News archive 2021 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021

2021-06-12 First light on zigbee environment sensors 4 days ago
The package with the zigbee environment sensors I ordered arrived this morning and I had to get the first test done right away.

Joining the network/resetting the sensor is easy with a long press of the button and it showed up:
Zigbee2MQTT:info  2021-06-12 11:53:17: Device '0x00158d0006fafb00' joined
Zigbee2MQTT:info  2021-06-12 11:53:17: Starting interview of '0x00158d0006fafb00'
gbee2MQTT:info  2021-06-12 11:53:52: Successfully interviewed '0x00158d0006fafb00', device has successfully been paired
Zigbee2MQTT:info  2021-06-12 11:53:52: Device '0x00158d0006fafb00' is supported, identified as: Xiaomi Aqara temperature, humidity and pressure sensor (WSDCGQ11LM)
Zigbee2MQTT:info  2021-06-12 11:53:52: Configuring '0x00158d0006fafb00'
Zigbee2MQTT:info  2021-06-12 11:53:52: Successfully configured '0x00158d0006fafb00'
And now it gives me data!
Zigbee2MQTT:info  2021-06-12 12:15:53: MQTT publish: topic 'zigbee2mqtt/0x00158d0006fafb00', payload '{"battery":100,"humidity":45.77,"linkquality":153,"pressure":1033,"temperature":24.9,"voltage":3055}'
Zigbee2MQTT:info  2021-06-12 12:15:53: MQTT publish: topic 'zigbee2mqtt/0x00158d0006fafb00', payload '{"battery":100,"humidity":45.85,"linkquality":156,"pressure":1033,"temperature":24.9,"voltage":3055}'
Zigbee2MQTT:info  2021-06-12 12:15:53: MQTT publish: topic 'zigbee2mqtt/0x00158d0006fafb00', payload '{"battery":100,"humidity":45.85,"linkquality":156,"pressure":1033,"temperature":24.9,"voltage":3055}'
Also visible via mqtt:
koos@testrouter:~$ mosquitto_sub -t zigbee2mqtt/0x00158d0006fafb00 -v
zigbee2mqtt/0x00158d0006fafb00 {"battery":100,"humidity":45.77,"linkquality":153,"pressure":1033,"temperature":24.9,"voltage":3055}
zigbee2mqtt/0x00158d0006fafb00 {"battery":100,"humidity":45.85,"linkquality":156,"pressure":1033,"temperature":24.9,"voltage":3055}
zigbee2mqtt/0x00158d0006fafb00 {"battery":100,"humidity":45.85,"linkquality":156,"pressure":1033,"temperature":24.9,"voltage":3055}
Read the rest of First light on zigbee environment sensors

Tags: ,
2021-06-11 I will need a fresh raspberrypi install for zigbee2mqtt 4 days ago
I started looking at the instructions for running zigbee2mqtt and the instructions for installing npm/nodejs gave me a lot of error messages on the raspberrypi running in the utility closet and checking the smart meter.

It turns out it needs an upgrade from Raspbian jessie. This Raspberry Pi is dedicated to reading the smart meter since August 2016 and it has been running fine gathering the smart meter data.

The raspbian forums state that it is better to upgrade by reinstallation on a different SD card. So I guess it's time to rebuild the smartmeter Pi if I want it to run the zigbee sensor network.

Update:
I installed all the software on a linux laptop and now I have a running zigbee2mqtt.
Read the rest of I will need a fresh raspberrypi install for zigbee2mqtt

Tags: , ,
2021-06-09 Artikel in Trouw mist heel veel over informatiebeveiliging 1 week ago
Diverse media die ik volg berichtten vanmorgen over een artikel in Trouw: 'Tientallen websites overheid voldoen niet aan veiligheidsrichtlijnen' - nos.nl en ‘Tientallen overheidswebsites zijn onvoldoende beschermd tegen hackers’ - volkskrant.nl.

De aanname in het originele artikel (achter betaalmuur) is dat omdat een website van een overheidsinstantie gebruik maakt van wordpress waar je prima de beheer login pagina kunt vinden deze websites automatisch allemaal kwetsbaar zijn. En voor het gemak wordt dan even de link gelegt met de inbraak bij de gemeente Hof van Twente.

Hiermee worden zo'n hoop stappen overgeslagen in beveiliging en gereduceerd tot 'openbare login dus onveilig'. Ik weet dat wordpress bekend en berucht is om onveiligheden en dat elke wp-login pagina constant geprobeerd wordt en als die er is bruteforce aanvallen krijgt. Deze website draait geen wordpress en ik zie 5-11 pogingen per dag om de wp-login pagina te vinden. Een andere site waar ik de hosting voor verzorg draait wel wordpress en met een heel strak afgesteld filter wat herhaalde login pogingen blokkeert zie ik 500 tot 1300 pogingen per dag om in te loggen. Zo'n login pagina is dus een bekend risico en daar moet iets mee. Daar neem je maatregelen zoals beperkingen van het aantal login pogingen per bron en sterke wachtwoorden. Daarnaast moet dus wordpress zelf goed beheed worden en bij eventuele kwetsbaarheden snel bijgewerkt worden.

Ik denk ook dat sommige van de genoemde websites juist expres voor een externe wordpress gebaseerde site hebben gekozen na een goede risico-afweging. De site kan dan zeer eenvoudig compleet losgekoppeld zijn van de verdere computersystemen van de overheidsdienst waar het om gaat. En gebeurt er iets met die wordpress website dan gooi je die weg en bouwt de site opnieuw op.

Het artikel mist al dit soort overwegingen en nuances. Er wordt nog even een link gelegd naar het slechte wachtwoord wat aan de bron lag van de ransomware aanval op de gemeente Hof van Twente. Maar dat slechte wachtwoord gaf zonder 2e factor toegang tot het interne netwerk van die gemeente via remote desktop. Onbevoegde toegang tot een besturingssysteem middels remote desktop is in veel gevallen een veel groter risico dan beheerrechten op een wordpress site.

Ik vind het een slecht artikel en het is jammer dat diverse andere media het zonder al te kritisch te zijn overnemen.

Voor de goede orde: ook al werk ik in de informatiebeveiliging, dit is mijn persoonlijke opinie en heeft niets te maken met werkgevers.

Tags: ,
2021-06-09 The Electrolama zigbee stick comes in from England: time to pay taxes! 1 week ago
The zigbee stick I ordered for environmental monitoring at home is making its way over here and I received an sms about the duty and tax to be paid for importing it from the United Kingdom. Indeed, since brexit taxes have to be paid.

My first reaction when receiving an sms about a package was to think of malware attempts since that has been in the news recently. So I checked carefully. It's good dpd also sends an e-mail with the same information, and I can check the validity of the links and the source of the e-mail a lot better on a computer.

Tags: , ,
2021-06-07 Backup to the home NAS 1 week ago
I still had the unfinished business of not having a good backup when half a filesystem ended in lost+found and it took a whole day to recover from that problem. And I still found missing things today.

I have no working tapedrives left, but a good amount of disk storage available. I still like amanda as backup program, so I looked into the vtapes (virtual tapes) option. The sample amanda.conf explains this nicely:
# To use vtapes, create some slotN directories (slot0, slot1, etc.) under
# /var/amanda/vtapes and use this tapedev:
## tapedev "chg-disk:/var/amanda/vtapes"
tapedev "chg-disk:/scratch/nasback/vtapes"
So I created those writeable by the amanda user.

I try to only backup data that I can't get by a reinstallation. So I backup /etc (configuration), /var (system data), /home (user data) and a few other directories.

Tags: ,
2021-06-07 Wireless enviromental monitoring with zigbee 1 week ago
Since January 2008 I measure temperatures and other environmental data in and around the house with 1-wire sensors and adaptors. These work fine but need wires between the sensors and that isn't ideal for quick spot measurements.

So I looked into other options recently, and found affordable zigbee temperature/air pressure/humidity sensors. And an USB zigbee interface which works with linux and with a lot of the available application software. Because the next problem is going sensor - zigbee network - zigbee usb interface - some magic - database of measurements.

Because I see myself wanting long series of measurements from a number of places in the house and testing without breaking those series I ordered two USB zigbee interfaces and eight environmental sensors. I guess I want production and development enviromental monitoring.

The zigbee stick is not the cheapest solution but it is documented to work with zigbee2mqtt and buying one supports work on that software.

Tags: , ,
2021-06-03 New (for me) bitcoin extortion spam, quite well-known for others 1 week ago
Cybercriminal New bitcoin extortion spam coming in for wallet 122F3j5EfUKnuKjFY54pCE43C793eVPSTY. I got it in English, but given the reports it was also sent out in at least one other language.

Which means the author has no idea who pays, but just likes a filled bitcoin wallet.

