News items for tag english - Koos van den Hout

My PGP key expired, but I reset the expiry date. I do this so I have to actively update the key every few years. Should I ever lose access to the private key, it will go away by itself.

But this also means I have to ask the users of my key to refresh it by hand because the simple refresh doesn't "see" the update (even though this adds new signatures to the key).

So please use the command to receive my key:

$ gpg --keyserver pgp.surf.nl --receive-keys 0x5BA9368BE6F334E4

This updates the expiry date(s) and the uids. If you have my key and it looks expired and/or still has an old e-mail address with kzdoos in it please do this now. Complete data at pgp.surf.nl: Search results for '0x5BA9368BE6F334E4' where you can see all the details including the revoked bits. Those revoked bits won't show up in normal use.

A discussion on irc about how hard it is to set TLS options in some programs made me recall I still wanted courier-imap-ssl to give me the right SSL settings (Only TLS 1.2 and 1.3, and no weak algorithms). This has bothered me for a while but I couldn't find the right answers. Most documentation assumes courier-imap-ssl is compiled with OpenSSL. In Debian/Ubuntu/Devuan it is compiled with GnuTLS.

Searching this time found me Bug #1808649 “TLS_CIPHER_LIST and TLS_PROTOCOL Ignored” : Bugs : courier package : Ubuntu which points at debian-server-tools/mail/courier-check at master · szepeviktor/debian-server-tools · GitHub which lists the right parameter TLS_PRIORITY. And that page has usable answers for up to TLS v1.2, with some reading of the output of gnutls-cli --list I can imagine TLS v1.3 settings.

So with a minor adjustment to the given example to allow for TLS v1.3 I set this in /etc/courier/imapd-ssl:

##NAME: TLS_PRIORITY:0
#
# GnuTLS setting only
#
# Set TLS protocol priority settings (GnuTLS only)
#
# DEFAULT: NORMAL:-CTYPE-OPENPGP
#
# This setting is also used to select the available ciphers.
#
# The actual list of available ciphers depend on the options GnuTLS was
# compiled against. The possible ciphers are:
#
# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
#
# Also, the following aliases:
#
# HIGH -- all ciphers that use more than a 128 bit key size
# MEDIUM -- all ciphers that use a 128 bit key size
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
#        is not included
# ALL -- all ciphers except the NULL cipher
#
# See GnuTLS documentation, gnutls_priority_init(3) for additional
# documentation.

TLS_PRIORITY="NONE:+CHACHA20-POLY1305:+AES-128-GCM:+AES-256-GCM:+AES-128-CBC:+AES-256-CBC:+ECDHE-ECDSA:+ECDHE-RSA:+SHA256:+SHA384:+AEAD:+COMP-NULL:+VERS-TLS1.2:+VERS-TLS1.3:+SIGN-ALL:+CURVE-SECP521R1:+CURVE-SECP384R1:+CURVE-SECP256R1:+CTYPE-X509"

And now things are good! All green in sslscan:

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   enabled
TLSv1.3   enabled

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve P-256 DHE 256
Accepted  TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve P-256 DHE 256
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve P-256 DHE 256
Preferred TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305 Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA384     Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA256     Curve P-256 DHE 256

  Server Key Exchange Group(s):
TLSv1.3  128 bits  secp256r1 (NIST P-256)
TLSv1.3  192 bits  secp384r1 (NIST P-384)
TLSv1.3  260 bits  secp521r1 (NIST P-521)
TLSv1.2  128 bits  secp256r1 (NIST P-256)
TLSv1.2  192 bits  secp384r1 (NIST P-384)
TLSv1.2  260 bits  secp521r1 (NIST P-521)

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
ECC Curve Name:      secp384r1
ECC Key Strength:    192

This year I participated in the EA RTTY Contest again. This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles and they organize nice contests!

I participated Saturday afternoon and Sunday end of the morning. Other things needed my attention in the weekend too. I ended with 56 contacts, 53 on the 20 meter amateur band and 3 on the 40 meter amateur band. The 40 meter amateur band was mostly unusuable during the daytime due to interference. I thought I was going to end the contest with less than 50 contacts, but calling CQ I had a last minute sprint with 11 contacts in 10 minutes.

I have been given a Genexis Platinum-4410 router with the reasoning that I like to play with embedded systems and test the security. Well, that is what I did.

How far did I get

I have serial console, I have extracted filesystem images, and I can't get a shell on the router.

The device

It's a router with 4+1 ethernet ports, wifi, two ports for analog telephones and a USB interface.

Looking at it from the network

In this specific instance the 4 ethernet ports which are logically the 'inside' don't give me a link after the router has booted up. The 1 port which would be the 'outside' or 'WAN' port gives a link and acts as a DHCP client.

The next step was to connect to the wifi network and play with the web interface. This like a custom web interface. Default credentials which match what is on the sticker on the underside of the router.

The router doesn't have a telnet server listening for 'easy' access.

Opening the case

Next step was to open the case and investigate the mainboard. Chips seen on the mainboard: Mindspeed J83100G System on a Chip (SoC), MXIC MX29GL256FHT2I-90Q flash memory, 2* Etrontech EM68B16CWQD-25H 512 mbit DRAM, Si32260-FM1 dual channel FXS (voip) chip and other electronics.

The mainboard has lots of test points, but no clear UART interface. There is an edge connector which looks like a PCI Express connector but it isn't. I asked help about this: What is this connector, does it include UART on a Genexis Platinum-4410 ? : hardwarehacking because r/hardwarehacking on reddit has helped me before.

This edge connector turned out the 'place to be' and with the standard tricks for finding the UART I soon had an idea. But nothing to stick a dupont wire on and no PCI express or cardedge breakout cable/board available. So I had to solder wires to the right lanes on the connector. I had permission to damage the router, so that was ok. Soldering within half a millimeter was really hard! This was the first time I actually used my soldering iron for hardware hacking. And a magnifying glass to actually see what I was soldering.

Last Sunday I spent nearly 3 hours trying to get the 9X5RU Dxpedition to Rwanda in my log in CW (Morse) but that didn't happen.

This morning I got them in my log on my first try. On the 17 meter band.

The technical differences weren't that big. Ok, I was using the Kenwood radio remote today and propagation seemed to work better. But the main difference was that on Sunday it was very busy with amateurs from all over Europe and today I was one of the few callers. I guess the work week has a strong influence here!

DX never sleeps

I guess this turning 'easy' because I tried on a workday and not in the weekend was one of the results of 'DX never sleeps', a different time can help get the contact. The DXpeditions want the highest number of possible contacts so finding a time they are less busy can help in getting the contact. In the first few days/hours all the 'big gun' stations with huge antennas and amplifiers want that contact, after that the simpler stations with some patience also have a good chance.

So far with 9X5RU

Later in the morning I also got the contact on 12m CW. This was harder than 17 meters, I had to give my call 8 times before it was logged completely. After the contact was complete I looked at the signal meter and saw that it barely moved so it was a weak path. Earlier I made contacts with 9X5RU on 17 and 20 meter FT8. But I want to work on my list of countries contacted in morse, so I wanted to make the contact in morse too.

Update.. no success in the afternoon

After 17 and 12 meter band CW I also tried to make the contact on the 10 meter band, where 9X5RU was active in the afternoon. But by that time the US has woken up and has good propagation to Rwanda because of the daylight. I couldn't get through and I heard a lot of US amateur radio callsigns being confirmed.

Somewhere in November last year I saw that Weird Al Yankovic on The Unfortunate Return of The Ridiculously Self-Indulgent Ill-Advised Vanity Tour was also coming to Utrecht! So getting tickets was a good idea, especially when it turned out the tickets were going really fast.

So I went on 20 february 2023 and I had a great evening. The concert was at Tivoli Vredenburg in Utrecht, which is cycling distance from my house. A friend came along and he found it a great idea to park at our house and cycle to a bicycle parking really close to the concert.

I looked up the setlist: “Weird Al” Yankovic Concert Setlist at TivoliVredenburg Grote Zaal, Utrecht on February 20, 2023 | setlist.fm and comparing that to earlier Weird Al Yankovic concerts it's clear he took a different route in this tour. Mostly own work, some of the 'in the style of' songs. He did the extended extended version of Albuquerque with lots of types of Donuts and he 'restarted' the song to make the sauerkraut joke again.

The previous Weird Al Yankovic concert I saw was in Amsterdam was more the style with the parodies and the costumes. Setlist of that concert: “Weird Al” Yankovic Concert Setlist at Melkweg The Max, Amsterdam on September 30, 2015 | setlist.fm. This was a concert with standing room and I turned out to be in the splash zone for the end of 'smells like nirvana'. A group of fans had their own aluminium foil hats for 'Foil' so Al was really enthusiastic about their response and the whole audience had lots of fun.

To give space for the costume change there was also use of video. And when there was a bit of video with Al reacting to Eminem with 'Say what??' a number of times I expected Word Crimes and indeed that happened.

Anyway I enjoy the music of Weird Al Yankovic. I started with the parodies and I sometimes remark 'this is a strange version of a Weird Al Yankovic song' when I hear for example Gangsta Paradise or Like a virgin. The polka versions are always fun to me. I didn't really like the personal songs the first time but after hearing them a few times and discovering the layers including the jokes I start to appreciate them too.

And recently Rob o'Hara did an episode of his podcast You Don't Know Flack about Weird Al. Rob is also a big fan of Weird Al Yankovic and has seen him perform in the US multiple times. And listening to this podcast episode made me write down 'my' Weird Al story.

Rob also went on a pilgrimage of the sites in Tulsa, Oklahoma where the outside shots of the UHF movie were filmed: UHF - My 15 Year Pilgrimage. Now that is a Weird Al Yankovic fan!

The picture in this newsitem is from the same tour, just a few days earlier. I tried taking some phone pictures but there was nothing good and I found this picture with a nice license which captures the tour really great.

Ages ago I added a way to get access to my google contacts as a thunderbird address book. But on installation of thunderbird on a new laptop I couldn't find a simple answer to "how did I do that again?!?".

With access to the old laptop I was able to reconstruct my steps, so I'll note them here:

• Install cardbook as add-on in Thunderbird
• Go to this add-in in the Thunderbird userinterface
• From the top left 'hamburger' menu, select 'Address book', 'New address book'
• A window pops up asking 'Address book location', select 'Remote'
• The next window asks 'type of your address book' and gives google as default selection
• As username enter the standard address used for your google account. This doesn't have to end in @gmail.com.
• After entering the address, click 'Validate' and a window pops up with a minimal browser to log into your google account. Do this.
• After logging in the browser window will ask for permission for Cardbook to access your google contacts.
• After selecting a colour for this new address book you can use it.
• In the process google will probably send you alerts about this new login and permission.

And now my contacts are synchronized between android phone, google contacts web interface and thunderbird!

This year I participated in the EA PSK63 Contest again. This is a contest organized by the Spanish Amateur Radio Club Unión de Radioaficionados Españoles and they organize nice contests!

This is a 24-hour contest between 12:00 UTC on Saturday and 11:59 UTC on Sunday. Contacts were made Saturday afternoon and evening, and Sunday morning. The last contact was logged at 11:59 UTC on Sunday! I went for the 20 and 40 meter bands and checked a few times whether there was activity on the 10 meter band. In the end I made 182 contacts, 1 on the 10 meter band.

Besides the usual search and pounce approach (looking for other stations calling CQ) I also called CQ for periods. This got me a nice amount of contacts in a short period. The peak was 4 contacts within 2 minutes. With the new Yaesu FT-991A radio it's also possible to find a free frequency, center it in the passband at 1500 Hz and then turn the bandwidth of the receiver down. Big signals outside the passband have a lot less influence with this radio so I can receive signals on 'my' frequency better.

Ten years ago, on 6 March 2013 I passed the test for the Dutch novice amateur license.

It's been a fun 10 years! I made lots of new friends, learned new stuff and had great experiences. It's a great hobby, I really like it as a hobby that's absolutely not work.

Amateur radio is a hobby with lots of subhobbies. I got into different subhobbies than I expected and started in. And the subhobbies I do get into may even change again, depending on what I get interested in or lose interest in.

It seems it is also possible to cause something in Microsoft IPv4 space to do a scan for web vulnerabilities. It's starting to become part of a pattern here! Noticed in the logs:

20.220.235.164 - - [05/Mar/2023:15:05:57 +0100] "GET / HTTP/1.1" 200 39297 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:05:59 +0100] "HEAD /api.zip HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:05:59 +0100] "HEAD /source.zip HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:05:59 +0100] "GET /server-status HTTP/1.1" 403 975 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:05:59 +0100] "GET /.nginx.env HTTP/1.1" 404 972 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15"

..

20.220.235.164 - - [05/Mar/2023:15:08:55 +0100] "HEAD /status HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:08:55 +0100] "HEAD /callback HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:08:55 +0100] "HEAD /handler HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:08:55 +0100] "HEAD /plaid HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
20.220.235.164 - - [05/Mar/2023:15:08:56 +0100] "HEAD /plaid/item/webhook/ HTTP/1.1" 404 694 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"

For a total of 751 attempts via http on one site, receiving a redirect to https and following that redirect. I wonder if I can determine which scanner was used from the pattern of URLs tried.