'll be able to create a cool time lapse video of all my webcams.

So I wrote the following script.  You could also add a sleep function between each curl command to not download a ton of data in a short time.

This script works on Linux,  Unix users will need to use Curl no wget

There may be a better way to do this script, if so let me know!

Step 1 - create a text file with all of the webcams in it.

my /webcams.txt file



http://www.borealisbroadband.net/DTN/dtnsemega.jpg
http://www.borealisbroadband.net/DTN/dtnnwmega.jpg
http://www.borealisbroadband.net/townsquare/townsquaremega.jpg
http://www.borealisbroadband.net/hilton/hilton1mega.jpg
http://www.borealisbroadband.net/sheraton/sheraton1mega.jpg
http://www.borealisbroadband.net/glennweb/glennws-mega.jpg
http://www.borealisbroadband.net/potterws/potterwsmega.jpg
http://www.borealisbroadband.net/lakeotistudor/lakeotistudormega.jpg
http://www.borealisbroadband.net/mcgrath/mcgrath1mega.jpg
http://www.borealisbroadband.net/mcgrath/mcgrath3mega.jpg
http://cam.majormarine.com/cam/cam00.jpg
http://www.kenaifjords.com/images/webcam/KFT_netcam_mp.jpg
http://www.hallobay.com/images/Homer_Activities/Homer_cam.jpg
http://www.talkeetnaair.com/netcam.jpg

After you have created your text file you can write the following script to make use of it.




#!/bin/bash

#script to run every day  to capture images from alaska

#sleep for 15 seconds to give time for all cameras to get updated
sleep 15

#delete any jpgs that might be lingering around
rm /tmp/*.jpg

# Set the Date
today=$(date +%Y%m%d)
time=$(date +"%T")

#move to temp directory
cd /tmp

#run wget 
wget --limit-rate=800k --tries=10 -i /webcams.txt

#Anchorage 1
mv ./dtnsemega.jpg /var/www/madhatt.com/Pages/timelapse//anchorage1/$today$time.jpg
echo "anchorage 1 done"

#Anchorage 2
mv ./dtnnwmega.jpg /var/www/madhatt.com/Pages/timelapse//anchorage2/$today$time.jpg
echo "Anhroage 2 Done"

#Anchorage 3
mv ./townsquaremega.jpg /var/www/madhatt.com/Pages/timelapse//anchorage3/$today$time.jpg
echo "Anchorage 3 Done"

#Anchorage 4
mv ./hilton1mega.jpg /var/www/madhatt.com/Pages/timelapse//anchorage4/$today$time.jpg
echo "Anchorage 4 Done"

#Anchorage 5
mv ./sheraton1mega.jpg /var/www/madhatt.com/Pages/timelapse//anchorage5/$today$time.jpg
echo "Anchorage 5 Done"

#Anchorage 6
mv ./glennws-mega.jpg /var/www/madhatt.com/Pages/timelapse//anchorage6/$today$time.jpg
echo "Anchorage 6 Done"

#Anchorage 7
mv ./potterwsmega.jpg /var/www/madhatt.com/Pages/timelapse//anchorage7/$today$time.jpg
echo "Anchorage 7 Done"

#Anchorage 8
mv ./lakeotistudormega.jpg /var/www/madhatt.com/Pages/timelapse//anchorage8/$today$time.jpg
echo "Anchorage 8 Done"

#Mcgrath1
mv ./mcgrath1mega.jpg /var/www/madhatt.com/Pages/timelapse//mcgrath1/$today$time.jpg
echo "Mcgrath 1 Done"

#Mcgrath3
mv ./mcgrath3mega.jpg /var/www/madhatt.com/Pages/timelapse//mcgrath3/$today$time.jpg
echo "Mcgrath 3 Done"

#Seward1
mv ./cam00.jpg /var/www/madhatt.com/Pages/timelapse//seward1/$today$time.jpg
echo "Seward 1 done"

#Seward2
mv ./KFT_netcam_mp.jpg /var/www/madhatt.com/Pages/timelapse//seward2/$today$time.jpg
echo "Seward 2 Done"

#Homer
mv ./Homer_cam.jpg /var/www/madhatt.com/Pages/timelapse//homer/$today$time.jpg
echo "Homer Done"

#talkeetna
mv ./netcam.jpg /var/www/madhatt.com/Pages/timelapse//talkeetna/$today$time.jpg
echo "talkeetna Done"
 
 
I then used the following Crontab Job to run this script every hour (except 11pm-4am)
 

0 5-22 * * * /take_timelapse_picture

I have this script running on my Ubuntu web server.  If you would like to view these images as they come in you can go to the following address: madhatt.com/Pages/timelapse/

 

UPDATE --

So, since I posted this I made one small but very important change.

