Monitoring an APC UPS with a Raspberry Pi

If you're looking to monitor an APC USP (many of the latest models have a USB port for monitoring) this is the best walk-through I've found:

http://www.anites.com/2013/09/monitoring-ups.html

Thanks to Kenneth Burgener for his great write up.

Being able to query the UPS or perform actions based on Power Off/Power On state is fantastic.

$ apcaccess 
CABLE    : USB Cable
DRIVER   : USB UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2016-03-09 09:10:19 -0700  
MODEL    : Back-UPS ES 550G 
STATUS   : ONLINE 
LINEV    : 122.0 Volts
LOADPCT  : 6.0 Percent
BCHARGE  : 100.0 Percent
TIMELEFT : 107.5 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
SENSE    : Medium
LOTRANS  : 92.0 Volts
HITRANS  : 139.0 Volts
ALARMDEL : 30 Seconds
BATTV    : 13.5 Volts
LASTXFER : Automatic or explicit self test
NUMXFERS : 2
XONBATT  : 2016-04-04 06:36:26 -0700  
TONBATT  : 0 Seconds
CUMONBATT: 16 Seconds
XOFFBATT : 2016-04-04 06:36:34 -0700  
LASTSTEST: 2016-04-04 06:36:26 -0700  
STATFLAG : 0x05000008
SERIALNO : 4B1414P00197  
BATTDATE : 2014-03-31
NOMINV   : 120 Volts
NOMBATTV : 12.0 Volts
END APC  : 2016-04-10 09:13:05 -0700

Graphing Data With SNMP and MRTG

Notes:

  • Had to install the extra MIBs with ``
  • Data is always in integer format. If you want decimals you have to use Factor
  • Watch your MaxBytes! If a value goes above that, MRGT will assume it was an error and either make it a 0 or not display it at all.
  • How to check an OID with SNMP: snmpget -v 2c localhost -c public .1.3.6.1.2.1.25.1.21
  • I put the entire flow of Updating MRTGs into a single script to avoid race conditions /usr/local/bin/update_values_and_run_mrtg
  • APCUPSD Getting Started: http://www.anites.com/2013/09/monitoring-ups.html
  • MRTG is writing to /www/mrgt on the Pi, but NGINX just points to that as the root.

Helpful Links:

Cox Gigablast Install

Around November 2015 I got a letter in the mail from Cox Communications, my ISP. “Gigablast is coming soon!” it said, along with a warning that service might be interrupted from time to time over the next few weeks as they install infrastructure.

Gigablast is Cox’s Fiber To The Home (FTTH) gigabit internet offering.

Needless to say, I was excited. I was already on their highest-tier plan (300Mbps down, 30Mbps up), but faster always seems better. Why? Because why not?

I was also very interested in the rollout because I wasn’t familiar with much of the technology of optical networks. This was a chance to observe up-close how it all works. And since a lot of the technology was going underground, there would be a limited window of opportunity to observe it, ever.

With that in mind I did my best to take photos, talk to workers, and document as much of the process as I could. I’ve documented the process here in roughly chronological order, and I’ve done my best to gather the details necessary to get a good grip on how the Cox Fiber network is physically setup in neighborhoods with Gigablast.

If you know details that I don’t, or have corrections, I’d love to know.

Step 1: Digging the holes for the POSs and Digging some trenches for new conduit.

The first sign of activity in the neighborhood was the digging of holes to install the POSs. A Passive Optical Splitter is the point in an optical network where the incoming “Main” fiber line is split up into a single line for each house.

Workers dig a hole for an POS
A utility box is prepared to be placed into the hole previous dug. The POS will sit on this utility box, fed by the Fiber in conduit beneath it.

Step 2: Pulling Conduit and Pulling Fiber to the Pedestals

While the POSs are being prepared, workers are pulling conduit through the existing coaxial conduit. Yes, that's right, they're pulling conduit through existing conduit. You can see the new, bright orange conduit being pulled within the existing gray conduit. Once that has been pulled, the fiber is pulled within the orange conduit. I presume this is because the stresses that the orange flexible conduit can endure far exceed what they are willing to put the fiber through.

New conduit (orange) being pulled near the existing coaxial amplifier, and the new utility box that the POS will be placed on.
Closeup view of new conduit (orange) near existing amplifier and the new POS container.
New conduit (orange) being pulled to the pedestal in front of a house. Once the new conduit is in place, fiber was pulled through the new (orange) conduit.
Inside of the underground utility box where the POS will be placed.

Step 3: Installation of the POS

Once the conduit is in place the POS is installed adopt the utility box that was placed in the ground. So far all of these are right next to existing amplifiers in the coaxial network. This seems like a logical way to structure the network, but by no means would it be mandatory.

Once the POS is installed, the fiber was pulled into the cabinet and terminated.

POS atop its utility box. Fiber is fed from beneath.
Closer view of Cox POS.

Step 4: Termination of the Fiber at the Pedestals

This was one of the most confusing parts to me before I watched the install take place. I couldn't figure out how the fibers were routed through the pedestals. Were there optical switches in each pedestal, linking the fibers to main network? Were there splices everywhere?

Turns out the answer is super simple.

The cable that's pulled from the POS is then looped through each pedestal, with about 12 or 15 feet of coiled slack left in each pedestal.

The trick is that this cable actually has 96 glass fibers in it, enough for 96 houses.

Example of multi-fiber cable.

Here's how they do this at each pedestal:

  1. Pull off the out layer(s) of insulation, exposing the "tubes". (Each "tube" contains 12 optical fibers, each in its own protective jacket).
  2. Pull off the out layer(s) of the tube(s) that need to be access at this pedestal.
  3. Now the individual fibers are visible, in their protective jackets.
  4. Cut the fibers that need to be terminated at this pedestal.
  5. Terminate the fibers with standard SC or LC (etc) style connectors and install in place in the pedestal.
  6. Carefully coil the cable back into its harness and close up the pedestal.

So the trick I failed to see is that, the fibers that are terminated at this pedestal remain in the cable bundle, they're just unusable beyond this point.

Here's a diagram representing this:

The path of the fibers in the main cable bundle, from pedestal to pedestal.

Step 5: Home Install

The Home install is very straighforward. There are only a few steps:

  1. Pull Fiber and a new piece of Coax from the Pedestal to the Home through the existing conduit.
  2. Terminate the Fiber inside the home and connect to an ONT, installed in the home.
  3. Terminate the Fiber at the pedestal and connect to incoming Fiber.
  4. Provision the ONT (Mine is an Alcatel-Lucent G-010G-A).
  5. Do a speed test.
Pulling new Fiber and RG-6 from the pedestal to my house.
This box, on the wall in my garage, splices the rigid fiber from the conduit (black) to the flexible cable that was run to the ONT in my house (beige).
Closeup of the flexible fiber.
Terminating the flexible fiber.
Terminating the flexible fiber.
The tool used to splice the connectors onto the ends of the fiber, a Swift F1.
Some of the many layers of a fiber optic cable.

Final Notes

  • A new piece of Coax was pulled at the same time. At least in my neighborhood TV isn't going to be on Fiber any time soon. The old Coax was used to do the pull of the new cables.
  • A box was installed in my garage were the rigid fiber from the conduit was spliced to much more flexible fiber that was then run to the ONT.
  • The ONT was required to be indoors. The garage was not sufficient.
  • I was able to keep using my existing router (TP-Link Archer C7). The techs recognized it and gave me no trouble leaving it in place.
  • The techs noted that Gigablast is not overclocked the way the rest of their internet products are. If you get 950Mbps, be happy. Don't expect over 1000. Also, good luck finding a switch or router that'll go over 1Gbps for any consumer price at this point, so you wouldn't notice anyway.
  • The connectors were spliced onto the ends of the fiber, the fiber wasn't hand-fed and terminated through the connectors.
  • The installation was 2 hours from the time the first tech showed up until I was back online.
  • The installation process was supposed to take multiple days (pull fiber one day, come back and install ONT another), but the tech offered to pull the fiber and do it all in one go. Of course I took him up on the offer.
One of the many speed tests I have run since the install. The max speed I've seen is about 960Mbps. I'm satisfied.

If you know details that I don’t, or have corrections, I’d love to know.

Corrections

  1. An earlier version of this article mistakenly referred to the POS as an OLT. The OLT exists in the CO or PoP, not in the neighborhood.
  2. An earlier version of this article mistakenly referred to the coax being pulled as "RG-8". It is, in fact, RG-6.
  3. An earlier version of this article referred to coaxial "Nodes". These are, in fact, Amplifiers.

Colorado River At Hoover Dam

Photo Posts

I’ve wanted to add photography to my site for a long time, but never had a good way to add photo posts. It was always a chore to copy the file, resize it into multiple sizes, find the filenames and copy them where they needed to go, then create the post and add the image tags, link it all up, and finally push the update.

So I finally wrote a script to do it all for me.

For the impatient you can download the script here.

Prerequisites:

  • Jekyll
  • Image Magic: brew install imagemagick

Install image magick, and if you’d like, create a folder action to automatically run the script every time a new file is dropped into it. This way you can just export photos to this “magic” folder, and you’ll instantly have a new photo post ready to go.

Install the script somewhere in your PATH. I put mine in /usr/local/bin.

Now, export a photo from Photos or Lightroom or wherever you’d like; just be sure you have a title and description set in your exif data.

The script runs and resizes the photo, copies the resized images into your _assets folder, and then creates a new post for the photo.

I’m using a this post template for my photo posts. Customize it to your liking, of course.

Updating your feed.xml and adding your own photography landing page are left as exercises for the reader.

The Best Parts from Apple's Motion To Vacate

This afternoon Apple posted a motion in response to the order brought by the court on behalf of the FBI:

APPLE INC’S MOTION TO VACATE ORDER COMPELLING APPLE INC. TO ASSIST AGENTS IN SEARCH, AND OPPOSITION TO GOVERNMENT’S MOTION TO COMPEL ASSISTANCE

You can read the entire document if you're interested.

What I find brilliant about this particular motion is that it's clearly written in a manner meant to be quoted from. Some sections almost read as a collection of sound bites more than a legal argument. That said, make no mistake, this is a thorough dressing-down of the FBI's request.

Below you'll find my favorite quotes from the document.

In fact, no court has ever authorized what the government now seeks, no law supports such unlimited and sweeping use of the judicial process, and the Constitution forbids it.

In short, the government wants to compel Apple to create a crippled and insecure product.

Finally, given the government’s boundless interpretation of the All Writs Act, it is hard to conceive of any limits on the orders the government could obtain in the future. For example, if Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing.

Moreover, this is the only case in counsel’s memory in which an FBI Director has blogged in real-time about pending litigation, suggesting that the government does not believe the data on the phone will yield critical evidence about other suspects.

A. The All Writs Act Does Not Provide A Basis To Conscript Apple To Create Software Enabling The Government To Hack Into iPhones.

Moreover, federal courts themselves have never recognized an inherent authority to order non-parties to become de facto government agents in ongoing criminal investigations. Because the Order is not grounded in any duly enacted rule or statute, and goes well beyond the very limited powers afforded by Article III of the Constitution and the All Writs Act, it must be vacated.

If the government can invoke the All Writs Act to compel Apple to create a special operating system that undermines important security measures on the iPhone, it could argue in future cases that the courts should compel Apple to create a version to track the location of suspects, or secretly use the iPhone’s microphone and camera to record sound and video. And if it succeeds here against Apple, there is no reason why the government could not deploy its new authority to compel other innocent and unrelated third-parties to do its bidding in the name of law enforcement.

While these sweeping powers might be nice to have from the government’s perspective, they simply are not authorized by law and would violate the Constitution.

Moreover, responding to these demands would effectively require Apple to create full-time positions in a new “hacking” department to service government requests and to develop new versions of the back door software every time iOS changes, and it would require Apple engineers to testify about this back door as government witnesses at trial.

Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks.

Under well-settled law, computer code is treated as speech within the meaning of the First Amendment.

The government disagrees with this position and asks this Court to compel Apple to write new software that advances its contrary views. This is, in every sense of the term, viewpoint discrimination that violates the First Amendment.

If the government did have any leads on additional suspects, it is inconceivable that it would have filed pleadings on the public record, blogged, and issued press releases discussing the details of the situation, thereby thwarting its own efforts to apprehend the criminals. See Douglas Oil Co. of Cal. v. Petrol Stops Nw., 441 U.S. 211, 218-19 (1979) (“We consistently have recognized that the proper functioning of our grand jury system depends upon the secrecy of grand jury proceedings. . . . [I]f preindictment proceedings were made public, many prospective witnesses would be hesitant to come forward voluntarily, knowing that those against whom they testify would be aware of that testimony. . . . There also would be the risk that those about to be indicted would flee, or would try to influence individual grand jurors to vote against indictment.”).

In addition to violating the First Amendment, the government’s requested order, by conscripting a private party with an extraordinarily attenuated connection to the crime to do the government’s bidding in a way that is statutorily unauthorized, highly burdensome, and contrary to the party’s core principles, violates Apple’s substantive due process right to be free from “‘arbitrary deprivation of [its] liberty by government.’”

For example, society does not tolerate violations of the Fifth Amendment privilege against self-incrimination, even though more criminals would be convicted if the government could compel their confessions. Nor does society tolerate violations of the Fourth Amendment, even though the government could more easily obtain critical evidence if given free rein to conduct warrantless searches and seizures. At every level of our legal system—from the Constitution,28 to our statutes,29 common law,30 rules,31 and even the Department of Justice’s own policies32—society has acted to preserve certain rights at the expense of burdening law enforcement’s interest in investigating crimes and bringing criminals to justice.

Early Morning Cholla

Sunset Behind The White Tanks