News archive 2023 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021 | 2022 | 2023

2023-05-29 I participated in the CQ WPX CW Contest
Mapped contacts PE4KH in the CQ WPX CW contest 2023
Mapped contacts PE4KH in the CQ WPX CW Contest 2023
Last weekend was the CQ World Wide WPX Contest CW organized by CQ Amateur Radio magazine. The term 'WPX' stands for 'Worked All Prefixes'. The objective of this contest is to get contacts and exchange information with as many different other radio amateurs using morse code. Points are awarded for each contact, based on which amateur band and whether they are in the same or different continents. Multipliers are calculated from the number of different prefixes contacted. The prefix of my callsign PE4KH is PE4.

The score in this contest is calculated from the points per contact multiplied by the number of unique prefixes. This makes a station with a rare prefix popular so radio amateurs get special calls or go to special places to be that rare prefix.

This is also one of the big contests with a lot of participation from all around the world. In the days before the contest there were already a number of stations set up in special places busy on the air making contacts, testing their equipment and their setup to get the maximum score in the contest.

This testing in the days before the contest already allowed me to get a number of new countries in morse in my log: Azerbaijan, Antigua, Argentina, Madagascar and Hong Kong.

In the contest I made 171 contacts: 33 on the 10 meter band and 138 on the 20 meter band. With 215 qso points, 138 multiplier my claimed score is 29670 points at the moment. I had fun in the contest and all the practice with callsigns and serial numbers in morse has helped!

During the contest I added Australia, Qatar and Kaliningrad as new countries in morse in the log. I have now had morse contacts with 101 countries in the world, and now I'm waiting for confirmations via Logbook Of the World.


I received a very fast confirmation for Australia already from VJ3A Steve. That was a 16490 kilometer contact with morse!


In preparing for this contest I considered adding an antenna to get access to the 15 meter band. Now looking back I think I might get different contacts (more countries maybe) on 15 meters, but it would not have added a lot of contacts.

Tags: , , ,
2023-05-21 I participated in the King of Spain CW Contest
CW contest filling the bands on a websdr This weekend was the His Majesty The King of Spain CW Contest and I participated. There wasn't a lot of time due to other things in the weekend, I was making contacts in the contest for less than four hours on Saturday evening and less than two hours Sunday.

I made 77 contacts, 7 on the 10 meter band, 55 on the 20 meter band and 15 on the 40 meter band. Propagation wasn't cooperating very well although there were some interesting openings. One opening on the 10 meter band resulted in a contact with Nepal on the 10 meter band, a completely new country in amateur radio for me.


And the contact with 9N7AA Robert in Nepal is already confirmed! Thank you!

Update 2023-05-26

I had a contact with HZ1TT Ali in this contest and that contact is now confirmed, adding country number 85 to the list of confirmed countries in Morse.

Tags: , , ,
2023-05-16 Maybe YouTube isn't completely on to me...
I sometimes think YouTube is quite good at suggesting new videos to me with interesting subjects. For a while I've been seeing Tom Scott videos and Connections Museum videos. But only today YouTube suggested to me this video, Tom Scott at the Connections Museum! So maybe YouTube isn't completely on to me.

Of course with Sarah from the Connections Museum explaining things.

Tags: , , ,
2023-05-15 Maybe I should get asterisk going again, to play with old phone exchanges
There is a museum in Seattle called the Connections Museum and it is on my "If I ever visit that part of the world" list. The reason I found it because one of the volunteers likes to make videos for youtube about the equipment in the museum and the youtube suggestions are on to me.

with an interest in phone phreaking in my history this is a very interesting channel. They recently had a video on how blue boxing *actually* worked, including a demonstration of how the switch actually responds to the blue box tones. This made me go "oh now I get it" for details on blue boxing.

In the latest youtube video is an explanation that they run asterisk as one way of connecting all their historic phone exchanges. The historic phone exchanges are also connected using direct interconnects. Video announced in In case you haven't seen the latest bit of ridiculous hacking ;) - Connections Museum on Twitter. Video at Is this the world's oldest Linux peripheral? - Connections Museum

If I understand the remark about asterisk and Collectors' Net / Phreak Net correctly it should be possible to dial into the old exchanges at the museum from either of those networks.

From 2008 to 2013 I played for a while on the Collectors' Net to test my asterisk experiments but when I got less interested and reduced my phone setup at home to a simple voip base again I stopped being a member of Collectors' Net. Maybe I should get back on one of those networks and get something going again! It would be awesome to have an option to dial into the old hardware at the Connections Museum and actually end up in a phone switch from 1923 using a VoIP phone on my side. Or dig up a pulse-dial capable ATA and dial in using the original T65 rotary phone.

Tags: , , ,
2023-05-12 A good evening for morse contacts
Yesterday evening I turned on the radio and looked for some interesting morse contacts. With some help from the Reverse Beacon Network I searched for interesting stations.

I had contacts with a few special event stations. There are extra special event stations active from the United Kingdom to celebrate the coronation. And two new countries in morse for me.

One was Saudi Arabia where HZ1TT Ali was calling and I managed to get through this time. I've tried contacting him in morse but failed earlier. The other one was DL5CW Andreas active as MJ/DL5CW from the island of Jersey, and Jersey counts as a separate DXCC entity.

I also had a short chat in morse with a station in Ukraine. This was much more of a personal contact than the short contacts with special event stations or rare countries.
Read the rest of A good evening for morse contacts

Tags: , ,
2023-05-10 Repetitive SSH attempts are still on
I noticed in 2016 that putting services like ssh on a different port does not change much in the attacks and the last few days I noticed this is true as ever.

I use fail2ban for sshd and other services that are prone to brute-force attempts. I've been using influxdb and grafana to visualize measurements and I use telegraf to gather a lot of system data.

I recently enabled gathering fail2ban statistics and it's interesting to see the numbers of blocked addresses is very similar for the sshd on port 22 and the sshd on port 2022. It's not exactly the same number and interestingly not the same attackers but the numbers are within 5%. And yes the numbers are high enough to make the output of fail2ban-client status sshd several screenfulls of IP addresses.

Tags: , ,
2023-05-07 New entity in the log: San Andres & Providencia island
I saw a DX Cluster spot today for a country/entity I hadn't had a contact with before, or not even heard of at all: Archipelago of San Andrés, Providencia and Santa Catalina which consists of two island groups in the Carribean and it's a part of the country of Columbia. But a separate entity in amateur radio terms.

This is again a bit of geography I was never told during my education, but amateur radio has a lot of these geographical surprises.

Brazilian radio amateur PY8WW Renato is active there this weekend and as the qrz page shows he likes going on DXpeditions.

This brings the number of entities in amateur radio I have had contacts with up to 170, half of the current total of 340. I can probably add that I'm now starting with the difficult half!
Read the rest of New entity in the log: San Andres & Providencia island

Tags: , ,
2023-05-01 I was banned from discord... for creating an account
For a lot of things discord seems to be the place to interact with people. I didn't want to create an account there for a long time because I didn't want to interact with yet another service. But for certain subjects it is the place to be.

One such subject is the hack the box CTFs, the post-deadline discussion where all the write-ups are shared is mostly on discord. So in May 2022 I finally created an account, wanting to view the discussion. Directly discord wanted a phone number to finish logging in. I decided I didn't like that so I left it at that.

