Category Archives: Computing

Computing, networking, and the like. Non-Ham Radio related.

Ohio Section Journal – The Technical Coordinator – September 2019 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. cAUZRdnMNrU?start=2051Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at:

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

A ham in the section asked me about obtaining the latest Linux kernel. Not wanting to deal with problems found after the operating system install media was released, the latest stable kernel version available was what he wanted to be installed during setup.

Before I get started, if you are not familiar with Linux and have not read my April 2018 OSJ article, I encourage you to do so as some of the terminology defined will be used here.

There is not an easy answer to the question which version of the kernel is “stable.” The answer is: it depends. Depends on:

  • Definition of stable. There will always be bugs and constant fixes being released. Most IT personnel take ‘stable’ to mean: the least amount of issues after testing and polishing.
  • Linux distribution. How well does a kernel version work with the packages and drivers of a distribution. Availability of a new stable kernel depends on maintainers, developers, and the community’s time to update everything including programs, libraries, and drivers. Then test, document, ship, and address bug reports.

At kernel.org, there is a giant yellow button which indicates “latest stable kernel.” As of this writing, currently 5.3. Terminology on the Kernel Archives website for the different kernel types:

  • mainline = beta
  • stable = less issues
  • longterm = maintained and updated longer, typically for business production systems
  • linux-next = patches for the next version of mainline, stable, longterm

Logging into a handful of updated Linux devices I have around the house, their kernel versions:

  • Fedora 30: 5.2.14
  • AllStar Node (Debian 9): 4.9.0
  • Raspberry Pi – AllStar node (Arch): 4.14.97
  • Raspberry Pi – stock install (Raspbian Buster): 4.19.66
  • Wireless access point: 2.6.36

You’ll notice exactly zero are on 5.3. Even Fedora, which is considered a “bleeding-edge” Linux operating system will lag behind. Fedora is currently a single release behind the stable channel. Each distribution has their own definition of “stable” because it’s up to each distribution to maintain and update their releases.

A similar situation exists for software packages too. There will often be different versions of the same named package between different Linux distributions. Packages Managers almost always lag behind source code releases. For example, the Linux printing system software called CUPS for Common UNIX Printing System (cups.org), its latest is version 2.3.0. The latest in the Fedora 30 package manager is version 2.2.12. Therefore, 2.2.12 is the latest stable CUPS install for Fedora 30. Version 2.3.0 will be available when it is approved.

I have nearly 2000 packages installed on one of my systems! That seems like a lot but some are very small and Linux is very modular. Some are programs I installed like VLC or YouTube downloader. Others, I have no idea. Those are likely dependencies for other packages or programs pre-installed by the distribution. Anything beginning with “lib” is a shared common library. Packages prefixed with a program name are modules of that program: “cups” is the core printing system while “cups-filters” are the printer libraries for CUPS. Some are required system packages. “tzdata” is time zone data – so the system knows about different time zones, changes DST correctly, and processes leap-seconds. “Mint-themes” are themes for the Linux desktop GUI Cinnamon.

Linux diehards will “compile from source.” To get the absolute latest and greatest features and fixes, this practice involves downloading the plain-text source code and compiling it into machine executable code manually. It takes alot of trial-and-error to get a successful compile. Not only is the program source needed but the source code for any dependencies and libraries will also be required. Most will say this is to validate the code, add their own custom modules to the kernel, or do kernel development.

Could someone download and compile kernel 5.3 for Fedora, Ubuntu, Mint, or any other distribution? Absolutely. Fedora has a process documented to update the kernel manually. It’s 15 pages. Or you can run a single command. You choose. But you have to deal with any issues that arise from using a custom version of the kernel and doing so is unsupported by most distributions. I have no reason to be on a later kernel version before it is made generally available by the Fedora project.

Unless there are bandwidth concerns, there is little reason to worry about installing the latest version of the OS. The package manager will handle all updates to the kernel, operating system, and programs. Updates through the package manager have been approved for that version of the operating system by those who maintain those programs. It does not mean updates are 100% bug free. There is no need to install updates the minute they are available – even every-couple-weeks will be OK. We’ve all been trained like Pavlov’s dog to install updates the minute we see that pop-up. Thanks Windows. Cherry-picking is not a good idea either – unless you have a specific reason not to install an update, like an incompatible version of Java with another program.

How to install the latest Linux OS updates? I’m a command line guy because I was brought up on the DOS and Linux command lines. Recent Linux distributions have both a CLI (command line interface) and a GUI (graphical) package manager. Once the Live CD install is complete, reboot. When logged in, open a terminal window.

For Red Hat based systems (Fedora, CentOS), run:
sudo dnf -y update
Replace dnf with ‘yum’ on older installs.

For Debian based systems (Ubuntu, Mint, Raspbian, etc), there are two commands:
sudo apt -y update
sudo apt -y upgrade

The -y option means “assume yes” to any download questions or repository updates. GUI versions vary but usually involve refreshing the repository data and selecting all updates. These should always be run after a fresh install. When complete, reboot the machine. I run these update commands about once a week, maybe more if I’m waiting for an update or fix. These can be run at any time after installation as well.

On the topic of operating systems, the much beloved Microsoft operating system Windows 7 will no longer be supported after January 14, 2020. Windows 7 reaching end-of-life means there will be no further security updates – in theory. Even after Windows XP reached EOL, Microsoft went back and patched some “really bad” vulnerabilities in all operating systems, including XP. I can’t say the January 14th date will be extended or moved beyond that date nor can I say how long Windows 7 will remain a safe operating system to use. For the first time ever at the beginning of this year, the number of Windows 10 users just passed the number of Windows 7 users. That means about half of Windows users are still running version 7. There was talk of hackers stockpiling Windows XP exploits that would be released the minute Microsoft stopped updating XP, bringing the world to its knees. That was more hype by the media than reality. Chrome and Firefox browsers continued to support XP until a time came when they decided it was more work than it was worth.

A conversation I had recently, this person was of the mind that Windows 7 is going to stop working all together after January. Not true. It will still work as normal after January 14. You may see nag screens saying Win7 is no longer supported encouraging update to Windows 10. This is not a requirement to continue using your computer because Windows 7 will continue to run fine, you know, until the machine dies. There will be problems installing 7 on certain newer hardware because Microsoft thinks regression testing and customizations for Windows 7 security on modern hardware will introduce more problems. This time may, however, be the last chance you can upgrade to Windows 10 for free, for the life of the computer. If you qualify and have the latest Windows 7 updates installed, you will receive a pop-up from Windows saying ‘Microsoft recommends upgrading to Windows 10.’ This is a similar promotion to the one I talked about in April 2016.

In general, users have grown numb to the constant updating and bloatware of Windows 10. Believe it or not, Microsoft solved all the real problems with Windows 10. It’s called Microsoft Windows 10 LTSC (Long-Term Servicing Channel). It’s fantastic. It doesn’t force you into feature updates, doesn’t have the Windows Store crap, Cortana junk, or Customer Experience tracking. Feature updates can be delayed 18-24 months instead of having to be applied every 6 months. Not to mention Microsoft has frequently pulled back feature updates nearly as soon as they are released due to lack of adequate testing. The gotchya is you need access to a costly MSDN subscription. This version is out there if you look for it. Microsoft heavily criticizes the use of LTSC saying ‘users want feature updates.’ No, they don’t, that’s why users are seeking out a usable version of your crappie ‘modern’ operating system.

Time Code Generator for WWVB (wwv100.com)

The oldest continuously operating radio station in the world deserves a grand celebration. The Northern Colorado Amateur Radio Club (NCARC) will operate a special event amateur radio station with the call sign WW0WWV, on the WWV property starting September 28 and going 24-hours a day through October 2. For information on the Special Event Station visit: wwv100.com. In addition, HamSCI and the Case Amateur Radio Club of Case Western Reserve University (W8EDU) will sponsor a “Festival of Frequency Measurement” on WWV’s centennial. They are hoping to measure 5 MHz propagation over a given day and compare measurement techniques. HamSCI’s first attempt at measurements occurred during the total solar eclipse in 2017.

