Category Archives: Computing

Computing, networking, and the like. Non-Ham Radio related.

Ohio Section Journal – The Technical Coordinator – June 2019 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. cAUZRdnMNrU?start=2051Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at:

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

As the Technical Coordinator for the Ohio Section, I’m responsible for the Technical Specialists. The Specialists and I are here to promote technical advances and experimentation in the hobby. We encourage amateurs in the section to share their technical achievements with others in QST, at club meetings, in club newsletters, hamfests, and conventions. We’re available to assist program committees in finding or providing suitable programs for local club meetings, ARRL hamfests, and conventions in the section. When called upon, serve as advisors in issues of RFI and work with ARRL officials and appointees for technical advice.

The Technical Specialists really make all this happen. In the Ohio Section, there are about 15 qualified and competent Specialists willing to help. They meet the obligation of advancing the radio art bestowed to us by the FCC. The TSes support the Section in two main areas of responsibility: Radio Frequency Interference and technical information. RFI can include harmful interference that seriously degrades, obstructs, or repeatedly interrupts a radiocommunication service. Ranging from bad insulators on telephone poles to grow lights and poorly made transformers, they can help with RFI direction finding or assist in locating bozo stations. Technical information is everything else from building antennas, repeaters and controllers, digital, computers, networking, and embedded devices.

How can we help? The knowledge and abilities of your Technical Specialists are quite impressive. Here are some examples of the knowledge the Technical Specialists provide:

  • Documentation and training
  • VHF/UHF portable operation
  • Antennas (fixed, portable, and mobile)
  • Batteries and emergency power
  • Experts in RFI from powerline and consumer devices
  • VHF/UHF/SHF contesting
  • Experts in test equipment
  • Automotive electronic compatibility (EMC) and interference (EMI)
  • Repeaters
  • Digital modes (D-STAR, DMR, Fusion, P25, APRS & IGates. HF: MT63, FT8/4, Olivia, PSK).
  • Computers and networking (VoIP – AllStar link, software engineering, embedded systems – Raspberry Pi, Arduino)
  • Society of Broadcast Engineers (SBE) members knowledgeable in interference problems

This impressive list of qualifications is available to all in the Ohio Section. Looking for help in one of these areas? Need a program for your club? How about a technical talk or forum at your hamfest? Feel free to contact myself. My contact info is near my picture and on the arrl-ohio.org website. I’ll assist getting you in touch with an appropriate Technical Specialist. One of the Specialists might hear a plea for help and reach out to you as well.

Where have all the maps gone?

A lot of ham radio is about location and maps – APRS, repeater locations, grid square, propagation, beacons, satellite, or spotting maps. You may have noticed, starting last year, the quality of maps has degraded or looked different on your favorite website or on your favorite app. You’re not going crazy. It’s because many of those who developed their map around Google Maps API were forced to make some changes and decisions.

Ohio map – Google Maps

If you’re not a programmer, an API stands for Application Programming Interface. APIs are a set of defined tools or commands that can be called allowing for easy communication between different components or systems. If an API is available, they are (supposed to be) well documented and available for anyone to use.

Since the Google Maps service existed, it could be used for free. There were usage limits but they were artificially high enough were most implementations we not going to hit 25,000 requests/day. If requests exceeded the daily limit, the owner was charged $0.50/additional 1,000 requests up to 100,000 in a 24-hour period. If that maximum was reached per day, it was likely a heavy traffic website and commercial in nature where overages could be supplemented.

Last year, Google reduced the number of free requests to 28,000/month, which is the $200 “credit” referred to in their pricing plan. Additionally, it was required of the developer to register for an API key. That key MUST be linked to a credit card even if usage didn’t come anywhere near the free credit. Overages are automatically charged to the linked credit card and amount to $7.00 per 1,000 additional requests.

Ohio map – Open Street Map

It still sounds like a lot of requests per month, but not when I think about sites I have running in the shack. I can easily refresh sites 10 times while I’m operating. If 2,800 other hams did the same thing, all of a sudden, they’ve blown through their free credit. This put many free and non-profit developers between a rock and a hard place. Start shelling out for hefty overage fees for access to Google Maps – which was arguably very good, move to an alternative, or close shop. Commercial sites, which sell products and services or rely on ad revenue, have stayed with Google Maps because they can offset that cost with subscriptions or ads. Free, non-profit, and programmers doing it for fun have moved to a free and open license alternative called OpenStreetMap. I came across one website that said, “I’m done” citing the price hike and closed their site.

These microservices are provided free (as in beer). They end up not being able to monetize the service so they drastically change it or its pricing. This is happening quite often in tech and will continue as we rely more and more on other services.

100 Points at Field Day!

The next big ham holiday, Field Day, is right around the corner! Get out and join your club or find a club to join if you’re not a member of one. It’s a great time to bring friends or hams that have been out of the hobby excited about ham radio. Hams that come out get bitten by the bug to expand their station or learn a new mode. Check the Field Day Locator for operations taking place near you.

Sending 10 messages over RF from your site gets you 100 points – including Winlink messages. I love to receive messages about your setup, stations, operating, or social activities taking place. These can be sent via the National Traffic System (NTS) or Winlink – K8JTK at Winlink.org – to my station. I haven’t seen the usual post on the Winlink site of other stations willing to receive messages from Field Day stations as in the past.

With July around the corner, if you’re looking to do something while flipping burgers at your 4th of July picnic, my favorite event 13 Colonies Special Event will be on the air July 1 – 7.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – December 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at:

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

Hi. My name is Jeffrey and I am a Windows user. Yes, I migrated my laptop a couple years ago from Windows 10 to Fedora Linux and six months ago did the same for my main desktop. Windows applications are better. THERE I SAID IT. I can hear the hate mail rolling in. Anyway, I’ve encouraged readers to check out Linux as a Windows alternative. These are my experiences moving to a (mostly) Linux world over the last 6 months.

My goal was to move to Linux as my daily operating system. That is done. In that transition, find Linux programs equivalent to the Windows applications I was using. Anything I couldn’t find suitable replacements would be run in a Windows virtual environment.

In previous articles, I’ve written about the disaster that has become Windows 10 and my desire to find a less restrictive and obtrusive operating system. I settled on Fedora Linux because the virtualization worked better in my experience over Ubuntu. Moving my main desktop away from Windows was the last hurtle. This PC serves the duties of: audio & video recording (DVR mostly), ripping, editing and playing, graphics editing, web site editing, file storage and backup, virtual environment, web surfing, ham radio programming, and experimentation station. That pretty much covers it. You could throw in gaming about 10 years ago – who has the time? Also, the occasional document (image) scanning. This will become important later.

In my experience, what does work?

  • Linux works. I have not had any issues getting Fedora to work on stock laptops or my custom-built desktop machine. With few drivers to install, all hardware works including USB 3.0. Most of the pre-installed programs (graphics viewer, LibreOffice, music & video player) are very usable programs.
  • Package manager. This keeps the operating system and programs updated when approved by maintainers of the distribution. When I can, programs are installed through the package manager and I’ve accepted all updates when made available. I may have had a Kernel issue once or twice but simply selected a previous version at boot time.
  • Customization. I spent some time trying out different desktop environments because I cannot stand tablet-style interfaces in desktop environments on non-touch screen devices. Gnome, I’m
    Oh My Zsh customized terminal

    talking about you! Cinnamon is probably the closest to a Windows desktop-like feel with start menu, taskbar, and system tray. This is the one I choose. Customization tools import and apply different theme options. I replaced the bash shell with Oh My Zsh. Came for the themes. Stayed for the awesome autocomplete.

