Mapped contacts PE4KH in the CQ WPX CW Contest 2023
Last weekend was the CQ World Wide WPX Contest CW
organized by CQ Amateur Radio magazine.
The term 'WPX' stands for 'Worked All Prefixes'. The objective of this contest
is to get contacts and exchange information with as many different other radio
amateurs using morse code. Points are awarded for each contact, based on which
amateur band and whether they are in the same or different continents.
Multipliers are calculated from the number of different prefixes contacted. The
prefix of my callsign PE4KH is PE4.
The score in this contest is calculated from the points per contact multiplied
by the number of unique prefixes. This makes a station with a rare prefix
popular so radio amateurs get special calls or go to special places to be
that rare prefix.
This is also one of the big contests with a lot of participation from all
around the world. In the days before the contest there were already a number of
stations set up in special places busy on the air making contacts, testing
their equipment and their setup to get the maximum score in the contest.
This testing in the days before the contest already allowed me to get a number
of new countries in morse in my log: Azerbaijan, Antigua, Argentina, Madagascar
and Hong Kong.
In the contest I made 171 contacts: 33 on the 10 meter band and 138 on the
20 meter band. With 215 qso points, 138 multiplier my claimed score is
29670 points at the moment. I had fun in the contest and all the practice
with callsigns and serial numbers in morse has helped!
During the contest I added Australia, Qatar and Kaliningrad as new countries
in morse in the log. I have now had morse contacts with 101 countries in the
world, and now I'm waiting for confirmations via Logbook Of the World.
Update
I received a very fast confirmation for Australia already from VJ3A Steve. That was a 16490
kilometer contact with morse!
Thoughts
In preparing for this contest I considered adding an antenna to get access to
the 15 meter band. Now looking back I think I might get different contacts
(more countries maybe) on 15 meters, but it would not have added a lot of
contacts.
This weekend was the His Majesty The King of Spain CW Contest
and I participated. There wasn't a lot of time due to other things in the
weekend, I was making contacts in the contest for less than four hours on
Saturday evening and less than two hours Sunday.
I made 77 contacts, 7 on the 10 meter band, 55 on the 20 meter band and 15
on the 40 meter band. Propagation wasn't cooperating very well although there
were some interesting openings. One opening on the 10 meter band resulted
in a contact with Nepal on the 10 meter band, a completely new country in
amateur radio for me.
Update
And the contact with 9N7AA
Robert in Nepal is already confirmed! Thank you!
Update 2023-05-26
I had a contact with HZ1TT
Ali in this contest and that contact is now confirmed, adding country number
85 to the list of confirmed countries in Morse.
I sometimes think YouTube is quite good at suggesting new videos to me with
interesting subjects. For a while I've been seeing Tom Scott videos and
Connections Museum videos. But only today YouTube suggested to me this video,
Tom Scott at the Connections Museum! So maybe YouTube isn't
completely on to me.
Of course with Sarah from the Connections Museum explaining things.
There is a museum in Seattle called the Connections Museum and it is on my
"If I ever visit that part of the world" list. The reason I found it because
one of the volunteers likes to make videos for youtube about the equipment in
the museum and the youtube suggestions are on to me.
with an interest in phone phreaking in my history this is a very
interesting channel. They recently had a video on how blue boxing *actually* worked, including a demonstration of how the switch actually
responds to the blue box tones. This made me go "oh now I get it" for
details on blue boxing.
In the latest youtube video is an explanation that they run asterisk as one way
of connecting all their historic phone exchanges. The historic phone exchanges
are also connected using direct interconnects. Video announced in
In case you haven't seen the latest bit of ridiculous hacking ;) - Connections Museum on Twitter. Video at Is this the world's oldest Linux peripheral? - Connections Museum
If I understand the remark about asterisk and Collectors' Net / Phreak Net
correctly it should be possible to dial into the old exchanges at the museum
from either of those networks.
From 2008 to 2013 I played for a while on the Collectors' Net to test my
asterisk experiments but when I got less interested and reduced my phone setup
at home to a simple voip base again I stopped being a member of Collectors'
Net. Maybe I should get back on one of those networks and get something going
again! It would be awesome to have an option to dial into the old hardware at
the Connections Museum and actually end up in a phone switch from 1923 using a
VoIP phone on my side. Or dig up a pulse-dial capable ATA and dial in using the
original T65 rotary phone.
Yesterday evening I turned on the radio and looked for some interesting morse
contacts. With some help from the Reverse Beacon Network
I searched for interesting stations.
I had contacts with a few special event stations. There are extra special
event stations active from the United Kingdom to celebrate the coronation.
And two new countries in morse for me.
One was Saudi Arabia where HZ1TT Ali
was calling and I managed to get through this time. I've tried contacting him
in morse but failed earlier. The other one was DL5CW Andreas
active as MJ/DL5CW
from the island of Jersey, and Jersey counts as a separate DXCC entity.
I also had a short chat in morse with a station in Ukraine. This was much more
of a personal contact than the short contacts with special event stations or
rare countries.
I noticed in 2016 that putting services like ssh on a different port does not change much in the attacks
and the last few days I noticed this is true as ever.
I use fail2ban for sshd and other services that are prone to brute-force
attempts. I've been using influxdb and grafana to visualize
measurements and I use telegraf to gather a lot of system data.
I recently enabled gathering fail2ban statistics and it's interesting to see
the numbers of blocked addresses is very similar for the sshd on port 22 and
the sshd on port 2022. It's not exactly the same number and interestingly not
the same attackers but the numbers are within 5%. And yes the numbers are
high enough to make the output of fail2ban-client status sshd
several screenfulls of IP addresses.
I saw a DX Cluster spot today for a
country/entity I hadn't had a contact with before, or not even heard of at
all: Archipelago of San Andrés, Providencia and Santa Catalina
which consists of two island groups in the Carribean and it's a part of
the country of Columbia. But a separate entity in amateur radio
terms.
This is again a bit of geography I was never told during my education, but
amateur radio has a lot of these geographical surprises.
Brazilian radio amateur PY8WW Renato
is active there this weekend and as the qrz page shows he likes going on
DXpeditions.
This brings the number of entities in amateur radio I have had contacts with
up to 170, half of the current total of 340. I can probably add that I'm now
starting with the difficult half!
For a lot of things discord seems to be the place to interact with people. I
didn't want to create an account there for a long time because I didn't want
to interact with yet another service. But for certain subjects it is the
place to be.
One such subject is the hack the box CTFs, the post-deadline discussion where
all the write-ups are shared is mostly on discord. So in May 2022 I finally
created an account, wanting to view the discussion. Directly discord wanted a
phone number to finish logging in. I decided I didn't like that so I left it
at that.
In the beginning of April I saw that part of the discussion about the proxmark
(NFC security tool) is in discord. So I decided to give in and finish the login
procedure.