In the beginning of April I saw that part of the discussion about the proxmark (NFC security tool) is in discord. So I decided to give in and finish the login procedure.

So on 6 april 2023 I added a phone number, received the SMS and entered the received code. Right after that I was logged out with the message 'Your account has been disabled'.

I also received an e-mail about this block, with very general reasons why the account was disabled. Nothing specific, just 'we block accounts due to spam and/or abuse'. So I requested more information on why the account was blocked, received a ticket number in autoreply and that was it.

Three weeks later still no answer, even after a friendly reminder. I have no idea what is wrong, discord does not communicate and I am left thinking this is a very unreliable service if they can block for no verifyable reason without explanation.

I could try to create a new account, but from what I can find discord stores IP addresses and phonenumbers of blocked accounts and blocks those on the next account creation, so that's no use.

Update 2023-05-06

Finally an "answer" from discord. Which says they can't find the account associated with my e-mail address and I should only communicate about accounts from the e-mail address associated with the account. With a standard text about anonymizing accounts that are banned after 14-30 days. Which suggests that the anonymizing includes forgetting the e-mail address because it says:
if your account was disabled for a violation of our Terms of Service and Community Guidelines, we'd have no record of that account existing.
So this "we can't find the account" is caused by their own slowness in responding, the response is 30 days after the block. To the day.

But they probably keep other data such as phone numbers or IP addresses (see above) so I don't think it is worth the effort to restart the whole circus. This is probably not completely GDPR compliant.

Tags: ,
2023-04-30 I participated in the UK/EI DX Contest CW
CW contest filling the bands on a websdr I was looking for an opportunity for morse contacts and saw the UK/EI DX Contest CW 2023 in the calender for this weekend. So I participated, with some last minute additions to my contest logger.

My original idea for this contest was that this would make stations from all parts of the United Kingdom active in Morse, including entities I still want to get in the log. From the parts of the UK I don't have Guernsey and Jersey in morse and I'd like to get Northern Ireland confirmed.

That plan did not work out, from the UK I only heard stations from England and Schotland. Checking the Reverse Beacon Network confirmed this, very little activity from those parts of the UK. I made 68 contacts total, 48 on the 20 meter band and 20 on the 40 meter band.

What did work out is that all the practising I did in morse at contest speeds seems to help, I had less trouble decoding callsigns and serial numbers. I regularly practise contest morse with the Contest trainer by Hanz YL3JD.
Read the rest of I participated in the UK/EI DX Contest CW

Tags: , ,
2023-04-28 Fixing settings/drivers for Digitus Gigabit Ethernet adapter USB-C
I recently bought a Digitus Gigabit Ethernet adapter USB-C, mainly because my work laptop has no wired ethernet connection which I really want sometimes.

As I don't like having Windows-only hardware I did check before ordering that it can also be used with Linux. It contains a Realtek r8152 chip so I searched and found Fixing performance issues with Realtek RTL8156B 2.5GbE USB dongle in Ubuntu - CNX Software which mentions that loading the listed udev rules makes Linux select the right driver and improves performance.

And indeed the 'wrong' driver was chosen initially. I fetched r8152/50-usb-realtek-net.rules at master · bb-qq/r8152 · GitHub like:
root@moore:~# cd /etc/udev/rules.d/
root@moore:/etc/udev/rules.d# wget
root@moore:/etc/udev/rules.d# cd
root@moore:~# udevadm control --reload-rules
root@moore:~# udevadm trigger
And now things are as I wish, the right driver is loaded:
  Device-3: Realtek USB 10/100/1G/2.5G LAN type: USB driver: r8152
  IF: enx3c49deadbeef state: down mac: 3c:49:de:ad:be:ef

Tags: , ,
2023-04-21 Using the network switch in the shed as remote powerswitch
One of the wishes we have for the home network is good wifi coverage in the back garden so we can sit outside on nice days to work without running UTP cables. The access-point in the central place in the house doesn't cover the back garden. Ideally I would also like a separate 'guest' wireless network at home.

These wishes was taken into consideration when upgrading the fiber to the shed network with a Netgear GS310TP switch. This switch has Power over Ethernet (PoE) support so it can power an acccess-point. The next step was to find an access-point supporting VLANs and multiple SSIDs.

Recently I borrowed a Mikrotik Wap.AC to test the options. It took me a bit to get used to the RouterOS userinterface but I managed to get it all working in an ideal configuration: Management via one VLAN, a 2.4 GHz wireless network bridged to the trusted wireless network, a 2.4 GHz wireless network bridged to the guest wireless, a 5 GHz wireless network bridged to the trusted wireless network and a 5 GHz wireless network bridged to the guest wireless.

The final test was with the Mikrotik Wap.AC in the shed with power over the network cable. This worked!

Ideally the wireless network in the backyard is 'on demand' because we only use it when working from home or sitting in the backyard and we can save the power at other times. So the idea of a button 'wifi in backyard' and an automatic shutdown in the evening is nice. I searched and it is indeed possible to control the Power over Ethernet in the Netgear GS310TP switch with snmp. Based on GS110TP deactivate PoE over SNMP for specific Ports I soon had working snmpset commands to disable/enable power to a specific port, and the Mikrotik followed nicely. Value '1' is PoE on and value '2' is PoE off:
$ # switch PoE on for port 8
$ snmpset -v2c -c ******** ******* integer 1
iso. = INTEGER: 1
$ # switch PoE off for port 8
$ snmpset -v2c -c ******** ******* integer 2
iso. = INTEGER: 2

Ideally there would be a button (zigbee?) near the backdoor to request "On" and a scheduled task every day to switch it off in the evening.

Tags: , , , ,
2023-04-17 Refreshed my PGP key
PGP lock logo My PGP key expired, but I reset the expiry date. I do this so I have to actively update the key every few years. Should I ever lose access to the private key, it will go away by itself.

But this also means I have to ask the users of my key to refresh it by hand because the simple refresh doesn't "see" the update (even though this adds new signatures to the key).

So please use the command to receive my key:
$ gpg --keyserver --receive-keys 0x5BA9368BE6F334E4
This updates the expiry date(s) and the uids. If you have my key and it looks expired and/or still has an old e-mail address with kzdoos in it please do this now. Complete data at Search results for '0x5BA9368BE6F334E4' where you can see all the details including the revoked bits. Those revoked bits won't show up in normal use.

Tags: ,
2023-04-14 Teaching courier-imapd-ssl to use up-to-date encryption
Encrypt all the things meme A discussion on irc about how hard it is to set TLS options in some programs made me recall I still wanted courier-imap-ssl to give me the right SSL settings (Only TLS 1.2 and 1.3, and no weak algorithms). This has bothered me for a while but I couldn't find the right answers. Most documentation assumes courier-imap-ssl is compiled with OpenSSL. In Debian/Ubuntu/Devuan it is compiled with GnuTLS.

Searching this time found me Bug #1808649 “TLS_CIPHER_LIST and TLS_PROTOCOL Ignored” : Bugs : courier package : Ubuntu which points at debian-server-tools/mail/courier-check at master · szepeviktor/debian-server-tools · GitHub which lists the right parameter TLS_PRIORITY. And that page has usable answers for up to TLS v1.2, with some reading of the output of gnutls-cli --list I can imagine TLS v1.3 settings.

