News archive June 2022 - Koos van den Hout

De regenton die we al jaren in de achtertuin hadden is een keer lek geraakt, vermoedelijk door het bevriezen van het water er in. Sindsdien maak ik regentonnen ergens in oktober leeg en sluit de toevoer af, en in maart sluit ik de toevoer weer aan. Maar het gevolg van het lek was ook dat er steeds een erg vochtige hoek was in de achtertuin.

Vanwege de goede ervaringen met de regenton aan de voorkant van het huis en de gevolgen van de regelmatige lekkage wilde ik die aan de achterkant ook vervangen. Op die plek is ruimte voor een grotere regenton, dus is de keuze uiteindelijk gevallen op een 225 liter regenton groen Big Storm - voertonnen.nl met een vulautomaat Harcostar. Dus ook weer van voertonnen.nl want het aanbod daar is me prima bevallen.

Na installatie was het wachten op regen. Het duurde een paar buien voor de ton redelijk vol was, want het deel dak waar deze regenton op aangesloten is is niet zo groot. Maar nu kunnen we de tuin weer water geven vanuit de regenton. En de plantjes binnen water geven met regenwater.

Het uiteindelijke doel: minder regenwater in het riool en minder gebruik van drinkwater in de tuin. Het werkt: sinds we de regenton aan de voorkant hebben is de kraan aan de voorkant niet meer gebruikt.

Aanvulling: Ondertussen is duidelijk dat een te kleine voet voor een regenton niet werkt. De regenton was opgesteld op een stapel tegels en stak daar aan alle kanten overheen. Nadat de ton helemaal gevuld was met water (circa 225 liter dus) ging deze scheef hangen en op een bepaald moment zakte de ton omver en stroomde er 200 liter water door de tuin. Daarna zat er een deuk in de bodem van de ton met duidelijk de afdruk van een hoek van een tegel. De deuk is gelijk weer teruggeduwd. Er zit nu een plaat onder die de volledige bodem ondersteund.

Today I'm seeing bounces of bitcoin scam mail, with about the same text as in the bitcoin extortion scam of about a week ago, but with a different bitcoin wallet.

In the body of the mail the claim is that the criminal hacked the mailbox of the victim and can now send as the victim, but this criminal decided to 'get even' with me at the same time and contradict himself by setting the sender address to my e-mail address.

So I'm now browsing the bounces and see the bitcoin wallet for this scam is 1Mjt2xobFExdZBGfjTVDcgzJWQxRxoHBdA which hasn't scammed anyone yet.

As always: don't fall for these scams.

Earlier items about bitcoin extortion scams: Earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier (although I think bitcoin is generally a really bad idea and a huge scam)

Van tijd tot tijd controleer ik of de netwerkgroep weblog nog updates nodig heeft aan de Serendipity weblog software die draait sinds de installatie van Serendipity voor de netwerkgroep in 2006. Nu is Serendipity zeer veilig geschreven want dit komt maar heel zelden voor.

Toch bleek het vandaag nodig te zijn en kreeg ik de update niet in een keer rond. Blijkbaar stonden er nog wat rechten verkeerd sinds de virtuele machine voor de webserver een crash had gehad. Na het oplossen hiervan draait het weer rustig door.

In de oude artikelen gaan natuurlijk wel eens links naar externe sites kapot. Daar doe ik nog wat onderhoud aan.

Recently I realized I am quite enjoy stories and videos of travel. As we had our own travel adventure a month ago I decided to write about it extensively as the memory was still fresh and I wanted to mentally relive that trip and get some experience in writing about my travels.

With some help of the pictures, the list of hotel reservations and checking the maps there is now a complete set of stories of this holiday. I backdated the stories to the days they happened which was for me the logical choice.

The reports per day:

• Trip to Iceland day 1
• Trip to Iceland day 2
• Trip to Iceland day 3
• Trip to Iceland day 4
• Trip to Iceland day 5
• Trip to Iceland day 6
• Trip to Iceland day 7
• Trip to Iceland day 8
• Trip to Iceland day 9
• Trip to Iceland day 10
• Trip to Iceland day 11
• Trip to Iceland day 12
• Trip to Iceland day 13
• Trip to Iceland day 14
• Trip to Iceland day 15

In general this was a really good vacation. Iceland has the kind of raw nature and geology I enjoy visiting. The people are really friendly and helpful. Compared to our earlier visits it is clear Iceland is more prepared for visiting tourists without turning into a tourist trap.

Iceland has turned even more cashless than in earlier visits. With a credit card and a debit card you can pay almost everything, even contactless international payments work. We saw a problem with paying with Android pay after a few days so we stopped doing that.

Mobile phone and mobile data coverage is near-perfect along the roads. It's probably a good idea to not rely on mobile phone when you go on inland hiking trails but as long as you are sticking to paved and gravel roads there is lots of coverage.

The first pictures have been integrated, for some days I need to copy more pictures from the camera to flickr to add these to the collection.

I hadn't seen these in my inbox in English for a while, but here we go again.

Hi! You can consider this message as the last warning. We've hacked your
system!
This information can destroy your reputation once and for all in a matter in
minutes. You have the opportunity to prevent irreversible consequences. To do
so you need to:

Transfer 1200 USD (US dollars) to our Bitcoin wallet.
Don't know how to make a transfer? Enter "Buy Bitcoin" into the search box.

Our Bitcoin wallet (BTC Wallet): bc1q4r05c7wdazh87ty9x9968e2r90w72rhtq5jl43

After you make the payment, your video and audio recordings will be
completely destroyed and you can be 100% sure that we won't bother you
again. You have time to think about it and make the transfer - 50 hours!

As always: don't fall for these scams.

Earlier items about bitcoin extortion scams: Earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier (although I think bitcoin is generally a really bad idea and a huge scam)

I saw an upgrade of Grafana available, which turned out to be 9.0.0. When upgrading to 9.0.0 I get...

An unexpected error happened
TypeError: Object(...) is not a function

t@[..]public/plugins/grafana-clock-panel/module.js:2:15615
WithTheme(undefined)

So maybe the grafana-clock-panel plugin isn't compatible with 9.0.0 somehow.

Downgrading to 8.5.6 and reloading everything makes it work again.

Update: I checked the grafana-clock-panel plugin and noticed it hadn't been updated. So I did that update and retried grafana 9.0.0, and that made everything run smoothly again.

After receiving another mail in the mail exchange that made me note Microsoft outlook.com wasn't blocking my mailserver anymore we're back right in the same spot:

   ----- Transcript of session follows -----
... while talking to outlook-com.olc.protection.outlook.com.:
>>> MAIL From:<***** .at. idefix.net> SIZE=2035 BODY=7BIT
<<< 550 5.7.1 Unfortunately, messages from [45.83.232.134] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [BN8NAM11FT026.eop-nam11.prod.protection.outlook.com]
554 5.0.0 Service unavailable

Aaargh. I thought it wasn't broken anymore. Utterly unreliable stuff at Microsoft.

And I'm back to having to use SMS to explain to very non-technical people why their mail isn't getting through: because they are using outlook.com.

Update 2022-06-13
As a workaround I am now using SMTP2GO to send mail to outlook.com and hotmail.com. SMTP2GO does interesting things (even in a free account) to get the mail delivered and keep their mail 'reputation' in the plus. I hate having to use such a service to get my mail delivered but this is one of those signs that Internet e-mail has been demolished by spammers.

Today the updated registration documents and card arrived with the much wanted "CW included". I passed the exam on 18 April 2022 and informed Agentschap Telecom on Tuesday 19 April 2022 about passing the morse test.

In the autoreply from Agentschap Telecom there was a remark that changes in existing certificates or registrations can take up to 8 weeks to process. At almost 7 weeks they lived up to their promise.

One of the subject areas I'm interested in at work is hardware security and hardware hacking. After doing things with rfid earlier I'm now looking at low-level electric interfaces. With the earlier hardware challenges in CTF contests in HackTheBox Cyber Apocalypse CTF 2022 - Intergalactic Chase and The HackTheBox & CryptoHack Cyber Apocalypse 2021 I got interested in logic analyzers. Those sounded expensive (but I never actually checked).

And then I read this bit: I recently got this 8ch cheap USB-C logic analyzer from AliExpress and the price shown is 5.42 US dollar. That's really cheap!

For that price I can buy one and not be too dissapointed when it blows up or fails to give me the joy I hope. So, ordered: one 8 channel logic analyzer and a set of test leads so I can actually clip this to a circuit. The price for me for the logic analyzer circuit is EUR 6.78 including delivery and taxes.