So on 6 april 2023 I added a phone number, received the SMS and entered the
received code. Right after that I was logged out with the message 'Your account
has been disabled'.
I also received an e-mail about this block, with very general reasons why
the account was disabled. Nothing specific, just 'we block accounts due to
spam and/or abuse'. So I requested more information on why the account was
blocked, received a ticket number in autoreply and that was it.
Three weeks later still no answer, even after a friendly reminder. I have no
idea what is wrong, discord does not communicate and I am left thinking this is
a very unreliable service if they can block for no verifyable reason without
explanation.
I could try to create a new account, but from what I can find discord stores IP
addresses and phonenumbers of blocked accounts and blocks those on the next
account creation, so that's no use.
Update 2023-05-06
Finally an "answer" from discord. Which says they can't find the account
associated with my e-mail address and I should only communicate about accounts
from the e-mail address associated with the account.
With a standard text about anonymizing accounts that are banned after 14-30
days. Which suggests that the anonymizing includes forgetting the e-mail
address because it says:
if your account was disabled for a violation of
our Terms of Service and Community Guidelines, we'd have no record of that
account existing.
So this "we can't find the account" is caused by their own slowness in
responding, the response is 30 days after the block. To the day.
But they probably keep other data such as phone numbers or IP addresses (see
above) so I don't think it is worth the effort to restart the whole circus.
This is probably not completely GDPR compliant.
I was looking for an opportunity for morse contacts and saw the
UK/EI DX Contest CW 2023
in the calender for this weekend. So I participated, with some last minute
additions to my contest logger.
My original idea for this contest was that this would make stations from all
parts of the United Kingdom active in Morse, including entities I still want
to get in the log. From the parts of the UK I don't have Guernsey and Jersey
in morse and I'd like to get Northern Ireland confirmed.
That plan did not work out, from the UK I only heard stations from England and
Schotland. Checking the Reverse Beacon Network
confirmed this, very little activity from those parts of the UK. I made
68 contacts total, 48 on the 20 meter band and 20 on the 40 meter band.
What did work out is that all the practising I did in morse at contest speeds
seems to help, I had less trouble decoding callsigns and serial numbers.
I regularly practise contest morse with the Contest trainer by Hanz YL3JD.
I recently bought a Digitus Gigabit Ethernet adapter USB-C, mainly because
my work laptop has no wired ethernet connection which I really want sometimes.
As I don't like having Windows-only hardware I did check before ordering
that it can also be used with Linux. It contains a Realtek r8152 chip so
I searched and found Fixing performance issues with Realtek RTL8156B 2.5GbE USB dongle in Ubuntu - CNX Software
which mentions that loading the listed udev rules makes Linux select the
right driver and improves performance.
And indeed the 'wrong' driver was chosen initially. I fetched r8152/50-usb-realtek-net.rules at master · bb-qq/r8152 · GitHub
like:
root@moore:~# cd /etc/udev/rules.d/
root@moore:/etc/udev/rules.d# wget https://raw.githubusercontent.com/bb-qq/r8152/master/50-usb-realtek-net.rules
root@moore:/etc/udev/rules.d# cd
root@moore:~# udevadm control --reload-rules
root@moore:~# udevadm trigger
And now things are as I wish, the right driver is loaded:
Device-3: Realtek USB 10/100/1G/2.5G LAN type: USB driver: r8152
IF: enx3c49deadbeef state: down mac: 3c:49:de:ad:be:ef
One of the wishes we have for the home network is good wifi coverage in the
back garden so we can sit outside on nice days to work without running UTP
cables. The access-point in the central place in the house doesn't cover the
back garden. Ideally I would also like a separate 'guest' wireless network at
home.
These wishes was taken into consideration when upgrading the fiber to the shed network
with a Netgear GS310TP switch. This switch has Power over Ethernet (PoE)
support so it can power an acccess-point. The next step was to find an
access-point supporting VLANs and multiple SSIDs.
Recently I borrowed a Mikrotik Wap.AC to test the options. It took me a bit to
get used to the RouterOS userinterface but I managed to get it all working in an
ideal configuration: Management via one VLAN, a 2.4 GHz wireless network
bridged to the trusted wireless network, a 2.4 GHz wireless network bridged to
the guest wireless, a 5 GHz wireless network bridged to the trusted wireless
network and a 5 GHz wireless network bridged to the guest wireless.
The final test was with the Mikrotik Wap.AC in the shed with power over the
network cable. This worked!
Ideally the wireless network in the backyard is 'on demand' because we only use
it when working from home or sitting in the backyard and we can save the power
at other times. So the idea of a button 'wifi in backyard' and an automatic
shutdown in the evening is nice. I searched and it is indeed possible to
control the Power over Ethernet in the Netgear GS310TP switch with snmp.
Based on GS110TP deactivate PoE over SNMP for specific Ports
I soon had working snmpset commands to disable/enable power to a
specific port, and the Mikrotik followed nicely. Value '1' is PoE on and
value '2' is PoE off:
$ # switch PoE on for port 8
$ snmpset -v2c -c ******** ******* 1.3.6.1.2.1.105.1.1.1.3.1.8 integer 1
iso.3.6.1.2.1.105.1.1.1.3.1.8 = INTEGER: 1
$ # switch PoE off for port 8
$ snmpset -v2c -c ******** ******* 1.3.6.1.2.1.105.1.1.1.3.1.8 integer 2
iso.3.6.1.2.1.105.1.1.1.3.1.8 = INTEGER: 2
Ideally there would be a button (zigbee?) near the backdoor to request "On"
and a scheduled task every day to switch it off in the evening.
My PGP key expired, but I reset the expiry date. I do this so I have to
actively update the key every few years. Should I ever lose access to the
private key, it will go away by itself.
But this also means I have to ask the users of my key to refresh it by hand
because the simple refresh doesn't "see" the update (even though this adds
new signatures to the key).
So please use the command to receive my key:
This updates the expiry date(s) and the uids. If you have my key and it looks
expired and/or still has an old e-mail address with kzdoos in it
please do this now. Complete data at pgp.surf.nl: Search results for '0x5BA9368BE6F334E4'
where you can see all the details including the revoked bits. Those revoked
bits won't show up in normal use.
A discussion on irc about how hard it is to set TLS options in some programs
made me recall I still wanted courier-imap-ssl to give me the right
SSL settings (Only TLS 1.2 and 1.3, and no weak algorithms). This has bothered
me for a while but I couldn't find the right answers. Most documentation
assumes courier-imap-ssl is compiled with OpenSSL. In Debian/Ubuntu/Devuan it
is compiled with GnuTLS.
Searching this time found me Bug #1808649 “TLS_CIPHER_LIST and TLS_PROTOCOL Ignored” : Bugs : courier package : Ubuntu
which points at debian-server-tools/mail/courier-check at master · szepeviktor/debian-server-tools · GitHub which lists the right parameter
TLS_PRIORITY. And that page has usable answers
for up to TLS v1.2, with some reading of the output of gnutls-cli --list I can imagine TLS v1.3 settings.
