2023-09-21 Upgrading the wifi at home: WPA3 personal, Wifi 6, guest wifi
I recently bought new wifi access points to upgrade the wifi at home. The main reason was the fact that the TP-Link TL-WDR4300 bought 9 years ago was sometimes 'hanging' which was solved by rebooting it. This was starting to get annoying, and the family wants stable wifi which doesn't need instructions which button to press for reboot. The upgrade path was going somewhat 'prosumer': support for multiple wireless SSIDs with a main and a guest network, and I wanted an extra access point in the shed for working in the back garden, as tested in april Using the network switch in the shed as remote powerswitch. The choice was to go with the Mikrotik access points. For the shed and garden I bought the wAP.ac and for the main access point in the house the hAP.ax3. The latter has support for the latest and greatest wifi standards, including wifi 6 and WPA3. It took me a while to configure them, the Mikrotik routerOS userinterface exposes all the options networking in Linux has, but it takes knowledge of bridging, routing and firewalling to get it all correct and doing what I want.
2023-09-20 Adding an RSS feed to my amateur radio site
A remark on mastodon.radio triggered me: Quick reminder that there is a public RSS aggegator that combines all the ham radio blog feeds into one web siteQuick reminder that there is a public RSS aggegator that combines all the ham radio blog feeds into one web site: blogs.radioAnd I wanted to add the latest from my site PE4KH Amateur Radio but there was no RSS feed available. I've been wanting to add such a feed for a while but didn't get around to it. This was the trigger I needed. The perl script that generates the feed for idefix.net has now been updated to allow for 'filtered' feeds for pe4kh.idefix.net and other sites that have a specific part of the main feed. And I moved the script to version control so I can work on it on the development server and deploy to production when it's working fine.
Update: you can now find my posts over thereThe feed is now accepted and imported on blogs.radio: PE4KH amateur radio - Blogs.radio.
2023-09-03 Goede informatie over de stuw bij Grave
Ik ben oud genoeg om berichten over waterstanden gehoord te hebben op de radio 's ochtends met "Grave beneden de sluis" en ik heb wel eens bij Grave gekeken op de constructies die daar allemaal zijn in de Maas. Toen er vrijdag een bericht was Stuw bij Grave stuk: scheepvaart stilgelegd vanwege dalende Maas - NOS was ik wel benieuwd naar meer informatie. Naast de berichtgeving bij de NOS dat het herstel redelijk vlot gaat was ik eigenlijk ook wel op zoek naar wat extra details. Die ontdekte ik bij Rijkswaterstaat zelf: Nieuwsfeed: Stuw Grave | Rijkswaterstaat waar ook meer technische details staan.
2023-08-13 Going down the rabbit hole of DJ mixing
I had a heavy case of 'Oh Shiny!' this weekend. Recently I've been viewing and listening some DJ mixes on YouTube, most of them with music from the 1980s which I appreciate a lot. Seeing those DJs mix live in those videos made me wonder 'how do they do it'. In one or more of these mixes I really noticed that a transition seemed to have happened between one well-known song and another, but I wasn't aware of how and when the transition happened. The DJ was so good in mixing the two records together I couldn't hear the point where it happened. In seeking the video I saw that other people viewing the video had been wondering the same, there was clearly a peak in viewing time on the transitions. It was also clear from the look on the face of the DJ he was happy with what he accomplished with that transition! In the 1980s the DJ had an audio mixer and two turntables, almost always the Technics SL1200 with pitch control and fast start/stop. Nowadays this can be done in software. From a music collection on harddisk with controls to mix 2 or 4 tracks, with effects, equalizer and speed control. The modern DJ has a laptop! I soon found out there is open source DJ mixing software that supports Linux! Mixxx - Free DJ Mixing Software App is open source and multiplatform. And it is available as an Ubuntu package so I gave it a spin (pun intended). Only having one audio device is 'supported' but it took me some trying to find a setup where I could work 'split' with a master mix in one ear and a headphone mix in the other. So I loaded some music and tried to make it into a bit of a DJ mix. I'm not very good at it, but I enjoyed trying. Mixxx really prefers Jack audio since it likes having a lot of audio channels. I tried installing Jack audio in linux but couldn't get it to do what I want fast. Mixxx also supports the Alsa drivers and I managed to also set it up to route the main audio to a USB audio device and the headphone audio to the internal headphone jack. But I had nothing connected to the USB audio device and I didn't want to annoy my family with the noises of trying to make a good cutover from one song to the next. Mixxx has an option 'Split' to play the master output to one ear of the headphones and the headphone output to another, this is good for practicing. Control of all the mixing functions in Mixxx can be done with mouse and keyboard, but the good part is it also supports all kinds of hardware DJ controllers. And some of them aren't too expensive... and available on the second hand market for an even better price.
2023-07-05 Writing to new Mifare Ultralight tags
My earlier failure with an RFID T5577 tag that came with the proxmark3 made me order a bunch of new ones via 10 Pcs T5577 writable RFID tag and while I was browsing that store I found 100 pcs ntag213 NFC sticker and I had some ideas for Mifare Ultralight tags, starting with failing to convert used public transport tickets to NDEF tags. Today the package came in and the first thing I wanted to do was set up an Mifare Ultralight as NDEF tag. The fun part is the tag was already set up that way, so with NXP tagwriter for Android it was really easy to put a data set with an URL on a tag. Full log below. The downside is that the tag can't be reset to use for other things than NDEF tag, since the NDEF identifier is in the one-time-programmable bits. An attempt to zero out these bits on a tag indeed failed. Reading the NT2H1311G0DU datasheet makes me realize this is as intended and matches the 'ntag213' in the description. The fun part is that scanning the tag with my samsung phone opens the url, no questions asked. This behavior inspired me to set up a tag to link to the 2023 version of the Rickroll. I see security implications from just opening a URL without letting the user decide whether this is a good idea.Read the rest of Writing to new Mifare Ultralight tags
2023-06-14 Looking at web caching options
Somewhere on irc the term "don't host your website on a wet newspaper" is sometimes used when an url getting a bit of serious traffic makes it really respond slow or give errors. So I looked at my own webservers at home and what would happen if one of the sites got hit with the Slashdot Effect. As I don't like guessing I played with ab - Apache HTTP server benchmarking tool to get some idea of what happens under load and/or highly concurrent access. Especially highly concurrent access turns out to be an issue because there are only so much database connections available for the webservers. The load average does go up, but the main problem is clients getting a database connection error. I started looking at caching options to allow the dynamic pages to be cached for short periods. This would make high amounts of traffic have the advantages of having a cached version without losing the advantages of dynamic pages. By now this has cost me more time and energy than the advantage of ever surviving a high amount of valid traffic. And to be honest the chances of a DDoS attack on my site because someone didn't like something I wrote is higher than the chances of a lot of people suddenly liking something I wrote. This was all tested with the test and development servers, so actual production traffic was never affected by the tests.
Apache built-in memory cache with memcachedI first tried the Apache module socache_module with socache_memcache_module as backend. This did not cache the dynamic pages, just .css and other static files which originate from diskcache or ssd storage anyway. All kinds of fiddling with the caching headers did not make this work. With debugging enabled all I could see was that the dynamic pages coming from cgid or modperl were not a candidate for caching. I could have used memcached from the web applications directly, but that would mean I would have to rewrite every script to handle caching. I was hoping to add the caching in a layer between the outside world and the web applications, so I can just detour the traffic via a caching proxy when needed.
Haproxy cacheBetween the outside world and the webservers is a haproxy installation anyway, so I looked at that option. But the haproxy cache will not cache pages that have a Vary: header, but even after removing that header in Apache the next problem is that the Content-Length: http header has to be set in the answer from the webserver. With my current setup that header is missing in dynamic pages.
Varnish cacheUsing varnish cache means I really have to 'detour' web traffic through another application before it goes on to the final webserver. This turned out to be the working combination. But this caused confusion as Varnish adds to the X-Forwarded-For header and I had an entire setup based on this header being added by haproxy listing the correct external IP address from the view of haproxy. It took a few tries and some reading to find the right incantation to specifically mangle back the X-Forwarded-For header to the right state in the outgoing request to the backend server. The varnish cache runs on the same virtual machine as the test haproxy, so the rule was to delete , ::1 from the header.
Tuning haproxy to avoid overloading a backendIn looking at things and testing I also found out haproxy has a maxconn parameter for backend servers, listing the maximum number of open connections to the backend. By changing this number to something lower than the maximum amount of database connections the site starts to respond slow under a high number of concurrent requests, but it keeps working and doesn't give database errors.
2023-05-16 Maybe YouTube isn't completely on to me...
I sometimes think YouTube is quite good at suggesting new videos to me with interesting subjects. For a while I've been seeing Tom Scott videos and Connections Museum videos. But only today YouTube suggested to me this video, Tom Scott at the Connections Museum! So maybe YouTube isn't completely on to me. Of course with Sarah from the Connections Museum explaining things.
2023-04-21 Using the network switch in the shed as remote powerswitch
One of the wishes we have for the home network is good wifi coverage in the back garden so we can sit outside on nice days to work without running UTP cables. The access-point in the central place in the house doesn't cover the back garden. Ideally I would also like a separate 'guest' wireless network at home. These wishes was taken into consideration when upgrading the fiber to the shed network with a Netgear GS310TP switch. This switch has Power over Ethernet (PoE) support so it can power an acccess-point. The next step was to find an access-point supporting VLANs and multiple SSIDs. Recently I borrowed a Mikrotik Wap.AC to test the options. It took me a bit to get used to the RouterOS userinterface but I managed to get it all working in an ideal configuration: Management via one VLAN, a 2.4 GHz wireless network bridged to the trusted wireless network, a 2.4 GHz wireless network bridged to the guest wireless, a 5 GHz wireless network bridged to the trusted wireless network and a 5 GHz wireless network bridged to the guest wireless. The final test was with the Mikrotik Wap.AC in the shed with power over the network cable. This worked! Ideally the wireless network in the backyard is 'on demand' because we only use it when working from home or sitting in the backyard and we can save the power at other times. So the idea of a button 'wifi in backyard' and an automatic shutdown in the evening is nice. I searched and it is indeed possible to control the Power over Ethernet in the Netgear GS310TP switch with snmp. Based on GS110TP deactivate PoE over SNMP for specific Ports I soon had working snmpset commands to disable/enable power to a specific port, and the Mikrotik followed nicely. Value '1' is PoE on and value '2' is PoE off:$ # switch PoE on for port 8 $ snmpset -v2c -c ******** ******* 126.96.36.199.188.8.131.52.184.108.40.206.8 integer 1 iso.220.127.116.11.18.104.22.168.22.214.171.124 = INTEGER: 1$ # switch PoE off for port 8 $ snmpset -v2c -c ******** ******* 126.96.36.199.188.8.131.52.184.108.40.206.8 integer 2 iso.220.127.116.11.18.104.22.168.22.214.171.124 = INTEGER: 2Ideally there would be a button (zigbee?) near the backdoor to request "On" and a scheduled task every day to switch it off in the evening.
2023-03-19 I went to a Weird Al Yankovic concert!
Somewhere in November last year I saw that Weird Al Yankovic on The Unfortunate Return of The Ridiculously Self-Indulgent Ill-Advised Vanity Tour was also coming to Utrecht! So getting tickets was a good idea, especially when it turned out the tickets were going really fast. So I went on 20 february 2023 and I had a great evening. The concert was at Tivoli Vredenburg in Utrecht, which is cycling distance from my house. A friend came along and he found it a great idea to park at our house and cycle to a bicycle parking really close to the concert. I looked up the setlist: “Weird Al” Yankovic Concert Setlist at TivoliVredenburg Grote Zaal, Utrecht on February 20, 2023 | setlist.fm and comparing that to earlier Weird Al Yankovic concerts it's clear he took a different route in this tour. Mostly own work, some of the 'in the style of' songs. He did the extended extended version of Albuquerque with lots of types of Donuts and he 'restarted' the song to make the sauerkraut joke again. The previous Weird Al Yankovic concert I saw was in Amsterdam was more the style with the parodies and the costumes. Setlist of that concert: “Weird Al” Yankovic Concert Setlist at Melkweg The Max, Amsterdam on September 30, 2015 | setlist.fm. This was a concert with standing room and I turned out to be in the splash zone for the end of 'smells like nirvana'. A group of fans had their own aluminium foil hats for 'Foil' so Al was really enthusiastic about their response and the whole audience had lots of fun. To give space for the costume change there was also use of video. And when there was a bit of video with Al reacting to Eminem with 'Say what??' a number of times I expected Word Crimes and indeed that happened. Anyway I enjoy the music of Weird Al Yankovic. I started with the parodies and I sometimes remark 'this is a strange version of a Weird Al Yankovic song' when I hear for example Gangsta Paradise or Like a virgin. The polka versions are always fun to me. I didn't really like the personal songs the first time but after hearing them a few times and discovering the layers including the jokes I start to appreciate them too. And recently Rob o'Hara did an episode of his podcast You Don't Know Flack about Weird Al. Rob is also a big fan of Weird Al Yankovic and has seen him perform in the US multiple times. And listening to this podcast episode made me write down 'my' Weird Al story. Rob also went on a pilgrimage of the sites in Tulsa, Oklahoma where the outside shots of the UHF movie were filmed: UHF - My 15 Year Pilgrimage. Now that is a Weird Al Yankovic fan! The picture in this newsitem is from the same tour, just a few days earlier. I tried taking some phone pictures but there was nothing good and I found this picture with a nice license which captures the tour really great.
2023-03-15 Synchronizing google contacts with ThunderbirdItems with tag shiny before 2023-03-15
Ages ago I added a way to get access to my google contacts as a thunderbird address book. But on installation of thunderbird on a new laptop I couldn't find a simple answer to "how did I do that again?!?". With access to the old laptop I was able to reconstruct my steps, so I'll note them here:
And now my contacts are synchronized between android phone, google contacts web interface and thunderbird!
- Install cardbook as add-on in Thunderbird
- Go to this add-in in the Thunderbird userinterface
- From the top left 'hamburger' menu, select 'Address book', 'New address book'
- A window pops up asking 'Address book location', select 'Remote'
- The next window asks 'type of your address book' and gives google as default selection
- As username enter the standard address used for your google account. This doesn't have to end in @gmail.com.
- After entering the address, click 'Validate' and a window pops up with a minimal browser to log into your google account. Do this.
- After logging in the browser window will ask for permission for Cardbook to access your google contacts.
- After selecting a colour for this new address book you can use it.
- In the process google will probably send you alerts about this new login and permission.