News items for tag english - Koos van den Hout

2020-09-22 TLSA records for DANE can't have it all 15 hours ago
Yesterday I read about changes at LetsEncrypt that influence LetsEncrypt intermediate certificates and DANE and had a look at my own DANE record set up in december 2019.

I decided to change the 'usage' value to 1, meaning 'EE match validated by public CA' because it's linked to a known public CA, and the old value 3 meaning 'private EE' wasn't completely true because it's linked to a known public CA.

But I received a notification this morning, with:
Only certificate usages DANE-TA(2) and DANE-EE(3) are supported with SMTP.
With references to rfc 7672 section 3.1.1 and further which makes a valid point about CA validation in SMTP sessions.

So the validation chain is purely based on DNSSEC.

Tags: , ,
2020-09-16 My amateur radio activity versus the sunspot cycle 6 days ago
PD4KH start on HF bands versus the sunspot cycle
My start on the HF bands versus the sunspot cycle. Click for full graph with legend.
Recently the start of the new sunspot cycle is mentioned a lot in radio amateur news because the influence on ionospheric propagation is strong and the start of counted sunspot cycle 25 has started. Looking at the graphs I felt like I started just at the downward trend of the previous sunspot cycle.

So I looked it up at Solar Cycle Progression - NOAA / NWS Space Weather Prediction Center and zoomed in to the time when I made my first contacts making the screenshot in this article. And indeed, August / September 2014 was part of the last peaks of cycle 24, and it went mostly downhill from there. So my experience that I made my first HF contacts on 10 meter and soon had to go to lower frequencies to get any propagation matches those measurements.

Tags: ,
2020-09-13 A weekend with some radio: first hand-paddled morse contact, a new country and data contacts 1 week ago
After lots of other things a weekend where I made time for amateur radio. I set up the endfed antenna and used a mast to raise the antenna at the end of the garden a bit, which hopefully increases the range a bit.

The big new thing was the last radio contact of the weekend: I decided to get on the air with the paddle as an exercise in morse. After looking for a contact at a reasonable speed where the exchange would be more than just callsigns and signal report I heard someone call CQ on the 40 meter band at about 20 words per minute. So to exercise my sending and not try to decode everything at 20 words per minute I cheated and used the computer to decode most of the morse code. I answered with my call and some basic information, with the printed CW QSO example in front of me. The other radio amateur had the patience to listen to my relatively slow speed (12 words per minute) and I had the contact. So I ended with a good - ..- which is morse for TU which is the abbreviation for "Thank You!"

Earlier in the weekend I made lots of FT8 and some FT4 contacts, just getting more calls in the log. I saw some for me new countries active. I managed to get French Guadeloupe as a new country in the log, and Saint Julia on a new band.

My notifications for the Bulgarian Saints showed me that LZ595IP was active in PSK31. I haven't used that mode in a while. I made the contact, so now I have that call in morse and PSK31, still looking for other modes.

Tags: , ,
2020-09-02 An update to the home 1-wire network 2 weeks ago
For more than 12 years now(!) the house has temperature sensors using the 1-wire protocol. I recently redid some of the wiring between floors and I finally got around to rerouting the 1-wire network via this new route.

I also added a temperature sensor in the big room in the attic, we are thinking of using that room more often. To get an idea of how good that idea is we wanted to get an idea of the temperatures up there and that's what I have 1-wire sensors for! I soldered an 18b20 sensor to the end of a 4-wire flat phone cable, added it to the network and it's measuring.

So now 12 environmental temperatures are measured every 5 minutes: 9 in the house, one in the weather hut, one in the shed and one on the roof of the shed.

I also updated the 1-wire projects overview with how I use 4-wire flat phone cable in RJ45 connectors for 1-wire network. I had to look up how I did that previously before I could start adding new cables!

Tags: , , ,
2020-08-31 Adding static IPv4 routes for devices that still need those 3 weeks ago
I decided to have a look whether I can set up the static routes like those needed to get ads-b data out to plane finder via the dhcp server. This works a lot better than having to set those routes by hand after a reboot.

This can be done with the rfc3442 classless static routes extension in DHCP, which isn't supported out of the box by isc dhcpd. But there is support in the dhclient configuration on raspbian, so I only had to add the server side.

All the samples I could find for adding this to the server side added arrays of bytes which is harder to read/comprehend. I had a look at the dhcp-options manpage which showed the option to add a structured record with IPv4 addresses.

Main configuration adding the option:
option rfc3442-classless-static-routes code 121 = array of { integer 8, ip-address, ip-address };
# netmask bit count, destination, via
Specific host configuration using the option with the current address for Which may change!
        host joy {
            hardware ethernet b8:27:eb:ae:ad:47;
            option rfc3442-classless-static-routes 32;
This pushes route to via

Hosts that get this option via dhcp should ignore the default router option so if you need that too you will need to add a route for In my specific usecase I don't want to set a default IPv4 route.

Tags: , , ,
2020-08-25 A new Camp Wireless that looks the same 4 weeks ago
The new Camp Wireless that looks almost the same, but is completely rewritten is on-line.

It should look and work better on mobile devices. According to the statistics about half of the visitors is using a mobile device, so that is an important part.

I am a great fan of not breaking existing links, so they will keep working. There is a change in the url scheme for the site, but all old links redirect to the correct new location.

The details: Camp Wireless was completely written in PHP since the start of Camp Wireless in June 2004. But I didn't update the code a lot over the last years because I wasn't using PHP anymore and doing all my newer webprojects in modperl. This was becoming a risk, I didn't like updating the code anymore. I had to fix several things when I moved from the old homeserver to the new one because the new system came with PHP 7.

Since the url design of Camp Wireless was 'technology neutral' from the start (the main urls do not include .php or other hints to the used technology) it was possible to rewrite it in another language, as long as it could handle all the urls the same way.

I made one change to the url scheme: in the old setup the directory of campsites had urls with /database/region/ and /database/site/. Although there is indeed a database behind the site, the better term to use is directory, so I developed with /directory/region/ and /directory/site/ urls. And wrote a rewrite rule handler to redirect all the old links, because I don't like breaking old links.

I rewrote the site it in modperl. It was hosted on the development webserver and after implementing and testing each function I committed the result to version control. I still use cvs because that's what I once dove into.

After testing for a while with an acceptance version I finally made the switch today. After that I found a few functions missing so I added those promptly. Still using version control, so I know what I changed when and why.
Read the rest of A new Camp Wireless that looks the same

Tags: , , ,
2020-08-23 Getting work done on the Camp Wireless rewrite 1 month ago
In the last few weeks I had actual time to work on the planned rewrite of Camp Wireless in perl.

I rewrote it in perl and redid a small part of the CSS to use the CSS grid model to optimize Camp Wireless based on screen size. In the coming days I will create an 'acceptance' version of the site using the production version of the database, to iron out the last errors.

I still need to finish the correct 404 generation from within mod_perl scripts, advertising and some specific cases. And it's a good idea to run a website security scan on my work.

The look and feel hasn't changed a lot. I decided to present the same information in the same order and maintain most of the screenlayout.

Tags: , , ,
2020-08-03 Trying a number of amateur satellite passes with a new radio and finally success 1 month ago
Saudisat 1c / SO-50 cube satellite
Saudisat 1c / SO-50
A few weeks ago I tried the Baofeng UV-5R on a satellite pass again to at least receive signal. It did receive something but kept closing the squelch during reception even at squelch level 0. This seems to be a common problem with this model radio.

I decided to put some money into a handheld radio that can do full-duplex. My original Wouxun seems to have developed serious issues receiving on the 2 meter side, but it has served me very well as a handheld radio over the years. So based on reviews about the Wouxun KG-UVD8D/KG-UVD9D models and how their full-duplex capabilities worked in combination with satellites I decided to buy one of these. The current model is the KG-UV9K which adds airband receive capability. I ordered one from bamiporto which came after a few days.

Based on the settings in AO-85 & Wouxun KG-UV9D - more testing I set mine up and tried a number of passes. The passes on satellites AO-91 (Fox-1B) and AO-92 (Fox-1D) all failed. The passes weren't too high and during busy weekends so there was a lot of competition for the uplink. With only 4 watts I am a bit limited there.

The difference between the Baofeng UV-5R and the Wouxun KG-UV9K in handling audio from satellites with the squelch full open is clear: with the Wouxun I only get an interruption when I let go of the transmit button.

Yesterday evening I tried a high SO-50 pass. A southwest to northeast pass, which gave me the option to stand in the front yard with radio, antenna and a smartphone with the W1ANT satellite tracker. I had trouble understanding some stations but could hear others fine who seemed to understand most stations fine, given the contacts I heard. In a gap I called F5ERS/P which turned into a good first contact and after that G0ABI called me and that was a good second contact.

Tags: , ,
2020-08-01 Blocking Sendy as spammailer 1 month ago
The spam trying to sell me PC hardware keeps going on and I had a closer look. I noticed they all were sent with the following header line:
X-Mailer: Sendy (
I had a look through the last months of valid mail and spam mail: 1 valid mail using Sendy, 87 already seen as spam and 104 reports to spamcop. Those are clear numbers, so I created some spamassassin rules:
header LOCAL_MAILER_SENDY X-Mailer =~ /^Sendy \(https:\/\/sendy\.co\)$/
describe LOCAL_MAILER_SENDY Sendy mailer
Starting with adding 1 for using sendy, but I can add more. Reporting the 'PC hardware' spammers again and again and again via spamcop to hasn't helped yet.

Tags: ,
2020-07-31 Letting the nanokeyer decode my morse attempts 1 month ago
I'm still trying to learn morse and I currently make too many errors while sending with the paddle at a reasonable speed (12 words per minute).

Digging into the documentation for the winkeyer protocol showed me the option to get the morse it thinks I sent back to the computer.

This is even a supported option in winkeydaemon, the -e option.
       -e     Turns  on  winkeyer's  'echo'  feature and makes the daemon echo
              transmitted CW to all active clients (see '-p').

              Test this feature with the  'netcat'  utility:  'echo  |  nc  -u
      6789'.  This creates an active, echo-only client ses‐
And indeed I can test my work:
$ ./winkeydaemon -s 13 -e
$ echo | nc -u localhost 6789
This could be used to write a morse trainer program. For now I use it to test whether I paddle what I want.
Read the rest of Letting the nanokeyer decode my morse attempts

Tags: ,
2020-07-30 Backup to a remote webdav server using rclone 1 month ago
After the earlier issues with backing up to a remote webdav server I let the problem rest but made sure my backups were in order from time to time.

Until I came across a mention about rclone which especially mentions copying to various cloud services. Since I am trying to backup to a webdav server based on owncloud I had a look and this is a supported configuration in rclone. So I installed rclone to give it a try.

From the devuan distribution I got rclone version 1.35 which seemed to have problems with the specific owncloud server. So I had a look and newer .deb packages are available on the Rclone download page. This worked better.

On the first run rclone was convinced a lot of the files were modified locally since I transfered them with fusedav+rsync, so those were refreshed. But now it is all synchronized correctly the changes are minimal and the runtime isn't very long. I do make sure my uplink isn't filled completely so I limit the bandwidth. Command:
$ rclone --bwlimit 1M -v sync /camera/ owncloudservice:backuptest/camera/

Tags: , ,
2020-07-27 Different SSL tests make things complex 1 month ago
After mention of the tests at work I tested my webserver with the test from and got a failed for the cipher order test. I do have the 'best' configuration according to the Mozilla SSL Configuration Generator but the test at disagrees on this point because of the ordering of the ciphers. So with a lot of checking I now have:
Which is not the order Mozilla suggests, but gives me an A+ on the Qualys SSL Server test and a good result on the standards test at

I also found out generating my own Diffie-Hellman parameters is not good for parameter sizes of 2048 bits and up. I changed to a known-good group of 4096 bits.

