News items for tag english - Koos van den Hout

2017-12-02 Preparing gpredict for AO-91 Fox-1B RadFxSat 1 week ago
Although reports are showing up that AO-91 has the usual 'zoo' when it's over southern Europe I still want to prepare for making contacts on interesting passes. So I dove into adding satellite transponder details to Gpredict again. According to [amsat-bb] AMSAT-OSCAR 91 identified it is Norad object 43017. And when Nico Janssen finds a satellite using his methods of doppler-curve fitting it's a very good indication it's the right one.

So time to create a .config/Gpredict/trsp/43017.trsp with the right frequencies and details:
[Fox-1B trsp 67 Hz PL]
Now to find a pass at a for me usable time.

Tags: , ,
2017-11-25 Portable operation close to my home 2 weeks ago
Today I had some time left and the choice was between staying at home and throwing out the endfed and making a lot of contacts in digital modes or going out and trying a nearby park and making a lot less contacts but learning about my options there.

Fibermast on parkbench I chose the latter one: I loaded my gear in the bicycle trailer and cycled to a nearby park, just outside the city limits of Utrecht. I took the fiber mast and used two elastic straps to tie it to a parkbench. The effect was that the mast was slanted but using it with the wire of the endfed twisted around it the fiber mast stayed up fine without needing its guy wires. And I forgot to bring the tent pegs anyway so I was unable to guy the mast.

I tried the endfed as a vertical with some slack at the bottom and the transformer at the bottom. This gave me a horrible standing wave ratio on 40 and 20 meters. I guess the endfed is only balanced when it is stretched. The quick fix was to add a common-mode choke in the coax to the radio. I also added a counterpoise wire to the earth of the endfed to be somewhat balanced again.

On the 40 meter band reception was ok but I could not understand a lot of stations. On the 20 meter band there was local interference.

In the end I logged one whole contact on the 40 meter band with an Italian special event station. He gave me a 4-4 report and I gave him a 5-9+. After a few tries I gave up making him log me as /portable so I logged it in my PE4KH log. The location is still within JO22NC so I logged in my home log.

As soon as the sun set it started cooling down and the grass got wet and I went home.

It's a nice location and quite reachable from home. It's 10 minutes cycling and in 10 minutes I had the mast and the radio set up.

Tags: ,
2017-11-15 Lots and lots of distributed SSH scanning 3 weeks ago
I am noticing lots and lots of distributed SSH scanning, not doing enough attempts from one IP address to trigger fail2ban. Timing and choice of login names used suggest a strong link between the ssh attempts even when source IPs are very different. Login names also refer to websites hosted on the same address.

At a given moment I started wondering if this was just me, but others reported the same and exchanging IP address lists showed a lot of matches between attacks on totally unrelated systems.

Tags: ,
2017-11-13 Linux and enabling NFSv4 name mapping 4 weeks ago
Note: even with full name mapping enabled you will still have problems. To get this mapping fully working you will need to establish trust relations via kerberos.

When I shared my article on NFSv4 on the synology I noticed I left out the fundamentals about Linux and NFSv4 with name mapping. All kernels I nowadays run into have the same preference to disable using names over NFSv4 because somewhere the decision was made to assume most Linux systems will be in an environment with centralized UID/GID management.

In any environment with devices with their own UID/GID management (such as synology devices without central LDAP) this will not be true. So the defaults need an override.

The runtime way to change this is, for the nfs client kernel process:
# echo N > /sys/module/nfs/parameters/nfs4_disable_idmapping
And for the nfsd server kernel process:
# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Notice the one letter difference.

To make this change more permanent, set up a file with a name like /etc/modprobe.d/local-config.conf with
options nfs nfs4_disable_idmapping=0
options nfsd nfs4_disable_idmapping=0
And you still need to set /etc/idmapd.conf on all systems involved (both clients and servers) with the same value for the 'Domain'. I obviously have:

Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
Domain =


Nobody-User = nobody
Nobody-Group = nogroup
And enable idmapd. How you enable this depends on your Linux distribution. In ubuntu server it's in /etc/default/nfs-common with
# Do you want to start the idmapd daemon? It is only needed for NFSv4.

Tags: ,
2017-11-13 The television version of "The Cuckoo's Egg" 4 weeks ago
I read the Dutch version of "The Cuckoo's Egg" when it came out in 1989. Later I bought the English version.

Via a complete diversion I found out this weekend the book was made into a TV documentary: The KGB, the Computer and Me which has a lot less personal diversions than the book. It is played by Clifford Stoll himself and others involved in the original story. Although the CIA guys look a bit more stereotypical than they come out in the book.

A very interesting part is there is a closing remark in the documentary by Markus Hess. Now I want to get a view of the movie of the other side, '23'.

The funny part is that I found this documentary from following news related to amateur radio: Cliff Stoll -- K7TA -- Has THE KNACK. And a GREAT NOVA Video. Clifford Stoll does have a callsign: K7TA

Tags: , , ,
2017-11-10 Really disabling framebuffer on a modern linux 1 month ago
Framebuffer is nice but I want it really disabled on my new homeserver 2017 because that will end up in the attic where I don't want a repeat of the earlier Linux-related radio interference problem. And for virtual machines it's a bit of overkill too.

To disable framebuffer in both grub and the running Linux it has to be disabled twice. Both in /etc/default/grub which now has these two lines:


Tags: , ,
2017-11-10 NFSv4 on the synology isn't complete NFSv4 until you do some special configuration 1 month ago
This solution fails at the moment I start using rsync to sync directories to the Synology. Update when I find out where that goes wrong.

I am now using a synology for storage in the home network. Linux clients use NFS to access the Synology, and nowadays the default NFS version is version 4, which does things quite differently from version 3. NFS version 4 is supposed to use user names with NFS domain names and rpc.idmapd instead of numeric user and group IDs.

After serious debugging I found out NFSv4 with the synology doesn't use names as I expected. I kept looking at nfs client settings but eventually I used tcpdump, wireshark and tshark to find out owner names aren't used at all. Numerical UIDs are used as text in the NFSv4 answers, even for files that have an owner that is known in the synology. As if the nfs4_disable_idmapping=0 is never set for the NFS server.

I confirmed this with capturing the NFS traffic with tcpdump and analyzing the pcap files with wireshark and tshark. I indeed see:
                        reco_attr: Owner (36)
                            fattr4_owner: 1026
                                length: 4
                                contents: 1026

A lot of google searching confirms this, including anyone have nfsv4 actually working? - Synology Forum. The next step is to adjust the idmapping in the running kernel on the synology, using:
# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Now I indeed see the right strings in the NFSv4 traffic, but the idmapd on the client doesn't translate for some reason. Fixing the /etc/idmapd.conf file helped.

The next step is to make this change permanent on the synology. Adding a file /etc/modules.local.conf with
does the trick. This I learned from reading the startup file /etc/rc.subr which loads the kernel modules.

And now I see the right data in the NFS traffic:
                        reco_attr: Owner (36)
                                length: 15
And the user mapping works. On an older system I have UID 501, on the synology I have UID 1026 and on a new system I have UID 1000, and I'm owner of the files everywhere.

Tags: , ,
2017-11-08 Trying to receive Fox-1A (AO85) telemetry 1 month ago
I decided to try to receive telemetry data from the Fox-1A (AO85) satellite to prepare for receiving telemetry from the new RadFxSat right after launch. The FoxTelem program is ready to receive data from all the Fox series satellites so this was a good way to test my receiving setup.

This afternoon there was a reasonable pass so I decided to give it a try. With the FT-857D radio tuned to the downlink frequency 145.978 MHz in FM packet mode. While I did hear the conversations on the satellite in the noise the program did not seem to receive anything. And then I noticed the sound display in the program reacted strongly when I tapped the microphone connected to the mixing board. I chose the wrong audio device. I have two USB audio devices connected to the computer, one feeds audio from a mixing desk and one feeds audio from the radio. Normally I can keep them apart but FoxTelem was only showing one of them.

The solution was to set FoxTelem to the audio device 'default' and use pavucontrol to switch the input of the application to the right USB audio device. But by the time I figured that out the satellite was already too far to receive any useful telemetry data.

Time to find another nice pass with useful elevation (above 10 degrees) to try this again. And it's a good preparation for the launch of Fox-1B.

Tags: , ,
2017-11-07 Waiting for the launch of RadFxSat (Fox 1B) 1 month ago
The subset of radio amateurs that is interested in amateur satellites is waiting for the launch of RadFxSat / Fox 1B. The name 'RadFxSat' stands for 'Radiation Effects Satellite'. The primary mission is in cooperation with Vanderbilt University ISDE studying radiation effects on commercial off the shelf components.

The amateur radio mission is a FM U/v repeater with CTCSS, which means it can be used by radio amateurs to make long distance contacts.

