Koos picture small

Koos van den Hout

Welcome. This is my homepage where I write about my opinion, projects, things I note, things I try and other random stuff. Newsitems have tags for a bit of structure.

Latest news/thoughts/geeking/rants/notablog

2017-12-11 Vijf jaar later een hackcontest (CTF) mee georganiseerd 1 day ago
Vijf jaar geleden deed ik mee aan de hackcontest ter ere van 20 jaar SURFcert. Vijf jaar verder ben ik zelf lid van het SURFcert team en heb ik mee georganiseerd aan de hackcontest / capture the flag op 8 december. Dit keer was het een 'capture the flag' stijl wedstrijd waarbij teams van maximaal 4 personen streden om de eer. Bij een 'capture the flag' moet je uit diverse puzzels herkenbare 'flags' (vlaggen) vinden, zeer herkenbare speciale strings in bestanden. Ik had me vooral beziggehouden met flags in bestanden in allerlei vormen zoals commentaar in een plaatje (als morse) of een flag in een bestand in een textfile in een zip file achter een jpg file geplakt.

Vrijdag hebben er 4 teams gespeeld. Ze hebben de hele dag nodig gehad en een groot deel van de uitdagingen opgelost. Er was ook een team van de UU bij, die zijn zeer eervol derde geworden.

Dit keer zat ik dus aan de andere kant en zat mijn creativiteit niet in het oplossen van de challenges maar in het maken er van. Wat ik gemaakt had werd gewaardeerd en sommigen lieten zich op het verkeerde been zetten waar anderen juist dwars door mijn misleiding heen keken. Het ernstigste geval 'verstoppen in het volle zicht' (hiding in plain sight) was een flag die in een titel van de standaard webpagina zat. Niet iedereen had die gezien.

Tags: ,
2017-12-11 (A nice URL from Miss Chocolate Lab Coat. She is lucky she lives in mooseland and the chances of it melting...) 1 day ago
Google+Koos van den Hout : Yes I use Devuan too for servers that I manage. I want a Linux that I understand and that does what I want. I don't care a lot about boot times, I do care a lot about reliability.
2017-12-02 Preparing gpredict for AO-91 Fox-1B RadFxSat 1 week ago
Although reports are showing up that AO-91 has the usual 'zoo' when it's over southern Europe I still want to prepare for making contacts on interesting passes. So I dove into adding satellite transponder details to Gpredict again. According to [amsat-bb] AMSAT-OSCAR 91 identified it is Norad object 43017. And when Nico Janssen finds a satellite using his methods of doppler-curve fitting it's a very good indication it's the right one.

So time to create a .config/Gpredict/trsp/43017.trsp with the right frequencies and details:
[Fox-1B trsp 67 Hz PL]
Now to find a pass at a for me usable time.

Tags: , ,
2017-11-25 Portable operation close to my home 2 weeks ago
Today I had some time left and the choice was between staying at home and throwing out the endfed and making a lot of contacts in digital modes or going out and trying a nearby park and making a lot less contacts but learning about my options there.

Fibermast on parkbench I chose the latter one: I loaded my gear in the bicycle trailer and cycled to a nearby park, just outside the city limits of Utrecht. I took the fiber mast and used two elastic straps to tie it to a parkbench. The effect was that the mast was slanted but using it with the wire of the endfed twisted around it the fiber mast stayed up fine without needing its guy wires. And I forgot to bring the tent pegs anyway so I was unable to guy the mast.

I tried the endfed as a vertical with some slack at the bottom and the transformer at the bottom. This gave me a horrible standing wave ratio on 40 and 20 meters. I guess the endfed is only balanced when it is stretched. The quick fix was to add a common-mode choke in the coax to the radio. I also added a counterpoise wire to the earth of the endfed to be somewhat balanced again.

On the 40 meter band reception was ok but I could not understand a lot of stations. On the 20 meter band there was local interference.

In the end I logged one whole contact on the 40 meter band with an Italian special event station. He gave me a 4-4 report and I gave him a 5-9+. After a few tries I gave up making him log me as /portable so I logged it in my PE4KH log. The location is still within JO22NC so I logged in my home log.

As soon as the sun set it started cooling down and the grass got wet and I went home.

It's a nice location and quite reachable from home. It's 10 minutes cycling and in 10 minutes I had the mast and the radio set up.

