September RF Bits in CQ – Erratum

cq-contents-sept-2016As luck would have it, a key URL for the software mentioned in my September CQ Magazine RF Bits column no longer works. That is because the author, Mike Guenther, DL2MF, decided to withdraw support for the DV4MF2 console for the DV4mini. Whatever his reasons, we have luckily archived a copy for your convenience. So if you arrive at a German language page with a “no more available” caption in English at the top, fret not and get your copy of DV4MF2.exe right here.

While the author has withdrawn support, the software nonetheless functions as it did when my article was prepared for your enjoyment. Other software for the DV4mini is also available and supported by Wireless Holdings, although lacking the nice Brandmaster XTG support that DV4MF2 offered.

It would be great if more radio amateurs released their software under some open source license so that work by and for the community could be continued as needed. We have far too much orphaned software in regular use in the amateur community. A perfect example of this is UI-View32. The author’s last wishes upon his death included the destruction of the source code. Yet, the program is still used by many amateur stations around the world. Imagine how much more useful the orphaned software could be if the source code were available for further development?

Android Security Just Got a Whole Lot Better

While Marshmallows are soft and gooey, Android 6.0.1 (Marshmallow) is one tough cookie. Marshmallow provides granular security controls that allow you to decide whether an application gets access to particular information. Tired of LinkedIn or Facebook trying to grab all your contacts?

Android Marshmallow allows for more granular control of application permissions.
Android Marshmallow allows for more granular control of application permissions.
Now you can control this behavior.

To take a look at these settings, go to Settings->Apps->Application manager. Pick an app and you’ll see a bunch of sliders that let you turn access on or off for that control. Newer app versions directly support the Marshmallow security model. Older apps don’t and may malfunction, but don’t let that stop you from trying out settings that meet your security requirements.

Blackberry has had this level of application security control for many years. It is good to see that Android is now taking application and data security very seriously.

Perspective of a former Gilfer Associates Employee

Anyone who listened regularly to the shortwaves back in the 1970s knew about Gilfer Associates of Park Ridge, New Jersey. They were a source of books, gadgets, and radios supporting the SWL habit. The company was run by Oliver P. (Perry) Ferrell and his wife, Jeanne. Perry was at one time the Editor of Popular Electronics Magazine.

I came across this recent blog post by Susan Ito, a former employee. It paints a nice picture of what is was like to work for the Ferrells as an after school employee.

How I Came to Love Shipping (and the Hot UPS Guy)

The “Rigged” Presidential Debate System

The Republican and Democratic parties are part of a cartel that want to prevent American citizens from being exposed to any candidate other than their own. They do this through a nonprofit corporation called the Commission on Presidential Debates (CPD). This “governance body” was created in the late 1980s after the League of Women Voters, formerly the sponsor of presidential debates, would not agree to limit participation to the two dominant political parties.

Are debates under these rules serving the interests of the American people or serving the interests of the CPD cartel? Any time the ruling class attempts to limit discourse to those subjects and participants that they have defined as representing their interests, it is YOUR interests that are likely being harmed.

Libertarian candidate Gary Johnson will be on the ballot in all 50 states of the union come November. He is polling at roughly 10% in nationwide opinion surveys. Clearly, the unpopular candidates of the two major parties have much to lose if Johnson is permitted to participate in the Presidential Debates. That’s why the Elephant and Jackass won’t let him play in their sandbox.

Attorney friends, could the RICO statues be used against the CPD to force them to extend participation? It would be interesting to see a RICO based class action civil suit filed on behalf of American voters as the injured class.

Chrome OS – The Right OS for Many

I am convinced that Google’s Chrome OS is highly underrated and under appreciated. I have been testing an ARM based Chromebook as well as an ARM based Chomestick with great results. If your primary email address is @gmail.com, and if most of your computer activity is email, messaging, and light document prep, you don’t need the complexity of Windows or Linux. And, if you think that Mac OS is simple to use, you have not tried Chrome.

The Asus CS10 boasts a quad-core RockChip 3288-C CPU, 2 GB RAM, and 16 GB eMMC.
The Asus CS10 boasts a quad-core RockChip 3288-C CPU, 2 GB RAM, and 16 GB eMMC.

I especially like the Asus Chromebit that arrived yesterday and which is now stuck on the back of a several year old Sony Bravia in the den. I plan to use it where I need a web browser to access content that is not already integrated into TiVo. Paired with a small Logitech wireless keyboard, it is all I need in the den and will free up the i5 Windows 10 machine that was previously used for web streaming.

WordPress Security 101

When I installed WordPress on this site, one thing that concerned me is that login and administrative functions were not using SSL by default. OK, I didn’t have an SSL certificate installed at that point, fair enough. But once the SSL certificate from Let’s Encrypt was installed, I set about learning how to secure these functions.

It is very simple.

In the same directory where WordPress is installed you’ll find a file named “wp-config.php”. Add the following line toward the bottom, right above the “That’s all” comment:

define(‘FORCE_SSL_ADMIN’, true);

Save the file and you’re good to go. Assuming that an SSL certificate is properly installed on your web server, login and administration will now go over SSL.

I then set out to further validate my WordPress security. I found this free web based tool.

I ran it against this site and found that my user accounts could be enumerated. This is clearly information leakage that should be avoided. The solution is to enable a WordPress plugin that stops this behavior. The plugin can be found here.

Download the plugin and copy it to the plugins directory as described in the Installation section of the above page. Using the plugins menu of the WordPress administration console, activate the plugin.

Run the scan again against your WordPress site and you’ll see that this issue has been resolved.

Let’s Encrypt – Free SSL Certificates for Everyone

One of the best things I learned at Hope XI is that we no longer have to pay for SSL certificates. In an effort to make web encryption universal, the Internet Security Research Group (ISRG) has started Let’s Encrypt. Lest you think that this is an evil hacker plot to steal your encryption keys and data, you may feel better to know that the Technical Advisory Board is comprised of representatives from Akamai, Cisco, Electronic Frontier Foundation, Mozilla, and the Internet Society. This project is on the level and taking off.

My first certificate will be used to encrypt connections to this site. I’m sure that it will be the first of many. One downside is a short validity window (90 days) but Let’s Encrypt is offering automated tools to make the entire installation process simple and transparent. Unfortunately, this site is my free Optimum 60 website and I have limited control over the server, so I must wait for Optonline tech support to install my certificate.

VOA Radiogram

Remember the Voice of America? It presented an American point of view to the world and helped the West to win the cold war in Europe. Well, VOA is still transmitting and is embracing modern technology to stay relevant.

Kim Andrew Elliot produces a weekly “VOA Radiogram”, which uses audio tones to send digital information that can penetrate jamming and get through adverse reception conditions. You don’t need anything too sophisticated to start playing with this technology, just a radio that can receive shortwave, a computer with a sound card input, a patch cord, and a free program called FLDIGI.

Much of the content is transmitted in MFSK32, which provides good results. Some transmissions include pictures as well as text. Some folks have even reported decoding content by holding their smartphone up to the radio speaker, although I have not tried this approach myself.

Give “VOA Radiogram” a listen this weekend. Here’s the schedule information:

Here is the lineup for VOA Radiogram, program 177, 20-21 August 2016, all in MFSK32 centered on 1500 Hz:

1:31 Program preview (now)
2:42 China launches hack-proof satellite*
8:32 Twitter closes terror-linked accounts*
13:59 Why is Washington’s subway system falling apart?*
26:40 Closing announcements
29:09 Flmsg surprise (with audio)

* with image

Please send reception reports to radiogram@voanews.com .

VOA Radiogram transmission schedule
(all days and times UTC):
Sat 0930-1000 5745 kHz
Sat 1600-1630 17580 kHz
Sun 0230-0300 5745 kHz
Sun 1930-2000 15670 kHz
All via the Edward R. Murrow transmitting station in North Carolina.

Hertz German Rental and a Slight Scuff(le)

I reserved an automotbile rental for the June stay in Friedrichshafen with Dollar. The rental was actually fulfilled by Hertz. I expected to pay about €92 for a weekend rental, including taxes.

The vehicle dropoff was on a Sunday morning at the sleepy Bodensee Flughafen and was unattended. I dropped off the keys as instructed. The vehicle was left in perfect condition.

When the charge came through about a week later, it was for over US $400. I was mystified and miffed. I had not (yet) been contacted by Hertz about any issues.

I contacted Dollar via their customer service web form, referencing my initial reservation number. No one from Dollar bothered to return my contact request about the billing discrepancy. When I returned home, about a week after the car was dropped off, I contacted Chase to dispute the excess charge.

Hertz in Germany billed me €290 for this!
Hertz in Germany billed me €290 for this!
Then, after a few more days, a letter arrived from Germany. The letter claimed €290 in damage to their vehicle. Nonsense. I probably did not drive it more than 15 km during the whole stay and there were no incidents. So, I reported the claim to Chase’s car rental insurance program.

I finally, after some weeks, received a photo of the damage. Just nonsense. As you can see, it is a minor scuff that a US car rental company would never be concerned about.

Be careful. If you rent a car in Germany, do a complete walk around and either take their insurance or have your own. Kudos to Chase and their United Explorer Card for having my back and paying the claim on this one with no trouble at all.

Transparency and International Funds Transfer

In June I attended the Ham Radio 2016 show in Friedricshafen, Germany.  I had the opportunity to purchase a nice, compact digital transceiver.  The Hytera PD365 cost surprisingly less than it would in the USA.  And, as a bonus, I could get the 19% Value Added Tax (VAT) refunded once I brought it home.

Sort of…

There are shops around the world that are setup to make the tax refund easy and will rebate it directly to your credit card.  Not so with Difona Communications GmbH, but they were able to provide a tax refund form at the show.  I had to get it stamped by customs upon leaving the European Union and then mail it back to the vendor in Germany.  They paid the refund via international wire transfer.

Here is where the fun began.  I received about $14 less than expected and set about trying to find out where the difference went.  It was not easy.  There is no transparency in such transactions.  I had to call my bank more than a handful of times before I could get to someone knowledgeable enough to assist.

Early calls revealed that the funds came in as US dollars via the Automated Clearing House (ACH).  The ACH received the funds from Fed Global.  What is Fed Global?  The Federal Reserve Bank.  The Fed suffers from a complete lack of transparency and will not speak to the consumer at all.  Kudos to those in Congress who want to audit the Fed.  I’m with you.

Anyway, after several weeks, numerous calls, and a case filed with the Consumer Financial Protection Bureau, I received an answer.

Fees were deducted from the amount that the vendor paid to me.  The vendor — Difona — indicated that this is what should be done at the time of the transfer.  Difona did not disclose this to me when I sent them an inquiry asking for documentation on the transaction.  Had this been disclosed, it would have saved me and others a lot of time spent on calls and emails to research the discrepancy.

Caveat emptor!

Hytera PD365 compact DMR radio
Hytera PD365 compact DMR radio
Still, I purchased a good piece of merchandise at less than 2/3 of the USA cost.  I learned that in the case of a VAT refund, it is better to deal with Global Blue particpating merchants.  Otherwise, expect to pay an undocumented and substantial fee for a wire transfer and expect no documentation or transparency.