2020-03-25 It's 2020 and github doesn't support IP version 6 2 days ago
Several of the machines here at home have IPv4 to the outside world disabled, simply to improve security and find every ancient service or program that still lives in the old world. Today I found one of those while installing dehydrated to automatically renew Let's Encrypt certificates. Indeed, github has no IPv6 support. It tries to be a modern service, but lacks an AAAA record. The one reason I still have a squid webproxy running is to be able to access IPv4-only services from those hosts, so setting the http proxy in the global git config helped. I'm just surprised github doesn't support IPv6. Update: After some searching I found Github users have been asking about IPv6 connectivity since at least 2018 and the "solution" is that they currently don't support IPv6 and the request is on some list.
2020-03-17 I participated in the EAPSK63 contest 2020 1 week ago
Last weekend was the EAPSK63 contest and I participated on Saturday. Lots of stations from Spain active and I managed to work 29 unique Spanish provinces. A total of 82 contacts. I could only participate Saturday afternoon and evening so that limited my time in the contest.
2020-03-13 Frastanzer s'honig 2 weeks ago
I bought a few Frastanzer beers on our snowboard holiday in Austria. The first one to try is "Frastanzer s'honig" which is a beer made from biological ingredients with indeed a bit of added honey. Not too much, it's not too sweet for my taste. The honey gives the beer a soft side in taste without losing the strength from hops completely.
The beer details
Company Frastanz Beer name s'honig Beer style Honey beer/spiced beer Alcohol by volume 5.1 %
2020-03-09 Newer power supply not yet delivering what I want 2 weeks ago
I did some more testing with the HP power supply I bought last November. In previous tests the output voltage seemed to be limited at 13 volts and it seems limited to 13.10 volt at the moment. The RM Italy HLA300V plus amplifier I have will only output about 55 watts maximum in digital modes so that's less than I expect. A higher input voltage may fix this, but I'm not sure how to get the power supply to deliver this and keep running. The previous power supply gave up in a busy weekend but before that the HF linear amplifier delivered more power. I have seen it go over a 100 watt on digital modes. The difference in output from the linear amplifier with 13.10 or 13.27 volt power is quite large, which surprises me.
2020-03-08 Updating the Fritz!box 7360v1: still no PPPoE passthrough 2 weeks ago
A while ago I noticed a mention of new firmware for the Fritz!box 7360v1. As I want a separate PPPoE process to have full control of my Internet connection I hoped the PPPoE passthrough option would become available, since this would be a firmware version later than 6.30, but no. At least the upgrade went fine without having to use the recovery options. So the 'in case of emergency' settings have been kept forwarding the necessary ports via IPv4.
2020-03-06 Grolsch klassieke blond 3 weeks ago
Sometimes the Dutch special beers need attention too. And there are other beers than IPA beers. Really. This is a special beer from the Dutch Grolsch brewery. A blonde beer, with a somewhat bitter taste for a blonde. Not too hoppy, a nice tasty beer.
The beer details
Company Grolsch Beer name Klassieke blond Beer style Blond Alcohol by volume 6.7 %
2020-03-03 Adding contact e-mail addresses to letsencrypt accounts via dehydrated 3 weeks ago
I noticed the news about LetsEncrypt revoking a lot of certificates on 4 March 2020 and did some checking to find out eventually that one of my certificates is in that set. Users have been notified of this problem... when their account had a contact e-mail address. By default dehydrated doesn't set an e-mail address so none of my instances used one. I do like to get informed so I searched how to update the contact info. The data is in /etc/dehydrated/config field CONTACT_EMAIL but I needed some searching before I found the method to get the update passed on to LetsEncrypt. Some searching later found Update registration email address - Issue #425 dehydrated which shows that a simple dehydrated --account does the magic.
2020-03-02 Trying amateur satellites between the mountains with snow falling 3 weeks ago
During our wintersport holiday in Austria I also brought my Arrow antenna and handheld radios along to try a satellite contact. Before the holiday I read on twitter that Peter Goodhall 2M0SQL has unconfirmed gridsquares which included the place I was going on holiday. So I prepared for trying to make the contact during the holiday. In the preparation I got a theory why I had problems with the satellites with a 2 meter downlink frequency. During the holiday I soon figured out there wasn't a lot of time for contacts, during the day we were on the pistes and we went to bed early because we had a lot of physical activity. And the place we stayed was between the mountains so for satellite passes I was limited to high passes. In the end I did listen to one Fox-1D pass which was high and long enough. In a serious amount of falling snow so that was a new experience in amateur radio: trying to make contacts in the snow. Reception of Fox-1D was quite good on the Baofeng UV-5R radio, but transmitting back up didn't work out, I never made a contact. I did not hear Peter on that pass, so that did not work out at all. But I learned several things, including the fact that the theory about the 2 meter downlink frequencies and the Wouxun KG-UVD1P was correct so the result is positive anyway.
2020-03-02 Back from snowboard holiday 3 weeks ago
Last week we were on a wintersport holiday in the Montafon region of Austria. I went snowboarding and had fun. There was enough snow at higher levels when the week started and later in the week it started snowing giving fresh snow which I really like for snowboarding. Driving to Austria and back home through Germany went fine, no huge traffic jams or really bad weather. There is still a lot of work on the German Autobahns but less than one or two years ago. The lane departure warning system in our car still doesn't like the mix of orange and white lines on the road when lanes are shifted for work.
2020-02-20 I think I figured out why I didn't hear satellites with 2 meter downlink 1 month ago
I was preparing for trying some satellite contacts and noticed the Fox-1B and Fox-1D had nicer opportunities for a contact. But I always have problems receiving any signal from those satellites on the handheld radio that I use for satellite contacts, which is the Wouxun KG-UVD1P I got for Christmas in 2012. Not the ideal radio for amateur satellites, but easy to bring along and to program with split frequencies. A while ago I noticed that radio was constantly receiving noise on the 2 meter band and I had to set the squelch level quite high to stop it. I thought it was some local overload or local noise in the 2 meter band. But today while working on the preparations for some satellite contact possibilities I figured the problem is with the radio and something is actually wrong on the 2 meter receive side. I have two other handheld radios. One is a Kenwood TH-D7 where I can't change the squelch level so it's not really usable for satellite contacts and the other is a Baofeng UV-5R which can't be programmed via the computer. So I spent a lot of time entering all the possible doppler-shifted frequencies of both satellites on the keypad of the Baofeng UV-5R. I hope that gives me a working radio for Fox-1B/Fox-1D and I can get a few new contacts in the log. Update 2020-02-27: I was correct! I tried a Fox-1D pass with the Baofeng UV-5R radio and I had easy reception of the satellite. Trying to get my signal over the satellite didn't work, but at least I know what the reception problem was.
2020-02-17 Tweaking the SSL cipher settings for 2020 1 month ago
A few days ago I changed the configuration of haproxy to stop accepting TLSv1.0 and TLSv1.1. With the upcoming deprecation of TLSv1.0 and TLSv1.1 this seemed the right SSL configuration. Today I remembered there is one directly reachable Apache server, so I had a look at the settings there and checked the results with the Qualys SSL Labs SSL Server test where I noticed some ciphers listed as 'weak'. And seeing different results between my haproxy and apache servers, which I did not expect as I used the same settings for SSLCipherSuite in Apache and ssl-default-bind-ciphers in haproxy. The last issue was caused by the fact that Apache2.4.25 in Devuan ascii uses libssl 1.0.2 and haproxy 1.7.5 uses libssl 1.1.0. I'm not sure that's an ideal configuration but it's what I work with. With the output of openssl ciphers -v I get a list of cipher names. But this is with libssl1.1.0 so the output lists ciphers that Apache doesn't have access to (yet). The good part is that Apache ignores ciphers that aren't available, so the net result is a running and working configuration. The current result is for Apache 2.4.25:SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256And for haproxy 1.7.5:ssl-default-bind-options force-tlsv12 no-tls-tickets ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256The fun part is that I can test the SSL negotiation with sslscan locally but sslscan is linked against openssl 1.0.2 so it misses some of the newer options. And I also test with the Qualys SSL Labs ssl test but that takes a while.
The too long; didn't read version of finding the right configuration optionsAnd later I found I could have saved a lot of time researching options using the Mozilla SSL Configuration Generator. I don't completely agree with the suggestions there because I want to generate my own dhparams. Using 'well-known Diffie-Hellman paramaters' has security risks. But otherwise all the suggestions for ciphers are very usable and save me a lot of time.
2020-02-16 Reconsidering data gathering and processing 1 month ago
For years and years I've been doing a lot of data gathering and storing the data using rrdtool. Data such as temperatures from lots of places, from mainboard CPU sensors to an outside weather station, other weather data, web traffic data, house electricy and gas usage, solar power. I started doing this with mrtg in 2001 and switched to rrdtool. There are some improvements to this system, such as maintaining the rrd files on one machine and doing measurements on other machines in the form of timestamped files to be transported to the machine with rrd via rsync-over-ssh. This allows the central database to do a catch-up of decentrally gathered data after an interruption. All in all there are two disadvantages at the moment: the system isn't very flexible, adding a datasource means making the big decision about how much data to keep how long and what I want to look at. Diskspace isn't as constrained as it once was, I may want to keep some data forever and I may want to zoom in to a period a bit longer ago. So I'm looking at different solutions. For one dataset I already added an alternate datastore: the electricity and gas meter readings get copied to a postgres database once a day so I can look at the daily readings forever. So the search is on for the ideal solution. For gathering and transporting data I am looking at mqtt, a lightweight protocol to gather and transmit data. This also makes it easier to have multiple data collectors look at one source so I can test with a few things first before I make a real switch to any new system.
2020-02-15 Active on the 60 meter amateur band again 1 month ago
I had one whole contact on the 60 meter band a few years ago with a German station. This band is supposed to be outside of the reach of my longwire, but with a lot of tuning it can work. This weekend the longwire and the tuner absolutely did not want to get to a workable state on the 80 meter band so I tried the 60 meter band again. In FT8 mode, as that is what gets me the most result from home outside of contests. This got me a number of contacts. Also one new country already confirmed: Tajikistan. And a new country with a questionable contact, so I'm waiting to see whether the other side will confirm or not. Formally 60 meter doesn't count for ARRL DXCC, but to me every contact counts in some way. I even got stations responding to me before I called CQ, I guess some amateurs are keen on getting a new callsign in the log. I took down the wire antenna Saturday early in the evening because the winds were picking up for another storm.
2020-02-10 Getting with the times and limiting the webserver to TLSv1.2 1 month ago
In 2020 the support for TLSv1.0 and TLSv1.1 will end so the famous qualys SSL test is giving capped grades. I decided to get with the times and limit my outside web ports to TLSv1.2 so now I am back at an A+ grade. Eventually this will start to cause problems as Devuan stable doesn't have an openssl with TLSv1.3 support yet.
2020-02-08 Lagunitas India Pale Ale 1 month ago
I decided to look for some special beers while shopping and I found this one: Lagunitas India Pale Ale. Sounded good, so I bought it. The first taste is mostly hoppy, as expected from an IPA. Stronger than I've seen in some other IPA beers. In general it has a strong hop influence in the tast and reminds me of English bitter beers. Reading the label shows me Lagunitas is from Petaluma, California and Chicago, Illinois. I guess Chicago has a serious beer culture with multiple breweries.
The beer details
Company Lagunitas Beer name India Pale Ale Beer style IPA - India Pale Ale Alcohol by volume 6.2 %
2020-02-08 Still learning morse, getting some help 1 month ago
I'm still working on learning morse code. Sending morse code with the paddle is going ok at about 10-12 words per minute. Receiving is also somewhere around that rate, but I make more errors receiving. I practise receiving morse with G4FON (Windows), xcwcp (Linux) and IZ2UUF morse trainer (Android). G4FON offers Farnsworth timing, where the letters are transmitted at a higher rate but there is extra spacing between letters to lower the rate of transmission. In xcwcp I can add extra dots between letters and in IZ2UUF morse trainer I can set extra length as a factor of the letter length. Three somewhat different methods to help learn morse at a reasonable speed. To practise sending morse I use either the FT-857 radio or the control unit of the remote radio as expensive morse sounders. For the morse training at the radio club this is somewhat bulky and the internal buzzer of the nanokeyer is not loud enough so I ordered a practise oscillator kit from Kent morse equipment in the UK. I also joined The Less Involved Data Society where I hope to meet newcomers to morse on the air. So I am now LIDS member number 414. And for the rest: practice, practice, practice. Changing between modes of practice such as whole words in English or Dutch or back to random characters or groups of 5 letters helps improving speed and accuracy.
2020-02-04 Chasing more DX with HamAlert 1 month ago
This weekend I had some random radio time so I made a number of contacts. By numbers mainly in FT4 and FT8 but also some SSB and CW via the remote radio. I activated HamAlert triggers and used that to get a few countries in the log that I wanted confirmed via LoTW. This worked for Corsica and San Marino. I got an alert for a San Marino call on Saturday and worked it reasonably fast after an FT8 CQ from that station. On Sunday I saw a notification for a Corsican call on FT8. When I saw the activity I noticed the station was just calling other stations. So I just started answering the callsign in the hope of getting the contact and after a few tries the hint came across and I got the contact in the log. This is an area where an alerting system that uses more sources than just the DX cluster network works better: the station from Corsica never showed up on the DX cluster, but the activity was seen by PSKreporter and filtered by HamAlert into a notification to me. The contact with Corsica is already confirmed on LoTW.
2020-01-30 Backup to a remote webdav server, first success! 1 month ago
I found a completely different option for transferring files from linux to a remote webdav filesystem: fusedav. Mounting the remote 'cloud' disk with fusedav and synchronizing files with rsync is starting to work. I decided to split my backups into two categories: first there are file collections that usually only grow, like digital camera pictures and audio project files. This takes the most diskspace and doesn't really need versioning. The second category is configuration files, homedirs, mail and other things that change and where I may need an older version. This is where backups based on amanda work better. I mount the filesystem with:Read the rest of Backup to a remote webdav server, first success!$ fusedav -u koos -p topsecret https://webdav.cloudprovider/remote.php/webdav/ /home/koos/webdavmount/And the rsync command to backup to this mount:$ rsync -av --progress --bwlimit=512K --size-only --timeout=30 /camera/2003/ webdavmount/camera/2003/This looks scriptable so it can run on a regular basis with just a status update to me. Update:
Reliability is still an issue. I added the --timeout=30 parameter to make rsync abort when the bytes stop flowing.
2020-01-24 Longest matching IPv6 address selection biting me 2 months ago
Trying to get devuan updates, I see:Err:5 http://nl.mirror.devuan.org/merged ascii Release 404 Not Found [IP: 2001:878:346::116 80] Err:6 http://nl.mirror.devuan.org/merged ascii-security Release 404 Not Found [IP: 2001:878:346::116 80] Err:7 http://nl.mirror.devuan.org/merged ascii-updates Release 404 Not Found [IP: 2001:878:346::116 80]While nl.mirror.devuan.org has no shortage of IPv6 and IPv4 addresses:;; ANSWER SECTION: nl.mirror.devuan.org. 78083 IN CNAME deb.devuan.org. deb.devuan.org. 78083 IN CNAME deb.roundr.devuan.org. deb.roundr.devuan.org. 845 IN AAAA 2001:638:a000:1021:21::1 deb.roundr.devuan.org. 845 IN AAAA 2a01:4f8:140:1102:2b76:955d:b48f:bdf3 deb.roundr.devuan.org. 845 IN AAAA 2001:878:346::116 deb.roundr.devuan.org. 845 IN AAAA 2a01:4f8:162:7293::14 deb.roundr.devuan.org. 845 IN AAAA 2800:a8:c001::a deb.roundr.devuan.org. 845 IN AAAA 2a01:4f9:2a:fa9::2 deb.roundr.devuan.org. 845 IN AAAA 2001:590:3803::31:151 deb.roundr.devuan.org. 845 IN AAAA 2001:4ca0:4300::1:19 deb.roundr.devuan.org. 845 IN AAAA 2a02:2a38:1:400:422a:422a:422a:422a deb.roundr.devuan.org. 845 IN AAAA 2a0a:e5c0:2:2:400:c8ff:fe68:bef3 ;; ANSWER SECTION: nl.mirror.devuan.org. 78063 IN CNAME deb.devuan.org. deb.devuan.org. 78063 IN CNAME deb.roundr.devuan.org. deb.roundr.devuan.org. 824 IN A 126.96.36.199 deb.roundr.devuan.org. 824 IN A 188.8.131.52 deb.roundr.devuan.org. 824 IN A 184.108.40.206 deb.roundr.devuan.org. 824 IN A 220.127.116.11 deb.roundr.devuan.org. 824 IN A 18.104.22.168 deb.roundr.devuan.org. 824 IN A 22.214.171.124 deb.roundr.devuan.org. 824 IN A 126.96.36.199 deb.roundr.devuan.org. 824 IN A 188.8.131.52 deb.roundr.devuan.org. 824 IN A 184.108.40.206 deb.roundr.devuan.org. 824 IN A 220.127.116.11 deb.roundr.devuan.org. 824 IN A 18.104.22.168I always get the error for 2001:878:346::116 when connecting. This site seems to have a problem with the devuan mirror at the moment, so I'd like to use another one, but apt keeps going back to the same source. This has to do with IPv6 address destination selection (RFC 3484 / RFC 6724). A good explanation at IPv6 Destination Address Selection – what, why, how - Karl Auer with:Rule 9, “use longest matching prefix“, will prefer the candidate destination address that shares the greatest number of contiguous leading bits with the source address that would be chosen for it. Such an address is likely to be topologically closer to the source address.Indeed that address is close to my home network addresses:2001:0878:0346:0000:0000:0000:0000:0116 2001:0980:14ca:0001::/64So the "roundr" round robin isn't very round for IPv6 users. Workaround: reject the address that is giving me problems:# ip -6 route add unreachable 2001:878:346::116 # apt update Get:1 http://nl.mirror.devuan.org/merged ascii InRelease [25.6 kB] Get:2 http://nl.mirror.devuan.org/merged ascii-security InRelease [25.6 kB] Get:3 http://nl.mirror.devuan.org/merged ascii-updates InRelease [25.6 kB] Get:5 http://nl.mirror.devuan.org/merged ascii-security/main Sources [185 kB] Hit:4 http://packages.roundr.devuan.org/merged ascii InRelease Get:6 http://nl.mirror.devuan.org/merged ascii-security/main amd64 Packages [480 kB]
2020-01-21 Suricata and ppp: restart of suricata needed after ppp down/up 2 months agoOlder news items for tag english ⇒
Suricata is running and detecting attacks, but it was causing a 100% cpu load after a restart of the ppp connection (the DSL here uses PPP over Ethernet). The errors point at the problem starting when the ppp connection restarts:21/1/2020 -- 00:59:36 - <Error> - [ERRCODE: SC_ERR_AFP_READ(191)] - Error reading data from iface 'ppp0': (100u) Network is down 21/1/2020 -- 00:59:37 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argumentWhich also starts to fill the system log with:Jan 21 00:59:42 xxxxxxxx kernel: [11347441.726755] device ppp0 left promiscuous mode Jan 21 01:00:13 xxxxxxxx kernel: [11347472.055712] device ppp0 entered promiscuous mode Jan 21 01:00:13 xxxxxxxx kernel: [11347472.071533] device ppp0 left promiscuous mode Jan 21 01:00:13 xxxxxxxx kernel: [11347472.091653] device ppp0 entered promiscuous modeThe interesting part is that this causes higher power usage about five and a half hours later. Solution: restart suricata in an /etc/ppp/ip-up.d/ script.