So with a minor adjustment to the given example to allow for TLS v1.3 I set this in /etc/courier/imapd-ssl:
# GnuTLS setting only
# Set TLS protocol priority settings (GnuTLS only)
# This setting is also used to select the available ciphers.
# The actual list of available ciphers depend on the options GnuTLS was
# compiled against. The possible ciphers are:
# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
# Also, the following aliases:
# HIGH -- all ciphers that use more than a 128 bit key size
# MEDIUM -- all ciphers that use a 128 bit key size
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
#        is not included
# ALL -- all ciphers except the NULL cipher
# See GnuTLS documentation, gnutls_priority_init(3) for additional
# documentation.

And now things are good! All green in sslscan:
  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   enabled
TLSv1.3   enabled

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve P-256 DHE 256
Accepted  TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve P-256 DHE 256
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve P-256 DHE 256
Preferred TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305 Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA384     Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA256     Curve P-256 DHE 256

  Server Key Exchange Group(s):
TLSv1.3  128 bits  secp256r1 (NIST P-256)
TLSv1.3  192 bits  secp384r1 (NIST P-384)
TLSv1.3  260 bits  secp521r1 (NIST P-521)
TLSv1.2  128 bits  secp256r1 (NIST P-256)
TLSv1.2  192 bits  secp384r1 (NIST P-384)
TLSv1.2  260 bits  secp521r1 (NIST P-521)

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
ECC Curve Name:      secp384r1
ECC Key Strength:    192
Read the rest of Teaching courier-imapd-ssl to use up-to-date encryption

Tags: , ,
2023-04-05 I participated in the EA RTTY Contest 2023
RTTY Contest on websdr This year I participated in the EA RTTY Contest again. This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles and they organize nice contests!

I participated Saturday afternoon and Sunday end of the morning. Other things needed my attention in the weekend too. I ended with 56 contacts, 53 on the 20 meter amateur band and 3 on the 40 meter amateur band. The 40 meter amateur band was mostly unusuable during the daytime due to interference. I thought I was going to end the contest with less than 50 contacts, but calling CQ I had a last minute sprint with 11 contacts in 10 minutes.
Read the rest of I participated in the EA RTTY Contest 2023

Tags: , ,
2023-03-31 Trying to get into a Genexis Platinum-4410 router
I have been given a Genexis Platinum-4410 router with the reasoning that I like to play with embedded systems and test the security. Well, that is what I did.

How far did I get

I have serial console, I have extracted filesystem images, and I can't get a shell on the router.

The device

It's a router with 4+1 ethernet ports, wifi, two ports for analog telephones and a USB interface.

Looking at it from the network

In this specific instance the 4 ethernet ports which are logically the 'inside' don't give me a link after the router has booted up. The 1 port which would be the 'outside' or 'WAN' port gives a link and acts as a DHCP client.

The next step was to connect to the wifi network and play with the web interface. This like a custom web interface. Default credentials which match what is on the sticker on the underside of the router.

The router doesn't have a telnet server listening for 'easy' access.

Opening the case

Next step was to open the case and investigate the mainboard. Chips seen on the mainboard: Mindspeed J83100G System on a Chip (SoC), MXIC MX29GL256FHT2I-90Q flash memory, 2* Etrontech EM68B16CWQD-25H 512 mbit DRAM, Si32260-FM1 dual channel FXS (voip) chip and other electronics.

The mainboard has lots of test points, but no clear UART interface. There is an edge connector which looks like a PCI Express connector but it isn't. I asked help about this: What is this connector, does it include UART on a Genexis Platinum-4410 ? : hardwarehacking because r/hardwarehacking on reddit has helped me before.

This edge connector turned out the 'place to be' and with the standard tricks for finding the UART I soon had an idea. But nothing to stick a dupont wire on and no PCI express or cardedge breakout cable/board available. So I had to solder wires to the right lanes on the connector. I had permission to damage the router, so that was ok. Soldering within half a millimeter was really hard! This was the first time I actually used my soldering iron for hardware hacking. And a magnifying glass to actually see what I was soldering.
Read the rest of Trying to get into a Genexis Platinum-4410 router

Tags: , ,
2023-03-29 New country in my log: Rwanda
Last Sunday I spent nearly 3 hours trying to get the 9X5RU Dxpedition to Rwanda in my log in CW (Morse) but that didn't happen.

This morning I got them in my log on my first try. On the 17 meter band.

The technical differences weren't that big. Ok, I was using the Kenwood radio remote today and propagation seemed to work better. But the main difference was that on Sunday it was very busy with amateurs from all over Europe and today I was one of the few callers. I guess the work week has a strong influence here!

DX never sleeps

I guess this turning 'easy' because I tried on a workday and not in the weekend was one of the results of 'DX never sleeps', a different time can help get the contact. The DXpeditions want the highest number of possible contacts so finding a time they are less busy can help in getting the contact. In the first few days/hours all the 'big gun' stations with huge antennas and amplifiers want that contact, after that the simpler stations with some patience also have a good chance.

So far with 9X5RU

Later in the morning I also got the contact on 12m CW. This was harder than 17 meters, I had to give my call 8 times before it was logged completely. After the contact was complete I looked at the signal meter and saw that it barely moved so it was a weak path. Earlier I made contacts with 9X5RU on 17 and 20 meter FT8. But I want to work on my list of countries contacted in morse, so I wanted to make the contact in morse too.

Update.. no success in the afternoon

After 17 and 12 meter band CW I also tried to make the contact on the 10 meter band, where 9X5RU was active in the afternoon. But by that time the US has woken up and has good propagation to Rwanda because of the daylight. I couldn't get through and I heard a lot of US amateur radio callsigns being confirmed.

Tags: , ,
2023-03-19 I went to a Weird Al Yankovic concert!
Weird Al Yankovic, Palladium London 16 Februari 2023, The Unfortunate Return of The Ridiculously Self-Indulgent Ill-Advised Vanity Tour, Photo by Raph_PH
Weird Al Yankovic, Palladium London 16 Februari 2023, The Unfortunate Return of The Ridiculously Self-Indulgent Ill-Advised Vanity Tour
Somewhere in November last year I saw that Weird Al Yankovic on The Unfortunate Return of The Ridiculously Self-Indulgent Ill-Advised Vanity Tour was also coming to Utrecht! So getting tickets was a good idea, especially when it turned out the tickets were going really fast.

So I went on 20 february 2023 and I had a great evening. The concert was at Tivoli Vredenburg in Utrecht, which is cycling distance from my house. A friend came along and he found it a great idea to park at our house and cycle to a bicycle parking really close to the concert.

I looked up the setlist: “Weird Al” Yankovic Concert Setlist at TivoliVredenburg Grote Zaal, Utrecht on February 20, 2023 | and comparing that to earlier Weird Al Yankovic concerts it's clear he took a different route in this tour. Mostly own work, some of the 'in the style of' songs. He did the extended extended version of Albuquerque with lots of types of Donuts and he 'restarted' the song to make the sauerkraut joke again.

The previous Weird Al Yankovic concert I saw was in Amsterdam was more the style with the parodies and the costumes. Setlist of that concert: “Weird Al” Yankovic Concert Setlist at Melkweg The Max, Amsterdam on September 30, 2015 | This was a concert with standing room and I turned out to be in the splash zone for the end of 'smells like nirvana'. A group of fans had their own aluminium foil hats for 'Foil' so Al was really enthusiastic about their response and the whole audience had lots of fun.

