Planet

May 04, 2021

hibby

Face

SOTA Trip Reports: April 24th 2021 - Moray Coast

tj and I figured that to fit the 3 Moray coast hills we were interested in climbing, now that the restrictions are eased, an early start would be required! The longest walk should go first and the activation times on each hill would be limited. Predictably, we left at 1030, got a bit lost and I got too excited on the radio, so none of the self made rules were followed!

May 04, 2021 09:00 PM

March 28, 2021

Iain R. Learmonth

Face

Amateur Radio Emoji

Many activities, sports, food, and animals all have emojis present in the Unicode standard, but if you want to express amateur radio ideas in the form of an ideogram you will have difficulty. There is the 📻 emoji which represents a broadcast radio receiver, a 🎙️emoji which represents a studio microphone, and a 📡 emoji which Emojipedia suggests could be used to represent a satellite dish used to communicate with 👽.

March 28, 2021 08:00 AM

March 16, 2021

Ana Custura

A quick look at the QUIC software ecosystem

As far as transport protocols go, TCP is the most used today, and when it comes to TCP implementations, there are as many TCP stacks as there are networked operating systems. This includes everything from Windows PCs to Android Phones and Cisco routers. In most cases, an update to TCP requires a firmware change or OS update - and all endpoints, routers and network appliances may need to deploy a feature for it to work.

Not the case with QUIC, an encrypted transport layer protocol which runs on top of UDP. As QUIC implementations can live in userspace, development can happen separate from the OS. This means control over transport features shifts away from network vendors and operating system implementors to application service providers - enterprises who run the web, like Google and Facebook.

The IETF standards for HTTP/3 and QUIC version 1 are about to be published by the IETF, and the software ecosystem to go with them is still emerging. Many implementations are still under development, and while some provide servers and clients for the QUIC transport, there are very few production-ready out-of-the-box HTTP/3 servers.

Who’s using what?

Serving a website using HTTP3/QUIC needs:

  • an SSL library with TLS 1.3 and QUIC crypto support
  • a QUIC implementation
  • an HTTP/3-enabled webserver

It’s March 2021 at the time of writing. There are several open-source implementations of QUIC, in various stages of readiness. Here’s a diagram of all the QUICs, their TLS library dependencies, and who implements and uses them. Those who run their variant in production are highlighted in orange:

QUIC Software Ecosystem. This diagram is not exhaustive.

This diagram is not exhaustive, the IETF QUIC working group maintains its own list, including non-open-source implementations.

All the implementations rely on some sort of custom TLS library: the most popular appears to be BoringSSL, Google’s fork of OpenSSL. Other implementations take the approach of developing their own TLS 1.3 libraries (like PicoTLS), which depend on OpenSSL. It doesn’t look like gnuTLS is making an appearance.

Google have been using QUIC in production for a few years (and have switched to IETF QUIC), unsurprisingly as they originated the protocol.

Facebook allegedly use QUIC for more than 75% of their traffic.

Fastly and Cloudflare now allow their customers to enable QUIC for their websites.

Akamai have been using their own implementation since 2016.

Client-side, there is support for QUIC in major browsers, including Firefox nightly since last year - although it’s not enabled by default.

With so many implementations, perhaps you’re wondering if they all talk to each other? Well, the QUIC Working Group also runs interoperability testing of the various implementations.

What about us?

If you’re not a big corporation and want to serve your website over QUIC, then right now you have a few options:

  • nginx-quic - according to their README, code is experimental and still under development
  • h2o- also provides ‘experimental’ HTTP/3 support
  • apache with QUIC support- also under development
  • openlitespeed - appears to be the only production-ready option

To run an HTTP/3 server out of the box on any OS, first the custom TLS libraries need to make their way into their respective distribution. On top of this, webservers like Apache and NGINX also need to integrate support for QUIC/HTTP3 in a main release. Any other QUIC and HTTP/3 implementations would also need to be packaged for major server distributions.
In my experience with Debian packaging, this is only likely to happen after the software is mature enough, by which point TLS dependencies will have already been packaged.

For now, everything needs to be built from source.

You can of course host your website with Cloudflare or Fastly and simply enable QUIC - but where’s the fun in that?

My experience with nginx-quic

I’ve deployed nginx-quic on a Raspberry Pi. This was made more complicated due to hitting a bug in gcc 8.3 when building BoringSSL and needing to upgrade the Pi from buster to bullseye, the soon-to-be Debian Stable. After upgrading, BoringSSL built as per instructions in their repo.

Nginx-quic provides a guide for building and configuring the server. I configured the server as per instructions, and tested it with Firefox versions 78 and 85, and Chrome version 88 on both Linux and MacOS.

The mechanism to signal a client the presence of an HTTP/3 server is the use of the alt-svc header, which tells the client which QUIC versions are support and which port to use. In theory, the second time a resource is requested it will use HTTP/3. For my server, this worked… eventually, using version 85, after much page reloading, cache clearing and browser restarting. The logs show about 20 HTTP/1.1 attempts until HTTP/3 was finally used.

Success!

I have not managed to get Firefox version 78 and the latest Chrome to do the same, despite enabling QUIC support.

Final words

On one hand, controlling software at both endpoints of a network path (like Google controls its own servers and your browser!) means innovation in the QUIC transport can happen really fast.

But right now, each of my browsers comes with a different implementation of QUIC. If I want cURL with HTTP/3 support I’ll likely need to install yet another QUIC library. What happens when more applications use it? All this seems wasteful, if you consider all applications on an endpoint share a TCP stack.


March 16, 2021 12:00 AM

February 14, 2021

Iain R. Learmonth

Face

Mobile Operating System Consent + F-Droid

The LineageOS installation on my Fairphone 2 was getting really old and the updater wasn’t functioning, so I decided to switch back to the Fairphone operating system. I’m really starting to develop some significant aversions to applications collecting consent for things. The “consent overload” on the web triggered by GDPR has certainly affected me. I can entirely see the appeal of a coping strategy of ignoring the text of those boxes and choosing the fastest way to dismiss them but that would slowly eat away at me in the longer term.

February 14, 2021 03:00 PM

January 07, 2021

Iain R. Learmonth

Face

Password Manager + TOTP

I’d like to have a backup method for TOTP. For this, I’m looking at using the pass-otp extension which is available both in OpenBSD packages and Debian. There appears to be some way of scanning QR codes with your webcam in order to extract the URIs, but I can skip this because I have a Honeywell Voyager 1450g handheld 2D barcode scanner (it is very fancy). Basic operation looks like:

January 07, 2021 12:00 PM

January 06, 2021

Iain R. Learmonth

Face

Gopher Card Catalogue

I’ve recently started organising my “library”. This includes physical books, electronic books, posters, QSL cards, challenge coins and other interesting artifacts. The process of documentation has helped to remove some of the feeling of clutter, and turned it into something more valuable. In particular, manuals and leaflets that came with appliances and electronics that would usually be thrown in a box and forgotten about can now be found easily by simply searching a list to see if I have it.

January 06, 2021 12:00 PM

January 05, 2021

Iain R. Learmonth

Face

Toy Finger Daemon

The finger protocol is defined in RFC742. It’s a pretty simple protocol. I’d like to have a more useful output at some point, perhaps including status updates from Mastodon or APRS, but for now I’ve got the hang of reading the request and sending some output with some simple C program. It uses inetd just like the Gopher server. #include <stdio.h>#include <stdlib.h>#include <string.h>#include <unistd.h> static __dead void handle_query(char *input, int len) { if (len == 0) { printf("Summary:\n\n"); printf("-USER-\n"); printf("irl\n"); } else if (len == 3 && memcmp(input, "irl", 3) == 0) { printf("+-----+\n"); printf("| irl |\n"); printf("+-----+\n"); printf("\n"); printf(" gopher://irl.

January 05, 2021 12:00 PM

January 04, 2021

Iain R. Learmonth

Face

Installing Gophernicus on OpenBSD

Installing Gophernicus on OpenBSD was actually rather simple. It is packaged so a simple: doas pkg_add gophernicus will install the necessary files. According to the pkg-readme the preferred way to run it is through inetd so that’s what I set up. The exact line I added to /etc/inetd.conf was: gopher stream tcp nowait _gophernicus /usr/local/libexec/in.gophernicus in.gophernicus -h irl.xyz In the example, the hostname is in double quotes but the quotes ended up appearing in gophermap outputs so I removed them and testing with lynx everything is working now.

