News archive - Koos van den Hout

Zaterdag stond in de Volkskrant een opiniestuk van Dhr. Welten, korpschef van de regiopolitie Amsterdam-Amstelland. Hij beweerde dat de politie wel degelijk aan privacy hecht (helaas staat het stuk niet publiek op de volkskrant site). Ik heb een ingezonden brief naar de volkskrant geschreven maar die is niet gepubliceerd. Bij deze publiceer ik hem nu zelf: reactie op Dhr. Welten "politie hecht wel degelijk aan privacy".

Zo, weer betrouwbaar Internet toegang. XS4ALL heeft het over de grootste storing in haar bestaan. Tussen dinsdag 2 uur ('s nachts) en donderdag 10 uur in totaal ongeveer 3 uur werkend ADSL gehad. Het lijkt nu allemaal weer stabiel.

Er is weer een beetje tegengas tegen de politie die alles maar wil registreren en later wil kijken of de gegevens nog bruikbaar zijn. Gisteren stond er een stukje in de Volkskrant Politie registreert alle auto’s bij Zwolle

De kentekens van alle voertuigen die bij Zwolle over de snelwegen A28 en A50 rijden, worden door de regiopolitie IJsselland vastgelegd en drie dagen bewaard.

Het College bescherming persoonsgegevens was niet op de hoogte en noemde de handelwijze van de politie Ijsselland onaanvaardbaar volgens het Volkskrant artikel. Volgens een artikel vandaag Kamer beducht voor autoregistratie

De regiopolitie IJsselland gaat over de schreef door de kentekens van alle voertuigen die over de snelwegen A28 en A50 rijden vast te leggen en te bewaren. Dat stelt een meerderheid van de Tweede Kamer.

Alleen het CDA komt met een volgens mij zwak antwoord:

Het CDA is de enige regeringspartij die daar geen bezwaar tegen heeft. ‘Zie het als uitbreiding van het cameratoezicht’, zegt Kamerlid Ciska Joldersma. ‘Heel belangrijk voor onze veiligheid.’

De duidelijkste opmerking is van CBP-voorzitter Jacob Kohnstamm:

Het is de politie niet gegeven onverdachte burgers te registreren.

En zelfs de politie moet zich aan de wet houden.

Ook Martin Bril had er een mooie opinie over in de Volkskrant maar dat artikel zie ik nog niet on-line staan. De afsluiter:

En waar ik de allergrootste hekel aan heb, is dat ze dan altijd zeggen dat het voor mijn eigen bestwil is. Ik als burger wilde toch al die veiligheid?
Nou nee, weg ermee.

Briljant.

Last weekend was a very long weekend in the Netherlands (I had Wednesday - Monday all off). I took the wardriving setup on some bicycle trips. One trip was specifically through all parts of Ijsselstein which has grown lots since I lived near it. A new record in 'new networks found in one wardrive': 3680 new networks in one go. And.. at the end of Ijsselstein my GPS unit broke. A wire in the cable broke of real close to the housing. So I 'wore out' the Rikaline 6015-X5 GPS I ordered two and a half years ago. So, a new GPS unit is on order: the Holux GR-213. I couldn't find a (trusted) Dutch webshop with the Rikaline 6017 and this one is quite compatible: Comparing documentation from Holux and Rikaline shows that the cable pinout is the same. I guess more is the same: the manuals look quite the same to me in drawings, schematics and headlines. And this new one has a SiRF Star III chipset which should improve results.

Wardriving results 17 April - 1 May: 5238 new networks with GPS locations. I passed the 100000 mark in the WiGLE stats and moved up to number 20. Bringing the setup on some nice recumbent bicycle rides yielded high amounts of new networks.

On Sunday we went on a nice bicycle tour. A bit over 80 kilometers. I brought the wardriving box along and logged the networks found and the gps track. But now I can do something really cool: I can plot the track on a map and put the results on-line thanks to OpenStreetMap. No hassle with 'illegal' map material. This makes this a great moment in open license map data for me. Steps to use an OSM export map in gpsmap (part of kismet). I added the line about the license for the openstreetmap data myself but I can imagine importing data from openstreetmap and correctly naming the source turning into a standard option in gpsmap.

I measured the power usage of the wardriving box. It uses a nice 420 mA. That is very nice, given that the alix.1c board, the wireless card and the gps receiver are all powered from this. In theory, this means the 2.2 Ah battery should be able to power it for over 5 hours.

Vanmorgen op mijn werkaccount spam van ff7.nl. Blijkbaar gericht aan studenten (nee dat ben ik niet meer). Ziet er uit als een idee van studenten voor studenten: je scriptie backuppen naar hun server en vervolgens kans maken die weer op te kunnen halen. Leuk idee, maar jammer van het spammen. Het is wel een internationaal gezelschap: het IP van de server 194.126.173.10 staat volgens whois op naam van een bedrijf Eureka Solutions Sp uit Warschau, Polen maar is in Nederland. Die server eros.e-dentify.nl wijst weer naar een Nederlandse hoster. Abuse afhandeling voor het Poolse bedrijf wordt gedaan door swiftnoc.com en die zitten weer in Engeland.

Martin Bril heeft zich niet helemaal aan mijn voorspelling van gisteren gehouden. Vandaag schrijft hij over de kans op rokjesdag vandaag. Misschien moet Martin Bril eens de Uithof in Utrecht bezoeken waar het volgens mij toch echt al gisteren rokjesdag was.

Weird wi-fi news: A new regulatory agency in Russia has decided every device with Wi-Fi needs registration.

registering a PDA or telephone would take 10 days. Then, only the owner of the device would be licensed to use it. Registering a Wi-Fi hotspot, on the other hand, would be more difficult. Anyone wishing to set up as much as a personal home-network would need to file a complete set of documents, as well as technological certifications.

Sources: The Other Russia: Russian Agency Demands Registration for all Wi-Fi Devices, Wifi net news: Russia Requires Wi-Fi Registration Glenn Fleishman is as always following the wi-fi news, Slashdot: Russia to Require Registration for Wi-Fi Use with the obligatory joke written as wifi-register.su.
To me it sounds like that new regulatory agency claiming its turf. In a way that will annoy a lot of users.