To give space for the costume change there was also use of video. And when there was a bit of video with Al reacting to Eminem with 'Say what??' a number of times I expected Word Crimes and indeed that happened.

Anyway I enjoy the music of Weird Al Yankovic. I started with the parodies and I sometimes remark 'this is a strange version of a Weird Al Yankovic song' when I hear for example Gangsta Paradise or Like a virgin. The polka versions are always fun to me. I didn't really like the personal songs the first time but after hearing them a few times and discovering the layers including the jokes I start to appreciate them too.

And recently Rob o'Hara did an episode of his podcast You Don't Know Flack about Weird Al. Rob is also a big fan of Weird Al Yankovic and has seen him perform in the US multiple times. And listening to this podcast episode made me write down 'my' Weird Al story.

Rob also went on a pilgrimage of the sites in Tulsa, Oklahoma where the outside shots of the UHF movie were filmed: UHF - My 15 Year Pilgrimage. Now that is a Weird Al Yankovic fan!

The picture in this newsitem is from the same tour, just a few days earlier. I tried taking some phone pictures but there was nothing good and I found this picture with a nice license which captures the tour really great.

Tags: ,
2023-03-15 Synchronizing google contacts with Thunderbird
Ages ago I added a way to get access to my google contacts as a thunderbird address book. But on installation of thunderbird on a new laptop I couldn't find a simple answer to "how did I do that again?!?".

With access to the old laptop I was able to reconstruct my steps, so I'll note them here:
  • Install cardbook as add-on in Thunderbird
  • Go to this add-in in the Thunderbird userinterface
  • From the top left 'hamburger' menu, select 'Address book', 'New address book'
  • A window pops up asking 'Address book location', select 'Remote'
  • The next window asks 'type of your address book' and gives google as default selection
  • As username enter the standard address used for your google account. This doesn't have to end in
  • After entering the address, click 'Validate' and a window pops up with a minimal browser to log into your google account. Do this.
  • After logging in the browser window will ask for permission for Cardbook to access your google contacts.
  • After selecting a colour for this new address book you can use it.
  • In the process google will probably send you alerts about this new login and permission.
And now my contacts are synchronized between android phone, google contacts web interface and thunderbird!

Tags: , ,
2023-03-12 I participated in the EA PSK63 contest
PSK63 contest in fldigi This year I participated in the EA PSK63 Contest again. This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles and they organize nice contests!

This is a 24-hour contest between 12:00 UTC on Saturday and 11:59 UTC on Sunday. Contacts were made Saturday afternoon and evening, and Sunday morning. The last contact was logged at 11:59 UTC on Sunday! I went for the 20 and 40 meter bands and checked a few times whether there was activity on the 10 meter band. In the end I made 182 contacts, 1 on the 10 meter band.

Besides the usual search and pounce approach (looking for other stations calling CQ) I also called CQ for periods. This got me a nice amount of contacts in a short period. The peak was 4 contacts within 2 minutes. With the new Yaesu FT-991A radio it's also possible to find a free frequency, center it in the passband at 1500 Hz and then turn the bandwidth of the receiver down. Big signals outside the passband have a lot less influence with this radio so I can receive signals on 'my' frequency better.
Read the rest of I participated in the EA PSK63 contest

Tags: , ,
2023-03-08 Ten years as a radio amateur
Ten years ago, on 6 March 2013 I passed the test for the Dutch novice amateur license.

It's been a fun 10 years! I made lots of new friends, learned new stuff and had great experiences. It's a great hobby, I really like it as a hobby that's absolutely not work.

Amateur radio is a hobby with lots of subhobbies. I got into different subhobbies than I expected and started in. And the subhobbies I do get into may even change again, depending on what I get interested in or lose interest in.

Tags: ,
2023-03-05 An unrequested web vulnerability scan from Microsoft IPv4 space
It seems it is also possible to cause something in Microsoft IPv4 space to do a scan for web vulnerabilities. It's starting to become part of a pattern here! Noticed in the logs: - - [05/Mar/2023:15:05:57 +0100] "GET / HTTP/1.1" 200 39297 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [05/Mar/2023:15:05:59 +0100] "HEAD / HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [05/Mar/2023:15:05:59 +0100] "HEAD / HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [05/Mar/2023:15:05:59 +0100] "GET /server-status HTTP/1.1" 403 975 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [05/Mar/2023:15:05:59 +0100] "GET /.nginx.env HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15"

.. - - [05/Mar/2023:15:08:55 +0100] "HEAD /status HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [05/Mar/2023:15:08:55 +0100] "HEAD /callback HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [05/Mar/2023:15:08:55 +0100] "HEAD /handler HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [05/Mar/2023:15:08:55 +0100] "HEAD /plaid HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [05/Mar/2023:15:08:56 +0100] "HEAD /plaid/item/webhook/ HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36"
For a total of 751 attempts via http on one site, receiving a redirect to https and following that redirect. I wonder if I can determine which scanner was used from the pattern of URLs tried.

Tags: ,
2023-02-24 An unrequested web vulnerability scan from cloudflare IPv4 space
I noticed a strange peak in web traffic today and when digging in to it found out it was a web vulnerability scan. What made me look further was the fact that the source IPv4 addresses were randomized over quite a range, so any automatic firewalling wouldn't block the attempts.

This turned out to originate from cloudflare IPv4 space. Interesting how the source IP addresses clearly spread out (which would circumvent a lot of automatic web application firewalls). - - [24/Feb/2023:09:52:22 +0100] "GET /index.php?s=%2Fadmin%2Fthink%5Capp%2FinvokeMethod&method%5B0%5D=think%5Cview%5Cdriver%5CPhp&method%5B1%5D=display&vars%5B0%5D=%3C%3Fphp+echo+md5%28%271f3870be274f6c49b3e31a0c6728957f%27%29%3B HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:24 +0100] "GET /index.php?s=%2Fuser%2Fthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=1f3870be274f6c49b3e31a0c6728957f HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:26 +0100] "GET /index.php?s=index%2Fuser%2F_empty HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:27 +0100] "GET /admin/auth/login HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:27 +0100] "GET /admin/public/login.html HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:28 +0100] "GET /index.php?s=%2Fadmin%2Fthink%5Capp%2FinvokeMethod&method%5B0%5D=think%5Cview%5Cdriver%5CPhp&method%5B1%5D=display&vars%5B0%5D=%3C%3Fphp+echo+md5%28%271f3870be274f6c49b3e31a0c6728957f%27%29%3B HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:28 +0100] "POST /_ignition/execute-solution HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:29 +0100] "GET /admin/auth/login HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:29 +0100] "GET /seller/login/reg HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:29 +0100] "GET /index.php?s=%2Fuser%2Fthink%5Capp%2FinvokeMethod&method%5B0%5D=think%5Cview%5Cdriver%5CPhp&method%5B1%5D=display&vars%5B0%5D=%3C%3Fphp+echo+md5%28%271f3870be274f6c49b3e31a0c6728957f%27%29%3B HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:31 +0100] "GET /index.php?s=%2Fadmin%2Fthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=1f3870be274f6c49b3e31a0c6728957f HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:31 +0100] "GET /index.php?s=%2Fapi%2Fthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=1f3870be274f6c49b3e31a0c6728957f HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:35 +0100] "GET /ch/upload/upload HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:35 +0100] "GET /index.php?s=index%2Fuser%2F_empty HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:36 +0100] "GET /admin/auth/login HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:36 +0100] "GET /admin/public/login.html HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:37 +0100] "GET /loginMe HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:39 +0100] "GET /_ignition/execute-solution HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:40 +0100] "GET /admin/auth/login HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:40 +0100] "GET /admin/other_cert/cert.php HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [24/Feb/2023:09:52:41 +0100] "GET /index.php?case=admin&act=login&admin_dir=admin&site=default HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36"
I checked with someone who uses cloudflare for sites and these IPv4 addresses match how cloudflare proxies sites. My current theory is that someone set up a cloudflare proxy with my site as 'backend' and scanned the 'frontend' to make it harder for me to find the origin.