Tags: , ,
2021-06-03 Uitgaande mail via xs4all gaat binnenkort niet meer zonder authenticatie 1 week ago
Ik beheer mijn eigen mailserver (met al meer dan 25 jaar sendmail in gebruik) en nu kreeg ik ook de brief over de aanpassingen in SMTP van xs4all. Het komt er op neer dat relaying op basis van IP adres gaat verdwijnen.

Om een helpdeskramp te voorkomen gaat het uitschakelen per gebruiker. Ik heb een brief gekregen dat ik soms gebruik maak van deze route en dat moet aanpassen.

Dat klopt, voor sommige servers was het feit dat ik weinig mail naar die servers stuur een reden om het te blokkeren. Of het ooit ontbreken van een IPv6 reverse pointer. Dat laatste heb ik goed laten zetten toen.

Op de website van xs4all staat wel een uitleg: Veilig e-mailen 2020 - xs4all maar daar staat niets bij over sendmail. Thuisservers die mailen zijn blijkbaar niet meer hun doelgroep (mijn Cron Daemon is er anders best goed in!).

Ik ben maar eens begonnen met het leeggooien van de lijst in de mailertable. We gaan zien welke domeinen nu onbereikbaar zijn.

Tags: ,
2021-06-02 Uncomplicated Firewall (UFW) : don't confuse it or you will be locked out 2 weeks ago
I am looking at better protection inside my home network since there is a mix of "trusted" and "not so trusted" devices in the house. I consider devices that just need Internet access to talk to some server out there (the well-known "cloud" better known as "Someone else's computer") and are (mostly) black boxes untrusted compared to systems that are installed with a known operating system and where I can control what they can and can't do.

One of the things I wanted to improve are local host-based firewalls. The firewall in the router linux machine is the result of years of fine-tuning and experience so I manage that by hand. But for somewhat standard hosts I want simple firewalls that are easily managed.

I tried ufw, the Uncomplicated Firewall and on the first (test) machine it went fine without a problem. On the second machine where there are already a few active firewall rules managed by fail2ban something hickupped and before I knew it ufw managed to leave me with an unreachable machine.

The error message from ufw-init was something about being unable to initialize firewall rule ufw-track-output and the net result was that the machine became unreachable. I needed console access to get back in again. Removing/purging the ufw package didn't help, after reinstalling it and trying again the same error came up and the system was unreachable again.

It turns out ufw leaves its own rules in iptables/ip6tables active (prefixed with 'ufw') and this confused ufw-init. I tried removing them by hand (lots of work) or with a very small shell script, but in the end rebooting the machine and only reinstalling ufw after that reboot got me back to a normal usable situation.

Tags: , ,
2021-05-31 I participated in the CQ WPX CW contest 2021 2 weeks ago
This weekend was the CQ WPX CW contest 2021 and on Saturday I had some time to participate between family things.

I started on the 10 meter band and stayed there: I managed to get 29 contacts in the log on that band, there were good signals across most of Europe.

I had fun and surprised myself by decoding some morse by ear better than my computer (yes, I consider this very assisted when I use both spotting networks and a morse decoder). I noted a serial number 246 that my computer completely did not decode so I wasn't very sure. The next serial number was indeed 247 so I got it right in one go!

Claimed score is 812 points. I'll see what happens when the logs are checked. At least contesting is good for other rankings: I now have Poland and Lithuania confirmed in morse.

Tags: , ,
2021-05-31 Ik probeer een oplichtingsmailtje te melden bij ABN-AMRO, maar... 2 weeks ago
Volgens Phishing en andere fraude melden - ABN AMRO kan ik het doorsturen naar een speciaal daarvoor ingericht adres. Helaas...
   ----- The following addresses had permanent fatal errors -----
<valse-email.at.abnamro.nl>
    (reason: 553-Message filtered. Refer to the Troubleshooting page at)

   ----- Transcript of session follows -----
... while talking to cluster1.eu.messagelabs.com.:
>>> DATA
<<< 553-Message filtered. Refer to the Troubleshooting page at
<<< 553-https://knowledge.broadcom.com/external/article?legacyId
<<< 553 =TECH246726 for more information. (#5.7.1)
554 5.0.0 Service unavailable
Helaas lukt dat niet, want er zit blijkbaar iets te goeie spamfiltering op dat adres.

Tags: , ,
2021-05-23 New bitcoin extortion spam, known wallet 3 weeks ago
Three new messages with bitcoin extortion in this morning. All hoping to receive funds at bitcoin address 1L2UavMTrhpCXWn9LvqhCqRSvxYzfQsBw4. This is funny, I've seen this address before, right at the beginning of 2021: New year, new scams - Koos van den Hout but it still hasn't received anything. Good.

Analyzing the headers show a lot of dead ends again. One sample:
Received: from evanwiggs.com (evanwiggs.com [68.171.49.21])
        by mxdrop304.xs4all.net (8.14.9/8.14.9/Debian-xs4all~5) with ESMTP id
        14N7DOiH028056
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
        for <.....@..........>; Sun, 23 May 2021 09:13:27 +0200
Received: (qmail 5080 invoked from network); 23 May 2021 03:13:26 -0400
Received: from unknown (HELO test3.novalocal) (123.156.225.126)
        by evanwiggs.com with SMTP; 23 May 2021 03:13:26 -0400
The host in the middle was different for each attempt, but the 'test3.novalocal' was the same in all three. I'm guessing it is a fake Received header. An online header analyzer agrees with this.

When I search for the name .novalocal it seems related to openstack installations.

Update 2021-05-29: Hello whoever is behind wallet 1L2UavMTrhpCXWn9LvqhCqRSvxYzfQsBw4, please give up!

Tags: , ,
2021-05-22 Regenwater vasthouden voor de voortuin 3 weeks ago
In de achtertuin hebben we al jaren een regenton. Recent wilde ik ook een regenton in de voortuin, want daar zijn we ook wat meer bezig met plantjes die water kunnen gebruiken en om daar kraanwater voor te gebruiken is toch niet ideaal.

Ook wil de gemeente dat regenwater niet langer het riool ingaat maar eigenlijk gelijk de bodem in kan zakken. Bij de bouw van deze huizen en de inrichting van de straat in 1965 waren zaken natuurlijk anders en moest regenwater snel kwijt, maar anno nu weten we dat er bij een regenbui zoveel water naar beneden kan komen dat het riool het helemaal niet aan kan.

De conclusie was duidelijk: ik wilde een regenton die zorgt dat er in droge periodes water beschikbaar is om de plantjes in de tuin water te geven. Maar ook eentje die past in de tuin. De verticale regenpijp delen we met de buren, die zit precies op de erfscheiding. Ik heb dus even overleg gehad met de buren over dit plan, ook vanwege de keuze van regenton. De uiteindelijke keuze is een vertikaal model geworden: 100 liter regenton antraciet Anzar - voertonnen.nl zodat deze netjes in de hoek naast de regenpijp en de brievenbus past. Met een Vulautomaat Harcostar - voertonnen.nl er bij die de ton vult vanuit de regenpijp maar als de regenton vol is het overbodige regenwater weer via de regenpijp afvoert.

Vrijdag is bij mooi weer de regenton geinstalleerd. Zaterdagochtend regende het en toen ik tegen het eind van de ochtend even het deksel van de regenton open maakte bleek deze al helemaal vol. Het is een best groot stuk dak wat afwatert via die regenpijp.

Tags: , ,
2021-05-16 Ending with half a filesystem in /lost+found 1 month ago
Some visitors may have noticed this website wasn't working for about a day. That's because I had to rebuild the webserver. There was a filesystem-related panic somewhere yesterday causing the main filesystem to be mounted read-only.

I assumed I could use fsck on the read-only filesystem to get things back to normal again but this turned out wrong: I ended with an unbootable disk and the complete contents of /etc and /home in /lost+found with mostly unusable filenames (numbers).

The fastest solution was to rebuild a webserver from scratch and start making things run again. This took most of the day. Yes, I need to get backups working again, even without a tapedrive.

The weird part is that this was about a filesystem in a virtual machine and the hardware host shows absolutely no problems at that time and has no problems with the disks backing this storage.

Another virtual machine also had issues around the same time, but those did not result in disk problems:
sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_TIMEOUT
sd 0:0:0:0: [sda] tag#0 CDB: Write(10) 2a 00 00 88 19 20 00 00 08 00
blk_update_request: I/O error, dev sda, sector 8919328
Buffer I/O error on dev sda1, logical block 1114660, lost async page write
A few days earlier both virtual systems logged a strange timing issue with a hang on all CPUs.

I'm also seeing some weird kernel messages on other virtual machines around the same time:
wozniak kernel: [5150105.764208] rcu: INFO: rcu_sched self-detected stall on CPU
So I guess it is time for some hardware checks.