  • Virtualization works very well with VirtualBox. I’m looking at getting virt, virt-manager, and KVM working in the future.
  • Cross-platform apps. I’ve had good experience with applications that have a strong user base and are ported to different platforms. These apps would include VLC (formally VideoLAN), HandBrake, Thunderbird, Firefox, VirtualBox, and VeraCrypt. This is likely because development efforts contributed to the project benefit all platforms.
  • Web apps. Many services today are moving away from software installed on a PC to web based services. Having a modern web browser is all that is needed to interact with these services.

Where have I run into issues?
(Lack of) Popularity, including vendor support. This covers 75% of my issues. According to StatCounter Global Statistics, looking over the last two years at desktop and laptop platforms used to browse the web, Linux hasn’t passed the 2% mark and is currently holding steady at about 0.8% in the U.S. In comparison, OS X is at about 20% and Windows about 75%. Servers typically don’t browse the web so these numbers represent users running Linux to do a common computing activity, like browsing the web. When there are financial decisions to be made on developing an app or service, you’re going to go where the customers are. Linux hasn’t gained any significant market share when compared to that disaster operating system or the hardware priced out of the budget of average users (Windows & Mac).

Fedora Cinnamon spin

Vendors are simply not focusing a lot of their resources on a small segment of users when others like Windows eclipse that 2%. I’ve run into a couple examples. First being the drivers for the NVidia graphics card in my desktop. The process of getting this driver installed is a fairly complicated process. It’s dependent on system BIOS and involves editing Kernel boot options – not something average computer users are comfortable doing. If you’re lucky, you’ll magically end up with an NVidia driver that works with the installed Linux Kernel. The open-sourced driver, Nouveau, generally works for me but I notice flickering on some screens like ones with dark gray backgrounds. Nouveau has crashed a couple times when I had a bunch of applications running at once. A sinking feeling knowing how many applications I had open and not knowing when I last clicked save is not my idea of a good time.

I installed the Epson Linux image scanning driver for my flatbed scanner. The app very closely resembled the Windows application which made it familiar to use. However, though the manual indicates I should have been able to scan multiple pages and save them as a single PDF file, I did not have this option. I tried the native Fedora app, Simple Scan. It was way too simple. Automatically scanning the next page of a multi-page document after a selectable 3-15 second interval didn’t make any sense to me. Others I tried created ginormous sized PDF documents, 50MB file vs 3MB using the Epson Windows app. There is no reason to have files that large and some email systems have attachment limits of about 25MB.

In August, Dropbox announced they were dropping support for almost all Linux file systems. Many users were upset. Speculation was Dropbox had to support a wide variety of Linux distributions, file systems, desktop environments, and Kernels where they didn’t see any return on this investment. Companies often take a chance hoping users purchase paid subscriptions to support further developments in these areas. Linux users weren’t subscribing to sustain further development and support, so it was dropped. Most Linux users like free stuff because, well, the operating system itself is free.

I would say the remaining 25% of my issues are round quality of applications. While there are video ripping, editing, and authoring tools available, they don’t hold up to the Windows tools I’m using. Most users are on Windows so that’s where companies devote their time. Application authors who set out to make equally good tools in Linux may run into problems or lack of interest either in terms of downloads, support from the community, or through life, job, or family changes. Handbrake and VLC work as well in Linux as Windows. Video stream repair and splitting, DVD and Blu-Ray authoring, DVR, and audio ripping – not so much. Still using Windows applications. Not saying all Linux tools are bad because there some really powerful ones.

My desktop was the big obstacle to accomplishing my goal of getting Linux as my daily operating system. 99% of the time that system is running Fedora. I do have a number of virtual Windows machines for things like MS Office, radio programming, SDR programs, and my cord-cutter service – which says it will work in Chrome, but its only Chrome running on Windows. For applications and hardware interactions that didn’t work well in a virtual environment, I resized my original Windows partition down to about 30 GB and boot into Windows only when I need it. My shack PC is going to stay on Windows 7 because some of my ham activity is tied to programs only available on Windows.

These have been my experiences in moving away from the Windows disaster into an alternative desktop & laptop platform – Fedora Linux. These might motivate you to try Linux or some other Windows alternative. It will be like learning something new for most people. I had ideas of what the experience would look like and challenges having supported and programmed in Linux environments for the better part of a decade. The Mac platform has really become popular with great applications and great support from Apple. If you’re not willing to drop a significant amount of money on their devices, consider looking at Linux as an alternative.

Late breaking for FT8 users: if you operate either the very popular FT8 or MSK144 digital modes, please update your version of WSJT-X to 2.0 by January 1, 2019. These protocols have been enhanced in a way that is not compatible with previous versions of WSJT-X. After that date, only the new version of those modes should be used on the air.

Thanks for reading. Happy holidays, Merry Christmas, and Happy New Year!

73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – August 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Aug-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

One ham in our section was having WiFi issues on his back deck. Inside was no problem. Outside the house, the WiFi signal was zero. The service provider was contacted and a technician was sent. On site, the technician tested the line and indoor modem/gateway unit, which is also his WiFi access point. All tested fine.

What does this have to do with ham radio? Nothing. Until the technician said the cause of his WiFi problem was his 160-10m dipole in the back yard. It was very suspicious to the tech and is the cause of his WiFi issues ‘according to their training.’ It got better. Because the tech didn’t have anything like this “suspicious” antenna and had WiFi in his own backyard, this must be the problem of course! This is where I was contacted to consult on the issue.

More likely they are trained that WiFi interference is caused by other sources of RF. This is true. They’re probably trained to spot other nearby transmitting services like police, fire, cell towers, or any building with antennas. Other transmitting equipment will raise the noise floor and may cause interference. The ham didn’t seem to be in the vicinity of other services and this issue was occurring even while he was not transmitting. The suspicious antenna argument was, of course, unfounded.

If you are in the same situation, here are some tips to help determine and solve WiFi problems. Two causes of coverage issues are signal strength or interference. A signal strength problem is most often the culprit where the access point reaches the device but the device doesn’t have the signal strength to communicate back to the access point. Causes could be distance to the access point or some building material is blocking the signal like metal siding or rebar.

ASUS RT-AC5300

Most obvious solution to resolve signal strength issues is move the access point closer to where you want coverage. If the living room and an office needs the best coverage, locate it in close proximity to those locations. This poses problems if the access point has to be located near a certain phone or cable drop in the house (like the basement) because it also doubles as the modem/gateway from the provider. Carrier issued devices with access points are only “OK” for coverage. Mostly because there are no external antennas. The reason access points have multiple external antennas is for diversity reception and something called “beamforming.” Some can detect where the device is located relative to the access point by doing its own version of direction finding. Using multiple antennas, it aims more signal at that device. As ridiculous as the AC5300 access point looks, this is an extreme example of a router capable of beamforming.

There are two bands for consumer WiFi in the United States: 2.4GHz and 5GHz. The device and access point must have both radios to utilize both bands. Typically cell phones and tablets made in the last 5 years are dual-band WiFi. Other portable devices like laptops probably have both but not always. The first Raspberry Pi WiFi module I purchased is 2.4 only. While 5GHz offers more channels and is typically ‘quieter,’ meaning not as many devices and access points, it does not equal coverage of 2.4GHz. 2.4 will have better comparable range.

Interference is another cause of WiFi issues. This could be from another WiFi access point or many access points in an overly saturated environment like an apartment. Since WiFi is low power, anything can easily jam it such as Bluetooth devices and microwaves. In the US, 2.4GHz access points are supposed to be on channel 1, 6, or 11. But nothing is stopping anyone from using adjacent channels. Using adjacent channels causes interference.

WiFi Analyzer (img: Play Store)

Using channel 4 will interfere with both 1 & 6 because of the bandwidth overlap. Interference is typically seen as a strong WiFi signal followed by a significant drop in signal. Things that can create broadband noise like a noisy power supply/transformer or noisy florescent ballast could be interfering near the access point or area you want to have signal.

