Posted on Leave a comment

Stripboard Magic – A Call For Information

Some time ago I posted about an ancient piece of EDA software called Stripboard Magic, which was made by a small British company by the name of Ambyr. I have been hosting copies of this now long-dead software for some time, as it still seems to be in popular demand long after being abandoned by it’s creators. I have been contacted by a reader about the existence of Service Packs for this application, which neither of us have been able to locate.

From what I have been able to gather, Ambyr ceased trading around 1999-2000, after having sold the rights to distribute Stripboard Magic to Maplin Electronics. What I’m not certain of is the timeframe of these service packs appearing, or where they could originally be found, the Ambyr website apparently vanished about 6 months after Stripboard Magic was originally released, but they were presumably intended to make the application easier to use & less buggy.
Unfortunately the timeframe for the company’s existence was before the Wayback Machine started archiving the internet, and the only record they have of Ambyr is a domain holding page dating back to 2000.

If there are any readers who have copies of these service packs, or some information on where they can be found, or indeed any more information in general about this seemingly short-lived company, please drop a comment or E-Mail me directly through the Contact Page. Inquiring minds need to know 😉

73s, de 2E0GXE

Posted on Leave a comment

Securing The New Server & Security In General

This was originally going to be part of another post, but it ended up getting more complex than I originally intended so it’s been given it’s own. I go into into many of my personal security practices, on both my public facing servers & personal machines. Since the intertubes are so central to life these days, good security is a must, especially since most people use the ‘net to do very sensitive operations, such as banking, it’s becoming even more essential to have strong security.

Since bringing the new server online & exposing it to the world, it’s been discovered in record time by the scum of the internet, SSH was under constant attack within 24 hours, and within that time there were over 20,000 failed login attempts in the logs.
This isn’t much of an issue, as I’ve got a strong Fail2Ban configuration running which at the moment is keeping track of some 30 IP addresses that are constantly trying to hammer their way in. No doubt these will be replaced with another string of attacks once they realise that those IPs are being dropped. I also prevent SSH login with passwords – RSA keys only here.
MySQL is the other main target to be concerned about – this is taken care of by disabling root login remotely, and dropping all MySQL traffic at the firewall that hasn’t come from 127.0.0.1.

Keeping the SSH keys on an external device & still keeping things simple just requires some tweaking to the .bashrc file in Linux:

alias ssh='ssh -i <Path To Keys>'

This little snippet makes the ssh client look somewhere else for the keys themselves, while keeping typing to a minimum in the Terminal. This assumes the external storage with the keys always mounts to the same location.

Everything else that can’t be totally blocked from outside access (IMAP, SMTP, FTP, etc), along with Fail2Ban protection, gets very strong passwords, unique to each account, (password reuse in any situation is a big no-no) and where possible TOTP-based two factor authentication is used for front end stuff, all the SSH keys, master passwords & backup codes are themselves kept offline, on encrypted storage, except for when they’re needed. General password management is taken care of by LastPass, and while they’ve been subject to a couple of rather serious vulnerabilities recently, these have been patched & it’s still probably one of the best options out there for a password vault.
There’s more information about those vulnerabilities on the LastPass blog here & here.


This level of security paranoia ensures that unauthorized access is made extremely difficult – an attacker would have to gain physical access to one of my mobile devices with the TOTP application, and have physical access to the storage where all the master keys are kept (along with it’s encryption key, which is safely stored in Meatware), to gain access to anything.
No security can ever be 100% perfect, there’s always going to be an attack surface somewhere, but I’ll certainly go as far as is reasonable, while not making my access a total pain, to keep that attack surface as small as possible,and therefore keeping the internet scum out of my systems.
The last layer of security is a personal VPN server, which keeps all traffic totally encrypted while it’s in transit across my ISP’s network, until it hits the end point server somewhere else in the world. Again, this isn’t perfect, as the data has to be decrypted *somewhere* along the chain.

Posted on Leave a comment

Website Hosting Updates!

Over the past few weeks, the host I’ve been with for over 3 years, OVH, announced a rather large price increase of 20% because of Brexit – the current universal excuse to squeeze the customer for more cash. This change has sent the price of my dedicated server solution with them to over £45 a month. Doing some napkin-calculation gave me £18 a month in extra power to run a small server locally. So I’ve decided to bring the hosting solution back to my local network & run from my domestic internet link, which at 200Mbit/s DL & 20Mbit/s UL should be plenty fast enough to handle the modest levels of traffic I usually get.

Obviously, some hardware was required for this, so I obtained this beauty cheap on eBay:

HP MicroServer Gen 8
HP Proliant MicroServer Gen 8

This is a Gen 8 HP Proliant Microserver, very small & quiet, perfect for the job. This came with 4GB of RAM installed from the factory, and a Celeron G1610T running at 2.3GHz. Both are a little limited, so some upgrades will be made to the system.

Disk Bays
Disk Bays

4 SATA drive bays are located behind the magnetically-locked front door, there’s a 250GB boot disk in here along with a pair of 500GB disks in RAID1 to handle the website files & databases. For my online file hosting site, the server has a backend NFS link direct to Volantis – my 28TB storage server. This arrangement keeps the large file storage side of things off the web server disks & on a NAS, where it should be.

Extra RAM
Extra RAM

First thing is a RAM upgrade to the full supported capacity of 16GB. This being a Proliant server machine, doesn’t take anything of a standard flavour, it’s requirements are DDR3-10600E or DDR3-12800E (the E in here being ECC). This memory is both eye-wateringly expensive & difficult to find anywhere in stock. It’s much cheaper & easier to find the ECC Registered variety, but alas this isn’t compatible.

Over the past 48 hours or so, I’ve been migrating everything over to the new baby server, with a couple of associated teething problems, but everything seems to have gone well so far. The remaining job to get everything running as it should is an external mail relay – sending any kind of email from a dynamic IP / domestic ISP usually gets it spam binned by the big providers instantly, regardless of it actually being spam or not – more to come on that setup & configuring postfix to use an external SMTP relay server soon!

If anyone does find something weird going on with the blog, do let me know via the contact page or comments!

Posted on Leave a comment

OpenVPN Server Speed Tweaks

I’ve been running my own VPN so I can access my home-based servers from anywhere with an internet connection (not to mention, in this day & age of Government snooping – personal privacy & increased security).

I’m on a pretty quick connection from Virgin Media here in the UK, currently the fastest they offer:

Virgin Media
Virgin Media

To do these tests, I used the closest test server to my VPN host machine, in this case Paris. This keeps the variables to a minimum. Testing without the VPN connection gave me this:

Paris Server Speed
Paris Server Speed

I did expect a lower general speed to a server further away, this will have much to do with my ISP’s traffic management, network congestion, etc. So I now have a baseline to test my VPN throughput against.
The problem I’ve noticed with OpenVPN stock configs are that the connections are painfully slow – running over UDP on the usual port of 1194 the throughput was pretty pathetic:

Stock Config Speed
Stock Config Speed

I did some reading on the subject, the first possible solution being to change the send/receive buffers so they’re set to a specific value, rather than letting the system handle them. I also added options to get the server to push these values to the clients, this saving me the trouble of having to reissue all the client configurations.

sndbuf 393216
rcvbuf 393216

push "sndbuf 393216"
push "rcvbuf 393216"

Unfortunately just this option didn’t work as well as I’d like, downstream speeds jumped to 25Mb/s. In the stock config, the tunnel MTU & MSSFIX settings aren’t bothered with, some adjustment to set the tunnel MTU to lower than the host link MTU (in my case the standard 1500) prevents packet fragmentation, MSSFIX let’s the client TCP sessions know to limit the packet sizes it sends so that after OpenVPN has done the encryption & encapsulation, the packets do not exceed the set size. This also helps prevent packet fragmentation.

tun-mtu 1400 
mssfix 1360
VPN Tweaked
VPN Tweaked

After adjusting these settings, the download throughput over the VPN link has shot up to 136Mb/s. Upload throughput hasn’t changed as this is limited by my connection to Virgin Media. Some more tweaking is no doubt possible to increase speeds even further, but this is fine for me at the moment.

 

Posted on Leave a comment

QSO Logging Systems

As per my site update post, I have migrated my radio log onto a new system, from CQRLOG.

CQR log has served me well since I first started in Amateur Radio, however it’s a bit complex to use, requires a backend MySQL server for it’s database, and as it’s a local application, it’s not possible to share my log with other Hams without some difficulty.
The only other major system with an online logging system is QRZ, and I find that particular site a bit of a pain, and many of the features there aren’t free. (Although it’s not horrendously expensive, I’m on a very tight budget & I must save where I can).

CQRLOG
CQRLOG Screenshot

Because of these points, I went on a search for something that would better serve my needs. I have discovered during this search that there’s liitle out there in the self-hosted respect.

I did however find Cloudlog, a web based logging system in PHP & MySQL.
This new system allows integration with the main site, as I can run it on the same server & LAMP stack, it’s very simple to use, is visually pleasing and it even generates a Google Map view of recent QSO locations.
It will also allow me to save some resources on my main PC, running a full-blown MySQL server in the background just for a single application is resource intensive, and a bit of a waste of CPU cycles. (CQRLOG and it’s associated MySQL server is 300MB of disk space, CloudLog is 27MB).

Backups are made simpler with this system also, as it’s running on my core systems, incremental backups are taken every 3 hours, with a full system backup every 24 hours. Combined with offsite backup sync, data loss is very unlikely in any event. All this is completely automatic.
I can also take an ADIF file from Cloudlog for use with any other logging application, if the need arises.

Cloudlog is built & maintained by Peter Goodhall, 2E0SQL.
From the looks of Github, there’s also a version 2 in development, although now I have version 1 up & running, I might just stick with it, unless an easy upgrade path is available.

When I am not operating mobile, new QSOs should appear in this system almost immediately, with their respective pins on the map. (These are generated by the Grid Square location, so accuracy may vary).
If you’ve spoken to me on the air & I haven’t updated it, I’m most likely away from an internet connection, in which case your callsign will appear as soon as I have access.

73s for now folks!

Posted on Leave a comment

New Feature – Geiger Counter

Here’s something new, an internet connected Geiger counter! The graph in the sidebar is updated once every 60 seconds, and can be clicked on for a larger version. Measurements are in Counts Per Minute, the graph logs 1 hour of data.

 

The counter itself is a Sparkfun Geiger counter, with the end cap removed from the tube so it can also detect alpha radiation.

Connected through USB, a Perl script queries the emulated serial port for the random 1 or 0 outputted by the counter when it detects a particle. The graph is pretty basic, but it gets the point across. Anybody who wishes to contribute to improve the graphing is welcome to comment!

Geiger Counter
Geiger Counter
Posted on Leave a comment

The Finest Hour

Reprinted from The Pirate Bay. Thought this deserved as much net coverage as possible.

 

February 2011, MAFIAA Lobbyists began a massive attack against the European Union.

Defending the union were seeds and peers of The Pirate Bay along with the Telecomix, Anons, and the Pirate parties. The MAFIAA relied on an aggressive battle plan, utilizing modern communications such as radio and telefax to direct troops in the field. The Allies, for their part, assumed a defensive posture, just as they had done at the start of World Internets War of 2003, and in many cases still relied on irc.

As a result, the MAFIAA blitzkrieg caught the Allies off-guard. MAFIAA’s smooth talks and bribes against key players in the EU staged a surprise attack, then turned northward and soon surrounded the bulk of the EU headquarters in Belgium.

After just a few weeks of battle, MAFIAA’s armies had conquered the right, the left and the liberal parties.

I expect that the Battle of Internets is about to begin. Upon this battle depends the survival of an Uncensored civilization! Upon it depends our own free life, and the long continuity of our sites and our trackers. The whole fury and might of the enemy will very soon be turned on us.

MAFIAA knows that they will have to break us in Brussels or lose the war. If we can stand up to them, all Europe may be free and the life of the world may move forward into broad, sunlit uplands. But if we fail, then the whole world, including all that we have known and cared for, will sink into the abyss of a new Dark Age made more sinister, and perhaps more protracted, by the lights of perverted science.

Let us therefore brace ourselves to our duties, and so bear ourselves that if the free internets and its multitude of sites last for a thousand years, citizens will still say, This was their finest hour.

Yours, Winston Bay.

Full news article here.

 

Posted on 1 Comment

Co-Op Bank Card Reader

Keypad
Keypad

This is a little security measure you get with Internet Banking with the Co-Op, generates codes to confirm your identity using your bank card. About the size of a pocket calculator, this is the keypad & screen.

Card Slot
Card Slot

The rear of the unit, the card slots into the top, manufactured by Gemalto Digital Security.

Card Contacts
Card Contacts

Outer back cover removed, showing the 8 contacts for the chip on the bank card, the 2 contacts below that switch on power when a card is inserted. Power comes from 2 lithium coin cells in the compartment on the lower left.

PCB Rear
PCB Rear

PCB removed from the casing, showing the internal components. Two large pads at top left are battery connections, while the only IC on the board is the main CPU, under the card connector. 6MHz oscillator & 32Khz crystal on board for processing & timekeeping. LCD screen connection at far right.

Keypad Contacts
Keypad Contacts

Reverse side of the PCB, with the keypad contacts. LCD on right, with programming interface pads at side of keypad.