Tags: ,
2021-05-14 Really nice 10 meter openings 1 month ago
The 10 meter amateur band (starting at 28 MHz) can have interesting propagation depending on weather. The kind of 'atmospheric interference' that once plagued analog TV broadcasts can cause signals to reach much further than planned.

Today was a day with good propagation that way and I had time to play with the radio. I started with some digital contacts on the 10 meter band (FT8) but soon switched to voice communications (SSB) because those were getting loud too. I started answering some of the amateurs calling CQ for new contacts. I made contacts with Italy, Switzerland, Austria, Serbia and Slovenia. Some where short contacts but others wanted to have a longer and more personal chat.

It doesn't happen often that signals are strong enough to get over the local interference. Nice to see this and make new friends.

Tags: ,
2021-05-07 Anti-spam measures blocking legitimate e-mail 1 month ago
I am using fail2ban to deal with spamming attempts. Some of the spam senders are quite good at trying the same stupidity again 3 minutes later because the error codes are just for non-criminal mail senders. My logs kept filling up with the same stupidity over and over and over again. So I set up fail2ban to block the offending IPs to keep my logs readable.

But this stopped e-mail based alerts from a certain service. I know, e-mail isn't instant messaging.

The error message was:
gosper sm-mta[14317]: ruleset=check_relay, arg1=xx.xx.xx.xx, arg2=xx.xx.xx.xx, relay=xx.xx.xx.xx [xx.xx.xx.xx], reject=421 4.3.2 Connection rate limit exceeded.
This triggered fail2ban directly because I didn't expect normal traffic to exceed this, but the alerts from the service could. So I whitelisted the sending IP in the sendmail access config to make sure the notifications flow.

I also updated the specific bit of fail2ban configuration to only block this after three errors.

Tags: , ,
2021-05-03 Refreshing rechargeable batteries 1 month ago
With lots of devices running on rechargeable batteries including toys with motors and lights we have accumulated quite a number of rechargeable batteries in our house. Some of them have been around for ages and others are more recent.

With the amount of batteries varying per device (we have seen 1,2,3,4 and 6 batteries per device) it's good to charge each battery individually as they may have different residual charges and always charging them in pairs when one is not as good will only make the difference worse.

But the charger for individual AA/AAA cells we have also wants to charge the batteries quite fast and will abort as soon as one cell doesn't accept the charge. More and more batteries got rejected this way, even relatively new ones.

The solution: a smart charger that has adjustable load current, can refresh a battery that has problems accepting charge and measures the charge in the battery. And does this for 4 batteries at the same time. I gathered batteries from all kinds of places (quite a collection) and started charging and measuring all of them. A number of batteries got rejected because even a "refresh charge" ended at less than 50% of the original capacity. Those batteries will be handled as chemical waste. The others with enough capacity left are now all in the big box of charged batteries. Most of them will not keep their charge until the moment we actually need them, but it's good to know they are usable.

I bought the https://www.conrad.nl/p/voltcraft-ipc-3-batterijlader-li-ion-nicd-nimh-10440-14500-16340-16650-17355-17500-17670-18490-18500-18650-1403321 from Conrad which has only one downside: the fan is somewhat noisy.

Tags: ,
2021-05-01 Chantage met bitcoin gaat stug door 1 month ago
Cybercriminal Ik hoop dat er eens echt een van de oplichters die de mailtjes 'ik heb al je gegevens en een video van je, betaal in bitcoin om van me af te komen' verstuurd opgepakt wordt. Ze zijn irritant en ik mag regelmatig aan mensen uitleggen waarom het onzin is, energie die ik liever aan andere dingen zou besteden.

Vandaag weer een verse lading in de mailbox. Het lijkt soms wel of er aan het begin van de maand nieuwe oplichters ergens beginnen, want ik zag hetzelfde aan het begin van januari 2021 in het engels. Misschien begint er een verse groep oplichters aan het begin van de maand. "Welkom in je nieuwe baan, succes met oplichten!"

Deze maand weer in goed nederlands, met een wat professionelere toon. Niet van dat gezellige oplichten zoals in maart maar hier is over de tekst nagedacht door iemand die nederlands spreekt en schrijft.
Hallo Laat me me eerst even voorstellen - ik ben een professionele programmeur, die in zijn vrije tijd gespecialiseerd is in hacken. En jij hebt deze keer de pech mijn volgende slachtoffer te worden en ik heb zojuist het Besturingssysteem en je apparaat gehackt.

Ik heb je een aantal maanden geobserveerd. Simpel gezegd heb ik je toestel met mijn virus geïnfecteerd terwijl je je favoriete pornosite aan het bezoeken was.

Ik zal proberen de situatie in meer detail uit te leggen, als je niet echt bekend bent met dit soort situaties. Het Trojaanse virus geeft me volledige toegang tot en controle over je toestel. Vandaar dat ik alles op je scherm kan zien en openen, de camera en microfoon aan kan zetten en andere dingen kan doen, terwijl jij niets door hebt.

Bovendien heb ik ook toegang tot je hele contactenlijst op sociale netwerken en je apparaat.

Je vraagt je misschien af - waarom heeft je antivirus dan tot nu toe geen kwaadaardige software gedetecteerd?

- Mijn spyware gebruikt een speciaal stuurprogramma, dat een handtekening heeft die regelmatig bijgewerkt wordt, hierdoor kan je antivirus het gewoon niet opmerken.

Ik heb een videoclip gemaakt waarin je op het linkergedeelte van het scherm aan het rukken bent, terwijl het rechtergedeelte de pornovideo toont die je op dat moment aan het bekijken was. Een paar muisklikken zouden voldoende zijn om deze video door te sturen naar al je contactenlijst en sociale media vrienden. Ik kan ze zelfs uploaden naar online platforms voor publieke toegang.

Het goede nieuws is dat je dit nog steeds kunt voorkomen: Alles wat je moet doen is 1250 EUR aan bitcoin overmaken naar mijn BTC wallet (als je niet weet hoe dat moet, doe dan wat zoekwerk online - er zijn genoeg artikelen die het stap-voor-stap proces beschrijven).
De bitcoin adressen zijn 14y2t9ahbTDLaG5kuMMdY9dG9TgNNcNEJM en 1Ef22Z8MKmZUVePpESGgeNv2bZFNbMpRsr. Beide mailtjes zijn overigens exact hetzelfde, dus of het dezelfde oplichter is of dat er andere schrijvers dan oplichters zijn is de vraag.

Want ze verbergen zichzelf wel goed. Als ik de bron IPv4 adressen nazoek zijn het allemaal consumentenaansluitingen in andere landen waar shodan verder niets over weet. Dus dat wijst vast naar computers met malware er op waarvan de eigenaars geen idee hebben wat er mis is. En traceren van wie een bitcoin wallet is is ook een uitdaging.

Tags: , , ,
2021-04-28 A repeatable 36 kilometer ride 1 month ago
Yesterday I cycled the same ride as I did last October and a few times since then.

It was a good way to spend a few hours riding on our kings day. I stopped along the way to drink some water and relax. It's still 36 kilometers and the average speed according to the speedometer on my recumbent bicycle was 21.77 kilometer per hour.

Tags: ,
2021-04-27 Played in the HackTheBox & CryptoHack Cyber Apocalypse 2021 1 month ago
A CTF or Capture the flag is an information security competition where puzzles are offered that have to be solved with techniques from information security. This can range from a simple knowing where to look for clues in data to having to use the latest exploit techniques against systems to get access. The solution is usually a digital 'flag' that proves you solved the puzzle.

A co-worker who has been at the 'receiving end' a few times of the CTF challenges the SURFcert team creates with some help of me invited a number of people at work to the HackTheBox & CryptoHack Cyber Apocalypse 2021.

And I decided to join! We dove into the challenges a number of evenings. I solved a few hardware challenges on my own, and I did parts in solving other challenges. I learned about .sal files and logic analyzers. And I learned cracking a (not too big) public RSA key is doable these days.

Where others wrote bits of python to solve things I used grep and awk. But in the end we got there.

Our team ended in the top 6% which is not bad for doing this on weekday evenings besides our jobs and other bits of life. I posted about this on linkedin in Dutch: Collega Simon Kort BICT nodigde mij uit voor het meedoen in deze CTF.

Tags: ,
2021-04-24 Getting some new countries on the 17 meter band, 10 meter opening 1 month ago
With a bit of trying and retrying I tuned my home endfed to the FT8 frequency in the 17 meter amateur band. I'm chasing 'slots' on that band: countries I haven't worked on that band before. Today I got the Balearic Islands, Wales, Kenya, Indonesia and Lebanon in the log, all new on this band for me.

Before that there was a nice 10 meter opening during the day, where I worked several European stations.

Nice to see good propagation!

Update 2021-04-25: On Sunday I tried FT8 on 17 meters again, this got me Thailand as a completely new country! And Belarus, Latvia, Lithuania new on the 17 meter band.

Tags: , ,
2021-04-14 Year 2038 is coming! 2 months ago
Interesting kernel message in Linux today:
[ 3906.977410] ext2 filesystem being mounted at /media/koos/disk supports timestamps until 2038 (0x7fffffff)
So that filesystem (and lots of others) will give issues in 2038. Things need work before that date!

Tags: , ,
2021-04-12 Passend font voor bbs geschiedenis 2 months ago
bbs.idefix.net met VGA font Op artikelen op olduse.net kwam ik een echt VT220 font tegen. Ik dacht gelijk aan het gebruiken van iets vergelijkbaars voor bbs.idefix.net omdat dat natuurlijk eigenlijk in de VGA font stijl moet van de topdagen van de BBS geschiedenis.

Het kostte even zoeken naar het passende font, maar dat is er (vast een extractie uit een IBM VGA rom): Perfect DOS VGA 437 font en daarna wat aanpassingen aan de stylesheet, en nu is bbs.idefix.net in de juiste stijl.

Update: Iets meer werk toch: ik wil momenteel dat om 'historische' redenen de verwijzing http://bbs.idefix.net/ nog werkt maar wel de browser hint om te upgraden, zodat deze pagina met een oude browser te bezoeken is maar een recentere browser vanzelf https wil. De upgradehint ('upgrade-insecure-requests') zorgde er voor dat de http versie een font wilde laden vanaf de https versie en dat moest even aan de ontvangende kant toegestaan worden.

Tags: , ,
2021-04-10 Cleanup of my gpg private key 2 months ago
I learned about changes in GPG needing some updates to private keys so I loaded the private key for 0x5BA9368BE6F334E4 in a backup keyring and tried to find out what needs to be done. The explanation at Fixing old SHA1-infested OpenPGP keys seems to have the important parts.

Make sure the preferences are set correctly (no SHA1) and do a 'clear' on the key. I took the chance to change the expiry date to something a bit more in the future, set the e-mail address that I now use as primary and updated the weblink to my homepage to https://idefix.net/.

I also updated the details on PGP - Koos van den Hout so these can be verified.

Tags: ,
2021-04-08 Stopping with NTP servers at work 2 months ago
For almost 20 years I was involved with the running of NTP time servers at work. But the hardware aged and my job is no longer in systems administration and not in the department actually housing the timeservers.

So, time to stop doing it. The pool ntp server has been retracted, DNS names removed and soon I will make one final trip to shut down hardware one last time and remove it from racks. The end for ntp.cs.uu.nl and others.

I still run an NTP server at home which is available in the IPv6 NTP pool. That server also compared itself to one of the servers at work so it has been reconfigured. I added a few upstream servers and made sure all of them are reachable via IPv6.

The log of NTP service at cs.uu.nl was kept, here is the final version:
DateEvent
8 Apr 2021DNS names for ntp service at cs.uu.nl removed
2 Apr 2021Announcement posted to system administration mailing list that ntp service at cs.uu.nl will stop
24 Sep 2014A second stratum-1 ntp appliance is brought on-line, galileo.cs.uu.nl
28 Nov 2011Fixed the networking for stardate, the full time lab is up and running.
23 Nov 2011The antenna cable connectors are soldered on which results in a working setup after a few tries. Stardate is better at reporting the state of the power to the GPS antenna, but has no working network. Huygens has working network and serves time to metronoom.
22 Nov 2011The server ntp.cs.uu.nl is active at its new IP. Our own GPS reference doesn't work yet: we still need to solder the right connectors on the antenna cable. The server is added to the ntp pool and traffic starts to flow a few hours later.
15 Nov 2011The ntp servers are moved to their new location
14 Nov 2011The ntp servers are switched off
13 Nov 2011We retract ntp.cs.uu.nl at its current address from the pool because the serverroom will move physically, the ntp equipment will move to a different location and the IP will change to deal with the traffic better
18 Sep 2011Stats for doei.cs.uu.nl, five years after withdrawing it from the ntp pool
19 Sep 2010Stats for doei.cs.uu.nl, four years after withdrawing it from the ntp pool
4 Mar 2010The turkish adsl provider ttnet falls off the Internet for a few hours, traffic falls from 2000 packets/second to 100 packets/second in that time
22 Jan 2010We volunteer ntp.cs.uu.nl for the turkish part of the ntp pool. Traffic explodes, peaks over 5000 packets/second
18 Sep 2009Stats for doei.cs.uu.nl, three years after withdrawing it from the ntp pool
28 Jul 2009ntp.cs.uu.nl back at full speed in the ntp pool, firewall configuration fixed
15 Jul 2009rear doors of racks closed again
2 Jul 2009 10:00serverroom airco has problems with high temperatures (28-30 C), we open rear doors of racks which makes the temperature go down a bit in the racks but the airco still has hard work
Mar 2009ntp.cs.uu.nl tuned down in the ntp pool to avoid firewall issue
18 Sep 2008Stats for doei.cs.uu.nl, two years after withdrawing it from the ntp pool
17 Jan 2008huygens.cs.uu.nl has a GPS reception failure, fixed with a software update
18 Sep 2007Stats for doei.cs.uu.nl, a year after withdrawing it from the ntp pool
11 Mar 2007airco failure serverroom
5 Mar 2007all ntp servers moved to one rack close together for temperature stability
20 Jan 2007airco failure serverroom
9 Jan 2007huygens.cs.uu.nl added as stratum-1
23 Dec 2006airco failure serverroom
29 Nov 2006powerfailure in our building
1 Nov 2006metronoom.dmz.cs.uu.nl takes over as ntp.cs.uu.nl and joins pool.ntp.org
~ 24 Oct 2006antenna cable to stardate.cs.uu.nl reconnected
~ 6 Oct 2006ntpd on stardate disabled: free running clock starts to differ too much from correct time
~ 25 Aug 2006antenna cable from stardate.cs.uu.nl disconnected because of building and recabling activities
1 Aug 2006doei.cs.uu.nl leaves pool.ntp.org
19 Aug 2003doei.cs.uu.nl joins pool.ntp.org
10 Jan 1999stardate.cs.uu.nl set up as stratum-1 with GPS time reference

Tags: , , ,
2021-04-07 The NTP ham clock is ticking 2 months ago
esp32 based NTP ham clock on breadboard Recently the parts for the NTP ham clock I saw in the Electron magazine arrived: an ESP32 module and a TFT display. It took a bit before I had time to actually do something with them but recently I put the modules on breadboard and started making the needed connections. There are not a lot of those, only 8 wires need to be connected between the ESP32 microcontroller and the TFT display.

After some fiddling it worked and I managed to program it all with the settings I like, such as the right timezone rules for the Netherlands, 24 hour display on both clocks and it fetches the NTP time from the NTP server in the shed so it doesn't rely on outside connectivity.

Now to find a case for it and wire it neatly.

Tags: , , ,
2021-04-05 I participated in the EA RTTY contest 2021 2 months ago
RTTY Contest on websdr Last weekend was the EA RTTY Contest 2021 edition. I decided to participate because I appreciate the contests organized by the Unión de Radioaficionados Españoles.

Participation time was somewhat limited due to other things happening in the easter weekend. In the end I made 79 contacts and entered my log in the 'SINGLE ALL LOW POWER DX' category. As 'low power' is defined as 'below 100 watts' and my RF amplifier isn't working at the moment this is the fitting category.

Update 2021-05-05: Results are in: 71 valid contacts, 117 qso points and 51 multipliers: rank #225 of the single operator multiband low power DX category.

Tags: , ,
2021-04-04 New country in the logs: South Korea 2 months ago
Another case of having luck and being at the radio at the right time and frequency: I saw a few stations from South Korea show up in FT8. Tried making contact with more than one of them and the second or third station became stronger after a few minutes and with some trying the contact was made with HL5BLI.

It was a really short opening, five minutes later I saw no traces of stations from South Korea.

Update 2021-04-05: And the contact is confirmed on Logbook of the World too.

Tags: , ,
2021-03-29 A serious recumbent bicyle ride 2 months ago
GPX viewer result of my recumbent cycling trip 2021-03-29 I recently wanted to do some serious cycling to improve my mood and raise my maximum distance per day again. So I found a day off and set a goal of riding more than 100 kilometers. With a bit of planning on the map I decided that Utrecht - Hilversum - Bussum - Almere - Nijkerk - Utrecht was a good way to get about 105 kilometers cycling.

In the end the odometer stopped at 112.53 kilometers. And I do feel better.

Tags: ,
2021-03-28 Chasing awards: the full set of SX1A .. SX9A in the log 2 months ago
With some alerts set to get the last of the Special Event Station series to celebrate the 200th anniversary of Hellenic War of Independence against Ottoman Turks in the log I now have the full set: at least one contact with each of the special event stations.

Which means the website will generate a nice digital certificate for me which I could print out and hang on the door of the room where I have my radio setup. But that door is already filled so I'll just keep the digital certificate and leave it at that.

It was fun chasing them! My thanks to the organization behind this.

Tags: ,
2021-03-27 The paddle works on the radio too! 2 months ago
Making a video about my new paddle is one thing, actually using it with the radio is another. I have seen radio amateurs buy expensive morse gear and finding out that learning morse is hard.

I connected the paddle to the radio via the nanokeyer I built and called CQ in a part of the 20 meter band where I expect other users with slow speed.

After one CQ I got an answer from PA5ABW Ab. The same person who taught me morse code!

Tags: ,
2021-03-27 I bought a secondhand morse paddle and made a video about it 2 months ago
For a while I had a notification set for someone selling a morse paddle. Finally one came along at a reasonable price so I bought it.

And.. I mentioned this detail to some people at work. Who had an idea of what a morse key is, but didn't know about morse paddles. So with my big mouth I said "I'll make a video about it". This was triggered by the fact that I recently learned about OpenShot non-linear video editor which is available for Linux too.

So I created a video. And found out making a video of 30 seconds is a lot more work than 30 seconds. I watched some tutorial videos about OpenShot first and thought about what I wanted to show. I haven't added spoken comments because I didn't feel like doing those too.

The video isn't great, I can see several beginner mistakes. But I get the point across of what a paddle does. There is a continuity problem because I used sunlight. Which isn't very constant. And I made several clips because I didn't think I would get everything I wanted to show right. But now there are changes in light and a bit in camera angle, even with using a tripod.

And our neighbours were busy hammering indoors, so that can be heard too.

Tags: , , , ,
2021-03-24 New country in the logs: Hong Kong 2 months ago
It is always good to have a bit of luck and get a contact with a new country. This evening I saw a call from Hong Kong pop up on my screen with FT8 traffic and made the contact with a bit of a hickup since it was hard for me to receive the transmissions. The signal report showed that my signal made it across easier, so I had confidence and the contact was made.

After that I saw a station from Ghana, which had more trouble decoding my signals, but after a few tries that contact was valid too. Ghana is not a completely new country for me, but it was new on the 40 meter band.

Now to wait for digital confirmation (both show they use Logbook Of The World) and see if I can get a QSL card.

Update: I just noticed I didn't write about a few new entities from recent months. In February I also got Anguilla in the log (an island in the Carribean) and confirmed. This was a case of turning on the radio on a non-standard time and seeing a new country and getting the contact. In March I saw notifications for activity from the UK bases on Cyprus (which are two British overseas territories housing military bases because of the strategic location of Cyprus) which I have been chasing for a while and the contact was made.

Update: All contacts mentioned above confirmed.

Tags: , ,
2021-03-17 Upgraded another system at home, now serving webpages with TLSv1.3 3 months ago
Encrypt all the things meme After the recent work on updating the TLS settings for the webservers at home there was one element missing: TLSv1.3 support.

This needed an upgrade of openssl and the 'easy' way to get there was a full upgrade of the server running the external facing proxy. So I took that step yesterday evening. Made a snapshot first and started upgrading devuan ascii to beowulf.

After the update a lot of things were broken: I defined a non-standard location for bind9 logging and AppArmor disagreed. Without a working nameserver a lot of stuff breaks internally! So after managing to get on the upgraded system with console I changed the AppArmor rules to allow it. After that things started again.

For the next time I manage to break the resolving nameserver: I should remember that avahi/multicast dns works on most systems even when DNS resolving fails. I checked and I can use .local names to get to the right equipment.

After checking how everything is running for about a day I threw out the old snapshot.

Tags: , , , ,
2021-03-14 I participated in the EA PSK63 Contest 2021 3 months ago
As a number of years before I participated in the EA PSK63 Contest 2021. This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles and I appreciate their work in this and other contests.

Contacts were made Saturday afternoon/evening and Sunday morning. I decided to go for both 20 and 40 meter band to improve my contest results.

In the end I made 148 contacts, 58 on the 20 meter band and 90 on the 40 meter band. To my surprise when I started Sunday morning there was very little activity on the 20 meter band, but the 40 meter band was already filled with noise, probably from nearby solar power installations. With a bit of timing and luck I could work around the noise peaks and make contacts with the stronger stations. Later in the morning there was a lot more activity on the 20 meter band and new stations rolled in.

It was good to see a lot of to me new Spanish callsigns in this contest. I guess amateur radio in general and contesting has grown in Spain.
Read the rest of I participated in the EA PSK63 Contest 2021

Tags: , ,
2021-03-11 Sendmail 8.15.2 in Ubuntu 20.04 not even trying IPv6 3 months ago
I needed a virtual machine with ubuntu so I did the base installation and also configured unattended-upgrades and sendmail to get the results. But I noticed after a while I never saw any mail from that machine.

Problem soon found:
mailer=relay, pri=30131, relay=postbode.idefix.net. [82.95.196.202], dsn=4.0.0, stat=Deferred: Connection timed out with postbode.idefix.net.
The machine wasn't even trying to reach the mailserver over IPv6! On the internal network with servers it will fail over IPv4 because of the portforwarding rule for the port from the outside IP to the mailserver but I never expected an internal machine to try IPv4.

Somehow this seems default for sendmail 8.15.2 in Ubuntu 20.04. I could find someone else asking this: No IPv6 outbound from Sendmail starting with 20.04 but no answers how/why.

At first I suspected systemd-resolved as the old saying goes that all sendmail problems are caused by DNS. But disabling that didn't fix the problem.

I now have the IPv6 address hardcoded in the configuration, that works.
dnl FEATURE(`msp', `postbode.idefix.net', `25')
FEATURE(`msp', `[2001:980:14ca:1::23]', `25')
I also found out the option ResolverOptions=+WorkAroundBrokenAAAA was set but not causing this.

Tags: , ,
2021-03-07 Chasing amateur radio awards 3 months ago
A fun bit of amateur radio is the possibility to get awards for making contacts. There are awards like the American Radio Relay League DX century club for making contacts with at least 100 'countries' or the awards linked to summits on the air which are awards for making contacts from or to a number of mountain tops.

There are also awards for making contacts with special event stations. Currently there are several special event stations on the air celebrating 200 years of Greek independence. So far I have found two award options linked to those stations, but there may be more.

Special event stations are usually linked to a special event, such as this historic event for Greece. It is a way to notice things in history or other events that you normally wouldn't notice.

Special Event Station (SES) series as SX9A, SX8A, SX7A, SX6A, SX5A, SX4A, SX3A, SX2A and SX1A to celebrate the 200th anniversary of Hellenic War of Independence against Ottoman Turks. and The Greek Revolution of 1821 We celebrate the 200th anniversary of Hellenic War of Independence Special Event Call 01-31 March 2021 and 200 Years of Greek Independence Award.

It's a good thing they all have websites where you can see your progress and download the digital awards.

Tags: ,
2021-03-06 Digging for more entropy 3 months ago
Looking at the newest graphs I created with grafana of system statistics I noticed the available entropy was still getting dangerously low from time to time on the system that runs the home server. For some reason this system has no available hardware random number generator. Even after the earlier changes to add more sources of randomness it was sometimes dropping low, especially during dnssec signing operations.

This does mean that the encryption processes for TLS in the webservers may also get delayed. Which is really not what I want.

Time to update settings on randomsound and haveged: I want a minimum of 2048 bits of available entropy. Sofar, this seems to have the desired effect.

Tags: , , ,
2021-03-03 Checking the TLS setup for my webservers 3 months ago
Encrypt all the things meme I'm currently following the course The Best TLS and PKI Training Course in the World and learning even more about the workings of encryption, TLS and certificates.

One of the things I learned is to balance security with performance. And I directly used this new insight on my own webservers. The connection which brought you this page from https://idefix.net/ is still encrypted but I saved a few milliseconds on the encrypted setup by switching from a big (4096 bit) RSA private key to a 384 bit ECDSA key which are comparable in cryptographic strength. But the calculations with the ECDSA key are less CPU intense. And yes, I have statistics on page loading times before and after the changeover of the key.

It was a good moment to change private keys anyway, the old keys were more than a year old.

This is one of those areas where I like having my knowledge hands-on. Actually understanding what is happening and why.

Tags: , , ,
2021-03-01 Updating my statistics gathering 3 months ago
Grafana dashboard sample For years and years I have been using rrdtool to gather and graph statistics at home. I started gathering home temperatures around 2008 but I see NTP statistics gathering from 2003 and my last mrtg graphs were created in October 2002. So that suggests I've been using rrdtool since that date.

Anyway, I'm looking at newer options. After some asking around I installed influxdb and started gathering data. I adjusted some of my data gathering scripts around rrdtool to also put the data in influxdb.

The easiest data to gather and graph was the load average, available entropy and number of processes for a number of systems at home. So that dashboard has been built and allows selection of the wanted computer.

My first conclusion is just collecting data and thinking what kind of graphs to create later is a lot easier with influxdb. With rrdtool the round robin database is designed around the graphs you want. In this case I just start gathering data and when data has come in start playing with possible graphs from that data.

The next challenge is to set the rules for maintaining the old data. One of the triggers to look at other options was that I was at the end of a nearly 11-year cycle of stored temperatures in rrdtool, and I wanted to keep that history if possible.

I don't have to keep every measurement forever, but with storage being cheap I think I will keep daily averages forever when this is 'production'.

Tags: , ,
2021-02-27 Ordered parts for an NTP ham clock 3 months ago
Today the Electron magazine of the Veron amateur radio club came in, the March 2021 Veron Electron (Dutch).

As I was browsing the magazine and reading articles I came across an article about building an NTP ham clock, consisting of an ESP32 module and a TFT LCD display, and the rest is all in software.

I directly wanted to build this, as this combines two of my interests: amateur radio and NTP time synchronization. It displays both the local time and the UTC time on the TFT display, just like PyHamClock does on my screen.

The article is based on the same project at W8BH projects which gives me a good descriptive pdf.

So I ordered an ESP32 module and ILI9341 TFT LCD display from an aliexpress seller and now I wait, because this will take about a month.

Tags: , , ,
2021-02-22 Chantage over bezoek aan porno-websites gaat door 3 months ago
Omdat met redelijk goed Nederlands deze pogingen tot chantage zich ook specifiek tot het nederlandse taalgebied richten zal ik er ook maar in het nederlands over schrijven:

In diverse varianten al langsgekomen, de 'ik heb al je persoonsgegevens en seksbeelden van je' mail waarin een betaling in bitcoin nodig zou zijn om hier van af te komen. Hoe het beeld tussen de porno-website en de webcam is ingedeeld is in deze varianten niet meer precies terug te lezen, dat detail bleef bij eerdere varianten wel steeds terugkomen, dus er zit nog iets verandering in.

Het bedrag is omhoog gegaan, er is nu 1450 euro in bitcoin nodig en dat moet naar bitcoin rekening 133MphKowvCC1PDyfZVF9L76mQvxTtRY93.

Op dit moment is daar nog geen geld op binnengekomen, maar zo te zien al diverse meldingen over deze chantage.

Goede uitleg Ik word per mail gechanteerd - Fraudehelpdesk.

Update 2020-02-23: Twee nieuwe mails met dezelfde tekst maar met bitcoin rekening 1NcyvDdyuJ5tF9MTnk1LqUULaZHurt3gRF. Of het dezelfde crimineel is of dat er iemand de tekst wel handig vond is de vraag.

Tags: , ,
2021-02-20 Maintaining old URLs with parameters 3 months ago
In looking for something different I noticed requests for old urls for rss.php urls on a site. But that site was rewritten in a different programming language and I use a generic .cgi extension.

I had to look up how to do redirects with paramaters again because a RewriteRule directive in apache normally only uses the url, not the parameters. The page Redirecting and Remapping with mod_rewrite - Apache HTTP Server Version 2.4 gave me some hints, and I ended with:
    RewriteCond "%{QUERY_STRING}" "(.+)"
    RewriteRule "^/rss.php" /rss.cgi?%1 [R]
Which does exactly what I want.

Tags: ,
2021-02-16 Finally Armenia confirmed in amateur radio 3 months ago
Getting new countries in the log is one part, getting those countries confirmed is another.

Armenia had been 'evading' me for a few years because there aren't a lot of active radio amateurs in that country and the first ones I had contacts with decided to want money for a QSL card or digital confirmation. I decided to keep trying and in December 2020 I got a new station in the log: EK3GM and that station confirmed via Logbook of the World. So now I have that country confirmed, making the total 127 countries contacted, 120 confirmed via Logbook of the World.

Update 2021-02-17: And being active in the CQ WPX RTTY contest last weekend caused another confirmed country that I have been 'chasing' for a while: Tunesia. Contest station 3V8SS was very active, I got in the log and now I have 121 countries confirmed via LoTW.

Tags: , ,
2021-02-15 I participated in the PACC 2021 contest and in the CQ WPX RTTY 2021 contest 4 months ago
A busy weekend with multiple radio contests going on. And a lot of other stuff in the weekend too so not much time to actually participate! I came to both contests fully unprepared and without much space in the weekend planning for butt in chair time.

First was the Dutch PACC contest where I participated Saturday afternoon and in the last 20 minutes of the contest Sunday morning. In this contest I made 21 contacts: 14 in morse and 7 in phone.

The second contest was the CQ WPX RTTY contest 2021 which is a 48 hour contest, which allowed me to start after I finished in the PACC and get stations in the log Sunday afternoon and evening. In this contest I made 70 contacts.

Tags: , ,
2021-02-15 Snow over the Netherlands satellite image 4 months ago
Satellite image of the Netherlands 2021-02-13 with snow cover. I acknowledge the use of imagery provided by services from NASA's Global Imagery Browse Services (GIBS), part of NASA's Earth Observing System Data and Information System (EOSDIS).
Satellite image of the Netherlands 2021-02-13 with snow cover.
I acknowledge the use of imagery provided by services from NASA's Global Imagery Browse Services (GIBS), part of NASA's Earth Observing System Data and Information System (EOSDIS).
In the weekend of 6 and 7 February 2021 the Netherlands got covered in snow and temperatures dropped to -10 degrees Celcius. In the week after that weekend temperatures stayed low and clear skies made for nice weather for outdoor skating and other wintersports. I was reminded of being on wintersport holiday.

I just had to look up the available images from the NASA Global Imagery Browse Services (GIBS) and found a great image from 13 February 2021. Click for more pixels!

Tags: , , ,
2021-02-08 Checking certificates for expiry time left to determine renewal 4 months ago
Encrypt all the things meme I recently almost had an expired certificate for a public service because I did some fiddling with the file and ended up with a file modified time which had no relationship to the certificate request time.

Time to use the -checkend option I noticed in openssl x509 to test the actual certificates for upcoming expiry. So I redid the cronjob around dehydrated to do just that and had a cleanup. A candidate list of certificates to renew is created from certificates that are about to expire, certificates that have a changed certificate signing request and certificates for which there is only a signing request. That list is sorted and deduplicated and fed to calls to dehydrated.

It's now one script for both certificates that are renewed via the http-01 method and for certificates that are renewed via dns-01. By now both methods work fine for me, it depends on the use of the name which is fitting.
Read the rest of Checking certificates for expiry time left to determine renewal

Tags: , , ,
2021-02-06 Fiber to the shed: final stage, first light and link up 4 months ago
Today I had time to prepare for the final fiber route in the utility closet and after that it was time to go into the crawlspace again and replace the fiber with the 15 meter length singlemode fiber. Good preparations helped the fiber pulling to go fine.

Next stage was to mount both fiber optic transceivers in such a way that they protect the fiber from damage. At last it was time to add UTP cable for the last part at both ends and soon the right lights were blinking and the link was up.

So now the weather reporting for Weatherstation Utrecht Overvecht is a lot more reliable and on time again, and the time service from my time server is always available.

Fiber may be overkill for this path, but on the other hand the fiber that came out of the pipe between the shed and the crawlspace was quite wet so my best guess is utp cable would need special precautions to not get water in it.

Tags: ,
2021-02-04 De hardnekkige spamlijst voor een belg 4 months ago
Ook 'Jeroen van Icttechnics' lijkt aan het patroon te voldoen wat past bij dezelfde bron van spam die ik al jaren zie. Website www.icttechnics.be waar staat dat hij niet meer dan 40 kilometer afstand wil voor klantbezoeken. Ook al staat er geen fysiek adres in Belgie bij, ik weet vrij zeker dat er geen adres in Belgie op minder dan 40 kilometer is.

Eerder, eerder, eerder, eerder, eerder, eerder, eerder, eerder, eerder, eerder.

Tags: , ,
2021-02-02 Fiber to the shed: small change of plans 4 months ago
I talked about the latest developments in the fiber to the shed project with someone who has more experience in home fiber network and the suggestion was to order a 15 meter single mode lc-lc patch cable to have one cable from shed to the switch. I ordered such a cable at fs.com and added an 100base-LX SFP so the fiber can terminate directly in the downstairs switch.

Now waiting for the equipment to arrive, and there will be more work in the crawlspace in my near future.

Update 2020-02-04: The ordered fiber and SFP arrived late in the afternoon. Fast service from fs.com. It was shipped via DHL Express and they tried several times to remind me to pick a DHL shop to pick up the package but currently I'm not going anywhere most working days so my doorstep is a perfect delivery address.

Update 2020-02-05: After several tries it is clear my netgear switches have SFP slots that do not want to work with a 100base-LX SFP module. So one step back to the plan with two fiber-optic transceivers.

Tags: ,
2021-01-31 Redid connector on phone cable for VDSL 4 months ago
While I was working in the crawlspace yesterday I rerouted the phone cable that brings the VDSL from the network connection point (in the crawlspace, not a good place!) to the utility closet. After that the VDSL started giving disconnects.

Today I reopened the crawlspace, shortened the phone cable by about 8 centimeters and crimped a new connector on the phone cable. The copper on the original connector looked completely black, which may have given interesting interference at higher frequencies.

As we say in amateur radio: RF is magic. And since VDSL is RF, having oxidation in the wrong place can cause intermodulation.

Tags: ,
2021-01-30 Fiber to the shed: actual digging and crawling 4 months ago
The first part of the fiber path has been done.

Today I gathered all the tools to work on this project and removed most of the contents of our shed to work in there.

When I started digging in the shed I soon noticed the plastic pipe from the shed to the crawlspace of our house takes a 45 degree angle first and the next 45 degree angle is under the garden. I was not going to do that much digging so the plan had to be adjusted. The working solution was to pull the fiber through one of the old heating pipes. So my wife pushed a wire-pulling cable through one of the heating pipes while I was laying in the crawlspace waiting for it to show up. When we tried the second heating pipe it did show up, and pulling the fiber back to the shed worked fine. I did put some tape around the connectors to make sure they wouldn't hook behind something and I made sure the bit of rope that was pulling on the fiber was actually pulling on the main fiber and not on the connectors. The fiber came up in the shed nicely.

I wanted to hang the fibre in the crawlspace, since it could get damaged easily lying on the in the sand down there. I installed an electricity pipe hanging under the floor beams. After that there was still a bit of length to get to the nearest switch but not enough fiber left, so I had to leave that hanging for when I get a connector for an extension.

While I was in the crawlspace I made sure some other cables were mounted better, since the mess down there annoys me a bit. And I don't want other maintenance in the crawlspace to have a chance of disconnecting important things.

So the project isn't finished yet, but there is serious progress. It feels like I almost spent as much time making sure I had the right tools available and cleaning and storing them again as I spent actually working on it!

Tags: ,
2021-01-28 Found on YouTube: Cruising The Cut 4 months ago
A while ago the YouTube suggestion algorithm came up with a video about a TV journalist / cameraperson who decided to live and work full-time on a narrowboat in the canals of England. The suggested video: TV Journalist Quits His Job to Live on a Tiny House Boat & Cruise UK Canals Full-Time.

I guess the suggestion was in relation to some videos I watched about people with expedition vehicles.

After that video I checked out the YouTube channel mentioned in the video: Cruising the Cut and I got addicted. By now I have watched more than two-thirds of the videos in the channel. David Johns describes the first steps in buying the boat, getting the boat ready to live on and the journeys along the canal network in England. The exact measures of the narrowboat are to make it fit in the canals that were dug in England as the first way to move goods when the industrial revolution allowed centralized production. The boats are 2.08 meter (6 feet 10 inches) wide to fit in all the canals and locks. The canals were dug by hand, so they are no wider and deeper than needed to transport goods.

I did ask David about the term 'the Cut' because I couldn't find a good explanation for it. It is the term for the canal, because the canals were cut out of the land by hand.

For my Dutch readers who wonder about canals in a not completely flat landscape: canals in England have lots of locks, tunnels and aqueducts to deal with those.

Somehow this idea of a moveable home is nice to me. At the same time I am not a person for living on the water, and with all the plans for long cycling tours I still want to return to a nice home with all the comforts.

One note: I do notice that David Johns comes from a background in television. Great quality video. And yes, I am fully aware that takes a lot of editing.

Tags: , ,
2021-01-23 Grolsch dubbel 4 months ago
Beer illustration Again something from our local supermarket. A dark color Belgian dubbel. A slight hoppy taste, not strong. In the brown Grolsch beugel bottle, which is a return to several years ago!

The beer details

CompanyGrolsch
Beer nameGrolsch dubbel
Beer styleBelgian dubbel
Alcohol by volume6.8 %

Tags: ,
2021-01-20 Playing with DUDE-Star and actually hearing audio 4 months ago
I recently noticed the DUDE-Star software which allows access to D-Star, DMR, YSF, NXDN, P25, M17. For those who read here and got dazzled by these abbreviations: These are radio systems where voice data can be transported both via radio signals and via Internet data streams.

In all of these systems there are ways to connect radio / network interfaces together to make contacts over longer distances possible. This software allows access to all these interfaces and will do the audio encoding/decoding so it will use a microphone and loudspeaker.

I haven't had any luck in hearing D-Star audio yet which may be due to not being a registered D-Star user or due to not selecting busy reflectors (the computer systems that allow linked radios and networks to have the same audio data: an audio chatroom). I browsed around other systems and found busy talkgroups in YSF where I heard chatter in Dutch and English last night.

It is nice to see software like this making it all accessible without investing in hardware. The codecs used have a serious influence on the audio quality, and I was warned the quality from DUDE-Star isn't as good as from the actual radios. From what I heard some of the digital audio modes the quality isn't very good (to leave lots of room for error correction).

Tags: , ,
2021-01-15 Fiber to the shed: testing the fiber optic transceivers 5 months ago
I wanted to get an idea whether the network over the fiber optic transceivers is reliable. So at the moment our dining room table looks like a network lab.

For testing networks there is iperf. I found out the Raspberry Pi 3B+ can't keep up with 100 Mbit/second UDP packets, so I searched for a speed where the Pi performs ok. This turns out to be 30 mbit, at higher speeds there is packet loss. I also had to reduce packet size to avoid fragmentation which costs CPU. I use IPv6 because that's what I'm used to. It turned out later the maximum speed without loss is higher with IPv4 than with IPv6.

Server on the raspberry pi:
koos@raspberrypi:~ $ iperf --version
iperf version 2.0.9 (1 June 2016) pthreads
koos@raspberrypi:~ $ iperf -s -V -u
------------------------------------------------------------
Server listening on UDP port 5001
Receiving 1470 byte datagrams
UDP buffer size:  160 KByte (default)
------------------------------------------------------------
Test without fiber optic transceivers in the path. Layer 2 route: virtual machine - host machine - utp - network switch - utp - network switch - utp - raspberry pi
koos@wozniak:~$ iperf --version
iperf version 2.0.9 (1 June 2016) pthreads
koos@wozniak:~$ iperf -V -u -b30M -i 10 -t 120 -M 10 -l 1400 -c ..
------------------------------------------------------------
Client connecting to .., UDP port 5001
Sending 1400 byte datagrams, IPG target: 373.33 us (kalman adjust)
UDP buffer size:  208 KByte (default)
------------------------------------------------------------
..
[  3]  0.0-120.0 sec   429 MBytes  30.0 Mbits/sec
[  3] Sent 321430 datagrams
[  3] Server Report:
[  3]  0.0-120.0 sec   429 MBytes  30.0 Mbits/sec   0.004 ms    0/321430 (0%)
Test with fiber optic transceivers in the path. Layer 2 route: virtual machine - host machine - utp - network switch - utp - network switch - utp - fiber optic transceiver - fiber - fiber optic transceiver - utp - raspberry pi
koos@wozniak:~$ iperf -V -u -b30M -i 10 -t 120 -M 10 -l 1400 -c ..
------------------------------------------------------------
Client connecting to .., UDP port 5001
Sending 1400 byte datagrams, IPG target: 373.33 us (kalman adjust)
UDP buffer size:  208 KByte (default)
------------------------------------------------------------
[  3]  0.0-120.0 sec   429 MBytes  30.0 Mbits/sec
[  3] Sent 321430 datagrams
[  3] Server Report:
[  3]  0.0-120.0 sec   429 MBytes  30.0 Mbits/sec   0.007 ms    0/321430 (0%)
Trying with IPv4 shows that packet loss starts to occur above 45 mbit. This is an interesting difference.

But the important conclusion is that there is no packet loss over the fiber path. There may be a bit more latency, but that's not a surprise. As a last test I looked at purely ping traffic using IPv6.

Without fiber in the path:
koos@wozniak:~$ ping -c 100 -i 0.2 -q ..
PING ..(.. (2001:xxxx)) 56 data bytes

--- .. ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 20192ms
rtt min/avg/max/mdev = 0.567/0.680/0.866/0.063 ms
With fiber in the path:
koos@wozniak:~$ ping -c 100 -i 0.2 -q ..
PING ..(.. (2001:xxxx)) 56 data bytes

--- .. ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 20191ms
rtt min/avg/max/mdev = 0.625/0.738/0.828/0.046 ms
This also shows a bit more latency over fiber.

The extra latency is probably due to the fiber optic transceivers containing a network switch.

Tags: , , ,
2021-01-15 The scammers found out buttcoin is making news headlines 5 months ago
Buttcoins have had some interesting price changes recently and while I normally only associate bitcoin with sextortion scams I'm now receiving spam about 'getting rich from bitcoin'. Most notably from the mails:
Don't like these emails? Unsubscribe. a Company or Organization Name | Latvia
Wahnsinnig reich werden Wahnsinnig reich werden Don't like these emails? Unsubscribe. a Organization Name | France Unsubscribe {recipient's email} Update Profile | About our service provider
I guess they are abusing some cheap spam provider (probably known to themselves as "e-mail marketing company").

Tags: , ,
2021-01-13 Fiber to the shed 5 months ago
There is no fiber to our home in the near future but I am working on laying another fiber route: from the switch in the cupboard downstairs to the shed. This is because the NTP server in the shed still has intermittent connectivity issues when using 2.4 GHz wifi due to the 2.4 GHz wifi channels being very crowded. The wifi dongle has no 5 GHz support and I don't think I would get it very reliable. But other options are also not ideal. As a radio amateur I can't go back to using powerline (network over power cables) and I wouldn't feel safe with a network cable running that far should a lightning strike ever occur. I should write "occur again" since I have had a network switch with probable lightning damage before.

The only option left is what you guessed from the title of this post: fiberoptic cable. No interference to my radio reception and a lot less chance of lightning blowing up parts of the network and connected computers. But a whole new world of fiber types, fiber lengths, wavelengths, connector types and interface types opened up to me. The switch in the cupboard downstairs has SFP ports, but how to get beyond that.

The raspberry Pi 3B+ that I use is 100 mbit only and I wasn't sure how to handle that. So I asked someone who is very good with fiber networks to explain to me what options are available and that person dug up some lengths of fiber that are no longer used and some 100 mbit fiberoptic transverters that were also a wrong purchase. So I already have the connectivity hardware available.

Now all I need is a physical route between the shed and the rest of the network. There is an old plastic pipe from the shed to the crawlspace of our house that was once used for heating will probably do the trick once I figure out how to remove the old heating pipes from it. I guess there is some real dirty work below the floor of our house and in the shed in my near future. I will also need to buy plastic tubing to safely guide the vulnerable fiber. And some hooks to hang this tube and other cables from the floor instead of having them lie in the sand in the crawlspace.

Since there is also an old gas pipe in the plastic pipe I will make really really sure first that one isn't connected somewhere.

This was all triggered by adding the ntp server in the shed to the NTP pool and having the pool monitoring system gripe about the server becoming unreachable as soon as I have wifi problems. The things I will do for serving the right time!

Tags: , ,
2021-01-12 I participated in the UBA PSK63 contest 2021 5 months ago
PSK63 contest in fldigi The contest that started radio contests in digital modes for me was again last weekend: the UBA PSK63 Prefix Contest. This is the 7th year in a row that I participated in that contest.

Conditions weren't very good. Especially Saturday the 20 meter band 'dried up' as soon as it got a bit dark and later in the evening I stopped trying on the 40 meter band and decided to call it a night. Sunday morning after I woke up I tried again and got a good number of new stations both on 20 and 40 meters.

In the end I made 78 contacts.

Update 2021-03-14: Results are in: 74 valid contacts, 68 multipliers, 5032 points. Ranking number 154 in the single operator all band category.

Tags: , ,
2021-01-06 I participated in the ARRL RTTY Roundup 2020 5 months ago
RTTY Contest on websdr Last weekend was the ARRL RTTY Roundup 2020 and I participated. I made sure beforehand to have a separate logging file for just this contest, with the plan to be able to switch from RTTY in fldigi to FT8/FT4 in wsjt-x and back.

Propagation on the 40 meter band during the dark hours wasn't very good, I never got outside of Europe on that band. On Sunday afternoon I tried the 20 meter band for a while with not much better results. I switched back to 40 meter and worked some new stations. I did switch back to the 20 meter band just before sunset and got one US station in the log: W0PR which also sounds like a reference to the WarGames movie (to me).

I did switch to wsjt-x on Sunday evening. I saw absolutely no calls for the contest on 40 meter FT8, and only a few on 40 meter FT4 so I tried making those contacts. I saw several US stations calling but none heard my answer.

In the end I made 89 contacts. I did transpant the log from fldigi to wsjt-x but wsjt-x did not see the earlier contest contacts so I increased the outgoing serial counter to start at 86. I've had better years in the ARRL RTTY Roundup.

Tags: , ,
2021-01-05 Sharing my christmas light code 5 months ago
I forked the github repository GitHub - jgarff/rpi_ws281x: Userspace Raspberry Pi PWM library for WS281X LEDs into my own GitHub - KHoos/rpi_ws281x: Userspace Raspberry Pi PWM library for WS281X LEDs and committed my code for using the 120 led ledstrip as christmas tree lights including morse code.

It's my first actual python code.

Tags: ,
2021-01-02 Guinness West Indies Porter 5 months ago
Beer illustration Looking for some special beers for new year's eve I found this at the local supermarket. I know 'standard' Guinness since we used to drink that on holidays in England, but I had no idea what to expect from this beer. Time for the experiment.

In taste it's a reminder of Guinness, but not as 'creamy' as Guinness. A bit more nuance in taste.

The beer details

CompanyGuinness
Beer nameGuinness West Indies Porter
Beer stylePorter
Alcohol by volume6.0 %

Tags: ,
2021-01-01 New year, new scams 5 months ago
The bitcoin sextortion scams continue in this year. The one I got today tries to avoid spam filters that trigger on bitcoin addresses:
Ok! So.. to get some coins go and search on Google for "Buy BIT C0lN instantly"
and send to this address:

Address: 1 L 2 U a v M T r h p C X W n 9 L v q h C q R S v x Y z f Q s B w 4
Amount: 0.027
The address 1L2UavMTrhpCXWn9LvqhCqRSvxYzfQsBw4 is valid according to 1L2UavMTrhpCXWn9LvqhCqRSvxYzfQsBw4 - blockchain explorer but not yet known at BitcoinAbuse.

I hope some day one of these scammers is brought to justice.

Update 2021-01-10: More of the same, with reasonably good Dutch language writing. New bitcoin addresses: 1Emh6CsbF4eo425ph3sSCNZ2aGCWerRB7w 1JakpfFpX4HFyiuv7WKviV5xAanMwknArV 1Emh6CsbF4eo425ph3sSCNZ2aGCWerRB7w and the criminal wants 1500 US Dollar in buttcoins to not publish the videos.

Update 2021-01-13: More good Dutch although I am sure it's a translation because of the familiairity in the writing style. Bitcoin address Eu8sHWG2Uzvd1ukxumae5ctfSNWWtsFkS. The amount has changed to 1400 Euro in buttcoins.

I also note bitcoin address 1JakpfFpX4HFyiuv7WKviV5xAanMwknArV has received 2 incoming transactions of somewhat above 1500 dollars so it seems this crime pays.

Tags: , ,
2021-01-01 Closing 2020 in amateur radio with a plot of the number of contacts and a review 5 months ago
QSO count plot up to December 2020 Time to plot the number of contacts in 2020 and a review. I made no specific resolutions for 2020 but looking back there were positive developments.
  • The Kenwood TS480-SAT is at a remote location with good antennas for most of the HF bands. This enabled me to work new countries and get more voice and morse contacts in the log.
  • I was active on amateur satellites a few times, including from Austria.
  • The morse speed improved and I got on the air more with morse. Including a few morse contests.
  • I tried to follow the Bulgarian Saints 2020 stations and I had at least one contact with one of the stations in 10 out of the 12 months of 2020. In 8 months I had at least one contact in morse with the station of that month. So I earned the Bulgarian Saints diploma 2020.
  • In general I made more contacts in this year than in any other year. The endfed antenna is now mounted outside in such a way I can leave it there, which makes getting on the radio for a few contacts easier. There were also more special event stations active this year.
  • I had radio contacts with several new countries.
  • The box with outgoing QSL cards is now empty!
  • I'm active as QSL manager for my local club, this is fun and my part of keeping the club running.
Plans for 2021:
  • Keep practising morse, try to pass the morse exam.
  • More satellite contacts. Weather permitting...
  • Morse and phone in contests.
  • Order new QSL cards and keep on sending them.
Read the rest of Closing 2020 in amateur radio with a plot of the number of contacts and a review

Tags: , , , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.50 2020/12/31 15:36:31 koos Exp $ in 0.085415 seconds.