Model | Image | N Scale Info | Resources | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Ae 8/14 |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ae 4/6 |
|
[1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ae 6/6 Ae 610 |
|
[1], [2], [3], [4], [5] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ce 6/8 II "Krokodil" (Rework to Be 6/8 II) |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ce 6/8 III "Krokodil" (Rework to Be 6/8 III) |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
De 6/6 "Seetal-Krokodil" | None | [1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 4/4 I | TODO | [1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 4/4 II Re 420 Re 421 |
|
[1], [2], [3], [4] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 4/4 III Re 430 |
None | [1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 4/4 IV Re 440 |
None | [1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 450 4 parts, in use by: SBB/ZVV, Sihltalbahn |
|
[1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 460 "Lok 2000" |
|
[1], [2], [3], [4], [5] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 474 (Siemens ES64F4) |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 482 (Bombardier Traxx F140 AC1, F140 AC2) |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 484 (Bombardier Traxx F140 MS2) |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re 6/6 Re 620 |
|
[1], [2], [3], [4] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RABDe 12/12 RABDe 510 "Goldküstenexpress" "Mirage" 3 parts |
None | [1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RBDe 4/4 "NPZ" RBDe 560 "NPZ Domino" 4 parts |
|
[1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RABDe 8/16 RABDe 511 "Chiquita" 4 parts |
None | [1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RABDe 500 "ICN" 7 parts |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ETR 470 "Cisalpino" 9 parts |
|
[1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ETR 610 RABe 503 7 parts |
|
[1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Stadler KISS (prev. DOSTO) SBB RABe 511 "Regio-Dosto/RVD" 4 or 6 parts BLS RABe 515 "MUTZ" 4 parts |
|
|
[1] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Siemens Desiro Double Deck RABe 514 "DTZ" 4 parts |
None | [1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Stadler GTW 2/8 SBB RABe 520 Thurbo RABe 526 3 parts |
|
|
[1], [2], [3], [4] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Stadler GTW 2/6 Thurbo RABe 526 2 parts |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Stadler FLIRT SBB RABe 521 "Regio Basel" SBB RABe 522 "Genf" SBB RABe 523 "S-Bahn Zug, Aargau, Luzern" SBB RABe 524 "TILO" SOB RABe 526 "S-Bahn Zürich, St. Gallen" Thurbo RABe 526 4 parts 6 parts for TILO |
|
[1], [2], [3], [4] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RAe 4/8 1021 "Churchill-Pfeil" |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CLe 2/4 RAe 2/4 "Roter-Pfeil" |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RAe TEE II RABe EC "Graue Maus" 6 parts |
|
|
[1], [2], [3], [4] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
TGV Lyria (POS) 10 parts |
|
[1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BDe 4/4 |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RBe 4/4 RBe 540 |
|
None | [1], [2] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bm 6/6 | None | [1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bm 4/4 |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Am 840 Vossloh G2000BB |
|
[1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Am 841 | None | [1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Am 842 Vossloh G1000BB MaK G1204BB |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Am 843 |
|
[1], [2], [3] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ee 922 |
|
[1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ee 923 | None | [1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ee 3/3 |
|
[1], [2], [3], [4] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ee 3/3 IV Ee 934 |
None | [1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Tm 235 | None | [1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Tm 234 | None | [1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Tm IV Tm 232 |
|
|
[1], [2] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Tm III Tm 232 |
|
None | [1], [2] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Tm III (Yard) | None | [1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Tm II |
|
[1], [2] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Tm I | None | [1] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Te III |
|
None | [1], [2] |
I managed to do both successfully. The signals by Microscale are really well made, I'll definitely order them there when I get to the point where I do need signals.
I also had a very nice conversation with Dario Morciano from MD Trains, it helped a lot that we both spoke italian. His trains are beautifully made, on an order-by-order basis, there are maybe 20 ICNs currently worldwide. Everything was truly lovely, also the models of the SBB ETR 610, the ETR 470, and the BLS MUTZ were amazing. All train compositions that a lot of people in the N scale communities I know of have been waiting for for years. The price may be off-putting for many people, this kind of precision, hand-made small production work is very expensive. I'd say about twice what one of the big manufacturers would sell such trains at, if they ever get to actually producing them, but that doesn't seem to be the case. For me, it was a more than acceptable price given the quality and the opportunity to have an SBB ICN cruising on my layout, sometimes next year.
