Vijf jaar geleden deed ik mee aan de hackcontest ter ere van 20 jaar SURFcert. Vijf jaar verder ben ik zelf lid van het SURFcert team en heb ik mee georganiseerd aan de hackcontest / capture the flag op 8 december. Dit keer was het een 'capture the flag' stijl wedstrijd waarbij teams van maximaal 4 personen streden om de eer. Bij een 'capture the flag' moet je uit diverse puzzels herkenbare 'flags' (vlaggen) vinden, zeer herkenbare speciale strings in bestanden. Ik had me vooral beziggehouden met flags in bestanden in allerlei vormen zoals commentaar in een plaatje (als morse) of een flag in een bestand in een textfile in een zip file achter een jpg file geplakt. Vrijdag hebben er 4 teams gespeeld. Ze hebben de hele dag nodig gehad en een groot deel van de uitdagingen opgelost. Er was ook een team van de UU bij, die zijn zeer eervol derde geworden. Dit keer zat ik dus aan de andere kant en zat mijn creativiteit niet in het oplossen van de challenges maar in het maken er van. Wat ik gemaakt had werd gewaardeerd en sommigen lieten zich op het verkeerde been zetten waar anderen juist dwars door mijn misleiding heen keken. Het ernstigste geval 'verstoppen in het volle zicht' (hiding in plain sight) was een flag die in een titel van de standaard webpagina zat. Niet iedereen had die gezien.
: Yes I use Devuan too for servers that I manage. I want a Linux that I understand and that does what I want. I don't care a lot about boot times, I do care a lot about reliability.
Although reports are showing up that AO-91 has the usual 'zoo' when it's over southern Europe I still want to prepare for making contacts on interesting passes. So I dove into adding satellite transponder details to Gpredict again. According to [amsat-bb] AMSAT-OSCAR 91 identified it is Norad object 43017. And when Nico Janssen finds a satellite using his methods of doppler-curve fitting it's a very good indication it's the right one. So time to create a .config/Gpredict/trsp/43017.trsp with the right frequencies and details:[Fox-1B trsp 67 Hz PL] UP_LOW=435250000 DOWN_LOW=145960000 MODE=FMNow to find a pass at a for me usable time.
Today I had some time left and the choice was between staying at home and throwing out the endfed and making a lot of contacts in digital modes or going out and trying a nearby park and making a lot less contacts but learning about my options there. I chose the latter one: I loaded my gear in the bicycle trailer and cycled to a nearby park, just outside the city limits of Utrecht. I took the fiber mast and used two elastic straps to tie it to a parkbench. The effect was that the mast was slanted but using it with the wire of the endfed twisted around it the fiber mast stayed up fine without needing its guy wires. And I forgot to bring the tent pegs anyway so I was unable to guy the mast. I tried the endfed as a vertical with some slack at the bottom and the transformer at the bottom. This gave me a horrible standing wave ratio on 40 and 20 meters. I guess the endfed is only balanced when it is stretched. The quick fix was to add a common-mode choke in the coax to the radio. I also added a counterpoise wire to the earth of the endfed to be somewhat balanced again. On the 40 meter band reception was ok but I could not understand a lot of stations. On the 20 meter band there was local interference. In the end I logged one whole contact on the 40 meter band with an Italian special event station. He gave me a 4-4 report and I gave him a 5-9+. After a few tries I gave up making him log me as /portable so I logged it in my PE4KH log. The location is still within JO22NC so I logged in my home log. As soon as the sun set it started cooling down and the grass got wet and I went home. It's a nice location and quite reachable from home. It's 10 minutes cycling and in 10 minutes I had the mast and the radio set up.
https://spacecomms.wordpress.com/2017/11/21/just-launched-ao-91-will-be-a-great-bird/ a great writeup by on why the new Fox satellite will make amateur satellites more accessible by all radio amateurs.:
I am noticing lots and lots of distributed SSH scanning, not doing enough attempts from one IP address to trigger fail2ban. Timing and choice of login names used suggest a strong link between the ssh attempts even when source IPs are very different. Login names also refer to websites hosted on the same address. At a given moment I started wondering if this was just me, but others reported the same and exchanging IP address lists showed a lot of matches between attacks on totally unrelated systems.
Note: even with full name mapping enabled you will still have problems. To get this mapping fully working you will need to establish trust relations via kerberos. When I shared my article on NFSv4 on the synology I noticed I left out the fundamentals about Linux and NFSv4 with name mapping. All kernels I nowadays run into have the same preference to disable using names over NFSv4 because somewhere the decision was made to assume most Linux systems will be in an environment with centralized UID/GID management. In any environment with devices with their own UID/GID management (such as synology devices without central LDAP) this will not be true. So the defaults need an override. The runtime way to change this is, for the nfs client kernel process:# echo N > /sys/module/nfs/parameters/nfs4_disable_idmappingAnd for the nfsd server kernel process:# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmappingNotice the one letter difference. To make this change more permanent, set up a file with a name like /etc/modprobe.d/local-config.conf withoptions nfs nfs4_disable_idmapping=0 options nfsd nfs4_disable_idmapping=0And you still need to set /etc/idmapd.conf on all systems involved (both clients and servers) with the same value for the 'Domain'. I obviously have:[General] Verbosity = 0 Pipefs-Directory = /run/rpc_pipefs # set your own domain here, if id differs from FQDN minus hostname Domain = idefix.net [Mapping] Nobody-User = nobody Nobody-Group = nogroupAnd enable idmapd. How you enable this depends on your Linux distribution. In ubuntu server it's in /etc/default/nfs-common with# Do you want to start the idmapd daemon? It is only needed for NFSv4. NEED_IDMAPD=yes
I read the Dutch version of "The Cuckoo's Egg" when it came out in 1989. Later I bought the English version. Via a complete diversion I found out this weekend the book was made into a TV documentary: The KGB, the Computer and Me which has a lot less personal diversions than the book. It is played by Clifford Stoll himself and others involved in the original story. Although the CIA guys look a bit more stereotypical than they come out in the book. A very interesting part is there is a closing remark in the documentary by Markus Hess. Now I want to get a view of the movie of the other side, '23'. The funny part is that I found this documentary from following news related to amateur radio: Cliff Stoll -- K7TA -- Has THE KNACK. And a GREAT NOVA Video. Clifford Stoll does have a callsign: K7TA