 

I've set up the script to run through TOR.  For those of you not in the know this is a web anonymizing program.  I set up the script to run through it so over time no logs show a large amount of traffic from one IP.  This way each time the script goes out to grab the pictures it presents itself as a new IP address.

Non-smoking continues.

 

So,

 

It's getting easier every day.  Now I think I've kicked the habit.  I rarely crave a cigarette.  I really only crave one every Monday and Friday after I work out. I don't know what it is about physical exercise, but it makes me want a cigarette like nothing else.

One night after workout I broke down and bought a pack of smokes.  I smoke most of one on the way home then tried to leave them in the truck for the "every once in a while craving"  but I noticed all I could do is think about what I needed to do to get another ciggy.  So the next morning I threw them away.

It's mean to say but I'm starting to hate smokers...  I work with quite a few of them and here are some of the things I notice now.

 

  1. People smoke like 30 ciggys a day!  I see the fat unhealthy women I work with run out side ever 1-2 hours to puff on another one.  Since I've quite I notice I get a lot more work done now
  2. I work with this one guy who I swear blows his puff out on the way into the office.  It's so bad I have to hold my breathe or ask him to stand a few feet away when he talks to me.
  3. People LOVE to smoke right outside the exit door to our company.  This of course lets a ton of smoke back into the building and I have to sit there and smell it...  I've asked the operations person at work to do something about it but as a smoker she doesn't see it to be a issue. 
  4. Standing behind people in the convince store who are looking for the best deal on ciggys.  They want one that tastes good but at the same time is sub $5

 

Cool little script to kill page calls

This is a copy of a forum post I made to show how to kill calls that get transferred into the page system of Asterisk 1.6 and higher.

Here is the finished dial plan I used.
 
It seems to only work in Asterisk 1.6 or higher.
 
The second line will execute a Shell command that reads the core channels, look for the channel that matches 60@ (in our system you dial 'or transfer to' extension 60 to page)
The third line hangs up on the channel which in turn will hangup on all of the other channels in the page
 

exten => *70,1,Answer

exten => *70,n,Set(CHAN=${SHELL(asterisk -rx "core show channels" | awk '/60@/ {print $1}' | tr -d '\n')}) 

exten => *70,n,SoftHangup(${CHAN})

exten => *70,n,hangup()
 
 
In our system it works almost instantly and we give out the *70 number to managers so they know how to kill pages when I'm not there.
 
It may seem like a simple script to many but I'm happy that I found the awk command!

Quick little Automator script for a SSH tunnel (Socks Proxy)

 

check out this little automator script I did.

Imagine you just opened your laptop at the airport and you want to encrypt all your traffic quickly and easily.  Just set this little scrip up and you'll be able to quickly and easily encrypt all your computers traffic with just a double click.

REQUIREMENTS: public SSH server you have access to

Steps.

  1. Set up ssh connections with no passwords using this simple and fast guide.
  2. Download this Automator script
  3. Change the setting within the script as explained in the download.

 

And that's it, up and running in about 3 minutes.

Asterisk Server under Attack (Hacked)

 

I have a client who is using Asterisk.

30 or so extension

Open to the public, yes on port 5060

Passwords for ALL extensions is a minimum of 32 characters, including UPPER lower case, punctuation, and symbols.

From the graph below you can see that the CPU spiked for about 4 hours. this was due to Asterisk processing thousands of registration attempts per minutes from this hacker.

The next graph is the throughput on the public network card.  The first thing you see is normal traffic for thursday, this is how it normally looks.  Next you see an anomaly starting Friday morning.  This lasted about 4-5 hours.

 

While our server was never in danger of being hacked as the passwords for the extensions are so very long it does cause issues with latency, and choppiness in audio. 

As per my usual routine I check on the servers mid day and noticed this traffic.  I then logged into the server and found as expected, thousands upon thousands of registration attempts.  This causes both high CPU and high throughput because Asterisk has to evaluate and reject each registration attempt.

So, I knew what was going on but just in case I thought I would look at the asterisk logs and low and behold this is what I found, just thousands and thousands of lines of it...

 


[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found
 
So what did I do to fix it?   Well, I'm kinda of embarrassed because I originally installed fail2ban intrusion detection software on the server but had it pointing to the wrong log file.  Once I edited my jail.conf file and pointed it to the right log file I knew I had fixed the problem.
 

 

 

So I went back to the command prompt and restarted fail2ban...  within 2 seconds I saw the server send an email to me stating that the hackers IP had been blocked...

 

Gotta love Fail2Ban... Just remember to point it to the right log file and test, test, test before deployment!

Just over a month to go!

 Just over 1 month and then were headed to Alaska!

 

Today is a good day to as My lovely lady and I will be closing on our home in about 30 minutes.

 

It's a good day all around...