Jim – W8ERW, Technical Specialist for the Ohio Section, gave an informative presentation at the Wood County Amateur Radio Club in August about ARDEN MESH networking. He talked about generations of devices used for MESH networking, including the infamous Linksys blue-box, and brought many pieces of his own equipment for demonstration. Seneca county is getting involved and finding plenty of uses for MESH. If you would like a presentation for your club about MESH, get in touch with Jim.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – August 2019 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. cAUZRdnMNrU?start=2051Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at:

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

July 18, 2019. The date ham radio and the Internet changed forever. Most hams didn’t know it or even know that we had a block of 16.7+ million Internet IP addresses for our exclusive use. Keyword: had.

If you’re not familiar with networking and CIDR notation, CIDR (pronounced similar to the drink, cider) is a method used to note networks and ranges of IP addresses. A computer network is a connection of devices or nodes that can communicate and share resources with each other. For example: Your home PC may have the IP address: 192.168.1.100, subnet mask: 255.255.255.0. In CIDR notation, this is written as 192.168.1.100/24. Similarly, the network 192.168.1.0/24 means the same subnet mask and includes the IP above. Usable IP addresses are 192.168.1.1-192.168.1.254. “.0” is unusable as it is the network address, “.255” is not either because that is the broadcast address between all devices on that network. Since the PC has 192.168.1.100, it can communicate with devices in the 192.168.1.0/24 range. Know that smaller CIDR notations mean bigger networks (more IPs). Larger CIDR notations mean smaller networks. Networks can be broken down into smaller networks or combined to form larger ones – maybe not quickly or easily, it can be done.

In the early days of the Internet, it was believed if a node were to communicate on the Internet it had to have a public Internet address. With this thinking, very large /8 networks (16,777,216 IPs each) were assigned to companies and institutions such as: HP, Xerox, IBM, Ford, Boeing, MIT, Halliburton, Stanford, MSU, Bell Labs, DuPont, the USPS, and the DoD. They were cheap and easy to obtain! Having large networks is no longer necessary due to advances in Network Access Translations or NATs which remap one network space into another network space.

Dr. Jon Postel (Wikipedia)

Back 40 years ago when the Internet was new and the original creators thought 4.2 trillion IP address were enough for the entire world, Hank Magnuski, KA6M and others saw the possibilities of the Internet. They obtained an Internet allocation from Dr. Jon Postel who, at that time, was responsible for overseeing allocations on the Internet. Today, allocations are the responsibility of IANA. Much like property, IP address spaces can be bought, sold, squatted, and even taken over in some cases. The non-profit organization Internet Assigned Numbers Authority (IANA) oversees Internet IP address allocations.

The allocation that was obtained is called AMPRNet (AMateur Packet Radio Network) or Network 44. In 1981, it was provided exclusively for Amateur radio operators to use packet radio, TCP/IP, and digital communications between computer networks managed by Amateur radio operators. The network consisted of addresses 44.0.0.0 through 44.255.255.255, in Internet notation 44/8 or 44.0.0.0/8, consisting of 16.7+ million IPv4 addresses.

TCP/IP was, at one time, an emerging standard and in minority use because of the protocol complexity. In typical fashion, packet node owners were outraged with this IP protocol and few systems on HF operated with this protocol because of the amount of overhead. TCP/IP then goes on to become the foundation of the Internet and in use by every device on the Internet today. Think about that anytime someone complains they don’t want to support or do something because they don’t like it.

In 1986, an agreement mandated about 8 million addresses of 44/8 be assigned for use within the United States under FCC regulations (44.0/9) and the other 8 million (44.128/9) for deployments in the rest of the world.

San Diego Supercomputer Center, host of AMPRNet internet gateway, and CAIDA/UCSD network telescope (Wikipedia)

Since 1990, most packets destined for 44/8 were handled by a router at the University of California, San Diego. This forwarding router was originally named mirrorshades.ucsd.edu, later gw.ampr.org or “AmprGW.” This Internet “border” router (gateway) is used to route packets to and from the ordinary Internet to computers or nodes on AMPRNet. When a request hits the Internet for network 44.0.0.0/8, it is routed to UCSD. Different protocols are used to deliver the packet from the Microshades router to the destination IP address in any part of the world. Internet routers like these would be similar to an Internet Service Provider (ISP) router often handling multiple networks at once and at multiple gigabits/second transfer rate.

In 2001, UCSD used 44/8 for research as an Internet Telescope which allows observation of large-scale events taking place on the Internet using Internet Background Noise and backscatter. Backscatter is used to determine Denial of Service (DoS) attackers and victims. They were able to monitor the Code Red computer worm in 2001. All data was captured and used to generate historical trends and data. For example, when attackers on the internet start probing systems with a known set of criteria, they can go back and look when those probes first started appearing on the Internet. In 2003, 0.75 terabytes per month was recorded. In 2016, 37 terabytes per month is seen.

Since hams have had AMPRnet, many have taken advantage of it for single use applications or using small blocks on a long-term lease at zero cost. It has been used for communications ranging from simple TCP/IP connectivity, digital voice, telemetry, and repeater linking. However, not more than half of the network was ever used. Peak usage happened between 1985-1995. According to the group now overseeing 44/8, Amateur Radio Digital Communications (ARDC), a U.S. 501(c)(3) organization, less than one-third of the network is in use today and some address blocks have never been used.

It wasn’t too long ago (5-10 years) that I learned about AMPRnet when I became involved in supporting an APRS Igate. I knew APRS was using the space in some aspect, the EchoLink mobile app uses the 44 network, Michigan is actively using their allocation, and Europe was using it for their HamNET Mesh. I assumed the network probably wasn’t utilized but hopeful it had enough use to keep it in the Amateur Radio community. I would have like to have liked to see ham radio Internet technologies utilize network 44 like mesh, hot spots, and newer digital voice modes (D-STAR, DMR, and Fusion). It’s a cost and complexity issue. While there is no way to put a device on the Internet with a random IP address and expect the Internet to know how to reach that device. Routes and paths need to be established as was done with the UCSD router or other routing equipment which can be very expensive to setup and

HamNET Mesh (Wikipedia)

maintain. Too costly and too complex to support, other easier methods were utilized.

American Registry for Internet Numbers (ARIN), who is responsible for distribution of IP addresses on the Internet, declared on September 24, 2015 their available IPv4 pool was exhausted. The Internet was quickly running out of IP addresses! This lead the push to IPv6, which is exponentially larger. IPv4 has 4.2 trillion IP address (minus some for special uses). IPv6 has 340 undecillion, or 340 billion billion billion billion, addresses. You could assign multiple entire IPv4 sized networks per household under IPv6 and still have some left over! Exhaustion caused IPv4 allocations to become much more valuable.

Companies and institutions who still owned all or large parts of their originally assigned networks were now sitting on a gold mine. Supply and demand: a resource (IPv4 addresses) is scarce but many people want IP addresses. The price will rise, at least until IPv6 is closer to universal adoption.

This led to the ARDC decision to sell off about 4 million addresses from 44/8 on the marketplace. Total network value of 44/8 was estimated to be $100 million. From their press release:

"...in mid-2019, a block of approximately four million consecutive AMPRNet addresses denoted as 44.192.0.0/10 was withdrawn from our reserve for Amateur use, and sold to the highest qualified bidder at the then current fair market value. This leaves some twelve million addresses devoted exclusively to Amateur Radio uses, which is far greater than the number of addresses which are currently or have ever been in use. We believe this is far more than the number of addresses that will ever be needed by hams before IPv6 takes over the Internet. We also believe that was the prudent and proper time for this sale to take place, for a number of good reasons, among which are a recent levelling off in address prices and a lessening demand as only a few large buyers are left in the market for such a large block of addresses."

We now know the highest bidder was Amazon at a price of $50 million completed July 18, 2019. There is no intention by the ARDC to sell any more of the network. Post sale, AMPRNet consists of addresses 44.0.0.0 through 44.191.255.255 (44.0.0.0/9 and 44.128.0.0/10). Portion sold was the uppermost 25% of the address space, 44.192.0.0 through 44.255.255.255 or 44.192.0.0/10.

Some of the guys at work heard about this before I did because it was trending on Reddit. Initially, like most of the comments, I too was outraged. Though, figured it was coming sooner or later. An IPv4 shortage, a valuable /8 not being utilized. Wasn’t hard to put two and two together. I’m never one to say never. ‘We’re never going to use something.’ How do we know? Maybe hams develop the next Internet with that address space. Putting the politicking and whining aside, taking them at their word (continuing from the press release):

"It is our intention to grant funds across all reaches of the educational, research, and development spectrum, with awards being made to support qualified organizations whose programs could well serve to advance the art of digital communication, with special emphasis on that which would benefit Amateur Radio.

Additionally, another way we will be able to help our community is to contract with research firms and consultants to carry out related research and development to produce procedures, techniques, methods, designs, and intellectual property that would then be made freely available for the benefit of all."

While I think this is a monumental asset having this money available to promote the hobby and research, I think it puts us in a dangerous spot. To me, the similarities between this example of limited resources on the Internet and the limited resources of our radio spectrum are uncanny: ‘it’s there and not being utilized,’ ‘we’ll never use it,’ ‘resource sold for public benefit,’ ‘take the money and run,’ ‘sellouts!’ This shows that everything is up for grabs and we cannot take it for granted. Just ask France. WRC-23 is considering a proposal to make Aeronautical Mobile as the primary service in the 2-meter ham band. This is how it starts.

Now more than ever, get on our resources and use them. We have more hams now than ever (in the U.S. anyway). Get on our bands. Get on our IP space. Improve the network. Grab some IPv6 space for Amateur Radio. Get involved with organizations and offer support. Yeah, everyone’s busy. If everyone’s too busy to support these organizations, we may lose all of this. Use it or lose it, so “See ya 44/8.”

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – June 2019 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. cAUZRdnMNrU?start=2051Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at:

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

As the Technical Coordinator for the Ohio Section, I’m responsible for the Technical Specialists. The Specialists and I are here to promote technical advances and experimentation in the hobby. We encourage amateurs in the section to share their technical achievements with others in QST, at club meetings, in club newsletters, hamfests, and conventions. We’re available to assist program committees in finding or providing suitable programs for local club meetings, ARRL hamfests, and conventions in the section. When called upon, serve as advisors in issues of RFI and work with ARRL officials and appointees for technical advice.

The Technical Specialists really make all this happen. In the Ohio Section, there are about 15 qualified and competent Specialists willing to help. They meet the obligation of advancing the radio art bestowed to us by the FCC. The TSes support the Section in two main areas of responsibility: Radio Frequency Interference and technical information. RFI can include harmful interference that seriously degrades, obstructs, or repeatedly interrupts a radiocommunication service. Ranging from bad insulators on telephone poles to grow lights and poorly made transformers, they can help with RFI direction finding or assist in locating bozo stations. Technical information is everything else from building antennas, repeaters and controllers, digital, computers, networking, and embedded devices.

How can we help? The knowledge and abilities of your Technical Specialists are quite impressive. Here are some examples of the knowledge the Technical Specialists provide:

  • Documentation and training
  • VHF/UHF portable operation
  • Antennas (fixed, portable, and mobile)
  • Batteries and emergency power
  • Experts in RFI from powerline and consumer devices
  • VHF/UHF/SHF contesting
  • Experts in test equipment
  • Automotive electronic compatibility (EMC) and interference (EMI)
  • Repeaters
  • Digital modes (D-STAR, DMR, Fusion, P25, APRS & IGates. HF: MT63, FT8/4, Olivia, PSK).
  • Computers and networking (VoIP – AllStar link, software engineering, embedded systems – Raspberry Pi, Arduino)
  • Society of Broadcast Engineers (SBE) members knowledgeable in interference problems

This impressive list of qualifications is available to all in the Ohio Section. Looking for help in one of these areas? Need a program for your club? How about a technical talk or forum at your hamfest? Feel free to contact myself. My contact info is near my picture and on the arrl-ohio.org website. I’ll assist getting you in touch with an appropriate Technical Specialist. One of the Specialists might hear a plea for help and reach out to you as well.

Where have all the maps gone?

A lot of ham radio is about location and maps – APRS, repeater locations, grid square, propagation, beacons, satellite, or spotting maps. You may have noticed, starting last year, the quality of maps has degraded or looked different on your favorite website or on your favorite app. You’re not going crazy. It’s because many of those who developed their map around Google Maps API were forced to make some changes and decisions.

Ohio map – Google Maps

If you’re not a programmer, an API stands for Application Programming Interface. APIs are a set of defined tools or commands that can be called allowing for easy communication between different components or systems. If an API is available, they are (supposed to be) well documented and available for anyone to use.

Since the Google Maps service existed, it could be used for free. There were usage limits but they were artificially high enough were most implementations we not going to hit 25,000 requests/day. If requests exceeded the daily limit, the owner was charged $0.50/additional 1,000 requests up to 100,000 in a 24-hour period. If that maximum was reached per day, it was likely a heavy traffic website and commercial in nature where overages could be supplemented.

Last year, Google reduced the number of free requests to 28,000/month, which is the $200 “credit” referred to in their pricing plan. Additionally, it was required of the developer to register for an API key. That key MUST be linked to a credit card even if usage didn’t come anywhere near the free credit. Overages are automatically charged to the linked credit card and amount to $7.00 per 1,000 additional requests.

Ohio map – Open Street Map

It still sounds like a lot of requests per month, but not when I think about sites I have running in the shack. I can easily refresh sites 10 times while I’m operating. If 2,800 other hams did the same thing, all of a sudden, they’ve blown through their free credit. This put many free and non-profit developers between a rock and a hard place. Start shelling out for hefty overage fees for access to Google Maps – which was arguably very good, move to an alternative, or close shop. Commercial sites, which sell products and services or rely on ad revenue, have stayed with Google Maps because they can offset that cost with subscriptions or ads. Free, non-profit, and programmers doing it for fun have moved to a free and open license alternative called OpenStreetMap. I came across one website that said, “I’m done” citing the price hike and closed their site.

These microservices are provided free (as in beer). They end up not being able to monetize the service so they drastically change it or its pricing. This is happening quite often in tech and will continue as we rely more and more on other services.

100 Points at Field Day!

The next big ham holiday, Field Day, is right around the corner! Get out and join your club or find a club to join if you’re not a member of one. It’s a great time to bring friends or hams that have been out of the hobby excited about ham radio. Hams that come out get bitten by the bug to expand their station or learn a new mode. Check the Field Day Locator for operations taking place near you.

Sending 10 messages over RF from your site gets you 100 points – including Winlink messages. I love to receive messages about your setup, stations, operating, or social activities taking place. These can be sent via the National Traffic System (NTS) or Winlink – K8JTK at Winlink.org – to my station. I haven’t seen the usual post on the Winlink site of other stations willing to receive messages from Field Day stations as in the past.

With July around the corner, if you’re looking to do something while flipping burgers at your 4th of July picnic, my favorite event 13 Colonies Special Event will be on the air July 1 – 7.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – December 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at:

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

Hi. My name is Jeffrey and I am a Windows user. Yes, I migrated my laptop a couple years ago from Windows 10 to Fedora Linux and six months ago did the same for my main desktop. Windows applications are better. THERE I SAID IT. I can hear the hate mail rolling in. Anyway, I’ve encouraged readers to check out Linux as a Windows alternative. These are my experiences moving to a (mostly) Linux world over the last 6 months.

My goal was to move to Linux as my daily operating system. That is done. In that transition, find Linux programs equivalent to the Windows applications I was using. Anything I couldn’t find suitable replacements would be run in a Windows virtual environment.

In previous articles, I’ve written about the disaster that has become Windows 10 and my desire to find a less restrictive and obtrusive operating system. I settled on Fedora Linux because the virtualization worked better in my experience over Ubuntu. Moving my main desktop away from Windows was the last hurtle. This PC serves the duties of: audio & video recording (DVR mostly), ripping, editing and playing, graphics editing, web site editing, file storage and backup, virtual environment, web surfing, ham radio programming, and experimentation station. That pretty much covers it. You could throw in gaming about 10 years ago – who has the time? Also, the occasional document (image) scanning. This will become important later.