Het is vandaag rokjesdag 2008. Ik voorspel dat morgen bijna alle krantencolumnisten die zich dat kunnen veroorloven dit gaan opschrijven. Vooral Martin Bril zal dit nieuws niet onvermeld laten.
Dat u het even weet.

Wardriving results 28 March - 16 April: 2853 new networks with GPS locations noted at WiGLE. Most amazing was finding 505 new networks without moving the wardriving box one centimeter: the AMD_IBSS networks were showing up again when I had the wardriving box running overnight in the top window.

Found out why firefox didn't talk ipv6 by default: the same resolver bug that I saw before: the resolver prefers ipv4+rfc1918 addresses over ipv6. Fixed with some DNS magic. Some day I'll phase out NATted IPv4 addresses. Until then they are irritating.

Squid has always been my webproxy of choice. Especially at home where I need interesting proxy rules to access certain work-sites via a special route and I like to use the parent proxies of xs4all. But ipv6 support was always a problem in squid until I looked recently and found out that IPv6 support is now default in squid 3-HEAD. So I compiled it and started playing with the access-rules. What I want (ofcourse) is the dancing turtle of kame. I tried to get this by adding an acl ipv6space dst 2000::/3 and using this in specific cache_peer_access deny rules which now works after some trying. I also found that writing the acl for the local network correctly helped a lot: acl localipv6net src 2001:888:1011::/48 works, when I forgot one : at the end it didn't work and denied me access. Now to get firefox to use ipv6 to talk to the proxy...

Our bicycle ride Sunday was really 'dual-use' for me: I logged 218 new networks with GPS locations at WiGLE and I mapped some bicycle paths around Utrecht at openstreetmap.

Found out the hard way: in the innfeed.conf configuration file key bindaddress6 needs its value quoted. So now inn is feeding again.

I tried flashplayer 9 for Linux because flash 7 makes my browser hang often, especially on flash video. With flash 9 I had no audio because flashplayer 9 for linux only supports alsa (and I prefer oss), but a bit of searching found Flash Player:Additional Interface Support for Linux which includes the source of a support library which fixes this problem... for linux users who don't mind compiling a shared library on their own. But now I can watch a youtube video without firefox crashing.

The wardrive yesterday evening was around some streets in Groenekan. Not that special, it was all within bicycle range, on the level of 'detour in my commute'. But, it was the same area where I decided to build the dedicated wardriving hardware. The area is now in WiGLE and I jumped up in networks found with gps locations by finding gps locations for earlier found networks.

Wardriving results 4 - 27 March: 3487 new networks with gps locations. From time to time I also use the gps logs from wardriving for mapping for OpenStreetMap. The map of the Netherlands in OpenStreetMap is quite complete thanks to a donation of data by AND but a lot of bicyclepaths are missing. My wardriving is usually by (recumbent) bicycle so I can use wardriving tracklogs for mapping too. I even contributed a bit about mapping with Kismet for OpenStreetMap to the Wiki.

Lately a major factor in spam seems to be casino spam. I see names popping up like Royal VIP Casino or Euro VIP Casino. According to analysis by James Miller it is all the same company from Antigua.

Average bicycle speed on my commute today: 22.9 kilometer per hour. A new speed record for me. It felt very good too!

no solar power

Picture I took yesterday morning in the back garden.

Not so subtle advice from Sans in the latest Sans newsbites:

Don't open email attachments unless you were expecting them. Send a note back and ask the person to embed the text in a simple email. This matters to your career. The people who break this rule will be the reason their organization's data are stolen and they won't be able to hide.

De spoorwegen in Nederland blijven altijd een paar jaar achterlopen op die in Engeland, en nu is volgens reizigersvereniging Rover eindelijk het excuus van the wrong kind of snow gebruikt door Prorail.
Bronnen: Reizigersvereniging Rover: “Ontwrichting treinverkeer door sneeuw is blamage”, nu.nl: 'Ontwrichting treinverkeer regelrechte blamage'

Today is one of those if you don't like the weather, wait five minutes days. I have seen snow, hail and sun in the last thirty minutes and rain will probably happen too soon. The webcam shows interesting cloud views and the temperatures at home are dropping due to the snow on the roof.

We zijn naar het paastreffen van de nederlandse vereniging voor human powered vehicles (oftewel de ligfietsclub) geweest. Zaterdag naar Harskamp gefietst samen met een paar andere Utrechtse ligfietsers. Vlak voor we weggingen regende het serieus maar onderweg bleef het beperkt tot een licht buitje regen of sneeuw. Dit jaar viel pasen heel vroeg en het was de koudste pasen in 40 jaar volgens het knmi. We hebben nachtvorst gehad en sneeuw van de tent af moeten ruimen, ook een nieuwe ervaring voor ons. Mijn slaapzak is goedgekeurd voor lage temperaturen, ik heb prima kunnen slapen ondanks de koude. Zondag hebben we een mooie toertocht door de omgeving van Harskamp gemaakt. Zonnetje erbij en het was prima te doen. Zondagavond ging het sneeuwen en die sneeuw lag vanmorgen op de tent. Vandaag terug per fiets, maar toen er weer buien sneeuw kwamen hebben we het voor de rest uitbesteed aan de nederlandse spoorwegen om thuis te komen. En dan blijkt maar weer wat een gedoe het is om 2 ligfietsen en 1 aanhanger in en uit een trein te krijgen. Wel weer leuk zo'n evenement, de ligfietsclub is heel gezellig en een groep mensen met een heel andere focus (maar 1 nerd-shirt gezien dit weekend) dan andere groepen mensen waar ik mee te maken heb, en dat blijf ik een leuke ervaring vinden.

A new version of my homepage, rewritten in perl because PHP was starting to irritate me. More database-driven in the background which allows me to add things like the tags. And a minor change in the colour scheme because someone remarked that the black-on-cyan was hard to read for people above a certain age.

Time to change my signature at work: we switched off the last Sun server today. I updated my .signature which mentioned 'herding Suns' to 'herding systems'. Most server-hardware at work is from Dell running Linux but that doesn't sound as good.

One of the little irritations at work was trying to find out what the exact error was of the printer when the helpdesk ticket just says 'printer problems'. Since HP laserjets will divulge everything via SNMP, I thought the complete information must be available. It is, and I gobbled together a perl script for our noc webserver. Public version in the perl noc stuff page.

Indexed also has a nice view on the 7 new flavors of sin.

The Vatican has published a modernized version of the 7 deadly sins (over 1500 years old). Toronto Star article: Thou shalt not pollute or clone. Still no listing for installing microsoft windows or connecting microsoft windows to the Internet...

Did some work on The Virtual Bookcase. First of all Amazon notified me that amazon web services was going to disable version 3 of the API which I was still using (yes, a year after the first notification that it was going to be ended .. not that much time for virtualbookcase at the moment). So time to do some PHP programming and redo the stuff for version 4. I also noticed that the bot for the russian search site Yandex was causing high amounts of hits but would not even return a direct link to www.virtualbookcase.com when searching on virtual bookcase at yandex. So I wanted to disable Yandex in robots.txt but I could not easily find the right name to put in robots.txt because all the help at Yandex is also in Russian. Finally I found some hints at this page describing robots.txt in russian that the right User-Agent probably is Yandex. And the robots.txt for cisco.com agrees.

I downloaded Adam Curry's Daily Source Code #732 where he mentioned phonecaster.de (german site). Phonecaster.de links phone numbers with podcasts, playing (by default) the most recent episode of a podcast when you dial the linked number. According to the phonecaster technical faq the service uses Asterisk. Sounds a lot like an upscaled version of my bel een podcast project (dutch).

I found an interesting tidbit in the apache-config today: after setting the AuthLDAPBindPassword directive I could find the password in the server-info output. Which was to be expected, but still an interesting side-effect.

Wardriving results 24 Februari - 3 March: 4377 new networks with GPS locations. The wardriving box is helping, together with having nice weather and time for long bicycle rides around Utrecht. I passed the 90000 new networks mark at WiGLE and I'm back at position 22 in the WiGLE stats.

Funny new music doing the rounds: SoKO with the weird song I'll kill her.

Real test of the wardriving box yesterday: I brought it along on my recumbent bike on a 38 kilometer biking trip. With the big antenna on a piece of metal on the rack of the recumbent bicycle. Worked great and found 1354 new networks with GPS locations.

The wardriving box is finished and I have done the first test today. And scored new networks! Between 13 Februari and 23 Februari I found 184 new networks with GPS locations. Of those 108 using the laptop on bicycle, 63 in the first testrun using the wardrivebox on bicycle and 13 from testing the wardrive box at home. Yes, I can still find new networks at home without moving.

I left the wardriving box running overnight to test the stability and heat generation. No problems in those areas. It was on the top floor of the house in the window facing northwest (in the direction of the student flats). A total of 43(!) access-points were seen. Yes, wireless networks are still rising in numbers.

I had some time for work on the wardriving box. I fixed the powerbutton problem by switching to Linux kernel 2.6.24.2. Linux 2.6 has specific support for the geode processor which include acpi support. With 2.6 I get a good power-button event when I press it and on a shutdown with powerdown the alix system is powered down completely (power led goes out). I also worked on the case, making holes for the antenna connectors. I managed to make the right holes and modify the I/O shield without making the wrong holes or get damaged myself. My teacher in metalwork years ago would probably think I'm still bad at it but with a drill and a metal file the modifications got done, including filing the flange of the N-connector to make it fit in the case. Pictures of the results,

Results of the metalwork.

Antenna connectors in place and the I/O shield modified to allow for the big N-connector.

Board installed in the case.

I'm also learning about Linux 2.6: without a keyboard there is not a lot of entropy for /dev/random.

The battery (and the charger) for the wardriver box arrived. Even with the room number and the department missing from the address label the internal mail still managed to deliver it to my desk.

Ik ontdekte een verwijzing naar mijn homepage bij het overzicht van labjournaals van Henk van de Kamer die ik ken via de hcc PCgg netwerkgroep. Ik volg Het Lab van Henk van de Kamer ook regelmatig.

A few minor setbacks on the wardriving box project yesterday evening. Software shutdown via acpid does not work (there is no event when I press the power button). Kernel recompiling for acpi debugging gave me lots of headaches with the module versioning. I did some searching for it and the Linux Loadable Kernel Module HOWTO had the answer:

So it is generally not wise to use symbol versioning

.. words to the wise. And the CF connector of the M200 case is a normal 40 pin IDE connector where I bought a cable for 44pin 2mm ide connectors because the alix.1c mainboard has a 44pin ide header. It would be nice if I could fix this, I could use the external CF-bay of the M200 case which would mean I wouldn't have to open it to change/upgrade the CF. The manual of the M200 case has stern warnings about opening and closing it too often.

Wardriving results between 12 January and 12 February 2008: 1321 new networks with GPS location. Since the work on the wardriving box software and hardware the GPS and the antenna have been at home for testing it all.. and I did not feel like bringing the stuff along and getting another run with problems. I ordered the battery and a charger yesterday and did some more test runs, some with the external antenna connected. The big external antenna gives me 23 visible networks at home. Work that is left on the wardriving box: cabling, making holes in the case for antenna and power connections and building it all together.

Back from the snow! We went for a week of snowboarding in Samoëns, France. Great snow, good weather and no broken bones. We stayed at the Viking Lodge, a very nice and luxurious apartment. Besides snowboarding for real I also played with Amped3 on the xbox 360 in the apartment ;)

Just doing the rounds: Bloomberg: Microsoft Offers to Buy Yahoo for $44.6 Billion, CNN: Microsoft bids $45 billion for Yahoo.An interesting bit of news. Analysts at Google are probably laughing out

First network scanned with the wardriving box uploaded to WiGLE. Not a new network (my own), but a valid upload anyway. Now for the final automation bit: starting kismet at the end of the boot process with the right drivers and settings. And the hardware bits: power and antenna connectors on the case and a battery (and charger) to power it all when not on my desk. And making sure it can all be brought along on the bicycle or in a car.

A fellow wardriver asked for a picture of the new wardriving box which is still awaiting serious hardware work, but the software is mostly up and running.

The wardriving box with notes about the different parts

First boot on the wardriving box (like first light on a telescope). Thursday evening I had some actual time to play with the mainboard and a CF card. With a lot of peeking at the presentation on building flash-based Linux routers by Remco van Mook I was able to get a basic Debian Linux to run on the Alix board in little time. It boots, it starts a few getty processes and ifplugd. I also automated work on converting the local installation to a root image and the root image to the CF card.

A few updates to the weather maps recently: The maps are now generated each hour and there is a list of the recent weather maps.

The hardware I ordered for the wardrive box arrived yesterday. Now to find time to start playing with the enclosure, finding the right spot for the antenna connectors, doing the drilling for that, building it all together and after that working on the software. The manual for the enclosure starts with telling you need to take time to understand what needs to be done because you can only open and close the enclosure so many times.

Gisterenavond zijn we gaan snowboarden/Skiën in de sneeuwbaan van de Uithof in Den Haag. Lekker om nog een paar uur te oefenen voor we echt naar de sneeuw gaan. Helaas was de baan in een niet zo ideale conditie: grote stukken ijs.

I did it: Another wardrive with partly missing GPS locations because of a GPS problem Thursday was the reason I needed to start ordering parts for the wardriving box. So I clicked an order together at LinITX.com for the hardware.

I always thought the "Braille edition of Playboy" was just a joke in the movie Sneakers. But! It is no joke: the braille edition of the playboy, available from The National Library Service for the Blind and Physically Handicapped. ObJoke: you will really read this for the articles.

In a websearch about wardriving I came across a nice article on wardriving for people with enough time and budget which is probably known better as a wireless security penetration project: Spy guys: The anatomy of a covert wireless security assessment. Including notes on what kind of wheels to rent for ideal wireless scanning: a box truck has room and fiberglass sidewalls.

I noticed that I haven't posted wardriving results since 31 October 2007. Well, even with the recumbent bike, gps problems and winter weather I still scored new networks with GPS locations at WiGLE. In the backlog I can see that between 16 November 2007 and 11 January 2008 I found 1272 new networks with GPS locations. A the moment I am at position 24 in the WiGLE stats, a slight drop from the 23 I occupied for quite a while.

We monitor the temperatures in the server room at work carefully, andviewing the changes over a while makes it look like the server room isa multistable climate system.Our interest in temperaturesOn 23 December 2006 we had a complete failure of the airconditioning systemin the serverroom at work. One of the worst days of the year to have this,we did not find out until 24 December due to e-mail from our NetApp fileserver

Another instance of me thinking so seriously about a project that I started a webpage about what I want to do and how and collecting the knowledge and ideas that I already have: building a wardriving box. I first thought of a small PC for project sundial, the self-powered weather station and gps time receiver but I got the idea that this could also make a really nice Wardriving box which would do just that.

Slowly I'm no longer denying the blogness of this page ;). View myTechnorati Profile. I got the idea from Kirrily Robert's article Technorati and Perl.

I just read an article about the Neuros OSD: a digital video recorder which is different: the OSD stands for 'Open Source Device', it runs Linux and you are free to modify it in any way you wish. The Neuros OSD site shows a device with a lot of potential. Something I'll keep an eye on.

Yesterday I found some time to install the new 1-wire sensors in a place where I am interested in the temperatures: the attic where the home server gosper lives and started fetching data into rrdtool databases. The assorted sensors at home page now shows some of the available temperatures. Sensor 2 lies in the open area right below the top of the roof.

athcool is .. cool! The new server mainboard was consuming some more power and was at a higher temperature. I looked for ways to reduce this a bit. Setting power throttling mode to T1 did not help for power use or temperature (but the system reacted slowish), but athcool made the readouts from lm_sensors change from CPU Temp: +42.8 C to CPU Temp: +21.5 C which looks a lot better. And, more important: the UPS reports a drop in power-use, which is good for the electricity bill. Follow the graphs at my assorted sensors at home.

The 1-wire sensors and adaptor I ordered arrived today and I started playing with DigiTemp. After running into a faq item (make sure you don't have crossed phone cable) it started working like a charm. The DS18S20 sensors work really easy and they are quite precise and fast to react to temperature changes such as touching fingers. Two sensors in the home office: on a switched-on PC speaker Sensor 1 C: 19.38, on another speaker switched-off Sensor 0 C: 18.81.

My first CPAN upload. I uploaded Geo::METAR 1.15 to CPAN just now. Time to find out if I did stuff right.

Happy new year! I used the christmas period to do an upgrade I have been planning for a while: change the mainboard of the home server gosper to a newer (better: less older) one. A few hours of screwing worked: it now is an AMD Athlon 1400. Everything works after a few bits of tweaking, including updated mainboard temperature sensors.

We recently hung up some bird food in the back garden (way out of reach of the cats!) and it is funny to see little birds visit in the morning and the afternoon. This morning I took time to set up the camera and await interesting results. The wait (and cold) was worth it:

Bluetit in the garden feeding (looks a lot better in full-size)

I dug up the Conrad weatherstation I'm planning to use as weatherstation in project sundial. I updated the page with information about the order-numbers of the different parts (no longer available from Conrad). So far, most sensors seem ok (although I'm not sure everything is calibrated) but the rain sensor gives absolutely no usable readouts and gives weird numbers for the calibration procedure. The wind speed sensor is a simple revolution counter which will need some software work to convert to average wind speed and wind gusts.

Yesterday evening I took my Dell Latitude C640 laptop apart to see if I could fix the USB connector and/or make some better connection for powering the GPS for wardriving. No luck: even with the mainboard removed from the case there still is no room for repairing the USB connector or fixing something to the remains of the keyboard connector. Today I took the wardrive setup with me but the last message from kismet was the dreaded: Didn't log any GPS coordinates, unlinking gps file.

At work we now graph several temperatures in the serverroom (results are not public). We joked (or not..) last Friday that we could add a lot of sensors inside and outside the serverroom (that is where my thinking about 1-wire systems came in again) and have someone research this micro-climate and correlate the micro-climate with the ntp statistics. We did see the influence of the cold wind from the east on the pll stats of several ntp servers.