January 04, 2021 12:00 PM

October 06, 2020

Iain R. Learmonth

Face

OpenBSD Worrying RAID

I wanted to move a couple of USB hard drives from one OpenBSD machine to another. They are configured with softraid(4) as RAID 1 (mirrored). When I plugged the drives into the new machine though, nothing happened with softraid. This was pretty worrying. Both the drives showed in dmesg output so the issue was specifically to do with softraid. The man page for bioctl(8) talks about -c creating a “new” RAID device which sounded a little too destructive.

October 06, 2020 11:50 AM

October 03, 2020

hibby

Face

Radio Power in the Field - Follow on

Previously, I wrote about building a battery for my portable radio operations. This project has been a long and agonising one. Batteries are really difficult, and I spent a good chunk of June, July and August thinking about them. The Winning Design As I discussed in that last blog post, the architecture I settled upon was: I’ve learned quite a lot, made a large number of wrong assumptions and joined a lot of dots in my head as this has gone on.

October 03, 2020 05:00 PM

Tom Jones

Face

Presentations with remarkjs

[I enjoyed using][1] mdp to write slides, being able to hammer in markdown gave a satisfying sense of flow and I felt like I was able to get the slides out of my head in a straightforward manner. But I knew for my eurobsdcon presentation I was going to have to include photos of equipment and maybe even demo videos.

Shelling out to vlc or feh for pictures and video wouldn't do, it would throw off both me and the audience. That ruled out using mdp for making slides and it also ruled out using sent from suckless

I canvassed around on mastodon and tried out a bunch of other tools, the main factor in ruling out most of the tools was there handling of very long titles. Something I couldn't avoid when the title of my talk was 84 charactars.

remarkjs was the tool I settled on.

remarkjs can take slides either as an external markdown file if you have a way to serve them to the js, or embedded into a html file. I ended up embedded the slides into the markdown as this was the fastest way to get from nothing to having some slides appearing. remarkjs has a boat of documentation, which I thourghouly ignored until after the presentation, in fact in the days after when I was toying with implementing a presentation view I found remarkjs already has one built in!

remarkjs was great for authoring into, the ability to add style to documents was a big bonus for me too. The fact there was style did mean I had to write some css to get videos into the right place in the slide was annoying, but it worked out well.

Integrating diagrams

My mdp slides included diagrams as most slide decks do, I wanted to add diagrams to this slide deck. The mdp diagrams are just ASCII art, showing ASCII art in a web page is fine, that is show I made a sharable version of the page, but I felt I could do better.

goat can render ascii art diagrams in a restricted set into svg diagrams.

example example example

Gives an svg diagram like:

svg

The svg output is very verbode and really not something you would want to embed in the middle of a slide deck.

svg quoted cut off

For this to be managable I wrote a python script to 'render' the document. The script searches the input for lines starting with 'diagram:' and takes the remainder of the line as a file name to render and substitute.

import sys
import subprocess

filename = sys.argv[1]
infile = open(filename, 'r')
outfile = open('out.html', 'w')

cmd = "cat"
cmd = "goat"

for l in infile:
    if l.startswith('diagram:'):
        if len(l.split(' ')) != 2:
            print('bad line {}'.format(l))
        diagram = 'diagrams/{}'.format(l.split(' ')[1].strip())

        result = subprocess.run([cmd, diagram], stdout=subprocess.PIPE, encoding='utf-8')
        if result.returncode == 0:
            count = 0
            outfile.write('.center[\n')
            for o in result.stdout.split('\n'):
            #    print('    ' + o)
                outfile.write(o + '\n')
            outfile.write(']\n')
        else:
            for o in result.stdout:
                print(o, end='')
            outfile.write(l)
    else:
        outfile.write(l)

infile.close()
outfile.close()

I really like remarkjs

I was happy enough using remarkjs that I was considering adding a presentation mode. However there are some downsides, firefox really struggled when rendering slides, when I had 40MB mp4 video files firefox would peg all cpus, as the slides were just a page the autoplaying video pulled firefox down all the time.

remarkjs "supports" exporting to pdf via chromes print preview, but all I could get chrome to do was hang. Someone else managed to get an export from safari, overall not the best.