In my experience, what does work?

  • Linux works. I have not had any issues getting Fedora to work on stock laptops or my custom-built desktop machine. With few drivers to install, all hardware works including USB 3.0. Most of the pre-installed programs (graphics viewer, LibreOffice, music & video player) are very usable programs.
  • Package manager. This keeps the operating system and programs updated when approved by maintainers of the distribution. When I can, programs are installed through the package manager and I’ve accepted all updates when made available. I may have had a Kernel issue once or twice but simply selected a previous version at boot time.
  • Customization. I spent some time trying out different desktop environments because I cannot stand tablet-style interfaces in desktop environments on non-touch screen devices. Gnome, I’m
    Oh My Zsh customized terminal

    talking about you! Cinnamon is probably the closest to a Windows desktop-like feel with start menu, taskbar, and system tray. This is the one I choose. Customization tools import and apply different theme options. I replaced the bash shell with Oh My Zsh. Came for the themes. Stayed for the awesome autocomplete.

  • Virtualization works very well with VirtualBox. I’m looking at getting virt, virt-manager, and KVM working in the future.
  • Cross-platform apps. I’ve had good experience with applications that have a strong user base and are ported to different platforms. These apps would include VLC (formally VideoLAN), HandBrake, Thunderbird, Firefox, VirtualBox, and VeraCrypt. This is likely because development efforts contributed to the project benefit all platforms.
  • Web apps. Many services today are moving away from software installed on a PC to web based services. Having a modern web browser is all that is needed to interact with these services.

Where have I run into issues?
(Lack of) Popularity, including vendor support. This covers 75% of my issues. According to StatCounter Global Statistics, looking over the last two years at desktop and laptop platforms used to browse the web, Linux hasn’t passed the 2% mark and is currently holding steady at about 0.8% in the U.S. In comparison, OS X is at about 20% and Windows about 75%. Servers typically don’t browse the web so these numbers represent users running Linux to do a common computing activity, like browsing the web. When there are financial decisions to be made on developing an app or service, you’re going to go where the customers are. Linux hasn’t gained any significant market share when compared to that disaster operating system or the hardware priced out of the budget of average users (Windows & Mac).

Fedora Cinnamon spin

Vendors are simply not focusing a lot of their resources on a small segment of users when others like Windows eclipse that 2%. I’ve run into a couple examples. First being the drivers for the NVidia graphics card in my desktop. The process of getting this driver installed is a fairly complicated process. It’s dependent on system BIOS and involves editing Kernel boot options – not something average computer users are comfortable doing. If you’re lucky, you’ll magically end up with an NVidia driver that works with the installed Linux Kernel. The open-sourced driver, Nouveau, generally works for me but I notice flickering on some screens like ones with dark gray backgrounds. Nouveau has crashed a couple times when I had a bunch of applications running at once. A sinking feeling knowing how many applications I had open and not knowing when I last clicked save is not my idea of a good time.

I installed the Epson Linux image scanning driver for my flatbed scanner. The app very closely resembled the Windows application which made it familiar to use. However, though the manual indicates I should have been able to scan multiple pages and save them as a single PDF file, I did not have this option. I tried the native Fedora app, Simple Scan. It was way too simple. Automatically scanning the next page of a multi-page document after a selectable 3-15 second interval didn’t make any sense to me. Others I tried created ginormous sized PDF documents, 50MB file vs 3MB using the Epson Windows app. There is no reason to have files that large and some email systems have attachment limits of about 25MB.

In August, Dropbox announced they were dropping support for almost all Linux file systems. Many users were upset. Speculation was Dropbox had to support a wide variety of Linux distributions, file systems, desktop environments, and Kernels where they didn’t see any return on this investment. Companies often take a chance hoping users purchase paid subscriptions to support further developments in these areas. Linux users weren’t subscribing to sustain further development and support, so it was dropped. Most Linux users like free stuff because, well, the operating system itself is free.

I would say the remaining 25% of my issues are round quality of applications. While there are video ripping, editing, and authoring tools available, they don’t hold up to the Windows tools I’m using. Most users are on Windows so that’s where companies devote their time. Application authors who set out to make equally good tools in Linux may run into problems or lack of interest either in terms of downloads, support from the community, or through life, job, or family changes. Handbrake and VLC work as well in Linux as Windows. Video stream repair and splitting, DVD and Blu-Ray authoring, DVR, and audio ripping – not so much. Still using Windows applications. Not saying all Linux tools are bad because there some really powerful ones.

My desktop was the big obstacle to accomplishing my goal of getting Linux as my daily operating system. 99% of the time that system is running Fedora. I do have a number of virtual Windows machines for things like MS Office, radio programming, SDR programs, and my cord-cutter service – which says it will work in Chrome, but its only Chrome running on Windows. For applications and hardware interactions that didn’t work well in a virtual environment, I resized my original Windows partition down to about 30 GB and boot into Windows only when I need it. My shack PC is going to stay on Windows 7 because some of my ham activity is tied to programs only available on Windows.

These have been my experiences in moving away from the Windows disaster into an alternative desktop & laptop platform – Fedora Linux. These might motivate you to try Linux or some other Windows alternative. It will be like learning something new for most people. I had ideas of what the experience would look like and challenges having supported and programmed in Linux environments for the better part of a decade. The Mac platform has really become popular with great applications and great support from Apple. If you’re not willing to drop a significant amount of money on their devices, consider looking at Linux as an alternative.

Late breaking for FT8 users: if you operate either the very popular FT8 or MSK144 digital modes, please update your version of WSJT-X to 2.0 by January 1, 2019. These protocols have been enhanced in a way that is not compatible with previous versions of WSJT-X. After that date, only the new version of those modes should be used on the air.

Thanks for reading. Happy holidays, Merry Christmas, and Happy New Year!

73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – August 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Aug-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

One ham in our section was having WiFi issues on his back deck. Inside was no problem. Outside the house, the WiFi signal was zero. The service provider was contacted and a technician was sent. On site, the technician tested the line and indoor modem/gateway unit, which is also his WiFi access point. All tested fine.

What does this have to do with ham radio? Nothing. Until the technician said the cause of his WiFi problem was his 160-10m dipole in the back yard. It was very suspicious to the tech and is the cause of his WiFi issues ‘according to their training.’ It got better. Because the tech didn’t have anything like this “suspicious” antenna and had WiFi in his own backyard, this must be the problem of course! This is where I was contacted to consult on the issue.

More likely they are trained that WiFi interference is caused by other sources of RF. This is true. They’re probably trained to spot other nearby transmitting services like police, fire, cell towers, or any building with antennas. Other transmitting equipment will raise the noise floor and may cause interference. The ham didn’t seem to be in the vicinity of other services and this issue was occurring even while he was not transmitting. The suspicious antenna argument was, of course, unfounded.

If you are in the same situation, here are some tips to help determine and solve WiFi problems. Two causes of coverage issues are signal strength or interference. A signal strength problem is most often the culprit where the access point reaches the device but the device doesn’t have the signal strength to communicate back to the access point. Causes could be distance to the access point or some building material is blocking the signal like metal siding or rebar.

ASUS RT-AC5300

Most obvious solution to resolve signal strength issues is move the access point closer to where you want coverage. If the living room and an office needs the best coverage, locate it in close proximity to those locations. This poses problems if the access point has to be located near a certain phone or cable drop in the house (like the basement) because it also doubles as the modem/gateway from the provider. Carrier issued devices with access points are only “OK” for coverage. Mostly because there are no external antennas. The reason access points have multiple external antennas is for diversity reception and something called “beamforming.” Some can detect where the device is located relative to the access point by doing its own version of direction finding. Using multiple antennas, it aims more signal at that device. As ridiculous as the AC5300 access point looks, this is an extreme example of a router capable of beamforming.

