News items for tag english - Koos van den Hout

2020-12-18 Some people actually read instructions 1 month ago
Back when I started with world wide web things I created my own links page. For my own use, so I had my web links available on all my computers.

With the rise of 'search engine optimization' I started to receive requests to add certain links. First as bulk 'link exchange' mails but later as automated "personal" requests which have their own special rant.

The "personal" requests sometimes used interesting backstories such as a school project where the children had found such a good resource together and the teacher hoped to bring a smile to the childrens' faces by having the suggestion from the schoolchildren actually implemented.

So I added a line at the beginning of the page:
If you want to mail me to notify me about your very special link that really needs to be here to help children all over the world, enable world peace, would be the best resource ever or simply increase your pagerank: Don't. These are my links.
and this seems to help. For now.

Tags: ,
2020-12-13 Makefile logic not working perfectly 1 month ago
I noticed the certificate for was expired according to my webbrowser. I dug up the reason and found out the scripts to maintain the ocsp files managed to confuse the Makefile to keep the haproxy certificates updated.

The ocsp responses have more updates than the certificates, but a certificate update needs to be processed anyway.

So I updated the Makefile in the previous post. The dependency is now certificate-stamp depends on installed certificates, installed certificates depend on copied certificates. And installing the certificate also updates the ocsp response.

Tags: , , , ,
2020-12-11 Put all the scams together, maybe one of them works... 1 month ago
Interesting scam e-mail today, I guess it tries all possible scams and hopes to find out which one(s) work. Sent using the invite option of google forms, which seems to be popular with scammers recently.
I've invited you to fill out a form:
Attention Dear Customer
Attention Dear Customer,

We attempted to dispatch your item at 11:29 AM GMT+1 on the 19th of November, 2020 [11-19-2020].

Your delivery attempted to be delivered was affirmed to be among the list of deliveries abandoned in our delivery factory loft in the category

of the delivery file cases that consist of Stimulus Payment, Lottery Winners/Contract payments, Compensation & Inheritance Payments and

unclaimed consignments(concealed funds) From 2017 - 2020 and was abandoned due to the the COVID-19 (Coronavirus) pandemic that has

caused the lockdown in the country at large including the Holiday that has stopped it from getting to you respectively.

The shipping charge of this delivery has been paid & covered, so this notification has been automatically sent to notify you of this parcel

because if the parcel is not re-scheduled for delivery or picked up within 72 hours, it will be cancelled/confiscated along with the Tracking

details which will be null & void.

Yours sincerely,
Bruce Springs
Secretary, FedEx Factory Loft

The content of this email is confidential and intended for the recipient specified in this message only. It is strictly forbidden to share any

part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to

this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.


©2020 FedEx. The content of this message is protected by copyright and trademark laws under U.S. a

Tags: , , ,
2020-12-04 Using a snapshot for an upgrade so I can roll back 1 month ago
This evening I upgraded the production webserver from Devuan ascii to Devuan beowulf and to have the option available to roll back everything I created a snapshot and left that running until I was satisfied with the new configuration and everything worked.

The steps were simple, found via Commit or revert a Linux LVM snapshot? - serverfault:

Before starting the upgrade, create a snapshot:
# lvcreate -L 10G -s -n turing_upgrade /dev/conway_ssd/turing_root
Do all the upgrade stuff, reboot, make sure everything works again.

The usage of the snapshot went up to 22.38 percent:
# lvs
  LV               VG         Attr       LSize   Pool Origin    Data%  Meta%  Move Log Cpy%Sync Convert
  turing_root      conway_ssd owi-aos---  30.00g
  turing_upgrade   conway_ssd swi-a-s---  10.00g      turing_root 13.17
After everything worked, remove the snapshot:
# lvremove /dev/conway_ssd/turing_upgrade

Tags: , ,
2020-11-30 I participated in the CQWW CW contest 2020 1 month ago
Past weekend was the CQWW CW contest and I participated for a while. Not many contacts because I had a lot of trouble decoding the morse, even with help from the RX-morse smartphone app.