Tags: , ,
2020-07-23 Twitter pointing me right at the dark side of social media 2 months ago
I separated my amateur radio twitter from my work and other contacts twitter to get less depressing world politics in my timeline and today Twitter showed me very clearly that I'm supposed to get agitated and depressed and not retreat into a safer bubble.

I got notifications on the @PE4KH account (including on my phone) to look at this tweet by Phil Karn KA9Q: Fascism has arrived in America. which quotes another political tweet.

I really appreciate the work Phil Karn has done in the past for networking and amateur radio, and as a person I feel sorry for him and others to have to live their daily lives in a situation like this.

But at the same time I don't want to be reminded constantly, because I can't do much about it and I will just feel more depressed. So it really annoys me that Twitter goes out of its way to point me to something that will agitate and depress me.

It seems like Twitter wants more doomscrolling and more depression to increase "engagement" at the short term.
Read the rest of Twitter pointing me right at the dark side of social media

Tags: , ,
2020-07-21 Spam trying to sell me PC hardware 2 months ago
Since a few weeks I notice a lot of spam with deals in PC and mobile phone hardware. Several different domain names, but all with an overview of latest models and prices. When searching in the log for the names, the patterns are visible:
Hosting seems to be at 2 or three places.

Tags: , ,
2020-07-16 Time to grow the diskspace for the home server 2 months ago
There were some ideas for one or more new virtual machines in the homeserver conway 2017 and the current volume group is almost full. Time to order some new diskspace because there's also some upcoming Devuan upgrades where I'd like to keep a snapshot of the 'before' situation so I can go back if everything breaks.

So I ordered 2 960 Gb SSDs. They will run in a mirror anyway. I was wondering whether to add them to the current volume group or take the 2 256 Gb SSDs out of the volume group. I decided to take those two out: there will be enough space after the upgrade and it can save some power. This does mean the new SSDs will also be set to be bootable and I will have to do a move of the volume group.

The order of changes:
  • Shut down machine
  • Install 2 new disks
  • Boot up machine
  • Partition 2 new disks with boot partition, make bootable with UEFI
  • Test boot from new disk
  • Make raid-1 device from the rest of the space on both disks
  • Add new raid-1 to volume group
  • Move volume group away from old raid-1
  • Remove old raid-1 from volume group
  • Unlink old raid-1
  • Shut down machine
  • Remove 2 old disks
  • Boot up again
Quite a number of steps, this will take some time.
Read the rest of Time to grow the diskspace for the home server

Tags: , ,
2020-07-15 I tamed systemd 2 months ago
I shared my earlier mishap with systemd on twitter: @khoos: Another run-in with systemd and got a reply to check the prerequisites: @devbeard: Is there something that needs to come after, before the thing is there for gpsctl to configure? and I added a dependency on the serial driver for the right port.

This seems to work now, it all comes up as planned. Updated file /etc/systemd/system/ublox-init.service:
Description=u-blox initialisation

ExecStart=/usr/local/bin/gpsctl -q -a -B 115200 --configure_for_timing

And now I'm greeted by a working ntpd at 115200 bps when I log in to the Pi.

Tags: , ,
2020-07-12 I participated in the IARU HF contest this weekend 2 months ago
Again this year one of the important radiocontests for me: the IARU HF contest was this weekend. I made both SSB and CW contacts on several bands.

I made 22 contacts in morse. I concentrated on SSB during the day, aiming to get some nice contacts in the log. There were good 10 and 15 meter openings which is always nice in a contest. I haven't done a lot of contesting on those bands so those enabled me to get more multipliers and a higher score.

In the end I made 159 contacts, with a claimed score of 343 qso points * 74 multipliers = 25382.

Tags: , ,
2020-07-04 Again with systemd in the new GPS Pi 2 months ago
Again and again systemd annoys me. This time in the GPS Pi configured for timing.

Since I want it to work perfectly at start I added the systemd rules as suggested by A Raspberry Pi Stratum 1 NTP Server - Phil's Occasional Blog with /etc/systemd/system/ublox-init.service containing:
Description=u-blox initialisation

ExecStart=/usr/local/bin/gpsctl -q -a -B 115200 --configure_for_timing

After reboot ntp was running, but no data at all from the gps unit, and gpsctl was unable to revive it. The solution was to disable the above unit and ntpd, powerdown and restart the whole system and try again. After that doing the changes by hand and starting ntpd worked fine.

It's probably some sort of race condition, but any time I try to make a system with systemd do something reliably I run into things like this.

Tags: , , ,
2020-07-03 Switched the GPS configuration to one optimized for timing 2 months ago
Based on A Raspberry Pi Stratum 1 NTP Server - Phil's Occasional Blog I switched the gps to a configuration optimized for timing. The default settings are optimized for location services, but I want an NTP server.

I used gpsctl to configure the ublox chip in the GPS/RTC Hat:
$ gpsctl -a -B 115200 --configure_for_timing -vv
Serial port ("/dev/ttyAMA0") open...
Serial port open and configured...
Automatically determining baud rate...
Trying 230400 baud...
Trying 115200 baud...
Trying 57600 baud...
Trying 38400 baud...
Trying 19200 baud...
Trying 9600 baud...
Synchronized on 9600 baud...
Changing baud rate to 115200...
Successfully changed baud rate to 115200...
After that I got location data at a high speed. I changed the /etc/ntp.conf parameters to use the GPS_NMEA and PPS drivers, with:
# PPS reference
server minpoll 4 maxpoll 4
fudge refid PPS

# GPS NMEA driver
server mode 89 minpoll 4 maxpoll 4 iburst prefer
fudge flag1 0 flag2 0 flag3 0 time2 0.043 refid GPS
And now I get much better numbers:
$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
oPPS(0)          .PPS.            0 l   14   16  377    0.000   -1.656   0.134
*GPS_NMEA(0)     .GPS.            2 l   13   16  377    0.000  -11.730   0.517
+ntpritchie.idef    3 u   44   64  377    4.263    1.436  62.373
+metronoom.dmz.c     2 u   44   64  377   12.141   -2.250  49.247
koos@henkp:~ $ ntpdc -c kern
pll offset:           -0.00142676 s
pll frequency:        7.468 ppm
maximum error:        4.934e-06 s
estimated error:      3.372e-06 s
status:               2001  pll nano
pll time constant:    4
precision:            1e-09 s
frequency tolerance:  500 ppm
The time offset factors still need work, but I'm getting close!

Tags: , ,
2020-07-03 The GPS ticks! 2 months ago
I remembered the junkbox contains an active GPS antenna which I bought together with the gpskit gps unit in 2003(!). And some other bits and pieces included a SMA to BNC adapter so I put the little GPS antenna outside and connected it to the GPS/RTC Hat.

Before I was back behind a computer it was showing a location and within a few minutes it had a PPS pulse. I was used to cold start taking at least 15 minutes with the gpskit!

So I tested with ntpd talking to gpsd via shared memory. This gave an interesting offset between local gps time and a nearby ntp server.
$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
*SHM(2)          .PPS.            0 l    6   64  377    0.000   -0.149   1.672
xSHM(0)          .GPS.            0 l    5   64  377    0.000  -104.51   1.943
+ntpritchie.idef    3 u  101   64  376    2.774    0.950  13.948
+metronoom.dmz.c    2 u   99   64  376   10.482   -0.844  10.638
$ ntpdc -c kern
pll offset:           -0.000136461 s
pll frequency:        -11.054 ppm
maximum error:        1.3748e-05 s
estimated error:      1.7071e-05 s
status:               2001  pll nano
pll time constant:    6
precision:            1e-09 s
frequency tolerance:  500 ppm
I'm not too happy about the fact that the GPS NMEA messages are seen as wrong, so I'm going to stop using gpsd and go for a setup optimized for timing.

Tags: , ,
  Older news items for tag english ⇒
, reachable as PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews