Tuesday, May 29, 2018

UPS monitoring

Here is an example of setting up a Raspberry Pi 3 to monitor a few UPSs.
Note you can also install on Windows, iOS and other Linux versions but for a UPS not near a PC, a Raspberry Pi 3 works a treat.

Install the apcupsd and chkconfig packages from the software manager. Note apcuspd works with many non APC brand UPSs like Cyber Power. 

For the first one you can use the standard files. For more than one things get a bit trickier as you need to pass parameters the built in functions do not support. Below has the added steps for adding a second, third .... UPS. Replace the 2 in apcupsd2 in each step with the number of the UPS. For first UPS just leave off the 2.
Note NISPORT 3551 is for UPS 1, 3552 for UPS 2 and so on
Note DEVICE  hiddev0 is for UPS 1, hiddev1 for UPS 2 and so on

To see which UPS is on which port use these commands
First see what ports are in use with
ls /dev/usb/hiddev*

Then for each listed run this swapping in the matching device name for hiddev0
udevadm info --attribute-walk --name=/dev/usb/hiddev0 | egrep 'manufacturer|product|serial'

mv /etc/apcupsd2/apcupsd.conf /etc/apcupsd2/apcupsd.conf.bak
vi /etc/apcupsd2/apcupsd.conf
Add lines like these
## apcupsd.conf v1.1 ##
#
#  for apcupsd2 release 3.14.12 (29 March 2014) - debian
#
# "apcupsd2" POSIX config file
UPSNAME ShopRack
UPSCABLE usb
UPSTYPE usb
DEVICE /dev/usb/hiddev1
LOCKFILE /var/lock
SCRIPTDIR /etc/apcupsd2
PWRFAILDIR /etc/apcupsd2
NOLOGINDIR /etc
ONBATTERYDELAY 6
BATTERYLEVEL 5
MINUTES 3
TIMEOUT 0
ANNOY 300
ANNOYDELAY 60
NOLOGON disable
KILLDELAY 0
NETSERVER on
NISIP 0.0.0.0
NISPORT 3552
EVENTSFILE /var/log/apcupsd2.events
EVENTSFILEMAX 10
UPSCLASS standalone
UPSMODE disable
STATTIME 0
STATFILE /var/log/apcupsd2.status
LOGSTATS off
DATATIME 0

vi /etc/init.d/apcupsd2
Replace the script lines with this. You should similarly alter /etc/init.d/apcupsd to match removing the 2 from the highlighted areas.

#!/bin/sh

### BEGIN INIT INFO
# Provides:             apcupsd2
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Should-Start:         $local_fs
# Should-Stop:          $local_fs
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Starts apcupsd2 daemon
# Description:          apcupsd2 provides UPS power management for APC products.
### END INIT INFO

NAME=`basename $0`
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/sbin/apcupsd
CONFDIR=/etc/${NAME}
PID=/var/run/${NAME}.pid
DAEMON_OPTS="-d 9 -f ${CONFDIR}/apcupsd.conf"
CONFIG=/etc/default/apcupsd
DESC="UPS power management:${NAME}"
APCACCESS=/sbin/apcaccess

test -x $DAEMON || exit 0
test -e $CONFIG || exit 0

set -e

. $CONFIG

if [ "x$ISCONFIGURED" != "xyes" ] ;
then
        echo "Please check your configuration ISCONFIGURED in /etc/default/apcupsd"
        exit 0
fi


case "$1" in
        start)
                echo "Starting $DESC: "
                rm -f ${CONFDIR}/powerfail
                /lib/apcupsd/prestart
                PS=`ps -ef | grep ${CONFDIR}/apcupsd.conf | grep -v grep`
                if [ "$PS" = "" ]
                then
                        echo "start-stop-daemon --start --pidfile $PID --exec $DAEMON -- $DAEMON_OPTS"
                        start-stop-daemon --start --pidfile $PID --exec $DAEMON -- $DAEMON_OPTS
                        sleep 1
                        $APCACCESS status -f ${CONFDIR}/apcupsd.conf
                else
                        echo ""
                        echo "A copy of the daemon is still running.  If you just stopped it,"
                        echo "please wait about 5 seconds for it to shut down."
                        echo $PS
                        exit 0
                fi
                ;;

        status)
                $APCACCESS status -f ${CONFDIR}/apcupsd.conf
                ;;


        stop)
                echo -n "Stopping $DESC: "
                start-stop-daemon --stop --oknodo --pidfile $PID || echo "Not Running."
                #rm -f $PID
                echo "$NAME."
                ;;

        restart|force-reload)
                $0 stop
                sleep 10
                $0 start
                ;;

        *)
                N=/etc/init.d/$NAME
                echo "Usage: $N {start|stop|restart|force-reload}" >&2
                exit 1
                ;;
esac

exit 0

Mark ready by editing master conf file
vi /etc/default/apcupsd
Change the line
ISCONFIGURED=no
to
ISCONFIGURED=yes

Set to auto start by running
chkconfig apcupsd2 on

Lastly start it.
/etc/init.d/apcupsd2 start

If things did not work take a look at the wiki page for help debugging and / or triggering local actions on events. Note the script they show has the line
. /lib/lsb/init-functions
Odds are nothing below that line in the script gets executed due it being overridden by 
/lib/lsb/init-functions.d/40-systemd which /lib/lsb/init-functions probably pulls in as an include. Hence the custom script above.

Now you should be able to aim your monitor at the host and port to pull in the UPS stats. For instance with Homeseer's Apcupsd plugin.

Which let's you monitor and trigger events on most of these data bits.

Monday, April 23, 2018

Where is my robot maid?

This article, Amazon Has a Top-Secret Plan to Build Home Robots, is making the rounds but it is kind of depressing. (It is also depressing how many other articles are coming up in Google searches that are just book reports on the Bloomberg article without any getting new details on their own. Bot journalism I guess.) Anyway it makes it sound like we'll never get robot maids. In part because we do not want them. WTF?! I've been wanting one forever! Have you ever met someone that did not want one? OK maybe not for the quoted price but an affordable one sure. When the Hero came out back in the 1980s they seemed just around the corner. Then the whole electronics DIY market seemed to stumble there for a bit while a lot techie types moved into programming for awhile. But the dream was still alive. Google beer fetching robot for example and you get loads of links and videos like this one.

Yet despite having fairly decent voice interfaces, wide spread wireless data links, relatively cheap drones that can follow and pan you around and avoid obstacles getting home, much less self driving cars, most bots seem about as advanced as the Heroes we had back in the 1980s that had nothing but an 8 bit CPU and a floppy drive to work with. So what is the hold up? I don't need a human looking android or even something that walks on legs, which seems to be the focus these days. Show me something that looks like a Johnny 5 and can do laundry and such on its own for a few grand and I'll preorder it now.

Look at the ER1, a platform from over 15 years back now that was basically a frame that you mounted a laptop into. One of the sample tasks was waving a bottle in front of its camera and it would go get one. It was like $700 (with optional arm) plus laptop. I went to a demo they were doing at Frys, got there like 5 minutes before it was supposed to start and was told the salesman had already left because he did not think there was enough people there to make it worth the effort. If only he'd waited to see all the people that left work early to get there after he'd gone. Then I decided to just get one direct online but for some reason they decided to sell only to schools. What you won't even take my money?! Looks like they are out of biz now. Wonder why. Which goes back to my point, we had these 15 years ago. Why don't I have one that can do the laundry by now? We have hardware now that way out performs what we had back then including CPUs, cameras, recognition systems, motors and batteries so it should be simple to at least market something better than we had 15 years ago. The latest security cameras for example do face and even pet recognition of them walking through a room and only cost $299. That was SciFi 15 years ago. Another example NiCad batteries were still a thing then.

Look at this laundry folding robot that was making the news not long ago. Comes in at about $1K and you still need someone to load it? It is little more than this folding board you can get for $10. Why not make it a bit more, put some arms and a camera on it so it hang and or fold the stuff in the dryer and then move the laundry from the washer to dryer? Got room for basket it ought to be able to sort colors and whites at least well enough to make loads too. If you have room for a couple baskets you could pre-sort. Extra points if it is mobile and can be moved into the kitchen to do dishes.

Which brings me to this self proclaimed THE WORLD'S FIRST ROBOTIC KITCHEN that was in the news this week. $75K and all it does is cook and maybe the dishes. It looks like it is actually a kitchen with arms. But from the video it still looks like you have to setup the ingredients for it. They also show it closing the top loading dish washer but not how it gets the plates to put in it. It might make sense in a restaurant but you would have to be the kind rich to have a cook on staff to install one at home.  And again they go on about how life like the hands are. Why does a kitchen appliance need life like hands? How much cheaper is one with grippers and snap in tools instead? The inventor says $75K is about the same price as a standard kitchen but given the median home in the US is $326K I'm not buying it. Anyway a robot that can do the laundry would seem it least as useful plus a lot easier and cheaper to build. Not to mention retro fit, especially if it is mobile and only needs to be placed in front of the washer and dryer.

So in closing Amazon I truly hope you are going to get us something as useful as Alexa has been and not just an Alexa powered Jibo as the the article implies. We do not need an Alexa with more personality. We need one that is mobile with arms.

IDS, IPS and general bad site blocking

Been a fun week. 

Been see a lot of warnings 

like this lately

Still not clear on who ml314.com is but their cert is expired and blocking them seems to have no affect so I did. Same with the other expired certs that came up. If you see a pop up telling you cert is iffy block it. If you have other blocking tools add that domain.

Then I saw a lot of warnings about a known JavaScript miner site being included in sites I'm visiting. Nothing that weird either. The site is t.hanstrackr.com After I explicitly blocked the JavaScript I got a warning it was trying an HTML method from my antivirus!

Then I see this article when looking for why the extension got disabled

 Google cuts fake ad blockers from Chrome Store: Were you among 20 million fooled?
Adremover, the one I was using, was the most downloaded of the ad blockers in the extension store. It was downloaded by 10 million! It also was blocking so much stuff that I had to keep turning it off to use a lot of sites. I'm not sure how long Adremover was off before I noticed but I think all the expired cert warning started about the same time. So I'm not sure calling it a "fake" ad blocker is exactly accurate.

As a stop gap I upped my OpenDNS filtering to include "Adware" and "Hate/Discrimination" though it does not seem to be stopping all that much.
I'm guessing that is because so many sites are moving code to sites on blocked lists and adding other blocker detector to try and force us to turn them off. Note I have no problem with ads as long as they are vetted for malware and do not slow the page loads to a crawl but responsible advertising seems to be mighty rare these days.

I upgraded my internet:

With just my workstation plugged into the modem I'm not really seeing much of an improvement in download speed but upload is better than expect and that was my bottleneck. The cable guy's meter was showing over 900 Mbps down but I did notice it jumped up from ~350 to over 900 close to the end of the test so it is probably a burst speed more than a solid speed. This seems to confirm what I'm seeing. New Spectrum GIG no where near 940 Mbps But then I do not see buffering watching HD content even while running speed tests and downloading updates all at the same time so I don't think download speed will prove to be an issue anytime soon.

There was a bit of a mix up and Starz was not in the bundle I got so had to add that again. Still ended up adding Showtime, Cinemax and Starz plus doubling my upload speed for less than $20 more a month. Not bad. One weird bit though is I seem to have lost channel 511, HBO HD east. They have no clue why. Error says temp issue so maybe will sort on its own. Since I almost never watch live, picking up on the west feed is not biggie.

The new internet setup is kind of strange too. They bring out a modem AND a router. Seems you do not need to use their router and it does not have the phone interface so you need to keep the old modem/router as well just for the phone. Instead of using their router I think I'll stick a pfSense box instead. I was planning on adding one anyway later. I'll need to rewire some stuff though so I'll be on and off probably for the rest of this weekend.

I put one of my old NETGEAR Nighthawk R7000 from before my Unifi conversion in place while I got OPNsense installed This turned out to be VERY bad for throughput but at least I had some protection while I got OPNsense ready.


So now I'm setting up OPNsense.

From what I'm reading in forums and groups, OPNsense is a fork / more user friendly version of pfSense  so I decide to go with it. Also see pfSense® vs OPNsense®: technical comparison and this compare from a guy that installed both. One of the co-founders of pfSense joined Unifi awhile back and the additions they are now making to Unifi fall somewhere in between OPNsense and pfSense from what I as a user see. As I mention below though it seems unlikely current Unifi hardware will be able handle the load of processing high bandwidth data so going with a standalone box makes more sense for probably at least the next year.

I'm using a Dell 745 with an Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (2 cores), CDROM drive, 2 TB HD and 8 GB RAM. It is just spare I had been using initially for OpenShift testing but is not really powerful enough for any real projects I do these days but well beyond what a Unifi USG can do with a dual-core, 500 MHz processor, 512 MB DDR2 RAM and 2 GB of storage.

Install went smooth (the occasional label did not match the instructions but it was generally obvious what to do next) except for one thing. The DVD image failed half way though coming up because it seemed to be unable to find the USB DVD drive I had booted from. I had even less luck with a USB stick image as they would not even boot but that might have more to do with the age of the PC I'm using. Note when installer the new machine I found the installer went through without error the second time but got the same CD not found error the first time so this might just be an intermittent issue.

Even more detailed instructions can be found in Building a BSD home router (pt. 5): Installing OPNsense

From the picture above you can see It performed well as a router even after turning off hardware offloading but when I turned on full IPS it took a real hit.

The CPU usage is frequently hitting 100% though so I think that is at least part of the problem. I'll need to try swapping in a Dell 780 with a  Intel(R) Core(TM)2 Quad CPU Q9550  @ 2.83GHz box and see it that improves things. For now though it mainly seems to be affecting download and upload so not pressing. This is what the dashboard looks like (WAN IP blacked out here of course).
Just unchecking  IPS mode on the OPNsense Services: Intrusion Detection: Administration page, but leaving IDS enabled, pretty much gets us back to normal.
Having IPS on was also causing check for updates to fail.

Reports

Traffic

So far the traffic reports look about the same as what I'd get from Unifi though in my case it helps me to filter just what is talking or not talking to the outside world. Otherwise Unifi pretty much wins here.



IPS 

Now this is the bit I wanted OPNsense for. Unifi has started adding much of this in but with the CPU their routers have it just can't cope with processing this amount of data. Turning IPS on with the low end USG router people are reporting download speeds in the 50 Mbps range. As mentioned above even the Dual core I'm using for OPNsense is struggling with full IPS on (29905 rules) and drastically reduced max speeds. Granted that many rules is probably over kill. Especially when looking at the alert log and seeing almost all the hits were for this one rule

Unifi has a similar geo filter but currently you can only have on where OPNsense lets you have many.

Both let you get just alerts or drop packets. Note the above test had both set to alert instead of drop. Unifi set to alert only mode hardly affected throughput at all while block mode definitely does. With OPNsense it was not as clear because setting IPS mode on here

Seems drag down the system as if packets are being block even though the rules themselves have their "Action" set to Alert. Though looking at the above Unifi rule that would seem to imply it is blocking these packets yet OPNsense is still seeing them would imply it is working similar. But then too the only IPS alerts I've seen from Unifi since turning alerts on are:
  EVENT TIME
IPS Alert 2: Misc Attack. Signature ET DROP Dshield Block Listed Source group 1. From: 191.101.167.73:46524, to: 10.10.2.48:8078, protocol: TCP, in interface: eth1 11:30 04/18/2018
IPS Alert 2: Misc Attack. Signature ET DROP Dshield Block Listed Source group 1. From: 191.101.167.37:46430, to: 10.10.2.46:8076, protocol: TCP, in interface: eth1 19:12 04/11/2018
An IP that appears to be in Netherlands though the attached phone number and some of the contact info is Czech.