Ideal thing to do is a “site survey” with a tool like NetSpot. It will create a signal strength heat map of your access point coverage around the house. There is a free version but it is limited. Another program that identifies the WiFi landscape (access points, devices nearby, channels used) is inSSIDer (free version is near the bottom of the page) available for PC and Mac. A similar program to inSSIDer is WiFi Analyzer for Android. These programs will give relative signal strengths but only at that moment. You could plot the signal strength readings to generate your own heat map.

To relocate a WiFi access point without moving the provided modem/gateway, first disable the WiFi in the carrier provided device. Then run an Ethernet cable to a point as close to the location where coverage is desired. Find any old router with WiFi. Configure the WiFi settings in that router, disable the internal DHCP service, then plug the older router into the Ethernet cable. Though any old WiFi router will work, there have been WiFi vulnerabilities discovered as recently as last month where bad-guys can gain access. Use devices with updated firmware.

Another option is try a WiFi range extender/booster or a look at a better access point. Extenders range from $20 to a couple hundred. They connect to your existing WiFi like any other device and re-broadcast the WiFi signal without any additional wiring. I’m a fan of ones that accept third-party firmware like Tomato or DD-WRT.

For the ham who contacted me, he decided to go with a range extender available from his carrier and placed it near the back deck. This is the best option as it would be fully supported and could get help setting it up if needed. Note there is a WiFi technical limitation with extenders that can cut transfer speeds. However, for web browsing and HD streaming, you won’t even notice any reduction.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – July 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Jul-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

Around the time of Dayton, the FBI asked everyone to reboot their routers. Why would they do that? Over the last two years more than 500,000 consumer and small business routers in 54 countries have become infected with a piece of malware called “VPNFilter.” This sophisticated malware is thought to be the work of a government and somewhat targeted with many of the infected routers located in Ukraine.

Src: Cisco’s Talos Intelligence Group Blog

Security researchers are still trying to determine what exactly VPNFilter was built to do. So far, it is known to eavesdrop on Internet traffic grabbing logon credentials and looking for specific types of traffic such as SCADA, a networking protocol controlling power plants, chemical plants, and industrial systems. Actively, it can “brick” the infected device. Bricking is a term to mean ‘render the device completely unusable’ and being as useful as a brick.

In addition to these threats, this malware can survive a reboot. Wait, didn’t the FBI ask all of us to reboot our routers? Won’t that clear the infection? No. In order for this malware to figure out what it needs to do, it reaches out to a command-and-control server. A command-and-control server issues commands to all infected devices, thus being “controlled.” C&C, as they are often abbreviated, allows the bad guys in control a lot of flexibility. It can allow infected devices to remain dormant for months or years. Then, the owner can issue commands to ‘wake-up’ the infected devices (called a botnet) and perform intended tasks. Tasks can range from attack a site, such as DynDNS which I wrote about in November of 2016, to steal logon credentials for users connected to the infected router. Back to the question, the FBI seized control of the C&C server. When an infected router is rebooted, it will try to reach out to the C&C server again but instead will be contacting a server owned by the FBI. This only gives the FBI a sense of how bad this infection is. Rebooting will not neutralize the infection.

Affected devices include various routers from Asus, D-Link, Huawei, Linksys, MikroTik, Netgear, TP-Link, Ubiquiti, Upvel, and ZTE, as well as QNAP network-attached storage (NAS) devices. There is no easy way to know if your router is infected. If yours is on that list, one can assume theirs is infected. As if that wasn’t bad enough, many manufactures don’t have firmware updates to fix the problem. The ones that have fixed the problem did so years ago. Since no one patches their routers, that’s why there’s half a million infected.
First thing to do is gather information about the make, model, and current firmware of your router. Then check for announcements from the manufacturer about affected firmware versions or preventative steps. The only known way to clear this infection is to disconnect it from the Internet, factory-reset the router, upgrade the firmware (if one is available), and reconfigure it for your network – or simply throw it away.

If those last couple words strike fear into your heart, there are a couple options:

  • See if your ISP has a device they will send or install for you. It can be reasonably assumed that devices provided or leased by the ISP will be updated by the ISP.
  • Find someone in your club that knows at least the basics of networking to help reconfigure things
  • Many newly purchased devices come with some sort of support to get you up and running

If you’re a little more advanced and want to learn more about networking:

  • EdgeRouter-X
    Use 3rd party firmware. Currently they are not showing signs of being vulnerable to VPNFilter or other infections. 3rd party firmware projects are often maintained by enthusiasts. They are updated LONG past when the manufacturer stops supporting their own products and updates often happen quickly. Some of those projects include: OpenWRT/LEDE, DD-WRT, or Fresh Tomato.
  • A Linux box could be setup with Linux packages to mimic router functionality or use a distribution such as pfSense or OPNsense.
  • Another great device to use is the Ubiquity EdgeRouter-X for $49.
  • Check the “Comparison of Firewalls” for other ideas.

That $5 hamfest deal isn’t sounding so great anymore. It’s the law of economics for these companies too. $10, $30, or $100 for a device isn’t going to sustain programmer’s time to find, fix, troubleshoot, test, and release firmware updates for a 7-year-old device. It’s a struggle. I think it will come down to spending more on better devices which will be upgraded longer or spend $50-$100 every 3-5 years to replace an OK one.

The Department of Commerce released a report on the threat of botnets and steps manufactures could take to reduce the number of automated attacks. It hits on a number of good points but lacks many details. “Awareness and education are needed.” Whose responsibility is it to educate? I can write articles in the OSJ but I’m not going to be able to visit everyone’s house and determine if your devices are infected. “Products should be secured during all stages of the lifecycle.” Automated updates could take care of this problem but doesn’t address what-ifs. What if the update fails or worse yet, bricks your “Smart” TV as an example? Who is going to fix or replace them? Will they be fixed if it’s out of warranty? Not to mention operating system “updates” are bundled with more privacy violations and ways to monetize users.

There’s a lot of work to be done. I wish I had the answers. Regardless, we all need to be good stewards of the Internet making sure ALL attached devices are updated and current.

More technical details on VPNFilter and citation for this article: https://www.schneier.com/blog/archives/2018/06/router_vulnerab.html
https://blog.talosintelligence.com/2018/05/VPNFilter.html

Finally this month, thank you to all the clubs and groups that sent messages to this station via WinLink or NTS over Field Day weekend. It was the most I’ve ever received, about 12 – 15 messages altogether.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – April 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Apr-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

In all the ragging (er, discussion?) on Windows 10 last month, Bill – K8RWH had some good points and questions about Linux that I decided to write a follow up this month. There is a lot to parse, especially different terminology. The most useful website for Linux information is called DistroWatch, short for Distribution Watch. Most of the information here will come from that site. Let’s get to it.

History

Linux came out of the Unix operating system implemented by Ken Thompson and Dennis Ritchie (both of AT&T Bell Laboratories) in 1969. “Linux began in 1991 with the commencement of a personal project by Finnish student Linus Torvalds to create a new free operating system kernel. Since then, the resulting Linux kernel has been marked by constant growth throughout its history. Since the initial release of its source code in 1991, it has grown from a small number of C (programming language) files under a license prohibiting commercial distribution to the 4.15 version in 2018 with more than 23.3 million lines of [code] … ” (Wikipedia).

Tux

I’d be remiss if I didn’t mention the official Linux mascot. “Torvalds announced in 1996 that there would be a mascot for Linux, a penguin. This was due to the fact when they were about to select the mascot, Torvalds mentioned he was bitten by a little penguin on a visit to the National Zoo & Aquarium in Canberra, Australia. Larry Ewing provided the original draft of today’s well known mascot based on this description. The name Tux was suggested by James Hughes as derivative of Torvalds’ UniX, along with being short for tuxedo, a type of suit with color similar to that of a penguin” (Wikipedia).

