innismir.net

Steve, K9ZW, has asked What’s the Worth of Twitter?

I’m slowing my Twitter “Tweets” and following of Twitter based on a difficult to use Signal/Noise Ratio.

…

One very active Twittering Ham has a goal of posting 10,000 Tweet posts during the year.

If everyone of those Tweets takes but a second or two out of my attention, that is asking me as a Twitter Follower to give up 5-6 hours of accumulated time.

It’s simply not going to happen.

This was followed up by N0HR’s Twitter Overload post:

Steve notes that one ham has a goal of “tweeting” 10,000 times in a year. Yikes. What possible value could that have to anyone? I could see some value in group using Twitter to meet at the Dayton Hamvention – when you’re all trying to meet you’d know that Frank’s at Denny’s having breakfast, Chuck’s in the flea market and Stan is lugging a boat anchor to the car. That’s about it though.

First off, let me state for the record that I am the said “active Twittering Ham”, but I do not have a “goal” of having 10000 tweets in a year. I did wonder if I’ll hit that number which is looking more and more likely now that I’m less then 50 shy of 9000, but I wouldn’t consider it a goal. Next off, I’m not pissed at Steve for unfollowing me at all. I did mention it in a tweet, but I am not saying that I am sad, angry, or disappointed in Steve.  I am very much in @mediaphyter’s corner regarding following:

…let me make a list of what Twitter is not:

1. A venue for a popularity contest
2. An obligatory mutual instant message system
3. A place where anyone has anything to prove

Exactly. Twitter is different things to different people. Suit your follow list to what you want to see. I’ll be the first to admit that I am a prolific tweeter. My sister never added me to her phone because it she was overwhelmed by texts. I tweet about Ham Radio, InfoSec, the MBTA not working, and any other completely random thing that floats into my head. A lot of my friends are the same. However, I know that this does not suit everyone. I have no problems with someone unfollowing me because I tweet so much, if you’re not going to follow a smaller group of people, I’m going to quickly overwhelm your “stream” on your page, likely providing more signal with noise. There are ways to sift through volumes of tweets, but a lot of people have neither the time or inclination to do so.  Don’t feel the need to follow anyone because “everyone else does it” or if they’re following you. Only follow the people that tweet topics that you’re interests and tweet at your pace. Also, look at the option of turning of

If you’re on Twitter, don’t think you’re going to hurt someones feeling by unfollowing them. I occasionally go through my lists and “purge” people that no longer interest me. If I no longer intrest you, unfollow me! Please! If I follow you, I’ll still reply when you say something I want to comment on and it will still show up in your stream.

Steve, I’m still following you, as you’re one of the Hams who’s tweets I always enjoy. I hope to see you around, and I look forward to you live-tweeting Dayton.

Since my e-mail addresses have been around in one form or another for 10+ years (There is a scary thought), I get my fair share of spoofed mail bounces. Normally it’s a annoyance, but occasionally I get some white elephant in my INBOX:

From: uucp <uucp@inetgate.telecom.gomel.by>
Message-Id: <200811150241.mAF2fnrj009642@inetgate.telecom.gomel.by>
To: (ME)
Subject: UUCP job killed

Message from UUCP on gml Sat Nov 15 04:41:49 2008

UUCP job

zip.CK9GSD2AAFVV

for system

zip

requested by

daemon

has been killed.

======

Reason: Your mail message has been expired after 672 hours.

====

The job was queued at 2008-11-17 14:43:48.

It was

rmail oot@zip.belpak.gomel.by

UUCP? Really? I haven’t seen that in use since the mid-90s, when I first started with the crazy “Internet” thing. But I guess in Belarus it’s still in use. Wow….

What’s the opposite of FUD? Unbridled optimism? Rosy colored glasses syndrome? Sheesh. This @ryanaraine posted this on Twitter this morning: Microsoft to issue out-of-cycle patch for the ‘unknown exploit’. This features such choice quotes as:

It’s the kind of development that could give “zero-day” a whole new meaning: a wave of alleged Internet Explorer exploits, the total number of experimentally validated cases of which apparently numbers zero.

What in the Wide Wide World of Sports is “experimentally validated cases?” Did I miss something here? Is this some kind of new InfoSec standard that I was previously unaware of? How much verification do you want? Take your pick: ISC, Trend Micro, F-Secure, ZDNet, or the  Washington Post. What else does he want, have the hole paint itself purple and dance naked on the table in front of him singing “zero day exploits are here again?”

This IS being actively exploited. I have a list of sites that are being used to host exploits sitting in my INBOX right now. If you use IE, you need to patch ASAP or switch you web browser over to something else. To suggest this may not be “actually valid” is irresponsbile and is undermining the efforts of security people across the Internet.

This originally was going to be part of my last post, but it was long enough to be broken off into it’s own article. I know that KA3DRR has asked me a couple of times what my antenna setup was like. My antenna setup is very meager, when I first made my antenna I had a good idea what I needed:

I had a few requirements:

1. It had to be cheap
2. It had to be easy to set up and break down
3. It had to be simple
4. It had to not require a tuner

Since then, times have changed a bit: I have a tuner now, and I wanted to operate more bands. However, the cheap, simple, and easy to set up and break down requirements stayed the same. My mounting situation has more or less stayed the same. I use a tree that is outside my office to hang my antenna up and then when I’m done I take it off. It’s not the best situation and the “half wavelength above the ground” rule is definitely flaunted:

Click For Larger

You can see my radio room from the outside in shot. Also visible is my 2M on-the-ground-plane. This is permanently left outside and is connected to my IC-27H.

Again, click for Larger

With the original 20M elements and the 10M elements I added a few months ago, I think it looks like a giant spider when it’s hung in the tree. Thankfully it breaks down in about 5 minutes of work and is a rolls up into a nice manageable size. I use Velcro cable ties on the end to keep the elements wrapped up and neat.

Guess what? Click For Larger

I love my antenna, as it’s the first “homebrew” project I ever did. It also works quite well, I’ve worked as far as the Ukraine on it with 100W. Sure, it’s a pain to shuffle out at night and take it down and I can’t wait until I get a house in which I can simply have an antenna that I can leave up all the time, but in my current situation, it gets the job done.

It was the ARRL 10 Meter Contest this weekend. Normally contests are a non-starter for me, as I jut really don’t “get” them, however, I thought it was a good opportunity to try my HTX-100 that has been languishing in my shack since I acquired it. Despite the weekend being filled with Christmas shopping and clearing out the soon-to-be nursery, I did manage to carve out a couple of hours to play radio.

I’ve been wanting to test out my HTX-100 since I recieved it. SEMARA has a weekly 10M Ragchew net on Tuesdays and that was the first and only time I’ve talked to someone on it. The signal reports were good, but there is a slight difference in working somene across town, and working someone across the country. So, I strung up the dipole, popped up DXAnywhere on the computer and scanned the bands. I wasn’t interested in scoring points, I just wanted to see if I was “getting out” and everything was working well. I tuned up and down and heard W4SVO calling CQ. I tried calling him a few times but he kept responding to other stations. Finally he came back to me with a 5 by 9, which he gave everyone but I digress. I continued tuning around and heard another Florida station, WD4IXD, calling CQ, so I got ready to work him.

Now, the HTX-100 has a high and low power setting. It puts out 25W on high power and if you pull out a knob, it puts out 5W. After thinking about it for a moment I decided to be adventerous. My other radio, a TS-120, is 100W all the time unless you fiddle with the mic gain and then your max output is a bit of a guessing game. I worked W4SVO with relative ease and I wanted to have some fun. I pulled out the knob and flipped the radio into low power mode. It took slightly longer but after quite a few tries of losing out to other stations, I finally contacted him. I was pleased, it was my first HF QRP contact! I did the math out on the Google Maps Distance Calculator and it came out to be 1099 miles! Thats 219.8 miles/watt. Not bad! I moved lower on the band and came across a 3rd Florida station, but the band seemed to swallow him up before I could get to him. I then unsuccessfully tried to work @dskaggs, N4EA but the band seemed to be closed at that point, and it stayed that way until I packed it in around 7:30PM.

It was a good couple of hours and I’m glad to have my first 10 meter “DX” contact and my first QRP “DX” contact in the logbook. I need to sit down and QSL WD4IXD as I want to get the QSL for posterity. I also need to start looking at getting the HTX-100 into my car, as that was my original objective for it.

Oh, and I think my final score for the 10 meter contest was a whopping 4 points. Go me!

There has been some hub-bub lately about Fortify saying that “Penetration is Dead! .. Oh yeah, and by ‘Dead’, we mean, not dead, but just different.”  This was following a similar, but completely unrelated post by Jack Daniel stating that “Penetration testing is a farce and largely a waste of time and money.” While I am inclined to agree with Jack’s basic tennants regarding the two possible outcomes of pentration tests, and I do have a disdain for the term “ethical hacking”, I don’t think that the current model is going away, nor that it is useless.

There are two types of penetration testing that should exist: The kind of penetration test that is worked into the QA process, and the “How screwed are we?” audit-type penetration test. The former should be worked within the application development process, testing the codebase as the project moves forward and giving the application one last assessment before it moves into production. The latter is one where you have a no-holds-barred scan on your network. Both of these accomplish two similar, but different goals: Within the QA process, it gives you and the developers ideas on how secure a certain application is and if there are any show-stopping security bugs. As an audit, it gives you a better idea as to where the weak spots are on your network.

Both of these need to be accomplished by an independent party who do not hold an interest within the project. If you have an independent security team, they can usually handle the tests within the QA process. However, for audits, more often then not, it is a good idea to call in the consultants and let them go to to town. Now, I loathe consultants and feel that they often aren’t worth half of what they charge, but, there needs to be an air of impartiality to upper management. Also, by not putting the security group in charge, it gives them equal time within the crosshairs, something that may be glossed over if they are the ones running it.

More often then not, companies don’t have an independent security team. This has given rise to numerous “penetration testing” companies that specialize in shining a flashlight into all of the dusty corners of your applications and network. This is great and fills a vacuum for a lot of small businesses who just has a “computer guy” who realizes that security is an issue, but does not have enough cycles to address it. However the major issue is, as Jack correctly points out, that we don’t have a common criteria to judge what kind of “penetration test” we’re getting. Are we getting some ninja dropped into our environment to wreak havoc for a week or are we having someone show up with Nessus, scan, and drop off a report later that day? Also, what happens afterward? Does a report get dropped off and the auditor washes their hands of it or will they assist within the remediation phase of the problem? Does the report even get read by upper management? If management and IT is relatively clueless about what a good “penetration test” is, there potential for abuse is very high. When dealing with security that is a very dangerous game to play.

I don’t have a solution to this, besides suggesting that outreach and education is key. The issue is who should be doing the outreach and do companies really want to be reached out to. There is no quick and easy solution to this, just like a “penetration test” is not a silver bullet for solving security issues.

There has been a lot of drama over the ZOMG CW OPZ ROOL AND NO CODEZ DROOL Video. It started when Jeff, KE9V posted a message on Twitter linking to a weblog post at the Parma, OH Amateur Radio Club weblog. The post contained a video about the death of Morse code, and how anyone who didn’t pass a Morse code test is dumbing down the hobby.

I, like any other red-blooded netizen, posted comments on the post and the YouTube page saying in no uncertain terms on how I thought his thoughts bore a striking resemblence to a large pile of edible offal from the stomachs of various domestic animals (“a load of tripe”). I don’t think Morse is the cat’s meow, but I do know it (despite being one of the dumb no-code hams) The bile flowed from my fingertips and my circle of Hams on twitter was abuzz at the video, most of the talk being negative.

Then it was gone…

Steve, K9ZW tweeted that he couldn’t get to the video via the weblog post. Sure enough, the video had been removed. I forwarded him the YouTube link, which he replied he also couldn’t get too. Looks like someone had second thoughts. Finally, the title and all the comments were deleted from the post and all further comments needed to be moderated. All that was left was a non-functional little nubbin of a post that previously had about six people’s comments. I assumed that it was over and that the creator of the video retreated. I would have preferred some kind of discussion or an apology, but it’s his call.

Flash forward to Friday morning, where I see that the video has been reposted. I was glad I can now link to it to talk about it some more, but it did ruffle my feathers that the creator, rjkd732, essentially tossed all the previous discussion down the memory hole. About ten people commented on the various postings and he has seen fit to flush it all down the tubes. I posted my comments regarding this and reposted my original comment regarding offal. This time, he did reply saying that he took down the video because (para-phrasing here) I was being rude and calling other people names.