At this moment the cloudflare abuse form doesn't work for me. I don't have a lot of trust in cloudflare doing things to stop abuse from cloudflare customers so I'm not going to jump through more hoops to get them to notice this, I expect a big dissapointment when I get an actual answer from them.

Tags: ,
2023-02-23 De zoektocht naar de echte bron van een podcast
Vandaag kwam ik een artikel tegen Generaals b.d. Van Uhm en De Kruif beginnen podcast over oorlog en het leek me wel leuk om deze podcast eens te beluisteren.

Alleen geeft het artikel daar bijzonder weinig informatie over. Het enige wat er te vinden is:
De eerste aflevering van Veldheren wordt vrijdag op Spotify en Apple Podcast gelanceerd.
Maar ik wil allebei niet gebruiken om de podcast te beluisteren, ik wil deze podcast gewoon beluisteren in mijn podcast speler, te weten op dit moment 'Pocket Casts'. Zoals Dave Winer aangeeft in Podcasts are feeds - Dave Winer Scripting News is iets pas een podcast als het een RSS feed heeft. Dus ik zoek een URL van de RSS feed van deze podcast, dan kan ik de podcast toevoegen.

Diverse zoekopdrachten geprobeerd, en uiteindelijk kom ik terecht op Veldheren bij / waar nog steeds geen feed informatie staat. Maar de URL van de feed is wel uit de source te halen, omdat de site ook gewoon op de feed gebaseerd is, maar dat zelf niet laat zien. In de source van de pagina zit nog informatie uit de feed en iets wat op een gemangelde url lijkt:
En als ik daar eens aan snuffel lijkt het er wel op te gaan lijken:
$ curl -kI
HTTP/2 200 
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Thu, 23 Feb 2023 14:50:22 GMT
cache-control: max-age=45, public
content-type: application/rss+xml; charset=utf-8
content-md5: NpD8EsLUoeqYLrvKp3UmZQ==
via: 1.1 haproxy, 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Thu, 23 Feb 2023 19:55:49 GMT
age: 0
x-served-by: cache-ams12743-AMS, cache-ams21063-AMS
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1677182149.621644,VS0,VE843
vary: Accept, Accept-Encoding, Accept-Language, Authorization,User-Agent,Origin
server: Fastly
strict-transport-security: max-age=300
content-length: 7164
application/rss+xml is het gewenste mime-type! En inderdaad als ik het bestand ophaal en inkijk:
<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:itunes="" xmlns:atom="" xmlns:content="" xmlns:art19="" xmlns:googleplay="" version="2.0">
      <![CDATA[<p>Veldheren is een podcast waarin twee ..
Het zou toch prettig zijn als het vinden van een podcast buiten spotify of apple om niet een halve hack is.

Verder weggestopt in de zoekresultaten, achter allerlei nieuwsartikelen die braaf hetzelfde herhalen kom ik uiteindelijk terecht op Veldheren podcast - Part of Corti Media Network waar wel verwijzingen naar de RSS feed staan, zowel in de pagina als in de metadata. Het kan wel, het is alleen nogal ondergesneeuwd.

Tags: , ,
2023-02-20 I participated in the ARRL DX CW Contest
CW contest filling the bands on a websdr Past weekend was the ARRL DX CW Contest and I planned to participate beforehand on the 20 meter band like I did in the ARRL DX CW Contest in 2022.

But this year the HF propagation was much better and I got contacts with stations in the United States of America and Canada on the 10 meter, 15 meter and 20 meter amateur bands. The contacts on 10 and 15 meters were most during the period of daylight in both parts, the contacts on 20 meters later in the day. In total I made 89 contacts:
Band   160   80   40   20   15   10
QSO's    0    0    0   16   37   36
Mult     0    0    0   11   19   17

Pts: 267  Mul: 47 Score: 12549     
Currently this gives me New Mexico as a new US state.

Tags: , ,
2023-02-17 More new countries/entities in my log
My search for new countries/entities continues and some interesting ones show up.

The big DXpedition for Januari was going to be the 3Y0J DXpedition to Bouvet Island. I hoped to get an opportunity to make that contact. In the end between the first rush of the high power stations and the early end of the expedition I have received signals from them for about 20 minutes before they stopped for dinner that day.

The day my new Yaesu FT-991A radio arrived I got Reunion Island in the log in FT8.

In the last weekend of the WRTC 2023 award I was trying to get those stations on the 15 meter band and when I had those in the log I looked for other interesting stations on that band. Which showed me an active station on French Guiana for that weekend only, busy in the R-E-F contest in morse. So I submitted my log for that contest with 1 entry.

In February I got Pakistan, Uzbekistan and Martinique as new countries in the log.

Tags: , ,
2023-02-13 I participated in the PACC contest as a morse operator at the radio club
Past weekend was the Dutch PACC contest and I decided to participate at the radio club with the group and call CQ in morse. I sat at the radio together with another (very experienced) operator and we worked together. He was (lots) better at getting callsigns from the noise but at the understandable callsigns I typed fast and together we got a nice number of contacts in the log.

After about two hours fatigue was setting in so someone else took over. As an experience in morse contesting this was really nice for me. I also did some other stuff, there is always something to repair during a contest. And lots and lots of cables. This hobby isn't 100% wireless!

Two things to improve for the next time if I want to do this again: bring my own headset and make sure it's comfortable for long use and bring my own audio splitter and extension cable.
Read the rest of I participated in the PACC contest as a morse operator at the radio club

Tags: , ,
2023-02-11 Major upgrade postgresql
On my todo-list was a postgresql upgrade from 9.6 to 11, a lingering item from the earlier devuan upgrades from ascii to beowulf.

This is one of those upgrades where I am very happy to have lvm snapshots so I know I can get back to a working state if something really goes wrong.

With that snapshot and the instructions from From Stretch to Buster : How to upgrade a 9.6 PostgreSQL cluster to 11 ? - Samuel Forestier it all went fine. After the upgrade I tested all my database-driven websites and local tools to see if they worked. All worked fine so I could stop and delete the 9.6 main postgres cluster and continue running 11.

Final cleanup was deleting the snapshot. Which used as much space as the size of the database! Not unsurprising when thinking about how the upgrade works, but think about the snapshot size.

Tags: ,
2023-02-09 First upgrade to Ubuntu 22.04
I run a desktop and a laptop with Ubuntu and both were at Ubuntu 20.04. The desktop is mostly used for things with amateur radio so I wanted to check whether anything broke on that upgrade. With the 18.04 to 20.04 upgrade I had to do some recovery to get the databases behind cqrlog working again,

Time to upgrade the laptop first with the same amateur radio software installed, configured and tested: cqrlog, wsjt-x, fldigi.

The whole do-release-upgrade took more than an hour. And it's still possible that somewhere during the upgrade process the user gets prompted whether or not to change a configuration file, so I came back after a few hours to a system with a prompt and not finished with the upgrade.

The upgrade told me firefox would be changed from an installed package to a 'snap'. The downside for me was that after the first start firefox thought it was a completely new browser with no history/bookmarks/settings. Maybe this was because the start of firefox was triggered by thunderbird starting and wanting to show me a page about donating. Restarting firefox didn't make the old profile show up again. With a bit of searching I found that firefox should import old non-snap settings when started as a 'snap' for the first time. So I stopped firefox, threw out the whole ~/snap/firefox directory and started it again. This time settings/bookmarks/cookies/history were imported.

Next step was to test cqrlog. There is no cqrlog build for ubuntu 22.04 yet, but the build for 20.04 works. All previously logged data was available fine. The upgrade of ubuntu has upgraded hamlib which means the radio IDs got renumbered, I had to update the settings to the new radio ID.

Silencing Ubuntu Pro adverts

In regular maintenance I noticed this gem:
$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following security updates require Ubuntu Pro with 'esm-apps' enabled:
  libimage-magick-perl imagemagick libjs-jquery-ui libopenexr25
  libmagick++-6.q16-8 libmagickcore-6.q16-6-extra libimage-magick-q16-perl
  libmagickwand-6.q16-6 imagemagick-6.q16 libmagickcore-6.q16-6
Learn more about Ubuntu Pro at
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
which is no better than an advertisment for Ubuntu Pro. Which is a new service by Canonical offering longer term support (10 years) and support for not just "Main" (which is what you got with Ubuntu before) but "Main" and "Universe". Ubuntu Pro costs a registration for private use at the moment. So 'The following security updates require Ubuntu Pro' isn't completely honest. But then again, it's advertising.

Anyway, I don't want to see this every time I check for updates. I searched for a solution, The following security updates require Ubuntu Pro with 'esm-apps' enabled - r/linux
$ cd /etc/apt/conf.d
$ sudo mv 20apt-esm-hook.conf 20apt-esm-hook.conf.disabled
$ sudo touch 20apt-esm-hook.conf
$ sudo chattr +i 20apt-esm-hook.conf

Tags: , ,
2023-02-06 Afwachten tot Open Dutch Fiber open wordt
De laatste ontwikkelingen rond Open Dutch Fiber die plannen heeft om hier ook glasvezel aan te leggen zijn dat volgens een bericht van Freedom er een voorkeursperiode is voor T-mobile, maar dat daarna Freedom Internet toch mogelijk zou moeten worden als ze de koppelingen om als provider op dat netwerk actief te zijn rondkrijgen.

Bron Wanneer komt Freedom op het Open Dutch Fiber netwerk? - Freedom Internet. Volgens dit bericht:
Helaas is er één probleem; ODF heeft met T-Mobile een overeenkomst waarin staat dat op elke locatie waar ODF een nieuw stuk netwerk realiseert, T-Mobile het eerste jaar exclusief - dus als enige provider - internetabonnementen mag leveren.
Dat staat dus niet heel opvallend in de berichtgeving van Open Dutch Fiber, die geven alleen maar aan dat je snel een abonnement bij T-Mobile kan nemen.

Kortom, afwachten en verkopers van T-Mobile die aan de deur gaan komen uitleggen wat ik wil. Want die verkopers verwacht ik.

Tags: ,
2023-02-03 Freeradius doesn't like the old LetsEncrypt chain
I was doing some testing with freeradius and suddenly nothing worked with the following error in debug mode:
(7) eap_peap: ERROR: TLS Alert read:fatal:certificate expired
(7) eap_peap: TLS_accept: Need to read more data: error
(7) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired
I checked the certificate and renewed it. The normal autorenewal processes had not run since the previous tests with radius and 802.1x authentication on wifi so that wasn't unexpected but this still didn't solve it: I kept getting the error message.

After some deep searching why it worked before I saw I had requested that certificate in a different way where I had the chain with only ISRG Root X1 because sendmail gave me SSL verification failures after the DST Root CA expired. So I did the same as I did before: I configured dehydrated (my preferred ACME client) on the radius testmachine to use the LetsEncrypt issuer chain without the DST Root CA cross signature, with the following in /etc/dehydrated/config :
# Preferred issuer chain (default: <unset> -> uses default chain)

Tags: , , ,
2023-02-03 Dear Linux distributions, don't nag about a setting
I noticed lots of kernel modules for filesystem support were loaded after running update-grub. This was caused by running os-prober which searches for possible operating system installations on all partitions of the system.

On virtual and physical machines that only run linux and will never run anything else unless I am really changing something this only takes time and uses resources, so I searched for how to disable this. So now there is a line in /etc/default/grub:
# don't look high and low for other operating systems
But now update-grub thinks it is necessary to warn me every time...
# update-grub
Generating grub configuration file ...
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
I know it will not be executed, I added it on purpose. It's not very likely I added GRUB_DISABLE_OS_PROBER=true by accident not knowing what I was doing. Stop nagging me about it. If I didn't know what I was doing on a computer I wouldn't be configuring linux distributions.

Tags: , ,
2023-01-29 Grabbing the root filesystem image from the Cab.Link CLS-D4E2WX1
I wanted to grab the root filesystem image from the flash memory of the Cab.Link CLS-D4E2WX1 cable modem/router. The way to do this was the same as with Grabbing the firmware from the Corinex CXWC-HD200-WNeH and extracting the root filesystem although I decided to just dump the root filesystem image and not the entire flash memory.

So the box was opened again, the usb serial interface connected to the uart pins on Cab.Link CLS-D4E2WX1 I found earlier and the boot stopped in the U-Boot process.

First step was to determine where in the memory map the root filesystem image would be. This took a bit of calculation. From the bootup messages there are two important hints:
7 cmdlinepart partitions found on MTD device ar7240-nor0
Creating 7 MTD partitions on "ar7240-nor0":
0x000000000000-0x000000040000 : "u-boot"
0x000000040000-0x000000050000 : "u-boot-env"
0x000000050000-0x000000670000 : "rootfs"
0x000000670000-0x0000007d0000 : "uImage"
0x0000007d0000-0x0000007e0000 : "SYSLOG"
0x0000007e0000-0x0000007f0000 : "NVRAM"
0x0000007f0000-0x000000800000 : "ART"

## Booting image at 9f670000 ...
So the kernel image is booted from address 0x9f670000 and it's in the MTD partition at 0x000000670000. This makes the guess that the rootfs image from 0x000000050000 will live at memory location 0x9f050000 and has a size of 0x620000 so the approach is to dump 0x620000 bytes starting at that memory location. The command to do that in U-Boot:
ar7240> md.b 0x9f050000 0x620000
9f050000: 68 73 71 73 04 03 00 00 07 25 98 52 00 00 02 00    hsqs.....%.R....
9f050010: 27 00 00 00 02 00 11 00 c0 00 01 00 04 00 00 00    '...............

This capture of data at 115200 bps took more than 20 minutes. But I have patience enough.... Ok, I went to do something else.
Read the rest of Grabbing the root filesystem image from the Cab.Link CLS-D4E2WX1

Tags: , ,
2023-01-29 Having fun with the WRTC 2023 award
Last year a World Radiosport Team Championship was planned again, this time in Italy: the World Radiosport Team Championship 2022 Italy but due to well-known reasons international travel from all corners of the world to Italy wasn't a good idea, so the news was: WRTC 2022 postponed to 2023 ! - WRTC 2022 Italy.

In the first half of 2022 they had an award to promote the event among radio amateurs: WRTC 2022 Award - WRTC 2022 Italy and I participated during those months and got digital awards. Contacts were in different modes (SSB, CW, FT8, RTTY) on a lot of HF bands with special event stations in regions of Italy.

In January 2023 they are doing it again, this time only in CW and SSB and only on bands that are also active in the WRTC contest in July, this time with stations in multiple countries: WRTC 2023 AWARD : January 2023…headset on! - WRTC 2022 Italy. So I'm trying to get different stations in the log on different bands. It's working out fine so far, I even got a new country in CW (Indonesia). I also used the clubstation to get these special event stations on the 80 meter band.

This is fun and a good promotion for the upcoming WRTC.


In the end I made 122 contacts with WRTC special event stations in January 2022.

Tags: , ,
2023-01-27 I bought a new radio transciever: the Yaesu FT-991A
Eight and a half years and over 14000 contacts after I bought a Yaesu FT-857D I thought it was time to upgrade. The basic requirements haven't changed a lot: HF, 2 meter, 70 centimeter bands, SSB, Morse, FM, support for computer control. What I wanted to improve on is noise filtering, handling of strong adjacent signals and a waterfall display.

So the choice is the Yaesu FT-991A although I also looked at HF-only radios from Yaesu but decided on this one in the end. This will be the base station radio for a while and I will only use the FT-857D for operating away from home.

The basic installation went fine and I think this is a great amateur radio and good value for money. It is an advanced technological device so I had to dig into manuals and on-line documentation several times to get things set up the way I wanted it.

The good innovation is that the Yaesu FT-991A has an USB port on the back. This USB connection gives the computer 2 serial ports and audio over USB. The first serial port is for Computer Aided Tuning (CAT) control which can control the radio from the computer.

I directly wanted to set up an udev rule to map this to a fixed symlink so I can start rigtctld easily. The new rule:
SUBSYSTEM=="tty", ENV{ID_MODEL}=="CP2105_Dual_USB_to_UART_Bridge_Controller", \
        ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea70", \
        ENV{ID_USB_INTERFACE_NUM}=="00", \
The ENV{ID_USB_INTERFACE_NUM}=="00", filter only makes this rule activate on the first of the serial ports offered by the CP2105 chip.

My current experience is that the noise filtering is indeed better which helps a lot in the noisy RF environment at home.

Tags: , , ,
2023-01-23 Making a USB-stick usable for Windows again
Recently I wanted to have the option to install ubuntu on a PC so I created a USB stick with dd. It worked fine and in the end the existing ubuntu on the PC worked ok and could be upgraded and made available again.

So I wanted to revert this USB stick to the normal filesystem that both Windows and Linux can read and write. This turned out to be more difficult than I expected! First I thought Windows could revert the USB stick to a usable state but this turned out to be impossible. I tried on three Windows 10 systems with admin accounts, but none of them were able to create a usable partition and filesystem! The best result I could get was an error something couldn't be started to format the partition, but without any explanation what couldn't be started. Things that were once perfectly doable under MS-DOS are now impossible.

Back to linux to try and find the right partition type and filesystem options to get access again. I could do a lot of things in linux, but I failed to find the right settings that Windows would see as usable storage.

I shared my problems on irc and someone there had the following list of commands to fix this problem:
dd if=/dev/zero of=/dev/sdd bs=1M count=1
parted /dev/sdd mklabel msdos
parted /dev/sdd mkpart primary fat32 1 100%
mkdosfs /dev/sdd1
Which needs to be adjusted for the right device node. Use at your own risk! But indeed after these commands both Windows and Linux were perfectly capable of writing and reading the USB stick.

Tags: , ,
2023-01-21 2022 in amateur radio for me
QSO count for PE4KH until December 2022 Time for an overview of what happened in amateur radio in 2022 for me. Like previous years I will look back at the plans and what happened. Looking back at Closing 2021 in amateur radio the following results are clear:
  • The morse exam finally happened and I passed it.
  • More morse contacts in contests and in general
  • 18 new countries/entities in the log
  • More countries/entities in morse in the log
  • Satellite contacts: none
  • Used the improving propagation
The plans for 2023:
  • Try to get more countries/entities, especially in morse. I am working towards DXCC in morse: 100 entities confirmed.
And one thing is both a result of 2022 and an item for 2023: I ordered a new radio: a Yaesu FT-911A, HF, VHF, UHF all mode at the end of 2022 and it was delivered last week. That will be a separate post.
Read the rest of 2022 in amateur radio for me

Tags: , , ,
2023-01-16 I participated in the UBA PSK63 prefix contest
PSK63 contest in fldigi Like a bit of a yearly event it was time for the UBA PSK63 prefix contest last weekend.

On Saturday propagation on the higher frequencies was not cooperating a lot so I went to the 40 meter band late in the afternoon. On Sunday things were better, I even got one whole contact on the 10 meter band. A lot of the contacts were in search and pounce mode. On Sunday I ended with the last half hour of the contest calling CQ UBA PSK TEST and managed to get a few new stations in the log. Some of those contacts came at a fast pace with even a small pile-up where I had to ask only one prefix to answer.

I ended with 111 contacts logged, which is a good number for a digital mode contest.
Read the rest of I participated in the UBA PSK63 prefix contest

Tags: , ,
2023-01-13 Plannen voor glasvezel hier
Fiber bij een huis in Woerden
Fiber bij een huis in Woerden
Picture by Koos van den Hout, license CC-BY-SA
Na alle gemopper over de DSL verbinding hier een eerste brief over de aanleg van glasvezel.

De planning is erg ruim:
In februari starten we met aanleggen. [..]
Als het goed is kunnen heel Overvecht en Utrecht Noordwest half 2024 next level internetten. Je kunt dan een abonnement afsluiten bij T-Mobile.
Nu is T-Mobile zo ongeveer de laatste Internetprovider die ik zou willen kiezen, onder andere door de gebeurtenissen in oktober 2019 waarbij de verbindingen tussen T-Mobile en bijvoorbeeld SURFnet een stuk slechter werden. Meer hierover: Zit je bij T-Mobile en heb je opeens last van een trage internet verbinding…? - A2B Internet en T-Mobile NL routed all internet traffic through Germany and broke the Internet for small firms. - Rudolf van den Berg. Ik heb niets aan een gigabit glasvezel als ik de kans loop de systemen op mijn werk amper te kunnen bereiken.

Dus ik wil Freedom Internet via die glasvezel. Maar op dit moment is de status "we willen het graag en het komt vast een keer" volgens Update over Delta en Open Dutch Fiber - Freedom Internet waar ook wel een beetje frustratie valt te lezen:
Anco: Met Open Dutch Fiber ligt het gecompliceerder. Hoewel we al geruime tijd onderhandelen heeft dat nog niet tot iets concreets geleid. De enige provider die nu wordt toegelaten op dit netwerk is T-Mobile. Dat vinden wij een slechte zaak. Daarom zijn we bijna geneigd ze 'Closed Dutch Fiber' te noemen. We zijn continu bezig om een opening te vinden om met ODF tot een oplossing te komen. Helaas, vooralsnog zonder resultaat. Dat er een dag komt dat we op dit netwerk actief worden is wel zeker, wanneer dat zal zijn is nog volledig onduidelijk.
Ik ben benieuwd hoe het gaat lopen. Ze mogen fiber aanleggen, we gaan er alleen geen T-Mobile abonnement over nemen.

De aankondiging van de gemeente Utrecht is vrij duidelijk: het moet een open netwerk worden met providerkeuze. Dus als ze eerst fiber aanleggen en die providerkeuze er vervolgens niet is kan dat juridisch aangepakt worden. Bron Overeenkomst glasvezelnetwerk: Utrecht in 5 jaar volledig “verglaasd” - Gemeente Utrecht met
Open Dutch Fiber legt een ‘open’ glasvezelnetwerk aan in Utrecht. Dit betekent dat alle providers die dit willen over dit netwerk diensten kunnen leveren aan hun klanten.

Update 2023-01-15:

Op de site van open dutch fiber staat ook een artikel: Nog eens 29.000 huishoudens in Utrecht worden voorzien van glasvezel - open dutch fiber Als ik in die postcodecheck mijn gegevens invul:
Gefeliciteerd! Op dit moment zijn wij bezig met de voorbereidende werkzaamheden voor de aanleg van glasvezel in Utrecht. In het 1e kwartaal 2024 komen wij bij jou in de wijk.

Update 2023-02-06:

Laatste bericht van Freedom: Wanneer komt Freedom op het Open Dutch Fiber netwerk?. De huidige status is dus 'in theorie zou Freedom beschikbaar moeten komen een jaar na de installatie van Open Dutch Fiber glasvezel'.

Tags: ,
2023-01-11 Working around broken urls for my website
If you're bored enough to look at the sources for my webpages you'll notice I make a lot of use of
<base href="">
This changes the base for all relative urls from to because my whole site is based on being in my userdir, but is the easy url.

I use a lot of relative urls for local things because why make them longer. And this eases developing and debugging on the developer site.

All browsers support the 'base href' meta tag, but some bots ignore it. And there has been a case a few years ago where a bug in one script made all urls seem 'below' other urls. The net result is that my logs are currently filled with entries like:
[11/Jan/2023:17:09:34 +0100] "GET /~koos/irregular.php/morenews.cgi/2022/newstag.cgi/morenews.cgi/draadloosnetwerk/morenews.cgi/newsitem.cgi/morenews.cgi/morenews.cgi/newstag.cgi/asterisk/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/morenews.cgi/newstag.cgi/newstag.cgi/kismet/morenews.cgi/newstag.cgi/newsitem.cgi/morenews.cgi/morenews.cgi/2023 HTTP/1.1" 410
all those entries seem for http:// versions of the urls so I now adjusted the http to https redirect function to stop at urls that look like ^\/~koos/irregular.php\/.+\.cgi to give a status 410 immediately.

This 'saves' a bit of traffic because it never gets the redirect to the https version.

While checking this I see multiple stupid bots, like: - - [11/Jan/2023:17:02:14 +0100] "GET /homeserver.html HTTP/1.1" 404 972 "-" "Buck/2.3.2; (+"
This one clearly doesn't parse the base href tag.
Read the rest of Working around broken urls for my website

Tags: , ,
2023-01-09 I participated in the ARRL RTTY Roundup
RTTY Contest on websdr This weekend was the ARRL RTTY Roundup and I participated. Not for very long because there were other things in the weekend, including the New Year's celebration at my own radio club.

In the end I made 30 contacts, Saturday evening and Sunday evening after dark. On Saturday evening it was hard to find another station, not a lot of signals and a lot of noise on the 40 meter band.

Raw score: 30 Qpts x 21 Mults = 630

Tags: , ,
2023-01-08 Time to stop with The Virtual Bookcase
Recently I was looking at some reports of the affiliate income generated by The Virtual Bookcase and it hasn't generated a cent in a few years.

This is probably fully related to the fact I haven't paid any attention to the site both in code and content for years. The only commits in 2022 were due to a vulnerability found in the site. Most commits to the code for the site were before 2010. Time to admit to myself I need to stop doing this. There are other things that take my time and give me joy.

If someone else wants to take over: get in touch. I'm not sure which parts of the database are of any use to people and which parts I shouldn't transfer due to Dutch privacy laws but we'll figure it out. If nobody wants it, I will start giving 410 gone status from 1 september 2023 and end the domain registration in November 2023.

The original announcement of starting the site, dated 28 march 1999: I've created a virtual bookcase with an overview of books I like/read.. visit the site too! which is also the oldest newsitem in my archive.
Read the rest of Time to stop with The Virtual Bookcase

Tags: , ,
2023-01-05 Buttcoin phishing Bitvavo
Cybercriminal Naast het gebruiken van bitcoin om mensen af te persen is er altijd ook de optie om in te breken op bitcoin accounts om de buttcoins van anderen te stelen. Het voordeel van het niet gebruiken van banken voor geldzaken is dat je ook niet de mogelijkheid hebt om misdaad met geld te onderzoeken dus als je de buttcoins kan stelen kun je er mee wegkomen.

Vandaag ontving ik een phishing mail die van 'Bitvavo' zou zijn, wat blijkbaar iets doet met buttcoins en andere cryptocurrencies. Verder hebben de criminelen goed opgelet bij phishing mails voor banken en gebruiken ze de standaard methodes van phishing: urgentie, voldoen aan regelgeving en een simpele handeling om toegang te krijgen tot je rekening. Met als toegevoegde stap de qrcode zodat je niet zomaar een url-analyzer af kan laten gaan op je mail en je de phishing site (dus de 'verificatiestappen') opent in je mobiele browser en minder makkelijk dingen kan controleren.

Het spoor:
  • De qrcode scant naar
  • Redirect: deze url ziet er uit als een gehackte wordpress site.
  • Hier komt een html redirect naar:
En dat ziet er erg uit als een bitvavo login page.

Update 2023-01-12

Ik heb ondertussen geleerd dat het prima mogelijk is om bitcoin te traceren, dit is de primaire activiteit van het bedrijf 'Chainalysis'. In de Darknet diaries podcast is dit uitgebreid besproken in de aflevering Welcome To Video - Darknet Diaries. De aflevering gaat over een groot onderzoek waarin bitcoin chain analysis het mogelijk maakte om verdachten op te sporen.

Tags: , ,
2023-01-03 Getting contacts confirmed at the beginning of the new year
One of the most important ways for me to get contacts confirmed in amateur radio is via the Logbook of The World by the ARRL.

I noticed the LoTW website was very slow yesterday and today, sometimes giving internal server errors. As a lot of radio amateurs should notice this, I had a look around and soon found mention at LOTW is Struggling! - amateurradio which confirms that the site is slow at the moment. There is a way to see how busy the site is processing uploads at LoTW Queue Status Page and the backlog is currently 11 to 13 hours.

According to some comments in the reddit thread this is caused by people uploading their contacts once a year. I've had contacts where it took a while to confirm them because the other side wasn't uploading to LoTW on a regular basis but I never suspected some people do this just once a year.

The upside is I now have a new country confirmed on several bands at once. And maybe more confirmations will show up. I do have some countries in my list with the note 'not a regular LoTW uploader'.

Tags: ,

IPv6 check

Running test...
, reachable as PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.55 2022/12/12 15:34:31 koos Exp $ in 0.153067 seconds.