I’m on vacation at the moment and I’ve been thinking a bit about how network technology has evolved over the past few years and where we are headed. At least for the moment, it seems to be that we have reached an access network tech plateau, at least as far as infrastructure is concerned. Let me explain…
Continue reading An Access Network Plateau Reached?Ubuntu 24.04: Changing the SSH Port Now Requires a Reboot
And yet another thing that changed in recent years: When I instantiate a new VM, I usually change the SSH server port. I know, it doesn’t help when it comes to security, but it reduces the number of bots knocking on my door and leaving an entry in /var/log/auth.log. When I recently installed a new VM running Ubuntu 24.04, I noticed that changing the port number in ‘/etc/ssh/sshd_config‘ and then reloading ssh with ‘sudo service ssh restart‘ does not change the port number. A full reboot is required for the change to take effect. WHY???
Continue reading Ubuntu 24.04: Changing the SSH Port Now Requires a RebootForcing SSH Password Authentication
A short post today about a subtle change of ssh that must have happened over the years. Previously, when I wanted to check if SSH password authentication was disabled on a server, I would remove my public key from the authorized_hosts file on the server and then use a second terminal to establish another SSH session to the server. This would then either result in a reject or a password prompt. When I recently tried this with a server on which password authentication was not yet disabled, I go a reject instead of the password prompt. Hm…
Continue reading Forcing SSH Password AuthenticationMacvtap is even Cooler than I Thought
Two years ago, I migrated a lot of my services running on virtual machines in the cloud to VMs on a bare metal server, which was also running in the cloud. The main reason: A significant cost reduction while at the same time having significantly more dedicated processing power and storage available. While I put most of those VMs behind a NAT and a single IP address, I had a BBB video conferencing server running in a VM that required it’s own IP address. Fortunately, my hoster could assign more than one IP address to a bare metal server. In the meantime, I have 3 VMs on that bare metal server that use their own public IP address.
For those VMs, I don’t use a NAT interface, but a macvtap interface. At the time, I thought that macvtap just maps a public IP address to a VM and that’s it. For the details have a look at my blog entry that describes the setup. However, it turned out that macvtap can do a bit more, which is particularly useful when a bare metal server hosts several VMs with their own public IP addresses. Read on for the details.
Continue reading Macvtap is even Cooler than I ThoughtUPS Battery Replacement for My Cloud
The electricity system in Germany is quite reliable but I always like a plan B. Thus, I run my cloud infrastructure behind a battery backup. As my two small NUC servers, a Fritzbox VDSL / Wi-Fi hub, a Raspberry Pi, an external hard drive and a cellular modem for backup connectivity have a relatively low power consumption of around 40 Watts, I can live with a relatively small uninterruptible power supply. 10 years ago I bought an ‘APC Back UPS ES 700‘ and could get around an hour’s worth of autonomy out of it for my setup. But batteries do not last forever, and 5 years have passed again since I last replaced the battery. When recently running a battery test, it reached 11.5 volts after only about 20 minutes. 11.5 volts is the voltage after which the battery starts to suffer when further discharged. That leaves 20% of the capacity unused, but I think it’s a good point to stop. As 20 minutes is a bit short, and the battery was definitely not getting any better, it was time to exchange it.
Continue reading UPS Battery Replacement for My CloudAnalyzing Packet Loss in Starlink
As I’ve already noticed last year, there is quite a bit of packet loss over Starlink connections that has a significant impact on TCP performance. Also, I was wondering if and how much packet loss occurs in cellular networks during a handover. Recently, I picked up this topic again and was looking for a way to detect, measure and analyze packet loss. One idea I came up with was to run a continuous iperf3 UDP stream at a relatively slow 1 Mbps and see what would happen. While iperf is running, it shows when and how many packets were lost, but I wanted to dig a bit deeper. So I used Wireshark / tcpdump to record the data transfers and then wrote a Python script to analyze the iperf packet counters to get more details. Here’s a link to the source code.
Continue reading Analyzing Packet Loss in StarlinkFritzbox Brain Transplant
I like redundancy, so I have ‘cold standby’ devices for critical hardware. My Fritzbox 7590 DSL router is one such piece of equipment (yes, still no Fiber in Cologne…) and I recently put it to good use: Incredible, but true, I’ve been using my current Fritzbox 7590 since 2018, i.e. for 6 years! Despite its age, it’s still an incredibly cool device and gets frequent software updates. However, the box seems to be aging, as it recently started to emit a low volume but high pitched coil whine. So while it was still working, the sound was getting a bit on my nerves. So I decided to swap the active 7590 with my spare device and was hoping that the promised ‘easy’ configuration backup / restore would save me a lot of manual work.
Continue reading Fritzbox Brain TransplantIkea Wi-Fi – Some Thoughts
Everybody loves going to Ikea on a Saturday. Right? Well, I guess the answer depends on whom you ask. Strangely enough, I can’t deny a certain affection for their stores, and when I was recently in one of them in Germany on a Saturday afternoon, I took the opportunity to have a look at their Wi-Fi. I normally, wouldn’t, but their buildings are mostly made of concrete, heat-insulated windows and a nice blue metal cap on top, so outside network coverage doesn’t go very far. So once you are inside and not close to a window, the store’s Wi-Fi is the only thing that connects you to the outside world to tell your friends about the joy of being there. Ok, so let’s be done with the slight sarcasm and have a look at how things work.
Continue reading Ikea Wi-Fi – Some ThoughtsStarlink: Reactivation after 9 Months
After my Starlink excursions last year, I put my subscription on hold for a while, because I didn’t need the system over the winter. But summer is coming again and it was time to have a look if it is as easy as promised to wake up the system again. Interestingly enough, prices have changed, some for the better, some for the worse.
Continue reading Starlink: Reactivation after 9 MonthsOnlyOffice, Nextcloud and Mobile Devices
Exactly one year ago, I gave OnlyOffice in combination with Nextcloud a try. The pressure to have an Online Office Suite for the household kept rising and Collabora Online Office just didn’t cut it for me. I immediately liked OnlyOffice, as it was just as quick in the browser as a locally installed Libreoffice and compatibility with that other office suite used by the majority is great. However, while the software is open source, it has one limitation: Document access on mobile devices such as tablets and smartphones is read-only. For full read/write capabilities on mobile devices, a subscription is required. At $149 for a year for 10 users, it is not the cheapest kid on the block, but it’s still open source and my files remain private on my own Nextcloud instance. I would have gone to the paid version sooner, as I like to support open source software development, but I wasn’t quite sure what it would take to change the server side. The OnlyOffice documentation is a bit opaque about this. So when I had a bit of time on my hands, I decided to find out. Turned out, it’s much easier than what I’d expected.
Continue reading OnlyOffice, Nextcloud and Mobile Devices