For software I learned about PulseView.

This hardware has limitations, but for simple decoding of hardware protocols this is a nice start.

Recently I tried to contact someone with an outlook.com address and it went fine. So it seems the really annoying block I ran into earlier is gone. I still get enough spam from/via outlook.com so I'm still not convinced the spamfiltering at outlook is working very well but that's a different rant. The incoming block is now gone.

I'm currently also doing some contacts with a special event station call and I wanted to separate the wsjt-x history for my normal call from the history for the special event station call, just like I split the log databases in CQRLOG.

For the non-amateurradio persons: I have my own callsign, PE4KH which is linked to me. It is also possible to have one extra temporary callsign. Those are usually linked to an event or some other reason for a 'special' callsign. Temporary callsigns in the Netherlands have either the digit 6 or more than one digit.

There is an option for multiple profiles in wsjt-x but those are just for the settings (including callsign) but not for the logging location. This means all different profiles share the same history and will show the same countries as 'new' or 'already contacted'.

When I was looking at the options for starting wsjt-x with different settings I noticed the -r --rig-name <rig-name> Where is for multi-instance support. option in the help. With this option, all the logging is in ~/.local/share/WSJT-X - <rig-name>/ which is what I want.

The next challenge is to start wsjt-x with the extra commandline paramater from CQRLOG. It seems the 'path to wsjt-x' setting doesn't accept commandline parameters. So I created a script ~/bin/ses-wsjtx with:

#!/bin/sh

/usr/bin/wsjtx -r ses

Changed the 'path to wsjt-x' setting to /home/koos/bin/ses-wsjtx and now I get what I want.

Grolsch is one of my choices for 'standard' Pilsener beer. So I keep an eye for the available special beers. This time I saw Grolsch Puur Weizen available and decided to give it a try.

It's a slightly hoppy taste, and I can appreciate this. Nothing too strong in the taste. Grolsch follows the German Weizen style including the Reinheitsgebot. This beer does taste slightly different from what I would expect from a German Weizen. Grolsch themselves name it clove, I agree to the taste going in that direction. I wouldn't expect that in a German Weizen.

The beer details

Company	Grolsch
Beer name	Puur Weizen
Beer style	Weizen
Alcohol by volume	5.1 %

With a team of people from work we participated in this years HackTheBox Cyber Apocalypse CTF 2022. And while my teammates managed to solve several challenges, some of them with some thinking from me, I personally solved zero challenges. Which was a bit dissapointing.

I was especially interested in the hardware hacking challenges because that is a subject I am quite interested in.

Hardware / Space pulses

This challenge had a .sal file. After I learned about Salea Logic Analyzer in the 2021 HackTheBox Cyber Apocalypse I opened the file in this logic analyzer and started trying to find out what I was looking at.

It was a one-channel digital signal. It turned out to have a variable duty cycle, with complete cycles being 255 and a bit milliseconds. I noticed the maximum duty cycle was somewhat less than 50%.

I spent a lot of time trying to decode this, mostly thinking in the direction of it being a pulse width encoded signal with probably 4 bits of information per cycle to get 54 characters which seemed reasonable for a flag. But with the assumption that the smallest pulse is the representation of 0000 and the widest pulse is the representation of 1111 I could not get valid data from it, and it was nowhere near decoding a flag. I was sure I was overthinking it somewhere, but couldn't find out where.

A while after the CTF I read Writeup] Cyber Apocalypse 2022 — Space Pulse [Hardware] and I obviously made a big "D'Oh!" sound as I was getting to the solution, but indeed overthinking it.

Hardware / Secret Codes

With this challenge I also downloaded a .sal file with two signals: a digital one and an analog one. The digital one stops after the first 'databurst' while the analog one is clearly the 'unpolished' version of the digital signal.

I first tried to decode the digital signal as an async serial signal and found nothing. I also tried manchester encoding and also found nothing. Staring and pondering never fixed this.

I found a writeup at HTB 2022 Cyber Apocalypse CTF - Hardware - Secret Codes which made me go "D'Oh!" again: it was manchester encoding. BUT (big but) Manchester encoding has 2 changes per bit and I left the bitrate at the same as for the async serial decoder.