APRS IGate

Following on my previous article on my quick and dirty APRS tracker I was brimming with confidence and decided to tackle the task of setting up an APRS IGate.

All I needed was a spare 2m receiver and a convenient computing engine, i.e., a PC of sorts. I engineered a simple solution to interface the radio to a Raspberry PI with a USB sound card. Before putting it all together I came to the sudden realisation that I have an old USB DVB-T dongle lying around. Interesting thing is that I bought it years ago to listen to ham frequencies and then boxed it after a very fun filled afternoon. I only just realised that we’ve never had DVB-T transmissions in South Africa. Why were these being sold locally?

Back on point, I decided to implement the RTL USB dongle with a Raspberry PI as my IGate. Tragedy struck, or more accurately, I realised I left my PI at the office. Fortunately, my old server still booted up, albeit a bit slowly.

Construction

The physical layout is immensely simple. RTL USB dongle, in this case, VideoMate U620F, plugged into the USB port of my trusty server (old hand me down headless AMD machine). That’s kinda it for the physical construction. I’m still using the original wire antenna supplied with the USB dongle while testing.

Software

These days it seems there is almost no need for any difficult hardware implementations. All of it happens in software.

In this case, I needed to install the RTL Software Defined Radio packages on Ubuntu. This would take care the demodulation and present an audio stream derived from the narrow band FM signal on 144.800 MHz (the APRS frequency in use in South-Africa).

The next package would take care of relaying received APRS messages. Conveniently there is a package called direwolf that not only decodes AX.25 APRS messages but also acts as the IGate.

root@Media:~# apt-get install direwolf rtl-sdr

The config needed to make this work is stored in /etc/direwolf.conf.

LOGDIR /var/log/direwolf

ADEVICE null null

CHANNEL 0

MYCALL YOURCALL-11

MODEM 1200

IGSERVER euro.aprs2.net

IGLOGIN YOURCALL-11 YOUR_PASSCODE

PBEACON sendto=IG delay=0:30 every=15:00 symbol=”igate” overlay=R lat=-25.84091699999999 long=28.159347000000025 COMMENT=”144.800 MHz Rx Only | DireWolf 1.3 on PC+SDR”

The above is all I added to make it work. The important bits are your call sign, passcode (http://apps.magicbug.co.uk/passcode/index.php)  and location and comment.

In order to get the RTL dongle and direwolf to communication I added a small script to init.

#!/bin/bash
rtl_fm -f 144796.5e3 -s 24000 -l 0 – 2>/var/log/direwolf/rtl_fm.log | direwolf -c /etc/direwolf.conf -t 0 -n 1 -r 24000 -b 16 – 2> /var/log/direwolf/error.log 1>/var/log/direwolf/output.log &

This starts up the RTL dongle on the correct frequency and feeds the audio output to direwolf. Notice that my frequency is specified as 144.7965 MHz. It turns out most of these RTL dongles have ever so slightly different clock frequencies and it is necessary to compensate for this error. I chose the easy way and just modified the frequency. There is an option to feed rtl_fm a correction factor, but I was in too much of a hurry to figure out how it works.

ZS6IO-9 audio level = 56(11/13) [SINGLE] __:::____
[0.3] ZS6IO-9>APDR13,WIDE1-1:=2550.46S/02809.55E>022/001/A=004783 http://aprsdroid.org/ Paul Greeff – Nissan Hardbody
Position, normal car (side view), APrsDRoid replaces old APAND1.
S 25 50.4600, E 028 09.5500, 1 MPH, course 22, alt 4783 ft
http://aprsdroid.org/ Paul Greeff – Nissan Hardbody

 

[ig] ZS6IO-11>APDW12:!2550.46SR02809.56E&144.800 MHz Rx Only | DireWolf 1.3 on PC+SDR

The above is the output of the direwolf log file showing first a position report from my Nissan Hardbody, and secondly, its regular update with it’s own position and description to the APRS network.

 

And there you have it, my QTH on APRS.fi.

APRS

I haven’t posted in quite some time, but not as long as this site will lead you to believe. Although it indicates the last post is some time in 2014, Digital Ocean managed to break my container and lose almost a year of my posts. And since that time, I have been somewhat lazy in posting. Yet, with the birth of my daughter, and the stark realisation that I have not engaged in any large or small projects of late I decided to do something about it.

For years I have wanted to get involved in APRS again, however, my little APRS Opentracker kit has failed me, and I’m either to tired or lazy to figure it out, or the flash has died and hence, reprogramming it does not happen.

I tried many a minute in vain to resuscitate it and then discovered to my astonishment that I have had all the tools I needed to TX my position and more via 2m APRS.

APRSDroid

I’ve been using APRSDroid (https://aprsdroid.org/) for years to track my position on my Android cellphone. Although it is brutal when it comes to battery consumption it works exceptionally well. The small application activates the GPS, determines your location and uploads it and presto, your callsign and location appears on http://aprs.fi.

 

Little did I know this application has a number of other capabilities programmed into its settings. The feature in question is the ability to generate APRS at 1200 baud through the phone speaker. This meant I could connect any handy hand held radio with VOX to the phone and send position information.

Construction

The construction is remarkably simple. Wouxun UV-8D, a handy Android phone, a cheap ZTE phone my wife had lying around, and a 3.5 mm audio jack to connect the audio out from the phone to the radio set to VOX on 144.800 MHz.

The image above is my first test drive around town to see what kind of coverage I can expect. Even though there weren’t many IGates in the area, I still had very good reception from a number of IGates and Digipeaters.

 

Truecrypt

I’ve long been a fan of Truecrypt for encrypting partitions and creating files with encrypted data for secure storage and transport. The reason I like it so much is that there are a number of cases of government organisations failing to get to the data of a purported criminal nature protected by TrueCrypt.

Although there are many good encryption programs out there Truecrypt covers a number of areas that sets it apart from the others. Lets first look at some of the other methods in use out there that I like.

  • Luks / dmcrypt – This is also one of my favourites and I use this on a regular basis. All my Linux machines are encrypted with luks. Even my Android tablet and phone are encrypted using the Android luks encryption. However, the only drawback (for others) is that it is only applicable to Unix like systems. So far I haven’t found a nice method of using luks on Windows. I have no idea about Macs.
  • PGP / GnuPG – I use this quite a bit for email signing and encryption. Although it is very useful for encrypting partitions stored on HDDs live mounting and encrypting / decrypting on the fly is not an option, so this is not really the space it shines in.

So the above describes what I use on a daily basis. However, on occasion I need to share documents with friends and family. Asking them to have a Linux machine handy just so they can share data with me is not really a practical option, so Windows must also be supported.

This is where TrueCrypt shines. It is available cross platform and has a strong history of successfully protecting data against brute force attacks. Unfortunately, it seems recently the developers, out of the blue, decided to discontinue the development of TrueCrypt.

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

The above is posted on their web site. Put on your tin foil hat. Some theories believe that they were pressured into adding back doors and as an act of rebelion rather bailed on the project (I like this theory), and others believe there are vulnerabilities and they rather decided to bail as a result.

The collective community in the form of Kenneth White and Matthew Green decided to audit the project (as the source code is available) and post their findings of the audit on line on the web site Is TrueCrypt Audited Yet. The first half of the report is already available and things are looking good.

In the same vein a fork of the project started. Called TrueCrypt Next or TC Next started but unfortunately failed for various reasons. Once possibility might be that it is in contravention of the license which precludes a fork containing any reference to TrueCrypt (the name).

Enter CipherShed a fork of TrueCrypt with all the references of TrueCrypt removed from the code. Version 1 is TrueCrypt, rebranded. Eventually the goal is to rewerite all of the code so no trace of the original TrueCrypt remains. We’re eagerly awaiting the first release.

Oh, one more feature I really like on the original TrueCrypt software is the ability to have two passwords for an encrypted partition or file. One password is used to decrypt the actual data that one would like to keep secure, the other is used to decrypt fake data that might appear to be the actual contents. This means one can in theory release a password protecting some of your data that may appear to be valuable without sacrificing the really sensitive contents. And best of all it is not possible to determine IF the second password exists. This feature allows what is commonly called “plausible deniability.”

Nikon F55 addition to my camera collection

This past weekend my wife and I celebrated our wedding anniversary on the Durban coast. Being very excited about my recent interest in photography my wife decided to support my by acquiring a Nikon F55 35 mm film camera to add to my collection.

Nikon F55 with AF Nikkor 28 - 80 mm 3.3 - 5.6 lens

She purchased it second hand (obviously) and in great nick with the AF Nikkor 28 – 80 mm 3.3 – 5.6 lens. It is the Nikon equivalent of my Minolta lens which is very convenient.

More convenient though is that all my wifes lenses in her arsenal are now at my disposal. She has a number of lenses that will help me further my hobby, such as the 18mm wide angle, fixed focal length, 50 mm I think, lens with f stop of 1.4 I believe and a 300 mm lens. It is going to be a lot of fun. The first roll of film is already full and needs to be developed. I look forward to seeing what this camera can do.

VMWare madness at Hetzner

Recently we decided to try out hosting at Hetzner (https://www.hetzner.co.za). We’re in need of a new Virtual machine and as we’re cutting down on expensive hosting in data centers their offering was very appealing. The server is cost effective, powerful and they provide a decent amount of Internet data.

The problem

I must clarify, the problems here are not of Hetzners making. Their service is excellent and response times to my queries were very good. The problem was a bit more subtle than that.

In order to install the server Hetzner was supplied with a link to the VMWare ESXi 5.5.0 ISO I needed to install. They downloaded, burned the ISO and inserted it into our new server. No problem so far. I set up the BIOS, installed VMWare and booted into VMWare. Also good.

Here is the issue. After configuring the management network the Intel 82574L network indicated that it was disconnected. No problem, quickly fire off a mail to Hetzner to check network cabling. It’s easy for a techy to make this mistake. However, after some time they contacted me and assured me it was connected.

A handy feature of their hosting is the ability to PXE boot a linux rescue image running Debian or Ubuntu. Very handy, and frustrating, as it meant that the network card is indeed connected and working as expected.

It turns out, the network card, Intel 82574L, is not supported by VMWare. So how does one load a network card driver without internet connectivity?

The solution

Recently we decided to try out hosting at Hetzner (https://www.hetzner.co.za). We’re in need of a new Virtual machine and as we’re cutting down on expensive hosting in data centers their offering was very appealing. The server is cost effective, powerful and they provide a decent amount of Internet data.

The problem

I must clarify, the problems here are not of Hetzners making. Their service is excellent and response times to my queries were very good. The problem was a bit more subtle than that.

In order to install the server Hetzner was supplied with a link to the VMWare ESXi 5.5.0 ISO I needed to install. They downloaded, burned the ISO and inserted it into our new server. No problem so far. I set up the BIOS, installed VMWare and booted into VMWare. Also good.

Here is the issue. After configuring the management network the Intel 82574L network indicated that it was disconnected. No problem, quickly fire off a mail to Hetzner to check network cabling. It’s easy for a techy to make this mistake. However, after some time they contacted me and assured me it was connected.

A handy feature of their hosting is the ability to PXE boot a linux rescue image running Debian or Ubuntu. Very handy, and frustrating, as it meant that the network card is indeed connected and working as expected.

It turns out, the network card, Intel 82574L, is not supported by VMWare. So how does one load a network card driver without internet connectivity?

The solution

Below I copy directly from my crude notes. Keep in mind that Linux does not mount VMFS read / write.

In order to install the driver for the 82575L Intel driver I followed the following steps:

1) Instal VMWare esxi 5.5.0
2) Boot into linux recovery image
3) Execute the following commands on the revovery image
# mount -t vfat  /dev/sda3 /mnt/
# cd /mnt
# wget http://shell.peach.ne.jp/~aoyama/wordpress/download/net-e1000e-2.3.2.x86_64.vib
# cd
# unmount /mnt
# reboot
4) Once VMWare esxi has finished booting switch to console with <ALT> – <F1>
5) Install the driver. It is located in one of the VMFS partitions already mounted. It is a 4 GB partition in my case.
# esxcli software acceptance set –level=CommunitySupported
# cd <directory containing driver>
# cp net-e1000e-2.3.2.x86_64.vib /var/log/vmware/
# esxcli software vib install -v net-e1000e-2.3.2.x86_64.vib
6) Reboot vmware esxi

/dev/sda3 it turns out is a fat32 / vfat partition that is mounted at boot on VMWare. I used the /download/ directory on that partition to store the driver.

Happy days…

 

Scanning film negatives

And now for something completely different – film photography.

I’ve recently ventured into the often forgotten and neglected side of photography, film photography. Or so I thought. It turns out it is a very popular activity in the world, although it seems a very niche market here in South – Africa.

A friend kindly donated a Minolta Dynax 5 camera, one of the latest analogue cameras released before digital cameras took over.

Minolta Dynax 5 Minolta Dynax 5

Above is my new camera. It has all the bells and whistles, so not technically suitable for street photography as it is not discreet and some would suggest that I’m missing the true experience of film photography. I digress, that is not the purpose of this post.

Having shot my first roll of film I wanted to investigate some options for digitising my photos. The first and most obvious would be to pay the store, QPhoto Pro Lab (http://www.qphoto.co.za/connect/store-locations.html) in Waterkloof, after they’ve developed the film. However, I want to eventually develop my own film so something affordable at home would be convenient.

I read a number of articles with the various option, and it turns out a decent scanner is quite expensive. I decided to try the following two devices:

1) Wolverine F2D Super 20 Mega pixel scanner – http://www.wolverinedata.com/index.php/site/quicklinks/C72/

2) Epson V300 – http://www.epson.com/cgi-bin/Store/jsp/Product.do?sku=B11B193081

I’d like to review the Wolverine first as I’m experiencing some problems with the V300. The scans are clean, but the focus is way off, so I would like to make sure it is not something I’m doing wrong.

Wolverine F2D Super 20 Mega pixel scanner

The scanner retails for around $99, and with shipping to South-Africa it came to about R1300.

image

It doesn’t look like much, but it does feel sturdy. Operation is very simple. Power up, slide the film into the supplied tray, press two buttons and the image is scanner to the on board memory within 3 or so seconds. There are a number of reviews of the operation of the device, so I’d rather just show you what the output looks like compared to the professional scan at QPhoto Pro Lab.

Fujifilm SP-3000 Fujifilm SP-3000

Above is the professional scan performed by QPhoto Pro Lab. I must say the quality is excellent, although I noticed strange artifacts on some of the photos. There is definitely some processing that happened and it produces interesting errors at times, but overall, the quality is great.

Wolverine F2DSuper Wolverine F2DSuper

Above is the scan done by the Wolverine F2DSuper scanner. Clearly the quality is not the same.The colours are not as vivid and it seems slightly washed. Noise was surprisingly low as some of the earlier models were purported to be very noisy for negative scans.

Wolverine F2DSuper White balance adjusted Wolverine F2DSuper White balance adjusted

I was a little bit disappointed initially, however, running the image through Gimp quickly rendered a very pleasing image. The only change was to use Gimps White balance adjust feature. Nothing else was done and clearly the image is very pleasing to the eye although not as warm as the Fujifilm professional scan. It was interesting to note that there is quite a bit more visible detail on the flowers on the Wolverine scan compared to the Fujifilm.

Wolverine F2DSuper White balance adjusted and colour enhanced Wolverine F2DSuper White balance adjusted and colour enhanced

Lastly for this comparison I used the Colour enhance feature and this resulted in the above image. Not bad. Zooming in shows the 20 Mega pixel image should be usable for large prints.

Most of the image data appears to be available to generate a respectable image as long as you’re willing to perform some tuning. Colour is usually not far off, however, adjusting high lights and shadows is some times necessary for the most pleasing image.

For my purposes the Wolverine so far appears to satisfy my needs. Perhaps as my skills and critical eye develops I will need to move to a more professional scanner. My only gripe at the moment is that there is no way to get a RAW uncompressed image from the Wolverine.

Securing you Virtual servers comment

I forgot to mention. There is one very big flaw in this process. Nothing prevents someone from stealing your server and investigating the contents and then using Mandos (modified for their needs) to download the decryption password.

Now the above assumes time, and this is where Mandos has some additional security. Mandos will regularly query your client. If the client disappears for a specified period it will disable the key. So setting a timout long enough to allow reboots, but not extended poweroffs add some additional security. And if the client key is disabled, it is very simple to reenable it on the server with the mandos-monitor utility.

Securing your virtual servers

From my previous post it must be obvious that I am sometimes concerned about security. This post is the start of my investigation into securing my servers.

Irrational paranoia and tin foil hats aside, there are valid reasons for wanting to do this.

The problem

1) Protect your data against the man. Now this is not as ridiculous as you might think. We trust out lives to google, dropbox and various companies. Although we are generally well protected we have heard of rumours of data being made available to government agencies. Any big company with lots of useful data will eventually have this problem. But, this is the tin foil hat scenario.

2) Keeping data secure from theft. My email accounts are very important to me. Without email I am not connected to the rest of the world. From getting my CV out to prospective employers to bank statement. My life is stored in email. My on line accounts can be reset via email. If a nefarious character happens apon these details it would be very inconvenient. What about all my files? My work documents, or more important, our company intellectual property. Securing a server in such a way that its data is not available in case of theft is very important.

3) Cool factor. Yes, my data is encrypted, from flash disk to server. It’s awesome, my one friend will appreciate this…

Recall Digital Oceans recent announcement that old data from past droplets might be available to new droplets as the SSDs are not scrubbed. We trust our data to unknown entities, and as in this case there was no malicious intent but potentially valuable data was exposed to the world. Fortunately they are very forthcoming and very quickly let their users in on the potential risk. It just bring home the reality that we are responsible for security, not our service providers.

Requirements

So what do we need to make our lives better? My laptop is encrypted and as such I am reasonable sure the cost of extracting the data is greater than its worth. The password is changed regularly as part of my security regime. But for a server this is not ideal.

So we need the following:

1) Encryption. This is the obvious requirement.

2) No passwords. Now here is the sticky part. How do you decrypt an encrypted partition without a TPM? The password cannot remain on the disk as it is then available to any semi computer literate person. You don’t want to type it in every time. Imagine having to log onto your VSphere client every time the VMWare servers is taken down for maintenance.

Solution

The best compromised I have come across is Mandos (https://wiki.recompile.se/wiki/Mandos).

The diagram above is from the Mandos project web site.

In order to get the password entered during boot, someone, or something needs to type it in. Now there is no reason this cannot be automated. I have a server abroad, and a server locally. It is immensely unlikely that international and local fiends will band together to compromised both servers. So using this newly found confidence the one server is used to serve passwords to the other.

And the awesome part is that this process works both ways. Once again, both servers are very unlikely to bounce at the same time so as long as one is up, the other will be able to get it’s decryption keys from the other.

The how

Now to do this, it is possible that we can just get one server to ssh in to the other and decrypt and mount a remote partition. However, Mandos has made the process very simple and added some security features to boot.

On the client side (device needing the password to decrypt and boot) we install mandos-client conveniently available in most repositories. On the server we install mandos (the server package). Unfortunately, as my machines are geographically inconvenient the ubuntu 12.04 package, version 1.4.something did not have the required networking hooks available so I ended up installing v1.5 from ubuntu 12.10.

The process below assumes an ubuntu installation with full disk encryption configured during the initial install.

Server

# dpkg -i mandos_1.5.5-1_all.deb

Edit the mandos config file to listen on a specific port (/etc/mandos/mandos.conf):

port = <port>

Client

root@hydra:~# dpkg -i mandos-client_1.5.5-1_amd64.deb

root@hydra:~# mandos-keygen –type RSA –force –password

During this process the client will ask for the password that will be used to decrypt and mount the partition. This password will be encrypted and made available to copy to the server as demonstrated below.

Back to the server

The above command will output some text, including a piece that will be familiar GnuPG. This text is copied directly to the server config file (/etc/mandos/clients.conf)

;[foo]
;
;# OpenPGP key fingerprint
;fingerprint =  7788 2722 5BA7 DE53 9C5A  7CFA 59CF F7CD BD9A 5920
;
;# This is base64-encoded binary data.  It will be decoded and sent to
;# the client matching the above fingerprint.  This should, of course,
;# be OpenPGP encrypted data, decryptable only by the client.
;secret =
;        hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234
;        REJMVv7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+N
;        Xl89vGvdU1XfhKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz
;        3Z20erVNbdcvyBnuojcoWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGI
;        Tb8A/ar0tVA5crSQmaSotm6KmNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqW
;        QHC7OASxK5E6RXPBuFH5IohUA2Qbk5AHt99pYvsIPX88j2rWauOokoiKZo
;        t/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nqh4uwGNbCgKMyT+AnvH7kMJ
;        3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr/at8/NSLe2OhLchz
;        dC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21LpiXqXHV2mIgq
;        WnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3+bFs
;        zYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/
;        vJM2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW
;        5MHdW9AYsNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm
;        4T2zw4dxS5NswXWU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2O
;        QlnHIvPzEArRQLo=

Obviously the above is the commented example in the config file. Paste your own right at the end of the file.

The client in question resides on a VMWare server in a datacenter in Johannesburg. This means, no entropy on the VM. For the client I had some fun assisting the VM with generating the required entropy – I leave that investigation up to the reader.

Server

service mandos restart

Client

At this point you should be able to test whether mandos can return your password to the client.

root@hydra:~# /usr/lib/mandos/plugins.d/mandos-client –connect=<ip address>:<port> –pubkey=/etc/keys/mandos/pubkey.txt –seckey=/etc/keys/mandos/se
ckey.txt ;echo

If it returns the password it worked, otherwise, add –debug to the above command line to get some more information regarding the problem at hand.

The next step is getting Mandos to collect the password automatically at boot. This is more tricky as networking is not yet up. This means somewhere in initramfs the network configuration needs to be specified. Fortunately Mandos comes prepared (this is why I needed to install version 1.5.5 r1).

Client (/etc/mandos/plugin-runner.conf)

–options-for=mandos-client:–connect=<server ip>:<server port>

The above line tells mandos to connect to the server on the specified port (the same port configured on the server above). Next up is networking.

We need to create a script /etc/mandos/network-hooks.d/ethernet

#!/bin/sh

set -e

do_start(){
modprobe e1000 # Substitute for your network module
ip link set dev eth0 up
ip addr add <client ip> dev eth0
ip route add <gateway ip> dev eth0
ip route add default via <gateway IP> dev eth0
}
do_stop(){
ip link set dev eth0 down
}

case “${MODE:-$1}” in
start|stop)
do_”${MODE:-$1}”
;;
files)
;;
modules)
;;
esac

I just copied the bridge script example and stripped what I don’t need. Not very elegant, but it works. Remember to chmod +x /etc/mandos/network-hooks.d/ethernet.

Client

The last step is to install an initramfs with the new parameters.

root@hydra:~# update-initramfs -k all -u

I think that was it. Now the server boots without asking for a password prompt.
As soon as I disable networking, or switch of the Mandos server, the client stops at the password prompt.

ptunnel, proxy via icmp

Years ago while sitting at the airport trying to get internet access a friend and I set up a VPN via dns – I can’t remember off hand what it was called. It worked, albeit very slowly, and transferred all requests. However, recently they’ve gotten clever and poisoned DNS till you’ve paid for your internet service. It seems though that some still allow ICMP packets through.

That is where ptunnel comes in. You run it on a server that listens for ICMP packets with a special payload.

This initiated the server that listens on the specified port. A nice safety feature is the password authentication.

This starts up the client. It looks like you can map any port through from the client. So if you need internet browsing, have a remote proxy ready to accept connections through ptunnel. I tested the tunnel with ssh, and although there is a definite additional lag, the response was very good. Delay was not too much and throughput was good.

According to the web site they tested about 150 kbps download speed. Not too shabby for free internet…

More HF ARQ information exchange software – PSKMail

Initially when I started looking at PSKMail it seemed to be the open source version of the Winlink 2000 offering. It however targets a slightly different market.

Both offer the following:

  1. Email
  2. Robust transfers, i.e. automatic retransmission etc.

The advantages of Winlink are the seamless integration into their network. Mail delivered at one mail server, from the internet or via radio is accessible from any of the sites. This means a traveller has to only tune to the nearest Winlink 2000 radio station and send and receive email. This is a huge plus. In addition, the Winmor protocol seems very robust and efficient.

PSKMail has similar advantages. It offers email, however, distributed and redundant mail as offered by Winlink is not available by default. However, with a dedicated group of individuals it can be achieved but will be unlikely. It does offer the ability to link up to your own ISP which is great news. In theory you can connect to any PSKMail server and send your mail settings through and download your mail from your ISP. The drawback is still the single point of failure, your service provider. In addition it also offers file uploads and downloads, APRS positioning, internet browsing (text only) and some other features that might appeal to the traveller. Communication is via all modes supported by fldigi.

Installation

Installing is simple for the client. Download and install the jar file for the latest client from PSKMail. Be sure that the latest librxtx is installed, sudo apt-get install librxtx-java and that you have a oracle sun java install. OpenJDK had some issues with the application on my PC, but maybe that’s just me.

I also had issues with librxtx not being found by my java installation. I had to link the librxtx libraries into my version of java.

/usr/lib/jvm/java-8-oracle/jre/lib/ext$ sudo ln -s /usr/share/java/RXTXcomm.jar

/usr/lib/jvm/java-8-oracle/jre/lib/ext$ sudo ln -s /usr/lib/jni/librxtxSerial.so

Note the java directory of my jre. Make sure it is in your jre,

Remember to change the call sign before doing anything else. People get very excited, in a bad way, when NOCALL is attempting to connect to their station.

FLDigi is required as virtual TNC, and I’m lead to believe it is an excellent piece of software. apt-get install fldigi sorts this out.

I can’t go any further with either Winlink or PSKMail at the moment as my laptop was stolen on Friday (how baffles me, a story for another time) and the patch cable from my server to the HF set is too long and experiences problems with the Vox triggering from the noise it picks up.

I have my sights on an HF set for mobile operation, so perhaps we’ll get the mobile sorted as well sometime soon.

Oh, just for fun I had AndPSKMail (also available from the PSKMail web site) installed on my tabled (the one stolen along with my laptop) and had the server installed on the laptop. Using just the speakers and mics on the two devices they were happy to talk PSK250R.

Sigh, that is the 3rd laptop stolen… 2 cars stolen, 5 breakins in the cars.

Thats it for now.