There are two bands for consumer WiFi in the United States: 2.4GHz and 5GHz. The device and access point must have both radios to utilize both bands. Typically cell phones and tablets made in the last 5 years are dual-band WiFi. Other portable devices like laptops probably have both but not always. The first Raspberry Pi WiFi module I purchased is 2.4 only. While 5GHz offers more channels and is typically ‘quieter,’ meaning not as many devices and access points, it does not equal coverage of 2.4GHz. 2.4 will have better comparable range.

Interference is another cause of WiFi issues. This could be from another WiFi access point or many access points in an overly saturated environment like an apartment. Since WiFi is low power, anything can easily jam it such as Bluetooth devices and microwaves. In the US, 2.4GHz access points are supposed to be on channel 1, 6, or 11. But nothing is stopping anyone from using adjacent channels. Using adjacent channels causes interference.

WiFi Analyzer (img: Play Store)

Using channel 4 will interfere with both 1 & 6 because of the bandwidth overlap. Interference is typically seen as a strong WiFi signal followed by a significant drop in signal. Things that can create broadband noise like a noisy power supply/transformer or noisy florescent ballast could be interfering near the access point or area you want to have signal.

Ideal thing to do is a “site survey” with a tool like NetSpot. It will create a signal strength heat map of your access point coverage around the house. There is a free version but it is limited. Another program that identifies the WiFi landscape (access points, devices nearby, channels used) is inSSIDer (free version is near the bottom of the page) available for PC and Mac. A similar program to inSSIDer is WiFi Analyzer for Android. These programs will give relative signal strengths but only at that moment. You could plot the signal strength readings to generate your own heat map.

To relocate a WiFi access point without moving the provided modem/gateway, first disable the WiFi in the carrier provided device. Then run an Ethernet cable to a point as close to the location where coverage is desired. Find any old router with WiFi. Configure the WiFi settings in that router, disable the internal DHCP service, then plug the older router into the Ethernet cable. Though any old WiFi router will work, there have been WiFi vulnerabilities discovered as recently as last month where bad-guys can gain access. Use devices with updated firmware.

Another option is try a WiFi range extender/booster or a look at a better access point. Extenders range from $20 to a couple hundred. They connect to your existing WiFi like any other device and re-broadcast the WiFi signal without any additional wiring. I’m a fan of ones that accept third-party firmware like Tomato or DD-WRT.

For the ham who contacted me, he decided to go with a range extender available from his carrier and placed it near the back deck. This is the best option as it would be fully supported and could get help setting it up if needed. Note there is a WiFi technical limitation with extenders that can cut transfer speeds. However, for web browsing and HD streaming, you won’t even notice any reduction.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – July 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Jul-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

Around the time of Dayton, the FBI asked everyone to reboot their routers. Why would they do that? Over the last two years more than 500,000 consumer and small business routers in 54 countries have become infected with a piece of malware called “VPNFilter.” This sophisticated malware is thought to be the work of a government and somewhat targeted with many of the infected routers located in Ukraine.

Src: Cisco’s Talos Intelligence Group Blog

Security researchers are still trying to determine what exactly VPNFilter was built to do. So far, it is known to eavesdrop on Internet traffic grabbing logon credentials and looking for specific types of traffic such as SCADA, a networking protocol controlling power plants, chemical plants, and industrial systems. Actively, it can “brick” the infected device. Bricking is a term to mean ‘render the device completely unusable’ and being as useful as a brick.

In addition to these threats, this malware can survive a reboot. Wait, didn’t the FBI ask all of us to reboot our routers? Won’t that clear the infection? No. In order for this malware to figure out what it needs to do, it reaches out to a command-and-control server. A command-and-control server issues commands to all infected devices, thus being “controlled.” C&C, as they are often abbreviated, allows the bad guys in control a lot of flexibility. It can allow infected devices to remain dormant for months or years. Then, the owner can issue commands to ‘wake-up’ the infected devices (called a botnet) and perform intended tasks. Tasks can range from attack a site, such as DynDNS which I wrote about in November of 2016, to steal logon credentials for users connected to the infected router. Back to the question, the FBI seized control of the C&C server. When an infected router is rebooted, it will try to reach out to the C&C server again but instead will be contacting a server owned by the FBI. This only gives the FBI a sense of how bad this infection is. Rebooting will not neutralize the infection.

Affected devices include various routers from Asus, D-Link, Huawei, Linksys, MikroTik, Netgear, TP-Link, Ubiquiti, Upvel, and ZTE, as well as QNAP network-attached storage (NAS) devices. There is no easy way to know if your router is infected. If yours is on that list, one can assume theirs is infected. As if that wasn’t bad enough, many manufactures don’t have firmware updates to fix the problem. The ones that have fixed the problem did so years ago. Since no one patches their routers, that’s why there’s half a million infected.
First thing to do is gather information about the make, model, and current firmware of your router. Then check for announcements from the manufacturer about affected firmware versions or preventative steps. The only known way to clear this infection is to disconnect it from the Internet, factory-reset the router, upgrade the firmware (if one is available), and reconfigure it for your network – or simply throw it away.

If those last couple words strike fear into your heart, there are a couple options:

  • See if your ISP has a device they will send or install for you. It can be reasonably assumed that devices provided or leased by the ISP will be updated by the ISP.
  • Find someone in your club that knows at least the basics of networking to help reconfigure things
  • Many newly purchased devices come with some sort of support to get you up and running

If you’re a little more advanced and want to learn more about networking:

  • EdgeRouter-X
    Use 3rd party firmware. Currently they are not showing signs of being vulnerable to VPNFilter or other infections. 3rd party firmware projects are often maintained by enthusiasts. They are updated LONG past when the manufacturer stops supporting their own products and updates often happen quickly. Some of those projects include: OpenWRT/LEDE, DD-WRT, or Fresh Tomato.
  • A Linux box could be setup with Linux packages to mimic router functionality or use a distribution such as pfSense or OPNsense.
  • Another great device to use is the Ubiquity EdgeRouter-X for $49.
  • Check the “Comparison of Firewalls” for other ideas.

That $5 hamfest deal isn’t sounding so great anymore. It’s the law of economics for these companies too. $10, $30, or $100 for a device isn’t going to sustain programmer’s time to find, fix, troubleshoot, test, and release firmware updates for a 7-year-old device. It’s a struggle. I think it will come down to spending more on better devices which will be upgraded longer or spend $50-$100 every 3-5 years to replace an OK one.

The Department of Commerce released a report on the threat of botnets and steps manufactures could take to reduce the number of automated attacks. It hits on a number of good points but lacks many details. “Awareness and education are needed.” Whose responsibility is it to educate? I can write articles in the OSJ but I’m not going to be able to visit everyone’s house and determine if your devices are infected. “Products should be secured during all stages of the lifecycle.” Automated updates could take care of this problem but doesn’t address what-ifs. What if the update fails or worse yet, bricks your “Smart” TV as an example? Who is going to fix or replace them? Will they be fixed if it’s out of warranty? Not to mention operating system “updates” are bundled with more privacy violations and ways to monetize users.

There’s a lot of work to be done. I wish I had the answers. Regardless, we all need to be good stewards of the Internet making sure ALL attached devices are updated and current.

More technical details on VPNFilter and citation for this article: https://www.schneier.com/blog/archives/2018/06/router_vulnerab.html
https://blog.talosintelligence.com/2018/05/VPNFilter.html

Finally this month, thank you to all the clubs and groups that sent messages to this station via WinLink or NTS over Field Day weekend. It was the most I’ve ever received, about 12 – 15 messages altogether.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – April 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Apr-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

In all the ragging (er, discussion?) on Windows 10 last month, Bill – K8RWH had some good points and questions about Linux that I decided to write a follow up this month. There is a lot to parse, especially different terminology. The most useful website for Linux information is called DistroWatch, short for Distribution Watch. Most of the information here will come from that site. Let’s get to it.

History

Linux came out of the Unix operating system implemented by Ken Thompson and Dennis Ritchie (both of AT&T Bell Laboratories) in 1969. “Linux began in 1991 with the commencement of a personal project by Finnish student Linus Torvalds to create a new free operating system kernel. Since then, the resulting Linux kernel has been marked by constant growth throughout its history. Since the initial release of its source code in 1991, it has grown from a small number of C (programming language) files under a license prohibiting commercial distribution to the 4.15 version in 2018 with more than 23.3 million lines of [code] … ” (Wikipedia).

Tux

I’d be remiss if I didn’t mention the official Linux mascot. “Torvalds announced in 1996 that there would be a mascot for Linux, a penguin. This was due to the fact when they were about to select the mascot, Torvalds mentioned he was bitten by a little penguin on a visit to the National Zoo & Aquarium in Canberra, Australia. Larry Ewing provided the original draft of today’s well known mascot based on this description. The name Tux was suggested by James Hughes as derivative of Torvalds’ UniX, along with being short for tuxedo, a type of suit with color similar to that of a penguin” (Wikipedia).

Crash course in Linux terminology

GNU/GPL – software licensing methodologies frequently used by Linux and Unix variants.

Open Source – anyone can see the building blocks of a project known as the source code. This is beneficial because anyone with skills can fix and improve upon an open source program.

Kernel – is the core to any operating system (not only Linux). It interacts with and controls the computer’s hardware (mouse, keyboard, monitor/graphics, hard drive, USB devices, network). It is the lowest level of the operating system.

Operating System – collection of kernel and software that make a computing device work. Most operating systems include drivers, text editor, file manager, and a method for installing & removing applications (known as a “Package Manager” in Linux).

Architecture – type of processor an operating system can run. 64-bit, 32-bit processors, Raspberry Pi and mobile devices are examples.

Live CD/Medium – the operating system can be run from a CD or USB drive without installing to a hard drive. This is useful in testing different operating systems or to aid in recovering an inaccessible system.

Dual-boot – in contrast to “live CD,” installation of one or more operating systems on the same computer. My experience: install Windows first, then Linux. The Linux boot-loader plays nice with Windows but not the other way around. Reinstalling Windows will also break the Linux boot-loader. It can be repaired but will stress your Google and command line-fu skills.

Distribution – similar to “Operating System” but often targeted for a specific purpose or category: servers, desktops, beginners, education, gaming, multimedia, security, utilities, telephony, etc.

Checksum or Hash – applies an algorithm to data. It is used to track errors introduced in transmitting data or storing data. Checksum programs are standard in Linux operating systems. A third-party program like HashTab or QuickHash GUI are needed to verify a checksum in Windows.

Desktop environment – how a user interacts with multiple applications at once. This is a matter of personal preference. Popular desktop environments are: Cinnamon, GNOME, KDE, MATE, and Xfce.

Popular Linux Distributions

DistroWatch has just short of 900 Linux distributions in their database. Over 300 are considered active (updated in the last 2 years). Only about a handful are useful to average users. For a complete guide see “A Guide to Choosing a Distribution.”

Linux Mint

Linux Mint – launched in 2006 to address many of the drawbacks associated with a more technical operating system such as Linux. Using the Ubuntu distribution as a base, many beginner enhancements were created for usability. I had read about security concerns with Mint and began to steer users away from it. However, DistroWatch published a “Myths and Misunderstandings” debunking many of those points. If you’re a noobie and want to dive into Linux as an alternative operating system, start with Mint.

Ubuntu – Launched a few years earlier in 2004, this project took off faster than any other distribution and was touted as the way to get average people to use Linux. Learning from the mistakes of other projects and taking a professional approach to its users made it a popular choice. Excellent web-based documentation and an easy to use bug reporting facility was created. Though frequent major changes and the Unity interface – more suited for mobile devices – have driven users away.

Elementary OS – This one is for Mac users. It emulates MacOS and puts a lot of focus into ascetics.

Debian – base for the above and 120 other Linux distributions. Debian is remarkably stable due to its high level of quality control. It has support for many software packages and processor types making it a great choice for older systems. Due to that level of processor support it lacks newer technologies.

In the 300 other active Linux distributions, specialized versions serve an intended purpose:

Windows Compatibility

Users who’ve switched to Linux or Linux users that need to run a Windows app might ask: can I run Windows applications on Linux? Yes, there are a couple ways to accomplish this.

Run a virtual machine program like VirtualBox. A virtual machine emulates hardware and the functionality of a physical computer. Similar to dual-booting it requires a full installation of the desired (guest) operating system. Emulation is resource intensive for the physical (host) operating system hardware. It doesn’t make much sense to have a multi-gigabyte Windows virtual install to run a small application.

WINE running Media Player Classic and SumatraPDF (Wikipedia)

This is where WINE comes into play. Wine stands for Wine Is Not an Emulator. It’s not a virtual machine but rather a compatibility layer to translate Windows system calls into Linux system calls. WINE takes a considerable amount of configuring but programs like PlayOnLinux and Winetricks make life much easier. Neither solution is perfect and won’t succeeded in cases of complex applications or ones requiring specialized hardware.

In terms of ham radio, Windows was the overwhelming platform of choice for Morse Code and digital mode applications because everyone was using it. Older Windows only applications (MMSSTV, DigiPan) are going to run well on that platform. The good news is programs like Fldigi and QSSTV are viable replacements on Linux and, in many cases, better than their dedicated Windows counterpart. In addition, the Ubuntu package manager has an entire category dedicated to Amateur Radio applications. If you’re someone whose fed up with the badness and frustrations of Windows 10, give Linux a try.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – March 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Mar-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

Windows 10: two years later. Last time I talked about Windows 10, Microsoft was giving the operating system away as a free upgrade. It represented a drastic shift in Microsoft’s business model. I’ll cover some of the decisions surrounding Windows 10 and my experiences with this new model of delivering and updating Windows. Beware, a lot of complaining lies ahead. You have been warned 🙂

Microsoft is transforming Windows 10 to “software as a service” (often written as SaaS) over previous versions. The software is licensed to the user. Microsoft takes full responsibility for maintaining, updating, and adding new features. Though this means users have little chance to stop major updates from applying and no chance to stop additional applications from being installed or removed. They are applying the phone model of updating to Windows 10 across all platforms. Microsoft wants to handle all updates and wants apps to be downloaded from the Microsoft Store (like the Google Play Store or Apple App Store).

In principal, this seems like a good idea because users don’t have to do anything. They will always be updated with the latest and greatest operating system and apps. This model fits almost no users of Windows 10. Average users get frustrated with having to apply updates weekly. According to Paul Thurrott, journalist and blogger who follows Microsoft, he stated that ‘65% of Microsoft’s revenue comes from enterprise users who don’t want to update but every 5-10 years. Instead of adapting to that service model, they force users to conform to [Microsoft’s] business model.’

This shift includes realizing that most Windows users think: when I buy a new computer, I get Windows. These are not power-users like me.

For Windows to be available on every type of device (PC, tablet, mobile, Xbox, IoT, Hololens) Microsoft created this platform for developers called UWP. Universal Windows Platform apps are meant to be designed once, put in the Microsoft Store, and run on all device types. Ultimate goal was to replace all desktop apps with a UWP app. The Microsoft Store would take care of installing the latest version when updates were available. When tied to a Microsoft Account, apps would be installed on any devices signed in using that account. No one is using this platform. Microsoft created apps in UWP for Windows 10 but they’re proof-of-concept apps at best, toy apps at worst. The Photos app is unusable. If they wanted developers to be drawn to this platform, Microsoft should have created some really awesome looking and functioning apps to show off the abilities of UWP. Instead they created apps that no one wants to use largely because the platform is not mature.

Windows Media Center

Microsoft does come up with really good ideas. Then they get rid of them. In the XP days, who wasn’t using Windows Movie Maker? It made some really good-looking edited videos like home movies, class projects, or to promote a brand on a website. Gone. Windows Media Center was loved by many because it turned an ordinary PC into a media powerhouse with the ability to record TV programs, watch DVDs, play music, show photos, and stream movies from Netflix. Gone. Paint was on the chopping block for the Fall Creators update. It got so much push back from diehards they decided to keep it and added a 3D ribbon so that it can do 3D modeling. Eh.

I think Windows 7 is the best version of Windows despite the severe lack of hardware and driver support. For example, SSDs (solid-state-device, aka non-spinning hard drive) needed deep internal settings need to be adjusted in Windows 7 so it would not wear out the SSD faster than expected. Windows 10 knows what to do with an SSD out-of-the-box, even in a RAID configuration.

