News items for tag english - Koos van den Hout

2018-10-12 Serious slowness with rrdgraph from rrdtool 1 week ago
One of the things still needing migrating is the NTP server stats which obviously uses rrdtool. Because I want to keep the history I migrated the datasets with:
/usr/local/rrdtool/bin/rrdtool dump \
| ssh newhost /usr/bin/rrdtool restore -f -
And then create a graph of the plloffset for example using:
/usr/bin/rrdtool graph /tmp/ \
--title " pll offset (last 24 hours)" --imginfo \
'<img src="tmpgraphs/%s" WIDTH="%lu" HEIGHT="%lu" alt="Graph">' \
--start -24hours --end now --vertical-label="Seconds" --color BACK#0000FF \
--color CANVAS#c0e5ff --color FONT#ffffff --color GRID#ffffff \
--color MGRID#ffffff --alt-autoscale --imgformat PNG --lazy \ \
CDEF:wipeout=offset,UN,INF,UNKN,IF CDEF:wipeoutn=wipeout,-1,* \
LINE1:offset#000000:"Offset\:" \
GPRINT:offset:LAST:"Current\:%.3lf%s" \
GPRINT:offset:MIN:"Min\:%.3lf%S" \
GPRINT:offset:MAX:"Max\:%.3lf%S" \
GPRINT:offset:AVERAGE:"Average\:%.3lf%S" \
AREA:wipeout#e0e0e0 AREA:wipeoutn#e0e0e0
But on the old server this takes 0.026 seconds, on the new server 3 minutes and 47.46 seconds. No idea what is happening, strace shows nothing strange and rrdtool uses 1 cpu at 100% all that time.
Read the rest of Serious slowness with rrdgraph from rrdtool

Tags: , , ,
2018-10-10 New countries in amateur radio using the radio at the club 1 week ago
My amateur club Veron A08 call PI4UTR has a really good clubstation with multiple nice antennas. In an environment with a lot less interference than I have at home.

Last Tuesday I used the clubstation to make a few connections and got some nice calls in the log, adding two new countries. VP8LP on the Falkland Islands and CE2ML in Chili.

Tags: , ,
2018-10-03 Seeing the same names in logcheck mails every hour 2 weeks ago
I use the logcheck package to monitor for unexpected log entries. Since upgrading to the new homeserver conway I noticed DNSSEC failures coming back regularly, even at weird times of the night while the domain names seemed related to services we sometimes interact with during the day. To search deeper I enabled query logging on DNS (with a short retention period) in order to find the source.

Eventually I found it: the DNSSEC failures came at the time the mail from logcheck was delivered, because it mentioned domain names that cause a DNSSEC failure. So the way to 'fix' this problem and avoid similar other problems was to whitelist logcheck mail.

Update 2018-10-05: That only helps when enabling the Mail::SpamAssassin::Plugin::Shortcircuit plugin and enabling the USER_IN_WHITELIST shortcircuit.

Update 2018-10-07: Even with whitelist and shortcircuit I still see queries for domain names in the logcheck mails. Call to spamassassin is now changed...

Now, once again...this time with FEEwing

Tags: , ,
2018-10-01 Getting distracted on shodan 2 weeks ago
This morning I was looking on shodan for open remote desktop servers in the work network since RDP was mentioned as an attack vector in the latest GANDCRAP ransomware.

Searching for '3389' on shodan found something completely different: an open industrial control system (ICS) for tankstation gauges.

  1  UL 98                 9757      9693    10283    939.2      0.0    20.09
  2  EURO                 2...
According to The Internet of Gas Station Tank Gauges -- Take #2 - Rapid7 this was already a reported issue in January 2015 and according to their research it may be possible to do bad things with this access.

The above is from a gas station I can find on google maps.

Oh I found the way to search for open remote desktop servers on shodan: port:3389.

Tags: , , ,
2018-09-26 Made the big bang to the new homeserver 3 weeks ago
So for months and months I had hardware ready for the new homeserver, I was testing bits and pieces in the new environment and I still did not get around to making the big bang. Part of the time the new system was running and using electricity.

And a few weeks ago I had time for the big bang and forgot to mention it!

So one free day I just did the last sync of homedirectories and started migrating all services in a big bang. No more but, if, when, is it done yet. It's a homeserver, not a complete operational datacenter. Although with everything running it sometimes does look that way!

The new setup, more completely documented at Building - and maintaining home server conway 2017 is now running almost all tasks. The main migration was homedirectories, mail, news, webservers. Things are now split over several virtual machines and the base virtual machine running kvm virtual machines is as minimal as possible.

One thing I just noticed is that the new virtual machine with pppoe kernel mode drivers and updated software is doing great: the bigger MTU is working by default and kernel mode pppoe does not show up as using CPU when a 50 mbit download is active. I looked at CPU usage with htop and at the network traffic with iptraf and the result was that iptraf was using the most cpu.

There are still some things left to migrate, including a few public websites that currently give 50x errors. But I will find the time eventually.

Tags: , , ,
2018-09-24 After 25 years with sendmail there was still something to improve 3 weeks ago
I still like running sendmail on my own systems. But sendmail evolves with time and my configuration does improve slightly sometimes, such as on the introduction of authenticated smtp with secondary passwords.

After the recent upgrades to the home server there is a new mail server with some other new details and suddenly other systems at home could not relay. A bit of searching found Best practice: sendmail and SMTP auth with the right flags for the DAEMON_OPTIONS to only offer authentication on port 587 (submission).

I noticed the local systems tried relaying via port 587 so I changed this to port 25 where IP-based relaying is allowed. No idea why I set this up to use the port 587 when I set it up previously.

And yes, I checked it, I started with sendmail in 1993, so 25 years of sendmail on port 25. I did start with writing my own rules but I switched to .mc based configurations.

Tags: , , ,
2018-09-24 Windows 10 WiFi can't deal with password changes 3 weeks ago
The work laptop is now "upgraded" to Windows 10. I wasn't sure about it as I saw Windows 7 as less annoying but it's the corporate choice.

And after I changed the password for my eduroam wifi-account it just gives an error and does not connect to the wireless network. The obvious choice to show the option to enter a new password does not pop up (unlike Android which came with that suggestion right away). Even the "network troubleshooter" doesn't come with the source of the connection problem let alone the obvious solution.

The Windows 10 "solution" is to just forget the network and discover it again. I'm glad this isn't a network where I need special options and a certificate to log in.

Tags: , ,
2018-09-21 Setting my bash prompt PS1 to remind me I'm in screen 4 weeks ago
With some systems constantly running screen and others not I started to get confused. Solution: change the visual indications in the prompt inside screen.

I decided to just change the username color in PS1 when I'm in screen. So now:
PS1='${STY:+\[\e[1;36m\]}\u${STY:+\[\e[0m\]}@\h:\w\$ '
In bash, ${STY:+..} gives output when shell variable STY is set. So I add the color set/unset commands to the prompt when STY, a typical screen variable is set. The result is dark cyan, a color that works (for me) on my normal light-grey background xterm/putty sessions.

Oh, and for root things are different:
PS1='\[\e[1;91m\]\u@\h\[\e[0m\]:\w\$ '
Which gives a light red user@hostname.

In the above \e causes an escape to be printed. Wrapping parts of the prompt between \[ and \] causes bash to ignore those for counting the length of the prompt so it doesn't get confused on redrawing the prompt when editing the commandline.

Samples of colours and other formatting at FLOZz' MISC » bash:tip_colors_and_formatting.

Tags: , ,
2018-09-14 Recent Internet outages without VDSL link 1 month ago
Two (at this moment) long outages in the last two days without VDSL link which makes it look like the VDSL service was out completely (no sync at all). A telecom engineer busy in the local wire cabinet? Some other outage?

  • Thursday 13 september 17:01 - 18:23
  • Friday 14 september 13:59 - 15:48

Update: and another
  • Monday 17 september 10:07 - 11:46
Called the xs4all customer service. They couldn't find any planned or unplanned work but did see the same outages on my line that I saw. The person on the phone was quite baffled too by this behaviour. The first cause to eliminate this is to really powerflip the modem, when that does not help replace it temporarily with a known-good modem (the Fritz!box 7360v1 which I still have).

Update: interruptions haven't happened since my call to xs4all.

Tags: ,
2018-09-14 IT attacks in higher education have interesting holiday patterns 1 month ago
According to this article: Students blamed for university and college cyber-attacks - BBC News the new pattern is that attacks on IT systems in higher education happen in active times in education.

Interesting quote (for me):
There was a very sharp decline in attacks in the Christmas, Easter and summer breaks and during half-terms - with attacks rising again sharply when terms resumed.
I remember starting in system administration and learning quickly that the Christmas holidays period was the busiest period in attempts to break in to computer systems all over the world. This was simply explained by the fact that the Christmas holidays are the most universal school holiday in the world and all the teenage hackers had time to play with computers, modems and networks.

Tags: , ,
2018-09-13 Missing bit for the HF amplifier: the PA control cable 1 month ago
The HF linear amplifier I bought had one missing link: the control cable to signal when to start transmitting.

