News archive September 2019 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021

2019-09-27 SSH user names are not very creative 2 years ago
A search for the top 10 tried usernames for ssh gives a nice list:
     52 admin
     23 pi
     19 test
      7 oracle
      6 support
      6 nagios
      5 user
      5 ubnt
      4 ftpuser
      3 virtualbookcase

Tags: ,
2019-09-22 First morse contact, trying FT4 for the first time and participating in the BARTG Sprint75 contest 2 years ago
This weekend is the BARTG Sprint75 RTTY contest. I set up my endfed antenna on Friday evening. On Friday I listened around the band for any morse special event stations and found LZ304EW active. The station was calling with a morse speed of about 21 words per minute and I answered my callsign with 12 words per minute. And no, I can't decode morse at 21 words per minute, I used the computer (fldigi) to help me decode the morse and the nanoKeyer to help me send my callsign and the 5nn TU 73 to finish the 'contact'. I felt secure enough in hearing my own callsign in morse to be able to do this.

Most of Saturday I made a number of FT8 contacts all over Europe. Nothing really exciting, just trying to get a number of new calls in the log. I think I saw some new gridsquares.

The planned amateur radio activity was the British Amateur Radio Teledata Group Sprint75 contest on Sunday evening (17:00 utc to 20:59 utc which is 19:00 - 22:59 local time). I set up the radio Sunday afternoon and listened on 14.080 MHz, which is the default frequency for RTTY on the 20 meter band for as far as I know. I saw different signals, which turned out to be FT4 signals, the relatively new mode in WSJT-X. It's been around for a while, I just never got around to playing with it.

So I started WSJT-X and tried FT4. I made three contacts, one with an amateur in England, one with 4S6NCH in Sri Lanka which is a new country for me, and one with an amateur in India, which was a new 20 meter country for me. Not bad for trying a mode for the first time.

After dinner it was time for the contest and that was a misery. I made 17 contacts in total, 4 on the 20 meter band and 13 on the 40 meter band. Propagation was not cooperating at all, mostly just giving noise and sometimes signals faded in and I had to work hard to get a contact.

Update: The bartg sprint75 rtty contest was a weekend earlier! Only when I tried to submit my results and the website told me all my contacts were outside of the contest timeframe I noticed my error. I guess some more radio amateurs had the wrong date as I have seen 'CQ BART SPRINT75' calls. And 75 baud RTTY mode is also rare. I notified the BARTG contest manageress to let her know. Not to complain since it was my error, but to make her aware of the problem.

Tags: , ,
2019-09-19 Real IPv6 port scan/network mapping attempts 2 years ago
I noticed some interesting traffic in my home network this morning, an attempt at finding IPv6 systems. Since IPv6 privacy enhancements are enabled on most systems this is exactly like finding a needle in a haystack.

I noticed an amount of outgoing icmpv6 traffic, and looking at the destination addresses and the type of traffic found lots of 'unreachable route' messages to a few Chinese IPv6 addresses. Searching for the netblock '240e:f7:4f01:c' finds more reports of portscanning activity.
10:14:27.761704 IP6 (hlim 239, next-header TCP (6) payload length: 24) 240e:f7:4f01:c::3.12980 > 2001:980:14ca:1:5054:ff:feae:17.902: Flags [S], cksum 0xd0a9 (correct), seq 3726392987, win 29200, options [mss 1460], length 0
10:14:28.278108 IP6 (hlim 239, next-header TCP (6) payload length: 24) 240e:f7:4f01:c::3.19933 > 2001:980:14ca:1:5054:ff:feae:8003.12587: Flags [S], cksum 0xe1cc (correct), seq 95632679, win 29200, options [mss 1460], length 0
10:14:29.219766 IP6 (hlim 239, next-header TCP (6) payload length: 24) 240e:f7:4f01:c::3.41487 > 2001:980:14ca:1:5054:ff:feae:fff2.902: Flags [S], cksum 0x3c31 (correct), seq 500442149, win 29200, options [mss 1460], length 0
10:14:33.637405 IP6 (hlim 239, next-header TCP (6) payload length: 24) 240e:f7:4f01:c::3.35832 > 2001:980:14ca:1:5054:ff:feae:15.902: Flags [S], cksum 0xa6ea (correct), seq 2324914849, win 29200, options [mss 1460], length 0
10:14:34.468975 IP6 (hlim 239, next-header TCP (6) payload length: 24) 240e:f7:4f01:c::3.12470 > 2001:980:14ca:42::ffe8.16992: Flags [S], cksum 0x5a72 (correct), seq 3249792078, win 29200, options [mss 1460], length 0
10:14:34.469038 IP6 (flowlabel 0x63971, hlim 64, next-header ICMPv6 (58) payload length: 72) 2001:980:14ca:61::13 > 240e:f7:4f01:c::3: [icmp6 sum ok] ICMP6, destination unreachable, unreachable route 2001:980:14ca:42::ffe8
10:14:35.230776 IP6 (hlim 239, next-header TCP (6) payload length: 24) 240e:f7:4f01:c::3.63145 > 2001:980:14ca:1:20d:56ff:fece:8006.19: Flags [S], cksum 0xb87b (correct), seq 4259180220, win 29200, options [mss 1460], length 0
10:14:35.952841 IP6 (hlim 239, next-header TCP (6) payload length: 24) 240e:f7:4f01:c::3.9056 > 2001:980:14ca:42::8013.16992: Flags [S], cksum 0xbb3b (correct), seq 2896438720, win 29200, options [mss 1460], length 0
10:14:35.952880 IP6 (flowlabel 0x63971, hlim 64, next-header ICMPv6 (58) payload length: 72) 2001:980:14ca:61::13 > 240e:f7:4f01:c::3: [icmp6 sum ok] ICMP6, destination unreachable, unreachable route 2001:980:14ca:42::8013

Tags: , ,
2019-09-14 The nanoKeyer morse keyer in its case 2 years ago
The nanoKeyer morsekeyer in case with paddles
The nanoKeyer morsekeyer in case
I found help at the radio club, Kees PA5Z made his metalworking skills available and now the nanoKeyer has a nice case and works fine in it.

Earlier steps: the nanoKeyer tested and working after assembling the electronics, starting with the nanoKeyer kit.

Tags: , ,
2019-09-11 First zone with valid DNSSEC signatures 2 years ago
My previous test with DNSSEC zone signing showed a problem with entropy in virtual machines. Today I had time to reboot the home server running the virtual machines including the virtual machine with the nameserver, based on bind9.

Now I can create DNSSEC signatures for zonefiles at high speed (0.028 seconds) with enough entropy available. My first test is with which is a domainname for redirecting to Camp Wireless but since that variant was mentioned somewhere I had to generate the redirects to the right version.

The next step was to upload the DS records for the zone to my registrar and get them entered into the top level domain. This failed on the first attempt, the DS records have to be entered very carefully at the registrar.

I tested the result with dnsviz for and found an error in the first try: I updated the serial after signing the zone. So the soa record wasn't signed correctly anymore.

I updated my zonefile Makefile to do the steps in the right order:
        named-checkzone $* $^
        ./ $^
        dnssec-signzone -S -K /etc/bind/keys -g -a -r /dev/random -D -S -o $* $^
        rndc reload $*
        touch $@
For the zone the original data is in, the DNSSEC signatures in And make will abort when one of the commands gives an error level, so it will for example stop completely when I make a typo in the zonefile which will make named-checkzone fail. The -D option creates a file to be used with $INCLUDE in the original zonefile. This does create a circular dependency: named-checkzone will fail when the -signedserial file isn't available on the first run. So the first run will have to be manually.

So now the zone is signed correctly. The next developments will be to find out how to monitor this extensively so I won't be surprised by problems and to redo the signing from time to time to make DNSSEC zone walking very hard.

And when I trust all of this I will implement it on other domain names that I manage.
Read the rest of First zone with valid DNSSEC signatures

Tags: , , ,
2019-09-08 A thumbs up for robust scripts 2 years ago
Encrypt all the things meme Today some of the letsencrypt certificates were older than 60 days, so the renewal script started to kick in. Last year I completely automated the certificate renewal of letsencrypt certificates with dehydrated and wrote some scripts around the renewal process with hopefully enough error handling.

Today some of the error handling got tested, one renewal gave an error:
  + ERROR: An error occurred while sending post-request to (Status 500)
And indeed the dehydrated script gave an error level, the resulting (empty!) .crt file wasn't copied and nothing happened. On the next run of the renewal script this certificate will still be older than 60 days and therefore the renewal will be tried again.

Tags: , , ,
2019-09-06 The morse keyer is working with cqrlog 2 years ago
Next step was linking the morse keyer with the Linux radio logging and operating software cqrlog. A simple search gave me Nanokeyer with cqrlog - CQRLOG and indeed the suggested option 'WinKeyer USB' works. The option 'K3NG keyer' always stopped after a few characters of morse.

Now to get other software like fldigi and tlf working. And not have conflicts with both of them running.

Update: In the tlf manual I found a link to N0NB/winkeydaemon on github which works great too. I changed the default port /dev/ttyUSB0 to /dev/ttywinkey because USB0 is where my radio CAT control usually ends up, and two applications trying to use that serial port confuses the radio. The /dev/ttywinkey link is maintained by udev, with a rule in /etc/udev/rules.d/99-usb-serial.rules :
SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="ttywinkey"
I can't select on a serial number or anything more specific so devices with a QinHeng Electronics HL-340 USB-Serial adapter will probably all try to get a symlink to /dev/winkeyer.

