The news, opinions and events of VE3OIJ / VE3EEE

Archive for the Security category


How to use a computer – The Squid Zone

Equipment, Operating, Security, Technology

A good reminder for everyone…

This is a primer for anyone searching the web looking for tips on how to use a computer.  The language is direct, and intended to be clear and unequivocal. 1. A computer is a dangerous power tool, treat it accordingly As computers become ever more a part of everything we do, there is a tendency […]

Source: How to use a computer – The Squid Zone


Google thinks deleting is suspicious. – The Squid Zone

General, Security, Technology

Sunday night I was up late.  I wasn’t sleeping and decided to log into GMail to do some clean-up.  This is a regular task for me – I go in, empty the bin, delete old mails, sort the inbox into categories, etc.  I’ve been doing this for years, usually from the same computer at home […]

Source: Google thinks deleting is suspicious. – The Squid Zone


Force Apache to use strong cryptography – The Squid Zone

General, Security, Technology

How to modify Apache’s ssl.conf to require TLS 1.2 and strong cryptography.

Source: Force Apache to use strong cryptography – The Squid Zone


EMCOMM and amateur radio – what is needed and what is not

Digital Modes, General, Operating, Security, Technology, Voice Modes

I’ve been reading a fair bit about emergency communications (EMCOMM) and amateur radio. Nominally, EMCOMM is why amateur radio exists – the service is there, hypothetically, to be able to provide backup communication paths when infrastructure fails. Certainly, for many years, that was a pretty valid position and amateur radio filled that niche very well.

But time has marched on, and with it has marched both requirements and technology. In my considered opinion, amateur radio EMCOMM is likely to come up short when the situation is dire. This is something amateur radio can overcome, but getting past the shortcomings is going to require a new way of thinking for a lot of amateur radio EMCOMM enthusiasts.

The Use Case

It is first necessary to consider what role amateur radio is going to fill in an emergency situation.

The goal of EMCOMM is to get timely, accurate communication outside of the disaster zone to a place where the regular communications infrastructure is not damaged.  Barring an asteroid strike that makes a crater the size of Texas and destroys an entire continent, that communication is not going to need to be more than tens of kilometers, maybe small hundreds.

That brings about my first EMCOMM observation: HF is probably not going to factor in an EMCOMM situation because it’s awkward and unnecessary.  Awkward because it needs long, difficult antennas, and propagation is unreliable.  In the event of a very wide-scale disaster, then perhaps, but generally, it will be quicker, easier, and more reliable to use VHF and UHF radio to get messages out of a disaster zone because the equipment is small and much easier to come by.

Modern “first responders” – police, fire, military, para-military and medical all have reliable, effective short-range communication technology and infrastructure.  Their comms channels are robust and intended to work in adverse situations.  For the most part, amateur radio will play almost no part in assisting these people.  It’s worth noting that, military notwithstanding, none of these essential services uses HF radio much or at all.

Secondary assistance services are much more likely to require amateur radio assistance: Red Cross, various “civilian” disaster relief agencies and so on.  These are important people in any disaster, but they’re likely not well equipped in the communications department and could benefit greatly from amateur radio  help.  Again, however, they’re going to want to move information outside the disaster zone, and that distance is not likely to be “around the world” because there are many better ways to do that than HF radio.

I’ve tried to figure out what sort of info these agencies might want to send, and the most obvious one I can come up with is a casualty list.  This is a good one because it seems both likely, and highly useful to an agency like the Red Cross or Doctors Without Borders, or some similar group.  There might also be traditional short “Hi Mom! We’re OK!” messages, but those are generally easy to send by any convenient means.

So what does a casualty list take?  Let’s consider a short list: 1500 people are at a shelter inside a disaster zone, and the Red Cross needs to send that list 75 km away to the coordination centre.  The list contains “phone book” info: name, (former) address, plus gender and date of birth.  If we figure the name field at 20 characters, address at 20 characters, gender as 1 character and birth date as 6 characters, and an indicator for unharmed/deceased/injured/missing of a single character, a list of 1500 people is about 72000 characters, or 70 kB, or in CW terms, 14400 words.

Right off the bat, you can see one problem.  That short casualty list, using 4 operators blasting CW at 30 WPM non-stop, will take a full 2 hours to send and still require coordinating the output of the 4 CW streams at the far end.  That is not acceptable in 2015.  That same list, sent by D-Star at 9600 bps, takes less than 90 seconds.  Even at 1200 bps D-Star it will clock in less than 10 minutes.  This brings me to the second observation about EMCOMM: Morse Code is not going to be used very much if at all in an EMCOMM situation because it is too slow to carry any significant amount of useful information.

What does this mean?

The general use case of casualty lists, supply requisitions and similar information simply can’t be sent by morse code or even by voice.  Modern EMCOMM needs to move small and medium amounts of data over those tens of kilometers.  Possibly even image data.  This simply cannot be done with traditional “Morse Code and HF” thinking, and not even with “packet” thinking.

EMCOMM groups have to start thinking about the objective, and they have to start acquiring the infrastructure and training to be able to provide useful communications.  This is what I think all EMCOMM groups need to have as a capability:

1. Enough available equipment to set up a VHF and/or UHF data link that can cover a distance of about 100 km, AND link to the neighbouring EMCOMM group – effectively able to form cells of about 50-100 km in radius to be able to get communications away from the disaster zone.

2. Enough man-portable (i.e. HT or similar) equipment to be able to deploy operators quickly and keep them highly mobile.  This would include easily erected directional antenna equipment.

3. The ability to move data with a speed of at least 9600 bps over the coverage area.  Even faster would be better.  That may mean we all have to start thinking of better ways of moving data.  Guys, it’s not 1980 any more.  Even 9600 is glacially slow by modern standards, and information is king in a disaster situation, but at that speed you can move decent sized text blocks around.  If amateur radio can’t move enough good quality information quickly and accurately, amateur radio will be bypassed.

4. The ability to interface with existing communications channels (e.g. the internet).  I assure you, the guys who can get internet connectivity into a disaster area are going to be viewed as heroes of communications because internet is *THE* communication channel used by every organization everywhere.  Also, being able to patch into other networks like the phone system and drag a level of that connectivity into a disaster zone would be really helpful.

5. This is a pie-in-the-sky thing, but I’ll put it out there: The ability to assist with, organize, and direct the communications infrastructure of others – in short: trained operators who can free up firefighters, police, and maybe even soldiers by operating THEIR communications infrastructure while they go out and do the nasty work.

EMCOMM needs to look at the now and forward, not back in history.  It’s time to drop HF and morse, and build up robust, portable digital communications for emergencies.  That is what will be needed when the worst happens, and that’s where the expertise of highly trained radio amateurs is going to be most effectively deployed.


Have you checked your photos lately?

General, Security, Technology

It’s coming on to Christmas, and that means it’s time for an annual chore: the checking of my photo archives.  Like many people, I have a large number of digital photographs and videos, and I don’t want to lose them.  Each year, I check my archives and make sure that my data is still good.

Many people assume that because they’ve got their pictures stored somewhere, the pictures are fine.  That assumption could not be further from the truth, and that’s why you actually have to perform maintenance on your digital files, just like you would on your paper photo albums.

Here are the maintenance tasks I would recommend:

  1. Empty your camera – That’s right, pull the photos off your phone, your Nikon, the memory cards you have laying around, etc.  Realistically, you shouldn’t store photos on your phone for very long anyway, since they might be subject to embarrasing disclosure, or loss.  A phone or camera is not intended as a long-term storage device, so just don’t do it.
  2. Validate your optical media – home-burned CD/DVD/BRD media use an optically alterable chemical to store data.  Over time (usually 3-7 years), that chemical can degrade.  When that happens, you start losing data.  If you’ve backed your photos onto optical disks, you absolutely must copy them off and put them onto new disks or other media every few years or you absolutely will lose photos.  Unlike the marketing hype, this media really isn’t permanent, nor does it have a 100 year lifespan.  3 to 7 years, that’s all.  If you get more than that, you’re just lucky.
  3. Validate your hard drive media – Storing your photos on a hard disk?  have you checked your hard disk?  Hard drive failure is a big killer of people’s photos.  Unless you’ve taken steps to prevent it, a hard drive is a single point of failure – lose the drive, lose everything, including your photos.  Personally, I store most of my photos on a RAID device that uses four hard drives and is configured such that it can tolerate a single drive failure (RAID 5).  That may be a bit much for a home user, but if you’re using hard drive storage, at least consider keeping backups somewhere not on the same hard drive.
  4. Check your on-line storage accounts and licensing agreements – Plenty of people use online services.  Be aware of your user agreements and licensing!  Many of those services will claim ownership or unrestricted use license rights in consideration for letting you use their service.  This is particularly true if the service is free.  If you use a paid service, don’t forget to make sure you’re paid up.
  5. And don’t forget your paper – If you’re over 20 years old, you probably have paper photos somewhere… don’t forget to check them and make sure they’re not rotting away.  Maybe scan them to digital media.

Keep your data safe this Christmas!