As any new satellite, the first phase after launch is a lot of testing before any experiments or radio services are started. During the testing phase the satellite will transmit short radio messages (audio with data mixed in as low frequency tones) with telemetry data. By receiving the telemetry data and forwarding it to the operators radio amateurs can help the testing. This telemetry includes voltages and temperatures which allow the operator to find out if the satellite operates as designed and whether the power budget (generated power from solar panels minus used power) is good.

To receive telemetry from the Fox series satellites and forward it a program has been developed named FoxTelem and I am glad to see a linux version is available. This allows me to receive the satellite unattended and forward the data. I will at least try to participate in the 'Launch and Early Orbit program' during the first few days.

Current launch date is planned at November 14th.

More information:

Tags: , ,
2017-11-07 Spammers using old lists 1 month ago
I'm easily amused by the rejects in the maillog clearly caused by spammers using ancient lists.

For example, I'm still seeing attempts to mail the address that I used for signing up to linkedin. When the first spam came after the linkedin breach in 2012, I changed the address and disabled the original address. But spam for that address still came in this week.

Tags: , ,
2017-10-31 Spammers overdoing it a bit 1 month ago
Dear Professor Epocafe,
Yes, there is an e-mail address that looks like repocafe@ but it's not a person.

Tags: , ,
2017-10-30 I am a paranoid bastard 1 month ago
PGP lock logo I needed to look up some gpg commands and found GPG Cheat Sheet and it had what I was looking for.

Looking at this page I found this gem:
Ok, so what if you're a paranoid bastard and want to encrypt some of your own files, so nobody can break into your computer and get them? Simply encrypt them using yourself as the recipient.
That makes me a paranoid bastard since I use this to store passwords and other secrets.

Tags: , ,
2017-10-30 I participated in the CQWW DX contest 1 month ago
This weekend was the CQ World Wide DX Contest. This is indeed another phone (voice) contest, so I connected headset, footswitch and the remote head of my radio. I had some time to participate on Sunday early afternoon and Sunday evening. On Sunday afternoon the logical band to try was 20 meters, on Sunday evening 40 meters. In the end I made 51 contacts.

All I did was 'search and pounce', checking for stations calling CQ that I could understand good enough and transmit my call back to them in the hope they would hear me. Some stations had me on the first try, some took several tries and some never heard me. The DX that got away was a Kazakhstan station who could not decode my call even after several tries.

I used the yfktest contest software for Linux again. This wasn't very hard as yfktest has a standard definition for the CQWW DX contest.

I heard both serious contest stations and single operators just calling CQ on the air. Interesting was to work OH1LWZ/M who according to his qrz page is really contesting mobile from his car or bicycle.

For next time I have to check the compression and gain settings for SSB on my Yaesu FT-857D radio when using the headset.

Claimed results:
Band    QSO    Qpts   Dupes Countries Zones
  20     40      48       0      15       5
  40     11      19       0       9       6
 ALL     51      67       0      24      11
 Total Score: 2,345
A few times I heard the contest call PA0AA of my radio club who worked very hard to get the antenna at the club ready for contesting, but only in the background when I was trying other calls. It would have been nice to get them in the log.

Tags: , , ,
2017-10-20 Testing the new fibermast from a remote location 1 month ago
I had time this week to test the fibermast I ordered and I wanted to do this at a location away from houses. Someone suggested the location 'Trintelhaven' which is a small harbour in the dike between Enkhuizen and Lelystad. This is a harbour of refuge in which ships on the Ijsselmeer can find a safe location to spend the night or wait out a storm.

Usually I do my outdoor radio activities at cycling distance, but this was an interesting location, I had the day available and I felt like going a bit further.

The Trintelhaven is originally an island created for the construction of the dike between Enkhuizen and Lelystad, which was going to form the 'Markerwaard'. But that plan was cancelled and now it is the 'Markermeer' (lake) with a new project to bring more life into it.

In the end I learned things about the new fiber mast, played radio, enjoyed the outdoors and had fun.
Read the rest of Testing the new fibermast from a remote location

Tags: , ,
2017-10-16 Information gathering for ssh attacks 1 month ago
Someone has been looking at websites I run to think of ssh login names to try:
Oct 16 16:21:53 greenblatt sshd[19367]: Invalid user weather from
Oct 16 16:22:11 greenblatt sshd[19387]: Invalid user weatherstation from
Oct 16 16:55:07 greenblatt sshd[22596]: Invalid user weerstation from
All valid and published websites on this system:,,

Tags: ,
2017-10-15 Getting to play VIC-20 games again 1 month ago
VIC-20 startscreen Ages ago my first homecomputer was a Commodore VIC-20. I did basic programming on it and played some games. I remember the game Centipede and loading games from audio cassette.

These days games seem to be enormously complex and expensive or filled with advertisments. I don't like these, the last time I seriously invested time in a game was Pinball Dreams.

I found out about the VIC-20 emulator xvic, part of the vice package. I even bought a cheap USB joystick to use. I never had a joystick with my VIC-20 so it was about time to get one. This joystick is a DragonRise Inc. Generic USB Joystick (yes, including the spaces) and I noticed today it wasn't working right: up and down on the joystick did not work. I found out eventually the left and right on the second stick mapped to up and down, thanks to a simple joystick tester from Joystick - Denialwiki in 7 lines of Basic.

Some searching found DragonRise USB Driver Issue - RetroPie which mentions this issue in hid-dr.ko happened in Linux 4.4 - 4.9.

I did not feel like going back to compiling my own kernels for this laptop, but there is a simple solution in Ubuntu 16.04: use hwe (hardware enablement) kernels. These seem to be aimed at the long term support server versions, but they fix my joystick problem and I can play centipede.

Tags: , , ,
2017-10-11 Haproxy on the new home server and devuan upgrades 2 months ago
I got around again to working on the new homeserver 2017 and I worked on the installation of a 'testing' virtual machine with virt-install. This test machine also runs devuan linux. The first application I was testing on there is haproxy.

haproxy I noticed some defaults I did not expect (such as preferring IPv4 over IPv6). It seems the 'stable' devuan has the same age issues as 'stable' debian. Otherwise haproxy does what it is supposed to and I may standardize on it.

Upgrading was easy, I looked at Upgrading Devuan Jessie to Ascii and just changed jessie to ascii in /etc/apt/sources.list and did an apt-get dist-upgrade. The only minor issue afterwards is that the system now insists on using framebuffer video, which I find overkill for a virtual machine. VGA 80x25 is fine.

Tags: , , ,
2017-10-10 Plotting the number of contacts (again) 2 months ago
After working through the results of my participation in the Russian worldwide digimode contest 2017 I decided to run a graph again of contacts per month as I did in Februari 2017. And remember how I made those graphs this time and save it in a plot script. qsl count plot

And the plotscript:
set output "qslcount.png"
set terminal png size 440,300 fontscale 0.7
set timefmt "%Y-%m"
set xlabel "Month"
set ylabel "Number of contacts"
set xdata time
set style data lines
set xtics format "%b %Y" 
set xtics rotate
plot "dataset-qsocount" using 1:2 title "Contacts/Month"
The interesting peak in January 2017 is still visible, it was caused by two contests I participated in: the ARRL RTTY roundup 2017 and the UBA PSK63 prefix contest 2017.

Tags: , ,
2017-10-09 I participated in the Russian worldwide Digimode contest 2 months ago
Past weekend was the Russian worldwide digimode contest edition 2017. I mounted the endfed antenna outside and participated when time was available.

Thinks went good in search and pounce mode, there were multiple instances of making more than one contact in the same minute according to the log. Calling cq gave less response but I also got some contacts logged that way.
Band  QSOs Dupes Points Mults
160      0     0      0     0
80       0     0      0     0
40      46     0    280    32
20      41     0    129    35
15       0     0      0     0
10       0     0      0     0
Total   87     0    409    67
Claimed score is 27403 points
Since I operated in more than one band and with power above QRP levels I entered in the SINGLE-OP ALL HIGH category.

Tags: , ,
2017-10-09 Interesting NFS exports problem 2 months ago
I am used to being unable to unmount filesystems as long as they are NFS exported. It took me a while to find out how to correctly unexport filesystems before trying to unmount them. The easy solution would be to unexport everything and just export the other filesystems, but I'd rather not interrupt NFS availability of other filesystems.

So it was time to check some large filesystems again and I'd rather not do that during boot as it can delay booting for up to an hour. Currently those filesystems are exported via IPv4 and IPv6. Removing the export for IPv4 is easy:
# exportfs -u
But for IPv6 it gets harder:
# exportfs -u 2001:db8:a::/64:/export
exportfs: Invalid unexporting option: 2001
So it is still exported via IPv6. And next thing I try to unmount it and notice it's ok to unmount a filesystem that is only exported via IPv6. I guess this shows some interesting bug.

Tags: , ,
  Older news items for tag english ⇒
, reachable as PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps