News items for tag english - Koos van den Hout

2020-11-25 New "country" in amateur radio: Jan Mayen 2 days ago
I still have a (short) list of European "countries" that I not yet have an amateur radio contact with. Jan Mayen was on that list and I set a specific alert in HamAlert to let me know when signals are seen from that part of the world. Today the alert fired and I had time to operate the radio. JX2US was active on 20 meter FT8. I joined the load of stations calling him and got an answer and a valid contact after trying for a while.

Jan Mayen is a very northern island belonging to Norway, but for amateur radio it is a separate entity. Jan Mayen has no permanent residents. According to the JX2US qrz page he does amateur radio in his spare time outside work in shifts.

Tags: , ,
2020-11-17 Mifare classic is still insecure... and still in use 1 week ago
I came across Using MIFARE Classic in 2020 - revk which states
So please, do not use MIFARE Classic as if they are secure!
and I couldn't agree more. There seem to be newer attacks that are even faster to crack the keys, which I will give a try soon.

Tags: ,
2020-11-08 RF knowledge helps fix completely different problems 2 weeks ago
For work I currently spent quite a bit of time in video conferences. I have an external webcam from work which gives a better image than the built-in webcam, but it regularly started giving problems in the image. Hickups or blinking images, suggesting some communications problem between the webcam and the computer.

Since the webcam, a Microsoft lifecam studio, is still being sold and advertised as works good with Windows 10 I thought it wasn't the age of the webcam or a problem with the drivers.

So I tried a different solution which is almost the standard solution of a radio amateur for interference problem: add more ferrite to the cables. The USB cable is thin which suggests to me there is not a lot of room for good shielding. Pulling the USB cable through a ferrite core twice right after the USB plug made the problems go away.

Tags: , , ,
2020-11-03 New countries in amateur radio: Cuba and the Seychelles islands 3 weeks ago
For most Dutch amateurs the first countries they have HF contacts with outside Europe are in North and South America. For some reason my DX from home has a slant to the east, so a lot of the Americas is still on my 'wanted' list.

This weekend I was active on the remote radio which has a 10-12-15-17-20 meter band antenna and I heard a Cuban station on 15 meters phone. After a number of tries I had the contact so that was my first contact with a Cuban station.

I also heard a station from Vatican City (for radio this is a separate entity) making contacts but it had so many stations responding I did not get through even with trying for almost 20 minutes.

Update 2020-11-04: Another new country in the log: the Seychelles islands. A country name that I usually associate with bad corners of the Internet at work is now a positive development as I got S79KW in the log with a very marginal FT8 contact on the 20 meter band, but I saw his final '73' report so it should have been logged on the other side.

Tags: , ,
2020-10-26 I participated in the CQWW DX SSB Contest this weekend 1 month ago
This weekend was the CQWW DX SSB contest, which is one of the bigger contests on the amateur radio calendar. I had planned to participate, I made sure to get my contest software TLF completely configured and tested before the contest. But I didn't get around much to it most of Saturday. I only started Saturday evening to make some contacts on 40 meters which wasn't very successful from my home station.

Sunday afternoon things got a lot better when I tried the 20 meter and 10 meter amateur bands. Yes, 10 meter was open during the contest. This wasn't completely surprising as I made a number of 10 meter FT8 contacts earlier in the week.

The claimed results:
Band   160   80   40   20   15   10
QSO's    0    0    5   31    0   25
Cty      0    0    4   16    0   15
Zone     0    0    3    4    0    3
Pts: 61  Mul: 45 Score: 2745       

Tags: , ,
2020-10-26 Speeding up TLS connections for Apache with OCSP 1 month ago
Encrypt all the things meme I have one Apache server exposed to the outside world for IPv6 clients (because of a history in hostnames going back to the 20th century). So after enabling OCSP for haproxy I decided to have a look at OCSP stapling for Apache 2.4. That's even easier than haproxy since Apache 2.4 will fetch the ocsp data itself. I followed Apache 2.4 SSL/TLS Strong Encryption: How-To OCSP Stapling and it works.

So now the current score at the Qualys SSL server test for is A+ both via IPv4 and IPv6.

Tags: , , , ,
2020-10-21 Upgrading Devuan linux from ascii to beowulf 1 month ago
I am upgrading Devuan linux installations from ascii to beowulf to get newer packages and continued security updates. There is only one package where I really want a newer version: openssl, so I can start using TLSv1.3.

This upgrade is just as simple as the upgrade from Devuan jessie to ascii three years ago. Just change the release name version and use apt update and apt dist-upgrade commands.

Today I did the development webserver and apache didn't start afterwards. I found out I need to enable php7.3 by hand, in the previous configuration php7.0 was enabled. A thing to keep in mind when upgrading the production webserver.

Tags: , ,
2020-10-20 Sorting by time with gpsbabel (oh and I cycled 36 kilometers today) 1 month ago
GPX viewer result of my cycling trip today I noticed when viewing my resulting track that there was something weird about the time. In the gpx file it was visible that the waypoints were not processed in order. So I searched for the way to make gpsbabel sort the waypoints by time. It took a bit of searching because I couldn't find any sample of sorting by time or other sorting options. But with some reading and thinking I found:
koos@kernighan:~/garmin$ gpsbabel -x sort,time -i garmin_fit -f 2020-10-20\ -o gpx -F 2020-10-20\ 13-12-51.gpx
The -x sort,time is 'sort by time'.

And I cycled 36 kilometers today. Some slight uphill parts, which lower my speed seriously. And the accompanying downhill parts increase my speed (and I keep pedalling, no need to limit my speed options as long as it's safe).

Tags: ,
2020-10-19 A serious cycling trip today 1 month ago
GPX viewer result of my cycling trip today I have a few days holiday and today I decided to work on cycling a bigger distance. In the end I cycled 90 kilometers (on my cycle computer) or 84 kilometers (according to the GPS). Both are fine with me, a good test of doing such a distance.

I tried to get routes with lots of long straight paths, which are nice on my recumbent. That worked out ok. I cycled home - De Bilt - Bunnik - Odijk - Werkhoven - Cothen - Wijk bij Duurstede - Amerongen - Elst - Veenendaal - Renswoude - Scherpenzeel - Woudenberg - Zeist - De Bilt - home.

Average speed according to my cycling computer which will stop measuring when I pause: 20.60 kilometers per hour. Top speed was 47 kilometers per hour on a long downhill stretch near Zeist.

Tags: ,
2020-10-14 Speeding up TLS connections for haproxy with OCSP 1 month ago
Encrypt all the things meme On my to-do list was the idea to look at OCSP stapling for haproxy. OCSP is Online Certificate Status Protocol which wraps the revocation status of a certificate in the certificate negotiation. This speeds up the TLS setup a bit since the client doesn't have to make an extra connection to the OCSP responder of the certificate issuer and it adds a bit of privacy because the certificate issuer doesn't see which client requests the status of a certificate.

Finding the right way to get the ocsp updates to haproxy was a bit of work, eventually made some modifications to the script in HAProxy OCSP stapling. I also used the remarks in OCSP stapling with HAProxy. From pitfall to euphoria because I saw the "OCSP single response: Certificate ID does not match any certificate or issuer" error message. I had to restart haproxy first to make it enable ocsp processing (because now each server certificate has its own .ocsp file) and now it accepts the "set ssl ocsp-response" command.

Update: I'm not completely happy yet: after a certificate was renewed haproxy complained about the .ocsp file being out of date. Which is fully correct, since that .ocsp file was about a previous version of the certificate. This needs more work. Ideally I would check the validity of the .ocsp file before deciding to renew it. And fetch the new ocsp data before reloading a renewed certificate.

Anyway, the 'TLS setup' part of connecting to sites like goes from 20-21 milliseconds to 5-8 milliseconds. Not a blinding fast improvement but all bits help and I like to have optimal security and privacy.
Read the rest of Speeding up TLS connections for haproxy with OCSP

Tags: , , ,
2020-10-13 Searching for a vulnerable framework found in weblogs 1 month ago
I had a look at some weblogs and after removing the entries caused by webbots most of the rest of the traffic was attacks. All on stuff I don't have (usually wordpress), but one thing was noticeable: - - [13/Oct/2020:00:17:34 +0200] "GET ////nette.micro?callback=shell_exec&cmd=ifconfig HTTP/1.1" 404 747 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36" - - [13/Oct/2020:00:17:41 +0200] "GET /////nette.micro?callback=shell_exec&cmd=ifconfig HTTP/1.1" 301 715 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36" - - [13/Oct/2020:00:17:43 +0200] "GET /nette.micro?callback=shell_exec&cmd=ifconfig HTTP/1.1" 404 747 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36"
From what I've found about the 'nette microframework' there are callbacks, but none of those is called shell_exec.

Tags: , ,
2020-10-06 Finished and tested the electronics of another project: the igate 1 month ago
After finishing the Raspberry Pi ntp server in the weekend I continued on a long-running project: the PI4RAZ igate I started working on in June (and ordered in September 2019). I dragged the soldering iron, the soldering mat and lots of parts downstairs to work on it on Sunday evening. Soldering lots of pins to an Arduino nano is hard work.

I finished the last soldering on Monday evening and had a long and hard look at all the connections and redid a few. I used a multimeter to make sure three really close soldering islands weren't connected, found two with 0 ohms between them in both polarities so I fixed that issue.

After that I took the plunge of actually powering up the print and it looks good. The display shows output and I can walk through the setup when I connect a usb cable to the ESP32 module.

I can't make it run yet: the space for the wifi password in the ESP32 module is only 25 characters which is not enough for our home network. So I will have to look into changing the code (it has an update anyway: Software update iGate - PI4RAZ) and find a working way to program an ESP32 from linux.

Tags: , ,
2020-10-04 Moved the new Raspberry Pi ntp server to the shed and did the last bits of configuration 1 month ago
I moved the new ntp server to the shed today. I found a nice case for it: an actual wooden box. I climbed on the roof of the shed to find a place for the GPS antenna (with magnetic base). Parts of the enclosures around our solar panels are from ferrous metals, so I found a place with an ok view of the sky to place the antenna and led the cable to a ventilation shaft to get it inside the shed. I made sure the cable was going up in the ventilation shaft first to avoid having a drip loop on one of our bicycles.

Although I did most work on the w1retap configuration before I couldn't get it running at first. I kept seeing the error message:
koos@henkp:~ $ LD_LIBRARY_PATH=/usr/local/lib/w1retap w1find DS2490-1
Error 119: Failed to set libusb configuration
It took some serious searching to find a hint: that is caused by the usb device file access rights. Solution is to install the 45-w1retap.rules that comes with w1retap into /etc/udev/rules.d.

At the moment weather data is being fetched on the Raspberry but the wifi between shed and house is so bad that the data stays there. I'm not sure how that can be fixed. It turns out the external wi-fi dongle I bought was listed as having 5 GHz support, but the reviews of the chipset used say it doesn't. The congestion in the 2.4 GHz band makes it very difficult to reach the pi. Doing a ping test over longer time gives me 91% packet loss.

I dug up a different 2.4 GHz antenna from the junkbox and suddenly the connection is stable with a lot less packet loss. This antenna is directional and now pointing right at my access point.

Now the weather data is collected and forwarded to the server for Weather station Utrecht Overvecht.

NTP didn't seem to work on the first try, I'm not seeing any data for the GPS_NMEA server. This works again after a powerdown/up.
Read the rest of Moved the new Raspberry Pi ntp server to the shed and did the last bits of configuration

Tags: , , ,
2020-09-29 I participated in the CQWW RTTY Contest 2020 1 month ago
RTTY Contest on websdr I was wondering until the last moment whether to do it or not but eventually I did participate in the CQWW RTTY Contest in the last weekend. Seeing other radio amateurs get ready on social media helped me decide and jump in.

I made 165 contacts on the 20 and 40 meter band. No new countries! I was seeing decodes from a station from Thailand but he did not decode my replies. It was also interesting to see how some stations that couldn't hear me at one time were almost easy to contact at other times. But not the one from Thailand, that one never came back.

I only worked search and pounce, looking for other stations available for contacts. Some stations had major pile-ups but coming back later helped.

Getting my log in a format that I could upload was a bit of an issue. I selected the CQWW-RTTY contest in the contest setup of fldigi, and it logged the CQ zone numbers and state in the right windows. But on the export to cabrillo there is no option to export those values. Workaround: select the right adif part of the log and use the CQ WW RTTY DX Contest ADIF to Cabrillo Convertor. I did have to fix my one US contact since the state wasn't exported correctly.

Update 2020-10-04: My raw score before log checking is 22579 points according to 2020 CQ WW RTTY Contest raw scores.

Tags: , ,
2020-09-27 Logging a cycling tour and visualizing the results 2 months ago
gpxviewer map of my cycling 2020-09-27, map from openstreetmap We went cycling today and I fixed the speed computer on my bicycle and brought the GPS unit to get a good tracklog. Both worked fine so I know where I cycled, when and how fast.

The Garmin GPS saves data in .fit format but it's easy to convert that to gpx using gpsbabel, and visualising the resulting gpx is done with gpxviewer. The maps in gpxviewer are from openstreetmap, which means they are both good and free to use.

The magic conversion command from Garmin .fit to .gpx :
koos@kernighan:~/garmin$ gpsbabel -i garmin_fit -f 2020-09-27\ -o gpx -F 2020-09-27\ 16-37-30.gpx
Which doesn't produce any output messages when things go well. No news is good news.

Tags: ,
2020-09-22 TLSA records for DANE can't have it all 2 months ago
Yesterday I read about changes at LetsEncrypt that influence LetsEncrypt intermediate certificates and DANE and had a look at my own DANE record set up in december 2019.

I decided to change the 'usage' value to 1, meaning 'EE match validated by public CA' because it's linked to a known public CA, and the old value 3 meaning 'private EE' wasn't completely true because it's linked to a known public CA.

But I received a notification this morning, with:
Only certificate usages DANE-TA(2) and DANE-EE(3) are supported with SMTP.
With references to rfc 7672 section 3.1.1 and further which makes a valid point about CA validation in SMTP sessions.

So the validation chain is purely based on DNSSEC.

Tags: , ,
2020-09-16 My amateur radio activity versus the sunspot cycle 2 months ago
PD4KH start on HF bands versus the sunspot cycle
My start on the HF bands versus the sunspot cycle. Click for full graph with legend.
Recently the start of the new sunspot cycle is mentioned a lot in radio amateur news because the influence on ionospheric propagation is strong and the start of counted sunspot cycle 25 has started. Looking at the graphs I felt like I started just at the downward trend of the previous sunspot cycle.

So I looked it up at Solar Cycle Progression - NOAA / NWS Space Weather Prediction Center and zoomed in to the time when I made my first contacts making the screenshot in this article. And indeed, August / September 2014 was part of the last peaks of cycle 24, and it went mostly downhill from there. So my experience that I made my first HF contacts on 10 meter and soon had to go to lower frequencies to get any propagation matches those measurements.

Tags: ,
2020-09-13 A weekend with some radio: first hand-paddled morse contact, a new country and data contacts 2 months ago
After lots of other things a weekend where I made time for amateur radio. I set up the endfed antenna and used a mast to raise the antenna at the end of the garden a bit, which hopefully increases the range a bit.

The big new thing was the last radio contact of the weekend: I decided to get on the air with the paddle as an exercise in morse. After looking for a contact at a reasonable speed where the exchange would be more than just callsigns and signal report I heard someone call CQ on the 40 meter band at about 20 words per minute. So to exercise my sending and not try to decode everything at 20 words per minute I cheated and used the computer to decode most of the morse code. I answered with my call and some basic information, with the printed CW QSO example in front of me. The other radio amateur had the patience to listen to my relatively slow speed (12 words per minute) and I had the contact. So I ended with a good - ..- which is morse for TU which is the abbreviation for "Thank You!"

Earlier in the weekend I made lots of FT8 and some FT4 contacts, just getting more calls in the log. I saw some for me new countries active. I managed to get French Guadeloupe as a new country in the log, and Saint Julia on a new band.

My notifications for the Bulgarian Saints showed me that LZ595IP was active in PSK31. I haven't used that mode in a while. I made the contact, so now I have that call in morse and PSK31, still looking for other modes.

Tags: , ,
2020-09-02 An update to the home 1-wire network 2 months ago
For more than 12 years now(!) the house has temperature sensors using the 1-wire protocol. I recently redid some of the wiring between floors and I finally got around to rerouting the 1-wire network via this new route.

I also added a temperature sensor in the big room in the attic, we are thinking of using that room more often. To get an idea of how good that idea is we wanted to get an idea of the temperatures up there and that's what I have 1-wire sensors for! I soldered an 18b20 sensor to the end of a 4-wire flat phone cable, added it to the network and it's measuring.

So now 12 environmental temperatures are measured every 5 minutes: 9 in the house, one in the weather hut, one in the shed and one on the roof of the shed.

I also updated the 1-wire projects overview with how I use 4-wire flat phone cable in RJ45 connectors for 1-wire network. I had to look up how I did that previously before I could start adding new cables!

Tags: , , ,
2020-08-31 Adding static IPv4 routes for devices that still need those 2 months ago
I decided to have a look whether I can set up the static routes like those needed to get ads-b data out to plane finder via the dhcp server. This works a lot better than having to set those routes by hand after a reboot.

This can be done with the rfc3442 classless static routes extension in DHCP, which isn't supported out of the box by isc dhcpd. But there is support in the dhclient configuration on raspbian, so I only had to add the server side.

All the samples I could find for adding this to the server side added arrays of bytes which is harder to read/comprehend. I had a look at the dhcp-options manpage which showed the option to add a structured record with IPv4 addresses.

Main configuration adding the option:
option rfc3442-classless-static-routes code 121 = array of { integer 8, ip-address, ip-address };
# netmask bit count, destination, via
Specific host configuration using the option with the current address for Which may change!
        host joy {
            hardware ethernet b8:27:eb:ae:ad:47;
            option rfc3442-classless-static-routes 32;
This pushes route to via

Hosts that get this option via dhcp should ignore the default router option so if you need that too you will need to add a route for In my specific usecase I don't want to set a default IPv4 route.

Tags: , , ,
  Older news items for tag english ⇒
, reachable as PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews