Post

Hailey's Personal Blog bout Things

Last update:

On The Limitations of Satellite Based Internets.

At the moment I install satellite based internets into peoples houses. Half the time it is someone who really needs it gets it, but a lot of people haphazardly buy satellite internet based on what a sales person on the phone sold them. Sometimes attempting to bundle packages for a discount. (Hint: There isn’t a discount if you shop around.) So I will go over in a simple and quick (Belive me, there is a lot more to this subject than I cover) review of things that some people expect to be able to do with their internet. There are a few tasks people who come from unmetered bandwidth will encounter. I will list some limitations in the order that people seem to need them; this should help inform people about what they are getting.

What am I actually getting when I buy a satellite internet connection?

Satellite internet is a great product for what it is. It can be installed anywhere in the continental United States that has a unobstructed view of the southern sky. This means we can put internet into remote/off grid locations. It has some limitations such as limited bandwidth allotments, high latency ping time and no public IP address. Satellite provided internet, such as HughesNet or Exede are good products, but they are simply not capable of competing with a properly working ground based internet service.

A lot of people move into rural areas and expect to be able to get internet that compares to their previous FIOS connection. Often times they don’t have any other options for internet. Luckily for these users Satellite Internet can solve this problem, unfortunately, satellite internet is not as nice or as a fast as a ground based connection. Lets go over some of the common setbacks people run into. If you live in an area that has no other options then satllite is probably your best option but if you have choices then you should research them first. Ask your neighbors what they have. You should be able to get an idea for the level of service provided in your area.

Monthly Bandwidth Limitations.

Lets go over the first major concern people have and that is the monthly data bandwidth cap. Your bandwidth cap is the total amount of data transferred over your internet connection during a billing period. This is measured in the same way your cell phone measures data usage. You may or may not be aware of data capped internet but you do not get unlimited bandwidth. Depending on the package you get you will get around 10, 15, 20, or 50 gigabytes of data transfer a month. This may seem like a lot but with the amount of video being streamed it is not very much. Other services such as cell phone hotspots can rake up a large bill but satellite providers rate limit you for your billing period instead of charging you more. This means streaming services such as Netflix, Hulu or Youtube will not work very well.

Bandwidth Cap is different than how fast the connection is. Bandwidth Caps are based on how much data you transfer over your internet connection. Most internet in the united states has total bandwidth caps. Depending on the service it can be as much as 250-500 gigabytes a month or it could be as little as 1 to 2 gigabytes a month if you are using a cell phone based internet.

Satellite Internet typically has more affordable bandwidth when compared to cell phone internet options, but other ground based services typically have more bandwidth than satellite internet.

An hour of high definition Netflix uses over a gigabyte of data. This means that if you have a 20 gigabyte package you have around 20 hours of streaming ability. Take the amount of days in a month and divide by 20, you’ll realize that this is less than one hour a day per month that you can stream. People who come from populated areas with high alottment bandwidths often do not understand what their bandwidth usage is and therefor expect more out of the satellite internet than they should. Often times sales people add to misconceptions of what the product is.

High Latency and What That Means to You.

Communication satellites such as the ones used for HughesNet and Exede have satellites positioned in what is called a geosynchronous orbit. This means the satellite orbits earth at the same rate at wich the earth turns; staying fixed in the sky above any location. The satellite is approximately 26,199 miles above the earth. This means a round trip travels approximately 104,796 miles; (Or 26,199 miles x 4) at the speed of light this can take roughly 600 milliseconds. In normal web browsing a 6/10ths of a second of lag isn’t very noticeable, but when playing first person shooter video games this is way too long. Some VPNs will also not work because of the inherent latency of satellite internet.

What does high latency mean to me? Well normal with normal web browsing, nothing, but if you video games or use a low latency connection such as trying to shoot at an opponent will not work. Ground lines will have a latency of 60-100 milliseconds, satellite will have a latency of 600-800 milliseconds. This means that your opponent has moved out of the way of where you shot, this makes the game unplayable.

VPNs, VoIP and software such as Tor do not work very well with a high latency connection. So do not expect to be able to use that software to its full extent. There might also be other software that does not work, so be sure to research on google to see if other people can use the software on satellite internet.

No public IPv4 addresses.

On HughesNet you do not get a public IP address that you can connect to from an outside connection. HughesNet supports IPv6 so you can use a one of the public IPv6 address to connect, but you cannot use IPv4 to connect to your network. The HughesNet Modem performs NAT and translates your connection to devices on your network. It also splits connections between all your devices. This means if you want to allow outside connections to say, your home camera system, you will not be able to communicate with it using (IPv4)[https://en.wikipedia.org/wiki/IPv4]. Some DVR software allows you to connect while you are on the local network or you sign up for a service that forwards users to your connection. Software that relies on a publicly facing (IPv4)[https://en.wikipedia.org/wiki/IPv4] address will not work. Most people never use this so it isn’t that big of an issue. But if you serve data or allow people to connect to you, you will be limited.

Hughesnet Voice/VoIP service.

Something that I run into occasionally but not often is people who want to use faxes on the HughesNet VoIP. Voice works great but you cannot use a fax or other modem type device on the HughesNet VoIP. This isn’t a problem for most people but some want to fax and you can’t fax.

E911 service might also be a little iffy because it relies on your internet working and having power. You can battery backup these if you are worried, but unlike a POTS line it will not work without electricity.

The HughesNet provided VoIP service is very solid and works very well, it is an excellent option for people who have no cell phone signal and need a stable phone connection. Communications such as Skype or Vonage may not work as expected.

Summary

So in short, if you video game, use lots of bandwidth, or need a publicly faceable IP addresses, satellite might not be your first option. However, satellite may be the only option for those who have no other options.

Sadly, I see a lot of people talk to high pressured sales persons who telemarketer call them. This isn’t bad, but what is bad is the sales person will promise the world to a potential customer when what they want to do cannot be done practically.

What also escapes me is when people are surprised a sales person told them things they wanted to hear rather than the actual facts. Think a little about it, do some research. (I Hope that is how you ended up here) Learn about what you’re going to buy before buying it. Its a 24 month commitment, so be sure it is what you want.

Configuring fail2ban to Work With Freeswitch

AWS sent me a Retirement Notification for my EC2 instance that hosted my freeswitch and this webserver telling me I had to recreate the instance. So I recreated a new instance and moved over the file systems from the previous VM to the new one to copy configs over. One of the things I didn’t handle the first time around was setting up software such as fail2ban or denyhosts to monitor failed logins.

Quite common I see many attempts to connect and authenticate credentials that are not valid on my sip server. I use to not care but like, I know there is software to handle this very task, so I set up fail2ban to work on freeswitch. I wanted to convey the one line in the config I had to change from other guides.

First things first, you gotta configure your freeswitch to log auth errors. This can be done by editing your sofia profile. In your profile should be a param that is called log-auth-failures this variable will enable logging for any auth failures for this profile. Be sure to do this in any profile you wish to check authentication failures against.

<param name=“log-auth-failures” value=“true”/>

Be sure to run reloadxml in your freeswitch console to apply the new settings.

Next you need to install fail2ban. I am using ubuntu for this case and you can install it by issuing the following command.

apt-get install fail2ban

If you do not use ubuntu instead use some other distro, you will need to find the correct package names to install fail2ban. For other distros see their fail2ban downloads section. A lot of this was provided from websites such as the freeswitch wiki.

First we gotta install a filter for freeswitch. Put this in a file named /etc/fail2ban/filter.d/freeswitch.conf.

/etc/fail2ban/filter.d/freeswitch.conf


# Fail2Ban configuration file
#
# Author: Rupa SChomaker (first two regex)
[Definition]
# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P[\w\-.^_]+)
# Values:  TEXT
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
            \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
            \[WARNING\] sofia_reg.c:\d+ Can\'t find user \[.*\] from <HOST>
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

Next we need to add the config in jail.conf for freeswitch, so now you got to open up your /etc/fail2ban/jail.conf and goto the last line and enter the following code.

/etc/fail2ban/jail.conf


[freeswitch-tcp]
enabled  = true
port     = 5060,5061,5080,5081
protocol = tcp
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
action   = iptables-allports[name=freeswitch-tcp, protocol=all]
           sendmail-whois[name=FreeSwitch, dest=your@email.com, sender=yourserver@yourdomain.com]
[freeswitch-udp]
enabled  = true
port     = 5060,5061,5080,5081
protocol = udp
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
action   = iptables-allports[name=freeswitch-udp, protocol=all]

Be sure to change the logpath variable with the location of your freeswitch log. In my server it is /opt/freeswitch/log/freeswitch.log but the default is /var/log/freeswitch/freeswitch.log. Be sure to check the locations of these files otherwise fail2ban will not know what logs to read so that it can ban people.

The Offical Hailey Unapproved Foods List

Welcome to the official Hailey Unapproved Food List. I will attempt to update and maintain this list with relevant information as time goes on. This list only includes food that I have actually gone out of my way to try or at least attempted to. Some of these foods the smell alone triggers too much of a gag reflex to actually try and eat. There is no order to this list.

Running Ubiquiti Networking Access Points in WDS AP-Repeater Mode

This is more of a an announcement than a post. The other day I installed (For the first time.) a few NanoStation M access points from Ubiquiti. Specifically the NanoStation NSM2 for the primary access point and NanoStation LocoM2’s for the access points mounted on houses down range of the main access point. The total distance covered was well over a thousand feet with transparent networking from the barn to the furthers away house.

The idea was to enable three access points in AP-Repeater mode. At first I enabled Auto WDS and set the wireless settings to WEP and set the same credentials and frequency. This worked flawlessly with two access points, but adding a third one would break the whole system.

The first hiccup we had was no device would connect to an access point until we disabled the AirMax features in the ubiquity tab of the access points. Once this was done devices connected flawlessly.

I tried to setup the access points using auto WDS detection but it did not work. Using Auto Discovery caused some kind of routing loop and created networking issues making the network usable. Then when unplugging any one of the three access points the other two would start working. This lead to the discovery that when you setup WDS on Ubiquity hardware and are using more than two access points you should manually set the MAC addresses of each access point that will be within range of neighboring access points. Using auto seems to cause some kind of loops or break routing.

Using WEP in AP-Repeater mode is well documented, however the auto WDS discovery is not very well documented. So be sure you enter in your MACs manually for each neighboring access point.

In the end the wireless equipment ran flawlessly once it was correctly set up. The main access point is inside an attic, shooting through a tile roof, to a second building 800 feet away and a third building a 1000 feet away. The access points worked flawlessly. So if you need to deploy some cool WiFi, use Ubiquiti.

A Gallery and Rant of Poorly Mounted Antennas

I have been installing Satellite dishes and systems of all types on and off over the past fourteen years. I never go back to jobs where I left something loose or a dish fell off or was blown off by the wind. The only times I’ve fixed my mounts have been when roofers remove the dish. I try not to do jobs if I can’t do them right and when I do them right they never have problems related to my work.

There are few things that bother me more than professionals doing jobs with the skills of an inexperienced amateur. An experienced amateur would be better than the things some of these unskilled professionals do. Things from cutting corners, not pre-drilling holes for bolts into rafters or studs and as a result the wood splits.

So I see a lot of hack jobs when I go out to peoples houses to install yet another antenna on their house. Often times these are people who live in the middle of nowhere and have no land based internet options, ideally but not always. DirecTV and Dish installers will show up and put up a dish next to an older DirecTV or Dish antenna and run all new wires.

My biggest annoyance tho is backwards mounts and tripod mounts that are not tripods. Most of the tripod mounts are long enough to mount onto 16” studs and 24” rafters which is what most buildings are built with. So you can mount the base of the tripod in the center between two more rafters, giving a solid three point mount. Ideally you want this to be a even tripod yet people put the support arms along the same axis as the base of the tripod and there is very little support to keep it from lifting up and down, let me demonstrate in a picture gallery.

AWS Switch from running t2.micro to t2.nano

When I started with Amazon AWS I used the free teir for a year and then kept paying for it as I have been running all of my websites and freeswitch on it. I don’t really need freeswitch; since all my sites are static I could get away with using Amazon S3 to host it. In fact I do for http://services.athnex.com. So the following is a quick background on some things I’ve done since when I started using AWS for my hosting solutions.

The t2.nano server has 512mb of ram rather than 2gigs. I run nginx and static websites which requires very little ram. Freeswitch requires a few hundred mb at most when busy and at most I only do one call. If I come into some extra funds I will setup a hotline for one of my other websites, a joke hotline. So dont think im serious. But don’t tell people who think the sites are serious they aren’t serious. (Shhh! This is our little secret!)

Stay Tuned for Satellite Rants and Ramblings

There is something that bothers me, something that I deal with several times a week and that is improperly mounted satellite dishes. I couldn’t find pictures on google images that were suffecient to demonstrate my upsetness, but mark my words I will document the stupid installs and explain exactly why things are wrong and how they could not be.

OD'ing at your Drug Dealers Place

When I originally delt with this issue I was addressing all drugs. But in reality the most common drug people overdose on are either heroin or prescription opiates or prescription drugs in general. So here is a list of the important etiquette you should observe when dealing in illicit substances.

If you decide to dabble in the dark underworld of drugs, there is a few things you should understand. The cool drugs like weed and lsd is hard to overdose on. But if given a significant amount then its easy to overdose on most substances. Weed, LSD, Mushrooms, are hard to OD on, there are still more drugs that area also hard to OD on but I am leaving them out for the purpose of this document.

Heroin and other prescription drugs are the most likely thing for you to overdose on. This leads us to a problem. If you overdose in your own home the only person you run a risk of hurting is yourself. Unfortunately a lot of people decide to get high at their dealers cause they can’t wait for the appropriate time to take drugs. This means, if you OD at your drug dealers house you’re at special risk for being delt with in ways that may seem fucked up. But let me tell you what happens.

New Blog (Again)

So I created a new blog with an entry from my old blog. This time 2016 will be cool. We’ll see how many times I get to post but I hope to keep up with creating new content now that creating content is easy. ish.

Truth is I’m bad at keeping up with writing content. I have three or four websites in total that I have to keep up content for and I am lost with the workload of one site. So this will be my blog about things that don’t fit within the strict criteria of their topics. My other sites are specific while this is general topics related to whatever I am doing.

I plan on creating some content soon to put here and hopefully expand the tiny little section of the internets that is mine. Here’s to hoping another year of registered domains!

lorem ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam pharetra id elit eget vestibulum. Maecenas sodales euismod euismod. Nunc rhoncus nibh in bibendum vestibulum. Nullam consequat nibh ante, vel euismod est hendrerit a. Vivamus faucibus pharetra magna nec lacinia. Sed et risus non dui commodo malesuada. Donec blandit tellus sed accumsan hendrerit. Curabitur eu ipsum id nunc mollis tempor at ut nisl. Mauris ut elit aliquam, pulvinar arcu eu, commodo risus. Aliquam vehicula eros vitae finibus dignissim. Vestibulum fermentum ex a leo convallis, eu scelerisque erat mollis. Etiam rutrum quam vel euismod pharetra. Proin eu enim egestas dui aliquet suscipit sed at leo. Etiam molestie ipsum purus. Nunc elementum diam nulla, id commodo metus interdum id. Nam ut tellus sit amet orci malesuada porta sit amet id lorem.

Fusce non efficitur lorem, eu facilisis eros. Aenean tortor ex, venenatis placerat dapibus eget, iaculis ut lacus. Cras placerat, dui ac efficitur faucibus, ante urna viverra turpis, fermentum tincidunt dui lacus quis lectus. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Aenean viverra arcu ut porttitor commodo. Aenean nec ex elementum neque vestibulum aliquet quis ac diam. Vestibulum sit amet sem accumsan, imperdiet ex eget, eleifend est. Cras pharetra placerat ipsum sed tincidunt. Cras dictum feugiat maximus.

Rebuilding the Blog

So the server I had everything hosted on took a shit and died on me. I’m not sure the exact reason. I figured having raid-5 would keep such things from happening but I think the controller card died. About a week before this my entire backup system died and so I lost all my backups. Then my actual server died that held my secondary backups.

Either way I haven’t spent enough time at the data center troubleshooting the issue to recover the data. I sort of need it, kinda. One of these days I’ll have to take the computer home and work on it. We’re replacing everything with VMs and they work just fine, we got hypervisors with 48 procs and 128gigs of ram, 4 vcpu’s and 4gigs of ram missing hardly go noticed. The new server is a VM and hopefully I’ll get a backup system working before things happen again.

I ended up with two new two terabyte drives and discarded the rest of them. Next is a SSD drive for the OS. Then fuck computers, I need more outfits.

Until then.. new stuff will be posted here. The next thing might be related to DNSSEC and how annoying it is and how there are no good tutorials on going in manually and so I’ll have to write down how rollovers work in a quick step by step guide.