I love that Windows 10 is stable. Running it on fairly modern hardware, it just works. My main machine runs 10 and was installed from scratch at the end of May 2016. This is unheard of for me. Every couple of months I was restoring a backup of Windows 7, likely due to a failed driver update. In the two years since installation I went through a motherboard failure. When it died, I built a new system. I did a drive-to-drive copy of my Windows installation and data onto new hard drives. Previous versions of Windows never handled drastic hardware changes very well. It would get stuck in the startup process and reboot over and over again. Windows 10 detected my new hardware, installed some drivers, after maybe a reboot or two I was up and (still am) running on that initial install.

That’s where my love for Windows 10 ends.

I don’t like the two-control panel-like settings areas called “Control Panel” and “Settings.” It’s too scattered, if you can find the setting at all. I swear there are changes just to make changes. In one update an option is over here, the next update it is someplace else. This constant changing makes finding solutions online a real bear. Settings, and in particular privacy settings, are often defaulted when a major update is applied.

I hate the forced upgrades and reboots. Users complain, and Microsoft admits, they were forced into Windows upgrades when the user specified to delay the update. There were complaints of updates rebooting during ‘active hours’ and the solution was to modify the Windows Registry. The Registry stores low-level settings of the operating system and installed applications. Making an error editing the registry can cause irreversible damage. “Active hours” is another dumb idea. ‘Hey tell us when you think you’re going to be using your PC and we won’t apply updates.’ Except that didn’t happen. Windows 10 would reboot causing many hours of lost productivity. Have a task or job running overnight? It’s not more important than a Windows update! Granted many of these issues come and go but they are major annoyances. They leave users feeling like they don’t have control because a decision they made was not honored.

Microsoft is thinking like a developer. Developers will tell you “this is progress.” This happens a lot. It’s a real problem. Progress is not removing options for users. Their idea of progress may not align with the majority of users either. Paul Thurrott believes that Microsoft is intentionally making Windows 10 bad. “I actually think they’re doing this on purpose to sabotage this business from within … so they can move on to the thing they want to do which is cloud computing … It’s almost that bad.” (What The Tech, ep 363).

Classic Shell

I’m really getting tired of replacing bad implementations with functional addons. To my chagrin, Classic Shell is no longer in development which was my preferred Start Menu replacement. These reasons should sound familiar: “Windows 10 is being updated way too frequently (twice a year) and each new version changes something that breaks Classic Shell. And … Each new version of Windows moves further away from the classic Win32 programming model, which allowed room for a lot of tinkering. The new ways things are done make it very difficult to achieve the same customizations.” Luckily the source code was released making it easy for someone or a group to pick up where that project left off. Check alternativeTo other Start Menu replacement options.

I would love to move my Windows 10 desktop to Linux. There are apps that don’t run well in a virtual machine or hardware apps that can’t run under a compatibility layer like Wine. Windows it is for now. I have moved my laptops over to Linux and have been loving it. Linux has its own issues but if one distribution doesn’t work, try another. I do have Windows virtual machines installed for software defined radio apps and Office mostly. My preferred Linux distro is Fedora because it had the least amount of problems running specialized apps in a VM. It’s not for the faint of heart either as it’s considered a ‘bleeding edge’ operating system. Problems often make to the stable update channel but seem to be fixed relatively quickly.

This is the dividing line. Are you willing to change or is this too much?

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – January 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Jan-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

So nothing really tech news related happened this month. Eh, not so much. The New Year brought two major flaws in nearly every modern microprocessor: Meltdown and Spectre.

In the past, major security issues were able to be corrected through software or firmware updates. This is because almost everything is now run by small amounts of software and can be easily updated. Design issues are harder to fix because the problem is fundamental to the design of a device.

Description from Meltdownattack.com:

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

Meltdown affects nearly all Intel microprocessors manufactured since 1995. In modern computing, an operating system “kernel” handles all interactions between applications (web browser, word processing, spreadsheets) and hardware (CPU, memory, network, USB devices). By its nature, the kernel must know everything about system interactions.

CPUs have different operating modes. Two modes apply to Meltdown: unprotected (called kernel mode) and user mode. Kernel mode has access to everything while instructions executed in user mode should not have access to the same memory as the kernel.

Meltdown is the demonstration of an unauthorized user mode process accessing kernel mode memory. This means a user process can access information to which it doesn’t have permission. Think of systems that share data among many users like an online cloud service. Isolation techniques are one of the major selling points of the cloud. Multiple users can be using the same physical hardware and not impact or know anything about other users also using the same hardware. A malicious process could use meltdown to access the data of other people’s applications running on the same device.

Spectre affects nearly all microprocessor implementations of speculations and predictions. In an effort to make systems run faster, a huge amount of speculative processing is engineered into processors. Speculation is the processors answer to the question: what is most likely to happen with this instruction set? Being able to “guess” the right answer provides a massive performance boost and we all want fast systems. To explain one part of this vulnerability, consider two math equations are given to a microprocessor:

a + b = c
d + e = f

The processor will recognize calculation of the second equation does not depend on anything from the first equation. This means the processor will execute these equations simultaneously until it reaches a common dependency. That dependency would be something like:

a + b = c
(d + e) * c = g

The answer c is used as an input into the computation of the second equation. Running this set through the processor would be slower because they couldn’t be calculated simultaneously. An input into the second equation is dependent on the answer to the first.

Using the same equations, let’s assume for everyone in the Ohio section, the answer to c = 5. A programmer could write an instruction set following that calculation to say: if c = 5 then take fork #1, otherwise take fork #2. How do humans know which fork to take? Calculate the value of c. However, processors try to use “speculative execution” to perform the work of both forks before it knows the answer to c.

Let’s add super-secret data to fork #1: “the Ohio Section IS the best section.” We don’t want fork #2 to know anything about that data because it might be someone from another section trying to break-in. A processor would execute both fork instruction sets speculating on the outcome. This speculation could allow someone from another section to see our secret in fork #1 when they should only see something else in fork #2. Consider a malicious smartphone application taking advantage of this to access text messages, instant messages, mobile baking data, or critical documents.

The lengthy process of dealing with these issues has begun. The only way to truly “fix” these problems is to design new CPUs architectures and replace existing ones. Yeah, sure. Remember, these issues are fundamental to processor design. If these flaws are ever corrected, it will be over a period of time – not tomorrow, next week, or even next year. In the meantime, operating systems are implementing methods to prevent attacks.

In the rush to get these fixes out, as one might expect, more problems are being caused. Microsoft has reported issues with anti-virus applications not playing nice and claiming AMD’s documentation was incomplete. Ubuntu 16.04 users had issues forcing them to roll back the kernel. In addition to all this, processor performance is impacted. Testing done on operating system patches shows slowdowns of 2% – 30%.A forum post on Epic Games included the above graph showing CPU usage of 3 cloud servers. After their cloud provider patched one server at about 23:00, CPU utilization of that server increased nearly 2.5x over the other two. Though the CPU wasn’t maxed out, it was enough to cause service disruption. Gamers really don’t like it when their services don’t work.

For most users, stay current with system patches and updates. In particular, Microsoft is requiring anti-virus programs to set a registry key before Windows will apply system updates. As of this writing, if you do not run, have an out-of-date, or have a non-compliant anti-virus application, your system will NOT receive any future Windows updates including the patches for Meltdown and Spectre. Current versions of Windows can run the free Windows Security Essentials available for Windows 7 or Windows Defender is included in Windows 8, 8,1, and 10.

Bruce Schneier, a well-known cryptographer and security researcher states: “… more are coming, and they’ll be worse. 2018 will be the year of microprocessor vulnerabilities, and it’s going to be a wild ride.” Link to his blog post.

More information:

https://meltdownattack.com/ – research papers, technical information, FAQ, videos in action, and info from companies affected.

https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)
https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – October 2017 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/OSJ-October-17.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

October is National Cyber Security Awareness Month. I either made your eyes roll because security can be complicated or piqued your interest because of the TWO Equifax breaches. I can certainly get into the weeds with data and cybersecurity because it’s an interest of mine – as a user and programmer. Realizing that most readers won’t have a background in programming or system administration, I’ll set aside the technical details. I’ll briefly cover some cybersecurity issues and give tips anyone reading this article can use.

