2017-12-30 Laatste DAB scan van 2017: nog geen lokale multiplexen
Ik wilde voor het einde van 2017 nog een keer een DAB scan doen, omdat alle lokale DAB multiplexen tijdelijke proeven zijn die per 31-12-2017 aflopen. Maar weer geen lokale multiplexen in de scan.Read the rest of Laatste DAB scan van 2017: nog geen lokale multiplexen
2017-12-29 New temperature sensors in the shed
Since the powerfailure that caused problems for the weatherstation computer ritchie and the conclusion that even after the bios upgrade the serial ports kept failing there was no 'inside the shed' temperature. But this week I needed a better view of the temperature inside the shed as we're using it to keep some meat cool. So I heated up the soldering iron and the heatshrink gun and made a cable with two DS18B20 sensors in it. I decided that if I started on measuring temperatures inside the shed I also wanted the temperature near the roof. The interesting bit was adding the two sensors to the w1retap configuration. It seems the whole 1820 family of temperature sensors needs to be set up as a 'DS1820' and w1retap will find out how to read it. Resulting configuration:28F24C5602000054:DS1820:Tempinside:TEMP0:⁰C:: 286B545602000031:DS1820:Temproof:TEMP0:⁰C::and now I have logging of the temperatures:2017-12-29T16:28:00+0100 Tempinside 2.812500 ⁰C 2017-12-29T16:28:00+0100 Temproof 2.687500 ⁰CAnd it helps us to determine when we need to make space in our fridge and move some other things to the shed to keep them somewhat cool.
2017-12-28 Learning Apache 2.4 access control
Before I expose anything to the outside world I want the access controls to work as I expect, but things have changed a lot in Apache 2.4. Standard for a site that's normally available is now in 2.4:<Directory "/home/httpd/idefix/html"> Require all granted </Directory>(and any other needed options). But for development systems I want a username/password request to access them. This part took a bit of work to get right. First I found Upgrading to 2.4 from 2.2 - Apache HTTP Server Version 2.4 has a repeating typo in the authorization samples:AuthBasicProviderisn't going to work, giving
FileUnknown Authn provider: Fileerror messages. The right bit is:AuthBasicProvider fileThe difference one letter makes. That also did not give me a working configuration, leading to interesting errors in the log of type:AH00027: No authentication done but request not allowed without authentication for /. Authentication not configured?Which turned out to be a missing bit in the samples in the same document: the AuthType is needed too. The full now working access rule is:<Location "/"> AuthType Basic AuthBasicProvider file AuthUserFile /home/httpd/data/sitemanagers AuthName "Koos z'n Doos beheer" <RequireAny> Require valid-user </RequireAny> </Location>The use of RequireAny allows me to add trusted IP ranges so that the site is reachable from a trusted IP address or after using http basic authentication. The good news is that the samples in Authentication and Authorization - Apache HTTP Server Version 2.4 are correct.
2017-12-28 Getting haproxy to do what I want
In the new homeserver I want an haproxy running on the "router" so it can route http requests to the right backend. At the moment I am testing this and after the 'http' config I'm now testing the 'https' part. To keep things consistent things that come in via https also get requested via https from the backends. For testing I have some ports on the main server forwarded to haproxy so I can test with all aspects of host-header based routing. After some searching I found out that when I visit http://developer.urlurl.org:8080/ the header is set toHost: developer.urlurl.org:8080And this wasn't routed to the 'development' server. The production server is the 'default' so I searched for the right incantation to test the domain name part and found:acl devsite hdr_dom(host) -i developer.urlurl.orgAnd now it's a config that will test on developer.urlurl.org port 8080 and will run on port 80 too. I like configurations that I can test before bringing them into production.
2017-12-28 Non-predictable interface names biting me
While doing some upgrades on new homeserver I ran into a problem with the tun/tap network driver which is needed for virtual machines, giving the error messageDec 27 21:41:51 conway kernel: [ 266.832675] tun: Unknown symbol dev_get_valid_name (err 0)Since virtual machines are the main thing to run in this machine I needed this driver to work. Searching for solutions found the suggestion to reinstall the linux kernel image, which I did:# apt-get install --reinstall linux-image-$(uname -r) # apt-mark auto linux-image-$(uname -r)After which the system came up fine but without a network connection it seemed. This is irritating as the homeserver is in the attic and I found out the VGA screen up there does not cooperate with the new server. So another VGA screen got dragged up there to fix it. Some searching later I found the eth2 and eth3 interfaces got swapped from what I expected. These are the two mainboard interfaces, both Intel interfaces but with different chipsets. There is a /etc/udev/rules.d/70-persistent-net.rules which sets this up but it isn't working at the moment: In the system logs:[ 2.833442] udevd: Error changing net interface name eth2 to eth3: File exists [ 2.834309] udevd: could not rename interface '4' from 'eth2' to 'eth3': File exists [ 2.866356] udevd: Error changing net interface name eth3 to eth2: File exists [ 2.868197] udevd: could not rename interface '5' from 'eth3' to 'eth2': File existsMaybe different names that don't start with eth will work better to get truely persistant names as the current situation isn't very stable and reliable. After all the work the tun/tap driver works again so the virtual machines now start fine.
2017-12-27 The 10 meter band is alive the last few days
Yesterday on the 26th of December I saw FT8 activity on the 10 meter amateur radio band (28.0 MHz-29.7 MHz) and made a few contacts. Propagation dropped around 12:35 UTC after which I made one contact with a nearby amateur. Today I spun the big dial on the radio to the 10 meter band after dark and made contacts (around 17:20 UTC). This is extra special as the maximum frequency at which propagation across the ionosphere occurs drops after the sun stops illuminating it and therefore the 10 meter band is the first band to drop after sunset. All this was predicted: the most recent 'space weather news' had some good news for radio amateurs. Today I found an article The sun will probably knock out the grid someday | Popular Science which mentions the 'Space Weather Woman' Tamitha Skov and her youtube channel TamithaSkov. I have watched a few episodes and I read articles here and there with the predictions of solar flares and solar wind.Read the rest of The 10 meter band is alive the last few days
2017-12-26 Some extra noise in sshd attempts
This morning I noticed some to me new amounts of sshd noise in the log:Dec 26 01:55:43 server sshd: Bad protocol version identification '\200F\001\003\001' from 188.8.131.52 Dec 26 01:56:24 server sshd: Bad protocol version identification '\200F\001\003\001' from 184.108.40.206 Dec 26 01:56:53 server sshd: Bad protocol version identification '\200F\001\003\001' from 220.127.116.11 Dec 26 01:57:33 server sshd: Bad protocol version identification '\200F\001\003\001' from 18.104.22.168 Dec 26 01:58:17 server sshd: Bad protocol version identification '\200F\001\003\001' from 22.214.171.124 Dec 26 01:58:51 server sshd: Bad protocol version identification '\200F\001\003\001' from 126.96.36.199 Dec 26 01:59:32 server sshd: Bad protocol version identification '\200F\001\003\001' from 188.8.131.52Dec 26 12:07:58 server sshd: Bad protocol version identification '\200F\001\003\001' from 184.108.40.206 Dec 26 12:08:55 server sshd: Bad protocol version identification '\200F\001\003\001' from 220.127.116.11 Dec 26 12:09:52 server sshd: Bad protocol version identification '\200F\001\003\001' from 18.104.22.168Going on and on and on and.. So I looked it up and found How to block Bad protocol version? · Issue #1284 · fail2ban/fail2ban · GitHub which has a simple rule to block this with fail2ban. As soon as the sshd.local was loaded a block was set for 22.214.171.124.
2017-12-24 First radio contact with Armenia
As if one new country today wasn't enough, I also managed to get Armenia in the log with station EK1KE also in FT8 mode.
2017-12-24 First radio contact with Australia
A special first for me: an amateur radio contact with Australia, with VK3EW who seems to be a serious DX chaser. For me, this is almost the other side of the world. This was an FT8 contact, which is a digital mode specific for making contacts with very weak signals using the minimal exchange of information to have a valid contact. I think the neighbours have heard my happy shout after I saw the first response come back to me. The exciting part was making it a full contact complete with signal reports exchanged. The distance of this contact is 16581 kilometers! The scaling of the generated maps at PE4KH amateur radio has been adjusted to make this contact visible.Read the rest of First radio contact with Australia
2017-12-11 Vijf jaar later een hackcontest (CTF) mee georganiseerd
Vijf jaar geleden deed ik mee aan de hackcontest ter ere van 20 jaar SURFcert. Vijf jaar verder ben ik zelf lid van het SURFcert team en heb ik mee georganiseerd aan de hackcontest / capture the flag op 8 december. Dit keer was het een 'capture the flag' stijl wedstrijd waarbij teams van maximaal 4 personen streden om de eer. Bij een 'capture the flag' moet je uit diverse puzzels herkenbare 'flags' (vlaggen) vinden, zeer herkenbare speciale strings in bestanden. Ik had me vooral beziggehouden met flags in bestanden in allerlei vormen zoals commentaar in een plaatje (als morse) of een flag in een bestand in een textfile in een zip file achter een jpg file geplakt. Vrijdag hebben er 4 teams gespeeld. Ze hebben de hele dag nodig gehad en een groot deel van de uitdagingen opgelost. Er was ook een team van de UU bij, die zijn zeer eervol derde geworden. Dit keer zat ik dus aan de andere kant en zat mijn creativiteit niet in het oplossen van de challenges maar in het maken er van. Wat ik gemaakt had werd gewaardeerd en sommigen lieten zich op het verkeerde been zetten waar anderen juist dwars door mijn misleiding heen keken. Het ernstigste geval 'verstoppen in het volle zicht' (hiding in plain sight) was een flag die in een titel van de standaard webpagina zat. Niet iedereen had die gezien.
2017-12-11 (A nice URL from Miss Chocolate Lab Coat. She is lucky she lives in mooseland and the chances of it melting...)
: Yes I use Devuan too for servers that I manage. I want a Linux that I understand and that does what I want. I don't care a lot about boot times, I do care a lot about reliability.
2017-12-02 Preparing gpredict for AO-91 Fox-1B RadFxSat
Although reports are showing up that AO-91 has the usual 'zoo' when it's over southern Europe I still want to prepare for making contacts on interesting passes. So I dove into adding satellite transponder details to Gpredict again. According to [amsat-bb] AMSAT-OSCAR 91 identified it is Norad object 43017. And when Nico Janssen finds a satellite using his methods of doppler-curve fitting it's a very good indication it's the right one. So time to create a .config/Gpredict/trsp/43017.trsp with the right frequencies and details:[Fox-1B trsp 67 Hz PL] UP_LOW=435250000 DOWN_LOW=145960000 MODE=FMNow to find a pass at a for me usable time.