[1]: mdp post

October 03, 2020 12:00 AM

September 27, 2020

Iain R. Learmonth

Face

Multicast IPTV

For almost a decade, I’ve been very slowly making progress on a multicast IPTV system. Recently I’ve made a significant leap forward in this project, and I wanted to write a little on the topic so I’ll have something to look at when I pick this up next. I was aspiring to have a useable system by the end of today, but for a couple of reasons, it wasn’t possible.

September 27, 2020 09:35 PM

September 24, 2020

Ana Custura

Firefox modding with containers and SOCKS proxies

Here’s a guide to my lazy setup for running multiple Firefox tabs in the same session over different networks using the magic of SOCKS.

The use-case is that I sometimes want to access a web app or page which is only accessible via a specific network (i.e., my work network or Tor), but I most definitely don’t want the rest of my browsing traffic going through there.

The general idea is to use long-running SSH tunnels to provide one or more SOCKS5 proxies that can be used by Firefox (or your browser of choice). SOCKS is a protocol that allows applications to request connections through a proxy server. Applications, such as Firefox, must be configured to use it.

Generally, to do this manually, you’d first SSH with dynamic forwarding into a host on the desired network:

ssh -D1080 user@host

…and now a SOCKS proxy on localhost port 1080 is ready to forward connections to the remote host. Tor also provides a SOCKS proxy that can be used in much the same way by default on port 9050. This does not conflict with Tor Browser, which runs its own Tor daemon listening on port 9051, separate from the system Tor.

So, to use the proxy in a browser, the browser’s network settings should be changed to resemble something like this:

Firefox settings

Firefox also has a checkbox for proxying DNS requests through the same connection.

It’s a good idea to proxy your DNS requests because 1) the remote DNS resolver might know names of resources you can’t access locally and 2) due to the prevalence of CDNs in the Internet, the IP addresses obtained this way will often correspond to servers physically closer to the tunnel endpoint, speeding up connections.

These settings could be saved under a separate Firefox profile that can be fired up whenever the SSH connection is active. Any browser requests will be forwarded to the network of the host you’re SSHed into.

Now, this is an easy substitute for a VPN, but still requires launching a new SSH connection and browser instance every time you want to browse via the remote network. Plus, multiple networks mean multiple profiles or multiple SSH connections which is a pain to manage.

Enter Firefox containers and autossh. The first is an extension that allows you to keep website data, cookies, and cache separate between tabs and websites by assigning them to different containers.

The second is a way to maintain an SSH tunnel indefinitely. The way to glue them together is Container Proxy, another Firefox extension that allows per-container proxy settings.

Here’s how it works:

Autossh and Tor

This is a wrapper around ssh to keep tunnels open indefinitely in the background. It can use any SSH option or config. For simplicity, I have the following config specified for my proxy host in ~/.ssh/config:

Host pxhost
    Hostname pxhost.example.com
    ServerAliveInterval 30
    ServerAliveCountMax 3
    DynamicForward 1080

This command will run autossh in the background, forever keeping the connection alive.

autossh -M 0 -f -N pxhost 

To persist this on reboot, I use a systemd service file for Linux and a @reboot cronjob for macOS.

I also have Tor configured to run at startup, allowing me to use it alongside other connections. Tor can run as a service on distros using systemd. On macOS, I modified the .torrc file in my home directory to include RunAsDaemon 1, and just running tor with no options on the command line starts the SOCKS proxy.

Firefox Multi-Account Containers

The extension can be found in the official Firefox store. I have three containers: a Direct container for day-to-day browsing without a proxy, a Work container for accessing some infrastructure at work via an SSH connection into my work computer, and a Tor container for looking at .onion addresses or other web pages over Tor:

Firefox Containers

Tabs opened in each container are colour coded, and easy to keep track of.

An important note about the Tor container: using Tor as a proxy and not using Tor Browser does not provide anonymity, because any other browsers will leak client information allowing 3rd parties to identify users. I do this mostly for convenience and sometimes to avoid eavesdropping from my ISP. However, if you want anonymity, USE TOR BROWSER!

Container Proxy

Proxies for containers are not supported natively in the official Firefox extension. At the moment, another extension is required to make the containers use the tunnels. While not checked by Mozilla, this is open source and the code is auditable at https://github.com/bekh6ex/firefox-container-proxy.

