Clearwater, winter 16-17, first trip

One of the great things the local TU chapter does is to work with the local YMCA to run a winter trout fishery. They put 2000 trout in the ~5 acre lake in October, and again later in the season. This gives us piedmont residents the chance to catch trout 15 minutes from home, rather than 2 hours! Today was gray, overcast with temperatures in the low 40’s and spitting rain, but it was one of the two dates Sam and I had booked this season so off we went. I started quickly, catching a nice rainbow less than 10 minutes after getting to the lake. I’d have to wait awhile for others, but we caught fish throughout the day…not fast action, but each of the 7 anglers caught several. Sam and I each netted 8 or so nice fish, with other break offs and missed strikes. A great day! We used nymphs, dries and streamers. It varied throughout the day. No discernible hatches, so catches were a matter of getting the fly in front of a cruising fish. You might think this is like shooting fish in the proverbial barrel, but not so! These can be very tough fish to catch, especially when they zero in on hatching midges, for example.

Looking forward to next time!

Sam with a rainbow

Sam with a rainbow

Joel with a nice fish, too

Joel with a nice fish, too

Closeup of a typical stocked rainbow

Closeup of a typical stocked rainbow

Technology rollup report…

Today’s the first hard freeze we’ve had this year.  It’s maybe a little late…our first frost average is late October (the 23rd for Chapel Hill, with a standard deviation of 10 days), and we’ve had some light frost 3 or 4 days already), but this morning was down in the mid-20’s. So it’s a good day to sit around until the sun gets warm and “farm” some of my technology…updates, catchup, etc.

I host (but don’t curate) a website for the Boy Scout troop I used to run (Troop 449) and they Committee is starting a cub pack, and they wanted to reserve the domain, which I ordered up. I realized that the troop’s website hadn’t had a software update in a while (someone else *should* have been doing that) and I needed to update several things, including configuring the automatic backups (always backup before an update!). Had to re-remember how to set up Google Drive APIs for the upload – I’ve done this for several websites that send file backups to Google Drive, but seems like the Google API UI/UX is different each time I go there. Have plugins to update on several other websites, so I’m doing that. Needed to review my other domain names to make sure I still needed/wanted everything there. Needed to double-check the PHP version settings. Checked on another domain name I’d ordered; it’s one of the new ones, a “.blog” that won’t be ready until 11/21.

Last night I set up a new printer. I had an old Xerox phaser 8560 that was about 10 years old, and it wouldn’t print cleanly any more, the nozzles that deposit the melted wax (it uses the crayon-style media) were clogged in places, meaning colors were funky. Still printed black, but took forever to warm up, used a lot of power, etc. Replaced it with a little Brother 3140CW color laser for $170. Supports AirPrint, Google CloudPrint, plays nice with Macs w/o external drivers. Was a very easy install, runs fast and quiet, rated for ~19 pages per minute.  I looked at fancier devices but we print very little these days…however sometimes we do need to print and this will take care of things nicely. The old printer could handle AirPrint thru a shim on the iMac (Printopia) but this is simpler and much quicker.

Lots of other things going on, have a Raspberry Pi 3 that’s fun…a gig of memory and a 32 gig microSD, and builtin WiFi and Bluetooth. A lot faster and more capable than my old 1 gen Pi B (both CPU speed and memory). What a heckuva Linux box in a pack (with case) the size of a deck of cards. The IoT is going to be fun but will be lots more things like the DDoS on Dyn back in October.

Speaking of hacks and protecting devices, I am now running Webroot on my Macs for antimalware. Seems to be a good fit, lightweight and fast, tho I think that the PC version is more efficient. Does reputational check on web links, which is good, as phishing, spear phishing, etc. can catch the best of us. Also just licensed Webroot for the small software firm I work part-time for; it has a nice management console in the business version.

So that’s  enough for now.  I needed a blog post and this is the best I could do this morning 😉

Mobile HAM radio in the truck

I’d noticed that as the summer had come on and the trees had leafed out, my ability to reach some local 2M repeaters was impacted, using my 5W HT and a roof mounted magnetic antenna. For example I was having significant issues accessing the Durham “TV Hill” repeater (fine in the winter), though the newly reinstalled OCRA 70cm was fine, albeit configured much higher and sitting much closer to Chapel Hill. So I decided to install a standard mobile rig. I’d wanted a Kenwood 710G but they are just too pricey, so I opted for a Yaesu FT-7900R. Basically, no fancy APRS stuff, but I’m less enamored of that as time goes on.

The 7900R is the basic “workhorse” dual band, 50W on 2M and 40W on 70cm. One thing I liked about it though was the fact that it came with the transceiver/head separation kit, which was good as I didn’t really know how I wanted to mount it, as my truck has a full complement of electronics and no room for other devices. I didn’t want to drill any holes, but I wanted a nice looking install. A tall order!

So where to put things and how to run the wires?

The transceiver is tucked up under the crew cab back seat, behind the driver’s seat. It’s about the size of a small paperback book, and just sits on the carpet out of the way. I had to pick up some extra 12 guage DC power wire (12′) since the battery in the Silverado is on the passenger side. I ran the power wire via a technique I found googling, going thru the fender, not the firewall, and then thru a small rubber grommet near the emergency brake to get into the cab. I reinforced the fender passage with copious electrical tape. Then pop up the plastic trim along the cab edge to run the cables. I soldered and taped my extension to the supplied power cable, running to the transceiver, and in the opposite direction, the head separation cable toward the dash. For the head (like a small cell phone), I got a clamp mount that sits nicely on the corner of the dash on the left of the driver. Left enough cable there to easily move it around, and unplug and put out of the way when needed.

So what about an antenna? I decided on a Larsen thru-the-glass mount on the cab window behind the driver, after reading about successes there. I was concerned about its efficacy but it seems to work great! Dropped the RG58 down behind the seat.

I ran the speaker extension cable from the transceiver to coil it under the driver’s seat, where I could, if desired, plug into the infotainment system. However, the built in speaker is actually pretty effective.

Have programmed repeaters into the radio and done some tests, reports indicate good audio, and I’m happy with the way it all looks. So far so good, and no holes in the truck 😉

The only issue? Somewhere under the hood of the truck is an small socket wrench adapter that “got dropped” during the process…

Panama Papers breach

The Panama Papers data leak has already snared many rich and powerful folks who have been using questionable means to hide wealth beyond taxation and scrutiny. However, that’s not what I want to write about here. I certainly find the abuse of wealth and power to be an issue, and much ink is being spilled on this. I want to focus instead on information security, and in particular, the vectors likely used to extract the data from the law firm Mossack Fonseca. What happened here was not some sort of uber-secret hacking, but was a simple process of exploiting well known vulnerabilities in WordPress plugins and in a particular version of Drupal core that was found to have severe vulnerabilities in October 2014.

wordpress-logo-notext-rgb

WordPress and Drupal are both extremely popular content management systems (CMS). Your correspondent runs several websites using both these systems, and this blog runs on WordPress. Both systems are robust, reliable, and have huge ecosystems of “plugins” or “modules” that can be used to extend basic functionality of the system in a myriad of ways. These extensions provide visual appeal (image sliders and other tools), spam control, and even database functions for storing information about the user community.  If you can imagine it, someone out there has probably written a WordPress Plugin or Drupal Module that can help you bring that functionality to your site. However, with great power comes great responsibility 🙂 .

One of the banes of any technology system is maintenance and patching. This can be to fix bugs, to add functionality, or, increasingly, to patch the seemingly never-ending list of security holes. WordPress and Drupal are no exception, and in fact, both are big targets. Of the two, WordPress is far more prevalent, with over 75 million sites and growing rapidly. Drupal runs one million sites. From a security exposure perspective, WordPress is in my opinion a bigger problem. WordPress is extremely easy to install, and takes much less study to create interesting sites than does Drupal, and as such, many sites are set up by individuals and groups who don’t appreciate the rigor of site maintenance.  I’m not writing this post to favor WordPress or Drupal.  I like both, and both have strengths and weaknesses. This brings us back full circle to what happened with Mossack Fonseca.

In a word, the problem was maintenance. The likely vector that lead the Panama Papers hackers to Mossack Fonseca’s email servers was thru unpatched and well-known vulnerabilities in WordPress plugins. The Drupal exposure likely led to client documents, and could have been a bit more forgivable from an IT perspective, as the exposure was from the core weakness in Drupal versions prior to 7.31, a part of the “Drupalgeddon” exposure of huge numbers of Drupal sites…except that Mossack Fonseca is still (at the time of this writing) running Drupal 7.23 from August 2013!

Wordfence, an organization that provides security plugins and services for WordPress, has done an excellent writeup of how the Panama Papers hacks unfolded, and it’s well worth a read, especially if you are responsible for either doing website maintenance or if you are concerned about the security of the sites you or your organization run.

The sad fact is that it’s just so easy to do maintenance on both WordPress and Drupal that not maintaining sites is highly unprofessional. Wordfence provides an excellent plugin  that notifies you when a monitored site needs a core update or plugin update. Many updates can be configured to run automatically. Running manually is a simple matter of logging in and then doing a couple of clicks! Drupal is just about as easy, though a Drupal core update is a bit more involved than a WordPress core update, currently needing a separate program (Drush) to handle the core update.

Maintenance of websites is a necessary job, just as is maintenance of any other technology asset. Think of it as changing the oil and checking the tire pressure in your car. If you know how, do it yourself. If you need to hire someone else to do it, then do so…but ensure that it is done, or you and your company may wind up in the news one day…

HF Ham!

I’ve neglected my blog for the past couple of months, with no posting since January.  We had a great time on our cruise to the eastern Caribbean in February, so my excuse it that I was having so much fun I had no time for blogging 😉 .

However, I did want to chronicle my success with moving to the world of 6M and HF Ham radio. I posted here in January that I’d upgraded my antennae for my 2M/70CM radio, and I’ve been doing a lot of communication on the 2M band, including becoming a regular participating member of the Possum Trot Net, Possum number 3571! I wanted to add the capability to use high frequency (long distance) bands to communicate to more and different communities.  I added a Yaesu FT-450D radio with a 7-band Buckmaster OCF dipole antennae to my “shack.” I plugged it in Monday of last week and tried to communicate with the local 10M net, but did not have any success in transmitting though I could hear the net traffic. Don’t know if there was just a pileup, or something with local conditions. I reached out to a local Ham to give me some assistance and coaching. KM4MDR came over today and spent a couple hours with me, validating the SWR of my antenna with his MFJ analyzer (it did very well on the supported bands, ranging from 1.2 to 1.8), and showing me a few tuning tricks. I’m very appreciative of John’s help! We participated in the 40M 7.772 Ragchew and talked to Net Control in Maryland, and talked to the 20M 14.300 Mobile Maritime Net (you don’t have to be a boat to participate!) Net Control near Houston TX.  Signal reports were good. So, great success, and now I can operate with the confidence that I can hear and be heard.

More Ham fun

I wanted to be able to reliably reach the local VHF/UHF repeaters, so I bought a 2 meter 1/2 wave antenna to mount outside the house and hook up to my handheld radio. It came over the weekend, and I installed it this afternoon. The antenna itself is a set of wires of specific lengths and impedances that you mount in 5 feet of PVC pipe. I hooked it up with a large diameter low loss cable, and used an adapter to connect to the SMA plug on my handheld. Works like a champ! I’m now able to reliably key repeaters 15 miles away with the 5 watt handheld.  I talked to a fellow Ham this evening via the repeater (W4AGC 2M on TV Hill in Durham), and he said I had excellent sound quality with no distortion. Also, was able to successfully test out an IRLP connection via the W4AGC 70cm repeater to my “beach” repeater in Newport, though my new Ham friend from Harker’s Island, KM4NRZ, didn’t answer. Also did a test of an IRLP reflector node, and heard my voice come back. Cool!

Clearwater 2016, v1

As my (one or two?) regular readers know, I like to visit a local “lake” that the TU chapter stocks with trout for a winter fishery. Let’s see, trout, hanging out with a few fellow anglers I don’t see often enough, only 15 minutes from my house, what’s not to like?

Joel netting trout

First fish of the day

On January 9th, I had one of my two seasonal visits to Clearwater. The fishing was slow, as recent rains had muddied the lake, but all the 8 anglers there each caught a handful of nice fish.  I caught mine on egg patterns, a fly that I’ve historically used in the winter with great success, but not at Clearwater. Great fellowship, and always fun to hang with my fishing buddy, Sam. Already looking forward to the next trip there!

Joel releasing a big trout

This one put a nice bend in the rod

TU said that they put a lot of browns in the lake this year, but I didn’t see any. Maybe next time.

APRS antenna update

As I wrote here previously, I’ve been exploring the APRS (Automatic Packet Reporting System) Ham Radio system. I noted that while I had the Kenwood TH-D72 radio configured correctly, it was not reliably getting its packets to the nearest digipeater to be ingested into the APRS/APRS-IS world. I suspected it was an antenna issue, as I was using the “rubber duck” that came with the radio. I replaced that with a Diamond SRH77CA and that’s made a huge difference. I’ve used it to have a “chat” with another local APRS user several miles away, though via the digipeaters, it’s possible to have a digital chat with an APRS user much further away (depending on mutual routing settings). Additionally, I noted that when the radio was inside a vehicle, it was unlikely to successfully send a packet unless the digipeater was just a couple miles away. So, I also got a Diamond MR73S, a small magnetic-mount external antenna with an SMA connector. With that on top of my truck, the APRS “smart beaconing” works perfectly, sending status packets with information that reliably shows position and turns. Interesting stuff.

APRS radio

I’ve been experimenting with APRS (Automatic Packet Reporting System) on HAM Radio. Interesting stuff! Essentially, it is a system that provides situational awareness and context for radio-enabled devices by capturing “beacons” from devices such as mobile radios, fixed point radios, weather stations, satellites, antennas, and creating a data stream that’s used to create a geo-enabled map of devices in real time…an organic “Internet of Things” (IoT) joined in the radio spectrum. As Bob Bruninga, the father of APRS says:

“Since the primary objective is consistent exchange of information between everyone, APRS established standard formats not only for the transmission of POSITION, STATUS, MESSAGES, and QUERIES, it also establishes guidelines for display so that users of different systems will still see the same consistent information displayed in a consistent manner (independent of the particular display or maping system in use)”

There are gateways to the traditional Internet for email, but the value of APRS is in the dynamic resource map it populates to RF contacts in the local area (and through data added to the APRS-IS, the Internet system, and thus generally available), and its ability to send messages between participants. It’s a peer-to-peer network that can grow organically with the addition of “digipeaters” to relay traffic, but still provides station to station information. As the APRS Wikipedia article states, “Anyone may place any object or information on his or her map, and it is distributed to all maps of all users in the local RF network or monitoring the area via the Internet.”

It does depend on access to a digipeater, and one thing I’ve found in a couple days of testing is that my HT 5w Kenwood TH-D72 transmits to the nearest repeater from Emerald Isle with sketchy regularity. It’s 10 air miles, and the standard antenna on the TH-D72 is reliably receives APRS packets from KD4KTO-4, but seems to get them there irregularly. Next week, I’ll be back in the Chapel Hill area, and it will be interesting to see how things fare there. I’ve ordered a better antenna for the radio as well, and that should help considerably with transmit range.

 

Finally have Apple Pay working again on Watch

As my faithful readers know 😉 , I really like the Apple Watch. I wrote in September about getting the wrist detection working again, and it’s been great since then…with one exception. Without wrist detection enabled, you can’t use Apple Pay (it won’t let you store cards without wrist detection enabled). When I turned wrist detection off, before that fix with OS 2, my Apple Pay configuration went away; that’s the way it works. This doesn’t sound so bad, but then when wrist detection was back, I couldn’t add cards to Apple Pay. They would be stuck being “activated.”

I did a fair bit of Googling on it, and it appeared to be an issue with some bit of iPhone storage not getting completely cleared out with card removal. Supposedly a restore of the phone fixed things for many folks.  However, I didn’t want to go to the trouble to do that, so I just ignored that one missing feature.  After December’s Watch and iOS updates, I decided to try again and lo and behold, it worked! I loaded up some cards and went Christmas shopping on Friday. Woohoo! I’m a happy camper.