]]>I moved from Dietikon to Zürich in 2014. New apartment, new roommates. I completed my Bachelor's degree in Informatics, Software-Systems in 2015. Finally.
I started working for a great company in 2013, iniLabs Ltd., a spin-off from the Institute of Neuroinformatics (INI) here at the University of Zürich, that works on neuromorphic hardware, specifically bio-inspired vision sensors. Had the opportunity to work with IBM's TrueNorth development team on integrating the sensors with their platform in 2013-2014 as part of the DARPA SyNAPSE project. Met lots of great people, went several times to California (US), partecipated in the 2015 Telluride (Colorado, US) Neuromorphic Engineering Workshop, met even more awesome people. Two fun years working on embedded hardware, low-level C libraries, VHDL FPGA logic and Java GUIs, everything I ever wanted. And it's all set to continue, as we're currently expanding our offering of neuromorphic devices.
On the open-source front, I started contributing to usb4java in July 2013 due to my work at iniLabs, where we use it extensively in the jAER project to talk to the vision sensors in a performant and platform-independant way, as well as in the Flashy project, a tool to update firmware and logic on our sensor devices. Also almost all of the code I've worked on is available openly from the jAER project or the iniLabs GitHub pages. In 2013 I moved my own projects from self-hosted SVN to Git & GitHub, including the source for this blog. Great service.
After over a decade of self-hosting, I moved everything over to Google Apps. Very happy with not having to care about any of that anymore, I just didn't have the time for server maintainance.
Photos of San Francisco, Colorado, New York, Yellowstone, London and other places I visited can be found in the new gallery, powered by Google Drive. I took most of them during the 2015 road-trip through central US with my good friend Diederik Moeys, a PhD here at INI.
I've gone through all the pages in the blog here and updated them, so they should reflect current reality better. I'm hoping to keep the blog more up-to-date in the future. I've promised myself I'd use it to document the resurrection of my oldest hobby: N-scale model trains. More on that soon.
]]>(Update: the above are the only two things I'm keeping around or haven't sold yet. Contact me!)
]]>Now the real topic of this post is SSH, more specifically how to make your SSH connections even more secure
than they already are. OpenSSH by default prefers slightly less strong cryptographic algorithms (like AES128
is preferred to AES256), and for its HMAC it still prefers MD5-based HMACs, which, while still kinda secure,
are clearly less secure than the SHA2-512 based ones, for which OpenSSH added support in the 5.9 release.
Assuming you're running OpenSSH >=5.9 everywhere, like in my setup, configure your sshd's as following, so
that they will only offer the most secure known algorithms in their strongest variants first. This will also
only offer SSH protocol 2, as well as set some other miscellaneous login-related settings and make the server
check periodically that clients are alive, and if not, terminate the connection.
Protocol 2 LoginGraceTime 1m PermitRootLogin no StrictModes yes MaxAuthTries 3 MaxSessions 5 ClientAliveCountMax 3 ClientAliveInterval 5 Ciphers aes256-ctr,aes192-ctr,aes128-ctr KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256 MACs hmac-sha2-512,hmac-sha2-256
Configure your SSH client as follows to only connect to sshd's using secure algorithms, again trying the
strongest first. This also enables SSH protocol 2 only, periodically checks that the server is alive (especially
useful with sshfs and its '-o reconnect' flag, when working over unstable links like wireless). It further
lowers the amount of data needed for a rekey, default would usually be between 1G and 4G.
Note that I had to split up some lines for better readability on the blog, you can notice those by the increased
indentation, just always make sure everything is on one line!
Host * Protocol 2 ServerAliveCountMax 2 ServerAliveInterval 4 Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,aes256-cbc KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256, diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512,hmac-sha2-256,hmac-md5,hmac-sha1 HostKeyAlgorithms ecdsa-sha2-nistp521-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 RekeyLimit 512M
Given both the server and client running OpenSSH >=5.9 and being configured correctly, you get an SSH connection
using AES256-CTR as cipher, exchanging keys using ECDH-SHA2-NISTP521, and using HMAC-SHA2-512 for integrity
checking. Basically AES-256 and SHA2-512 everywhere, which, as far as I know, are state-of-the-art in their
respective application domains and still considered very secure.
Hope this helps increasing security, as well as reliability (the Alive options especially with sshfs).
UPDATE: I've written an ebuild for Blogofile, you can get it from my overlay. It pulls in all required dependencies to run. For my own blog, I also needed dev-python/imaging for the gallery controller.
]]>