So with a minor adjustment to the given example to allow for TLS v1.3 I set this
in /etc/courier/imapd-ssl:
##NAME: TLS_PRIORITY:0
#
# GnuTLS setting only
#
# Set TLS protocol priority settings (GnuTLS only)
#
# DEFAULT: NORMAL:-CTYPE-OPENPGP
#
# This setting is also used to select the available ciphers.
#
# The actual list of available ciphers depend on the options GnuTLS was
# compiled against. The possible ciphers are:
#
# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
#
# Also, the following aliases:
#
# HIGH -- all ciphers that use more than a 128 bit key size
# MEDIUM -- all ciphers that use a 128 bit key size
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
# is not included
# ALL -- all ciphers except the NULL cipher
#
# See GnuTLS documentation, gnutls_priority_init(3) for additional
# documentation.
TLS_PRIORITY="NONE:+CHACHA20-POLY1305:+AES-128-GCM:+AES-256-GCM:+AES-128-CBC:+AES-256-CBC:+ECDHE-ECDSA:+ECDHE-RSA:+SHA256:+SHA384:+AEAD:+COMP-NULL:+VERS-TLS1.2:+VERS-TLS1.3:+SIGN-ALL:+CURVE-SECP521R1:+CURVE-SECP384R1:+CURVE-SECP256R1:+CTYPE-X509"
This year I participated in the EA RTTY Contest again.
This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles and they organize nice contests!
I participated Saturday afternoon and Sunday end of the morning. Other things
needed my attention in the weekend too. I ended with 56 contacts, 53 on the 20
meter amateur band and 3 on the 40 meter amateur band. The 40 meter amateur
band was mostly unusuable during the daytime due to interference. I thought I
was going to end the contest with less than 50 contacts, but calling CQ I had a
last minute sprint with 11 contacts in 10 minutes.
I have been given a Genexis Platinum-4410 router with the reasoning that I
like to play with embedded systems and test the security. Well, that is what
I did.
How far did I get
I have serial console, I have extracted filesystem images, and I can't
get a shell on the router.
The device
It's a router with 4+1 ethernet ports, wifi, two ports for analog telephones
and a USB interface.
Looking at it from the network
In this specific instance the 4 ethernet ports which are logically the
'inside' don't give me a link after the router has booted up. The 1 port which
would be the 'outside' or 'WAN' port gives a link and acts as a DHCP client.
The next step was to connect to the wifi network and play with the web
interface. This like a custom web interface. Default credentials which
match what is on the sticker on the underside of the router.
The router doesn't have a telnet server listening for 'easy' access.
Opening the case
Next step was to open the case and investigate the mainboard. Chips seen on the
mainboard: Mindspeed J83100G System on a Chip (SoC), MXIC MX29GL256FHT2I-90Q
flash memory, 2* Etrontech EM68B16CWQD-25H 512 mbit DRAM, Si32260-FM1 dual
channel FXS (voip) chip and other electronics.
The mainboard has lots of test points, but no clear UART interface. There is
an edge connector which looks like a PCI Express connector but it isn't.
I asked help about this: What is this connector, does it include UART on a Genexis Platinum-4410 ? : hardwarehacking
because r/hardwarehacking on reddit has helped me before.
This edge connector turned out the 'place to be' and with the standard tricks
for finding the UART I soon had an idea. But nothing to stick a dupont wire on
and no PCI express or cardedge breakout cable/board available. So I had to
solder wires to the right lanes on the connector. I had permission to damage
the router, so that was ok. Soldering within half a millimeter was really hard!
This was the first time I actually used my soldering iron for hardware hacking.
And a magnifying glass to actually see what I was soldering.
Last Sunday I spent nearly 3 hours trying to get the 9X5RU Dxpedition to Rwanda
in my log in CW (Morse) but that didn't happen.
This morning I got them in my log on my first try. On the 17 meter band.
The technical differences weren't that big. Ok, I was using the Kenwood radio
remote today and propagation seemed to work better. But the main difference was
that on Sunday it was very busy with amateurs from all over Europe and today
I was one of the few callers. I guess the work week has a strong influence
here!
DX never sleeps
I guess this turning 'easy' because I tried on a workday and not in the weekend
was one of the results of 'DX never sleeps', a different time can help get the
contact. The DXpeditions want the highest number of possible contacts so
finding a time they are less busy can help in getting the contact. In the first
few days/hours all the 'big gun' stations with huge antennas and amplifiers
want that contact, after that the simpler stations with some patience also have
a good chance.
So far with 9X5RU
Later in the morning I also got the contact on 12m CW. This was harder than 17
meters, I had to give my call 8 times before it was logged completely. After
the contact was complete I looked at the signal meter and saw that it barely
moved so it was a weak path. Earlier I made contacts with 9X5RU on 17 and 20
meter FT8. But I want to work on my list of countries contacted in morse, so I
wanted to make the contact in morse too.
Update.. no success in the afternoon
After 17 and 12 meter band CW I also tried to make the contact on the 10
meter band, where 9X5RU was active in the
afternoon. But by that time the US has woken up and has good propagation to
Rwanda because of the daylight. I couldn't get through and I heard a lot of US
amateur radio callsigns being confirmed.
Weird Al Yankovic, Palladium London 16 Februari 2023, The Unfortunate Return of The Ridiculously Self-Indulgent Ill-Advised Vanity Tour
Somewhere in November last year I saw that Weird Al Yankovic on
The Unfortunate Return of The Ridiculously Self-Indulgent Ill-Advised Vanity Tour
was also coming to Utrecht! So getting tickets was a good idea, especially
when it turned out the tickets were going really fast.
So I went on 20 february 2023 and I had a great evening. The concert was at
Tivoli Vredenburg in Utrecht, which is cycling distance from my house. A friend
came along and he found it a great idea to park at our house and cycle to a
bicycle parking really close to the concert.
I looked up the setlist: “Weird Al” Yankovic Concert Setlist at TivoliVredenburg Grote Zaal, Utrecht on February 20, 2023 | setlist.fm
and comparing that to earlier Weird Al Yankovic concerts it's clear he took a
different route in this tour. Mostly own work, some of the 'in the style of'
songs. He did the extended extended version of Albuquerque with lots of types
of Donuts and he 'restarted' the song to make the sauerkraut joke again.
The previous Weird Al Yankovic concert I saw was in Amsterdam was more the
style with the parodies and the costumes.
Setlist of that concert: “Weird Al” Yankovic Concert Setlist at Melkweg The Max, Amsterdam on September 30, 2015 | setlist.fm.
This was a concert with standing room and I turned out to be in the splash zone
for the end of 'smells like nirvana'. A group of fans had their own aluminium
foil hats for 'Foil' so Al was really enthusiastic about their response and the
whole audience had lots of fun.
To give space for the costume change there was also use of video. And when
there was a bit of video with Al reacting to Eminem with 'Say what??' a number
of times I expected Word Crimes and indeed that happened.
Anyway I enjoy the music of Weird Al Yankovic. I started with the parodies and
I sometimes remark 'this is a strange version of a Weird Al Yankovic song' when
I hear for example Gangsta Paradise or Like a virgin. The
polka versions are always fun to me. I didn't really like the personal songs
the first time but after hearing them a few times and discovering the layers
including the jokes I start to appreciate them too.
And recently Rob o'Hara did an episode
of his podcast You Don't Know Flack about Weird Al. Rob is also a big fan of Weird Al
Yankovic and has seen him perform in the US multiple times. And listening to
this podcast episode made me write down 'my' Weird Al story.
Rob also went on a pilgrimage of the sites in Tulsa, Oklahoma where the
outside shots of the UHF movie were filmed: UHF - My 15 Year Pilgrimage. Now that is a Weird Al Yankovic fan!
The picture in this newsitem is from the same tour, just a few days earlier.
I tried taking some phone pictures but there was nothing good and I found
this picture with a nice license which captures the tour really great.
Ages ago I added a way to get access to my google contacts as a thunderbird
address book. But on installation of thunderbird on a new laptop I couldn't
find a simple answer to "how did I do that again?!?".
With access to the old laptop I was able to reconstruct my steps, so I'll
note them here:
Install cardbook as add-on in Thunderbird
Go to this add-in in the Thunderbird userinterface
From the top left 'hamburger' menu, select 'Address book', 'New address book'
A window pops up asking 'Address book location', select 'Remote'
The next window asks 'type of your address book' and gives google as
default selection
As username enter the standard address used for your google account. This
doesn't have to end in @gmail.com.
After entering the address, click 'Validate' and a window pops up with a
minimal browser to log into your google account. Do this.
After logging in the browser window will ask for permission for Cardbook to access your google contacts.
After selecting a colour for this new address book you can use it.
In the process google will probably send you alerts about this new
login and permission.
And now my contacts are synchronized between android phone, google contacts web
interface and thunderbird!
This year I participated in the EA PSK63 Contest
again. This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles
and they organize nice contests!
This is a 24-hour contest between 12:00 UTC on Saturday and 11:59 UTC on
Sunday. Contacts were made Saturday afternoon and evening, and Sunday morning.
The last contact was logged at 11:59 UTC on Sunday! I went for the 20 and 40
meter bands and checked a few times whether there was activity on the 10
meter band. In the end I made 182 contacts, 1 on the 10 meter band.
Besides the usual search and pounce approach (looking for other stations
calling CQ) I also called CQ for periods. This got me a nice amount of contacts
in a short period. The peak was 4 contacts within 2 minutes. With the
new Yaesu FT-991A radio
it's also possible to find a free frequency, center it in the passband at 1500
Hz and then turn the bandwidth of the receiver down. Big signals outside the
passband have a lot less influence with this radio so I can receive signals on
'my' frequency better.
Ten years ago, on 6 March 2013 I passed the test for the Dutch novice
amateur license.
It's been a fun 10 years! I made lots of new friends, learned new stuff and
had great experiences. It's a great hobby, I really like it as a hobby that's
absolutely not work.
Amateur radio is a hobby with lots of subhobbies. I got into different
subhobbies than I expected and started in. And the subhobbies I do get into may
even change again, depending on what I get interested in or lose interest
in.
It seems it is also possible to cause something in Microsoft IPv4 space to
do a scan for web vulnerabilities. It's starting to become part of a pattern
here! Noticed in the logs:
20.220.235.164 - - [05/Mar/2023:15:05:57 +0100] "GET / HTTP/1.1" 200 39297 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:05:59 +0100] "HEAD /api.zip HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:05:59 +0100] "HEAD /source.zip HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:05:59 +0100] "GET /server-status HTTP/1.1" 403 975 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:05:59 +0100] "GET /.nginx.env HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15"
..
20.220.235.164 - - [05/Mar/2023:15:08:55 +0100] "HEAD /status HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:08:55 +0100] "HEAD /callback HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:08:55 +0100] "HEAD /handler HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:08:55 +0100] "HEAD /plaid HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:08:56 +0100] "HEAD /plaid/item/webhook/ HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
For a total of 751 attempts via http on one site, receiving a redirect to https
and following that redirect. I wonder if I can determine which scanner was
used from the pattern of URLs tried.
I noticed a strange peak in web traffic today and when digging in to it found
out it was a web vulnerability scan. What made me look further was the fact
that the source IPv4 addresses were randomized over quite a range, so any
automatic firewalling wouldn't block the attempts.
This turned out to originate from cloudflare IPv4 space. Interesting how
the source IP addresses clearly spread out (which would circumvent a lot
of automatic web application firewalls).
I checked with someone who uses cloudflare for sites and these IPv4 addresses
match how cloudflare proxies sites. My current theory is that someone set up a
cloudflare proxy with my site as 'backend' and scanned the 'frontend' to make
it harder for me to find the origin.
At this moment the cloudflare abuse form doesn't work for me. I don't have a
lot of trust in cloudflare doing things to stop abuse from cloudflare
customers so I'm not going to jump through more hoops to get them to notice
this, I expect a big dissapointment when I get an actual answer from
them.
Vandaag kwam ik een artikel tegen Generaals b.d. Van Uhm en De Kruif beginnen podcast over oorlog
en het leek me wel leuk om deze podcast eens te beluisteren.
Alleen geeft het artikel daar bijzonder weinig informatie over. Het enige
wat er te vinden is:
De eerste aflevering van Veldheren wordt vrijdag op Spotify en Apple Podcast gelanceerd.
Maar ik wil allebei niet gebruiken om de podcast te beluisteren, ik wil deze
podcast gewoon beluisteren in mijn podcast speler, te weten
op dit moment 'Pocket Casts'. Zoals Dave Winer aangeeft in
Podcasts are feeds - Dave Winer Scripting News
is iets pas een podcast als het een RSS feed heeft. Dus ik zoek een URL van
de RSS feed van deze podcast, dan kan ik de podcast toevoegen.
Diverse zoekopdrachten geprobeerd, en uiteindelijk kom ik terecht op
Veldheren bij
podcast24.nl / podcast24.co.uk waar nog steeds geen feed informatie staat. Maar
de URL van de feed is wel uit de source te halen, omdat de podcast24.nl site
ook gewoon op de feed gebaseerd is, maar dat zelf niet laat zien. In de source
van de pagina zit nog informatie uit de feed en iets wat op een gemangelde
url lijkt:
application/rss+xml is het gewenste mime-type! En inderdaad als ik het bestand
ophaal en inkijk:
<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:art19="https://art19.com/xmlns/rss-extensions/1.0" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0/" version="2.0">
<channel>
<title>Veldheren</title>
<description>
<![CDATA[<p>Veldheren is een podcast waarin twee ..
Het zou toch prettig zijn als het vinden van een podcast buiten spotify of
apple om niet een halve hack is.
Verder weggestopt in de zoekresultaten, achter allerlei nieuwsartikelen die
braaf hetzelfde herhalen kom ik uiteindelijk terecht op
Veldheren podcast - Part of Corti Media Network
waar wel verwijzingen naar de RSS feed staan, zowel in de pagina als in de
metadata. Het kan wel, het is alleen nogal ondergesneeuwd.
Past weekend was the ARRL DX CW Contest
and I planned to participate beforehand on the 20 meter band like
I did in the ARRL DX CW Contest in 2022.
But this year the HF propagation was much better and I got contacts with
stations in the United States of America and Canada on the 10 meter, 15 meter
and 20 meter amateur bands. The contacts on 10 and 15 meters were most during
the period of daylight in both parts, the contacts on 20 meters later in the
day. In total I made 89 contacts:
My search for new countries/entities continues and some interesting ones
show up.
The big DXpedition for Januari was going to be the 3Y0J DXpedition to Bouvet Island.
I hoped to get an opportunity to make that contact. In the end between
the first rush of the high power stations and the early end of the expedition
I have received signals from them for about 20 minutes before they stopped
for dinner that day.
The day my new Yaesu FT-991A radio
arrived I got Reunion Island in the log in FT8.
In the last weekend of the WRTC 2023 award
I was trying to get those stations on the 15 meter band and when I had those
in the log I looked for other interesting stations on that band. Which
showed me an active station on French Guiana for that weekend only, busy
in the R-E-F contest in morse. So I submitted my log for that contest with 1
entry.
In February I got Pakistan, Uzbekistan and Martinique as new countries in
the log.
Past weekend was the Dutch PACC contest
and I decided to participate at the radio club with the group and call CQ in
morse. I sat at the radio together with another (very experienced) operator and
we worked together. He was (lots) better at getting callsigns from the noise
but at the understandable callsigns I typed fast and together we got a nice
number of contacts in the log.
After about two hours fatigue was setting in so someone else took over. As an
experience in morse contesting this was really nice for me. I also did some
other stuff, there is always something to repair during a contest. And lots
and lots of cables. This hobby isn't 100% wireless!
Two things to improve for the next time if I want to do this again: bring
my own headset and make sure it's comfortable for long use and bring my own
audio splitter and extension cable.
On my todo-list was a postgresql upgrade from 9.6 to 11, a lingering item from
the earlier devuan upgrades from ascii to beowulf.
This is one of those upgrades where I am very happy to have lvm snapshots
so I know I can get back to a working state if something really goes wrong.
With that snapshot and the instructions from From Stretch to Buster : How to upgrade a 9.6 PostgreSQL cluster to 11 ? - Samuel Forestier
it all went fine. After the upgrade I tested all my database-driven websites
and local tools to see if they worked. All worked fine so I could stop and
delete the 9.6 main postgres cluster and continue running 11.
Final cleanup was deleting the snapshot. Which used as much space as the
size of the database! Not unsurprising when thinking about how the upgrade
works, but think about the snapshot size.
I run a desktop and a laptop with Ubuntu and both were at Ubuntu 20.04.
The desktop is mostly used for things with amateur radio so I wanted to
check whether anything broke on that upgrade. With the 18.04 to 20.04 upgrade
I had to do some recovery to get the databases behind cqrlog working again,
Time to upgrade the laptop first with the same amateur radio software
installed, configured and tested: cqrlog, wsjt-x, fldigi.
The whole do-release-upgrade took more than an hour. And it's still
possible that somewhere during the upgrade process the user gets prompted
whether or not to change a configuration file, so I came back after a few
hours to a system with a prompt and not finished with the upgrade.
The upgrade told me firefox would be changed from an installed package to
a 'snap'. The downside for me was that after the first start firefox thought
it was a completely new browser with no history/bookmarks/settings. Maybe
this was because the start of firefox was triggered by thunderbird starting
and wanting to show me a page about donating. Restarting firefox didn't make
the old profile show up again. With a bit of searching I found that firefox
should import old non-snap settings when started as a 'snap' for the
first time. So I stopped firefox, threw out the whole ~/snap/firefox
directory and started it again. This time settings/bookmarks/cookies/history
were imported.
Next step was to test cqrlog. There is no cqrlog build for ubuntu
22.04 yet, but the build for 20.04 works. All previously logged data was
available fine. The upgrade of ubuntu has upgraded hamlib which means the radio
IDs got renumbered, I had to update the settings to the new radio ID.
Silencing Ubuntu Pro adverts
In regular maintenance I noticed this gem:
$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following security updates require Ubuntu Pro with 'esm-apps' enabled:
libimage-magick-perl imagemagick libjs-jquery-ui libopenexr25
libmagick++-6.q16-8 libmagickcore-6.q16-6-extra libimage-magick-q16-perl
libmagickwand-6.q16-6 imagemagick-6.q16 libmagickcore-6.q16-6
imagemagick-6-common
Learn more about Ubuntu Pro at https://ubuntu.com/pro
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
which is no better than an advertisment for Ubuntu Pro. Which is a new
service by Canonical offering longer term support (10 years) and support
for not just "Main" (which is what you got with Ubuntu before) but
"Main" and "Universe". Ubuntu Pro costs a registration for private use at the
moment. So 'The following security updates require Ubuntu Pro' isn't completely
honest. But then again, it's advertising.
Anyway, I don't want to see this every time I check for updates. I searched
for a solution, The following security updates require Ubuntu Pro with 'esm-apps' enabled - reddit.com r/linux
Helaas is er één probleem; ODF heeft met T-Mobile een overeenkomst waarin staat dat op elke locatie waar ODF een nieuw stuk netwerk realiseert, T-Mobile het eerste jaar exclusief - dus als enige provider - internetabonnementen mag leveren.
Dat staat dus niet heel opvallend in de berichtgeving van Open Dutch Fiber,
die geven alleen maar aan dat je snel een abonnement bij T-Mobile kan nemen.
Kortom, afwachten en verkopers van T-Mobile die aan de deur gaan komen
uitleggen wat ik wil. Want die verkopers verwacht ik.
I was doing some testing with freeradius and suddenly nothing worked with
the following error in debug mode:
(7) eap_peap: ERROR: TLS Alert read:fatal:certificate expired
(7) eap_peap: TLS_accept: Need to read more data: error
(7) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired
I checked the certificate and renewed it. The normal autorenewal processes had
not run since the previous
tests with radius and 802.1x authentication on wifi
so that wasn't unexpected but this still didn't solve it: I kept getting the
error message.
After some deep searching why it worked before I saw I had requested that
certificate in a different way where I had the chain with only
ISRG Root X1 because
sendmail gave me SSL verification failures after the DST Root CA expired.
So I did the same as I did before: I configured dehydrated (my preferred
ACME client) on the radius testmachine to use the LetsEncrypt issuer chain
without the DST Root CA cross signature, with the following in
/etc/dehydrated/config :
I noticed lots of kernel modules for filesystem support were loaded after
running update-grub. This was caused by running os-prober
which searches for possible operating system installations on all partitions
of the system.
On virtual and physical machines that only run linux and will never run
anything else unless I am really changing something this only takes time and
uses resources, so I searched for how to disable this. So now there is a line
in /etc/default/grub:
# don't look high and low for other operating systems
GRUB_DISABLE_OS_PROBER=true
But now update-grub thinks it is necessary to warn me every time...
# update-grub
Generating grub configuration file ...
[..]
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done
I know it will not be executed, I added it on purpose. It's not very likely I
added GRUB_DISABLE_OS_PROBER=true by accident not knowing what I was
doing. Stop nagging me about it. If I didn't know what I was doing on a
computer I wouldn't be configuring linux distributions.
I wanted to grab the root filesystem image from the flash memory of the
Cab.Link CLS-D4E2WX1 cable modem/router.
The way to do this was the same as with Grabbing the firmware from the Corinex CXWC-HD200-WNeH and extracting the root filesystem
although I decided to just dump the root filesystem image and not the
entire flash memory.
So the box was opened again, the usb serial interface connected to the
uart pins on Cab.Link CLS-D4E2WX1
I found earlier and the boot stopped in the U-Boot process.
First step was to determine where in the memory map the root filesystem
image would be. This took a bit of calculation. From the bootup messages
there are two important hints:
So the kernel image is booted from address 0x9f670000 and it's in the
MTD partition at 0x000000670000. This makes the guess that the rootfs
image from 0x000000050000 will live at memory location
0x9f050000 and has a size of 0x620000 so the approach is to
dump 0x620000 bytes starting at that memory location. The command to do that
in U-Boot:
Last year a World Radiosport Team Championship was planned again, this time
in Italy: the World Radiosport Team Championship 2022 Italy
but due to well-known reasons international travel from all corners of the
world to Italy wasn't a good idea, so the news was:
WRTC 2022 postponed to 2023 ! - WRTC 2022 Italy.
In the first half of 2022 they had an award to promote the event among radio
amateurs: WRTC 2022 Award - WRTC 2022 Italy and
I participated during those months and got digital awards. Contacts were in
different modes (SSB, CW, FT8, RTTY) on a lot of HF bands with special
event stations in regions of Italy.
In January 2023 they are doing it again, this time only in CW and SSB and only
on bands that are also active in the WRTC contest in July, this time with
stations in multiple countries: WRTC 2023 AWARD : January 2023…headset on! - WRTC 2022 Italy. So I'm trying to get different stations in the
log on different bands. It's working out fine so far, I even got a new
country in CW (Indonesia). I also used the clubstation to get these special
event stations on the 80 meter band.
This is fun and a good promotion for the upcoming WRTC.
Result
In the end I made 122 contacts with WRTC special event stations in January
2022.
Eight and a half years and over 14000 contacts after I bought a
Yaesu FT-857D
I thought it was time to upgrade. The basic requirements haven't changed a
lot: HF, 2 meter, 70 centimeter bands, SSB, Morse, FM, support for computer
control. What I wanted to improve on is noise filtering, handling of strong
adjacent signals and a waterfall display.
So the choice is the Yaesu FT-991A although I also looked at HF-only radios
from Yaesu but decided on this one in the end. This will be the base station
radio for a while and I will only use the FT-857D for operating away from
home.
The basic installation went fine and I think this is a great amateur radio and
good value for money. It is an advanced technological device so I had to dig
into manuals and on-line documentation several times to get things set up the
way I wanted it.
The good innovation is that the Yaesu FT-991A has an USB port on the back.
This USB connection gives the computer 2 serial ports and audio over USB.
The first serial port is for Computer Aided Tuning (CAT) control which
can control the radio from the computer.
I directly wanted to set up an udev rule to map this to a fixed symlink so
I can start rigtctld easily. The new rule:
The ENV{ID_USB_INTERFACE_NUM}=="00", filter only makes this rule
activate on the first of the serial ports offered by the CP2105 chip.
My current experience is that the noise filtering is indeed better which
helps a lot in the noisy RF environment at home.
Recently I wanted to have the option to install ubuntu on a PC so I created
a USB stick with dd. It worked fine and in the end the existing ubuntu on the
PC worked ok and could be upgraded and made available again.
So I wanted to revert this USB stick to the normal filesystem that both Windows
and Linux can read and write. This turned out to be more difficult than I
expected! First I thought Windows could revert the USB stick to a usable state
but this turned out to be impossible. I tried on three Windows 10 systems with
admin accounts, but none of them were able to create a usable partition and
filesystem! The best result I could get was an error something couldn't be
started to format the partition, but without any explanation what couldn't be
started. Things that were once perfectly doable under MS-DOS are now
impossible.
Back to linux to try and find the right partition type and filesystem options
to get access again. I could do a lot of things in linux, but I failed to
find the right settings that Windows would see as usable storage.
I shared my problems on irc and someone there had the following list of
commands to fix this problem:
Which needs to be adjusted for the right device node. Use at your own risk!
But indeed after these commands both Windows and Linux were perfectly capable
of writing and reading the USB stick.
Time for an overview of what happened in amateur radio in 2022 for me.
Like previous years I will look back at the plans and what happened.
Looking back at Closing 2021 in amateur radio
the following results are clear:
Try to get more countries/entities, especially in morse. I am working
towards DXCC in morse: 100 entities confirmed.
And one thing is both a result of 2022 and an item for 2023: I ordered a
new radio: a Yaesu FT-911A, HF, VHF, UHF all mode at the end of 2022 and it
was delivered last week. That will be a separate post.
Like a bit of a yearly event it was time for the UBA PSK63 prefix contest
last weekend.
On Saturday propagation on the higher frequencies was not cooperating a lot so
I went to the 40 meter band late in the afternoon. On Sunday things were
better, I even got one whole contact on the 10 meter band. A lot of the
contacts were in search and pounce mode. On Sunday I ended with the last half
hour of the contest calling CQ UBA PSK TEST and managed to get a few new
stations in the log. Some of those contacts came at a fast pace with even
a small pile-up where I had to ask only one prefix to answer.
I ended with 111 contacts logged, which is a good number for a digital mode
contest.
Na alle gemopper over de DSL verbinding hier een eerste brief over de aanleg
van glasvezel.
De planning is erg ruim:
In februari starten we met aanleggen. [..]
Als het goed is kunnen heel Overvecht en Utrecht Noordwest half 2024 next
level internetten. Je kunt dan een abonnement afsluiten bij T-Mobile.
Anco: Met Open Dutch Fiber ligt het gecompliceerder. Hoewel we al geruime tijd
onderhandelen heeft dat nog niet tot iets concreets geleid. De enige provider
die nu wordt toegelaten op dit netwerk is T-Mobile. Dat vinden wij een slechte
zaak. Daarom zijn we bijna geneigd ze 'Closed Dutch Fiber' te noemen. We zijn
continu bezig om een opening te vinden om met ODF tot een oplossing te komen.
Helaas, vooralsnog zonder resultaat. Dat er een dag komt dat we op dit netwerk
actief worden is wel zeker, wanneer dat zal zijn is nog volledig onduidelijk.
Ik ben benieuwd hoe het gaat lopen. Ze mogen fiber aanleggen, we gaan er
alleen geen T-Mobile abonnement over nemen.
De aankondiging van de gemeente Utrecht is vrij duidelijk: het moet een open
netwerk worden met providerkeuze. Dus als ze eerst fiber aanleggen en die
providerkeuze er vervolgens niet is kan dat juridisch aangepakt worden.
Bron Overeenkomst glasvezelnetwerk: Utrecht in 5 jaar volledig “verglaasd” - Gemeente Utrecht
met
Open Dutch Fiber legt een ‘open’ glasvezelnetwerk
aan in Utrecht. Dit betekent dat alle providers die dit willen over dit netwerk
diensten kunnen leveren aan hun klanten.
Gefeliciteerd! Op dit moment zijn wij bezig met de
voorbereidende werkzaamheden voor de aanleg van glasvezel in Utrecht. In het 1e
kwartaal 2024 komen wij bij jou in de wijk.
Update 2023-02-06:
Laatste bericht van Freedom: Wanneer komt Freedom op het Open Dutch Fiber netwerk?.
De huidige status is dus 'in theorie zou Freedom beschikbaar moeten komen een
jaar na de installatie van Open Dutch Fiber glasvezel'.
If you're bored enough to look at the sources for my webpages you'll notice
I make a lot of use of
<base href="https://idefix.net/~koos/">
This changes the base for all relative urls from https://idefix.net/
to https://idefix.net/~koos/
because my whole site is based on being in my userdir, but
https://idefix.net/ is the easy url.
I use a lot of relative urls for local things because why make them longer.
And this eases developing and debugging on the developer site.
All browsers support the 'base href' meta tag, but some bots ignore it.
And there has been a case a few years ago where a bug in one script made
all urls seem 'below' other urls. The net result is that my logs are currently
filled with entries like:
all those entries seem for http:// versions of the urls so I now adjusted
the http to https redirect function to stop at urls that look like
^\/~koos/irregular.php\/.+\.cgi to give a status 410 immediately.
This 'saves' a bit of traffic because it never gets the redirect to the https
version.
While checking this I see multiple stupid bots, like:
This weekend was the ARRL RTTY Roundup
and I participated. Not for very long because there were other things in the
weekend, including the New Year's celebration at my own radio club.
In the end I made 30 contacts, Saturday evening and Sunday evening after dark.
On Saturday evening it was hard to find another station, not a lot of signals
and a lot of noise on the 40 meter band.
Raw score: 30 Qpts x 21 Mults = 630
Recently I was looking at some reports of the affiliate income generated
by The Virtual Bookcase and
it hasn't generated a cent in a few years.
This is probably fully related to the fact I haven't paid any attention to the
site both in code and content for years. The only commits in 2022 were due to a
vulnerability found in the site. Most commits to the code for the site were
before 2010. Time to admit to myself I need to stop doing this. There are other
things that take my time and give me joy.
If someone else wants to take over: get in touch. I'm not sure which parts of
the database are of any use to people and which parts I shouldn't transfer due
to Dutch privacy laws but we'll figure it out. If nobody wants it, I will start
giving 410 gone status from 1 september 2023 and end the domain registration in
November 2023.
The original announcement of starting the site, dated 28 march 1999:
I've created a virtual bookcase with an overview of books I like/read.. visit the site too!
which is also the oldest newsitem in my archive.
Naast het gebruiken van bitcoin om
mensen af te persen
is er altijd ook de optie om in te breken op bitcoin accounts om de buttcoins
van anderen te stelen. Het voordeel van het niet gebruiken van banken voor
geldzaken is dat je ook niet de mogelijkheid hebt om misdaad met geld te
onderzoeken dus als je de buttcoins kan stelen kun je er mee wegkomen.
Vandaag ontving ik een phishing mail die van 'Bitvavo' zou zijn, wat blijkbaar
iets doet met buttcoins en andere cryptocurrencies. Verder hebben de criminelen
goed opgelet bij phishing mails voor banken en gebruiken ze de standaard
methodes van phishing: urgentie, voldoen aan regelgeving en een simpele
handeling om toegang te krijgen tot je rekening. Met als toegevoegde stap de
qrcode zodat je niet zomaar een url-analyzer af kan laten gaan op je mail en je
de phishing site (dus de 'verificatiestappen') opent in je mobiele browser en
minder makkelijk dingen kan controleren.
Het spoor:
De qrcode scant naar http://lnkiy.in/VKwZG
Redirect: https://360corporatetours.com/wp-admin/images/bit.php deze url ziet er uit als een gehackte wordpress site.
Hier komt een html redirect naar: https://bitvavo.22497-4837.s2.webspace.re/
En dat ziet er erg uit als een bitvavo login page.
Update 2023-01-12
Ik heb ondertussen geleerd dat het prima mogelijk is om bitcoin te traceren,
dit is de primaire activiteit van het bedrijf 'Chainalysis'. In de Darknet
diaries podcast is dit uitgebreid besproken in de aflevering
Welcome To Video - Darknet Diaries.
De aflevering gaat over een groot onderzoek waarin bitcoin chain analysis het
mogelijk maakte om verdachten op te sporen.
One of the most important ways for me to get contacts confirmed in amateur
radio is via the Logbook of The World by the ARRL.
I noticed the LoTW website was very slow yesterday and today, sometimes giving
internal server errors. As a lot of radio amateurs should notice this,
I had a look around and soon found mention at LOTW is Struggling! - amateurradio
which confirms that the site is slow at the moment. There is a way to see
how busy the site is processing uploads at LoTW Queue Status Page
and the backlog is currently 11 to 13 hours.
According to some comments in the reddit thread this is caused by people
uploading their contacts once a year. I've had contacts where it took a while
to confirm them because the other side wasn't uploading to LoTW on a regular
basis but I never suspected some people do this just once a year.
The upside is I now have a new country confirmed on several bands at once. And
maybe more confirmations will show up. I do have some countries in my list with
the note 'not a regular LoTW uploader'.
This weekend was the His Majesty The King of Spain CW Contest and I participated. There wasn't a lot of time due to other things in the weekend, I was making contacts in the contest for less than four hours on Saturday evening and less than two hours Sunday. I made 77 contacts, 7 on the 10 meter band, 55 on the 20 meter band and 15 on the 40 meter band. Propagation wasn't cooperating very well although there were some interesting openings. One opening on the 10 meter band resulted in a contact with Nepal on the 10 meter band, a completely new country in amateur radio for me.
This weekend was the My PGP key expired, but I reset the expiry date. I do this so I have to actively update the key every few years. Should I ever lose access to the private key, it will go away by itself. But this also means I have to ask the users of my key to refresh it by hand because the simple refresh doesn't "see" the update (even though this adds new signatures to the key). So please use the command to receive my key:
$ gpg --keyserver pgp.surf.nl --receive-keys 0x5BA9368BE6F334E4This updates the expiry date(s) and the uids. If you have my key and it looks expired and/or still has an old e-mail address with kzdoos in it please do this now. Complete data at pgp.surf.nl: Search results for '0x5BA9368BE6F334E4' where you can see all the details including the revoked bits. Those revoked bits won't show up in normal use.
My PGP key expired, but I reset the expiry date. I do this so I have to
actively update the key every few years. Should I ever lose access to the
private key, it will go away by itself.
But this also means I have to ask the users of my key to refresh it by hand
because the simple refresh doesn't "see" the update (even though this adds
new signatures to the key).
So please use the command to receive my key:
A discussion on irc about how hard it is to set TLS options in some programs made me recall I still wanted courier-imap-ssl to give me the right SSL settings (Only TLS 1.2 and 1.3, and no weak algorithms). This has bothered me for a while but I couldn't find the right answers. Most documentation assumes courier-imap-ssl is compiled with OpenSSL. In Debian/Ubuntu/Devuan it is compiled with GnuTLS. Searching this time found me Bug #1808649 “TLS_CIPHER_LIST and TLS_PROTOCOL Ignored” : Bugs : courier package : Ubuntu which points at debian-server-tools/mail/courier-check at master · szepeviktor/debian-server-tools · GitHub which lists the right parameter TLS_PRIORITY. And that page has usable answers for up to TLS v1.2, with some reading of the output of gnutls-cli --list I can imagine TLS v1.3 settings. So with a minor adjustment to the given example to allow for TLS v1.3 I set this in /etc/courier/imapd-ssl:
##NAME: TLS_PRIORITY:0 # # GnuTLS setting only # # Set TLS protocol priority settings (GnuTLS only) # # DEFAULT: NORMAL:-CTYPE-OPENPGP # # This setting is also used to select the available ciphers. # # The actual list of available ciphers depend on the options GnuTLS was # compiled against. The possible ciphers are: # # AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL # # Also, the following aliases: # # HIGH -- all ciphers that use more than a 128 bit key size # MEDIUM -- all ciphers that use a 128 bit key size # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher # # See GnuTLS documentation, gnutls_priority_init(3) for additional # documentation. TLS_PRIORITY="NONE:+CHACHA20-POLY1305:+AES-128-GCM:+AES-256-GCM:+AES-128-CBC:+AES-256-CBC:+ECDHE-ECDSA:+ECDHE-RSA:+SHA256:+SHA384:+AEAD:+COMP-NULL:+VERS-TLS1.2:+VERS-TLS1.3:+SIGN-ALL:+CURVE-SECP521R1:+CURVE-SECP384R1:+CURVE-SECP256R1:+CTYPE-X509"And now things are good! All green in sslscan:SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 disabled TLSv1.1 disabled TLSv1.2 enabled TLSv1.3 enabled TLS Fallback SCSV: Server supports TLS Fallback SCSV TLS renegotiation: Session renegotiation not supported TLS Compression: Compression disabled Heartbleed: TLSv1.3 not vulnerable to heartbleed TLSv1.2 not vulnerable to heartbleed Supported Server Cipher(s): Preferred TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve P-256 DHE 256 Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve P-256 DHE 256 Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve P-256 DHE 256 Preferred TLSv1.2 256 bits ECDHE-ECDSA-AES256-GCM-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-ECDSA-CHACHA20-POLY1305 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-ECDSA-AES128-GCM-SHA256 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-ECDSA-AES128-SHA256 Curve P-256 DHE 256 Server Key Exchange Group(s): TLSv1.3 128 bits secp256r1 (NIST P-256) TLSv1.3 192 bits secp384r1 (NIST P-384) TLSv1.3 260 bits secp521r1 (NIST P-521) TLSv1.2 128 bits secp256r1 (NIST P-256) TLSv1.2 192 bits secp384r1 (NIST P-384) TLSv1.2 260 bits secp521r1 (NIST P-521) SSL Certificate: Signature Algorithm: sha256WithRSAEncryption ECC Curve Name: secp384r1 ECC Key Strength: 192
A discussion on irc about how hard it is to set TLS options in some programs
made me recall I still wanted courier-imap-ssl to give me the right
SSL settings (Only TLS 1.2 and 1.3, and no weak algorithms). This has bothered
me for a while but I couldn't find the right answers. Most documentation
assumes courier-imap-ssl is compiled with OpenSSL. In Debian/Ubuntu/Devuan it
is compiled with GnuTLS.
Searching this time found me This year I participated in the EA RTTY Contest again. This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles and they organize nice contests! I participated Saturday afternoon and Sunday end of the morning. Other things needed my attention in the weekend too. I ended with 56 contacts, 53 on the 20 meter amateur band and 3 on the 40 meter amateur band. The 40 meter amateur band was mostly unusuable during the daytime due to interference. I thought I was going to end the contest with less than 50 contacts, but calling CQ I had a last minute sprint with 11 contacts in 10 minutes.
This year I participated in the 
This year I participated in the EA PSK63 Contest again. This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles and they organize nice contests! This is a 24-hour contest between 12:00 UTC on Saturday and 11:59 UTC on Sunday. Contacts were made Saturday afternoon and evening, and Sunday morning. The last contact was logged at 11:59 UTC on Sunday! I went for the 20 and 40 meter bands and checked a few times whether there was activity on the 10 meter band. In the end I made 182 contacts, 1 on the 10 meter band. Besides the usual search and pounce approach (looking for other stations calling CQ) I also called CQ for periods. This got me a nice amount of contacts in a short period. The peak was 4 contacts within 2 minutes. With the new Yaesu FT-991A radio it's also possible to find a free frequency, center it in the passband at 1500 Hz and then turn the bandwidth of the receiver down. Big signals outside the passband have a lot less influence with this radio so I can receive signals on 'my' frequency better.
This year I participated in the Time for an overview of what happened in amateur radio in 2022 for me. Like previous years I will look back at the plans and what happened. Looking back at Closing 2021 in amateur radio the following results are clear:
Time for an overview of what happened in amateur radio in 2022 for me.
Like previous years I will look back at the plans and what happened.
Looking back at 
Naast het gebruiken van bitcoin om mensen af te persen is er altijd ook de optie om in te breken op bitcoin accounts om de buttcoins van anderen te stelen.
Naast het gebruiken van bitcoin om