My Unifi IPS setting look like this

Console

Have to say I like the amount of stuff you can cram onto the console. Her I have it in 4 column mode and this is not even everything you can stick on there. Surprised there seems to be no way to hide or shrink the left nav menu as customizable as the rest is.

ssh access

Seems checking Permit password login does not seem to work. You still need to use ssh keys.

Adding speedtest to the OPNsesnse box

This should work but did not for me
curl -Lo speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod +x speedtest-cli

So as a work around I copy pasted into vi from a browser. Note you will need to change the first line from python to python2.7 either way so it can find the python command.
Run it like this

For keeping track create a cron job that writes to a csv file

As root run (changing 16089 to the server ID you want to test against)
/root/speedtest-cli --server 16089 --csv-header > /usr/local/www/speedtest.csv
That sets the headers for you
Then set up a cron job to run with
crontab -e
Note it uses the vi editor so you need to know the right commands for that. Should look like this

Update it appears the crontab is getting overwritten so you may have to redo this from time to time.
To avoid this you need to create a /usr/local/opnsense/service/conf/actions.d/actions_speedtest.conf file and add

[test]
command:/root/speedtest-cli --server 16089 --csv >> /usr/local/www/speedtest.csv
description:Run a speed test
parameters:%s
type:script

message:running speed test %s

After saving run
service configd restart
to load action file changes then
configctl speedtest test
to test it. You should get an OK as a response. Then add as a cron job through the web GUI like this
This should add a line to the crontab but does not seem too. Nor did it run at first even after reboot but then started running later. No obvious reason why but the line I manually added to the crontab disappeared about the same time. Still not adding a line in crontab though so being handled else where.

Once it is running you can download the speedtests results file by pointing your browser to https://192.168.0.1/speedtest.csv (assuming your web interface it on 192.168.0.1 of course)

Odd bits

The LAN interface switched from 192.168.0.1, the static assigned, to 192.168.0.201, a DHCP address, at one point for no obvious reason.

Sometimes the Speedtest.net extension just seems to hang when run while on the dashboard page.

As mentioned above check updated fails with IPS on. It appeared it was because the Core(TM)2 CPU is just not powerful enough to handle both at the same time. But I'm seeing the same with the Quad Core and the CPU is under 40% max.

I found a good starting point for rules in this pfSense post
Basically this sets:

  • emerging-drop
  • emerging-botcc.portgrouped
  • emerging-botcc
  • emerging-ciarmy
  • emerging-compromised
  • emerging-dshield
  • emerging-tor
  • emerging-worm
  • emerging-trojan
  • emerging-mobile_malware
  • emerging-malware
  • snort

Note on Snort. There are a lot of Snort rules. I filtered the list for "snort", selected all then enabled selected which enabled about half of them. I then also enabled Snort VRT/blacklist.
After reenabling IPS mode speed test and load looks like this

Note the much improved CPU usage. That upload is way low but after turning off IPS I got an even worse run and then a slightly better one which makes me wonder if the speed tests are telling me anything. External factors must be throwing them off or something is causing flux in the OPNsense box I can't see.

Note the CPU usage has actually gone up even though IPS is now off which makes no sense at all.

Web GUI seems to have gotten slugish after enabling IPS even when traffic and CPU is low. eventually the dropped packets got so bad I rebooted but it did not seem to help so as a last ditch attempt I repovered the box after checking the cards were all well seated. This seems to have helped at least for now. Speedtest with IPS off

And Speedtest with IPS back on.

Doing more research Seeing 0% packet loss after repower but back to 20% and other weirdness within an hour.

Swapped out the 1 PCIe x1 network card (WAN side) and the 2 PCI cards (the slots the mother board had open) with a 4 port PCIe x4 card in place of the unneeded video card in the PCIe x16 slot and things have improved a lot! The next morning I was still seeing 0% packet loss and higher speeds than I had connected to the modem directly.


Last night I even hit over 40 Mbps up.

This is with these plugins installed
os-acme-client (orphaned)1.13221KiBLet's Encrypt client
os-dyndns (orphaned)1.6_1134KiBDynamic DNS Support
os-intrusion-detection-content-snort-vrt (orphaned)1.012.4KiBIDS Snort VRT ruleset
os-smart (orphaned)1.215.9KiBSMART tools

And IPS on with the same ET and Snort rule sets as before.

Update: 5/17/2018 This are looking better though the results to vary a good bit.


Some of that might be from all that else is going on though. For instance here
There is about 40 mbps down and 5-6 mbps up going on besides the speed test. The fastest download test I was only seeing 8 mbps up because of how fast the security cams were triggering and transferring alert pics to the cloud that day.

I also added a Pi-Hole DNS filter which has shifted some load from Chrome and the OPNsense. To give you an idea here is the dashboard showing the number of DNS requests it is handling.
So simple to set up I will not even try to improve on the instructions. Just in time too as the ad blocker Chrome extension I had been using got caught doing stuff.


Wednesday, April 18, 2018

Answer to "I'm new what camera should I get?"

Wire your cams. You have to run power to them anyway (do not get battery powered ones) so you might as well run cat 6 and power them through that.

Only record to the cloud as a backup. Get a NVR like Blue Iris to record local.

Record 24/7. Recording on motion will get most stuff but usually misses that one thing you REALLY needed to get.

Think about what you want the camera for. 720p is fine if you are mainly looking at stuff up close or letting you know someone it there but if you want to have a pic the police can use you will need something with enough pixels to work with at the max distance you might see them at. This applies to viewing angle as well. The wider the angle the thinner you are spreading those pixels. If you are not rich you will be making compromises. You need to decide what you can live with.

Cams that also record to an internal card is not a bad idea too. Cameras should only talk to the NVR and be blocked from talking to the outside world.

I hace a lot of notes, tips and compare pics of most of the cameras I've tried in my blog Security Cam 101

Automation is VERY subjective. Anything from simple remote control of a bulb to multi room scenes that happen automatically based on conditions. The only real suggestion here is get a hub and look for devices that work with multiple hubs to keep your options open. This blog lists a lot of the stuff I've tried and some of the issues I've dealt with. I also have a matrix of hubs and devices I've tried tracking how well each worked. As a first hub I generally suggest SmartThings or Vera as they are both fairly cheap and simple to set up. When you are ready to go whole hog you can upgrade to Homeseer which costs more and is aimed more at the installer but does almost anything you can think of except talk directly to Zigbee devices.

Gateways / sub hubs like Hue are good too just try and get ones that do not need to link through the cloud.

In a similar vein you can use your automation sensors for an alarm system if you really do not think you need an alarm and just want something simple. But if you think you need an alarm get one that is separate but talks to the hub you decided on above.

Thursday, April 12, 2018

Voice data bandwidth, a quick test, could Alexa listen all the time even if they wanted too?

Seeing a lot of posts about Amazon seeking a patent for voice sniffing which seems to imply they either do have the capacity on the device to recognize a whole list of trigger word or they plan on streaming all your voice to the cloud to be processed for key words. For example "Amazon patent reveals 'voice sniffer algorithm' that could analyze conversations". My response was:

These are the same devices that supposedly do not have the ability to let us select our own trigger word but will be listening for variations of I like or hate that? Does not add up. In theory they could stream all your voice to the cloud servers but that quickly starts taking up some serious bandwidth and server resources. 

Plus for all that, all they are going to find is I love my pets and hate slow computers and the cable company. No news there. Given the false triggers both my Alexas and Homes get they would build more of a profile of the characters I watch on TV than me. They would have to sort the whole speaker recog first. Alexa still is having big issues with that. Being able to read your emotional state is simple be comparison and they are still working on that. Then there is the whole I'm commenting on something I'm looking at instead of what Alexa last heard too.
Most likely here they are looking to cash in if someone attempts such a silly thing.

But as part of that I tried to find just how much data a request takes. I could not find an actual spec online so I asked my Echo Show and one of my Google Minis the time. The Mini used 254.5 KB processing the request and 26.7 KB while I was talking to Alexa. Alexa used 213.6 KB processing the request and 0 KB while I was talking to the Mini. By comparison my Roamio TiVo used 12.9 during both exchanges. That was way more than I expected and puts this even more in doubt. It takes roughly a second to say "what time is it" so those are pretty close to the kbps rates the devices sending your requests at. So say 5 of them streaming continuously would swamp the 1 Mbps upload speed of many US ISPs. Granted a lot of ISPs are advertising "up to" 5 Mbps upload now but that is still a lot especially if you are using the ISPs router provided WiFi. Then there is the other end where a server now needs to handle not only usual requests, say a 30 a day. That server has gone from processing and average of 74 bps total (over a day) to 213.6 times the number of devices I have every second of every day. That is 2886 times the amount of data needing processed now.

The other assumption that they are going to move some of the processing local for this, even though they say the devices to not have the horsepower to handle user defined trigger words. This would seem to be squashed as well given the amount of data sent just to process "what time is it".

Monday, April 2, 2018

Google Home vs Amazon's Alexa for voice control of automation.

I see someone ask this almost every day in one of the automation groups. As hard as these guys are working to out do each other which is better ALL depends on what you want to do AND what day it is. There is no sign they will even play nice with each other so you still probably want both for the near future if not long term. To answer which is better for you, if you have to have just one, you need to fall back to the old list method. What is it you want from voice control? Any deal breakers? Now look at the latest (like within the last week) reviews and announcements and check off your list. Seriously though if you are getting into home automation $50 is not that much to risk on just trying them both out. Each of you sensors and controlled devices is going to run about the same $30-50. Keep an eye out for sales and you could get a Dot for as little as $29. Google express and Wal-mart had a deal going on for months where you could get $25 back on the $50 price.

Talking to home automation is at least 80% what I use these for. The remainder is almost all adding stuff to lists and alarms / reminders. So here is an exchange I have almost every day which drives me nuts and to me sums up the argument as far as which is better for home automation voice control is concerned. It is not always this bad but it has been all too often.

(Note from memory so maybe not exact phrasing and Alexa follow-up on.)

me: Alexa, turn on TiVo
Alexa: I can not find TV
me: Hey Google turn on TiVo
Alexa: I don't answer to that
Home: Sure for that you might to ask Harmony. Would you like to try that?
me: Yes
Home: I was unable to verify your voice. Please try again or adjust setting in app.
me: Alexa, turn on TiVo
Alexa: I can not find TV
me: Hey Google turn on TiVo
Alexa: I don't answer to that
Home: Sure for that you might to ask Harmony. Would you like to try that?
me: Yes
Harmony: Turning on TiVo.

Sometimes either will even work first try. It is interesting to note though Google always knows I want TiVo and only fails allowing me to turn it on while Alexa fails realizing while there is no TV on my list there is a TiVo. It would seem Alex's problem would be easier for developers to fix given it has a list of items to compare to what I asked for. As in if item is not located, do fuzzy search and ask did you mean [closest match]?  Another example is Iris3 (my north security camera server). Alexa has no trouble at all with Iris2 and Iris4 but is almost pathological in not understanding Iris3. While Google gets it right every time.

On the flip side, I like Alexa's integrated list features better (though both are lacking in my book) and when I'm ready to go to bed I say Alexa, wake me up at 7 AM [pause for response] Goodnight and kicks off the event which confirms everything and if is puts house into sleep mode. I think can almost to the same with Google too (you need to use the word and between command phrases) but the Alexa sequence works well and feels more natural to me. It is also kind of cool that with follow-up turned on (the bit that let's you ask more than one thing with out saying her name again, usually) you can say "thank you" to end an exchange and she gives you a random friendly reply like "You bet!" So for today anyway I'm leaning Alexa. But I have the mix. As of this writing I have an Echo, a Home, a Show, 2 Minis, 7 Dots and 2 Wands.

Oh and as far as answering general questions I think Google has been able to answer about 10% of the time and Alexa about 5% but that could well be what I'm asking.

Monday, February 26, 2018

Link aggregation on Windows 10?

Basically this is to increase the throughput to a a higher end NAS like the Synology 12 bay NAS DiskStation DS2415+ (Diskless) I use. By adding a multi port board like Intel's Pro1000 (EXPI9404PTL) and using what Windows calls teaming you are supposed to be able to increase bandwidth between your workstation and NAS up to the number of ports linked on each end. For example with all 4 ports of the Synology linked and the 4 ports of the Intel card linked you should have a theoretical max bandwidth of 400 Gb/s which is almost local SATA speeds. But there are some catches not the least of which seems to be that Microsoft seems to be trying to force you to upgrade to server versions of their OS in order to use teaming. This means you have to hack around them to get it set up and upgrades may undo you workaround and have to be done again. This happened to me just this morning.

Doing some more research however shows that usually even with 4 ports available on both ends the link aggregation algorithm will only use one. A good explanation can be found here. To confirm this I set up my Synology with 2 ports linked on each of 2 networks and the workstation with 1 on one network (mounted as drive T)  and 4 teamed on the other (mounted as drive S).  LAN Speed Test showed no difference between using either network connection.

Though it also returned these results for a local 8 TB drive like is in the NAS (D:) and a Samsung 840 EVO mount locally as E: so I'm not sure that means much.




A better test might be doing a copy to from one folder on the NAS to another via the single workstation port

And via the 4 teamed ports

Note those are Bytes not bits per second. Not that much faster peaks though more consistent.

Just to confirm, after linking all 4 of the Synology ports together we do not see any more improvement in speed either because 4 port link aggregation really only provides 4 times the bandwidth to 4 or more devices.


Note the theoretical max for a  1 Gb/s port is 128 MB/s. 

So this seems to confirm teaming 2 connections might help some but it is unlikely you will get anything near a 2X bump. A third is unlikely to help at all unless you have high volume going to more than 2 places at once. And so on.

Just for fun I ran Crystal Disk Mark to get some comparative read/write times.
A Samsung Electronics 840 EVO-Series 250GB SSD

WD Red 8TB NAS Hard Disk Drive (what is in the NASs)

Synology 12 bay NAS DiskStation DS2415+ in SHR-2 mode

Drobo5n in SHR mode

Instructions for setting up teaming on Windows 10

So if after reading all the above you still want to team your ports here is what you do.

1) Download ProSet (PROwinx64.exe) Intel download site. Lookup “Intel Network Adapter Driver for windows 10” currently ver. 22.10

2) Run and install the exe (keep the file, you might need it again).

3) Find the temp folder the the drivers where put in (install does NOT install the ones we want) by looking for PROUnstl.exe in your users temp folder (C:\Users\{your username}\AppData\Local\Temp)

Use that to local the PRO1000 folder. Copy the PRO1000 folder to some where safe as you will be needing it often.


Adding teaming to Pro1000:

1) For each Ethernet port, go to properties->configure->driver and click “update driver button”
Note yours will not mention teaming if this is your first time through this process.

2) Choose “browse my computer for driver software” then “let me pick from a list…” then “Have desk”

3) Browse to where you copied the PROWin64 files and browse to \PRO1000\Winx64\NDIS65

4) You will see about 5 inf file there. Choose the 1st one (you will need to keep track of which one you used)

5) From the list of adapters scroll down and choose 82579V Gigabit Network Connection.

Note ignore this warning


6) Finally, repeat steps 3-8 for each of the 4 ports.

7) You’ll probably need to reboot at this point, after that you will see new teaming tabs in the Ethernet port properties.

8) For first Ethernet port, go to properties->configure->driver and click “update driver button”
You should now have a teaming tab. Select new Team is one is not already defined from previous run and select all the ports you want in the team.
You now have your ports teamed on your Windows 10 PC but as I said at the start you may need to come back and do this all over again after an update. Also this assumes you have also linked the ports on switch as well. For Unifi this would look like this.