I made 8 contacts. On the 15 meter band, using the remote radio. Four to Russia, one to the Ukraine and three to the United States. That does add the United States to the list of countries I had morse contacts with.

A bit of explanation: CW stands for "continuous wave" and is another term for morse since morse is switching a continuous wave on and off.

Update 2020-12-05: And the first confirmation of a United States morse contact is in. Raw score before log checking: 84 points. Ranking in the category "assisted low power 15 meters" is #133 (out of 133) for world, #70 (out of 70) for Europe and #2 (out of 2) for the Netherlands. So the lowest score!

Tags: , ,
2020-11-28 Getting the DSL linespeed with both current and attainable speed from the Fritz!Box 7360/7590 2 months ago
I noticed I documented my original script to fetch the upstream and downstream DSL speed from the Fritz!Box 7360 but never documented the additional steps I took later to add the attainable upstream and downstream speeds to the current upstream and downstream speeds.

After switching to the Fritz!Box 7590 I missed my VDSL statistics so I dug up the scripts I had for the 7360 and tested whether they still work. And yes they do, so no changes there. The complete script:
#!/usr/bin/perl -w

use strict;

my ($fritzuser,$fritzpass);


system("wget --user=$fritzuser --password=$fritzpass --post-file=wanifcfgrequest.xml --header=\"Content-Type: text/xml\" --header=\"SOAPAction: \\\"urn:dslforum-org:service:WANDSLInterfaceConfig:1#GetInfo\\\"\" --no-check-certificate -O wanifcfganswer.xml -o getfritz.log");

        if (/(\d+)<\/NewUpstreamMaxRate>/){
                $upstream = $1;
        if (/(\d+)<\/NewDownstreamMaxRate>/){
                $downstream = $1;
        if (/(\d+)<\/NewUpstreamCurrRate>/){
                $upstreamcur = $1;
        if (/(\d+)<\/NewDownstreamCurrRate>/){
                $downstreamcur = $1;

if (defined $upstream and defined $downstream){
        my $line=sprintf("N:%d:%d:%d:%d",$downstream*1000,$upstream*1000,$downstreamcur*1000,$upstreamcur*1000);
        print $line."\n";
This does need the wanifcfgrequest.xml file:
<?xml version="1.0" encoding="utf-8"?>
      <u:GetInfo xmlns:u="urn:dslforum-org:service:WANDSLInterfaceConfig1">
And I get a usable wanifcfganswer.xml:
<?xml version="1.0"?>
 <s:Envelope xmlns:s="" s:encodingStyle="">
<u:GetInfoResponse xmlns:u="urn:dslforum-org:service:WANDSLInterfaceConfig:1">
This works without any change both on the Fritz!Box 7360 and the Fritz!Box 7590.

Tags: , ,
2020-11-25 New "country" in amateur radio: Jan Mayen 2 months ago
I still have a (short) list of European "countries" that I not yet have an amateur radio contact with. Jan Mayen was on that list and I set a specific alert in HamAlert to let me know when signals are seen from that part of the world. Today the alert fired and I had time to operate the radio. JX2US was active on 20 meter FT8. I joined the load of stations calling him and got an answer and a valid contact after trying for a while.

Jan Mayen is a very northern island belonging to Norway, but for amateur radio it is a separate entity. Jan Mayen has no permanent residents. According to the JX2US qrz page he does amateur radio in his spare time outside work in shifts.
Read the rest of New "country" in amateur radio: Jan Mayen

Tags: , ,
2020-11-17 Mifare classic is still insecure... and still in use 2 months ago
I came across Using MIFARE Classic in 2020 - revk which states
So please, do not use MIFARE Classic as if they are secure!
and I couldn't agree more. There seem to be newer attacks that are even faster to crack the keys, which I will give a try soon.

Tags: ,
2020-11-08 RF knowledge helps fix completely different problems 2 months ago
For work I currently spent quite a bit of time in video conferences. I have an external webcam from work which gives a better image than the built-in webcam, but it regularly started giving problems in the image. Hickups or blinking images, suggesting some communications problem between the webcam and the computer.