Crash course in Linux terminology

GNU/GPL – software licensing methodologies frequently used by Linux and Unix variants.

Open Source – anyone can see the building blocks of a project known as the source code. This is beneficial because anyone with skills can fix and improve upon an open source program.

Kernel – is the core to any operating system (not only Linux). It interacts with and controls the computer’s hardware (mouse, keyboard, monitor/graphics, hard drive, USB devices, network). It is the lowest level of the operating system.

Operating System – collection of kernel and software that make a computing device work. Most operating systems include drivers, text editor, file manager, and a method for installing & removing applications (known as a “Package Manager” in Linux).

Architecture – type of processor an operating system can run. 64-bit, 32-bit processors, Raspberry Pi and mobile devices are examples.

Live CD/Medium – the operating system can be run from a CD or USB drive without installing to a hard drive. This is useful in testing different operating systems or to aid in recovering an inaccessible system.

Dual-boot – in contrast to “live CD,” installation of one or more operating systems on the same computer. My experience: install Windows first, then Linux. The Linux boot-loader plays nice with Windows but not the other way around. Reinstalling Windows will also break the Linux boot-loader. It can be repaired but will stress your Google and command line-fu skills.

Distribution – similar to “Operating System” but often targeted for a specific purpose or category: servers, desktops, beginners, education, gaming, multimedia, security, utilities, telephony, etc.

Checksum or Hash – applies an algorithm to data. It is used to track errors introduced in transmitting data or storing data. Checksum programs are standard in Linux operating systems. A third-party program like HashTab or QuickHash GUI are needed to verify a checksum in Windows.

Desktop environment – how a user interacts with multiple applications at once. This is a matter of personal preference. Popular desktop environments are: Cinnamon, GNOME, KDE, MATE, and Xfce.

Popular Linux Distributions

DistroWatch has just short of 900 Linux distributions in their database. Over 300 are considered active (updated in the last 2 years). Only about a handful are useful to average users. For a complete guide see “A Guide to Choosing a Distribution.”

Linux Mint

Linux Mint – launched in 2006 to address many of the drawbacks associated with a more technical operating system such as Linux. Using the Ubuntu distribution as a base, many beginner enhancements were created for usability. I had read about security concerns with Mint and began to steer users away from it. However, DistroWatch published a “Myths and Misunderstandings” debunking many of those points. If you’re a noobie and want to dive into Linux as an alternative operating system, start with Mint.

Ubuntu – Launched a few years earlier in 2004, this project took off faster than any other distribution and was touted as the way to get average people to use Linux. Learning from the mistakes of other projects and taking a professional approach to its users made it a popular choice. Excellent web-based documentation and an easy to use bug reporting facility was created. Though frequent major changes and the Unity interface – more suited for mobile devices – have driven users away.

Elementary OS – This one is for Mac users. It emulates MacOS and puts a lot of focus into ascetics.

Debian – base for the above and 120 other Linux distributions. Debian is remarkably stable due to its high level of quality control. It has support for many software packages and processor types making it a great choice for older systems. Due to that level of processor support it lacks newer technologies.

In the 300 other active Linux distributions, specialized versions serve an intended purpose:

Windows Compatibility

Users who’ve switched to Linux or Linux users that need to run a Windows app might ask: can I run Windows applications on Linux? Yes, there are a couple ways to accomplish this.

Run a virtual machine program like VirtualBox. A virtual machine emulates hardware and the functionality of a physical computer. Similar to dual-booting it requires a full installation of the desired (guest) operating system. Emulation is resource intensive for the physical (host) operating system hardware. It doesn’t make much sense to have a multi-gigabyte Windows virtual install to run a small application.

WINE running Media Player Classic and SumatraPDF (Wikipedia)

This is where WINE comes into play. Wine stands for Wine Is Not an Emulator. It’s not a virtual machine but rather a compatibility layer to translate Windows system calls into Linux system calls. WINE takes a considerable amount of configuring but programs like PlayOnLinux and Winetricks make life much easier. Neither solution is perfect and won’t succeeded in cases of complex applications or ones requiring specialized hardware.

In terms of ham radio, Windows was the overwhelming platform of choice for Morse Code and digital mode applications because everyone was using it. Older Windows only applications (MMSSTV, DigiPan) are going to run well on that platform. The good news is programs like Fldigi and QSSTV are viable replacements on Linux and, in many cases, better than their dedicated Windows counterpart. In addition, the Ubuntu package manager has an entire category dedicated to Amateur Radio applications. If you’re someone whose fed up with the badness and frustrations of Windows 10, give Linux a try.

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – March 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Mar-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

Windows 10: two years later. Last time I talked about Windows 10, Microsoft was giving the operating system away as a free upgrade. It represented a drastic shift in Microsoft’s business model. I’ll cover some of the decisions surrounding Windows 10 and my experiences with this new model of delivering and updating Windows. Beware, a lot of complaining lies ahead. You have been warned 🙂

Microsoft is transforming Windows 10 to “software as a service” (often written as SaaS) over previous versions. The software is licensed to the user. Microsoft takes full responsibility for maintaining, updating, and adding new features. Though this means users have little chance to stop major updates from applying and no chance to stop additional applications from being installed or removed. They are applying the phone model of updating to Windows 10 across all platforms. Microsoft wants to handle all updates and wants apps to be downloaded from the Microsoft Store (like the Google Play Store or Apple App Store).

In principal, this seems like a good idea because users don’t have to do anything. They will always be updated with the latest and greatest operating system and apps. This model fits almost no users of Windows 10. Average users get frustrated with having to apply updates weekly. According to Paul Thurrott, journalist and blogger who follows Microsoft, he stated that ‘65% of Microsoft’s revenue comes from enterprise users who don’t want to update but every 5-10 years. Instead of adapting to that service model, they force users to conform to [Microsoft’s] business model.’

This shift includes realizing that most Windows users think: when I buy a new computer, I get Windows. These are not power-users like me.

For Windows to be available on every type of device (PC, tablet, mobile, Xbox, IoT, Hololens) Microsoft created this platform for developers called UWP. Universal Windows Platform apps are meant to be designed once, put in the Microsoft Store, and run on all device types. Ultimate goal was to replace all desktop apps with a UWP app. The Microsoft Store would take care of installing the latest version when updates were available. When tied to a Microsoft Account, apps would be installed on any devices signed in using that account. No one is using this platform. Microsoft created apps in UWP for Windows 10 but they’re proof-of-concept apps at best, toy apps at worst. The Photos app is unusable. If they wanted developers to be drawn to this platform, Microsoft should have created some really awesome looking and functioning apps to show off the abilities of UWP. Instead they created apps that no one wants to use largely because the platform is not mature.

Windows Media Center

Microsoft does come up with really good ideas. Then they get rid of them. In the XP days, who wasn’t using Windows Movie Maker? It made some really good-looking edited videos like home movies, class projects, or to promote a brand on a website. Gone. Windows Media Center was loved by many because it turned an ordinary PC into a media powerhouse with the ability to record TV programs, watch DVDs, play music, show photos, and stream movies from Netflix. Gone. Paint was on the chopping block for the Fall Creators update. It got so much push back from diehards they decided to keep it and added a 3D ribbon so that it can do 3D modeling. Eh.

I think Windows 7 is the best version of Windows despite the severe lack of hardware and driver support. For example, SSDs (solid-state-device, aka non-spinning hard drive) needed deep internal settings need to be adjusted in Windows 7 so it would not wear out the SSD faster than expected. Windows 10 knows what to do with an SSD out-of-the-box, even in a RAID configuration.

I love that Windows 10 is stable. Running it on fairly modern hardware, it just works. My main machine runs 10 and was installed from scratch at the end of May 2016. This is unheard of for me. Every couple of months I was restoring a backup of Windows 7, likely due to a failed driver update. In the two years since installation I went through a motherboard failure. When it died, I built a new system. I did a drive-to-drive copy of my Windows installation and data onto new hard drives. Previous versions of Windows never handled drastic hardware changes very well. It would get stuck in the startup process and reboot over and over again. Windows 10 detected my new hardware, installed some drivers, after maybe a reboot or two I was up and (still am) running on that initial install.

That’s where my love for Windows 10 ends.

I don’t like the two-control panel-like settings areas called “Control Panel” and “Settings.” It’s too scattered, if you can find the setting at all. I swear there are changes just to make changes. In one update an option is over here, the next update it is someplace else. This constant changing makes finding solutions online a real bear. Settings, and in particular privacy settings, are often defaulted when a major update is applied.

I hate the forced upgrades and reboots. Users complain, and Microsoft admits, they were forced into Windows upgrades when the user specified to delay the update. There were complaints of updates rebooting during ‘active hours’ and the solution was to modify the Windows Registry. The Registry stores low-level settings of the operating system and installed applications. Making an error editing the registry can cause irreversible damage. “Active hours” is another dumb idea. ‘Hey tell us when you think you’re going to be using your PC and we won’t apply updates.’ Except that didn’t happen. Windows 10 would reboot causing many hours of lost productivity. Have a task or job running overnight? It’s not more important than a Windows update! Granted many of these issues come and go but they are major annoyances. They leave users feeling like they don’t have control because a decision they made was not honored.

Microsoft is thinking like a developer. Developers will tell you “this is progress.” This happens a lot. It’s a real problem. Progress is not removing options for users. Their idea of progress may not align with the majority of users either. Paul Thurrott believes that Microsoft is intentionally making Windows 10 bad. “I actually think they’re doing this on purpose to sabotage this business from within … so they can move on to the thing they want to do which is cloud computing … It’s almost that bad.” (What The Tech, ep 363).

Classic Shell

I’m really getting tired of replacing bad implementations with functional addons. To my chagrin, Classic Shell is no longer in development which was my preferred Start Menu replacement. These reasons should sound familiar: “Windows 10 is being updated way too frequently (twice a year) and each new version changes something that breaks Classic Shell. And … Each new version of Windows moves further away from the classic Win32 programming model, which allowed room for a lot of tinkering. The new ways things are done make it very difficult to achieve the same customizations.” Luckily the source code was released making it easy for someone or a group to pick up where that project left off. Check alternativeTo other Start Menu replacement options.

I would love to move my Windows 10 desktop to Linux. There are apps that don’t run well in a virtual machine or hardware apps that can’t run under a compatibility layer like Wine. Windows it is for now. I have moved my laptops over to Linux and have been loving it. Linux has its own issues but if one distribution doesn’t work, try another. I do have Windows virtual machines installed for software defined radio apps and Office mostly. My preferred Linux distro is Fedora because it had the least amount of problems running specialized apps in a VM. It’s not for the faint of heart either as it’s considered a ‘bleeding edge’ operating system. Problems often make to the stable update channel but seem to be fixed relatively quickly.

This is the dividing line. Are you willing to change or is this too much?

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – January 2018 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/2018/OSJ-Jan-18.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

So nothing really tech news related happened this month. Eh, not so much. The New Year brought two major flaws in nearly every modern microprocessor: Meltdown and Spectre.

In the past, major security issues were able to be corrected through software or firmware updates. This is because almost everything is now run by small amounts of software and can be easily updated. Design issues are harder to fix because the problem is fundamental to the design of a device.

Description from Meltdownattack.com:

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

Meltdown affects nearly all Intel microprocessors manufactured since 1995. In modern computing, an operating system “kernel” handles all interactions between applications (web browser, word processing, spreadsheets) and hardware (CPU, memory, network, USB devices). By its nature, the kernel must know everything about system interactions.

CPUs have different operating modes. Two modes apply to Meltdown: unprotected (called kernel mode) and user mode. Kernel mode has access to everything while instructions executed in user mode should not have access to the same memory as the kernel.

Meltdown is the demonstration of an unauthorized user mode process accessing kernel mode memory. This means a user process can access information to which it doesn’t have permission. Think of systems that share data among many users like an online cloud service. Isolation techniques are one of the major selling points of the cloud. Multiple users can be using the same physical hardware and not impact or know anything about other users also using the same hardware. A malicious process could use meltdown to access the data of other people’s applications running on the same device.

Spectre affects nearly all microprocessor implementations of speculations and predictions. In an effort to make systems run faster, a huge amount of speculative processing is engineered into processors. Speculation is the processors answer to the question: what is most likely to happen with this instruction set? Being able to “guess” the right answer provides a massive performance boost and we all want fast systems. To explain one part of this vulnerability, consider two math equations are given to a microprocessor:

a + b = c
d + e = f

The processor will recognize calculation of the second equation does not depend on anything from the first equation. This means the processor will execute these equations simultaneously until it reaches a common dependency. That dependency would be something like:

a + b = c
(d + e) * c = g

The answer c is used as an input into the computation of the second equation. Running this set through the processor would be slower because they couldn’t be calculated simultaneously. An input into the second equation is dependent on the answer to the first.

Using the same equations, let’s assume for everyone in the Ohio section, the answer to c = 5. A programmer could write an instruction set following that calculation to say: if c = 5 then take fork #1, otherwise take fork #2. How do humans know which fork to take? Calculate the value of c. However, processors try to use “speculative execution” to perform the work of both forks before it knows the answer to c.

Let’s add super-secret data to fork #1: “the Ohio Section IS the best section.” We don’t want fork #2 to know anything about that data because it might be someone from another section trying to break-in. A processor would execute both fork instruction sets speculating on the outcome. This speculation could allow someone from another section to see our secret in fork #1 when they should only see something else in fork #2. Consider a malicious smartphone application taking advantage of this to access text messages, instant messages, mobile baking data, or critical documents.

The lengthy process of dealing with these issues has begun. The only way to truly “fix” these problems is to design new CPUs architectures and replace existing ones. Yeah, sure. Remember, these issues are fundamental to processor design. If these flaws are ever corrected, it will be over a period of time – not tomorrow, next week, or even next year. In the meantime, operating systems are implementing methods to prevent attacks.

In the rush to get these fixes out, as one might expect, more problems are being caused. Microsoft has reported issues with anti-virus applications not playing nice and claiming AMD’s documentation was incomplete. Ubuntu 16.04 users had issues forcing them to roll back the kernel. In addition to all this, processor performance is impacted. Testing done on operating system patches shows slowdowns of 2% – 30%.A forum post on Epic Games included the above graph showing CPU usage of 3 cloud servers. After their cloud provider patched one server at about 23:00, CPU utilization of that server increased nearly 2.5x over the other two. Though the CPU wasn’t maxed out, it was enough to cause service disruption. Gamers really don’t like it when their services don’t work.

For most users, stay current with system patches and updates. In particular, Microsoft is requiring anti-virus programs to set a registry key before Windows will apply system updates. As of this writing, if you do not run, have an out-of-date, or have a non-compliant anti-virus application, your system will NOT receive any future Windows updates including the patches for Meltdown and Spectre. Current versions of Windows can run the free Windows Security Essentials available for Windows 7 or Windows Defender is included in Windows 8, 8,1, and 10.

Bruce Schneier, a well-known cryptographer and security researcher states: “… more are coming, and they’ll be worse. 2018 will be the year of microprocessor vulnerabilities, and it’s going to be a wild ride.” Link to his blog post.