Tags: ,
2017-11-22 (https://spacecomms.wordpress.com/2017/11/21/just-launched-ao-91-will-be-a-great-bird/ a great writeup...) 2 weeks ago
Google+Koos van den Hout : https://spacecomms.wordpress.com/2017/11/21/just-launched-ao-91-will-be-a-great-bird/ a great writeup by +John Brier on why the new Fox satellite will make amateur satellites more accessible by all radio amateurs.
2017-11-15 Lots and lots of distributed SSH scanning 3 weeks ago
I am noticing lots and lots of distributed SSH scanning, not doing enough attempts from one IP address to trigger fail2ban. Timing and choice of login names used suggest a strong link between the ssh attempts even when source IPs are very different. Login names also refer to websites hosted on the same address.

At a given moment I started wondering if this was just me, but others reported the same and exchanging IP address lists showed a lot of matches between attacks on totally unrelated systems.

Tags: ,
2017-11-13 Linux and enabling NFSv4 name mapping 4 weeks ago
Note: even with full name mapping enabled you will still have problems. To get this mapping fully working you will need to establish trust relations via kerberos.

When I shared my article on NFSv4 on the synology I noticed I left out the fundamentals about Linux and NFSv4 with name mapping. All kernels I nowadays run into have the same preference to disable using names over NFSv4 because somewhere the decision was made to assume most Linux systems will be in an environment with centralized UID/GID management.

In any environment with devices with their own UID/GID management (such as synology devices without central LDAP) this will not be true. So the defaults need an override.

The runtime way to change this is, for the nfs client kernel process:
# echo N > /sys/module/nfs/parameters/nfs4_disable_idmapping
And for the nfsd server kernel process:
# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Notice the one letter difference.

To make this change more permanent, set up a file with a name like /etc/modprobe.d/local-config.conf with
options nfs nfs4_disable_idmapping=0
options nfsd nfs4_disable_idmapping=0
And you still need to set /etc/idmapd.conf on all systems involved (both clients and servers) with the same value for the 'Domain'. I obviously have:

Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
Domain = idefix.net


Nobody-User = nobody
Nobody-Group = nogroup
And enable idmapd. How you enable this depends on your Linux distribution. In ubuntu server it's in /etc/default/nfs-common with
# Do you want to start the idmapd daemon? It is only needed for NFSv4.

Tags: ,
2017-11-13 The television version of "The Cuckoo's Egg" 4 weeks ago
I read the Dutch version of "The Cuckoo's Egg" when it came out in 1989. Later I bought the English version.

Via a complete diversion I found out this weekend the book was made into a TV documentary: The KGB, the Computer and Me which has a lot less personal diversions than the book. It is played by Clifford Stoll himself and others involved in the original story. Although the CIA guys look a bit more stereotypical than they come out in the book.

A very interesting part is there is a closing remark in the documentary by Markus Hess. Now I want to get a view of the movie of the other side, '23'.

The funny part is that I found this documentary from following news related to amateur radio: Cliff Stoll -- K7TA -- Has THE KNACK. And a GREAT NOVA Video. Clifford Stoll does have a callsign: K7TA

Tags: , , ,

News archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017

The person

Father, cat owned/owner, Unix/Linux fan, Internet user, reader, recumbent byciclist, snowboarder, ipv6 fan. For those who don't speak Dutch: how to pronounce Koos van den Hout.

The job

Specialist information security at Utrecht University with a modern Profile page.

Search idefix.net

Custom Search

Encrypted connection

Congratulations, your connection to this website is encrypted and cannot be tapped on the network!
The mixed-content warning is due to not all content (images, audio) being available over TLS encrypted transport.

Visitor using IPv4

Your IPv4 address is in United States

Other webprojects I work on

Weather projects

Weather station

Temperature : 4.5 °C
Humidity : 93.7 %
Airpressure : 993.7 hPa


Use the e-mail address in the address box and use PGP private secure e-mail when possible.

Pages on specific projects

Loads more pages

Koos van den Hout, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
This page is best viewed with any browser in any resolution. Some browsers will wait with rendering most of the page until allmost all HTML is loaded. RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
This page generated by $Id: index.cgi,v 1.87 2017/07/11 13:07:45 koos Exp $ in 0.055371 seconds.