Since the webcam, a Microsoft lifecam studio, is still being sold and advertised as works good with Windows 10 I thought it wasn't the age of the webcam or a problem with the drivers.

So I tried a different solution which is almost the standard solution of a radio amateur for interference problem: add more ferrite to the cables. The USB cable is thin which suggests to me there is not a lot of room for good shielding. Pulling the USB cable through a ferrite core twice right after the USB plug made the problems go away.

Tags: , , ,
2020-11-03 New countries in amateur radio: Cuba and the Seychelles islands 2 months ago
For most Dutch amateurs the first countries they have HF contacts with outside Europe are in North and South America. For some reason my DX from home has a slant to the east, so a lot of the Americas is still on my 'wanted' list.

This weekend I was active on the remote radio which has a 10-12-15-17-20 meter band antenna and I heard a Cuban station on 15 meters phone. After a number of tries I had the contact so that was my first contact with a Cuban station.

I also heard a station from Vatican City (for radio this is a separate entity) making contacts but it had so many stations responding I did not get through even with trying for almost 20 minutes.

Update 2020-11-04: Another new country in the log: the Seychelles islands. A country name that I usually associate with bad corners of the Internet at work is now a positive development as I got S79KW in the log with a very marginal FT8 contact on the 20 meter band, but I saw his final '73' report so it should have been logged on the other side.

Tags: , ,
2020-10-26 I participated in the CQWW DX SSB Contest this weekend 3 months ago
This weekend was the CQWW DX SSB contest, which is one of the bigger contests on the amateur radio calendar. I had planned to participate, I made sure to get my contest software TLF completely configured and tested before the contest. But I didn't get around much to it most of Saturday. I only started Saturday evening to make some contacts on 40 meters which wasn't very successful from my home station.

Sunday afternoon things got a lot better when I tried the 20 meter and 10 meter amateur bands. Yes, 10 meter was open during the contest. This wasn't completely surprising as I made a number of 10 meter FT8 contacts earlier in the week.

The claimed results:
Band   160   80   40   20   15   10
QSO's    0    0    5   31    0   25
Cty      0    0    4   16    0   15
Zone     0    0    3    4    0    3
Pts: 61  Mul: 45 Score: 2745       
The raw scores in the "Assisted low all bands" category put me at rankings #862 (of 997) for world, #510 (out of 566) for Europe and #46 (out of 54). Not bad for the time I had available.

Tags: , ,
2020-10-26 Speeding up TLS connections for Apache with OCSP 3 months ago
Encrypt all the things meme I have one Apache server exposed to the outside world for IPv6 clients (because of a history in hostnames going back to the 20th century). So after enabling OCSP for haproxy I decided to have a look at OCSP stapling for Apache 2.4. That's even easier than haproxy since Apache 2.4 will fetch the ocsp data itself. I followed Apache 2.4 SSL/TLS Strong Encryption: How-To OCSP Stapling and it works.

So now the current score at the Qualys SSL server test for is A+ both via IPv4 and IPv6.

Tags: , , , ,
2020-10-21 Upgrading Devuan linux from ascii to beowulf 3 months ago
I am upgrading Devuan linux installations from ascii to beowulf to get newer packages and continued security updates. There is only one package where I really want a newer version: openssl, so I can start using TLSv1.3.

This upgrade is just as simple as the upgrade from Devuan jessie to ascii three years ago. Just change the release name version and use apt update and apt dist-upgrade commands.

Today I did the development webserver and apache didn't start afterwards. I found out I need to enable php7.3 by hand, in the previous configuration php7.0 was enabled. A thing to keep in mind when upgrading the production webserver.

Tags: , ,
2020-10-20 Sorting by time with gpsbabel (oh and I cycled 36 kilometers today) 3 months ago
GPX viewer result of my cycling trip today I noticed when viewing my resulting track that there was something weird about the time. In the gpx file it was visible that the waypoints were not processed in order. So I searched for the way to make gpsbabel sort the waypoints by time. It took a bit of searching because I couldn't find any sample of sorting by time or other sorting options. But with some reading and thinking I found:
koos@kernighan:~/garmin$ gpsbabel -x sort,time -i garmin_fit -f 2020-10-20\ -o gpx -F 2020-10-20\ 13-12-51.gpx
The -x sort,time is 'sort by time'.

And I cycled 36 kilometers today. Some slight uphill parts, which lower my speed seriously. And the accompanying downhill parts increase my speed (and I keep pedalling, no need to limit my speed options as long as it's safe).

Tags: ,
2020-10-19 A serious cycling trip today 3 months ago
GPX viewer result of my cycling trip today I have a few days holiday and today I decided to work on cycling a bigger distance. In the end I cycled 90 kilometers (on my cycle computer) or 84 kilometers (according to the GPS). Both are fine with me, a good test of doing such a distance.

I tried to get routes with lots of long straight paths, which are nice on my recumbent. That worked out ok. I cycled home - De Bilt - Bunnik - Odijk - Werkhoven - Cothen - Wijk bij Duurstede - Amerongen - Elst - Veenendaal - Renswoude - Scherpenzeel - Woudenberg - Zeist - De Bilt - home.

Average speed according to my cycling computer which will stop measuring when I pause: 20.60 kilometers per hour. Top speed was 47 kilometers per hour on a long downhill stretch near Zeist.

Tags: ,
2020-10-14 Speeding up TLS connections for haproxy with OCSP 3 months ago
Encrypt all the things meme On my to-do list was the idea to look at OCSP stapling for haproxy. OCSP is Online Certificate Status Protocol which wraps the revocation status of a certificate in the certificate negotiation. This speeds up the TLS setup a bit since the client doesn't have to make an extra connection to the OCSP responder of the certificate issuer and it adds a bit of privacy because the certificate issuer doesn't see which client requests the status of a certificate.

Finding the right way to get the ocsp updates to haproxy was a bit of work, eventually made some modifications to the script in HAProxy OCSP stapling. I also used the remarks in OCSP stapling with HAProxy. From pitfall to euphoria because I saw the "OCSP single response: Certificate ID does not match any certificate or issuer" error message. I had to restart haproxy first to make it enable ocsp processing (because now each server certificate has its own .ocsp file) and now it accepts the "set ssl ocsp-response" command.

Update: I'm not completely happy yet: after a certificate was renewed haproxy complained about the .ocsp file being out of date. Which is fully correct, since that .ocsp file was about a previous version of the certificate. This needs more work. Ideally I would check the validity of the .ocsp file before deciding to renew it. And fetch the new ocsp data before reloading a renewed certificate.

Anyway, the 'TLS setup' part of connecting to sites like goes from 20-21 milliseconds to 5-8 milliseconds. Not a blinding fast improvement but all bits help and I like to have optimal security and privacy.
Read the rest of Speeding up TLS connections for haproxy with OCSP

Tags: , , ,
2020-10-13 Searching for a vulnerable framework found in weblogs 3 months ago
I had a look at some weblogs and after removing the entries caused by webbots most of the rest of the traffic was attacks. All on stuff I don't have (usually wordpress), but one thing was noticeable: - - [13/Oct/2020:00:17:34 +0200] "GET ////nette.micro?callback=shell_exec&cmd=ifconfig HTTP/1.1" 404 747 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36" - - [13/Oct/2020:00:17:41 +0200] "GET /////nette.micro?callback=shell_exec&cmd=ifconfig HTTP/1.1" 301 715 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36" - - [13/Oct/2020:00:17:43 +0200] "GET /nette.micro?callback=shell_exec&cmd=ifconfig HTTP/1.1" 404 747 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36"
From what I've found about the 'nette microframework' there are callbacks, but none of those is called shell_exec.

Tags: , ,
2020-10-06 Finished and tested the electronics of another project: the igate 3 months ago
After finishing the Raspberry Pi ntp server in the weekend I continued on a long-running project: the PI4RAZ igate I started working on in June (and ordered in September 2019). I dragged the soldering iron, the soldering mat and lots of parts downstairs to work on it on Sunday evening. Soldering lots of pins to an Arduino nano is hard work.