It lets you configure and test the proxies with DuckDuckGo, and assign them to containers:

Container proxy setup

If the tunnels are set up to persist on reboot, and your Firefox profile is not entirely erased with the latest update, this is how it looks/works:

Example container

That’s it. Containers are cool. Use more containers, before Mozilla dies off.

September 24, 2020 12:00 AM

September 21, 2020

Iain R. Learmonth

Face

Matrix Synapse Certificates

I’ve had a need to set up and run a Matrix homeserver and I wanted to try to set it up for general use as well as just for this project. The one thing I wanted to do that is a little non-standard is to use the “plain” domain for my user ID while hosting the homeserver on a subdomain. In this case I wanted to use “irl.xyz” as the user ID domain, and “syn.

September 21, 2020 09:32 AM

August 31, 2020

Iain R. Learmonth

Face

Portable Radio Setup

I’ve been wanting to document my portable radio setup for a while, so finally here is that blog post. This is a QRP setup, intended primarily for digimodes on HF. HF antenna set up on Elrick Hill, Aberdeen First I want to talk about the antenna setup. Pictured above is the antenna set up on Elrick Hill in Aberdeen. I walked straight up the hill last weekend with the kit and had the antenna up in under 10 minutes.

August 31, 2020 04:15 PM

August 29, 2020

Ana Custura

For sale

VX-8E VHF Amateur Handheld Transciever for sale

  • TX on 70cm, 2M and 6M.
  • Built-in packet modem 1200/9600bd with APRS support
  • Comes with mounted GPS antenna, charger, 3100mAh battery, extra clip and original battery pack
  • 5W power output
  • Modes: TX FM, RX FM/AM/WFM
  • Full specs: http://rigpix.com/yaesu/vx8e.htm

Asking price for radio, accessories and postage is £180. Contact ana@netstat.org.uk.

August 29, 2020 12:00 AM

/pubs

Impact of Acknowledgements using IETF QUIC on Satellite Performance. Ana Custura, Tom Jones, Gorry Fairhurst. ASMS/SPSC 2020: 1-8

Rethinking ACKs at the Transport Layer. Ana Custura, Tom Jones, Gorry Fairhurst. FIT 2020: 731-736

Measuring mobile performance in the Tor network with OnionPerf. Ana Custura, Iain Learmonth, Gorry Fairhurst. MNM 2019: 233-238

Exploring Usable Path MTU in the Internet. Ana Custura, Gorry Fairhurst, Iain Learmonth. Traffic Measurement Analysis 2018: 1-8

Experience: Implications of Roaming in Europe. Anna Maria Mandalari, Andra Lutu, Ana Custura, Ali Safari Khatouni, Özgü Alay, Marcelo Bagnulo, Vaibhav Bajpai, Anna Brunström, Jörg Ott, Marco Mellia, Gorry Fairhurst. MobiCom 2018: 179-189

Exploring DSCP modification pathologies in the Internet. Ana Custura, Raffaello Secchi, Gorry Fairhurst. Comput. Commun. 127: 86-94 (2018)

Exploring DSCP modification pathologies in mobile edge networks. Ana Custura, Andre Venne, Gorry Fairhurst. MNM 2017: 1-6

August 29, 2020 12:00 AM

August 04, 2020

hibby

Face

SOTA Trip Reports: July 12, August 01, 02 2020

Here’re my first sota trip reports. I made some mistakes and have lots to learn still, but they were great days out and I’m dead keen to do more. Most importantly, I’ve got better at radio in general - I’m much more comfortable on a microphone, I understand the flow and format of an HF contact far better. It’s very different from the datamodes I’ve been doing for years! One thing that I’ve noticed, and it probably deserves mentioning, is that the SOTA web infrastructure is some of the best I’ve seen in ham radio.

August 04, 2020 07:50 PM

July 06, 2020

hibby

Face

Splat for UHF radio station coverage modelling

I’ve been talking to Iain, MM0ROR a bit on the radio. After I persuaded him to build a 70cm version of the 1/4 wave vertical antenna I built earlier this year, I helped him test it on the radio tonight from my new /m setup. Initially I drove to the picturesque Aberdeen Beach, then the less pretty 57North Hacklab, and finally I took the long road to the very lovely Balmedie Beach, and for the bulk of the drive nattered away to Iain about nonsense and radios.

July 06, 2020 10:59 PM