News archive 2007 - Koos van den Hout

I dug up the Conrad weatherstation I'm planning to use as weatherstation in project sundial. I updated the page with information about the order-numbers of the different parts (no longer available from Conrad). So far, most sensors seem ok (although I'm not sure everything is calibrated) but the rain sensor gives absolutely no usable readouts and gives weird numbers for the calibration procedure. The wind speed sensor is a simple revolution counter which will need some software work to convert to average wind speed and wind gusts.

Yesterday evening I took my Dell Latitude C640 laptop apart to see if I could fix the USB connector and/or make some better connection for powering the GPS for wardriving. No luck: even with the mainboard removed from the case there still is no room for repairing the USB connector or fixing something to the remains of the keyboard connector. Today I took the wardrive setup with me but the last message from kismet was the dreaded: Didn't log any GPS coordinates, unlinking gps file.

At work we now graph several temperatures in the serverroom (results are not public). We joked (or not..) last Friday that we could add a lot of sensors inside and outside the serverroom (that is where my thinking about 1-wire systems came in again) and have someone research this micro-climate and correlate the micro-climate with the ntp statistics. We did see the influence of the cold wind from the east on the pll stats of several ntp servers.

Some environment sensors at home are now public. Started with the environment sensors of the home server gosper which are the easiest. Other stuff will be added if and when certain monitoring projects go from being a wild idea to delivering real data. Ok, I did order some temperature sensors and a 1-wire controller from Hobby Boards 1-wire solutions.

At work I "took over" a fourfold temperature sensor, Quozl's Temperature Sensor. It got me interested in the 1-wire system for sensors. Applications like Thermd and DigiTemp make it possible to log all kinds of environmental data easily. I'm seriously considering getting a simple 1-wire interface for the server at home so I can monitor several inside temperatures (the cheapest to monitor and the most interesting to me) by just stringing some cheap phone wires and hook up sensors. Yet another network, although this one would be simpler to maintain.

Het bestaat nog en je kunt het nog aanschaffen: Telix modem communicatie software voor DOS en Windows.

Op zoek naar heel wat anders (natuurlijk) kwam ik wat schermen tegen van het BBS die ik ooit gemaakt heb op (gezien de datum in een van de schermen) 12 Januari 1995 (nu bijna 13 jaar geleden). Grappig om die schermen weer eens terug te zien, ik weet dat ik toen veel tijd stak in de ontwerpen van de schermen. Schermen BBS Koos z'n Doos.

Fietspomp ergernis opgelost: een BBB BFP-05 AirStrike II fietspomp aangeschaft. Nogsteeds wilden de banden van een fiets niet meewerken tot ik ze grotendeels liet leeglopen, daarna kreeg ik er prima weer lucht in (zelfs meer dan de bedoeling was).

Google maps: oversteek van hoogspanningsleiding die vanmorgen beschadigd werd.

Ergernis van vandaag: zogeheten franse ventielen. We hebben een verloopstukje waarmee in theorie een ouderwetse fietspomp toch kan samenwerken met zo'n ventiel maar ik zag vanmorgen ineens waar de lucht in feite heengaat: het ventieldopje wat ik vlak naast de band had laten liggen werd een stukje weggeblazen en de band bleef zacht.

After a Monday filled with part of the network at work being down I dug up the 'luxlite' text sign that clutters one of the desks at work. Digging up the protocol it listens to was harder as all searches with luxlite talk about a different protocol (which we do use in another text sign). So, this particular 'luxlite' uses a protocol which is known as Prolite Protocol which is not too hard to program. At this moment it signals everything works.

Major bad weather in Oklahoma at the moment. Some pictures and videos at TornadoVideos, normally for other extreme weather happening in Oklahoma. Link via Randal Bradakis.

Today I tried the Siemens Gigaset C450 IP base again and noticed it now works with Firefox. On the previous try I was only able to configure it from IE. I suggested to Gigaset support to fix this and make it work with all browsers, I guess they acted upon this advice and an automatic software update to the base happened. The reason to try it again was that I gave a demonstration of the PCgg voip setup.

Axa bike locks, quite popular in the Netherlands have a vulnerability which the bike thieves found first. Now described by Barry Wels in blackbag : AXA: A new phase in security where Axa tries to tell people

Buy our new secure bike lock and oh by the way some of our previous locks seem to be vulnerable to manipulation

Tijd voor wat bewerkingen aan het Draadloos netwerk uitleg en installatie document: ad-hoc netwerken hebben een maximum snelheid van 11 Megabit/seconde wat ik opzocht naar aanleiding van een vraag in nl.comp.netwerken.draadloos.

Na wat aanpassingen aan de ups stats scripts komen er nu ook mooie jaaroverzichten uit: een jaar Eneco voltage en frequentie. Geen idee waar de universiteit electriciteit inkoopt maar in Utrecht is Eneco de netwerkbeheerder. In April is duidelijk te zien dat er toen aan de aansluiting wat veranderd is.

Met een regenachtige zondagmiddag audiobewerking is het Asterisk belspel nu zo ver dat er 2 mogelijke spellen gespeeld kunnen worden. Op de pagina over het Asterisk belspel heb ik ook gezet hoe het momenteel te proberen is.

Some time ago I had time to really try tvtime. I've had a Linux system with a simple Win-TV card (brooktree 848 based) since 'forever' and I think I always used XawTV (maybe there was some predecessor I used in the beginning). After some really positive remarks about it from people I decided to give it a try.

The system I tried this on is a Dell Optiplex GX110 with a PIII-667 cpu named Turing. The tv-card is seen as:

0000:01:08.0 Multimedia video controller: Brooktree Corporation Bt848 Video Capture (rev 12)
        Flags: bus master, medium devsel, latency 64, IRQ 10
        Memory at fafff000 (32-bit, prefetchable) [size=4K]

From the kernel messages:

Linux video capture interface: v1.00
i2c-core.o: i2c core module version 2.6.1 (20010830)
i2c-algo-bit.o: i2c bit algorithm module
bttv: driver version 0.7.108 loaded
bttv: using 4 buffers with 2080k (8320k total) for capture
bttv: Bt8xx card found (0).
PCI: Found IRQ 10 for device 01:08.0
PCI: Sharing IRQ 10 with 00:1f.3
PCI: Sharing IRQ 10 with 00:1f.5
bttv0: Bt848 (rev 18) at 01:08.0, irq: 10, latency: 64, mmio: 0xfafff000
bttv0: using: MIRO PCTV [card=1,insmod option]
i2c-algo-bit.o: Adapter: bt848 #0 scl: 1  sda: 1 -- testing...
i2c-algo-bit.o:1 scl: 1  sda: 0 
i2c-algo-bit.o:2 scl: 1  sda: 1 
i2c-algo-bit.o:3 scl: 0  sda: 1 
i2c-algo-bit.o:4 scl: 1  sda: 1 
i2c-algo-bit.o: bt848 #0 passed test.
i2c-core.o: adapter bt848 #0 registered as adapter 0.
bttv0: i2c: checking for MSP34xx @ 0x80... not found
bttv0: miro: id=1 tuner=0 radio=no stereo=no
bttv0: using tuner=0
bttv0: i2c: checking for MSP34xx @ 0x80... not found
bttv0: i2c: checking for TDA9875 @ 0xb0... not found
bttv0: i2c: checking for TDA7432 @ 0x8a... not found
tvaudio: TV audio decoder + audio/video mux driver
tvaudio: known chips: tda9840,tda9873h,tda9874h/a,tda9850,tda9855,tea6300,tea6420,tda8425,pic16c54 (PV951),ta8874z
i2c-core.o: driver generic i2c audio driver registered.
i2c-core.o: driver i2c TV tuner driver registered.
tuner: chip found @ 0xc0
tuner(bttv): type forced to 0 (Temic PAL (4002 FH5)) [insmod]
tuner: type already set (0)
i2c-core.o: client [Temic PAL (4002 FH5)] registered to adapter [bt848 #0](pos. 0).
bttv0: registered device video0
bttv0: registered device vbi0

With a simple channel scan tvtime found all channels. And promptly put them on presets according to a channel numbering I couldn't understand. Casema Utrecht is ofcourse using PAL with a western European channel numbering, but I couldn't figure out the channel numbering. For example RTL-4 is on UHF channel 28 (Overview of channels on the Casema website in Dutch), tvtime calls this channel (and therefore preset) 99 and does not show UHF channel 28 anywhere in the userinterface. I was able to move the channels around using the userinterface of tvtime but it was a lot of work. This felt 'American' to me: programmable presets aren't used as much there as we are used to, so a station can advertise being on channel 99 and it will be on channel 99 on most of the television sets. In the Netherlands a TV station has hard work convincing their viewers that they need to be on a certain preset (preferrably below 10 so it's a single button press).

To change names of TV stations (now I had RTL-4 in position 4 but it was still named '99') I had to quit tvtime and directly edit the stationlist.xml file.

The other thing I really noticed is that with the default settings tvtime uses up all cpu on the PIII-667. By changing the deinterlacing settings I was able to fix this. But: 'no deinterlacing' was not an option, I just had to find out which one uses less cpu. I used XawTV before on a pentium-90 with cycles to spare.

Comparing the two

tvtime

+ neat userinterface, all on-screen
+ scriptable, I can send messages to the screen from other applications
- 'american' way of channel numbering
- having to edit an xml file to name stations
- deinterlacing uses a lot of cpu and can't be disabled

XawTV

+ 'original' channel numbers visible in the userinterface
+ light on the cpu
- no deinterlacing, which gets very visible in fullscreen mode

My final conclusion

None yet: at the moment there is no TV-cable up to a PC so I don't use tv-watching on a PC. I'm not sure which software would see regular use.

A friend created a video dvd in the form of a VIDEO_TS subdir with some files, so I finally had to find out how to create a working DVD from that. Using Linux, ofcourse. And using the command-line.

This is the subject of several dozen howto's on the web, all differing in opinion on certain subjects.

From VIDEO_TS to .iso

First, converting the VIDEO_TS to a correct dvd image. You need to have the VIDEO_TS data in a subdir(!!) from the root of the future dvd. Start with an empty dir:

$ mkdir dvd
$ cd dvd

Put the VIDEO_TS data in a VIDEO_TS subdir. Indeed: with capital letters.

$ ls
VIDEO_TS

Creating the dvd image with mkisofs with the -dvd-video commandline flag.

$ mkisofs -dvd-video -o ../dvd.iso .
INFO:   UTF-8 character encoding detected by locale settings.
        Assuming UTF-8 encoded filenames on source filesystem,
        use -input-charset to override.
Unknown file type (unallocated) ./.. - ignoring and continuing.
  0.70% done, estimate finish Mon Nov 26 15:31:25 2007
  1.40% done, estimate finish Mon Nov 26 15:31:25 2007
  2.09% done, estimate finish Mon Nov 26 15:31:25 2007
  2.79% done, estimate finish Mon Nov 26 15:32:00 2007

 99.03% done, estimate finish Mon Nov 26 15:32:52 2007
 99.72% done, estimate finish Mon Nov 26 15:32:52 2007
Total translation table size: 0
Total rockridge attributes bytes: 0
Total directory bytes: 2158
Path table size(bytes): 26
Max brk space used 0
716987 extents written (1400 MB)

Now you have a dvd-video ready iso file:

$ cd ..
$ ls -lh dvd.iso
-rw-r--r--  1 koos users 1.4G Nov 26 15:32 dvd.iso

To be sure, you can check it:

$ isoinfo -l -i dvd.iso 

Directory listing of /
d---------   0    0    0            2048 Nov 26 2007 [    275 02]  . 
d---------   0    0    0            2048 Nov 26 2007 [    275 02]  .. 
d---------   0    0    0            2048 Nov 26 2007 [    276 02]  VIDEO_TS 

Directory listing of /VIDEO_TS/
d---------   0    0    0            2048 Nov 26 2007 [    276 02]  . 
d---------   0    0    0            2048 Nov 26 2007 [    275 02]  .. 
----------   0    0    0            8192 Nov 22 2007 [    281 00]  VIDEO_TS.BUP;1 
----------   0    0    0            8192 Nov 22 2007 [    277 00]  VIDEO_TS.IFO;1 
----------   0    0    0           36864 Nov 22 2007 [ 479292 00]  VTS_01_0.BUP;1 
----------   0    0    0           36864 Nov 22 2007 [    285 00]  VTS_01_0.IFO;1 
----------   0    0    0       980969472 Nov 22 2007 [    303 00]  VTS_01_1.VOB;1 
----------   0    0    0           30720 Nov 22 2007 [ 716821 00]  VTS_02_0.BUP;1 
----------   0    0    0           30720 Nov 22 2007 [ 479310 00]  VTS_02_0.IFO;1 
----------   0    0    0       486391808 Nov 22 2007 [ 479325 00]  VTS_02_1.VOB;1 

Burning the .iso

This needs to be done as root (not too much of a surprise as this requests low-level access to the dvd-burner).

# growisofs -dvd-compat -Z /dev/hdc=dvd.iso 
Executing 'builtin_dd if=dvd.iso of=/dev/hdc obs=32k seek=0'
/dev/hdc: "Current Write Speed" is 16.4x1385KBps.
         0/1468389376 ( 0.0%) @0x, remaining ??:??
         0/1468389376 ( 0.0%) @0x, remaining ??:??
         0/1468389376 ( 0.0%) @0x, remaining ??:??
         0/1468389376 ( 0.0%) @0x, remaining ??:??
         0/1468389376 ( 0.0%) @0x, remaining ??:??
   4063232/1468389376 ( 0.3%) @0.9x, remaining 138:08
  35028992/1468389376 ( 2.4%) @6.5x, remaining 17:43
  66486272/1468389376 ( 4.5%) @6.7x, remaining 10:32

1344405504/1468389376 (91.6%) @10.0x, remaining 0:13
1392017408/1468389376 (94.8%) @10.1x, remaining 0:08
1440120832/1468389376 (98.1%) @10.2x, remaining 0:03
builtin_dd: 716992*2KB out @ average 6.6x1385KBps
/dev/hdc: flushing cache
/dev/hdc: closing track
/dev/hdc: closing disc

The result: a fresh video dvd. And it works in the DVD-player at home (which is from way back when DVD-players weren't given away with laundry soap).

Making dvd stuff in Linux

From source to video_ts is a different process. I'm not active in that area yet.

• Linux gazette 83, DVD authoring

Caught the cat who lives across from the back of our house on camera recently: Achterbuurkat 1 foto Achterbuurkat 2.

Updates to the logic behind the weather maps at http://weather.idefix.net/ and updates to the stations list. Data is now fetched from multiple sources and with a lot of searching I found the locations of a number of stations such as EHFS (Vlissingen), EHSC (Lichteiland Goeree) and EHKV (oilplatform K14-FA-1C). Starting tomorrow morning the updates will be visible in the generated maps.

Weer een avondje audio-bewerking gedaan voor het Asterisk belspel. De eerste functie werkt: de variant de computer gaat nu kijken of u de juiste beller bent. Heel veel sprongetjes en stukjes extensions.conf om allemaal verschillende paden te hebben die uiteindelijk weer terugkomen bij helaas u heeft niet gewonnen en we proberen het nog een keer. Al met al hang je 50 seconden aan de lijn voor je de eerste keer verloren hebt! De belspellen van televisie achter 09xx nummers zijn trouwens nu helemaal gestopt dus dit idee op zich is niet commercieel toepasbaar meer, maar nog steeds een leuke gimmick voor demonstraties Asterisk (hoop ik!)

Old meets new: XS4ALL now offers UUCP over IPv6. Still with the separation in the DNS, but maybe this can be the first candidate to end this distinction?

Peter Ludlow has written 95 Theses on the Religious Right discussing the way the religious right (in the US) abuses and misinterprets the bible and religion.

I created my own Geo::METAR page and the module is ready for uploading to CPAN (just some final sanity checks).

The weather keeps me interested and I have been working on processing weather data (ofcourse using Geo::METAR). Roger Burton West did a lot of work on visualizing weather data and I updated the result for Geo::METAR. Resulting maps now available on http://weather.idefix.net/. Stuff to add: caching, getting data from several sources (at least one metar for the Netherlands isn't available via the US national weather service) or using different sources.

Work decided to change the distribution of msdn-aa software (MSDN academic alliance) to a system where we do the verification whether a person is authorized to access the download and e-academy does the rest using ELMS (e-academy License Management System). This requires some setup in the webserver and the documentation from e-academy wasn't very clear (a whole stack of paper with lots of bits explained but a simple explanation was hard to find). But, with the sample pseudo code in the documentation I managed to build something. Checking usernames and passwords is left to the webserver (quite good at that bit), initializing user data and validating the session is done in php after which control is returned to the e-academy server. And I added an error-page especially for this script explaining which username/password to use.

I decided to throw the results online so others can borrow from the sample and implement their own. Directly copying the sample will never work as a lot of the data is really local.

Webserver config

The elms system insists on a secure webserver with https:// urls. We insist on that too for anything which asks for user names and passwords, so that matches nicely.

The webserver is configured to require auth on the verification url. I could do this with a login form in php, but the webserver is configured for ldap queries anyway so I copied that bit.

# for msdnaa verification


        AuthName "Informatica medewerkers en studenten"
        AuthType Basic
        AuthLDAPURL ldap://ldap.cs.uu.nl:389/dc=cs,dc=uu,dc=nl?uid
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        require valid-user
        ErrorDocument 401 /msdnaa/error.php

The php script verify.php just checks carefully whether it is called with the right parameters and with an authenticated user. It then queries ldap for the user data and does the call back to the e-academy server to validate the session and set the userdata.

When all that goes well and e-academy shows no error a redirect is given back to the server (the user never sees a page from our server when all goes well).

It is a coming and going of birds in our garden at the moment (resulting in a lot of comments from the cats).

Sparrow in our backyard

Photographing them is hard as they move around a lot.

On friday evening we went snowboarding for the first time this season. After shopping for new coats we went to Snowworld in Zoetermeer and tried our turns again for a while. For me the right feeling of snowboarding had to come from way deep but after a few tries I made it down at reasonable speeds. It would be really nice to have an indoor piste closer to home.

Wardriving results 10 October - 31 October: 2241 new networks with GPS locations. I brought the wardriving rig on several trips which helped in finding 'uncharted' places. And little tours through areas I haven't visited in a while score high amounts of new networks.

I upgraded to Apache 2.2.x at home so now http://koos.idefix.net/, http://webcam.idefix.net/ and other sites at home can all be reached on IPv6 addresses. One downside: logresolve (the postprocessing apache log resolver) has absolutely no idea about IPv6 addresses.

Learning ifplugd to do the ipv6 equivalent was easy: just add the following to /etc/ifplugd/action.d/ifupdown in the up part: /usr/bin/rdisc6 -q -w 250 -r 8 $1.

And in trying to firewall IPv6 I found that INPUT and FORWARD are really separate. From the docs:

the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets).

So if I want to set a policy for both the local machine and the machines behind it I need to set those rules in both INPUT and FORWARD.

Trying to access machines at home directly from the outside via ipv6 made the old ndisc_send_redirect: not a neighbour show up again. I found the reason: I added an address on the internal network to the external interface, so a cool address would show and not the xs4all-ipv6-tunnel interface address, with up ip -6 addr add 2001:888:1011::13/64 dev xs4allipv6 in /etc/network/interfaces. Now when trying to access an internal machine, 2 possible routes to 2001:888:1011::/64 existed. Fix: add another line up ip -6 route del 2001:888:1011::/64 dev xs4allipv6 to remove that extra route again. Now I can access machines on the home network directly from ipv6 hosts all over the world. Time for extra firewalling rules!
Update 2010-04-15: Better way to configure this: use a /128 netmask, so I now have in /etc/network/interfaces:

        up ip -6 addr add 2001:888:1011::13/128 dev xs4allipv6

And the ultimate answer came from Friedemann Stoyan via the debian-ipv6 mailinglist: It's a know debian bug: libc6: Resolver prefers IPv4 to IPv6 in some cases. The bit where RFC1918 addresses trigger this bug is especially evil: in my opinion users with ipv4+nat (rfc1918) and ipv6 (globally routed) on their network would be better suited with a preference for ipv6.

After working on a proposal for introducing IPv6 at work it suddenly dawned on me that pushing ipv6 at home wasn't going to work with a separate DNS zone for IPv6 addresses. The best way is to integrate ipv6 addresses in the main zone and have the "legacy ipv4 nat range" as second thing to try (for things that are still ipv4-only like nfs). But I found something weird in certain applications: for unqualified names, ipv4 is preferred, for qualified names ipv6. Forcing ipv6 works, but I want ipv6 to happen naturally.

Telnet shows best what happens:

$ telnet gosper
Trying 10.42.2.1...
Trying 2001:888:1011::694...
$ telnet gosper.idefix.net
Trying 2001:888:1011::694...
Trying 82.95.196.202...

Something weird happening here, so I asked the debian-ipv6 mailing list.

Ik heb ook nog even gekeken naar de optie om een VoipBuster account toe te voegen aan de Asterisk server. Op zich niet ingewikkeld, maar een voorbeeldje helpt altijd. Pierre Gorissen heeft een mooi voorbeeld staan voor de configuratie Asterisk + VoipBuster. Voor gebruik bij evenementen wil ik nog wel wat aanpassingen maken zoals een maximale lengte van gesprekken, en een hele nauwkeurige lijst van toegestane bestemmingen.

Gisterenavond (en al eerder) aan de audio gewerkt voor het Asterisk belspel. Zelf audio knippen, plakken, spraak bewerken, stukjes muziek toevoegen geeft me wel een nieuw respect voor mensen die dit op professioneel niveau doen zoals Jan Polet. En na al het mixwerk moet het ook nog een beetje klinken door een telefoon met een G.711a codec (of slechter!), dus downsamplen naar 64 kilobit mono.

Mijn presentatie van afgelopen zaterdag: VoIP: bellen via het netwerk presentatie HCC PCgg netwerkgroep 20 Oktober 2007 (pdf). Zaterdag dus samen met andere mensen van de netwerkgroep wat dingen kunnen proberen met de VoIP hardware en kunnen denken over wat we er allemaal mee willen.. wat dan natuurlijk weer gekoppeld is met mijn Asterisk projecten.

More VoIP hardware: A Siemens Gigaset C450 IP. Big downside: I needed internet explorer to configure it! It runs a small webserver for configuration, but all javascript was broken in firefox/mozilla. But after the usual swearing at Windows and IE I was able to make it talk to asterisk, with a bit of help from the hints at voip-info: Siemens Gigaset C450IP. It is a nice SIP dect base (with analogue landline support) + handset. A real shame about the IE bit.. it does run Linux inside!

The Register: Pump-and-dump scammers debut MP3 spam. My conclusion: all ingredients for "spit" (spam over ip telephony) are there, and the wait is for the first "event" to happen.

In a flash of thinking in the morning (this is not very usual for me) I remembered that the Asterisk server I set up has quite strict firewalling rules. This does not combine very well with RTP audio. I changed the firewalling rules to accept the RTP ports configured in Asterisk and suddenly: audio from a call to the xs4all test number. Woohoo! A working call!

Some VoIP-hardware to play with: A Grandstream budgetone 101. First working call happened in 5 minutes from opening the box (calling my own speaking clock). The rest of the configuration took a bit longer.. I uploaded and configured the CTU ringtone from '24' as ringtone 1. One thing that does not work (and bugs me) is calling an xs4all number via asterisk: there is just no incoming audio data. Codec problem? Nat problem? No idea.

Een nieuw record in koeriers snappen niet dat mensen overdag werken. Ik had wat VoIP hardware besteld bij Voipsolutions. Vervolgens een paar keer gemailed waar een en ander nu bleef (ruim 2 weken lang) en toen kwam er uit dat de koerier mij overdag niet thuis aangetroffen had en daarvoor contact had opgenomen met de afzender. Dit ging langs allemaal vertragende paden want de koerier in Belgie (ABX logistics) had het pakketje doorgegeven aan GLS logistics in Nederland.. en met GLS had ik al eerder slechte ervaringen. Uiteindelijk maar als alternatief afleveradres mijn werk opgegeven. Daar keken ze nog raar op omdat mijn achternaam niet goed was overgenomen, maar uiteindelijk toch de doos in handen.

Even geleden alweer xs4all-only aangevraagd. Bijna als Xs4all + ADSL van KPN (voorheen mxstream) maar dan heb je als klant alleen maar te maken met Xs4all (en er zitten organisatorisch/technisch in het netwerk ook verschillen). Vandaag viel de verbinding weg en was blijkbaar de omzetting (dat had ik wel even vantevoren willen weten, maargoed). Alleen zat ik natuurlijk op dat moment aan de verkeerde kant van de netwerkverbinding om even de instellingen te wijzigen thuis. Omdat ik JP's SIP_SPOOF gebruik moest ik het IP ook 'even' thuis instellen, zowel in de server thuis als in het adsl modem (Speedtouch 546i). De commando's in de Speedtouch: :env set var=PPP_ip value=NIEUW_IP (ergens gebruikt SIP_SPOOF dat), :ip rtdelete dst=OUD_IP/32 intf=eth0, :ip rtadd dst=NIEUW_IP/32 intf=eth0. Natuurlijk ook /etc/network/interfaces aanpassen. Tijdelijk even IP 10.0.0.150 gebruiken voorkomt dat je er uitgegooid wordt bij het omzetten van de routing.

The Register: Windows update brings down TV newscast. This reminds me of the local infochannel we saw on our 2007 wintersport holiday: every morning at 09:00 the infochannel changed to a screen of Windows 2000 rebooting and starting up and starting Scala Infochannel for images, short clips, commercials, snow heights and weather reports. Lots of possibilities for error-message like this screengrab from 2002 showing that the local cable channel in Utrecht did something likewise. From what I hear, it is possible to run software like Scala on a secondary video adapter that will just go black or freeze when the system fails, and not show the Windows error popups.

Wardriving results 13 September - 9 October: 1643 new networks with GPS locations. Now to find a way to mount the extra antenna on the recumbent bike. Probably some DIY work with a bit of metal for the magnetic mounts of the gps receiver and the antenna.

Niet veel wardrive resultaten recent omdat ik nog niet het wardriven en het ligfietsen ideaal gecombineerd heb. Maar de wardrive-setup zonder extra antenne werkt nu wel op de ligfiets, en ik bedacht me dat in de kismet logfiles ook de snelheden staan waarmee ik langs netwerken kwam. Een perl oneliner later: hoogste snelheid 38.76 km/uur. Een snelheidsmeter voor op de ligfiets staat nog op het verlanglijstje.

Vanmorgen zag een vrouwelijke fietser totaal niet aankomen dat ik linksaf zou slaan nadat ik links richting aangegeven had. Ze moest een rare slinger maken om niet tegen me aan te rijden of om te vallen en daarna keek ze nogal schaapachtig naar me. Een nieuw record in rariteiten op de weg.

Mijn presentatie van afgelopen zaterdag: VoIP: Voice Over IP presentatie 6 Oktober 2007 HCC PCgg (pdf)

Een interresant maar zeer goed gevuld weekend gehad: vrijdag, zaterdag en zondag was het ligfietsers herfsttreffen. Maar zaterdag mocht ik ook een presentatie over VoIP (Voice over IP) houden bij de open dag van de HCC PCgg samen met de HCC afdeling Apeldoorn. Dus: vrijdagmiddag vrij (fietsend naar huis nog de laatste dingen op mijn werk afgehandeld). Met andere ligfietsers uit Utrecht naar de camping gefietst. Zaterdag in de vroegte opgestaan, met de fiets naar station Hilversum, nog even naar de juiste weg gezocht in Hilversum en vervolgens een minuut te laat om nog in te laden in de geplande trein. Met de trein naar Apeldoorn (mijn Nazca Pioneer met de trein meenemen gaat trouwens prima al is'ie wat lang voor de fietsruimte in een IC-3 treinstel). Daarna in Apeldoorn naar de lokatie aan de rand van Apeldoorn gefietst. Wat zo snel ging dat ik nog net op tijd was voor het begin van de hele dag. Mijn presentatie was 's middags en daar zat maar liefst een hele echte bezoeker, dus Eddie heeft snel nog wat extra bezoekers opgetrommeld. De presentatie ging redelijk, ik moet nogsteeds het nodige verbeteren aan de presentatietechniek.. daarna weer terug, waarbij ik nu de weg iets beter kende. De overgang tussen HCC bijeenkomst overdag en de ligfietsers was opvallend. Bij de HCC heeft iedereen het natuurlijk over computers en software, bij de ligfietsers gaan de gesprekken over het knutselen aan ligfietsen, mooie tochten en de prijzen van ligfietsen. Een heel verschil in onderwerp, maar aan beide kanten wel een vergelijkbare passie voor het onderwerp. Zondag met een aantal ligfietsers rustig teruggereden naar Utrecht en daarna eigenlijk weinig meer gedaan behalve een beetje in huis rondhangen en een goed boek lezen. Update: Mijn foto's van het herfsttreffen staan nu ook on-line.

It seems Eircom broadband missed the news about WEP being dead (pdf) and WEP being really dead. From The Register: Eircom wireless security flaw revealed

Eircom's director of communications Paul Bradley defended the protocol, however, saying "WEP is an industry standard protocol used by telecoms providers around the world."

Well Paul, just because all the stubborn kids do it, does not mean it is the right choice.

Looking for something else I found Blue Box: The VoIP Security Podcast which talks about (lack of) VoIP security. I love the name, it refers to attacks on telephony systems being something of all ages, independent of the actual technology. The new age of VoIP just makes new attacks possible. And with different queries I found Blue Boxing Comes to VoIP in the wired archives. "Phiber Optik" has written a module for Asterisk to make it accept MF (and be bluebox-able).

Ik heb vanavond iets aparts gedaan in Asterisk : ik heb er een echt telefoongesprek met een echt mens mee gevoerd! Na alle testen wilde ik wel eens weten of het routeren van een extension naar een telefoontoestel (ok, een softphone) werkte. Het werkte in een keer ;)

Een simpele vraag waarom doe je niet het weerbericht? toen ik me afvroeg wat ik nog meer kon doen in Asterisk heb ik nu beantwoord met Asterisk metar weerbericht. Nu nog in het engels, omdat de weertermen in het engels zijn en omdat nederlands voor festival nog erg in ontwikkeling is.

About one and a half hour later, ntp.cs.uu.nl peaked at 1000.60 packets/second.

I'm a timegeek, and part of that is making our timeserver at work perform great in the NTP Pool project. With the recently updated pool dns system, servers that have more upstream bandwidth get more clients. We have been ogling our ntp stats for ntp.cs.uu.nl a lot seeing how the client count is through the roof (the internal data structures of ntp can't count beyond 3500 clients without serious hacking) and traffic is rising seriously lately. Still waiting for the first time we get over 1000 packets/second ntp traffic. Our ntp server has no problem at all dealing with this.

Mijn Asterisk projecten hebben allemaal eigen paginas waar scripts en uitleg staan. Even een overzichtje: project 002: sprekende klok, bel een podcast en project belspel: hou bellers aan de lijn bezig. Sommige dingen zijn een beetje 'af' (maar kunnen natuurlijk nog verbeterd worden), andere projecten zijn net aan wild idee. Reacties zijn welkom.

I visited a HP Procurve seminar yesterday about network security. Interesting talks, including one by the HP Procurve security architect. I had a chat with him about network loops which took down the university network a few times recently and he told me that HP Procurve switches now offer loop protection which would detect loops (even the ones that spanning tree would 'miss' because some older equipment may silently drop spanning tree packets), shutdown the originating port and report the error. The security architect told me that unauthorized loops and rogue dhcp servers are the major problems in university networks, and I agree. I found a weblog entry describing the HP Procurve loop protection very nicely.

I kept seeing things in the logs like Sep 16 05:52:39 gosper named[779]: denied query from [143.215.129.200].22632 for "www.capitalone.com" A/IN, all from 143.215.129.200, 143.215.129.102, 143.215.129.43 without any explanation to be found on the web. The name guesses some sort of study of DNS answers, and all queries seem to be for phishing targets, but several thousand answers "your query was denied" doesn't make them stop asking. Solution: iptables -t filter -I INPUT 8 -j REJECT --source 143.215.129.0/24 --protocol udp --dport 53 --reject-with icmp-admin-prohibited. Mail to noc@ was never answered.

Wardrive results 31 August (I missed a few days when they fell out of the WiGLE upload stats) to 12 September: 618 new networks with gps locations. Not much, due to me mostly being on the recumbent bike (which has no place to mount the gps module and extra antenna yet) and I'm still learning cycling in the city with the recumbent.

I bought my own recumbent bike (ligfiets), a Nazca Pioneer. I was thinking about it anyway, the holiday trip only made those thoughts more serious and now the ligfietser.nl shop is closing so I got a nice deal on the bike I rode around with during my holiday. The bike was still adjusted to my length so I guess I have been the only renter.

Printing manpages in nice postscript is something I do very rare, so I always forget the right incantation. The last time I had to use it was when I still had a Solaris desktop. Anyway, wanted to do it today from a redhat manpage source. Google found me Printing manpages .. and I adjusted the command to be: gzip -dc dhcpd.conf.5.gz | groff -t -e -mandoc -Tps | lpr.

Timegeeks who can make the serious commitment towards being a long-time ntp pool member but don't have the hardware available to pick that last nanosecond of precision from the sky should peek at this announcement: Meinberg is donating some really great timekeeping equipment to the ntp pool project and it will be available to a pool member.

I was trying some stuff in Asterisk yesterday evening and I got weird errors on trying the command MP3Player with a podcast mp3. The error message was NOTICE[2925] app_mp3.c: Poll timed out/errored out with 0. Trying mpg123 0.59r by hand on that file showed what went wrong: it gives a segfault, probably on the weird id3v1 / id3v2 tags. Solution: id3v2 -D thepodcast.mp3 which strips all id3 tags. After that the dail-a-podcast idea worked.

The scripts for this are available (with Dutch comments): Asterisk podcast per telefoon.

Ik had weer eens tijd/zin om met Asterisk te spelen. Sinds een tijdje is de fritz!box een 5012 en die wilde weer geen dtmf doorgeven via xs4all-voip naar Asterisk. Toen maar even telnet aangezet met #96*7* en daarna in /var/flash/voip.cfg voor de xs4all instellingen de regel infodtmfnotsupported = no; gewijzigd in infodtmfnotsupported = yes;. Nu kon ik weer wel in m'n eigen menus kiezen!

A company in the US, Solis Energy, is producing solar-panel power systems especially geared towards running wireless networking in hard-to-reach places. Sounds like a turn-key version of some of the functionality in my project sundial for a self-powered weather station. Sources: Computerworld Australia: Power Wi-Fi using the sun, says startup Slashdot: Solar Powered Wifi.

Weird tidbit in the home server: disk /dev/hdc, a WDC WD3200AAJB will not go to standby mode on the timer. With hdparm -S 59 /dev/hdc no standby mode happens, while I am sure nothing accesses the drive (unmounting all partitions and stopping smartmontools). When I force it to standby with hdparm -y /dev/hdc it will stay in standby mode until the partition is accessed again.

Wardriving results 20 - 28 August: 4231 new networks with GPS locations. A visit to Amersfoort by bike set a new record for new networks found in one trip: 2495 new networks in one go.

After hearing the very catchy Country Boy (City Boy Remix) on the Alaska Podshow 163 and on Adam Curry's Daily Source Code 631 I had to find that mix. Party Ben has this and other funny mixes available on the Party Ben - Stuff to have page.

In browsing the transmission gallery UK broadcast transmission sites I remembered a tv tower we saw in our UK holiday in 2004 (Dutch report). After a lot of searching and pondering what the correct name was I found out that the transmission site we camped near in Dartmoor is named North Hessary Tor which is near the town of Princetown. The site has radio transmitters to serve a large area in the southwest of England and .. a 12.5W TV relay only serving Princetown and the Dartmoor prison.

I really enjoy The Alaska PodShow Podcast. I visited Alaska myself in 2002 and really enjoyed it over there, which makes the alaska podshow a joy to listen to. Recognizable stuff, and things I would like to see on a next visit to Alaska (although I already saw both highways..). I'd like to go back some day (preferably when the US treats visiting tourists less like suspects) because Alaska is beautiful to visit.

Ik verzamel locatiegegevens van zoveel mogelijk draadloze netwerken, anderen verzamelen locatiegegevens en foto's van zoveel mogelijk ADSL centrales in Nederland. Erg leuke site.

Wardriving results 9 - 19 August: 2803 new networks with GPS locations. Some detours through the city with scores both from the new setup and from visiting areas I haven't visited in a while.

I have taken over as maintainer of the perl Geo::METAR module for parsing METAR (Aviation routine weather report) data. Although METAR is supposed to be a strict format I find lots and lots of regional variations, newer versions, things that should not be used anymore and other things making parsing hard. I'm now using the 24-hour metar files from the National Weather Service Internet Weather Source and I use those to stresstest the METAR-parser, looking up things that make it fail completely and fixing those.

I watched the Perseid meteor shower and tried to take pictures. Not much luck on the picture taking, I set up the camera wrong and the lens fogged up. One picture has a meteor trail: one version of the picture (crop/scale) second version of the picture (scale). The meteor trail is in the bottom right.

Gezien in de kismet logs: Found new network "martin en margo" gevolgd door Found new network "naast martin en margo".

Wardriving results 5 July - 8 August: 4623 new networks with gps locations. Before our holiday I did some tours to up my scores and test the new antenna, including a visit to Lunetten and Leidsche Rijn (parts of Utrecht).

Windows XP update sees Windows Explorer as a security risk with a screenshot of the actual error message. To help protect you computer, Windows has closed this program. Name: Windows Explorer Publisher: Microsoft Corporation.

At home, in the garden, with barbecue weather I notice an ad-hoc network in the wireless networks lists with ssid AMD_IBSS and regularly changing channel and mac address. Anybody got any idea what this is? In other wireless at home news: the neighbourhood has no unsecured wireless networks left, and WEP is a minority.

Back from vacation! We rented recumbent bikes and biked around the Netherlands for three weeks, camping and visiting some friends. The weather cooperated mostly, just some minor rainy days and a few rainshowers.

As part of their very tough job of collecting lots of money from Internet radio stations, SoundExchange seems to have quite a problem contacting several artists, therefore having to burden themselves with keeping the money. You can help SoundExchange! Look at the SoundExchange unpaid artists lists, find artists you know, google for the contact information for the artist (usually a representing agency) and tell them to collect their money by filling out the right forms.

Picture of the updated wardriving setup: laptop in the bag, external antenna and gps receiver on top .. the new setup is scoring a lot more networks.

De Casema-adviseur is alweer langsgeweest en heeft een briefje achtergelaten of we contact willen opnemen als we meer willen weten van het aanbod. Twee of drie weken geleden lag er ook al zo'n briefje, en kort daarvoor hebben we een keer een iemand aan de deur gesproken van Casema die we snel konden vertellen geen interesse te hebben in andere diensten. Zouden ze zo slecht bijhouden dat hun klanten geen interesse hebben in andere diensten of zou Casema zo verlegen zitten om klanten voor Internettoegang / digitale TV / telefonie.

Wardriving results 27 June - 4 July: 1318 new networks with gps locations. The missing part (an antenna cable) for the new wardriving antenna came in, I modified it to the cable and connection I wanted, an external N(F) connection on the new card, made sure all cables were ok and held in place without straining connectors or soldering points and I did a testrun through Utrecht. Where I would expect 50 to 100 new networks I got 366 new networks. Which means the antenna and card are working. I am now at position 24 in the WiGLE stats.

We zijn vandaag bij ligfietser.nl geweest om ligfietsen uit te zoeken voor onze vakantie.

Following Wimbledon on the BBC I noticed the signs with www.wimbledon.org on the courts. Some neat work on live scores on that website: wimbledon live scores in flash 9 and wimbledon live scores for other browsers. Mighty impressive work there by IBM: the page is up-to-the-second with the current scores, and a few thousand hits per second more or less isn't going to be a problem. And with other browsers they mean all other browsers: it even gives a good view in lynx.

Niels woont tegenwoordig in mijn geboortestad Dordrecht en gaat met een team meedoen aan de Abenteuer Rallye Dresden - Breslau 2007. Via de website van 4x4 Team Drechtsteden is hun voortgang te volgen. Ik ben benieuwd.

Wardriving results 17 - 26 June: 639 new networks with gps locations. No big numbers of new networks found, just detours through Utrecht. But those numbers have made me steadily get up to position 25 in the WiGLE stats. Since that is a position with some active wardrivers around it, I guess that will keep changing. I also bought some extra wardriving hardware for advanced geekery: an external antenna which should score me extra networks on purpose wardriving tours, and the bits to get the results to the laptop. I will need some more work (soldering, mechanical work) before I can start biking around with the antenna on my bike.

Heaps of kernel messages on the home server ndisc_send_redirect: not a neighbour which is ipv6 related. I did a google search for it which found a bit by Jonathan McDowell mentioning ndisc_send_redirect: not a neighbour but the real solution for me was in the comments. Somewhere eth0 of the server had lost its IPv6 address. Doing ifdown eth0; ifup eth0 made the correct ipv6 address reappear and now the messages seem to have stopped.

A websearch on the name of my old bbs yielded a page in England where listings of BBSes outside the US are gathered, to augment those at http://bbslist.textfiles.com/. Jason Scott is good at gathering BBS history, but decided to focus on the US. So, Koos z'n Doos is listed in BBSlist, Netherlands, other [link expired] and I updated the wikia page for Koos z'n Doos.

While doing some websearches for the Wardriving in Nederland article (that one is in Dutch) I came across the London war peddlaz which seem to be (or have been, it's a 2001 article) wardrivers on bike in London. There are other warbicyclers out there!

The phone line was repaired in less than 10 minutes: the adsl-splitter was probably the victim of thunderstorms last week. We will be billed for the "repair" now: removing the splitter was the repair, and the splitter is customer-equipment. I was lucky to have a newer splitter laying around. I opened the old splitter and it has indeed burnmarks on the inside. In hindsight the next thing I should have checked. Oh well, after answering a number of helpdesk mails today with "As announced recently .." I was the one saying "D'oh!!".

The adsl line at home was acting flaky, so I went through the debugging motions at home yesterday before I was going to call the KPN repairs number, to make sure the problem was on their end (and avoiding "have you tried X" answers). That debugging stopped short when I noticed the 'line ok' light on the NT-1 wasn't lit and we indeed had no phone service too. That made the call to the repairs number a lot easier: "We have no phone, no light on the NT-1 and by the way adsl is having problems too". According to their line test the NT-1 is broken. A repair person will visit tomorrow morning, I hope he can find the real source since I'm not sure just a broken NT-1 will give these problems.

Wardriving results 30 May - 16 June: 3119 new networks with GPS locations. A number of detours from standard places to visit and a few purpose wardrives. Although I kept some of those short because it was either too hot or too rainy. I have passed the 60000 networks mark at WiGLE and I'm now at rank 27 in the WiGLE stats. I'm looking for an external antenna / wireless card that can improve reception.

On the Internet, nobody cares you're a good athlete. Story from The Washington Post: Teen Tests Internet's Lewd Track Record about a young athlete, Allison Stokke, getting a lot of attention because of one picture being spread. Source: Usenet newsgroup comp.dcom.telecom, the telecom digest.

Some pictures from the feeding of the blackbirds in our garden:

Blackbird with food on our lawnchair, ready to deliver it to the nest

and

Blackbird in the entrance to the nest

all gardenlife now has a set gardenlife.

At completely the wrong moment, another disk in my home server went bad. It first showed as loads and loads of ide errors. I had no time to deal with it, so I just left it spewing errors. Which made the problem go away for the biggest part. Eventually I got around to buying a new disk, a cheap 320 Gig disk. I wanted to set up /scratch new, without reiserfs and started to move data to a new scratch volume. This went well until I wanted to shrink the logical volume: the whole volume set became corrupted. I was still able to access my data, so I borrowed some diskspace, reused some other disks and copied everything to another machine using rsync. After I rebooted the server, the volume groups were indeed gone, and I switched to 'old-fashioned' partitions and spend quite some time dividing the loads of data on the new partitions. All is back to normal now, but without lvm or reiserfs.

Found on The Wikipedia entry for Internet Relay Chat: IRC served as an early laboratory for many kinds of Internet attacks, such as using fake ICMP unreachable messages to break TCP-based IRC connections ("nuking") to annoy users or facilitate takeovers. From what I've seen in the past, this is putting it very lightly.

Microsoft Working On 'Vista: Kitchen Edition' gives me a Back to the eighties feeling when the home computer was going to help organize the recipes in the kitchen. All sing along with Hey, hey, 16k (flash, audio) remembering those days.

Two dead young blackbirds in our garden today. I'm not sure what happened, the best guess is that the cats got them in their first flying lesson.

Robert Soloway was taken into custody today on several charges. Everybody with an e-mail address has probably received his spam. Good to know that justice gets served on spammers eventually. Also published in the Seattle Post Intelligencer: Feds: Notorious Seattle 'Spam King' indicted. Original source: Usenet posting.

Wardriving results 5 May - 29 May: 2903 new networks with GPS locations according to WiGLE. A visit to Nieuwegein, uncharted bits of Utrecht, a visit of Delft. Visits to areas I haven't seen in a while score high numbers of networks. I guess a lot of people buy new wireless network equipment at the moment (probably pre-802.11n equipment or replacing WEP-secured stuff).

Blackbird with food

I got a picture of the blackbird after a lot of waiting with the camera standby.

The asterisk project for the speaking clock now has its own page: Asterisk project 002 where the current version of the script can be viewed.

The blackbird nest in our backyard is occupied again. Two blackbirds are flying in and out of the place I saw the nest. We were gone for a couple of days, I guess they thought the garden was safe enough. Today we had lunch in the garden and one of the blackbirds was a bit irritated at us sitting in our own garden! ;)

One of those nagging things: music on hold sounded real slow in Asterisk. By default, asterisk uses mpg123. The small print of the documentation (and some web links) showed that the version default with the Debian on the test server is indeed not 'right' for this task. So, after rebuilding mpg123 from source I had working music on hold with a collection of irritating earworm music! Time to find a better source of music.. maybe Podshow has some feed I can use for podsafe hold music.

I played with Asterisk scripting last evening. Started out with an empty extensions.conf and went from there to create a speaking clock. I was trying to copy the old Dutch ptt telecom 002 experience, with a Dutch voice I found at VoIP wiki nl: Asterisk en taal afhankelijke sound files. I run this ofcourse on a ntp-synchronized server, a talking clock has to be correct! I tried to make it run on intervals of 10 seconds, but that doesn't work completely yet.

Recompiling php I noticed at the end that certain libraries were mentioned a lot in the final linking stage: -lcrypt -lcrypt -lpq -lldap -llber -lfreetype -lpng -lz -ljpeg -lcurl -lz -lresolv -lm -ldl -lnsl -lxml2 -lz -lm -lcurl -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv -lidn -lssl -lcrypto -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -lz -lxml2 -lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lcrypt -lxml2 -lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lcrypt. The winners: 12 -lz, 8 -lm, 7 -lxml2, 4 -lresolv, 4 -lcrypt ...

This weekend I tried Asterisk, the open source pbx for the first time because I plan to give some lectures and demonstrations on the subject of VoIP later this year, and I want to understand VoIP better by getting some hands-on experience. I found out the learning curve is somewhat steep and the Asterisk quickstart linked from the Debian docs is somewhat minimal. I found an IAX (Asterisk protocol) softphone: idefisk (the linux and mac versions of this program don't support SIP) which helped me do a test of the installation. So, after some fiddling, finding out that an IAX softphone needs to be registered in iax.conf (one of those things that sound completely logical after you run into "it does not work"). The first call I made was to test number 1000, so I heard the voice of Allison Smith telling me I had succesfully installed Asterisk. I am glad I didn't try Asterisk when I wanted to play with xs4all VoIP last year: it would have taken me quite some time to get going. It seems Asterisk is software that you can configure when you have a set target (a home pbx, a call-in information service) and you go reach that target (possibly using extra hardware or extra sip accounts). The 'scripting language' is quite different from anything I'm used to. But now I think I have a set target (given some approval for buying hardware) and I can set up Asterisk for that target.

Mirjam recently bought a laptop. It came with Microsoft Vista as operating system, XP was not an option anymore. The reason for any story of succesfull Vista sales is therefore clearly a result of Microsoft steering the market using their OEM contracts, and not due to Vista being spectacularly good. A lot of people are waiting for it to become useful, service pack 1 to be released or avoiding it alltogether. One of the features of Vista that is supposed to make us say 'Wow' was the eye-candy with stacked windows. Mirjam searched for this feature (her laptop has a fast graphics card, so that should be possible) and found out that you need a business version of Vista to get this part of the 'wow' of Vista. So I guess Vista is not that 'wow' after all, you just get it shoved down your throat.

Ages ago, I was trying to get the pam_groupdn option in ldap.conf for pam_ldap.so to do what I want: limit access to a certain system to certain accounts (where the list of 'certain accounts' could be managed centrally, via that same ldap). It needs a 'groupOfUniqueNames' type object in the ldapserver with multiple 'uniqueMember' fields pointing at the dn of accounts that are member. I found the correct bits in a mail to the secure-shell list: RE: AllowGroups and ldap.

Birds are very active in our back yard. First I saw blackbirds active and thought they might be building a nest. Indeed they were, but when they found out people walk really close to that nest they abandoned it again.

Blackbird nest hidden in our garden

Today I saw sparrows on chimneys all trying to defend their territory.

Sparrow on a nearby chimney

I don't have to travel very far to try nature photography!

Wardriving results 12 April - 4 May: 1918 new networks with GPS locations. Some detours happened, a visit to Houten, a drive to the east of the Netherlands with my first networks mapped in Germany and some purpose visits to small uncharted bits of Utrecht.

From The Onion: Prince William Fells Prince Willem-Alexander Of The Netherlands In Crucial Joust. Back to old times? Or international tension all over.

I decided to try a flickr-account so I can upload and share pictures easily, so I can use my own pictures.idefix.net for well-balanced collections and flickr for 'putting a picture on-line'. Now an attempt to use a flickr picture on my page:

Security cameras in Utrecht seem to be connected together via wireless network

Koos van den Hout: flickr page

bash.org quote I was looking for, #20788:
Murgatroyd: You know you've been playing Nethack too much when...
Murgatroyd: You look both ways down the corridor, start to sweat... then realise you're looking at your EMail address.

German-language extortion spam seems to be the new rage. After the livecamflatrate stuff, I received something that looked like an official court summons to stop spamming. Yes, quite amusing. But, a simple google search finds lots of German blogposts about the Widerruf der Genehmigung zur Speicherung meiner Daten fuer gewerbliche Zwecke. To all those spammers: I don't live in Germany, so you can stop try to extort money from me via the German courts.

I did something really scary: I tried a graphic mailclient, Thunderbird. Yes, I am a big fan of mutt but I kept having attacheritis (promising someone an attachment in an e-mail and forgetting it) and I lost the overview of my imap folders which I think should happen less with a client like Thunderbird. I wanted pgp-signed mail to work correctly so I set up the enigmail pgp plugin to sign and crypt e-mail. Mutt still rocks because it is so configurable and powerful. Cleaning out an mbox from a mailinglist with one 'D~r >3w' command (delete all mail received more than 3 weeks ago) is still faster than clicking around. The good thing about using imaps everywhere is that accessing the same mailbox with multiple clients is no problem at all. I had to set up an imaps server at home but that wasn't very difficult either.

Making the new disk bootable was the quite hard part: the floppy drive of the server turned out to be completely broken, not reading/writing disks. A scsi cd/dvd drive I added could make the machine boot from CD, but took ages to read the rescue cd, sounding like it had serious reading problems. So I used an ide cd-rom drive (but I had to disconnect one of the ide harddisks first to be able to use this), which the machine did see, and used that to make the whole system bootable again. It took a while of working, but I have a working server again.

I bought a new 400G disk at MyCom yesterday. I thought I had to setup the logical volumes all over again because the total size would grow above 1T but that maximum size is the maximum size of one logical volume. So just moving the /scratch volume off the suspect disk and on the new disk was an easy operation using the lvm howto part on removing an old disk. Now to change disks so I can boot from that new disk .. and making it bootable first.

Friday the homeserver developed a problem in one sector of /dev/hda, a Maxtor disk that's been in there since September 2003. The sector was in the bitmap of a reiser filesystem (via lvm) that did not want to mount for this reason. I started a complete reiserfsck on it as a last resort to get that sector rewritten. After 39 hours the complete filesystem check was done, that sector rewritten (and at that time remapped by the drive). The /scratch volume is available again, but I'll buy a new disk for it anyway, to avoid going through this several times.

Wardriving results 28 March - 11 April 2007: 2566 new networks with GPS locations. I did a few detours through the city and one serious wardrive tour through 'uncharted' parts of Nieuwegein. I was in Amsterdam last night and there kismet stopped detecting networks again, as it does every time I start it up there. I wonder what it is about Amsterdam and kismet.

This afternoon, I browsed the e-mail and saw a mail "Debian GNU/Linux 3.1 updated" and thought "I should do that upgrade of the home server gosper to the current stable anyway, let's start it now". So I did, worked out all the problems associated with the upgrade (sendmail only broke a tiny bit, inn2 needed major whacking before it was running again, the usual). Right after I finished the upgrade and started looking whether mail was flowing, I saw the mail "Debian GNU/Linux 4.0 released" .. that previous mail only mentioned "upcoming release".

I always thought the network performance of Linux was great, but in testing the new ftp archive server at work I found out that was wrong. Hitting it with apachebench for massive downloads of the same .iso file resulted in kernel messages about dropped tcp connections. With a simple google search on "TCP: drop open request from" I found a page with Linux network performance tuning tips. Those tips improved things: iso images flew out at wirespeed (gigabit). Lots of concurrent requests for a small file are still an issue, those stuck at somewhere above 1600 hits/second, way below wirespeed. It will do for the moment ;)

In wireless security, WEP is now 'broken harder'. Cryptography researchers at the Technische Universität Darmstadt have researched new attacks and written a tool that has a probability of 50% of finding a 104-bit WEP key within 1 minute.

Something I co-wrote is now published in a book! The book The Complete April Fools' Day RFCs lists RFC 2322: Management of IP numbers by peg-dhcp, which was indeed an april 1st rfc, but also what we really used at HIP'97. Website for The Complete April Fools' Day RFCs where you can read them.

We got a new Netgear GSM7224 managed switch at work, and the procedure to learn it to use SSH is both complicated and not very well documented with Netgear, and it is not something you do every week, so I decided to take notes and document the whole procedure.

The switch I was setting up is named ics-04 so you will see a prompt

(ics-04) >

or in privileged exec mode (usual)

(ics-04) #

First, on another machine, generate ssh server keys, in a directory that can be read by the tftp server, and make sure the tftp server can read them all.

root@athena:/tftpboot/netgear# ssh-keygen -f netgear-ics-04-dsa.key -t dsa -N '' -C ics-04
Generating public/private dsa key pair.
Your identification has been saved in netgear-ics-04-dsa.key.
Your public key has been saved in netgear-ics-04-dsa.key.pub.
The key fingerprint is:
72:79:43:31:3c:42:cd:3a:29:e4:54:96:50:02:af:4b ics-04

root@athena:/tftpboot/netgear# ssh-keygen -f netgear-ics-04-rsa.key -t rsa -N '' -C ics-04
Generating public/private rsa key pair.
Your identification has been saved in netgear-ics-04-rsa.key.
Your public key has been saved in netgear-ics-04-rsa.key.pub.
The key fingerprint is:
b4:e9:fa:24:40:86:57:24:8d:6a:fe:ee:0c:46:20:33 ics-04

root@athena:/tftpboot/netgear# ssh-keygen -f netgear-ics-04-rsa1.key -t rsa1 -N '' -C ics-04
Generating public/private rsa1 key pair.
Your identification has been saved in netgear-ics-04-rsa1.key.
Your public key has been saved in netgear-ics-04-rsa1.key.pub.
The key fingerprint is:
8e:25:9e:84:cf:5d:d3:38:2a:a7:05:89:82:e9:0f:c0 ics-04

root@athena:/tftpboot/netgear# chmod a+r netgear-ics-04-*

Now log in to the switch (serial console or telnet) and install the keys:

(ics-04) #copy tftp://131.211.80.9/netgear/netgear-ics-04-dsa.key nvram:sshkey-dsa

Mode........................................... TFTP
Set TFTP Server IP............................. 131.211.80.9
TFTP Path......................................
TFTP Filename.................................. netgear-ics-04-dsa.key
Data Type...................................... SSH DSA key

Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y

TFTP SSH key receive complete... updating key file...


Key file transfer operation completed succesfully

(ics-04) #copy tftp://131.211.80.9/netgear/netgear-ics-04-rsa1.key nvram:sshkey-rsa1

Mode........................................... TFTP
Set TFTP Server IP............................. 131.211.80.9
TFTP Path......................................
TFTP Filename.................................. netgear-ics-04-rsa1.key
Data Type...................................... SSH RSA1 key

Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y

TFTP SSH key receive complete... updating key file...


Key file transfer operation completed succesfully

(ics-04) #copy tftp://131.211.80.9/netgear/netgear-ics-04-rsa.key nvram:sshkey-rsa2

Mode........................................... TFTP
Set TFTP Server IP............................. 131.211.80.9
TFTP Path......................................
TFTP Filename.................................. netgear-ics-04-rsa.key
Data Type...................................... SSH RSA2 key

Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y

TFTP SSH key receive complete... updating key file...


Key file transfer operation completed succesfully

Now, enable ssh:

(ics-04) #ip ssh

Optional, only allow SSH 2 protocol

(ics-04) #ip ssh protocol 2

Optional, set the ssh login session timeout

(ics-04) #sshcon timeout 120

Review the config

(ics-04) #show ip ssh

SSH Configuration

Administrative Mode: .......................... Enabled
Protocol Levels: .............................. Version 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 5
SSH Timeout: .................................. 120

Test the new ssh config:

$ ssh admin@ics-04
Warning: Permanently added 'ics-04,xxx.xxx.xxxx' (RSA) to the list of known hosts.
admin@ics-04's password:

(ics-04) >

Finally, disabling telnet after testing ssh connectivity:

(ics-04) #configure

(ics-04) (Config)#lineconfig

(ics-04) (Line)#session-limit 0

(ics-04) (Line)#no transport input telnet

(ics-04) (Line)#exit

(ics-04) (Config)#exit

Saving your hard work:

(ics-04) #copy system:running-config nvram:startup-config

This operation may take a few minutes.
Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y

Configuration Saved!

And now the switch uses secure logins via ssh. Yes, logins start slow, especially on the GSM7224, there is not a lot of cpu capacity available. That is why you have to generate the keys on a different machine.

Wardriving results 16 - 27 March: 566 new networks with GPS locations. My WiGLE rank is back at position 29 where I will probably stay for a while. No serious wardriving-tours, just a few detours through areas I visited before, where I score quite a number of new networks.

Nice newsbit: Aussies fuming over 'frozen' LG digitals TVs.. digital content making the software in certain digital receivers from LG freeze up. When a digital bitstream (data) can make the decoding software freeze, it means (to me) the decoding software has not enough separation of data and code. Things like table-lookups running out of space can make this happen.

I rescued a dds-3 tapedrive from a server at work that was being thrown out, and added it to the home server gosper. I did a bit of reading first whether amanda would support two tape drives as a virtual changer and indeed it does. Configured it after reading the docs, and did a test run. It just works, and I really like this in open source software. This will save me on runs to the attic where the server lives. I updated the Building - and maintaining - a new home server with this bit and did a general cleanup of the timeline (for as far as I could remember stuff... I still have no idea when I did the memory upgrades).

Wardriving results 10 - 15 March: 1522 new networks with GPS locations according to WiGLE. Although I am sure I located networks previously seen at wigle but where I was the first one to find the location since my Total New Discovered Networks with GPS counter went up more than this count of 1522. My rank in the WiGLE stats shot up to position 28. I cycled through Houten today which got me a nice score of new networks.

I passed the 50000 new networks with gps mark at WiGLE this morning. A personal milestone! I knew I was close, so I took a detour through the area around the Catharijnesignel in Utrecht to get those extra networks.

War-flying .. yet another way of wardriving. Fun stuff. I'd like to do a war-flying sweep of the city of Utrecht one day.. but haven't met someone with an airplane yet who I dare ask about this crazy idea. Found via the wigle forums: warflying with kismet. The warning about not transmitting is because the big antenna was indeed quite close to the head of the person operating the laptop (hobby airplanes are small inside). I haven't had much time for wardriving, and I am back at 30th place in the wigle ranks because someone else uploaded a load of new points.

This morning the gps unit functioned better, it was still running when I arrived at work without weird control scripts. I had to take the most direct route to work because of an early meeting, so no detours. According to WiGLE 11 new networks with GPS locations and 1 without GPS location, although I see no missing location data in the logfile. I am back at 29th rank in wigle...

The gps usb cable started going more and more flaky, which resulted in more networks found without location data.. which does not improve my score. Today I stopped twice on my way home to restart kismet so it synchronized with the gps again. Still, I scored 99 new networks today without gps locations, and 51 new networks with gps locations. I decided to modify an old usb cable together with an old keyboard extension cable to power the gps (power from the usb connector, data to serial) so I could revert to getting data in via the good old serial port. I considered soldering the keyboard cable to the mainboard but the service manual for this laptop makes this look like a very complicated thing to do.

I am quite sure I found the source of the interesting network I wrote about yesterday. I mapped the found networks and suddenly connected these to the local big grocery shop: Albert Heijn which uses a wifi-based (although the name 'radiolan' is on all the devices) checkout system. One google search later gives an article confirming this theory: A system designed to dramatically accelerate the check-out process and improve the customer shopping experience has been co-developed by Albert Heijn, Europe's largest grocery market chain, and TNO Product Center, a leading Dutch engineering design firm and Symbol Technologies.. Time to look whether the mac addresses on the devices look like the symbol technologies addresses I saw.

Sometimes you run into a very oooh, shiny! subject when looking for something else. I visited David Taylor's pages looking for his writeup of FreeBSD NTP server with an external GPS mainly to 'compare notes' with my own FreeBSD ntpd PPS setup (PPS slave) writeup. No surprises there, but one click led to the other, when I found out that David Taylor is also interested in receiving weather information and dove into that. He has a nice overview of his experiments in weather satellite receiving and decoding and I found out about EUMETCast data where you can receive weather satellite images via a satellite dish. Which uses a 'data' PID on a transponder, which is implemented as multicast data streams. Several personal interests for me and work-related stuff comes together in this. It's good to know this exists, but I won't be running out to buy a satellite weather map receiver now.

I am seeing an interesting thing on my simple wardrive trips in the city of Utrecht: tens of access-points all having ssid 8BEA7F84. Maybe a mesh network or some other project. Google searches showed nothing yet. I did find out (using the mac addresses) that all the access-points are made by 'Symbol Technologies', who indeed offer mesh networks. Any idea? Please let me know.

Wardriving results 27 February - 3 March : 429 new networks with GPS locations. Back at position 30 again in the WiGLE stats.

Lore Sjöberg wrote a nice bit for Wired online: How to Heat Up Geek Reality TV where he describes tv show concepts that would actually appeal to the techies and trekkies/trekkers in the audience. Funny stuff!

Wardriving results.. that 29th position was close a few times but the other WiGLE user uploaded new points right before I overtook him. After a few tries and with a detour through Nieuwegein I made it: back at 29th position. Barely: the difference is 8 networks with gps locations. Since the previous post about wardriving: 693 new networks with GPS locations.

Coolness: Graffiti Research Lab: L.A.S.E.R. Tag where G.R.L. projected graffiti on a big building in Rotterdam.

Wardriving results still occuring, and a good score today because I rode through 'uncharted' parts of Lunetten, a part of Utrecht: 431 new networks with GPS locations in one bike detour. Current ranking at WiGLE is at 30, someone overtook me (not completely unexpected) although I am on the way back to position 29 again.

A great sample of the 'movie plot' way in which 'terrorism' is seen and handled: a Vancouver police computer crime investigator has warned about how the wifi network in the city can be abused by terrorists at the 2010 winter olympics. Yes, three years from now. Reading the original article in the Vancouver Sun makes it an almost funny story (from this distance) but the saddening part is that this detective is serious and the newspaper seems to take his story serious. Bruce Schneier has written a good response about it Movie Plot Threat in Vancouver. One good comment:

I think the Vancouver Police crime investigator watches too much "24".

Sometimes Debian makes me go "aaaargh" a bit. When I visited Paris and wanted Internet access, I found out the pairing between my phone and the laptop had gone bad (all errors). Trying to delete the pairing and setting it up again gave a problem: there is no working bluetooth-pin application at the moment. Due to the dbus package being in transition, an attempt to install bluez-pin results in bluez-utils being removed (which means there is no bluetooth stack left running to authenticate in the first place). Google-fu to the rescue: Impossible to do pairing in Kubuntu shows that ubuntu users have the same problem and Dan V posted a solution how to build the command-line passkey-agent from the bluez-utils sources and use that to get a pairing again. I'm not the only one frustrated, debian bug 382269 shows more frustrated users.

Back.. From a visit to Paris this time. A project at work got me an invitation to the Lucent Alcatel user conference in Paris (lots of voip stuff there, information on new stuff in voip) and Mirjam had the idea to add a few days in Paris to visit all those places you have to visit as a tourist there. And lots of other tourists did just that...

Other source of that headache: having a windows user manage his own .htpasswd file. At least, trying to enable this. 'We' (unix users) are used to htpasswd [-cmdps] passwordfile username being normal, but this was a case of "where do I click". And this seems to be hard: a program to open, edit (add users/modify passwords/delete users) and save .htpasswd files. So far the least problematic program for this task I found is htpasswdgenerator. One major issue was that this program only supports crypt() passwords in the 'Pro' version, and this is the default under unix (plaintext is not available in the unix version). The program isn't bugfree, it gives weird errors about its tempfiles.... pfff. Another program wanted complete control over both .htaccess and .htpasswd and an ftp account to upload files to the webserver. Uh, just write the .htpasswd file to the right path? Oh, and this all costs money.. 15 to 30 dollars for what is a bit of user-interface and minimal file handling.

Source of a minor headache today: mod_authnz_ldap in apache 2.2 not doing what I want until I read the small print in the docs. Hope this bit: mod_authnz_ldap, Apache 2.2 and allowing all ldap users helps other people fix this.

Finding the right way to configure mod_authnz_ldap in apache 2.2 to allow all valid ldap users gave me a bit of a headache until Simon Cozens pointed me in the right direction of the valid way to get this effect. It is mentioned in the documentation, see the bit about mod_authnz_ldap and require valid-user.

Because my google-fu failed to find this, here is the correct sample:

        AuthName "Informatica medewerkers en studenten"
        AuthType Basic
        AuthLDAPURL ldap://ldap.cs.uu.nl:389/dc=cs,dc=uu,dc=nl?uid
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        require valid-user

Yes, AuthzLDAPAuthoritative off looks odd, but it is the way it works.

So. Yes. Wardriving. Still doing it, but since I'm still back to using the USB cable for the gps, with the associated hickups, I'm not really making big tours to score extra networks and with all the restarts of wigle I upload a lot of tiny files. Which means previous results fade out of the wigle result page fast. Anyway, I'm still at position 29 in the rankings at WiGLE, and I found 974 new networks with GPS sofar in February.

Big Media DMCA Notices: Guilty until proven innocent by Ben Maurer shows how BayTSP does very little 'research' in trying to find 'illegal filesharers' on bittorrent networks. Sounds like nothing was learned since the letters representing Microsoft asking for "Office" to be removed from an ftp-site because OpenOffice was available for download. Via: Slashdot article "To Media Companies, BitTorrent Implies Guilt"

New irregular: Configuring ssh on a Netgear GSM7224 switch. One of those things you don't do too often and have to dig up bits of information on how to do it from varying locations.

Back from snowboard holiday in Morzine, France... didn't break anything, not too much muscle pains and we had a great time! And yes, there was enough snow on the pistes, thanks to the hard work of the people of the Portes du Soleil piste services.

I took some pictures today of the remains of the collapsed towercrane. The site was guarded (although the guard decided to stay out of my pictures). It will be quite a project to remove the wreckage when investigations are done. In the last picture you indeed look right into the (empty at the time of the collapse) classroom.

I did some hacking today on Snowcam, whacking the stylesheet to differentiate in the order of elements in the html source versus the order of elements on the page, and adding a bunch of webcams at wintersport resorts all over the world, because I'm in the mood for the upcoming wintersport holiday in Morzine. Now looking at snowreports and Morzine webcams daily. I found out that the site looks awful in IE6 and fiddled with the stylesheet until it worked.

After the big news about the tower crane collapsing in Utrecht (Dutch) which was two buildings down from where I work. I had to be in a building right next to the remains of the crane today. Weird sight: everyone gone from the site (I saw a few people which looked like they were from the building company that owned the crane). And I saw at least two people with yet another job I don't want to swap with: guards who made sure nobody entered the closed off area. From what I hear from others, the location is guarded 24 hours per day.

For a while I had the webcam running from work pointing at a moderately nice view from the Kruyt gebouw pointing at the construction work for the new 'FE' building of the Hogeschool Utrecht. Since I used my standard webcam-scripts, there is a full archive, now online: Archive of webcam pictures from when the cam was in the Kruyt building. Enjoy, or something. I like this one: 8 am morning fog in October.

Simon Hania van xs4all heeft een goed stuk geschreven over de voorstellen voor bewaarplicht in Nederland, de privacy implicaties er van en de kosten. Interresant leesvoer voor iedere betrokkene.

We went snowboarding last night at De Uithof in Den Haag (absolutely not related to the part of Utrecht named de Uithof where I work). I took it easy, a friend came along who tried snowboarding for the first time (normally he skies on wintersport holidays). He learned faster than the snowboard class taking place while we were there!

Jason Scott pulled a nice stunt when he was confronted with loads and loads of links to an image on his site.. he Goatse'd them all.. and found out in the process that the real culprut was a stupid design site offering 'free myspace layouts'. I had the same happening with idefix.net in 2002 and wrote about deep linking and bandwidth theft. As Jason shows: you link to my urlspace, I control what comes back, and you may not like it.

Telemarketeer calls are annoying, but from time to time we get one of the extra annoying kind: The does not want to talk to the answering machine kind, who hang up quite fast. Result: even when we're home to grab the phone, they still hang up. Irritating.

The series The Secret Life of Machines has been posted to google video: The Secret Life of Machines. Fun to watch, really british.

Found this gem:

"Media hysteria about e-mail stalking and the threat to children on the Internet"

in The Best and Worst of 1994 and Predictions for '95. Some things haven't changed in 12 years, it's just called "MySpace" now. Source: Nothing To Say: The Internet Year In Review - 1994.

A spammer has used a sender address in one of my domains as From: address, so I get to see all the bounces, and in some cases the original e-mail gets bounced along so I get to view the original. The spam itself uses an image that is supposed to defeat any OCR attempt by anti-spam software, but I have a hard time viewing the image myself... stock symbol and description gimped away because I don't want to become a stock criminal myself.

I've been thinking about building a weather-station / ntp server with solar power for a while, and decided to start documenting the design, the ideas and the (lack of) progress. Named project sundial because it uses the sun to tell time, just in a somewhat convoluted way.

Happy new year! Gelukkig nieuw jaar! I had a great new years eve with friends, and took pictures of the fireworks (the Dutch have the habit to set of fireworks to start of the new year). A special gelukkig nieuw jaar to the listeners from Chub Creek, my favourite Canadian podcast! .. I made another guest appearance on Chub Creek.