Sep 052020
 

So, this is not really news… for the past 12 months or so, the scammers have been busy. They’ve been calling us long before we moved to the NBN, and of course we’ve just hung up the moment they started their spiel. The dead giveaway is the seconds of silence at the start of the call. Dead silence.

Of course, it’s not just the NBN, we’ve had “Amazon Prime”, “Visa”, “Telstra” and others call. Far and above all others has been NBN-related scams.

The latest on the NBN front is they claim your connection has been “compromised” by “other users”, in a British accent.

This is the call I received this morning. You can hear other callers in the back-ground. This is not a professional call-centre, this is a back-yard operation!

The home number recently moved from the PSTN to a VoIP service, so this actually gives me a lot of scope for dealing with this. For now, it’s a manual process: when they call, put them on hold. If I put someone on hold on this number, you better be a Deborah Harry fan!

Long term, I’ll probably look at seeing if I can sample the first 2 seconds of call audio, and if silent, direct the call to a voicemail service or IVR menu. In the meantime, it’s a manual process.

Thankfully we get caller ID now, something Telstra used to charge for.

MoH considerations

There’s three big considerations with music on hold:

  1. Licensing: You need to do the research into how music is licensed in your country. If you want to be safe, go look for something that is “public domain” or one of the “Creative Commons” family of licenses. In Australia, you probably want to have a look at this page if you want to use a piece of commercial music (like “Hangin’ On The Telephone”).
  2. Appropriateness: is the caller likely to get offended by your choice of hold music? (Then again, maybe that’s your goal?)
  3. Suitability for your chosen audio CODEC: Some audio CODECs, particularly the lower-bitrate ones, do an unsurprisingly terrible job, with music.

Regarding point (3) always test your music choice! Try different CODEC settings, and ensure it sounds “good” with ALL of them. Asterisk actually supports transcoding, but will choose the format that takes the least effort. RIFF Wave files (.wav) can be used too, but they must be mono files.

I slapped a CD-quality 44.1kHz stereo version in there, and wondered why it got ignored: that’s why — it wasn’t mono and Asterisk won’t down-mix.

Signed 16-bit linear is a pretty safe bet: effort of going to that to PCMA/PCMU (G.711a/G.711u) isn’t a big deal, but to anything else, you’re at the mercy of the CODEC implementation. Using G.722, things sounded fine, but I found even with Speex settings cranked right up (quality=10 complexity=10 enhancement=true), my selection of audio sounded terrible in Ultra-wideband Speex mode. I wound up with the following in my MoH directory:

vk4msl-gap# ls -l /usr/local/share/moh/
total 8280
-rw-r--r--  1 root  wheel   527836 Aug 29 17:02 moh.sln
-rw-r--r--  1 root  wheel  1055670 Aug 29 17:02 moh.sln16
-rw-r--r--  1 root  wheel  2111342 Aug 29 17:01 moh.sln32
-rw-r--r--  1 root  wheel   104793 Sep  5 12:17 moh.spx
-rw-r--r--  1 root  wheel   177879 Sep  5 12:34 moh.spx16
-rw-r--r--  1 root  wheel   184617 Sep  5 12:16 moh.spx32
  • .sln* is for 16-bit signed linear, the 16 and 32 suffixes refer to the sample rate, so 16kHz (wideband) and 32kHz (ultra-wideband). These should otherwise be “raw” files (no headers). Use sox <input> -r <rate> -b 16 -e signed-integer -c 1 <output>.sln to convert.
  • .spx* is Speex: Here again, I’ve got 8kHz, 16kHz and 32kHz versions. These were encoded using the following command: speexenc --quality 10 --comp 10 moh.wav moh.spx

There are various other CODEC selections, but right now, I’ve just focussed on signed linear and Speex since the latter is what needs careful attention paid. I tested between my laptop running Twinkle and the ATA on my network, and when I placed the call on hold from my laptop it sounded fine there, so I figure it’ll be “good enough”.


“Visa Security Department”

So, had “Visa” call me this morning… this too, is another scam. Anonymous caller. Bear in mind I do not actually have a credit card. Never have had one, never will.

“Visa security department”

They didn’t stick around, seems their system just drops the call if it hears a noise which isn’t a DTMF tone.

Interestingly, both this call, and the previous one were G.711u (µ-law PCM). Australia normally uses A-law PCM. America uses µ-law encoding. What’s the difference? Both are logarithmic encoding schemes. µ-law encoding has a wider dynamic range, however A-law has less distortion for quieter signals.


“Amazon”

“Amazon”

Almost the same structure as before. Audio CODEC was G.729 this time.

Aug 052020
 

Some people make fun of my plain-text emails, but really, I think it’s time we re-consider our desire for colours, hyperlinks and inline images in email messages, especially for those who use web-based email clients as their primary email interface.

The problem basically boils down to this: HTML gives too much opportunity for mischief by a malicious party. In most cases, HTML isn’t even necessary to convey the information required. Tables are about the only real “feature” that is hard to replicate in plain text, for everything else there’s reasonable de-facto standards already in existence.

Misleading hyperlinks

HTML has a feature where a link to a remote page can take on any descriptive text the author desires, including images and other valid URIs. For example, the following piece of HTML code is perfectly valid:

<a href="http://www.google.com.malicious.website.example.com/">
   http://www.google.com
</a>

There are many cases where this feature is “useful”, however in an email, it can be used to disguise phishing attempts. In the above example, the link is claiming to be to Google’s search website, however would otherwise re-direct that user to some other, likely malicious, website.

Granted, not every user can read a URI to determine if it is safe. There are adults who “grew up with the Internet”, that have never typed a URI in an address bar ever, instead relying on tools like search engines to locate websites of interest.

However, it would seem disingenuous to say that because a proportion of the community cannot read a URI, we should hide any and all links from everybody. For that small portion, showing the links won’t make a difference, but it will at least make it easier to avoid such traps.

Media exploits

Media decoders are written by humans, and humans are imperfect, thus it is fair to say there are media decoders that contain bugs, some of which could be disastrous for computer security.

Microsoft had such a problem in their GDI+ JPEG decoder back in 2004. More recently, there was a kernel-level security vulnerability in their TrueType font parser.

Modern HTML allows embedding of all this, and more. Most email clients will also allow you to “preview” an email without opening it. If an email embeds inline media which exploits vulnerabilities such as the one above, just previewing it will be sufficient to gain access.

Details are scarce, but it would appear it was a vulnerability along these lines that allowed unauthorised access into the Australian National University back in 2018.

Scripting

Modern web standards allow all kinds of means for embedding scripts, that is, small pieces of interpreted code which runs client-side in the HTML renderer. ECMAScript (JavaScript) can be embedded:

  • in <script> tags (the traditional way)
  • inside a hyperlink using a javascript: URI
  • HTC and XBL features in Internet Explorer and Mozilla Firefox, respectively.

Probably lots more ways I haven’t thought about.

Web-based email clients

Now, a stand-alone email client such as Microsoft Outlook, Eudora or Mozilla Thunderbird can simply not implement the scripting features, however the problem is highly acute where web-based email clients are used.

Here, you’re viewing an email in a HTML engine that has complete media and scripting capabilities. There’s dozens of ways to embed both forms of content into a blob of HTML, and you are entirely at the mercy of your web-based email client’s ability to sanitise the HTML before it dumps it inside the DOM tree that represents your email client.

As far as the web browser is concerned, the “email” is just another web page, and will not hesitate to execute embedded scripts or render inline media, whether the user wishes it to or not.

It’s not known what ANU uses for their email infrastructure, but many universities are big fans of web-based email since it means they don’t have to explain to end users how to configure their email clients, and provides portability for their users.

Putting users at risk

Despite the above, it would appear there are lots of organisations that are completely oblivious to this problem, and insist on forcing people to render their emails as HTML, putting their customers/users at risk of security breach.

The purpose of multiple formats in the same email is to provide alternate formats of the same content. Not to provide totally different emails because you can’t be stuffed!

For example, my workplace’s hosting provider, recently sent us an email, which when viewed as plain text, read as follows:

Hello Client,
 
Unfortunately your email client is outdated and does not support HTML emails, our system uses HTML emails as standard. You will NOT be able to read this email.
 
HOW DO I READ THIS EMAIL?
 
To read this email please login to your domain manager https://hostingprovider.example.com/login/ and click on Notifications to see a list of all sent emails.
 
Thank You
 
Customer Support

The suggestion that an email client configured to read emails as plain text, counts as it being “outdated” is naïve in the extreme, and I’d expect a hosting provider to know better. I’m thankful I personally don’t purchase services from them!

Then there’s financial service providers. One share registry’s handling of the situation is downright abusive:

Link Market Services sent numerous emails that looked exactly like this.

Yeah, rather than just omitting the text/plain component and letting the email client at this end try to render the HTML as plain text (which works reasonably well in many cases), in this case, they just sent an empty text/plain body:

From: …redacted… <comms@linkmarketservices.com.au>
To: …redacted…
Reply-To: donotreply@linkmarketservices.com.au
Date: Wed, 29 Jul 2020 04:42:30 +0000
Subject: …redacted… Funds Attribution Managed Investment Trust Member Annual
 Statement
Content-Type: multipart/alternative;
 boundary=--boundary_55327_8fbc43bd-48f3-4aa1-9ab7-9046df02b853
ZMID: 9f485235-9848-49cf-9a66-62c215ea86ba-1
Message-ID: <0100017398e10334-d45a0a83-ff4d-4b83-8d19-146b100017f6-000000@us-east-1.amazonses.com>
X-SES-Outgoing: 2020.07.29-54.240.9.110
Feedback-ID: 1.us-east-1.oB/l4dCmGdzC38jjMLirCbscajeK9vK6xBjWQPPJrkA=:AmazonSES


----boundary_55327_8fbc43bd-48f3-4aa1-9ab7-9046df02b853
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"


----boundary_55327_8fbc43bd-48f3-4aa1-9ab7-9046df02b853
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"

PCFET0NUWVBFIGh0bWw+Cgo8aHRtbCBsYW5nPSJlbiI+CjxoZWFkPgo8bWV0YSBjaGFyc2V0PSJ1
dGYtOCI+CjxtZXRhIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0x
IiBuYW1lPSJ2aWV3cG9ydCI+CjxtZXRhIGNvbnRlbnQ9IklFPWVkZ2UiIGh0dHAtZXF1aXY9Ilgt

Ohh yeah, I’m so fluent in BASE64! I’ve since told them to send it via snail mail. Ensuring they don’t burn down forests posting blank sheets of A4 paper will be their problem.

The alternative: wiki-style mark-up

So, our biggest problem is that HTML does “too much”, so much that it becomes a liability from a security perspective. HTML wasn’t the first attempt at rich text in email… some older email clients used enriched text.

Before enriched text and HTML, we made do with various formatting marks, for instance, *bold text might be surrounded by asterisks*, and /italics indicated with forwardslashes/. _Underlining_ could be done too.

No there was no colour or font size options, but then again this was from a time when teletype terminals were not uncommon. The terminals of that time only understood one fixed-size font, and most did not do colour.

More recently, Wikis have built on this to allow for some basic mark-up features, whilst still allowing the plain text to be human readable. Modern takes of this include reStructured Text and Markdown, the latter being the native format for Wikis on Github.

Both these formats allow for embedding images inline and for tables (Markdown itself doesn’t do tables, but extensions of it do).

In email clients such images should be replaced with place-holders until the user clicks a button to reveal the images (which they should only click if they trust the sender).

Likewise, hyperlinks should be rendered in full, e.g. in a web-based client, the link [a cool website](http://example.com/) might be rendered as <a href="http://example.com">[a cool website](<code>http://www.example.com</code>)</a> — thus allowing for malicious links to be more easily detected. (It also makes them printable.) Only plain text should be permitted as a “label” for a hyperlink.

Use of such a mark-up format would have a number of benefits:

  • the format is minimal, meaning a much reduced attack surface for security vulnerabilities
  • whilst minimal, it would cover the vast majority of peoples’ use cases for HTML email
  • the mark-up is light-weight, reducing bandwidth for those on low-speed links or using lower-power devices

The downside might be for businesses, which rely on more advanced features in HTML to basically make an email look like their letter head. The business community might wish to consider the differences between a printed letter sent via the post, and an email sent electronically. They are different beasts, and trying to treat one as a substitute for the other will end in tears.

In any case, a simple letter head could be embedded as an inline image quite safely if such a feature was indeed required.

It is in our interests to curtail the features used in email communications if we intend to ensure communications remain safe and reliable.

Jul 152020
 

At the last federal election, we started seeing this meme floating about the Internet…

“Quexit” meme, (source: ABC)

Of course, we in Queensland can do memes too…

“Vexit” anyone?

That said, one hopes Victoria can get over their COVID-19 issues and come join the rest of us. This isn’t the (Dis)United States of America, this is Australia, we’re one country, and it’s our problem collectively to sort out, so let’s just put our differences aside and get on with it!

May 222020
 

For the past 2 years now, there’s been quite a bit in the press about the next evolution of mobile telephony standards.

The 5G standard is supposed to bring with it higher speeds and greater user density handling. As with a lot of systems, “5G” itself, describes a family of standards… some concern the use of millimetre-wave communications for tower-to-handset communications, some cover the communications channels for more modest frequencies in the high UHF bands.

One thing that I really can’t get my head around is the so-called claims of health effects.

Now, these are as old as radio communications itself. And for sure, danger to radio transmissions does increase with frequency, proximity and transmit power. There is a reason why radio transmitter sites such as those that broadcast medium wave radio or television are fenced off: electrocution is a real risk at high power.

0G: glorified two-way radios

Mobile phones originally were little more than up-market cordless phones. They often were a luggable device if they were portable at all. Many were not, they were installed into a vehicle (hence “mobile”). No such thing as cell hand-over, and often incoming calls had to be manually switched.

Often the sets were half-duplex, and despite using a hand-set, would have a very distinctive “radio” feel to them, requiring the user use a call-sign when initiating a call, and pressing a push-to-talk button to switch between listening and talking modes.

These did not see much deployment outside the US or maybe Europe.

1G: cellular communications

Back in the late 80s, when AMPS mobile phones (1G) were little more than executive toys, there might not have been much press about, but I’m sure there’d be anecdotal evidence of people being concerned about “radiation”.

If any standard was going to cause problems, it’d have been 1G, since the sets generally used much higher transmit power to compensate for the lack of coverage. They were little more than glorified FM transceivers with a little digital control channel on the side which implemented the selective calling and cell hand-off.

This was the first standard we saw here in Australia, and was the first to be actually practical. Analogue services didn’t last that long, and because of the expense of running AMPS services, they were mostly an expensive luxury. So that did limit its up-take.

2G: voice goes digital

The next big change was 2G, which replaced the analogue FM voice channel and used digital modulation techniques. GSM (which used Gaussian Minimum Shift Keying) and CDMA (which used phase shift keying) encoded everything in a single digital transmission.

This meant audio could be compressed (with some loss in fidelity), and have forward error correction added to make the signal more robust to noise. The cells could handle more users than the 1G services could. Transmit power could be reduced, improving battery life and the sets became cheaper to make and services became more economical.

Then came all the claims that 2G was going to cause us to develop brain cancer.

Now, many of those 2G services started popping up in the mid 90s… has there been a mass pandemic of cancer cases? Nope! About the only thing GSM was bad for, was its ability to leak into any audio frequency circuit.

2G went through a few sub-revisions, but it basically was AMPS done digitally, so fundamentally worked much the same. A sore point was how data was handled. 2G and its predecessors all tried to emulate what the wired network was doing: establishing a dedicated circuit between callers.

The Internet was really starting to get popular, and people wanted a way to access it on the move. GPRS did allow for some of that, but it really didn’t work that well due to the way 2G saw the world, so things moved on.

3G: packet switching

The big change here was the move from “circuits” to sending data around in packets. This is more like how the Internet operates, and so it meant the services could better support an Internet connection.

Voice still went the old-fashioned way, dedicated circuits, since the QoS (quality of service) could be better maintained that way.

The cells could support more users than 2G could, and the packet mode meant mobile Internet finally became a “thing” for most people.

I don’t recall there being the same concern about health as there was for 2G… it was probably still simmering below the surface. Services were deployed further afield and of course, the uptake continued.

4G: bye bye circuit switching

4G or LTE is the current standard that most of us are using. The biggest change is it ditches the circuit switching used in 1G, 2G and 3G. Voice is done using VoLTE… basically the voice call is sent the same way calls are routed over the Internet.

The cell towers are no longer trying to keep a “circuit” connected to your phone as you move around, instead it’s just directing packets. It’s your handset’s problem to sort out whether it heard a given packet already, or re-arrange incoming packets if they arrive out-of-order.

To make this work, obviously the latency inherent in 3G had to be addressed. As a sweetener, the speeds were bumped up, and the voice CODEC could be updated, so we gained wide-band voice calls. (Pity Bluetooth hasn’t kept up!)

5G: new frequencies, higher speed, smaller cells

So far, the cellular standards have largely co-existed in the same frequency bands. 4G actually varies quite a bit in frequency, but basically there are bands from the low UHF around 410MHz right up to microwave at 2600MHz.

Higher frequencies

5G has been contentious because some implementations of it reach even higher. Frequency Range 1 used in the 5G NR standard is basically much the same as 4G, but frequency range 2 soars as high as 40GHz.

Now, in terms of the electromagnetic spectrum, compared to other forms of radiation that we rely on for survival (and have done ever since life first began on this planet), this might as well be DC!

Infrared radiation, which is the very bottom of the “light” spectrum, starts at 300GHz. At these frequencies, we typically forget about frequencies, and instead consider wavelengths (1mm in this case). Visible light is even higher, 430THz (yes, that’s T for tera!).

Now, where do we start to worry about radiation? The nasty stuff begins with ultraviolet radiation, specifically UVC which is at a dizzying 1.1PHz (yes, that’s peta-hertz). It’s worth noting that UVB, which is a little lower in frequency can cause problems when exposure is excessive… however none is dangerous too, you actually need UVB exposure on your body to produce vitamin D for survival!

Dielectric heating

So that’s where the danger is in terms of frequency. I did mention that danger also increases with power… this is why microwave ovens, which typically operate at a fairly modest 2.4GHz frequency, pose a risk.

No, they won’t make you develop cancer, but the danger there is when there’s a lot of power, it can cause dielectric heating. That is, it causes molecules to move around, and in doing so, collide transferring energy which is then given off as heat. It happens at all frequencies in the EM spectrum, but it starts to become more practical at microwave frequencies.

To do something like cook dinner, a microwave oven bombards your food with hundreds of watts of RF energy at it. The microwave has a thick RF shield around it for a reason! If that shield is doing what it should, you might be exposed to no more than a watt of energy escaping the shield. Not enough to cause any significant heating.

I hear that if you put a 4W power amp on a 2.4GHz WiFi access point and put your hand in front of the antenna, you can “feel” framing packets. (Never tried this myself.) That’s pretty high power for most microwave links, and would be many orders of magnitude more than what any cell phone would be capable of.

Verdict: not a health risk

In my view, there’s practically no risk in terms of health effects from 5G. I expect my reasoning above will be thoroughly rubbished by those who are protesting against the roll-out.

However, that does not mean I am in favour of 5G.

The case against 5G

So I seem to be sticking up for 5G above, but let me make one thing abundantly clear, for us here in Australia, I do not think 5G is the “right” thing for us to use. It’s perfectly safe in terms of health effects, but simply the wrong tool for the job.

Small cells

Did I mention before the cells were smaller? Compared to its predecessors, 5G cells are tiny! The whole point of 5G was to serve a large number of users in a small area. Think of 10s of thousands of people crammed into a single stadium (okay, once COVID-19 is put to bed). That’s the use case for 5G.

5G’s range when deployed on the lower bands, is about on par with 4G. Maybe a little better in certain ideal conditions with higher speeds. This is likely the variant we’re most likely to see outside of major city CBDs. How reliable it is at that higher speed remains to be seen, as there’s a crazy amount of DSP going on to make stuff work at those data rates.

5G when deployed with mmWave bands, barely makes 500 metres. This will make deployment in the suburbs prohibitively expensive. Outdoor Wi-Fi or WiMAX might not be as fast, but would be more cost-effective!

Processor load

Did I mention about the crazy amount of DSP going on? To process data streams that exceed 1Gbps, you’re doing a lot of processing to extract the data out of the radio signal. 5G leans heavily on MIMO for its higher speeds, basically dividing the high-rate stream into parts which are directed to separate antennas. This reduces the bandwidth needed to achieve a high data rate, but it does make processing the signal at the far end more complex.

Consequently, the current crop of 5G handsets run hot. How hot? Well, subject them to 29.5°C, and they shut down! Now, think about the weather we get in this country? How many days have we experienced lately where 29°C has been a daily minimum, not a maximum?

5G isn’t the future for Australia

We need a wireless standard that goes the distance, and can take the heat! 5G is not looking so great in this marathon race. Personally, I’d like to see more investment into the 4G services and getting those rolled out to more locations. There’s plenty of locations that are less than a day’s drive from most capital cities, where mobile coverage is next to useless.

Plenty of modern 4GX handsets also suffer technical elitism… they see 3G services, but then refuse to talk to them, instead dropping to -1G: brick emulation. There’s a reason I stick by my rather ancient ZTE T83 and why I had high hopes for the Kite.

I think for the most part, many of the wireless standards we see have been driven by Europe and Asia, both areas with high population densities and relatively cool annual temperatures.

It saddens me when I hear Telstra tell everybody that they “aspire” to be a technology company, when back in the early 90s, Telecom Australia very much was a technology company, and a well respected trail-blazing one at that! It’s time they pulled their finger out and returned to those days.

May 122020
 

So, the other day I pondered about whether BlueTrace could be ported to an older device, or somehow re-implemented so it would be compatible with older phones.

The Australian Government has released their version of TraceTogether, COVIDSafe, which is available for newer devices on the Google and Apple application repositories. It suffers a number of technical issues, one glaring one being that even on devices it theoretically supports, it doesn’t work properly unless you have it running in the foreground and your phone unlocked!

Well, there’s a fail right there! Lots of people, actually need to be able to lock their phones. (e.g. a condition of their employment, preventing pocket dials, saving battery life, etc…)

My phone, will never run COVIDSafe, as provided. Even compiling it for Android 4.1 won’t be enough, it uses Bluetooth Low Energy, which is a Bluetooth 4.0 feature. However, the government did one thing right, they have published the source code. A quick fish-eye over the diff against TraceTogether, suggests the changes are largely superficial.

Interestingly, although the original code is GPLv3, our government has decided to supply their own license. I’m not sure how legal that is. Others have questioned this too.

So, maybe I can run it after all? All I need is a device that can do BLE. That then “phones home” somehow, to retrieve tokens or upload data. Newer phones (almost anything Android-based) usually can do WiFi hotspot, which would work fine with a ESP32.

Older phones don’t have WiFi at all, but many can still provide an Internet connection over a Bluetooth link, likely via the LAN Access Profile. I think this would mean my “token” would need to negotiate HTTPS itself. Not fun on a MCU, but I suspect someone has possibly done it already on ESP32.

Nordic platforms are another option if we go the pure Bluetooth route. I have two nRF52840-DK boards kicking around here, bought for OpenThread development, but not yet in use. A nicety is these do have a holder for a CR2032 cell, so can operate battery-powered.

Either way, I think it important that the chosen platform be:

  1. easily available through usual channels
  2. cheap
  3. hackable, so the devices can be re-purposed after this COVID-19 nonsense blows over

A first step might be to see if COVIDSafe can be cleaved in two… with the BLE part running on a ESP32 or nRF52840, and the HTTPS part running on my Android phone. Also useful, would be some sort of staging server so I can test my code without exposing things. Not sure if there is such a beast publicly available that we can all make use of.

Guess that’ll be the next bit to look at.

May 042020
 

Sure, one moment, let’s try your link…

Errm “No such app found”… I think your link is broken guys, please fix! Bear in mind, my phone is one of these. It still makes calls, still sends and receives text messages, still does what I need it to do.

If it doesn’t do what you need it to do, that is not my problem, take that up with Telstra/ZTE.

Apr 242020
 

So today, the US’s head of state suggested this little gem for handling COVID-19…

https://www.abc.net.au/news/2020-04-24/trump-questions-whether-disinfectant-could-be-injected/12180630

My suggestion for Trump: you first. You try it… then report back to us!

Disinfectant might work well on hard surfaces, but injecting it into one’s bloodstream is an utterly reckless and stupid thing to do. Yes, it may kill the virus, but it’ll likely kill a lot of other things, including the patient!

Updated: I realise the comment was made “sarcastically“… however I cannot get this image out of my head now!

A US COVID-19 treatment clinic? I think not!
Feb 272020
 

Gotta love advertisers, they don’t bother to read or do any form of minimal research, make crass assumptions, then promptly shoot themselves in the foot:

Hello

My name is XXXXXXXX,…

Really, given it’s in your From header and your email signature, I’d have never guessed!

…and I’m a content manager at XXXXXXX XXXXXX. I’m reaching out because I came across your site and as I see you take on advertisers.

Where do you see that?

So I’m interested in purchasing some space for a sponsored article on your site.

Seriously honey, if you need to ask for a price, you can’t afford it. I bill by the nanosecond of page view time for each pixel occupied by your content.

I’m always looking for high-quality sites, like yours, so I will be glad to discuss prices and guidelines with you.

Mmm, hmm, you seriously haven’t had a very close look have you?

The content we write is always unique, relevant and informative.

As unique and informative of the load-of copy-pasta deja-moo you’ve just emailed me (in duplicate I might add)?

Moreover, we want to promote article we publish on your site. We have more than 10k subs in our email newsletter and 7k on Facebook, as you can see, we can offer not just money.

Harvesting 10000 email addresses randomly off the internet does not constitute subscriptions. Buying 7000 Facebook accounts and making them “like” your page does not constitute approval.

Ohh, and you might want to have a look at this, or this, or maybe this. Life’s too short to stuff around with a glorified BBS.

Looking forward to hearing from you.

Best regards

XXXXXXXX XXXXX

Well, you won’t hear from me directly, but you may hear from Google as you violated their terms of service in sending that spam. So yeah, I guess I do take on advertisers. I take them on and take them down.

Honest advertisers have no reason to come here, because they already have a good idea of how to build up reliable clientele without breaking laws like the Spam Act 2003 or making invalid assumptions. They do their homework. You, on the other hand, dear wannabe advertiser, are the reason such laws exist!

Updated 1 March 2020:

So, having not received a direct reply… they try again:

Just making sure you receive our last email below.

On Wednesday, February 26, 2020 at 7:30 PM, XXXXXXXX XXXXX <spammer@example.com> wrote:

${quote of original email in full}

You clearly don’t read the websites of those whom you pester do you? Actually, don’t answer that, because we know that from your original email.

Dec 222019
 

No doubt many will have heard about the “bushfire crisis” that has basically been wreaking havoc for the past month. Here in Brisbane things haven’t been too bad, but we’ve had our fair share of smoke haze and things of course are exceptionally dry.

From where I sit, this is a situation we have let ourselves get into. Some argue that this is all because of the lack of back-burning, and to a certain extent this is true.

Back-burning doesn’t make it rain however. The lack of back-burning is a casualty of a few things, partly a lack of firefighting resources, and also significantly, a hotter, dryer climate.

Climate change has been known about for a long time. When I was growing up in the early 90s, the name used was the “greenhouse effect”. The idea being that all the “greenhouse gasses” we were generating, was causing heat to be trapped in the atmosphere like a greenhouse, and thus heating up the planet.

Back then, there didn’t seem to be any urgency to combat the problem.

So, we’ve just continued the way we always have since the start of the industrial revolution. Some things have improved, for instance electric vehicles just weren’t practical then, they are slowly gaining traction.

Large-scale PV generation in the 90s would have been seen as a joke, now we have entire paddocks dedicated to such activities. Renewable power generation is big business now. Whilst it won’t displace all traditional methods, it has an important place going forward.

Yet, in spite of all this progress, we’ve still got people in government, and in big corporate organisations who cling to the “business as usual” principle.

When South Australia announced they were going to install a big battery to help back-up their power supply, the idea was poo poohed, with many saying it wouldn’t be big enough to make a difference. What it doesn’t have in running-time, it makes up for in very fast responsiveness to load changes.

A coal-fired power station operates by using thermal energy produced by burning coal, to boil water to produce steam which drives turbines that in turn, drive electric generators. A nuclear station isn’t much different — the thermal source is the only bit that changes. Geothermal is basically using a nuclear station that mother nature has provided.

The thing all these systems have in common is rotating mass. It takes significant energy to cause a step-change in rotational speed of the turbine. If the turbine is still, you’re going to have to pump a lot of energy in, somehow, to get it spinning. If it’s spinning, it’ll take a lot of energy to stop it. Consequently, they are not known for reaction times. Cold starts for these things in the realm of a day is not unknown. They also don’t take kindly to sudden changes of load. It is during these times the emissions from such generators are at their worst.

Solar is great during the day when it’s fine, but on a cloudy day like today the output is likely to be greatly diminished, and it’ll be utterly useless at night. If we had big enough battery storage, then yes, we could theoretically capture enough during the sunny days to carry us over the nights and cloudy days. That’s a big if.

So I still see the traditional methods being a necessary evil. The combination of all three options though (renewables, traditional generation and battery storage) could be a winner. Let the older stations carry the evening base-load and keep the battery topped up, ramp them down a bit when we’re getting good renewable output, use the batteries to cover the load spikes.

Nuclear could be an option, however to my mind they have two big problems:

  1. Public perception
  2. Commissioning time

Without a doubt, the modern designs for these things has greatly improved on what graced the sites of Chernobyl, Three Mile Island and Fukushima. They generate waste still, but in many cases the half-life and quantity of this waste is greatly reduced. The biggest problem though is public perception, as there are many who will not differentiate between the designs, and will immediately respond: “not in my back yard!”

Even if you could win peoples’ trust, you’ve got a second problem, getting them built and commissioned in time. If we had started in the 90s, then maybe they’d be doing useful things for us now. That boat has long set sail and is dipping over the horizon now.

Transportation is another area where we’re, as a nation, addicted to fossil fuels. It’s not hard to see why though. Go outside a major capital city, and infrastructure for a purely electric vehicle disappears.

Moreover, the manufacturers, stuck in their echo-chamber, don’t see larger electric vehicles as worth the investment.

Back in 2007, my father was lucky enough to win the Multicap Art Union, and so replaced the Subaru stationwagon he’s owned since 1982 with a Holden Rodeo ute (we had the choice between that or Toyota).

This vehicle was chosen with the intent of towing a caravan with it — something he later purchased. The caravan weighs about two tonnes. Yes, an electric vehicle could theoretically tow it, and could even do a better job, but at the time, no such vehicle was available from any of the available suppliers.

To my knowledge, this is still the case. Few, if any of the electric vehicles on the market here in Australia, have the necessary facilities to tow a caravan even if the motor is capable of it.

Then there’s infrastructure to consider. A pure electric vehicle would probably be impractical outside of major regional centres and capital cities. Once you got away from the network of high-power chargers, you better plan for staying a few days in each town where you charge, because it will take that long to charge that battery from a 240V 10A socket!

Diesel-electric though, could be a winner since diesel engines similarly operate most efficiently at constant speed and could drive a generator to charge battery storage.

A return of the gas turbine engine could also be a good option. This was tried before, but suffered from the typical characteristic of turbines, they don’t like changing speed quickly. Poor throttle response is a deal-breaker when the engine is providing the traction, but it is a non-issue in a generator. They run on a wide variety of fuel types, including petroleum and diesel, so could utilise existing infrastructure, and the engines are generally simpler designs.

Is there research going into this? Not from what I’ve seen. Instead, they trot out the same old style vehicles. Many people buy them because that’s all that’s on offer that fulfils their requirements. Consequently this inflates the apparent desire for these vehicles, so the vehicle makers carry on as usual.

The lack of cycle infrastructure also pushes people into vehicles. When I do ride to work (which I’ve been trying to do more of), I find myself getting up early and getting on the road before 4:30AM to avoid being a nuisance to other road users.

In particular road users who believe: “I paid vehicle registration, therefore this road is MINE!” I needn’t waste space on that assertion, the Queensland government raised about $557M in revenue (page 14) from vehicle registration in 2018-19, whilst the DTMR’s expenditure at that time was over $6bn (page 15).

The simple truth is that a lot of these initiatives are seen as nothing but a “cost”. Some simple-minded people even say that the very concept of climate change is invented simply to slug the developed world. We need to get past this mentality.

The thing is, business as usual is costing us more. We’re paying for it big time with the impact on the climate that these emissions are having. Yes, climate does go in cycles, but what we’re experiencing now is not a cycle.

I can remember winters that got down to the low signal digits here in Brisbane. I have not experienced those sorts of conditions here for a good 15 years now. Yes, this is a land of drought and flooding rain, however, we seem to be breaking climate records that have stood longer than any of us have been alive by big margins.

The “fire season”, which is used to determine when back-burning should take place has also been lengthening. It will get to a point where there just isn’t a safe time to conduct back-burning as theoretically every day of the year will be “fire season” conditions.

This is costing us.

  • It will cost us with property being destroyed.
  • It will cost us with work being disrupted.
  • It will cost us with food production being threatened.
  • It will cost us with health issues due to increasing ambient temperatures and air pollution issues.

Lately I’ve been suffering as a result of the smoke haze that has been blowing through the Brisbane area. I recognise that it is nowhere near as bad as what Sydney has to put up with. Whilst not severely asthmatic, I have had episodes in the past and can be susceptible to bronchitis.

On one occasion, this did lead to a case of pneumonia.

About a fortnight ago I started to go down with a bout of bronchitis. I’ve had two visits to the doctor already, prescribed antibiotics and a puffer, normally by now my symptoms would be subsiding by now. This time around, that has not been the case. Whilst the previous bouts have been stress-related, I think this time it is smoke-induced.

I think once the smoke clears, I’ll recover. I am not used to this level of air pollution however, and I think if it becomes the new “normal”, it will eventually kill me. If I lived in Sydney, no question, that level probably would kill me.

This is a wake-up call. Whilst I don’t plan to join the Extinction Rebellion — as I don’t think blocking up traffic is doing anyone any favours, I do think we need to change direction on our emissions. If we carry on the way we are now, things are only going to get worse.

Oct 122019
 

Recently, I’ve been doing a lot of work with 6LoWPAN on the 2.4GHz band. I didn’t have anything that would receive arbitrary signals on this frequency, so I decided to splurge. I got myself my first bit of tax-deductible amateur radio equipment: a HackRF One.

It’s been handy, fire up CubicSDR, and immediately you get a picture of what’s happening on the frequency. In the future I hope to get the WIME framework working so I can decode the 802.15.4 frames and pipe them to Wireshark, but so far, this has been handy.

Since I’m not using it every day, I also put it to a second use, DAB+ reception. I used to listen to various stations a lot, and whilst FM stereo is built into my phone, I’ve got nothing that will do medium-wave AM. The HackRF stops short at 1MHz (officially 10MHz), and needs a suitable antenna to do so. However, it occurred to me that it was more than capable of doing DAB+, so after some experimentation, I managed to get qt-dab working.

Since getting that working, I bought a second SDR, a RTL-SDR v3. The idea is I’d be setting this up on the bicycle with a Raspberry Pi 3 which also has a DRAWS board fitted (the successor to the UDRC). I figured I could use this as a second receiver for amateur radio stuff, or use it for FM stereo/DAB+, maybe short wave.

So today, I was testing this: using the RTL-SDR with a Pi 3, seeing whether it would perform acceptably for that task. Interestingly, CubicSDR will de-modulate FM stereo quite happily when you’re running it via a X11 session forwarded over SSH, but it stutters its way though if you try to run it natively. I think the waterfall displays are too much for the machine to cope with: it can render them, but painting them on the screen causes too much CPU load.

qt-dab however works quite well. It occupies about 60% CPU, which means you don’t want to be doing much else. Whether I can do AX.25 packet simultaneously as planned or not is a valid question. Audio quality through the PWM output on the Pi3 is good too — I did try this with an original Pi and got an aural assault courtesy of the noisy 3.3V power rail, but it seems this problem is largely fixed on the Pi3.

In truth, I’ll probably be using the GNURadio framework directly when I get to implementing this on the bicycle. That makes a custom tailored UI a little easier to implement.

The WTF moment though was whilst putting this rig through its paces… I noticed a new station:

ELF Radio, a station dedicated to Christmas Carols

A new station, “ELF Radio” had appeared in multiplex 9A (202.928MHz)… this is exactly what it sounds like, a station dedicated to Christmas carols. We’re not even half-way though October, and they’re already out to flog the genre to death.

Now, Christmas rage was not a thing when I was younger, it seems the marketing world is intent on ruining this tradition by making excuses for starting the sales earlier and earlier… and it seems the “ambience” is part of the package deal that they insist must start long before that Celtic tradition, Halloween! As a result, most of us are thoroughly fed up by the time December rolls around.

Here’s a hint advertisers: playing this crap so soon in the year will not result in higher sales. It’s a sales repellent!