Adding a DS3231 Real Time Clock to the Raspberry Pi 3

ds3231-rtcSince the Raspberry Pi 3 doesn’t come with a battery-powered real time clock, it will only show the correct time once it has Internet connectivity (thanks to the NTP daemon). If the Raspberry Pi 3 is not connected to the Internet, you might want to add a hardware clock to set the current date. Here’s how to add a DS3231 real time clock GPIO module to the Raspberry Pi 3 in Raspbian Jessy Lite:

  1. Get a DS3231 real time clock module and install it on the GPIO header of the Raspberry Pi 3 on pin 1
  2. Add the following line at the end of /boot/config.txt in Raspbian Jessy:
    dtoverlay=i2c-rtc,ds3231
  3. We don’t need fake-hwclock anymore:
    apt-get purge fake-hwclock
  4. Check/set the current system time and write the system time to the RTC module using:
    hwclock -w
  5. Set the correct time zone using:
    dpkg-reconfigure tzdata
  6. Edit /etc/rc.local and add the hwclock command above the line that says “exit 0”:
    /sbin/hwclock -s
  7. The /etc/init.d/hwclock.sh shell scripts tends to corrupt this RTC clock module. In my case, the RTC clock was set to 2066/01/01 after every reboot. To prevent this from happening, edit /etc/default/hwclock and set HWCLOCKACCESS to no:
    HWCLOCKACCESS=no
  8. Reboot
  9. Done! Raspbian will now set the time from the RTC clock during boot even if there is no Internet connectivity available.
  10. If RTC corruption is still happening, you may have to get rid of the NTP daemon as well using:
    apt-get purge ntp
    apt-get install ntpdate
  11. After the NTP daemon has been removed, you can still sync the system clock using ntpdate-debian which you might add to /etc/rc.local as well (after the hwclock command though) – just in case there is an Internet connection available during boot. And/or add it to /etc/cron.daily for example.

Raspbian Jessy Lite will detect the DS3231 real time clock module automatically (as a DS1307 module but nevermind), there’s no need to whitelist or blacklist any I2C modules. There’s no need to run the i2cdetect command from the i2c-tools package. Once the clock module is detected, this line should be visible using dmesg:

# dmesg | grep rtc
[    6.640799] rtc-ds1307 1-0068: rtc core: registered ds3231 as rtc0

Check /proc/driver/rtc for more data on the RTC:

# cat /proc/driver/rtc
rtc_time : 19:26:18
rtc_date : 2016-03-25
alrm_time : 00:00:00
alrm_date : 1970-01-01
alarm_IRQ : no
alrm_pending : no
update IRQ enabled : no
periodic IRQ enabled : no
periodic IRQ frequency : 1
max user IRQ frequency : 64
24hr : yes

Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV

My poor man’s DNS-unblocking configuration using just a single, public IP address has one serious limitation: it will not run Netflix or Hulu Plus with non-SNI players like the PS3, Xbox 360, Samsung TVs, Sony BluRay players and possibly quite a few other devices. A commenter (kudos go out to Alex) suggested to use Netfilter’s DNAT port forwarding mechanism to overcome this limitation. Using DNAT you can forward packets based on the source-ip:port to a remote-ip:port.

So, here’s a modified version of the poor man’s DNS-unblocking approach. You will need some sort of Linux server at home to do this. I’m using a Raspberry Pi Linux mini computer which is up 24/7 on my LAN. And of course you will need a remote Linux server with an IP address registered in the U.S. You can get a low-end virtual private server for as low as $5/year. Unfortunately, it’s almost impossible to come up with a step-by-step tutorial because every LAN setup is different, hence you have to have some Linux and networking skills in order to get this baby up and running.

And here’s how this approach works: A DNS forwarder like Dnsmasq on your local Linux server will intercept domain names relevant for DNS unblocking. All other queries will be forwarded to the DNS resolver/forwarder of your choice (usually, this will be your router). The intercepted domain names will be resolved to IP addresses which are routed to your Linux server within your LAN. Depending on the resolved IP addresses and ports, iptables DNAT rules will forward the request to a HAProxy proxy on your remote server. Each domain name can have its own internal IP adress and thus its own listening port on your remote server’s HAProxy. And since every domain name can have it’s own HAProxy TCP proxy on your remote server, there’s no need for SNI! Continue reading

DNS unblocking using Dnsmasq and HAProxy

As I mentioned in my previous post, the open source DNS forwarder Dnsmasq is ideal for the DNS part of DNS unblocking. I’m running Dnsmasq on a $30 Raspberry Pi credit card sized mini computer which is up 24/7 anyway since it also handles all VOIP phone calls at home. I point my Mac, Apple TV and iPad to the RPi as the primary DNS server.
On the server side, I’ve setup a HAProxy instance using just a single IP address as a proof of concept. This poor-man’s approach works beautifully with SNI-capable devices like my Mac and iOS devices. I think newer Android devices are SNI-compatible as well but I haven’t tested it. Windows 7 and up should be OK too. Older devices like the Playstation 3 or Xbox 360 are most likely not SNI-compatible and won’t work with my highly cost-efficient single IP address approach. Unfortunately, even some of the newest multimedia players don’t support SNI.

The HAProxy server is running on a lowend virtual private server in the U.S. As a starting point, feel free to use my proof of concept server as shown in the Dnsmasq configuration below. In the web browser, you should be able to watch Netflix, Hulu/HuluPlus, free episodes/TV shows on MTV, Disney XD, Syfy, NBC, ABC, Vevo, Crackle, PBS and CWTV. Netflix works on iPad and Apple TV too. HuluPlus could work on iOS as well. Continue reading

Tunlr-style DNS unblocking for Pandora, Netflix, Hulu et al

Since Tunlr closed down unexpectedly this week, I decided to publish my ideas and findings on the subject of DNS unblocking. I used Tunlr for some time when I decided to develop my own, private DNS unblocking solution last year.

Why VPNs are no good for streaming

DNS unblocking refers to a technique used to circumvent geo-fenced Internet services without the use of a VPN. When we’re using a VPN to access geo-fenced websites, usually all our Internet traffic gets routed through a remote VPN server. With DNS unblocking, only selected traffic gets routed through a remote proxy server, ideally just the minimum traffic required to trick geo-fenced services like Pandora, Netflix or Hulu into “thinking” our current geolocation is within the United States (or any other country required to pass the geo-fence). One advantage is that DNS unblocking works for all devices that allow custom DNS settings while a VPN only works on a computer or in the router. But the big advantage over a VPN is that DNS unblocking allows the full and intended use of Content Delivery Networks (CDN).

Continue reading

How to batch-import a phone number blacklist into Asterisk/FreePBX

Here’s a simple shell script sample on how to import a list of phone numbers into FreePBX’s blacklist module. The blacklist module is available for download in the FreePBX “Module Admin” menu. Unless you’re based in Switzerland, the call-center blacklist I’m using in the script below is probably not relevant to you – you’ll have to find one for your country. Continue reading

Call-Center Rufnummern-Sperrliste Schweiz / Telefon-Spam

Aus aktuellem Anlass wieder mal ein Post in Deutsch. Und zwar geht es dieses Mal um Belästigungen. Genauer gesagt um Meinungsforscher, Werbeanrufer und sonstige, gewerbliche Telefonterroristen, welche sich ungeniert über den *-Eintrag im Telefonbuch hinwegsetzen. Der Plan: Mittels einer Sperrliste bekannte Störenfriede automatisch abweisen. Was braucht man dazu:

  1. Eine Telefonanlage, welche mit einer Rufnummern-Sperrliste umgehen kann
  2. Eine maschinenlesbare Sperrliste mit Call-Center Nummern
  3. Irgendwelche Update-Skripts zwecks Automatisierung

Continue reading

Colocating a Raspberry Pi Debian server in a data center (follow up)

I mentioned in an earlier post that I’m planning to host this website on a colocated Raspberry Pi. Meanwhile, my RPi has arrived at EDIS’ data center in Graz, Austria. I transferred all relevant files and database tables from this WordPress installation to the new home on the RPi. I had to tweak my LAMP installation to reduce the memory footprint because the default settings for Apache and MySQL tend to eat quite a bit of RAM. When I started testing the WordPress installation, something interesting happened: it took more than 10 seconds to serve a page. Continue reading

Colocating a Raspberry Pi Debian server in a data center

After weeks of waiting I finally received my first (but certainly not last) Raspberry Pi last week. This one is going to be colocated in a data center in Austria and I’m planning to run this website on it. I sent it off today and it’s due to arrive at the data center later this week so I’d expect to move trick77.com to the Raspberry Pi (or short RPi) either this weekend or the weekend after.

I went for Debian because of all available images for the RPi, Debian “Squeeze” seemed to be most stable version for a production server. I should have gone with the basic Squeeze ARM-Netinstall image but I didn’t have the nerve to compile a kernel for the RPi. However, the provided Squeeze image is not really suited for a production environment and needs to be heavily apt-get purged. For instance, I threw out all X-related software and using the netstat command, I made sure no unwanted ports were left in the open (even though I’m additionally firewalling it). To free up more RAM for Linux I set the CPU/GPU split to 224/32 because the default 50:50 split doesn’t leave enough RAM to run a LAMP installation. After upgrading to the latest RPi firmware even my 8GB Sandisk Extreme Pro UHS-I SD card started working properly. The rpi-update updater comes in handy!

Now, colocating a bunch of Raspberry Pi’s is certainly not a service every data center is providing (at least not yet :). I saw this offer from EDIS.at over at Lowendtalk and they’re even colo’ing the RPi for free. Yeah, for free! This includes power, an IPv4, multiple IPv6’s and 100GB/mo traffic on a 100mbit port. AFAIK the offer is still up, check this link: https://manage.edis.at/whmcs. Nope, looks like the offer has expired. Re-nope, here’s the sign-up link: https://manage.edis.at/whmcs/cart.php?gid=6

I expect that quite a few RPi’s are on their way to Austria right now and I’m really looking forward to see some photos of them once they’re installed in EDIS’s data center. It would be pretty cool to have the RPi’s lined up vertically in a 1U slot just like small blade servers. But since no such thing exists they probably just throw ’em on a table or something.

Please leave a comment if you’re going to colo your RPi too and what you’ll be using it for!