Some environment sensors at home are now public. Started with the environment sensors of the home server gosper which are the easiest. Other stuff will be added if and when certain monitoring projects go from being a wild idea to delivering real data. Ok, I did order some temperature sensors and a 1-wire controller from Hobby Boards 1-wire solutions.

At work I "took over" a fourfold temperature sensor, Quozl's Temperature Sensor. It got me interested in the 1-wire system for sensors. Applications like Thermd and DigiTemp make it possible to log all kinds of environmental data easily. I'm seriously considering getting a simple 1-wire interface for the server at home so I can monitor several inside temperatures (the cheapest to monitor and the most interesting to me) by just stringing some cheap phone wires and hook up sensors. Yet another network, although this one would be simpler to maintain.

Het bestaat nog en je kunt het nog aanschaffen: Telix modem communicatie software voor DOS en Windows.

Op zoek naar heel wat anders (natuurlijk) kwam ik wat schermen tegen van het BBS die ik ooit gemaakt heb op (gezien de datum in een van de schermen) 12 Januari 1995 (nu bijna 13 jaar geleden). Grappig om die schermen weer eens terug te zien, ik weet dat ik toen veel tijd stak in de ontwerpen van de schermen. Schermen BBS Koos z'n Doos.

Fietspomp ergernis opgelost: een BBB BFP-05 AirStrike II fietspomp aangeschaft. Nogsteeds wilden de banden van een fiets niet meewerken tot ik ze grotendeels liet leeglopen, daarna kreeg ik er prima weer lucht in (zelfs meer dan de bedoeling was).

Google maps: oversteek van hoogspanningsleiding die vanmorgen beschadigd werd.

Ergernis van vandaag: zogeheten franse ventielen. We hebben een verloopstukje waarmee in theorie een ouderwetse fietspomp toch kan samenwerken met zo'n ventiel maar ik zag vanmorgen ineens waar de lucht in feite heengaat: het ventieldopje wat ik vlak naast de band had laten liggen werd een stukje weggeblazen en de band bleef zacht.

After a Monday filled with part of the network at work being down I dug up the 'luxlite' text sign that clutters one of the desks at work. Digging up the protocol it listens to was harder as all searches with luxlite talk about a different protocol (which we do use in another text sign). So, this particular 'luxlite' uses a protocol which is known as Prolite Protocol which is not too hard to program. At this moment it signals everything works.

Major bad weather in Oklahoma at the moment. Some pictures and videos at TornadoVideos, normally for other extreme weather happening in Oklahoma. Link via Randal Bradakis.

Today I tried the Siemens Gigaset C450 IP base again and noticed it now works with Firefox. On the previous try I was only able to configure it from IE. I suggested to Gigaset support to fix this and make it work with all browsers, I guess they acted upon this advice and an automatic software update to the base happened. The reason to try it again was that I gave a demonstration of the PCgg voip setup.

Axa bike locks, quite popular in the Netherlands have a vulnerability which the bike thieves found first. Now described by Barry Wels in blackbag : AXA: A new phase in security where Axa tries to tell people

Buy our new secure bike lock and oh by the way some of our previous locks seem to be vulnerable to manipulation

Tijd voor wat bewerkingen aan het Draadloos netwerk uitleg en installatie document: ad-hoc netwerken hebben een maximum snelheid van 11 Megabit/seconde wat ik opzocht naar aanleiding van een vraag in nl.comp.netwerken.draadloos.

Na wat aanpassingen aan de ups stats scripts komen er nu ook mooie jaaroverzichten uit: een jaar Eneco voltage en frequentie. Geen idee waar de universiteit electriciteit inkoopt maar in Utrecht is Eneco de netwerkbeheerder. In April is duidelijk te zien dat er toen aan de aansluiting wat veranderd is.

Met een regenachtige zondagmiddag audiobewerking is het Asterisk belspel nu zo ver dat er 2 mogelijke spellen gespeeld kunnen worden. Op de pagina over het Asterisk belspel heb ik ook gezet hoe het momenteel te proberen is.

Some time ago I had time to really try tvtime. I've had a Linuxsystem with a simple Win-TV card (brooktree 848 based) since 'forever'and I think I always used XawTV (maybe there wassome predecessor I used in the beginning). After some really positiveremarks about it from people I decided to give it a try.The system I tried this on is a Dell Optiplex GX110 with a PIII-667 cpu named

Caught the cat who lives across from the back of our house on camera recently: Achterbuurkat 1 foto Achterbuurkat 2.

A friend created a video dvd in the form of a VIDEO_TS subdir with some files,so I finally had to find out how to create a working DVD from that. UsingLinux, ofcourse. And using the command-line.This is the subject of several dozen howto's on the web, all differingin opinion on certain subjects.From VIDEO_TS to .isoFirst, converting the VIDEO_TS to a correct dvd image. You need to have

Updates to the logic behind the weather maps at http://weather.idefix.net/ and updates to the stations list. Data is now fetched from multiple sources and with a lot of searching I found the locations of a number of stations such as EHFS (Vlissingen), EHSC (Lichteiland Goeree) and EHKV (oilplatform K14-FA-1C). Starting tomorrow morning the updates will be visible in the generated maps.

Weer een avondje audio-bewerking gedaan voor het Asterisk belspel. De eerste functie werkt: de variant de computer gaat nu kijken of u de juiste beller bent. Heel veel sprongetjes en stukjes extensions.conf om allemaal verschillende paden te hebben die uiteindelijk weer terugkomen bij helaas u heeft niet gewonnen en we proberen het nog een keer. Al met al hang je 50 seconden aan de lijn voor je de eerste keer verloren hebt! De belspellen van televisie achter 09xx nummers zijn trouwens nu helemaal gestopt dus dit idee op zich is niet commercieel toepasbaar meer, maar nog steeds een leuke gimmick voor demonstraties Asterisk (hoop ik!)

Old meets new: XS4ALL now offers UUCP over IPv6. Still with the separation in the DNS, but maybe this can be the first candidate to end this distinction?

Peter Ludlow has written 95 Theses on the Religious Right discussing the way the religious right (in the US) abuses and misinterprets the bible and religion.

I created my own Geo::METAR page and the module is ready for uploading to CPAN (just some final sanity checks).

