Koos picture small

Koos van den Hout

Koos van den Hout - Latest news, thoughts, rants, projects and other things to write about.
2023-02-03 Freeradius doesn't like the old LetsEncrypt chain
I was doing some testing with freeradius and suddenly nothing worked with the following error in debug mode:
(7) eap_peap: ERROR: TLS Alert read:fatal:certificate expired
(7) eap_peap: TLS_accept: Need to read more data: error
(7) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired
I checked the certificate and renewed it. The normal autorenewal processes had not run since the previous tests with radius and 802.1x authentication on wifi so that wasn't unexpected but this still didn't solve it: I kept getting the error message.

After some deep searching why it worked before I saw I had requested that certificate in a different way where I had the chain with only ISRG Root X1 because sendmail gave me SSL verification failures after the DST Root CA expired. So I did the same as I did before: I configured dehydrated (my preferred ACME client) on the radius testmachine to use the LetsEncrypt issuer chain without the DST Root CA cross signature, with the following in /etc/dehydrated/config :
# Preferred issuer chain (default: <unset> -> uses default chain)
PREFERRED_CHAIN="ISRG Root X1"

Tags: , , ,
2023-02-03 Dear Linux distributions, don't nag about a setting
I noticed lots of kernel modules for filesystem support were loaded after running update-grub. This was caused by running os-prober which searches for possible operating system installations on all partitions of the system.

On virtual and physical machines that only run linux and will never run anything else unless I am really changing something this only takes time and uses resources, so I searched for how to disable this. So now there is a line in /etc/default/grub:
# don't look high and low for other operating systems
GRUB_DISABLE_OS_PROBER=true
But now update-grub thinks it is necessary to warn me every time...
# update-grub
Generating grub configuration file ...
[..]
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done
I know it will not be executed, I added it on purpose. It's not very likely I added GRUB_DISABLE_OS_PROBER=true by accident not knowing what I was doing. Stop nagging me about it. If I didn't know what I was doing on a computer I wouldn't be configuring linux distributions.

Tags: , ,
2023-01-29 Grabbing the root filesystem image from the Cab.Link CLS-D4E2WX1
I wanted to grab the root filesystem image from the flash memory of the Cab.Link CLS-D4E2WX1 cable modem/router. The way to do this was the same as with Grabbing the firmware from the Corinex CXWC-HD200-WNeH and extracting the root filesystem although I decided to just dump the root filesystem image and not the entire flash memory.

So the box was opened again, the usb serial interface connected to the uart pins on Cab.Link CLS-D4E2WX1 I found earlier and the boot stopped in the U-Boot process.

First step was to determine where in the memory map the root filesystem image would be. This took a bit of calculation. From the bootup messages there are two important hints:
7 cmdlinepart partitions found on MTD device ar7240-nor0
Creating 7 MTD partitions on "ar7240-nor0":
0x000000000000-0x000000040000 : "u-boot"
0x000000040000-0x000000050000 : "u-boot-env"
0x000000050000-0x000000670000 : "rootfs"
0x000000670000-0x0000007d0000 : "uImage"
0x0000007d0000-0x0000007e0000 : "SYSLOG"
0x0000007e0000-0x0000007f0000 : "NVRAM"
0x0000007f0000-0x000000800000 : "ART"

## Booting image at 9f670000 ...
So the kernel image is booted from address 0x9f670000 and it's in the MTD partition at 0x000000670000. This makes the guess that the rootfs image from 0x000000050000 will live at memory location 0x9f050000 and has a size of 0x620000 so the approach is to dump 0x620000 bytes starting at that memory location. The command to do that in U-Boot:
ar7240> md.b 0x9f050000 0x620000
9f050000: 68 73 71 73 04 03 00 00 07 25 98 52 00 00 02 00    hsqs.....%.R....
9f050010: 27 00 00 00 02 00 11 00 c0 00 01 00 04 00 00 00    '...............

This capture of data at 115200 bps took more than 20 minutes. But I have patience enough.... Ok, I went to do something else.
Read the rest of Grabbing the root filesystem image from the Cab.Link CLS-D4E2WX1

Tags: , ,
2023-01-29 Having fun with the WRTC 2023 award
Last year a World Radiosport Team Championship was planned again, this time in Italy: the World Radiosport Team Championship 2022 Italy but due to well-known reasons international travel from all corners of the world to Italy wasn't a good idea, so the news was: WRTC 2022 postponed to 2023 ! - WRTC 2022 Italy.

In the first half of 2022 they had an award to promote the event among radio amateurs: WRTC 2022 Award - WRTC 2022 Italy and I participated during those months and got digital awards. Contacts were in different modes (SSB, CW, FT8, RTTY) on a lot of HF bands with special event stations in regions of Italy.

In January 2023 they are doing it again, this time only in CW and SSB and only on bands that are also active in the WRTC contest in July, this time with stations in multiple countries: WRTC 2023 AWARD : January 2023…headset on! - WRTC 2022 Italy. So I'm trying to get different stations in the log on different bands. It's working out fine so far, I even got a new country in CW (Indonesia). I also used the clubstation to get these special event stations on the 80 meter band.

This is fun and a good promotion for the upcoming WRTC.

Result

In the end I made 122 contacts with WRTC special event stations in January 2022.

Tags: , ,
2023-01-27 I bought a new radio transciever: the Yaesu FT-991A
Eight and a half years and over 14000 contacts after I bought a Yaesu FT-857D I thought it was time to upgrade. The basic requirements haven't changed a lot: HF, 2 meter, 70 centimeter bands, SSB, Morse, FM, support for computer control. What I wanted to improve on is noise filtering, handling of strong adjacent signals and a waterfall display.

So the choice is the Yaesu FT-991A although I also looked at HF-only radios from Yaesu but decided on this one in the end. This will be the base station radio for a while and I will only use the FT-857D for operating away from home.

The basic installation went fine and I think this is a great amateur radio and good value for money. It is an advanced technological device so I had to dig into manuals and on-line documentation several times to get things set up the way I wanted it.

The good innovation is that the Yaesu FT-991A has an USB port on the back. This USB connection gives the computer 2 serial ports and audio over USB. The first serial port is for Computer Aided Tuning (CAT) control which can control the radio from the computer.

I directly wanted to set up an udev rule to map this to a fixed symlink so I can start rigtctld easily. The new rule:
SUBSYSTEM=="tty", ENV{ID_MODEL}=="CP2105_Dual_USB_to_UART_Bridge_Controller", \
        ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea70", \
        ENV{ID_USB_INTERFACE_NUM}=="00", \
        SYMLINK+="ttyCATya"
The ENV{ID_USB_INTERFACE_NUM}=="00", filter only makes this rule activate on the first of the serial ports offered by the CP2105 chip.

My current experience is that the noise filtering is indeed better which helps a lot in the noisy RF environment at home.

Tags: , , ,
2023-01-23 Making a USB-stick usable for Windows again
Recently I wanted to have the option to install ubuntu on a PC so I created a USB stick with dd. It worked fine and in the end the existing ubuntu on the PC worked ok and could be upgraded and made available again.

So I wanted to revert this USB stick to the normal filesystem that both Windows and Linux can read and write. This turned out to be more difficult than I expected! First I thought Windows could revert the USB stick to a usable state but this turned out to be impossible. I tried on three Windows 10 systems with admin accounts, but none of them were able to create a usable partition and filesystem! The best result I could get was an error something couldn't be started to format the partition, but without any explanation what couldn't be started. Things that were once perfectly doable under MS-DOS are now impossible.

Back to linux to try and find the right partition type and filesystem options to get access again. I could do a lot of things in linux, but I failed to find the right settings that Windows would see as usable storage.

I shared my problems on irc and someone there had the following list of commands to fix this problem:
dd if=/dev/zero of=/dev/sdd bs=1M count=1
parted /dev/sdd mklabel msdos
parted /dev/sdd mkpart primary fat32 1 100%
mkdosfs /dev/sdd1
Which needs to be adjusted for the right device node. Use at your own risk! But indeed after these commands both Windows and Linux were perfectly capable of writing and reading the USB stick.

Tags: , ,
2023-01-21 2022 in amateur radio for me
QSO count for PE4KH until December 2022 Time for an overview of what happened in amateur radio in 2022 for me. Like previous years I will look back at the plans and what happened. Looking back at Closing 2021 in amateur radio the following results are clear:
  • The morse exam finally happened and I passed it.
  • More morse contacts in contests and in general
  • 18 new countries/entities in the log
  • More countries/entities in morse in the log
  • Satellite contacts: none
  • Used the improving propagation
The plans for 2023:
  • Try to get more countries/entities, especially in morse. I am working towards DXCC in morse: 100 entities confirmed.
And one thing is both a result of 2022 and an item for 2023: I ordered a new radio: a Yaesu FT-911A, HF, VHF, UHF all mode at the end of 2022 and it was delivered last week. That will be a separate post.
Read the rest of 2022 in amateur radio for me

Tags: , , ,
2023-01-16 I participated in the UBA PSK63 prefix contest
PSK63 contest in fldigi Like a bit of a yearly event it was time for the UBA PSK63 prefix contest last weekend.

On Saturday propagation on the higher frequencies was not cooperating a lot so I went to the 40 meter band late in the afternoon. On Sunday things were better, I even got one whole contact on the 10 meter band. A lot of the contacts were in search and pounce mode. On Sunday I ended with the last half hour of the contest calling CQ UBA PSK TEST and managed to get a few new stations in the log. Some of those contacts came at a fast pace with even a small pile-up where I had to ask only one prefix to answer.

I ended with 111 contacts logged, which is a good number for a digital mode contest.

Tags: , ,
2023-01-13 Plannen voor glasvezel hier
Fiber bij een huis in Woerden
Fiber bij een huis in Woerden
Picture by Koos van den Hout, license CC-BY-SA
Na alle gemopper over de DSL verbinding hier een eerste brief over de aanleg van glasvezel.

De planning is erg ruim:
In februari starten we met aanleggen. [..]
Als het goed is kunnen heel Overvecht en Utrecht Noordwest half 2024 next level internetten. Je kunt dan een abonnement afsluiten bij T-Mobile.
Nu is T-Mobile zo ongeveer de laatste Internetprovider die ik zou willen kiezen, onder andere door de gebeurtenissen in oktober 2019 waarbij de verbindingen tussen T-Mobile en bijvoorbeeld SURFnet een stuk slechter werden. Meer hierover: Zit je bij T-Mobile en heb je opeens last van een trage internet verbinding…? - A2B Internet en T-Mobile NL routed all internet traffic through Germany and broke the Internet for small firms. - Rudolf van den Berg. Ik heb niets aan een gigabit glasvezel als ik de kans loop de systemen op mijn werk amper te kunnen bereiken.

Dus ik wil Freedom Internet via die glasvezel. Maar op dit moment is de status "we willen het graag en het komt vast een keer" volgens Update over Delta en Open Dutch Fiber - Freedom Internet waar ook wel een beetje frustratie valt te lezen:
Anco: Met Open Dutch Fiber ligt het gecompliceerder. Hoewel we al geruime tijd onderhandelen heeft dat nog niet tot iets concreets geleid. De enige provider die nu wordt toegelaten op dit netwerk is T-Mobile. Dat vinden wij een slechte zaak. Daarom zijn we bijna geneigd ze 'Closed Dutch Fiber' te noemen. We zijn continu bezig om een opening te vinden om met ODF tot een oplossing te komen. Helaas, vooralsnog zonder resultaat. Dat er een dag komt dat we op dit netwerk actief worden is wel zeker, wanneer dat zal zijn is nog volledig onduidelijk.
Ik ben benieuwd hoe het gaat lopen. Ze mogen fiber aanleggen, we gaan er alleen geen T-Mobile abonnement over nemen.

De aankondiging van de gemeente Utrecht is vrij duidelijk: het moet een open netwerk worden met providerkeuze. Dus als ze eerst fiber aanleggen en die providerkeuze er vervolgens niet is kan dat juridisch aangepakt worden. Bron Overeenkomst glasvezelnetwerk: Utrecht in 5 jaar volledig “verglaasd” - Gemeente Utrecht met
Open Dutch Fiber legt een ‘open’ glasvezelnetwerk aan in Utrecht. Dit betekent dat alle providers die dit willen over dit netwerk diensten kunnen leveren aan hun klanten.

Update 2023-01-15:

Op de site van open dutch fiber staat ook een artikel: Nog eens 29.000 huishoudens in Utrecht worden voorzien van glasvezel - open dutch fiber Als ik in die postcodecheck mijn gegevens invul:
Gefeliciteerd! Op dit moment zijn wij bezig met de voorbereidende werkzaamheden voor de aanleg van glasvezel in Utrecht. In het 1e kwartaal 2024 komen wij bij jou in de wijk.

Tags: ,
2023-01-11 Working around broken urls for my website
If you're bored enough to look at the sources for my webpages you'll notice I make a lot of use of
<base href="https://idefix.net/~koos/">
This changes the base for all relative urls from https://idefix.net/ to https://idefix.net/~koos/ because my whole site is based on being in my userdir, but https://idefix.net/ is the easy url.

I use a lot of relative urls for local things because why make them longer. And this eases developing and debugging on the developer site.

All browsers support the 'base href' meta tag, but some bots ignore it. And there has been a case a few years ago where a bug in one script made all urls seem 'below' other urls. The net result is that my logs are currently filled with entries like:
[11/Jan/2023:17:09:34 +0100] "GET /~koos/irregular.php/morenews.cgi/2022/newstag.cgi/morenews.cgi/draadloosnetwerk/morenews.cgi/newsitem.cgi/morenews.cgi/morenews.cgi/newstag.cgi/asterisk/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/newstag.cgi/newstag.cgi/kismet/morenews.cgi/newstag.cgi/newsitem.cgi/morenews.cgi/morenews.cgi/2023 HTTP/1.1" 410
all those entries seem for http:// versions of the urls so I now adjusted the http to https redirect function to stop at urls that look like ^\/~koos/irregular.php\/.+\.cgi to give a status 410 immediately.

This 'saves' a bit of traffic because it never gets the redirect to the https version.

While checking this I see multiple stupid bots, like:
35.209.99.100 - - [11/Jan/2023:17:02:14 +0100] "GET /homeserver.html HTTP/1.1" 404 972 "-" "Buck/2.3.2; (+https://app.hypefactors.com/media-monitoring/about.html)"
This one clearly doesn't parse the base href tag.
Read the rest of Working around broken urls for my website

Tags: , ,
2023-01-09 I participated in the ARRL RTTY Roundup
RTTY Contest on websdr This weekend was the ARRL RTTY Roundup and I participated. Not for very long because there were other things in the weekend, including the New Year's celebration at my own radio club.

In the end I made 30 contacts, Saturday evening and Sunday evening after dark. On Saturday evening it was hard to find another station, not a lot of signals and a lot of noise on the 40 meter band.

Raw score: 30 Qpts x 21 Mults = 630

Tags: , ,
2023-01-08 Time to stop with The Virtual Bookcase
Recently I was looking at some reports of the affiliate income generated by The Virtual Bookcase and it hasn't generated a cent in a few years.

This is probably fully related to the fact I haven't paid any attention to the site both in code and content for years. The only commits in 2022 were due to a vulnerability found in the site. Most commits to the code for the site were before 2010. Time to admit to myself I need to stop doing this. There are other things that take my time and give me joy.

If someone else wants to take over: get in touch. I'm not sure which parts of the database are of any use to people and which parts I shouldn't transfer due to Dutch privacy laws but we'll figure it out. If nobody wants it, I will start giving 410 gone status from 1 september 2023 and end the domain registration in November 2023.

The original announcement of starting the site, dated 28 march 1999: I've created a virtual bookcase with an overview of books I like/read.. visit the site too! which is also the oldest newsitem in my archive.
Read the rest of Time to stop with The Virtual Bookcase

Tags: , ,

News archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021 | 2022 | 2023

The person

Father, cat owned/owner, Linux fan, Internet user, book reader, radio amateur, recumbent bicyclist, snowboarder, ipv6 fan. For those who don't speak Dutch: how to pronounce Koos van den Hout.

The job

Specialist information security at Utrecht University with a modern Profile page.
 

Search idefix.net

Custom Search

IPv6 check

Running test...

Contact

Use the e-mail address in the address box and use PGP private secure e-mail when possible.
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: index.cgi,v 1.129 2022/12/16 21:51:32 koos Exp $ in 0.041755 seconds.