More information:

https://meltdownattack.com/ – research papers, technical information, FAQ, videos in action, and info from companies affected.

https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)
https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)

Thanks for reading and 73… de Jeff – K8JTK

Ohio Section Journal – The Technical Coordinator – October 2017 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://arrl-ohio.org/news/OSJ-October-17.pdf

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey gang,

October is National Cyber Security Awareness Month. I either made your eyes roll because security can be complicated or piqued your interest because of the TWO Equifax breaches. I can certainly get into the weeds with data and cybersecurity because it’s an interest of mine – as a user and programmer. Realizing that most readers won’t have a background in programming or system administration, I’ll set aside the technical details. I’ll briefly cover some cybersecurity issues and give tips anyone reading this article can use.

The whole concept of computing is built on trust. The list of things we trust is infinitely long: trust programmers of the operating system and program developers are following good practices. Trust the company stands behind their product, fixing problems and issues. Trust “Information Security Officers” of a company actually have a background in information security. Trust audits are taking place to uncover problems. Trust customer data is being stored in accordance with good security practices. Trust the website you’re browsing to is really CompanyWebsite.com. Trust “[insert name of company here] Free Wi-Fi” is really that company’s free Wi-Fi. Trust that devices in your home aren’t spying on you. You start to get the idea.

Security is a tradeoff between safety and convenience. Computing could be made very secure but those systems would be completely unusable due to the layers of security. There is no such thing as a “completely secure” system or device – it just means the mistakes, problems, and bugs haven’t been found yet. “Shellshock” is considered to be a very severe security bug. Disclosure came in September of 2014. This bug affected millions of servers connected to the internet. It was determined the bug, in some form, had existed in the UNIX (and Linux) command-line interface since 1989.
Humans program computers. Humans use computers. Humans make mistakes.

Hackers leverage these mistakes and use them to their advantage, often to gain unauthorized access. The word “hacker” has two meanings. “White-hat hackers” are the ones who experiment with and modify devices and software to make it work better. Hams are examples of these because we take commercial gear and make repeaters or use off-the-shelf routers for things like Mesh networking. “Black-hat hackers” are the bad guys and the ones we hear about on the news stealing credit card data from Target and personal data from Equifax. These are the ones I will be referring to.

Hollywood gives us the perception that hackers are in some 3rd-world country or in a dark basement, no lights, and only the glow of their computer screens. Hackers come from all parts of the world and sometimes are acting on a government’s behalf. In fact, legitimate companies exist solely to sell their black-hat hacking tools. They have buildings, employees, call centers, and help desks – as does any legitimate company.

What’s the motivation behind hacking?

Money. It’s hard not to tie everything back to money. The first reference to malicious hacking was “phreaking” (pronounced freaking. AKA: phone hacking) where one of the goals was to manipulate the public phone system and use it to make long-distance calls when it was very expensive to call around the world. More recent financial examples include everything from disrupting nation-states (economic), blackmail, and ransom payments for access to data. Ransomware encrypts all documents and pictures. It demands payment before it will (hopefully) decrypt your files allowing you to use those files again. Ransomware utilizes the same technology, strong encryption, which you use to securely transact with your bank online.

My social media, computer, or online account has no value [to me] / I only check email / I don’t store anything on my computer / why would anyone want access to my email or computer?

I hear these alot. Many of us don’t realize all the things a bad guy can do with computer access or an email account. Brian Krebs is a blogger who covers computing security and cybercrime on his website Krebs on Security. He is known for infiltrating underground cybercrime rings and writes about his experiences. His site is highly recommended reading for anyone with an interest in cybersecurity.

Brian posted two articles titled “The Value of a Hacked Email Account” and “The Scrap Value of a Hacked PC…” When signing up for any online service, an email address is almost always required. In 2013, according to Brian’s article, hackers who have access to email accounts can subsequently gain access to other services such as iTunes and sell that access for $8 each. FedEx, Continental, United accounts go for $6. Groupon, $5. Hosting and service accounts like GoDaddy, AT&T, Sprint, Verizon Wireless, and T-Mobile, $4 apiece. Facebook and Twitter accounts were $2.50/ea.

Aside from the monetary value, bad guys have access to family pictures, work documents, chat history, can change billing and deposit addresses on banking accounts, drain financials like 401K, bank or stock accounts, and target other individuals like family members. In 2012, a hacker went after Wired journalist Mat Honan locking him out of his digital life. The attacker used flaws in Amazon and Apple’s services, which helped them gain access to Mat’s Gmail and ultimately his Twitter account.

Access to a personal computer can be gained through a number of schemes including: fake ‘you have an out-of-date plugin/flash version’ on a webpage, receive an email about a past due invoice, notification of a problem with some shipment, or by innocently installing a program thought to be legitimate. A recent example of a compromised program was the widely popular PC maintenance program, CCleaner. Untold millions of people unknowingly downloaded a malicious version of the program from the vendor’s site.

A hacked PC can be used for: generating email spam, harvesting other accounts (see above), gain access to a work network, steal online game keys and characters, be part of a Denial of Service attack, infect other devices on the network (like DVRs), create fake eBay auctions, host child porn, capture images from web-cams or network cameras and use them for extortion purposes.

What can I do to protect myself?

Unfortunately in situations of compromise like Target and Equifax, there was nothing you could do – other than not use a credit card at Target or not apply for any kind of credit reported to Equifax. Unlikely for many. You can only react after-the-fact by closing accounts with fraudulent charges and place credit warnings or freezes on your credit.

The SANS Institute, which specializes in information security and cybersecurity training, offers a “monthly security awareness newsletter for everyone” called “Ouch!” Their October 2017 newsletter outlines five steps to help anyone overcome fears and securely use today’s technology. Check the newsletter for more information on these points.

  1. Social Engineering: is an old technique which creates a sense of urgency to tick people into giving up information they shouldn’t: someone needs money quickly, boss needs a password, the IRS is filing suit against you, Microsoft Tech Support calls you about a “virus” on your computer, etc. Never give a password, any personal information, or remote access to any solicitor.
  2. Passwords: Create unique, strong passwords for all online devices and online accounts. Use a password manager which will assist in creating strong passwords. LastPass utilizes a web interface and cloud storage, KeePass is an application and stores the database locally on your computer. Both are excellent solutions for a password manager.
    If you’re uncomfortable with a password manager, use pass-phrases which are passwords made up of multiple words. Passphrases can be written down, but store these in a secure location. Use two-step verification, often called two-factor authentication. Two-factor authentication (2FA) is a combination of something you know (your password) and something you have (a smartphone). A list of services offering 2FA with instructions can be found at: twofactorauth.org. Note: text messages are NOT a secure two-factor method because the cellphone network is not secure and attackers have been able to re-route text messages.
  3. Patches: Put all devices connected to the Internet behind a firewall (router) and keep all systems connected to the internet up-to-date. This includes home routers, computers, smartphones, tablets, streaming media devices, thermometers, Raspberry PIs, lights, automation systems, speakers, and video cameras. If devices are not being updated by the vendor, potentially dangerous mistakes are not being fixed. It’s time to consider better devices.
  4. Anti-virus: can protect you when you accidentally click on the thing you shouldn’t have and infected your system. It won’t protect against every form of infection. Windows Defender, available for all current Windows operating systems, is sufficient.
  5. Backups: I cannot stress this enough, backup, backup, backup! Many times I’m asked something similar to: ‘how can I recover my daughter’s wedding pictures from my computer’s crashed drive?’ Maybe you can, but often not. ‘I lost my phone, didn’t have cloud backup enabled, and had vacation pictures on there.’ Yea, they’re really gone. Backups serve as a way to recover from your own mistakes like accidentally deleted files and ransomware cyberattacks. A “3-2-1 backup strategy” includes 3 copies of your data, 2 on different media, 1 off-site. For most of us, this means: the original data is the 1st copy, an external hard drive (disconnected when not copying data) or network storage drive houses the 2nd copy, and a copy on a USB flash drive stored at work or backed up using a cloud backup solution – is the off-site 3rd copy.

A layered approach to security is considered best practice. As an example, creating strong passwords AND using two-factor authentication. The more layers the better, but more layers means less convenience. Brian Krebs also offers his “Tools for a Safer PC” which includes switching to OpenDNS in your home router. DNS is the service that turns human-readable URLs into IP address. OpenDNS blocks communication with known malware sites.

Hopefully this information has grabbed your attention and guided you to take steps to become safer online. Thanks for reading and 73… de Jeff – K8JTK

Imgs: Krebs on Security, Ars Technica.

Ohio Section Journal – The Technical Coordinator – April 2016 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…


Read the full edition at: http://n8sy2.blogspot.com/2016/04/april-edition-of-ohio-section-journal.html

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

DSCF5081 K8JTKHey Gang,

So — Windows 10. This topic was brought up during the after meeting at my local club. Many of you are undoubtedly seeing the upgrade nag-screens. You too might be wondering: what’s changed in Windows 10, might have heard some of the issues surrounding the new operating system, and why the big push to upgrade. This month I’ll cover the new operating system from the perspective of what has happened so far and not from a ham radio perspective. Also to preface this whole thing, Microsoft has never been very clear about their statements and often retracts or goes back on things they’ve said. In other words, any of this may change as we go along.

windows-update-impending-upgradeWhat is Windows 10?… why not Windows 9? There are many theories surrounding the choice in numbering. The named version of Windows hasn’t matched the real version number since Windows NT 4.0. Windows 10 is the successor to Windows 8.1, but not Windows as you know it. It represents a shift in the direction of Microsoft as a company. Microsoft indicated this is the “the last version of Windows.” While they’re not killing it off, Microsoft is moving to a model they call “Windows as a service.” This means Microsoft will deliver innovations and updates in an ongoing manner instead of separate releases (versions) of Windows. The ultimate goal is to have one version of Windows that will run on all platforms. Everything, including Raspberry Pi, phones, tables, HoloLens (wearable, so called “smart-glasses”), laptops, desktop PCs, Surface Hubs (interactive whiteboards), and Xbox entertainment systems. Having one version of an operating system means all of these systems will become integrated and share information easily.

windows-product-family

A large part of this shift includes the use of “the cloud.” The cloud is a fancy term for someone else’s equipment on the Internet. The most common example is ‘cloud storage.’ Services like DropBox, Google Drive, or OneDrive allow you to save your documents and pictures elsewhere. You upload files to these services and you can access those files or share them with others on the Internet. The cloud is heavily integrated into Windows 10. After installing Windows 10, it will prompt you to sign in using a Microsoft Account. This syncs your user profile with the Microsoft cloud. When you sign into another device using your Microsoft Account, your settings will be the same across those devices. You can use Windows 10 without a Microsoft account. The computer will operate in standalone mode similar to previous versions of Windows. Microsoft’s online storage service called OneDrive is integrated into the operating system as well. Other new features include your new personal assistant, Cortana. She will help find things on your computer and the web, set reminders, similar to Apple’s Siri or Google Now.

Universal apps: These first appeared in Windows 8 as “Metro Apps.” This concept is to have developers write one application and have it work the same way on any Windows platform. These apps are found and delivered via the Microsoft Store (similar to the Android Play Store or Apple’s App Store), and again – available on all platforms. Some games and applications that came preloaded in previous versions of Windows have been replaced with Universal Apps in 10.

Edge browser: Microsoft Internet Explorer has been replaced with Microsoft Edge. It’s been touted as a more secure browser. However, this has yet to play out because browser extensions are very limited.

upgrade-is-readyFree upgrade: Legal copies of Windows 7/8/8.1 are eligible for a free lifetime upgrade to Windows 10 until July 29, 2016. There are some stipulations to this free upgrade. “Lifetime” means the lifetime of the device eligible for the free upgrade. When that device fails, you cannot transfer the free upgrade to another device. What happens after July 29th? Microsoft hasn’t said. The free upgrade is expected to become a premium upgrade that you’ll have to purchase, even for a device that was previously eligible for the free upgrade. Versions prior to Windows 7 are not eligible for the free upgrade. To be honest, if you’re running a version of Windows prior to 7, you probably want to upgrade your hardware for 10.

Now reality.

Big upgrade push: Windows users have seen the icon in the system tray nagging them to upgrade. Why the big push? Microsoft is trying to avoid another Windows XP. At the time Windows XP was declared “end-of-life,” it accounted for about 10% of all computers on the Internet. Two years later, about 7% are still using XP. That’s a lot of users running a dead operating system. On top of that, Windows 7 will be 7 years old in July and only supported for 4 more years (until January 2020).

While Windows XP maybe working great, there are reasons to get off of it. Google has been leading a push for a more secure Internet. Windows XP cannot handle many modern security methods in use today. All browsers in XP (except Firefox) will display ‘your connection is not private’ when connecting to a website that has more modern security then XP can understand. Since Windows XP is not a supported operating system, it won’t be updated to handle modern security methods. While the website will still work, your connection will be less secure. A work around for this security issue is to use Firefox. Though no known vulnerabilities exist in XP, best practice dictates users should remove unsupported operating systems from the Internet if it doesn’t need to be on the Internet. Another reason to upgrade is new hardware and software will not have support for old operating systems.

upgrade-is-waitingThe upgrade push for Windows 10 has been nothing short of a disaster. Last year, users eligible for the upgrade began seeing a Windows icon in the system tray saying ‘you’re PC is ready for your free upgrade.’ This deplorable tactic is commonly used by malware and spyware authors to trick you into installing software you don’t want or need. As an Information Technology professional with an interest in cyber security, this is the type of message I tell users NOT to acknowledge. Kind of ironic. Initially this tray icon came in the form of a Windows “Recommended” update. Then Microsoft upgraded it to a “Critical” Windows Update -yet another deplorable tactic. Despite this maneuver, Windows 10 is NOT a critical update. The upgrade popups are very confusing as the clickable options are: “upgrade now,” “upgrade later,” “OK,” or “Get Started.” Oh, it gets worse. Users are reporting they vigilantly closed the prompts to upgrade (clicked the red “X”) but their system was still upgraded automatically against their wishes. They went to bed with Windows 7 and got up the next morning to Windows 10. Surprise.

Once the upgrade happens, you do have 30 days to revert back to your previous version of Windows. The problem here is users have found the roll back frequently fails. Imagine that. ‘Don’t worry, you can go back… if you want. Opps, the roll back just failed! Guess you’re stuck.’ Thanks.

Start Menu: Microsoft tried to remove the Start menu in Windows 8 and replaced it with a full screen tile menu. This was an attempt start a unified experience between PCs and mobile devices. The change worked fine on small screen devices but was a terrible experience on PCs. It was met with much outcry. The Start menu has returned in Windows 10 with something that kind of resembles the Start menu from Windows 7. It’s more of a combined Start menu — “Live Tile” experience. Live Tiles display updates like weather, news, and photos, while others are just a static application icon.

windows-10

Adding to the confusion, there now two places where system settings reside: “Settings” and “Control Panel.” Settings typically run between devices like time zone, personalization, notifications, and user accounts. The Control Panel is mostly desktop specific settings.

Tracking: Microsoft Windows 10 tracks much of what you do and where you go. Their claim is they provided a free upgrade so you can give some information back to Microsoft on your usage. Two problems with this: even if you pay for the Windows 10 upgrade, this information is still shared with Microsoft. The other, this tracking is now rolled into Windows 7 and 8. Privacy advocates feel this is a violation of user’s privacy. The argument on the other side is most use Google or Apple’s services and they know just as much about you. This Ars Technica article explains tracking is a growing trend in technology: http://arstechnica.com/information-technology/2015/08/windows-10s-privacy-policy-is-the-new-normal/

Upgrade tips: create a full system backup using a backup service or create an image of your current installation on an external hard drive before attempting to upgrade. This is a backup incase the rollback fails. Check the vendor’s website of your hardware and critical software applications. Look for driver support or knowledge base articles about Windows 10 before upgrading. Knowing whether your devices and software are supported will help minimize regret because your favorite app or device no longer works.

Certainly some of these concerns have caused me to look at alternative operating systems. I have found in my deployments (I have yet to upgrade all of my desktops) with a little work, I can get 10 to act a lot like (my favorite) Windows 7. Turning off or uninstalling cruft helps a lot: turning off notifications, disabling camera & microphone usage, disable Cortana, remove many Universal Applications, and turn off background apps. I use Classic Shell to return a normal looking Start menu and Anti-Beacon to disable tracking. Links to those applications and ones to disable the upgrade nag-screens are below. Seriously, if you find any of these apps useful, consider donating to the author because we need to support those doing the right thing and allowing choice.

Thanks for reading and 73… de Jeff – K8JTK

Image sources: thurrott.com, zdnet.com, and blogs.windows.com.

As always, use these at your own risk.
Disable Windows 10 upgrade and notifications in Windows 7 & 8/8.1:
Never 10: https://www.grc.com/never10.htm
GWX Control Panel (advanced users): http://ultimateoutsider.com/downloads/

Start menu replacement for Windows 8 & 10:
Classic Shell: http://www.classicshell.net/
Start 10 (trial): http://www.stardock.com/products/start10/

Disable Windows tracking:
https://github.com/10se1ucgo/DisableWinTracking
https://www.safer-networking.org/spybot-anti-beacon/ (from the makers of SpyBot Search and Destroy, works on all versions of Windows).
A more manual approach is presented: http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/

Bridge a Remote Site Network with OpenVPN Access Server

Having access to your devices over the Internet is a requirement for any admin deploying a project. Instead of running to a remote site to administer devices (making changes, applying updates and patches), it’s easier to connect remotely and make changes. Remote access poses many issues and concerns.

Security

First and foremost is security. You always, always, ALWAYS want devices connected to the Internet behind a router with a built-in firewall (NAT router). A firewall filters traffic between two networks (your ISP and home for example) and will block attempts to connect to your internal (private) network.

Device manufacturers take security for granted. Little testing and auditing takes place because the analysis is expensive for throw-away devices. This is noted in many stories including Bug Exposes IP Cameras, Baby Monitors where simply clicking “OK” on the login dialog allowed access to the Internet connected video camera. It is trivial to find these devices on the Internet because of Shodan. Shodan is dubbed the “Internet of Things Search Engine.” If you’re not familiar, think of it as the Google for devices connected directly to the internet. These could be: web servers, printers, cameras, industrial machines, bitcoin mining… Putting devices behind a firewall minimizes the risk because anything trying to peer into the network would be blocked by the firewall.

This holds true for networks you don’t control (granted access on someone else’s network). Put your stuff behind a router/firewall so they can’t see your devices and you can’t be exploited by devices on the other network.

Port Forwarding is a popular technique to only allow traffic on a specific port to a device you specify in your firewall (router). This provides little security as it still allows a potentially vulnerable service to accept incoming connections from the Internet.

Choose a good router

Couple of tips for a good router:

  • You get what you pay for. Don’t opt for cheap.
  • Opt for ones that support third-party firmware like DD-WRT and Tomato or setup a dedicated computer running pfsense or Untangle. These have proven to be more secure than stock firmware in addition to offering a more complete feature set.
  • Stick with popular models as found on Amazon, Newegg, or other tech store. They’re more likely to be reliable, well updated models.
  • Look for ones that accept USB cellular modem dongles for installations that have no accessible network connection like a remote site.

Virtual Private Network

The preferred way to connect to a remote network is to use a VPN. A VPN connects to a private network securely over the Internet. It allows the user to exchange data, use services, and connect to devices as if they were directly connected to that network. An open-source project that implements VPN technologies security is OpenVPN. OpenVPN is an application that allows for secure point-to-point communication. There are many implementations of OpenVPN including using it in many third-party router firmware (mentioned above). OpenVPN Access Server is one of the many implementations and the one used for this project.

This project was inspired by Hak5 1921 – Access Internal Networks with Reverse VPN Connections. As an Amateur Radio operator into the newer computer and digital technologies, more devices are located at remote sites.

This setup consists of:

  1. A remote network behind a firewall where devices exist you want to access. This will be a Linux server on the remote network that will act as the gateway and persistently connected to the bridge. This could be a full desktop computer purposed for something else or Raspberry Pi. Also on the same network will be a Windows machine.
  2. An unsecure/unknown network, AKA the Internet.
  3. A private server that will act as the bridge between the remote network and a device you choose.
  4. A device in a separate location that will connect to the cloud server and will be able to access the remote network. I will use a Windows machine to act as a ‘home’ computer.

This setup works in nearly all cases because the only device receiving incoming connections is the bridge server in the cloud. Firewalls block incoming connections by default. Very few block connections originating inside the network out to the Internet (egress). If a device along the way filters by content, connection attempts will be blocked. Many corporate networks are doing this kind of filtering. Otherwise the traffic looks the same as secure web traffic on port 443. No port forwarding is used.

Hosting

I recommend using an infrastructure hosting provider for the bridge server. This can cost anywhere from $5-$15 per month. The device can be anywhere on the public Internet. It must accept multiple connections on different ports but only by a couple users at a time are needed. Minimal configuration is more than sufficient. Bandwidth, latency, and up-time of all points in this setup effect reliability. My personal recommendations for infrastructure hosting providers are: Rackspace and DigitalOcean.

IP addressing

All remote networks and the home user networks cannot overlap in address space. That is they need to be differently numbered. For example, typically home networks have addressing as 192.168.1.x. The remote site(s) can’t have the same numbering (192.168.1.x). It must be different. I suggest making the remote site different enough to not cause conflict with any home users’ networks. Remote sites as 192.168.25.x, 192.168.26.x, and 192.168.27.x would work fine when the home users’ networks is addressed 192.168.0.x, 192.168.1.x, 192.168.2.x, and so on (except 25-27). Similarly addressed networks create routing conflicts and the packets will not reach the correct network.

Downsides

Cost.

In addition to hosting, a downside to using OpenVPN Access Server is licensing. While OpenVPN is Open-Source Software and OpenVPN Access Server is free, the license allows for only two concurrent tunnel connections at any one time. This means the remote site counts as one connection and the home device the second. If a second person (third device) needed access to the remote network, they would get a message saying ‘Access Server has reached its concurrent connections limit.’ The first person would need to disconnect first before the second could connect otherwise current connections will begin to be booted. Additionally, connecting two or more remote sites and a home user is not possible without purchasing licenses or running an additional bridge server. Additional licenses can be purchased for “$9.60 License Fee Per Client Connection Per Year. Support & Updates included. 10 Client minimum purchase.” $96 per year.

An alternative to OpenVPN Access Server is to setup your own (roll your own) OpenVPN server which is free. I hope to do an OVPN server setup at some point in the future.

Assumptions

This guide is step-by-step in nature, meant for beginners, with brief explanations of the steps. It will help to have an understanding of Linux commands and scripting. Capitalization is important in Linux! Understanding of basic networking concepts including determining network prefixes and CIDR notation is also required.

Program versions

I used a Windows 7 64 bit PC for configuration (and Home PC). Applications and versions used in this writeup:

  • OpenVPN Access Server 2.0.24
  • Putty 0.67
  • Ubuntu 14.04 x64 (bridge and remote servers)
  • Filezilla 3.16.0