The whole concept of computing is built on trust. The list of things we trust is infinitely long: trust programmers of the operating system and program developers are following good practices. Trust the company stands behind their product, fixing problems and issues. Trust “Information Security Officers” of a company actually have a background in information security. Trust audits are taking place to uncover problems. Trust customer data is being stored in accordance with good security practices. Trust the website you’re browsing to is really CompanyWebsite.com. Trust “[insert name of company here] Free Wi-Fi” is really that company’s free Wi-Fi. Trust that devices in your home aren’t spying on you. You start to get the idea.

Security is a tradeoff between safety and convenience. Computing could be made very secure but those systems would be completely unusable due to the layers of security. There is no such thing as a “completely secure” system or device – it just means the mistakes, problems, and bugs haven’t been found yet. “Shellshock” is considered to be a very severe security bug. Disclosure came in September of 2014. This bug affected millions of servers connected to the internet. It was determined the bug, in some form, had existed in the UNIX (and Linux) command-line interface since 1989.
Humans program computers. Humans use computers. Humans make mistakes.

Hackers leverage these mistakes and use them to their advantage, often to gain unauthorized access. The word “hacker” has two meanings. “White-hat hackers” are the ones who experiment with and modify devices and software to make it work better. Hams are examples of these because we take commercial gear and make repeaters or use off-the-shelf routers for things like Mesh networking. “Black-hat hackers” are the bad guys and the ones we hear about on the news stealing credit card data from Target and personal data from Equifax. These are the ones I will be referring to.

Hollywood gives us the perception that hackers are in some 3rd-world country or in a dark basement, no lights, and only the glow of their computer screens. Hackers come from all parts of the world and sometimes are acting on a government’s behalf. In fact, legitimate companies exist solely to sell their black-hat hacking tools. They have buildings, employees, call centers, and help desks – as does any legitimate company.

What’s the motivation behind hacking?

Money. It’s hard not to tie everything back to money. The first reference to malicious hacking was “phreaking” (pronounced freaking. AKA: phone hacking) where one of the goals was to manipulate the public phone system and use it to make long-distance calls when it was very expensive to call around the world. More recent financial examples include everything from disrupting nation-states (economic), blackmail, and ransom payments for access to data. Ransomware encrypts all documents and pictures. It demands payment before it will (hopefully) decrypt your files allowing you to use those files again. Ransomware utilizes the same technology, strong encryption, which you use to securely transact with your bank online.

My social media, computer, or online account has no value [to me] / I only check email / I don’t store anything on my computer / why would anyone want access to my email or computer?

I hear these alot. Many of us don’t realize all the things a bad guy can do with computer access or an email account. Brian Krebs is a blogger who covers computing security and cybercrime on his website Krebs on Security. He is known for infiltrating underground cybercrime rings and writes about his experiences. His site is highly recommended reading for anyone with an interest in cybersecurity.

Brian posted two articles titled “The Value of a Hacked Email Account” and “The Scrap Value of a Hacked PC…” When signing up for any online service, an email address is almost always required. In 2013, according to Brian’s article, hackers who have access to email accounts can subsequently gain access to other services such as iTunes and sell that access for $8 each. FedEx, Continental, United accounts go for $6. Groupon, $5. Hosting and service accounts like GoDaddy, AT&T, Sprint, Verizon Wireless, and T-Mobile, $4 apiece. Facebook and Twitter accounts were $2.50/ea.

Aside from the monetary value, bad guys have access to family pictures, work documents, chat history, can change billing and deposit addresses on banking accounts, drain financials like 401K, bank or stock accounts, and target other individuals like family members. In 2012, a hacker went after Wired journalist Mat Honan locking him out of his digital life. The attacker used flaws in Amazon and Apple’s services, which helped them gain access to Mat’s Gmail and ultimately his Twitter account.

Access to a personal computer can be gained through a number of schemes including: fake ‘you have an out-of-date plugin/flash version’ on a webpage, receive an email about a past due invoice, notification of a problem with some shipment, or by innocently installing a program thought to be legitimate. A recent example of a compromised program was the widely popular PC maintenance program, CCleaner. Untold millions of people unknowingly downloaded a malicious version of the program from the vendor’s site.

A hacked PC can be used for: generating email spam, harvesting other accounts (see above), gain access to a work network, steal online game keys and characters, be part of a Denial of Service attack, infect other devices on the network (like DVRs), create fake eBay auctions, host child porn, capture images from web-cams or network cameras and use them for extortion purposes.

What can I do to protect myself?

Unfortunately in situations of compromise like Target and Equifax, there was nothing you could do – other than not use a credit card at Target or not apply for any kind of credit reported to Equifax. Unlikely for many. You can only react after-the-fact by closing accounts with fraudulent charges and place credit warnings or freezes on your credit.

The SANS Institute, which specializes in information security and cybersecurity training, offers a “monthly security awareness newsletter for everyone” called “Ouch!” Their October 2017 newsletter outlines five steps to help anyone overcome fears and securely use today’s technology. Check the newsletter for more information on these points.

  1. Social Engineering: is an old technique which creates a sense of urgency to tick people into giving up information they shouldn’t: someone needs money quickly, boss needs a password, the IRS is filing suit against you, Microsoft Tech Support calls you about a “virus” on your computer, etc. Never give a password, any personal information, or remote access to any solicitor.
  2. Passwords: Create unique, strong passwords for all online devices and online accounts. Use a password manager which will assist in creating strong passwords. LastPass utilizes a web interface and cloud storage, KeePass is an application and stores the database locally on your computer. Both are excellent solutions for a password manager.
    If you’re uncomfortable with a password manager, use pass-phrases which are passwords made up of multiple words. Passphrases can be written down, but store these in a secure location. Use two-step verification, often called two-factor authentication. Two-factor authentication (2FA) is a combination of something you know (your password) and something you have (a smartphone). A list of services offering 2FA with instructions can be found at: twofactorauth.org. Note: text messages are NOT a secure two-factor method because the cellphone network is not secure and attackers have been able to re-route text messages.
  3. Patches: Put all devices connected to the Internet behind a firewall (router) and keep all systems connected to the internet up-to-date. This includes home routers, computers, smartphones, tablets, streaming media devices, thermometers, Raspberry PIs, lights, automation systems, speakers, and video cameras. If devices are not being updated by the vendor, potentially dangerous mistakes are not being fixed. It’s time to consider better devices.
  4. Anti-virus: can protect you when you accidentally click on the thing you shouldn’t have and infected your system. It won’t protect against every form of infection. Windows Defender, available for all current Windows operating systems, is sufficient.
  5. Backups: I cannot stress this enough, backup, backup, backup! Many times I’m asked something similar to: ‘how can I recover my daughter’s wedding pictures from my computer’s crashed drive?’ Maybe you can, but often not. ‘I lost my phone, didn’t have cloud backup enabled, and had vacation pictures on there.’ Yea, they’re really gone. Backups serve as a way to recover from your own mistakes like accidentally deleted files and ransomware cyberattacks. A “3-2-1 backup strategy” includes 3 copies of your data, 2 on different media, 1 off-site. For most of us, this means: the original data is the 1st copy, an external hard drive (disconnected when not copying data) or network storage drive houses the 2nd copy, and a copy on a USB flash drive stored at work or backed up using a cloud backup solution – is the off-site 3rd copy.

A layered approach to security is considered best practice. As an example, creating strong passwords AND using two-factor authentication. The more layers the better, but more layers means less convenience. Brian Krebs also offers his “Tools for a Safer PC” which includes switching to OpenDNS in your home router. DNS is the service that turns human-readable URLs into IP address. OpenDNS blocks communication with known malware sites.

Hopefully this information has grabbed your attention and guided you to take steps to become safer online. Thanks for reading and 73… de Jeff – K8JTK

Imgs: Krebs on Security, Ars Technica.