We need more troubleshooters for 31c3 (and other big chaos events as well)

This is a small personal review of the 30c3. I realized that the congress (and other big chaos events as well) need more troubleshooters – that is, angels that take responsibility for minor problems and willing to solve them.

Update: jz pointed out that your troubleshooter for all concerns is heaven (DECT 1023), even for minor tasks. So this blog post is mostly obsolete, but kept as-is for reference. However, you (as an angel) still may want to take responsibility to call heaven when you spot a problem which you can’t solve.

While I was not able to attend the congress as I had planned to due to a cold, I did 4 hours of NOC Helpdesk as well as other minor tasks. During that, here is a small list of items which occurred:

  • (unconfirmed) It appeared that some switches (if not all) had ports 1-4 reserved for NAT64, which was not labeled on the switches themselves.
  • The NOC Helpdesk did not have enough seating for the 4 angels assigned to the NOC helpdesk shifts
  • The NOC Helpdesk didn’t have pens, paper and a list of contacts to call (like the NOC itself). This was partially solved
  • Each Colo Server should have a set of contact information (name, DECT/GSM number, departure date, IP address). People put the labels onto by themselves with missing information, until we realized that a printed form would be a better idea (that also decreased setup time for each Colo server)
  • People were going up to the Colo by themselves, without being aware of that they need to report to the NOC helpdesk prior putting their servers up (solved by putting up some signs which said something like “YOU SHOULDN’T BE HERE, REPORT TO THE NOC HELPDESK”)
  • At least one person reported that the WIFI access data should be put up as signs all over the congress (aka you can use any Username/Password combination and which WiFi does what), especially as the wiki was down (was not solved AFAIR, but couldn’t solve it myself due to the cold)
  • A local wiki mirror should have been put up, as it was down several times

All those items listed required that some angel stepped up and took care of it (=responsibility).

This might also go wrong in some cases; in my case, I opened the door for the NOC to the Colo with some lockpicking tricks (the person with the key to the colo was asleep) and I was “caught” by a security angel. I tried to explain the situation, however, even saying that this was for the NOC and he should call the NOC to resolve the issue was ignored. Yes, I probably shouldn’t have opened the door and instead calling somebody, but that wasn’t obvious to me in that situation. So yes, taking responsibility for things sometimes goes horribly wrong and you might end up with wrong decisions.

But again, we need more angels who not only do what they’re told to do, but who do take responsibility and willing to resolve problems (or do improvements) as they appear. After the congress experience (and, of course, the OHM2013 experience where I acted as emergency toilet cleaner/soap/toilet paper refiller), I really feel that there’s a big need for angel problem solvers – maybe not only within their shifts, but in general. This will make the congress more enjoyable for everyone.

Probably there should be a team of “troubleshooters”, which takes care of any “interdisciplinary” issues occurring. That team should also be walking around and ask angels doing shifts what could be improved – because often, angels can’t leave their posts to solve those issues.

30c3 Quick VPN setup

The CongressChecklist mentions that a VPN tunnel is a good idea; in fact it is. Here’s a basic OpenVPN recipe. You need the following tools:

  • A server with enough bandwidth to handle the incoming and outgoing bandwidth (I’ve got a root server with 1Gbit/s connectivity at Hetzer, that should do)
  • OpenVPN

The recipe is fairly simple; I use a preshared secret and NAT so that I don’t need a separate IP.

Note: This setup is only suitable for a single device; it doesn’t do DHCP or other fancy stuff.

Step 1: Generate the shared secret

This generates a key to be used as shared secret. You need the same key on both your server and your client(s). Personally, I’ve placed my key in /etc/openvpn/secrets, but you may use any other path as well (AFAIK).

Step 2: Server Configuration

Additionally, we need a NAT rule which applies to the tunnel network (technically, the netmask is too big; but hey, you can fix that later). eth1 is my output interface.

Step 3: Client Config

Step 4: Testing

Start both tunnels. Check the output of both logs; you should see something like this:

Test that you can ping the server’s internal IP from your client:

Verify that you can ping the interwebz:

Verify that you actually route via the tunnel:

Possible solutions for non-working setups (I’ve not tested them and I am not 100% sure that you need those; they’re just ideas)

  • Check that /proc/sys/net/ipv4/ip_forward on your server is set to 1. On the client, this shouldn’t be necessary.
  • Check that /proc/sys/net/ipv4/conf/all/rp_filter is set to 0 on your server.

Step 5: IPv6 Tunneling

You can tunnel IPv6 over OpenVPN as well, but I have neither setup nor tested this. Technically, you could simply use two static IPv6 addresses and route them via the tunnel; however, this requires additional works with routing tables. You could even setup NAT, but that’s not a good idea either.

A better idea might be to use a tunnel broker or miredo, which should simply use the IPv4 tunnel. If you have comments about how to easily setup IPv6 over the tunnel, feel free to comment!


  • The MTU was still too big, 1380 didn’t work (yet?) on the congress network. Using 1300 for now
  • I couldn’t get DNS push to work, probably because clients don’t use DHCP for now – I simply created a script which pushes my own nameserver into /etc/resolv.conf

IP Power Strip “Reverse Engineering”

Wöhlke Websteckdose
Image © Wöhlke EDV-Beratung

I recently came across an IP controllable power strip from Wöhlke, which looked quite neat, however, it was way too expensive. They want 199€ for 3 controllable sockets. Reichelt has an IP controllable power strip for only 70€, and there you have 4 sockets including nice LEDs. The one from Reichelt also looks more like a custom designed product, while the Wöhlke one looked more like a product “mashup” (which isn’t a bad idea at all). They even sell a separate board, so my interest was increasing.

I’ve been looking for a nice power strip which I could re-cable for quite some time, but most power strips are designed down to a price, so they do whatever they can to keep it cheap. That’s also the reason why you’ll find so many power strips in a 45° angle – they’re much cheaper to produce.

A cracked open cheap power strip

I’ve cracked a cheap power strip open (literally – most cheap power strips don’t have screws, because they’re bolted down or only clipped together). You can clearly see how the (presumably) copper strips are arranged. If you’d have 90° outlets, you’d have to pay lots more for the copper strips, because they have to be routed in some sort so that they don’t short out.

I realized that the power strip Wöhlke used must be much simpler to modify, so I did a quite long search for power strips and I finally came across a manufacturer where the power strip looks pretty much identical to what Wöhlke uses: the Bachmann Craftsman Power Strip.



The Bachmann Craftsman Power Strip
Image © Bachmann

I decided I’d give it a shot, mainly because of curiousity, and ordered the strip. It isn’t a cheap power strip; it costs 19,98€ on Amazon, whereas most cheap 6 port power strips come in the 3-6€ range. When the strip arrived, I realized that I was absolutely right: You can easily open the strip using 4 screws (2 on each side) and an additional one for the cover. They also use some kind of copper strips, which happen to be about 6mm – great for 6,3mm cable lugs. Now it’s easy to understand how Wöhlke (probably) did it – cut the copper bars, and put cable lugs onto there which are fed into their custom board. The case isn’t aluminium, but plastic, but that’s completely okay for the price IMHO.


That’s a real nice base for own projects, and you can even get 9 or 12 port ones, and the 12 port is only 36€ – quite a nice price! Of course, you’d have to rip out 2 or 3 plugs to make space for electronics and take care on how you cover the holes, but the problematic part is solved: Getting a base for any power control projects.

More Pics below!


IMG_2539 IMG_2538 IMG_2535 IMG_2534IMG_2533

SolarWind currently out of order

A few weeks ago, SolarWind became pretty unstable. This mainly has 2 reasons:

  • The router draws too much power (I planned to upgrade to Carambola2, but haven’t gotten the time yet), thus it becomes unreachable in the night. This was expected.
  • It doesn’t connect to my home WiFi network anymore, which I’m unable to debug due to lack of the serial interface – I’m using the serial to communicate with the power measurement board

This means that there’s no data. I hope that I can free some money to buy a larger panel and finish the Carambola2 upgrade. In the meantime no data is available – sorry!

SolarWind OHM2013 slides

Here are the slides for my talk at OHM2013: Solar Powered Autonomous Routers @ OHM2013

SolarWind updates: MPPT, Carambola2

During the past month, I mainly concentrated on combining my CurrentMonitor with a DIY MPPT charge controller. Work is done at the CurrentMonitor repository.

My design goals for the MPPT charge controller are:

  • 10A (sufficient to cover 250W panels)
  • MPPT charge controller acts as an I²C slave
    • It can be configured via I²C
    • Values like power consumption or power harvested can be queried via I²C as well
    • The MPPT doesn’t have a user interface or LCD by default
  • Uses APR/ATC/ATO blade fuses instead of solar fuses due to the reduced cost (and regular glass fuse holders only are widely available up to 6.3A)
  • +12V Output can be disconnected via software
  • Additional +3.3V 800mA output which also can be disconnected via software

Below is a picture of the prototype, which is likely to heavily change.

IMG_20130716_002117 IMG_20130716_002108

DIY Directional WiFi Antenna + Tests

IMG_20130528_020617IMG_20130528_195107Yesterday I stumbled over the IKEA Baren Toilet Brush – yes, I do keep an eye on toilet brush holders since nazco and myself are planning a directional WiFi link. The box said 10cm diameter, which is a bit too much according to this heise.de article, however, once I arrived at RaumZeitLabor I was surprised that it is “only” 92mm in diameter – the optimal size.

The setup consisted of a TL-WR741ND on our balcony as well as an external Logilink WiFi adaptor which I used to measure stuff along my 2 hour trip.


Test Point 1


The TL-WR741ND sat on our balcony, approx 8m above ground level. It was equipped with the stock stub antenna. All tests were done using an external USB WiFi stick (Logilink, unknown model, rt73usb driver). For all test locations, I did the test with the stock stub antenna and my directional antenna.

I’ve used iperf to measure the throughput (iperf server on the TL-WR741ND, and iperf client on my notebook). I could have done send/receive stats, but at first I thought that it wouldn’t work so well if I had only one directional antenna – I was wrong! Performance was much better than expected, even at over half a kilometer I had nearly the same performance using only one directional antenna as I had when I was at home).


Test Point 3

Big Win: With only one directional antenna, I was able to achieve 18.3 Mbit/s over half a kilometer with a non-optimal line of sight, which is only 4 Mbit/s less than placing both antennas next to each other.

You can find my measurements in the following file: Messwerte.ods (20kb or so)

Additionally, I have visualized the test points on Google Maps.

Note that performance is sometimes less because of trees in the line of sight, and the antenna isn’t constructed in an optimal way. Additionally, my hand is a bit shaky, so there’s room for some additional percent of performance.


Test Point 4


Test Point 6

Autonomous WLAN Router Experiment: Part 3 – Up and Running

After hacking the software for the CurrentMonitor, I finalized the case as well as the wiring. I’ve built a frame which holds the solar cell at 33°. I might need to move the cell to get the best performance, but I already got 300mA out of it when the sky was cloudy. I’m curious which performance I’ll get on a sunny day.

I also held a talk at RaumZeitLabor (Slides) and I implemented a cosm feed to publish all data of the cell. If you have questions, contact me.

Solar Powered Router CaseSolar Powered Router: Panel



Autonomous WLAN Router Experiment: Part 2

I’ve bought some hardware in order to build up the experiment:

  • One monocrystalline 20Wp solar cell (25€)
  • A solar charge controller (15€)

I’ve also built a current/voltage monitoring board, which allows monitoring of the power generated by the solar cell as well as power drawn by the peripherials. Because it also monitors voltage, we can make assumptions of the battery charge status. It uses two INA138 current shunt monitors, together with two 0.1Ω 0.5W 1% precision shunt resistors and a ATMEGA168 (no low power, that’s the one I got at hand). The power monitoring circuit draws less than 10mA at 5V. I have to measure the exact power consumption,   I only recall that the bench PSU was showing 0.00A and my Fluke 27 did show something like 5mA, but I haven’t written down the exact numbers.

So much cool things and then: kaboom! I accidently connected the step-down converter backwards (12V to the output and the 5V router to the input), which delivered 12V straight to the router, which then refused to work. As I couldn’t find any fuse on the router, I assume it is totally bricked and I’ll most likely go with a Carambola2 board, which also requires only 0.5W power.

In the meanwhile, I’ll use a carambola board which uses 1.5W power, but that should be okay until my Carambola2 board arrives.

The current monitoring board can be found at https://github.com/felicitus/CurrentMonitor

Symfony2, Assetic, Twitter Bootstrap + Bootswatch

This is a quick’n’dirty guide for newcomers to symfony’s assetic and twitter bootstrap in conjunction with bootswatch. This is not a complete guide and reflects my own opinion only.

Quick terms:

  • Assetic is automated asset management and compilation, in this example it’s used to compile less files
  • less is used to compile a templateish CSS language into real CSS files your browser understands
  • Your advantages:
    • Easy color changes
    • One command to update your css
  • First, install nodejs. 
  • Configure bootstrap and jquery packages:


  • Add the following block to your config.yml and change the paths as explained in the comments.


  • Create a new build.less file and add the following stuff:

  •  Choose your favourite theme at bootswatch.com and download both .less files per theme. Place them alongside in the same directory where you placed your build.less file.

Now you can run app/console assetic:dump to compile the less file into a css file, which you then can include using the usual twig fragment:

That’s it. If you’re getting any errors, I’m sorry: You need to find out yourself what’s going on. I’ve spend 3 hours to get the initial setup running. Guides I’ve followed or files I’ve looked at:

  • http://bootstrap.braincrafted.com/getting-started (I’m not using the bootstrap bundle, as I don’t currently see the need for it. This might change as soon as I’m using KnpPaginator, KnpMenu and symfony forms. I just left the bundle out because I had trouble getting it to work, the reason was that my nodejs setup was forked up).
  • The build scripts for bootswatch
  • The source for the Assetic Less filter (no, you can’t inject different less imports, hence the build.less encapsulation script above)