The weather keeps me interested and I have been working on processing weather data (ofcourse using Geo::METAR). Roger Burton West did a lot of work on visualizing weather data and I updated the result for Geo::METAR. Resulting maps now available on http://weather.idefix.net/. Stuff to add: caching, getting data from several sources (at least one metar for the Netherlands isn't available via the US national weather service) or using different sources.

It is a coming and going of birds in our garden at the moment (resulting in a lot of comments from the cats).

Sparrow in our backyard

Photographing them is hard as they move around a lot.

On friday evening we went snowboarding for the first time this season. After shopping for new coats we went to Snowworld in Zoetermeer and tried our turns again for a while. For me the right feeling of snowboarding had to come from way deep but after a few tries I made it down at reasonable speeds. It would be really nice to have an indoor piste closer to home.

Wardriving results 10 October - 31 October: 2241 new networks with GPS locations. I brought the wardriving rig on several trips which helped in finding 'uncharted' places. And little tours through areas I haven't visited in a while score high amounts of new networks.

I upgraded to Apache 2.2.x at home so now http://koos.idefix.net/, http://webcam.idefix.net/ and other sites at home can all be reached on IPv6 addresses. One downside: logresolve (the postprocessing apache log resolver) has absolutely no idea about IPv6 addresses.

Learning ifplugd to do the ipv6 equivalent was easy: just add the following to /etc/ifplugd/action.d/ifupdown in the up part: /usr/bin/rdisc6 -q -w 250 -r 8 $1.

And in trying to firewall IPv6 I found that INPUT and FORWARD are really separate. From the docs:

the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets).

So if I want to set a policy for both the local machine and the machines behind it I need to set those rules in both INPUT and FORWARD.

Trying to access machines at home directly from the outside via ipv6 made the old ndisc_send_redirect: not a neighbour show up again. I found the reason: I added an address on the internal network to the external interface, so a cool address would show and not the xs4all-ipv6-tunnel interface address, with up ip -6 addr add 2001:888:1011::13/64 dev xs4allipv6 in /etc/network/interfaces. Now when trying to access an internal machine, 2 possible routes to 2001:888:1011::/64 existed. Fix: add another line up ip -6 route del 2001:888:1011::/64 dev xs4allipv6 to remove that extra route again. Now I can access machines on the home network directly from ipv6 hosts all over the world. Time for extra firewalling rules!

And the ultimate answer came from Friedemann Stoyan via the debian-ipv6 mailinglist: It's a know debian bug: libc6: Resolver prefers IPv4 to IPv6 in some cases. The bit where RFC1918 addresses trigger this bug is especially evil: in my opinion users with ipv4+nat (rfc1918) and ipv6 (globally routed) on their network would be better suited with a preference for ipv6.

After working on a proposal for introducing IPv6 at work it suddenly dawned on me that pushing ipv6 at home wasn't going to work with a separate DNS zone for IPv6 addresses. The best way is to integrate ipv6 addresses in the main zone and have the "legacy ipv4 nat range" as second thing to try (for things that are still ipv4-only like nfs). But I found something weird in certain applications: for unqualified names, ipv4 is preferred, for qualified names ipv6. Forcing ipv6 works, but I want ipv6 to happen naturally. Telnet shows best what happens:

$ telnet gosper
Trying 10.42.2.1...
Trying 2001:888:1011::694...

$ telnet gosper.idefix.net
Trying 2001:888:1011::694...
Trying 82.95.196.202...

Something weird happening here, so I asked the debian-ipv6 mailing list.

Ik heb ook nog even gekeken naar de optie om een VoipBuster account toe te voegen aan de Asterisk server. Op zich niet ingewikkeld, maar een voorbeeldje helpt altijd. Pierre Gorissen heeft een mooi voorbeeld staan voor de configuratie Asterisk + VoipBuster. Voor gebruik bij evenementen wil ik nog wel wat aanpassingen maken zoals een maximale lengte van gesprekken, en een hele nauwkeurige lijst van toegestane bestemmingen.

Gisterenavond (en al eerder) aan de audio gewerkt voor het Asterisk belspel. Zelf audio knippen, plakken, spraak bewerken, stukjes muziek toevoegen geeft me wel een nieuw respect voor mensen die dit op professioneel niveau doen zoals Jan Polet. En na al het mixwerk moet het ook nog een beetje klinken door een telefoon met een G.711a codec (of slechter!), dus downsamplen naar 64 kilobit mono.

Mijn presentatie van afgelopen zaterdag: VoIP: bellen via het netwerk presentatie HCC PCgg netwerkgroep 20 Oktober 2007 (pdf). Zaterdag dus samen met andere mensen van de netwerkgroep wat dingen kunnen proberen met de VoIP hardware en kunnen denken over wat we er allemaal mee willen.. wat dan natuurlijk weer gekoppeld is met mijn Asterisk projecten.

More VoIP hardware: A Siemens Gigaset C450 IP. Big downside: I needed internet explorer to configure it! It runs a small webserver for configuration, but all javascript was broken in firefox/mozilla. But after the usual swearing at Windows and IE I was able to make it talk to asterisk, with a bit of help from the hints at voip-info: Siemens Gigaset C450IP. It is a nice SIP dect base (with analogue landline support) + handset. A real shame about the IE bit.. it does run Linux inside!

The Register: Pump-and-dump scammers debut MP3 spam. My conclusion: all ingredients for "spit" (spam over ip telephony) are there, and the wait is for the first "event" to happen.

In a flash of thinking in the morning (this is not very usual for me) I remembered that the Asterisk server I set up has quite strict firewalling rules. This does not combine very well with RTP audio. I changed the firewalling rules to accept the RTP ports configured in Asterisk and suddenly: audio from a call to the xs4all test number. Woohoo! A working call!

Some VoIP-hardware to play with: A Grandstream budgetone 101. First working call happened in 5 minutes from opening the box (calling my own speaking clock). The rest of the configuration took a bit longer.. I uploaded and configured the CTU ringtone from '24' as ringtone 1. One thing that does not work (and bugs me) is calling an xs4all number via asterisk: there is just no incoming audio data. Codec problem? Nat problem? No idea.

Een nieuw record in koeriers snappen niet dat mensen overdag werken. Ik had wat VoIP hardware besteld bij Voipsolutions. Vervolgens een paar keer gemailed waar een en ander nu bleef (ruim 2 weken lang) en toen kwam er uit dat de koerier mij overdag niet thuis aangetroffen had en daarvoor contact had opgenomen met de afzender. Dit ging langs allemaal vertragende paden want de koerier in Belgie (ABX logistics) had het pakketje doorgegeven aan GLS logistics in Nederland.. en met GLS had ik al eerder slechte ervaringen. Uiteindelijk maar als alternatief afleveradres mijn werk opgegeven. Daar keken ze nog raar op omdat mijn achternaam niet goed was overgenomen, maar uiteindelijk toch de doos in handen.

Even geleden alweer xs4all-only aangevraagd. Bijna als Xs4all + ADSL van KPN (voorheen mxstream) maar dan heb je als klant alleen maar te maken met Xs4all (en er zitten organisatorisch/technisch in het netwerk ook verschillen). Vandaag viel de verbinding weg en was blijkbaar de omzetting (dat had ik wel even vantevoren willen weten, maargoed). Alleen zat ik natuurlijk op dat moment aan de verkeerde kant van de netwerkverbinding om even de instellingen te wijzigen thuis. Omdat ik JP's SIP_SPOOF gebruik moest ik het IP ook 'even' thuis instellen, zowel in de server thuis als in het adsl modem (Speedtouch 546i). De commando's in de Speedtouch: :env set var=PPP_ip value=NIEUW_IP (ergens gebruikt SIP_SPOOF dat), :ip rtdelete dst=OUD_IP/32 intf=eth0, :ip rtadd dst=NIEUW_IP/32 intf=eth0. Natuurlijk ook /etc/network/interfaces aanpassen. Tijdelijk even IP 10.0.0.150 gebruiken voorkomt dat je er uitgegooid wordt bij het omzetten van de routing.

The Register: Windows update brings down TV newscast. This reminds me of the local infochannel we saw on our 2007 wintersport holiday: every morning at 09:00 the infochannel changed to a screen of Windows 2000 rebooting and starting up and starting Scala Infochannel for images, short clips, commercials, snow heights and weather reports. Lots of possibilities for error-message like this screengrab from 2002 showing that the local cable channel in Utrecht did something likewise. From what I hear, it is possible to run software like Scala on a secondary video adapter that will just go black or freeze when the system fails, and not show the Windows error popups.

Wardriving results 13 September - 9 October: 1643 new networks with GPS locations. Now to find a way to mount the extra antenna on the recumbent bike. Probably some DIY work with a bit of metal for the magnetic mounts of the gps receiver and the antenna.

Niet veel wardrive resultaten recent omdat ik nog niet het wardriven en het ligfietsen ideaal gecombineerd heb. Maar de wardrive-setup zonder extra antenne werkt nu wel op de ligfiets, en ik bedacht me dat in de kismet logfiles ook de snelheden staan waarmee ik langs netwerken kwam. Een perl oneliner later: hoogste snelheid 38.76 km/uur. Een snelheidsmeter voor op de ligfiets staat nog op het verlanglijstje.

Vanmorgen zag een vrouwelijke fietser totaal niet aankomen dat ik linksaf zou slaan nadat ik links richting aangegeven had. Ze moest een rare slinger maken om niet tegen me aan te rijden of om te vallen en daarna keek ze nogal schaapachtig naar me. Een nieuw record in rariteiten op de weg.

Mijn presentatie van afgelopen zaterdag: VoIP: Voice Over IP presentatie 6 Oktober 2007 HCC PCgg (pdf)

Een interresant maar zeer goed gevuld weekend gehad: vrijdag, zaterdag en zondag was het ligfietsers herfsttreffen. Maar zaterdag mocht ik ook een presentatie over VoIP (Voice over IP) houden bij de open dag van de HCC PCgg samen met de HCC afdeling Apeldoorn. Dus: vrijdagmiddag vrij (fietsend naar huis nog de laatste dingen op mijn werk afgehandeld). Met andere ligfietsers uit Utrecht naar de camping gefietst. Zaterdag in de vroegte opgestaan, met de fiets naar station Hilversum, nog even naar de juiste weg gezocht in Hilversum en vervolgens een minuut te laat om nog in te laden in de geplande trein. Met de trein naar Apeldoorn (mijn Nazca Pioneer met de trein meenemen gaat trouwens prima al is'ie wat lang voor de fietsruimte in een IC-3 treinstel). Daarna in Apeldoorn naar de lokatie aan de rand van Apeldoorn gefietst. Wat zo snel ging dat ik nog net op tijd was voor het begin van de hele dag. Mijn presentatie was 's middags en daar zat maar liefst een hele echte bezoeker, dus Eddie heeft snel nog wat extra bezoekers opgetrommeld. De presentatie ging redelijk, ik moet nogsteeds het nodige verbeteren aan de presentatietechniek.. daarna weer terug, waarbij ik nu de weg iets beter kende. De overgang tussen HCC bijeenkomst overdag en de ligfietsers was opvallend. Bij de HCC heeft iedereen het natuurlijk over computers en software, bij de ligfietsers gaan de gesprekken over het knutselen aan ligfietsen, mooie tochten en de prijzen van ligfietsen. Een heel verschil in onderwerp, maar aan beide kanten wel een vergelijkbare passie voor het onderwerp. Zondag met een aantal ligfietsers rustig teruggereden naar Utrecht en daarna eigenlijk weinig meer gedaan behalve een beetje in huis rondhangen en een goed boek lezen. Update: Mijn foto's van het herfsttreffen staan nu ook on-line.

It seems Eircom broadband missed the news about WEP being dead (pdf) and WEP being really dead. From The Register: Eircom wireless security flaw revealed

Eircom's director of communications Paul Bradley defended the protocol, however, saying "WEP is an industry standard protocol used by telecoms providers around the world."

Well Paul, just because all the stubborn kids do it, does not mean it is the right choice.

Looking for something else I found Blue Box: The VoIP Security Podcast which talks about (lack of) VoIP security. I love the name, it refers to attacks on telephony systems being something of all ages, independent of the actual technology. The new age of VoIP just makes new attacks possible. And with different queries I found Blue Boxing Comes to VoIP in the wired archives. "Phiber Optik" has written a module for Asterisk to make it accept MF (and be bluebox-able).

Ik heb vanavond iets aparts gedaan in Asterisk : ik heb er een echt telefoongesprek met een echt mens mee gevoerd! Na alle testen wilde ik wel eens weten of het routeren van een extension naar een telefoontoestel (ok, een softphone) werkte. Het werkte in een keer ;)

Een simpele vraag waarom doe je niet het weerbericht? toen ik me afvroeg wat ik nog meer kon doen in Asterisk heb ik nu beantwoord met Asterisk metar weerbericht. Nu nog in het engels, omdat de weertermen in het engels zijn en omdat nederlands voor festival nog erg in ontwikkeling is.

About one and a half hour later, ntp.cs.uu.nl peaked at 1000.60 packets/second.

I'm a timegeek, and part of that is making our timeserver at work perform great in the NTP Pool project. With the recently updated pool dns system, servers that have more upstream bandwidth get more clients. We have been ogling our ntp stats for ntp.cs.uu.nl a lot seeing how the client count is through the roof (the internal data structures of ntp can't count beyond 3500 clients without serious hacking) and traffic is rising seriously lately. Still waiting for the first time we get over 1000 packets/second ntp traffic. Our ntp server has no problem at all dealing with this.

Mijn Asterisk projecten hebben allemaal eigen paginas waar scripts en uitleg staan. Even een overzichtje: project 002: sprekende klok, bel een podcast en project belspel: hou bellers aan de lijn bezig. Sommige dingen zijn een beetje 'af' (maar kunnen natuurlijk nog verbeterd worden), andere projecten zijn net aan wild idee. Reacties zijn welkom.

I visited a HP Procurve seminar yesterday about network security. Interesting talks, including one by the HP Procurve security architect. I had a chat with him about network loops which took down the university network a few times recently and he told me that HP Procurve switches now offer loop protection which would detect loops (even the ones that spanning tree would 'miss' because some older equipment may silently drop spanning tree packets), shutdown the originating port and report the error. The security architect told me that unauthorized loops and rogue dhcp servers are the major problems in university networks, and I agree. I found a weblog entry describing the HP Procurve loop protection very nicely.

I kept seeing things in the logs like Sep 16 05:52:39 gosper named[779]: denied query from [143.215.129.200].22632 for "www.capitalone.com" A/IN, all from 143.215.129.200, 143.215.129.102, 143.215.129.43 without any explanation to be found on the web. The name guesses some sort of study of DNS answers, and all queries seem to be for phishing targets, but several thousand answers "your query was denied" doesn't make them stop asking. Solution: iptables -t filter -I INPUT 8 -j REJECT --source 143.215.129.0/24 --protocol udp --dport 53 --reject-with icmp-admin-prohibited. Mail to noc@ was never answered.

Wardrive results 31 August (I missed a few days when they fell out of the WiGLE upload stats) to 12 September: 618 new networks with gps locations. Not much, due to me mostly being on the recumbent bike (which has no place to mount the gps module and extra antenna yet) and I'm still learning cycling in the city with the recumbent.

I bought my own recumbent bike (ligfiets), a Nazca Pioneer. I was thinking about it anyway, the holiday trip only made those thoughts more serious and now the ligfietser.nl shop is closing so I got a nice deal on the bike I rode around with during my holiday. The bike was still adjusted to my length so I guess I have been the only renter.

Printing manpages in nice postscript is something I do very rare, so I always forget the right incantation. The last time I had to use it was when I still had a Solaris desktop. Anyway, wanted to do it today from a redhat manpage source. Google found me Printing manpages .. and I adjusted the command to be: gzip -dc dhcpd.conf.5.gz | groff -t -e -mandoc -Tps | lpr.

Timegeeks who can make the serious commitment towards being a long-time ntp pool member but don't have the hardware available to pick that last nanosecond of precision from the sky should peek at this announcement: Meinberg is donating some really great timekeeping equipment to the ntp pool project and it will be available to a pool member.

I was trying some stuff in Asterisk yesterday evening and I got weird errors on trying the command MP3Player with a podcast mp3. The error message was NOTICE[2925] app_mp3.c: Poll timed out/errored out with 0. Trying mpg123 0.59r by hand on that file showed what went wrong: it gives a segfault, probably on the weird id3v1 / id3v2 tags. Solution: id3v2 -D thepodcast.mp3 which strips all id3 tags. After that the dail-a-podcast idea worked.

Ik had weer eens tijd/zin om met Asterisk te spelen. Sinds een tijdje is de fritz!box een 5012 en die wilde weer geen dtmf doorgeven via xs4all-voip naar Asterisk. Toen maar even telnet aangezet met #96*7* en daarna in /var/flash/voip.cfg voor de xs4all instellingen de regel infodtmfnotsupported = no; gewijzigd in infodtmfnotsupported = yes;. Nu kon ik weer wel in m'n eigen menus kiezen!

A company in the US, Solis Energy, is producing solar-panel power systems especially geared towards running wireless networking in hard-to-reach places. Sounds like a turn-key version of some of the functionality in my project sundial for a self-powered weather station. Sources: Computerworld Australia: Power Wi-Fi using the sun, says startup Slashdot: Solar Powered Wifi.

Weird tidbit in the home server: disk /dev/hdc, a WDC WD3200AAJB will not go to standby mode on the timer. With hdparm -S 59 /dev/hdc no standby mode happens, while I am sure nothing accesses the drive (unmounting all partitions and stopping smartmontools). When I force it to standby with hdparm -y /dev/hdc it will stay in standby mode until the partition is accessed again.

Wardriving results 20 - 28 August: 4231 new networks with GPS locations. A visit to Amersfoort by bike set a new record for new networks found in one trip: 2495 new networks in one go.

After hearing the very catchy Country Boy (City Boy Remix) on the Alaska Podshow 163 and on Adam Curry's Daily Source Code 631 I had to find that mix. Party Ben has this and other funny mixes available on the Party Ben - Stuff to have page.

In browsing the transmission gallery UK broadcast transmission