I first looked for such a cable at Hamshop but the cable was not available anymore. Further searching found the right cable at 8 pin linear amp switching cable for Yaesu FT-817 FT-857 FT-891 FT-897 FT-991 - TechnoFix UK and ordered it. It came in, so time to test it in the upcoming weekend.

Tags: ,
2018-09-07 Plotting the number of amateur radio contacts 1 month ago
QSL count plot up to August 2018 After the SCC RTTY contest in August I decided to plot the number of amateur radio contacts again. Clearly visible are months with contests I participate in. And the influence of the summer holiday.

before, before, before

Tags: , ,
2018-09-06 Weird interface names in snmp due to virtio driver 1 month ago
I want to measure network traffic so I decided to copy most of my rrdtool setup from the old home server.

But with virtio network cards I have a confused snmpd:
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: Red Hat, Inc Device 0001
IF-MIB::ifDescr.3 = STRING: Red Hat, Inc Device 0001
IF-MIB::ifDescr.4 = STRING: Red Hat, Inc Device 0001
IF-MIB::ifDescr.5 = STRING: dummy0
IF-MIB::ifDescr.6 = STRING: dumhost
IF-MIB::ifDescr.7 = STRING: dumdh6
Fix: go for the IF-MIB::ifName snmp variables, found in oid
IF-MIB::ifName.1 = STRING: lo
IF-MIB::ifName.2 = STRING: eth0
IF-MIB::ifName.3 = STRING: eth1
IF-MIB::ifName.4 = STRING: eth2
IF-MIB::ifName.5 = STRING: dummy0
IF-MIB::ifName.6 = STRING: dumhost
IF-MIB::ifName.7 = STRING: dumdh6
Those are easier to discern, now my snmp scripts are gathering data again.

Tags: , , ,
2018-09-02 Ok weather and time for outdoor radio 1 month ago
Outdoor radio
Outdoor radio, picture by PA5Z
Last Friday I had time available for outdoor radio and the weather prediction looked nice. Fellow radio amateur PA5Z had time available too and joined me. We cycled to the local park and found a nice spot for some radio, complete with a bench available to sit and run the radio.

First decision was which band, because changing the band after raising the linked dipole means having to take it all down again. It was a tough decision between 40 and 20 meters, both looked not too promising. We decided on 40 meters.

I also extended the mast and tie-wrapped the balun of the linked dipole to the mast (three segments below the top) before getting the mast upright. This worked nicer for me on an earlier setup. The downside is that we had to be very careful in where the guy-wires and the dipole wires are around the fiber mast to avoid tangled lines and twists. And the right way to lengthen the mast is twisting the segments to lock them together.

With two people it is a lot easier to get the mast straight and it looked very nice. Soon contacts were made, but after a few tries I received a report that the audio sounded like I had RF interference. I heard this remark before at the end of my testing the mast at Trintelhaven and this time I found out what the problem was: the lead-acid battery I was using was running low and when the voltage drops from 12.0 to 9.6 volts on transmitting the output gets distorted. The fix was to lower the output power, a local radio amateur who we contacted was willing to help test this and confirm my theory that the drop in voltage was causing distortion.

Eventually it started to rain a bit, the batteries started to get depleted even at lower power and we decided it was time to pack up and go back home.

A nice day for radio, I ordered a new battery to replace the failing ones and I'll be doing this again some day!
Read the rest of Ok weather and time for outdoor radio

Tags: ,
2018-08-26 I participated in the SCC RTTY contest 1 month ago
RTTY contest on websdr As planned and prepared for I participated in the SCC RTTY contest this weekend. I was aiming for 100+ contacts but due to local interference and not very cooperating propagation those did not happen. In the end I made 83 contacts, 2 on the 40 meter band and 81 on the 20 meter band. I entered in the 'single operator 20 meter' category which was the most fitting for me. That does mean the 2 40 meter contacts only count for log checking.

Interesting things that happened: I got YV5AAX in the log. This has happened before in RTTY contests. But I do see YV5AAX from time to time in FT8 but never made a contact in that mode. I guess the station uses different antennas for contests. I also worked several US stations but I don't think those have resulted in a new US state for my statistics.

The new amplifier was working fine although I noticed the fan control and fan in the power supply stopped completely when I transmitted RTTY in the 10 meter band. This was not a very big problem this time as there was no propagation at all on that band. But it will have to be fixed before the next contest.

With this amount of power I can work almost all stations that I can decode. That is a nice improvement!