I tested the result with cqrlog (selecting the cwdaemon option in cqrlog cw settings) and it works fine too. Next step will be to test with tlf.

Tags: , ,
2019-09-06 The nanoKeyer morse keyer is working 2 years ago
nanoKeyer morse keyer and morse paddle key
The nanoKeyer and the morse paddle key. Connections to the nanoKeyer from left to right: cw to radio, input from paddle and usb to the computer
After a few hours of thoroughly soldering and checking the results the nanoKeyer is done. I did find an error in my work so I had to get out the desoldering iron to fix it: I put the wrong resistor in one place.

Next step was to get the arduino that is the core of the nanoKeyer tested. There was an arduino nano included with the kit preprogrammed with the nanoKeyer software, but it still needed the print headers soldered: two rows of 15 pins and very secure soldering work. I did put the small tip on my soldering station for this work and used a magnifying glass to check my results. It seemed to work fine but I noticed soon the speed control potentiometer and the menu buttons gave no response. Both those functions use an analog input of the Arduino in the nanoKeyer. I had bought an arduino at a previous radio parts market so I tried that one. This one already had the print headers installed so there was less chance of causing a defect.

That one had to be programmed first, so I dove into getting the Arduino integrated development environment installed. After a few tries it seemed the only way to have working USB communications is to run the whole Arduino IDE as root (using sudo). Not very secure but at least I could continue my work. The right settings were made according to the nanoKeyer Firmware Upload Guide 2 and the Arduino nano I bought myself works fine. The result: sending morse code, changing settings with the menu button all worked fine.

The ultimate step was to get software controlled CW generation working. I soon found Winkey USB works in Linux - OK1RR which has a driver binary (no source unfortunately) which communicates fine with the nanoKeyer. The network UDP protocol is somewhat very binary so I used one of the cwdaemon test programs to get actual morse code sent from the computer.

Now for the (for me) hard part: making the right holes in the case. I'll try to find some help at my radio club.

Earlier steps: starting with the nanoKeyer kit.

Tags: , , ,
2019-09-04 New electronics project: a morse keyer 2 years ago
My learning morse is still ongoing and I'm taking the first steps in generating morse. I decided on a paddle as a first morse key to get the dot/dash (or better: Dit and Dah) timing correct automatically. Opinions on tbe best choice for first morse key differ: some say a straight key is the best, others say a paddle. I'm sticking with the paddle at the moment because I also have a tendency to develop RSI. Telegraph operators were the first profession to have cases of RSI so I hope to avoid that.

I recently bought a paddle: the uniHam UNI-730a which is a nice affordable paddle for a starting morse operator. With the built-in keyer in my Yaesu FT-857 radio it is possible to create good morse code. I use the option to create the morse tone on the radio without transmitting to practise sending morse. I check the results with the Android application Rx Morse.

But, I want to be able to participate in morse contests in the future. For those a cw keyer is necessary that can be controlled both from a paddle (or a straight key) and the computer. I was looking at options when a fellow club member mentioned he had a nanoKeyer morse keyer kit available that he wasn't going to build himself because his radio can do all that work. So I bought the kit from him, including case and I'm soldering the first parts.

Since all parts are through-hole, I am soldering with the components 'hanging' from the board. I want all components to be as close to the printed circuit board as possible so for some things that want to 'fall' I use rubber bands to make them stay close to the board for the first soldering connections. I do avoid warming up the rubber bands, they will probably break and/or burn causing a nasty smell.

Tags: , , ,
2019-09-04 Meer spam voor een Belg, ondertussen uit een antiek adressenbestand 2 years ago
Ook gebruikt het ondertussen antieke adressen spam bestand wat ik voor het eerst zag in 2012: Want to pay 199 Euro for a worthless spamlist? Email-Packs makes it possible.

Eerder, Eerder, eerder, eerder, eerder, eerder, eerder.

En zelfs spamt met de aanhef Beste Maes-Swerts/A.. Dat was dus al fout in 2012.

Tags: ,
2019-09-03 Back from holiday in Austria 2 years ago
Flag of Austria, cc-by-2.0 license James Cridland
Flag of Austria, cc-by-2.0 license James Cridland
We went on our summer holiday to the Montafon area in the Voralberg province of Austria. This is an area that can be reached within one day of driving.

We went camping and stayed at the Aktivcamping Montafon in Schruns-Tschagguns. This is one valley away from the campsite we visited in the Summer of 2018.

Activities included lots of walks in the mountains and a few "klettersteig" (also known as "via ferrata") routes. I tried climbing and abseiling with the right equipment last year and learned that it's something I can do.

We did a three day tour of mountain huts (sleeping in those huts for two nights). Staying in mountain huts makes more remote areas reachable.

Tags: ,

IPv6 check

Running test...
, reachable as PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.50 2020/12/31 15:36:31 koos Exp $ in 0.025034 seconds.