I finished the last soldering on Monday evening and had a long and hard look at all the connections and redid a few. I used a multimeter to make sure three really close soldering islands weren't connected, found two with 0 ohms between them in both polarities so I fixed that issue.

After that I took the plunge of actually powering up the print and it looks good. The display shows output and I can walk through the setup when I connect a usb cable to the ESP32 module.

I can't make it run yet: the space for the wifi password in the ESP32 module is only 25 characters which is not enough for our home network. So I will have to look into changing the code (it has an update anyway: Software update iGate - PI4RAZ) and find a working way to program an ESP32 from linux.

Tags: , ,
2020-10-04 Moved the new Raspberry Pi ntp server to the shed and did the last bits of configuration 3 months ago
I moved the new ntp server to the shed today. I found a nice case for it: an actual wooden box. I climbed on the roof of the shed to find a place for the GPS antenna (with magnetic base). Parts of the enclosures around our solar panels are from ferrous metals, so I found a place with an ok view of the sky to place the antenna and led the cable to a ventilation shaft to get it inside the shed. I made sure the cable was going up in the ventilation shaft first to avoid having a drip loop on one of our bicycles.

Although I did most work on the w1retap configuration before I couldn't get it running at first. I kept seeing the error message:
koos@henkp:~ $ LD_LIBRARY_PATH=/usr/local/lib/w1retap w1find DS2490-1
Error 119: Failed to set libusb configuration
It took some serious searching to find a hint: that is caused by the usb device file access rights. Solution is to install the 45-w1retap.rules that comes with w1retap into /etc/udev/rules.d.

At the moment weather data is being fetched on the Raspberry but the wifi between shed and house is so bad that the data stays there. I'm not sure how that can be fixed. It turns out the external wi-fi dongle I bought was listed as having 5 GHz support, but the reviews of the chipset used say it doesn't. The congestion in the 2.4 GHz band makes it very difficult to reach the pi. Doing a ping test over longer time gives me 91% packet loss.

I dug up a different 2.4 GHz antenna from the junkbox and suddenly the connection is stable with a lot less packet loss. This antenna is directional and now pointing right at my access point.

Now the weather data is collected and forwarded to the server for Weather station Utrecht Overvecht.

NTP didn't seem to work on the first try, I'm not seeing any data for the GPS_NMEA server. This works again after a powerdown/up.
Read the rest of Moved the new Raspberry Pi ntp server to the shed and did the last bits of configuration

Tags: , , ,
2020-09-29 I participated in the CQWW RTTY Contest 2020 4 months ago
RTTY Contest on websdr I was wondering until the last moment whether to do it or not but eventually I did participate in the CQWW RTTY Contest in the last weekend. Seeing other radio amateurs get ready on social media helped me decide and jump in.

I made 165 contacts on the 20 and 40 meter band. No new countries! I was seeing decodes from a station from Thailand but he did not decode my replies. It was also interesting to see how some stations that couldn't hear me at one time were almost easy to contact at other times. But not the one from Thailand, that one never came back.

I only worked search and pounce, looking for other stations available for contacts. Some stations had major pile-ups but coming back later helped.

Getting my log in a format that I could upload was a bit of an issue. I selected the CQWW-RTTY contest in the contest setup of fldigi, and it logged the CQ zone numbers and state in the right windows. But on the export to cabrillo there is no option to export those values. Workaround: select the right adif part of the log and use the CQ WW RTTY DX Contest ADIF to Cabrillo Convertor. I did have to fix my one US contact since the state wasn't exported correctly.

Update 2020-10-04: My raw score before log checking is 22579 points according to 2020 CQ WW RTTY Contest raw scores.

Tags: , ,

IPv6 check

Running test...
, reachable as PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newstag.cgi,v 1.34 2020/12/31 15:36:31 koos Exp $ in 0.037796 seconds.