Tags: , ,
2018-08-19 Testing the fiber mast with antenna at home 2 months ago
Today I set up the fiber mast against the back fence of our yard and used it to raise the endfed wire antenna as a vertical, with the coil between the 10/20 meter and 40 meter parts of the wire a few segments beneath the top of the fibermast.

This works ok. Interference on the 10 meter band is nearly gone, interference on the 20 meter band is about the same. What is also interesting is that this setup gives more balanced results on the pskreporter map. With the endfed antenna from the roof to the end of the garden the results are that most of what I receive is to the east of me. With the fibermast and the endfed as a vertical the reception is more balanced and I see more North and South America.

There is a downside: with even the slightest bit of wind the top of the fibermast starts to move a bit much. So to keep this setup safe for a weekend I would need to do something with guy wires.

Tags: ,
2018-08-17 Trying (and failing) to correlate security logs 2 months ago
Since activating sendmail authentication with secondary passwords I see a number of attempts to guess credentials to send mail via my system. This is not very surprising, given the constant attack levels on the wider Internet.

For work I am looking at log correlation and monitoring and with that in mind I noted that finding the right information from sendmail where and when the attempt came from is quite hard since there are several processes busy and it's hard to correlate the logging. The failed attempt is logged by saslauthd in /var/log/auth.log:
Aug 16 12:28:57 greenblatt saslauthd[32648]: pam_unix(smtp:auth): check pass; user unknown
Aug 16 12:28:57 greenblatt saslauthd[32648]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Aug 16 12:28:59 greenblatt saslauthd[32648]: do_auth         : auth failure: [user=monster] [service=smtp] [] [mech=pam] [reason=PAM auth error]
Aug 16 12:29:00 greenblatt saslauthd[32649]: pam_unix(smtp:auth): check pass; user unknown
Aug 16 12:29:00 greenblatt saslauthd[32649]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Aug 16 12:29:02 greenblatt saslauthd[32649]: do_auth         : auth failure: [user=monster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
This is probably related to this sendmail log information:
Aug 16 12:28:56 greenblatt sm-mta[20716]: STARTTLS=server, [] (may be forged), version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 16 12:29:02 greenblatt sm-mta[20716]: w7GASspx020716: [] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MSP-v6
But I can't be sure as there are multiple 'did not issue MAIL/EXPN/VRFY/ETRN' messages in the logs. So I can't build a fail2ban rule based on this.

Tags: , , ,
2018-08-13 Trying to receive amateur radio through local interference 2 months ago
This evening I tried several things to improve my chances of actually receiving anything other than the loudest stations in the upcoming SCC RTTY contest.

First try was with a borrowed receive loop indoor and using an HF upconvertor, an rtl-sdr dongle and gqrx as receiving software. This did not work for digital modes: letting wsjt-x (FT8 software) 'listen' to the audio output of gqrx gave no decodes.

Interesting detail: looking at the right piece of spectrum for FT8 showed that the frequency wasn't 100% stable, with frequencies slowly changing. Touching the rtl-sdr gave a bump in frequency.

Another attempt was with the loop indoor and reception on the FT-857D radio. Reception of a strong SSB station seemed somewhat better on the loop, but I heard no improvement of weaker stations.

So I moved the loop outside to the end of the garden and layed a long cable back to the radio setup. This made interference worse! It was already dark so this was not related to any solar panel setup, but some other source of interference on HF. The loop is supposed to receive less local interference but I could not get it to do that this time (it did work for SSB some other time).

Tags: , , ,
2018-08-13 False advertising from antivirus software in e-mail 2 months ago
----- No virus found in this message. Checked by AVG - Version: 2014
.0.4830 / Virus Database: 4365/10772 - Release Date: 13/08/18

[-- Attachment #2: doc10089752487652120190813.docx.jar --]
I guess No known virus found was a better message for AVG.

Tags: , ,
2018-08-12 Making the HP DPS-700GB power supply less noisy 2 months ago
The HP DPS-700 GB power supply adapted to feed the linear amplifier has no own internal fans so I connected a recycled 50mm PC fan. Which runs at full speed which is a lot of noise. I ordered a 12 volt fan control module on-line so it can run slower and keep the noise down a bit.

I'll probably replace the current fan with an 80mm PC fan and set a low minimum speed. The air has to move as the power supply has no internal fans and is quite good at a thermal shutdown. But as long as things don't get warm it would be nice to reduce the noise as this was very noisy.
Read the rest of Making the HP DPS-700GB power supply less noisy

Tags: , ,
  Older news items for tag english ⇒
, reachable as PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews