North Americcan Nebula

This is another attempt at my astrophotography. The North American Nebula.

Still issues, was trying out a battery to see if I could power the rig at a remote site, things started to go wrong and I had to discard all the Luminance exposures.

I had wanted to get more exposures, but unfortunately, after sorting out the issues and reverting to AC power source there was no time.

I also wanted to focus between each filter change (as the scope is achromatic), but missed that setting, hence the blue fringes for the stars.

The narrow band filters came out OK though.


Messier 33 / NGC 598 / Triangulum Galaxy

This is one of my first long exposures (1hour 20minutes total) of M33. The light from this spiral galaxy has been travelling for 2.73 million years before the photons hit my camera to produce this picture.

M33 Triangulum

Tech Posts

Upgrading Asus Prime Z370-A ME Firmware without running Windows

I have a ASUS Z370-A Prime motherboard. I don’t run Windows natively, but do under Virtualbox on Ubuntu Linux.

Asus released an Intel Firmware Update with only a Windows MEUpdaterTool executable.

I Created a WinPE image from my Virtualbox Windows 10 virtual machine, which I dd’d onto a USB, and managed to use the Intel updater tool in the X:\FW folder to complete the upgrade.

So if you find yourself in my position, you can download the WinPE environment here:

Note, the MEUpdateTool in the root folder, is not supported in the PE environment, just CD in to the X:\FW folder and use the FWUpdLcl64.exe tool.

Just, unzip the image and dd it to your USB drive (below assumes that /dev/sdb is your USB drive, check first or you might clobber another disk in your system):

sudo dd if=winpe_amd.img of=/dev/sdb bs=4M
Data Mining Stock Pick Tests

Stock Pick Tests (update 2013-10-26)

So the initial test is complete. The buys saw:

HOC finished at 172.4 after a buy signal at 152.7, a gain of 12.9%
KENZ finished at 534 after a buy signal at 503, a gain of 6.16%
ALNT finished at 341.5 after a buy signal at 338.2, a marginal gain of 0.98%
IMG finished at 290.8 after a buy signal at 275.8, a gain of 5.44%

Based on a long investment of £500 per share over two weeks, a total profit was shown of £127.11, 6.38%.

It is somewhat higher than overall FTSE gains, but it looks like the model needs improvement.

Particularly the sell signal on BKG at 2232, it finished at 2400, a gain of 7.5% merely shows that the model may just be relying on volatility of the stock for signals and not necessarily concerning with direction.

More model training and process refinement is to take place and we will see how the week two stocks progress at the end of next week (I have not followed their performance this week).

Data Mining Stock Pick Tests

Stock Pick Tests (update 2013-10-21)

After 5 trading days:

HOC (152.7p) –> 166 (8.7%)
KENZ (503p) –> 526.75 (4.7%)
ALNT (338.2p) –> 355.5 (5.1%)
IMG (275.8p) –> 290.75 (5.1%)

BKG (2232p) –> 2374 (6.3%)

Disappointed with the sell performance of BKG, but a good overall performance for the buys.

For this week the model reports buys for:

HOC (5*) (166p)
CHG (3*) (217.25p)
GNK (3*) (825p)
POLY (2*) (601p)
DXNS (1*) (46.5p)
RSW (1*) (1632p)
FDSA (1*) (1999p)

CCC (1*) (543p)
EVR (1*) (133p)

Data Mining Stock Pick Tests

Stock Pick Tests

Buy: HOC (152.7p), KENZ (503p), ALNT (338.2p), IMG (275.8p)
Sell: BKG (2232p)

(Based on predicted performance +10 trading days)

Tech Posts

Grandstream HandyTone 503 BT (UK) Caller ID / Display Settings

After fiddling with the settings for Caller ID on my FXO port, I finally found something that works:

Caller ID Scheme: SIN 227 – BT
FSK Caller ID Minimum RX Level (dB): -40
FSK Caller ID Seizure Bits: 96
FSK Caller ID Mark Bits: 55
Caller ID Transport Type: Relay via SIP From

If you have a Grandstream HandyTone 503 connected to a BT line on the FXO port then leave your configuration tips below!


Asterisk 11 (FreePBX distribution) fail2ban configuration using the security log.

I’ve been experimenting with Asterisk again, using the FreePBX distro (

I have noticed that I get a lot of entries in the Asterisk log that look like this:

[2013-07-06 05:11:06] NOTICE[4106][C-0000001f] chan_sip.c: Failed to authenticate device 555<>;tag=e9a98a30
[2013-07-06 05:11:08] NOTICE[4106][C-00000020] chan_sip.c: Failed to authenticate device 555<>;tag=eebd8857
[2013-07-06 05:11:12] NOTICE[4106][C-00000021] chan_sip.c: Failed to authenticate device 555<>;tag=243f3815
[2013-07-06 07:19:42] NOTICE[4106][C-00000022] chan_sip.c: Failed to authenticate device 5555<>;tag=a049427e
[2013-07-06 07:19:45] NOTICE[4106][C-00000023] chan_sip.c: Failed to authenticate device 5555<>;tag=c3c7f81b
[2013-07-06 07:19:48] NOTICE[4106][C-00000024] chan_sip.c: Failed to authenticate device 5555<>;tag=6be78a0b
[2013-07-06 07:19:49] NOTICE[4106][C-00000025] chan_sip.c: Failed to authenticate device 5555<>;tag=1979ada5

Where, of course, is the address of my SIP server. Unfortunately, while FreePBX contains a fail2ban module, asterisk doesn’t provide enough information in the log file to act upon these messages.

The way I have got around this involves making some custom modifications to the Asterisk configuration.

Firstly, we need to enable Asterisk (v11) security logging feature:

Edit, /etc/asterisk/logger_logfiles_custom.conf and add the following:

fail2ban2       => security,notice,warning,error

This will create an additional log file, called /var/log/asterisk/fail2ban2

Now we need to edit the fail2ban configuration in /etc/fail2ban to process the security logged items. FreePBX configuration is in jail.local, so we will add ours to jail.conf:

 enabled  = true
 filter   = asterisk11
 action   = iptables-allports[name=SIP, protocol=all]
 logpath  = /var/log/asterisk/fail2ban2

Finally, we create a simple regex to get the IP address that we want to ban, and put it in the /etc/fail2/ban/filter.d/asterisk11.conf

# Fail2Ban configuration file 
# $Revision: 250 $ 
# Read common prefixes. If any customizations available -- read them from 
# common.local 
#before = common.conf
#_daemon = asterisk
# Option:  failregex 
# Notes.:  regex to match the password failures messages in the logfile. The 
#          host must be matched by a group named "host". The tag "<HOST>" can 
#          be used for standard IP/hostname matching and is only an alias for 
#          (?:::f{4,6}:)?(?P<host>\S+) 
# Values:  TEXT 
failregex = SECURITY.* SecurityEvent=\"InvalidPassword\".*RemoteAddress=\"IPV4/UDP/<HOST>/
#VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' \(language '.*'\)
# Option:  ignoreregex 
# Notes.:  regex to ignore. If this regex matches, the line is ignored. 
# Values:  TEXT 
# ignoreregex =

That’s it, we now intercept messages like this one from the security log, and manage to ban these device attempts:

[2013-07-06 07:19:42] SECURITY[4078] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="1373091582935268",Severity="Error",Service="SIP",EventVersion="2",AccountID="00972597103443",SessionID="0x7fa42c001ac8",LocalAddress="IPV4/UDP/",RemoteAddress="IPV4/UDP/",Challenge="61074795",ReceivedChallenge="61074795",ReceivedHash="b469462e8e7de800b54eb50ffe46de86"

Google’s Streetview Wardriving Accusations

In the news today, some rather sensationalist articles about what Google was collecting via WiFi on their Streetview tours.
Firstly, it needs to be pointed out, the information gathered:

  • Was unencrypted WiFi – If you run an unencrypted WiFi Home or Business network then really you are taking the risk – and you should be a lot more worried about Joe and Mary’s teenage son next door rather than the 3 seconds worth of network traffic that a Google streetview car would have picked up as it passed your house.
  • The Daily Mail (Fail) article suggests that they harvested information ‘from home computers and laptops’ as they passed by. This is simply untrue, they harvested information from the radio waves, just as you harvest information from all manner of radio frequencies when you retune your AM radio. Google’s only crime here is analysing what they heard. It should be pointed out that at no point did any interaction between data stored on a computer make its way to Google’s streetview car unless you transmitted it to them.
  • That being said – if the street view car was passing by at the time, and, you were clicking send on an email or hitting enter on a instant message, and, you’re stupid enough to not use encryption at a protocol level for any of those services, then and only then would Google have harvested some information. Perhaps a sentence in a IM conversation or a few paragraphs of your email or perhaps the URL and a quarter of a web page you happened to be browsing at the time.

There are enough conditionals there to make it seem to me that Google simply under-estimated the stupidity of our nation to protect our home computer assets. I believe their main aim in sniffing wireless traffic was to obtain BSSID information (a globally unique identifier for Wireless Access Points) to correllate it to GPS information which would allow Android phones to be able to get accurate geolocation information without necessarily having a GPS lock on the phone.

There is an opensource tool which does this very thing (called Kismet), and it saves tcpdump information to file of the sniffed wireless networks. One parameter of tcpdump is the snaplen, specified with the ‘-s’ parameter. This parameter specifies how much of the packet to save to disk. To get reliable BSSID information this probably needs to be set to around 32-bytes, just enough to get the necessary headers from the BSSID beacon frames (which by the way, you can configure to turn off as well, and would be recommended as part of an overall secure setup). I truly think that the engineer coded this parameter with zero ‘-s 0’, saw that he got the BSSID information with this parameter and left it at that. Unfortunately the ‘-s 0’ parameter value has a special meaning, and captures the entire packet.

The Daily Mail article has so many inaccuracies in it that I would expect it to be edited later. It is sensationalist, and blatently incorrect from a technical sense.

The New Server

Choosing a Hypervisor

So it came to a point where I needed to choose a Hypervisor.

The choices (from the free ones) appeared to be Vmware’s offerings, either vSphere 4.1 or vSphere 5.0 or a free hypervisor such as Xen or Virtualbox.

Vmware’s offerings are touted as Tier-1 Hypervisors. That is, the hypervisor itself runs on the bare metal. Whereas KVM or Virtualbox are Tier-2 Hypervisors – relying on an underlying OS kernel.

This is where I began to hit Vmware’s limits on the ‘free’ aspects of ESXi.

My server has 8 Cores, 48GB Memory and a 2.7TB Disk Array.

ESXi v5.0 (or whatever they mean to call it now – deliberately blurring the feature set of their free product with their paid-for product) has a limitation of 32GB RAM, anything above that is unusable to the OS.

Well, OK, I’m not going to waste 16GB of memory for the sake of being on a Tier-1 Hypervisor.

ESXi v4.1 doesn’t have the memory limitation, although it appears to have fewer features (I was really interested in the PVLANs for instance, but it appears that those are paid-for only features as well!). Never the less, I tried it out – and well what do you know it has a lmitation of 750GB for local storage!

A further irksome issue I had with Vmware in testing was when I was trying to set up their Networking. I essentially wanted to implement multiple subnets, with a single interface bridged to one of the physical interfaces on the host server. Should be simple enough, no? Well think again – when I tried to do this Vmware insisted that I assign an IP address to this interface. Why? It’s a bridged interface, it doesn’t need an IP address, it doesn’t necessarily need to even run IPv4 – I might want to run IPX/SPX or IPv6 instead – in any case the bridge does not need to be assigned any Layer-3 address.

I googled on this networking faux-pas and found other people asking the same question, why does it need an IP address, with people giving ill-informed answers that “because it’s the bridge interface”. Nonsense, these people don’t know their networking.

So, now I was left with either going with something like Xen Server or perhaps going with the Hypervisor I actually use on my Laptop (Virtualbox). I thought there would be an obvious downside to Virtualbox – “it’s clearly designed for desktop virtualisation”, I thought. I had a brief look at Xen, however, and started to get confused. So XenServer is Citrix right? Citrix sell XenServer, then there is XenSource? How does that fit in? The Wikipedia says that RedHat / CentOS 6 don’t support dom0, what is dom0…

Well, too many questions, not enough answers, no good documentation.

So I opted for Virtualbox – turns out it has a pretty good Vboxheadless mode which allows me to run all my VMs through a VRDP session to their consoles (essentially using Microsoft’s Remote Desktop Services protocol RDP). I intended nearly all my VMs to be Linux based, and be primarily controlled via SSH – so this is fine for me.

There is also a companion project called phpVirtualbox – which provides a near identical GUI to the Virtualbox interface via a Web Browser.

It should also be noted that, surprisingly, Virtualbox is probably more dynamically controlable via the command line than it is via either of the GUI interfaces – and is very suited to a roll your own VM Hypervisor set up.