He then took it down again…

Then this little gem showed up in my Youtube INBOX:

those who passed code ARE BETTER! stick that in your pipe, whiner.

Hahahaha!

Oh wait… You’re serious…

Let me laugh even louder….

HAHAHAHAHAHAHA!!!!!!

OK. So I’m not a saint. What?

The Internet is a great place for meeting people that say things that make your blood boil and pray for the ability to punch people via TCP/IP. I seem to have a silly habit of tilting at windmills and trying to engage them and talk. What annoys me is when people do the electronic equivalent of “taking their marbles and going home” by deleting threads and comments. Although he’s well within his rights to do these things, it sets off a giant flashing red light that says he’s not interested in hearing an alternate viewpoint.

Jeff, KE9V linked this little… uhmmm… gem on Twitter a few days ago:

Wow. Just Wow. Sorry kids, if you got your license or upgraded after December 2006, you’re not worthy to be here. Might as well turn your ticket in to your local FCC office. I’ll be joining you. Does anyone want all my equipment?

What a load of tripe.

I know Morse code. I learned it after I upgraded to General last November. It’s a good skill to have. I have no problem with people extolling the virtues of CW operation. Operate it exclusively for all I care. I know more then a few Hams who love their CW and I have no problem with them. However, certain CW fans go a little over the top. Suggesting that I am dumbing down the hobby because I didn’t pass a Morse Code Test? Please.

Attitudes like these do nothing but hurt the hobby. YouTube videos, flames on forums, and rants on mailing lists have left many a newcomer to the hobby annoyed and insulted. What does this accomplish? It doesn’t advance the hobby, it certainly doesn’t advance CW’s reputation, and it turns off throngs of people from the hobby. But, it continues: We’re dumbing down the hobby; CW is the one true operating mode; FCC is allowing the riff raff in by lowering the bar; etc, etc, etc.

If you have opinions, add to the discussion. Don’t insult the other side wholesale.

UPDATE: Apparently rjkd732 has seen fit to remove the video, again. Thankfully, this time I mirrored it. I’ll repost it tommorow.

I have been recently wanting a 24 hour clock in my office set to UTC so I have less chance of screwing up my radio logbook (Yes, despite having multiple computers in my office, I still keep a pen and paper log). Since my “geeky stuff” budget is next to nothing I was pretty much out in the cold, until this message by Howard, VE4ISP floated into my INBOX by way of the AMSAT-BB listserv. I was intrigued, since this was more or less exactly my situation and I had an old clock I could experiment on. Inspired by Larry from PSW I decided to try it my luck.

I cracked open the clock and surveyed the circuit board:

We’re not interested in the IC in the upper right. That’s the FM receiver. What we’re interested in is the IC in the lower left:

Behold, the LM8560! From Howard’s e-mail I know that I was supposed to jump pin 15 to pin 28, however, I wanted to be doubly sure those numbers were correct . So, I found the LM8560 datasheet online and found the pinout (page 2). You can tell which way the chip is orientated by seeing which way the notch is pointing (on the left in the above picture). I also found out that Pin #28 is the 12/24 hour selection and pin #15 is “Vss”, which is IC-speak for “ground”. So, essentially, we’re grounding the 12/24 hour selection pin so it’s it makes the IC, and thus the clock, go into 24 hour mode. Should be easy right? Well, it would be if I were good at soldering, but after 15 minutes of abortive attempts I was finally successful.

Notice the scorch marks on the corners of the IC and cap right next to it! Hey, stop laughing! The soldering was made a touch easier by the fact that I could fit the wire into the little holes that the pins go down through. This made it slightly easier to solder together. After checking with my multimeter to make sure that the connection was good and that I didn’t accidentally solder another pin. I was pleasantly surprised and somewhat shocked when it told me that I only got the pins I was supposed to. So, I closed it up and plugged it in.

OK. No smoke. Now, let’s adjust the time…

Booyah! Success! Using parts I had around at home, I made a clock that was more-or-less useless to me into a clock that isn’t and also saved about $25 in the process! Huzzah!

This goes to prove that you too can do hardware hacking. After all, if I can, anyone should be able to…