Re: [AFMUG] Simple Alarm Panel
We are using ubnt's mfi for some of that. Works great. Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Tue, Dec 30, 2014 at 9:37 AM, Josh Luthman via Af af@afmug.com wrote: APC + card is probably 300 or 400 and does everything. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Dec 30, 2014 at 10:55 AM, Chuck McCown via Af af@afmug.com wrote: Not terribly cheap, are they? -Original Message- From: Nate Burke via Af Sent: Tuesday, December 30, 2014 8:32 AM To: af@afmug.com Subject: Re: [AFMUG] Simple Alarm Panel Depending on how many contacts you need, the APC boards work well. like the AP9619. You can get a single chassis for it that you just power. It has 1 set of contact closures, and will send an email when it trips. On 12/30/2014 9:18 AM, Chuck McCown via Af wrote: I was asking a similar question a week or two ago. There are some small developer type of boards in the $40 range. One could do it by just looping back an ethernet port if you had some way to send traps when that port changed state. -Original Message- From: Matt via Af Sent: Monday, December 29, 2014 6:31 PM To: af@afmug.com Subject: [AFMUG] Simple Alarm Panel Looking for an economical device with contact closure inputs that will send email and text alerts using a provided Internet connection. Say a door is opened at a tower site I want an email or text message or both. Anyone know of anything? Thinking of using something like an Arduino but hate to reinvent the wheel.
Re: [AFMUG] Windows SNMP tool
We've used this before with pretty good luck. http://www.paessler.com/tools/snmptester Won't scan a subnet, just an individual host. Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Fri, Dec 12, 2014 at 2:51 PM, SmarterBroadband via Af af@afmug.com wrote: Does anyone know of a windows SNMP tool where I can read and write to an OID. Easy tool, just enter subnet and oid to work on and get a list of results? If not windows, gui Linux? Thanks Adam
Re: [AFMUG] Source for used Smart UPS XL
X2 for refurbups.com. On Nov 6, 2014 8:16 AM, Josh Baird via Af af@afmug.com wrote: We buy from excessups.com and refurbups.com. Call them to get your pricing, it will be better than what is shown on their websites. Josh On Thu, Nov 6, 2014 at 11:11 AM, Josh Luthman via Af af@afmug.com wrote: Looking for another rack mountable unit and I want to throw in some bigger batteries. The old unit just doesn't have the battery capacity and I'm afraid of asking too much of the little charger. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
Re: [AFMUG] Network monitor.
Yup, like Josh said. Observium is pretty sweet and good be awesomer. We've been pushing on them for some better support for wireless devices but haven't got any movement on it yet, even with quite a few offers to pay them. For us, we use PRTG for critical devices to alter us in email, sms, etc because Observium can only test every 5 minutes and still have some hokiness in alerting. But it kicks butt at tracking traffic, 95th % stuff, and even things like tracking firmware versions, and autodiscovery. We've integrated SmokePing into it for some better ping stats and are working on using some of their unix agents for bind, apache, and mysql. Rancid is on our list as well. Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Mon, Nov 3, 2014 at 5:12 PM, Josh Reynolds via Af af@afmug.com wrote: Didn't look. goes to look... We're not using rancid at this time. Everything I've configured I've done using this: http://www.observium.org/wiki/Configuration_Options Or via the observium mailing list... like setup a ramdisk to push all of the .rrd's to before syncing with a folder on the SSD array (every 6 hrs). I've been on there with Robbie Wright, Chris Ruschman, and a few others trying to get them to support certain products. I guess I'll just have to push a pile of cash their way. I really like observium as a whole. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 11/03/2014 04:08 PM, Mike Hammett via Af wrote: Link I posted earlier. 1:53 - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- *From: *Josh Reynolds via Af af@afmug.com af@afmug.com *To: *af@afmug.com *Sent: *Monday, November 3, 2014 7:07:49 PM *Subject: *Re: [AFMUG] Network monitor. Miller's blog? Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 11/03/2014 02:51 PM, Mike Hammett via Af wrote: Missing anything from Miller's blog? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- *From: *Josh Reynolds via Af af@afmug.com af@afmug.com *To: *af@afmug.com *Sent: *Monday, November 3, 2014 5:45:28 PM *Subject: *Re: [AFMUG] Network monitor. oops forgot about syslog! :) We have all of our observium monitored devices sending syslog info to it as well Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 11/03/2014 10:54 AM, Mike Hammett via Af wrote: Observium and LibreNMS are what the cool kids are running these days. A friend of mine put out a series of blog posts regarding how to install Observium and then how to integrate it with various other services like syslog, Rancid, etc. http://bit.ly/1qmtAKW - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com https://www.facebook.com/ICSIL https://plus.google.com/+IntelligentComputingSolutionsDeKalb https://www.linkedin.com/company/intelligent-computing-solutions https://twitter.com/ICSIL -- *From: *Joshua Heide via Af af@afmug.com af@afmug.com *To: *af@afmug.com *Sent: *Monday, November 3, 2014 12:38:00 PM *Subject: *[AFMUG] Network monitor. Besides prtg and cacti is there anything else out there worth looking into. Currently we use prtg to monitor all of our towers and things at our noc. Then we use cacti to monitor our customers. Just curious what you guys use and if there anything new coming out. Thanks, Josh Heide Velociter Wireless (office) 209-838-1221 (fax) 209-838-1800 www.velociter.net
Re: [AFMUG] Mailing List Behavior
You're correct Seth, there is a difference between the envelope sender and the mail from address.In the case of DMARC, it requires that the envelope sender domain match that of the dkim domain and that of the mail from domain to achieve what they call alignment. I can't recall who did the move, but they chose option number 3a here: http://www.dmarc.org/faq.html#s_3 I agree, not seeing the original sender's email addy isn't ideal. From a mail sending stand point, the list is doing it correct (in my opinion) but it does make it a little less usable. And on a side note, next time I'm in Tahoe, I'd love to buy you a beer and talk about TahoeIX. I love the idea of smaller IX's like that and would love to see/hear what you guys are doing. Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Fri, Oct 31, 2014 at 9:09 AM, Seth Mattinen via Af af@afmug.com wrote: On 10/31/14, 8:33, Robbie Wright via Af wrote: I wasn't involved in the move of the mailing list at all, but this was a needed thing. Since all of you should have SPF records on your domain, when the mailing list program attempted to send mail with your from address, it should have been picked up by spam filters because it was coming from the AMFUG server which most likely wasn't authorized in your SPF record. With the combination of SPF, DKIM, and now DMARC, mailing lists cannot (and shouldn't) fake people's from email address. How the team that did the move completed this is technically correct. The sender's name is great but you have to use the right domain. No, just no. Know the difference between the sender and the envelope sender. ~Seth
Re: [AFMUG] Mailing List Behavior
Seth, you are correct, these message are not in dmarc alignment. And you are also correct, SPF operates on the envelope sender and then dmarc compares the envelope sender, the from addy in the header, and the dkim to ensure all are in alignment. These messages are being sent from the amazonses.com domain, hence why dkim passes as does spf beacuse Amazon has all of those setup correctly. Amazon actually has some useful articles http://docs.aws.amazon.com/ses/latest/DeveloperGuide/spf.html. One, if you are not authenticating any of your mail, like amfug, don't do anything and Amazon will take care of it for you. They sign dkim for their own domain and have an spf record. Google (and other mail servers and clients) use dkim to figure out who is sending the mail, hence why Gmail delivers the mail like this: Gmail sees that it wants to come from the amfug.com domain but it is actually coming from a different domain. To truly make the mail come from amfug.com, they need to: 1.) Get an spf record that covers ses (there is currently no spf record on amfug.com) 2.) Use manual dkim for ses http://docs.aws.amazon.com/ses/latest/DeveloperGuide/manual-dkim.html through Amazon's api (which I believe is already being used for this list). Right now Amazon's easy dkim is using their own domain and record. You can have your own dkim key and use it for your own domain with ses. This gets rid of the Gmail issue above, how Outlook displays On behalf of, etc. Unfortunately, each mail client handles the display of these differently. 3.) Setup a dmarc record with no action (no quarantine or reject). This will start logging all of the mail delivery from some of the larger providers and demonstrate where all of the mail is coming from. Once confident all of the sending servers have been captured by at least SPF and preferably dkim, they can turn on quarantine and then reject later on down the line. dmarcian.com, dmarcanalyzer.com or return path all have online tools to receive dmarc reports to and is a million times better than manage the xml on your own. All that said, opinions are like a-holes, everyone has them and they all stink. Paul co, thank you for taking this on and dealing with all the heat for doing it. Change is never easy. Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Fri, Oct 31, 2014 at 10:40 AM, Seth Mattinen via Af af@afmug.com wrote: On 10/31/14, 9:38, Robbie Wright via Af wrote: You're correct Seth, there is a difference between the envelope sender and the mail from address.In the case of DMARC, it requires that the envelope sender domain match that of the dkim domain and that of the mail from domain to achieve what they call alignment. I can't recall who did the move, but they chose option number 3a here: http://www.dmarc.org/faq.html#s_3 I agree, not seeing the original sender's email addy isn't ideal. From a mail sending stand point, the list is doing it correct (in my opinion) but it does make it a little less usable. I can't really agree anything right is happening. Most glaringly, threading has been fubar'd to all hell and my AFMUG folder now looks like a post-apocalyptic wasteland of disarray. Maybe most aren't used to clients that do real threading or have separate Reply and Reply List functions, but I can't stand how this list now operates. The thing is that what it says about DMARC isn't happening here: DMARC introduces the concept of aligned identifiers. Briefly, it means the domain in the RFC5322.From header must match the domain in the d= tag in the DKIM signature for DKIM alignment, and/or match the domain in the RFC5321.MailFrom field for SPF alignment. Take ownership of the email message by changing the RFC5322.From address to one in the mailing list's domain, and adding a DKIM signature for that domain. Several variations are covered below. In the headers the DKIM signature has d=amazonses.com where From is afmug.com. That doesn't look like what DMARC calls alignment to me. Since SPF historically operates on the envelope sender, not the from header, that's always worked before DMARC. However, tweaking an SPF implementation to start checking the From header would reject lots of things with an -all policy. And on a side note, next time I'm in Tahoe, I'd love to buy you a beer and talk about TahoeIX. I love the idea of smaller IX's like that and would love to see/hear what you guys are doing. Sure, I'd happy to give a tour of what's set up for the IX and go into the details. It's still quite small due to just being started in September, but it's pretty exciting. ~Seth
Re: [AFMUG] Pole fees and process ?
All over the board depending on your locality unfortunately. Some cities own the poles, some power companies own the poles, and other utilities own the poles. Find the poles you want to go on, get their ID numbers off each pole, and then contact each pole owner to get a contract. In our locality, the power company owns 99% of the poles and they are pretty easy to work with. Other states you'll have pole attach agreements with 4 companies, each with different rules, different engineering specs, and different prices. Make ready fees are what you'll get hit with, meaning the pole owner will charge you if they have to improve the poles to take the load/make room for your cable. Some states will require you to be a CLEC, others won't. Some cities or counties will require a franchise agreement, others won't. Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Tue, Oct 14, 2014 at 1:50 PM, TJ Trout via Af af@afmug.com wrote: How do you go about placing aerial fiber on power poles and what is the normal fee structure? What license do you need or permits to be able to place aerial cable? Some type of franchise right? Any estimates on aerial fiber cost for labor,fees, materials etc?
Re: [AFMUG] Cellular Electricity Meter
Unbelievable. Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Fri, Sep 26, 2014 at 5:01 PM, Bill Prince via Af af@afmug.com wrote: Criminoly! They're putting public IPs on SmartMeters?!? How clever is that? bp On 9/26/2014 4:31 PM, Jaime Solorza via Af wrote: These are the new wireless meters El Paso Electric is deploying for commercial users. Verizon is carrier and IP is right there Jaime Solorza
Re: [AFMUG] Bash specially-crafted environment variables code injection attack
sudo apt-get clean sudo apt-get update sudo apt-get upgrade sudo apt-get autoremove Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Thu, Sep 25, 2014 at 12:42 PM, Ty Featherling via Af af@afmug.com wrote: Noob question but how can I easiest update my linux boxes to get the latest patches? -Ty On Thu, Sep 25, 2014 at 1:59 PM, Josh Reynolds via Af af@afmug.com wrote: Upgraded our systems at 6am yesterday for this. Also pulled the bash .deb out of debian-stable/security for our ubiquiti edgerouters. (I made on a post on the UBNT forum with the CVE info yesterday.) Side note: TONS of things are affected by this... Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com On 09/25/2014 10:25 AM, Peter Kranz via Af wrote: PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, so you need to patch any vulnerable system running Apache. Peter Kranz Founder/CEO - Unwired Ltdwww.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207-pkr...@unwiredltd.com -Original Message- From: Af [mailto:af-bounces+pkranz=unwiredltd@afmug.com af-bounces+pkranz=unwiredltd@afmug.com] On Behalf Of Matt via Af Sent: Thursday, September 25, 2014 10:27 AM To: af@afmug.com Subject: [AFMUG] Bash specially-crafted environment variables code injection attack Bash specially-crafted environment variables code injection attack https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Re: [AFMUG] cat5
We use this stuff at all of our non-tower installs. Never has a single box of it fail and have been using it for about 4 years in the field now. Arguably don't need shielded for resi stuff, but we use cable clips to attach cable to everything and this cable is a 1/4 of an inch thick which fits the coax clips perfectly. Plus gives us flexibility with grounding. Works great for us. They also make a white UV rated cable, albeit not shielded or with a ground wire. http://www.cabling-supplies.com/cat5e-350mhz-shielded-direct-burial-outdoor-cable-black.html Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Wed, Sep 24, 2014 at 7:29 AM, Rex-List Account via Af af@afmug.com wrote: And while we are at it, how about RJ45 ends, also. *From:* Af [mailto:af-bounces+xorex63list=gmail@afmug.com] *On Behalf Of *Rex-List Account via Af *Sent:* Wednesday, September 24, 2014 9:21 AM *To:* af@afmug.com *Subject:* [AFMUG] cat5 I am looking for a new source of cat5 cable. Who has the best price on quality cable? I stress that I am not looking for cheap. I want something that lasts. Install it once and forget about it. Thanks, Rex
Re: [AFMUG] cat5
Yup, we had a few boxes of toughcable go bad and had to be replaced. We'll never use it again. Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Wed, Sep 24, 2014 at 7:44 AM, Kade Sullivan via Af af@afmug.com wrote: If you go toughcable, make SURE the boxes havnt been sitting around for a while. The last batch we bought to replace the bad batch ended up being another bad batch. So we ended up replacing crap with crap and now have to replace it all again. Evidently the boxes had sat in a warehouse forever or something. It's all turning green already and water is seeping into the cables. On Wed, Sep 24, 2014 at 9:37 AM, Eric Kuhnke via Af af@afmug.com wrote: I have had zero problems with the ubnt toughcable carrier ($180/box). They had their hands burned so thoroughly (presumably by a third party manufacturer in China) by the UV/cracking issue with the first generation toughcable, it's been resolved in everything shipping in the last 18 months. Monoprice sells packs of 100 shielded RJ45 male for around ten bucks, they're good quality. On Wed, Sep 24, 2014 at 7:36 AM, Robbie Wright via Af af@afmug.com wrote: We use this stuff at all of our non-tower installs. Never has a single box of it fail and have been using it for about 4 years in the field now. Arguably don't need shielded for resi stuff, but we use cable clips to attach cable to everything and this cable is a 1/4 of an inch thick which fits the coax clips perfectly. Plus gives us flexibility with grounding. Works great for us. They also make a white UV rated cable, albeit not shielded or with a ground wire. http://www.cabling-supplies.com/cat5e-350mhz-shielded-direct-burial-outdoor-cable-black.html Robbie Wright Siuslaw Broadband http://siuslawbroadband.com 541-902-5101 On Wed, Sep 24, 2014 at 7:29 AM, Rex-List Account via Af af@afmug.com wrote: And while we are at it, how about RJ45 ends, also. *From:* Af [mailto:af-bounces+xorex63list=gmail@afmug.com] *On Behalf Of *Rex-List Account via Af *Sent:* Wednesday, September 24, 2014 9:21 AM *To:* af@afmug.com *Subject:* [AFMUG] cat5 I am looking for a new source of cat5 cable. Who has the best price on quality cable? I stress that I am not looking for cheap. I want something that lasts. Install it once and forget about it. Thanks, Rex