Belgium – Yeri Tiete

GTFS

Yeri Tiete — Tue, 09 Apr 2024 18:44:29 +0200

As iRail's servers go down once in a while (and contain some legacy files, making it a bit messy), I decided to back up and host the GTFS feeds of Belgian Railway (NMBS), and the 3 Belgian bus companies (De Lijn, TEC and MIVB) at gtfs.flatturtle.cloud.

Every night, around 3am (CET), the GTFS files are uploaded to Cloudflare R2.

I keep the historical files as well (iRail only did this for NMBS, but I'm doing it for all). The latest available GTFS is in */_latest/.zip.

The directory listing is created using Workers.

I'm trying to get access to dewaterbus.be as well, but so far, they haven't replied.

Long holiday

Yeri Tiete — Mon, 30 Oct 2023 13:00:00 +0100

After a whirlwind of planning, re-planning around Shan's work, and, well, a bit of procrastination (who's judging?), ... We're finally leaving for our extended holidays. Saying "See ya!" to Singapore for three months! This is the longest I'm stepping out of the sunny (yet overly warm) island in the last 7 years.

Feels a bit surreal. Boarding in SQ 332 in ~55 minutes.

First stop? Oh, Paris! And from there, it's off to Belgium, then back to France for a road trip. All that with Ila (no time to update her site)... Let's see how that goes. 🙈

We'll be back after 4 to 6 weeks and celebrating Christmas surrounded by loved ones and ringing in the New Year in the Ardennes.

Writing all down now, feels like this "holiday" will be quite busy.

And the plot twist? It's a one-way ticket. No return date stamped. We're just gonna go with the flow and see where the journey takes us. Though, if I were a betting person, I'd say we'll probably be back around Lunar New Year. After all, who can resist the allure of those lion dances and, honestly, cashing in Ila's ang pow?

But let's see how much time I'll have to run a remote business, take care of Ila, drive and holiday around, and deal with family. 🤣 Maybe we'll be back sooner.

Poor Mumu, Tofu and Taro will have an extended staycation at their grandmother. Some change in environment may do them good. Hopefully, they don't forget about us, though, while being spoilt to death...

It's secretly also a big test for Shan -- to see how Europe's lifestyle fits, and if we're finally ready to say goodbye to the Lion City and head somewhere more European... Copenhagen? Amsterdam? Lisbon? 🤷‍♂️ I know I'm in need of change and an adventure.

EU pushes for digital surveillance

Yeri Tiete — Mon, 16 Oct 2023 17:03:00 +0200

Keep seeing more and more topics, threads and sites about it. And it's probably not getting half as much attention as it deserves.

Here's a summary from Danny Mekić post:

The European Commission wants to turn digital communication apps into mass surveillance tools by automatically scanning EU citizens' live conversations, photos and videos for criminal offenses, even if they are not suspected of a crime.

Hundreds of academics, privacy regulators and EU legal experts have condemned the proposal, arguing it grossly violates privacy rights and the technology cannot accurately detect criminal activity.

When the EU Council meeting showed insufficient support for the proposal, the Commissioner launched a paid advertising campaign on social media targeting specific countries to sway public opinion.

The campaign used emotionally manipulative images and music to suggest opponents did not want to protect children, while also misleadingly claiming majority European support.

The ads were microtargeted to exclude people interested in privacy, Euroscepticism, Christianity and other critical political/religious groups, creating an uncritical echo chamber.

This microtargeting violates the social media platform's policies, the Digital Services Act, and GDPR.

When a proposal lacks sufficient support, the proper response is to withdraw or amend it, not pressure doubting members through manipulative disinformation campaigns.

By setting aside European values, the Commission is endangering the foundations of the European Union.

The Commission should take down the ad campaigns and refrain from future attempts to bend public opinion through illegal targeted ads.

The document was written by a jurist and technologist who is critical of the Commission's overreach and disregard for democratic processes and individual rights.

Via Kagi: Undermining Democracy: The European Commission's Controversial Push for Digital Surveillance

Nature in an urban setting

Yeri Tiete — Sun, 28 May 2023 11:20:21 +0200

I’m very fortunate to have a handful of new trees, some grass and public seating bookend the street I live in. One of my favourite times of the day to be out on my balcony is dusk, because when the sun starts setting and the hustle and bustle of the city subsides, a group of Indian myna birds, attracted by that greenery, playfully chirps and flies between the trees. The tweeting draws out neighbours, too, and creates a beautiful moment of connection through nature in an otherwise man-made environment.

An increasing body of research tells us that interaction with nature is associated with better body and brain health. Birds play a particular role in this, in part because they are some of the only animals able to venture into highly developed areas and give out calls audible to the human ear, providing a direct link to the natural world.

The pleasure we get from encountering nature can be explained through the biophilia hypothesis, the idea that humans have an innate affinity for life and living systems: “Human preferences toward things in nature, while refined through experience and culture, are hypothetically the product of biological evolution.”

This theory is guiding academic work but also urban and architectural design. For example, there is solid evidence that having a window looking out to living plants helps speed up the healing process of patients in hospitals. In educational settings, exposure to nature seems to help kids focus better, feel less anxious and improve memory.

It’s fair to conclude then that we need nature. But does nature need us? Probably not. Clive Thompson calls this the biophilia paradox: “Biophilia is asymmetric. We have biophilia, but nature doesn’t have ‘anthrophilia’. In fact, it’s the opposite: If humanity were to vanish tomorrow, the remaining plants and animals would set about rapidly reclaiming all the asphalted-over world we’ve created.”

There is a tragic irony here: our modern existence is largely incompatible with our biophilic need for nature. Our attempt to be closer to nature often comes at a cost to nature.

“We humans should be living a little more densely, to give nature more space away from us. Meanwhile, to satisfy our biophilia, we should be designing more nature into these denser human environments – using everything from an increased number of street-plants to town parks to ‘living walls’ on houses, and buildings that use more natural materials. … We need plants close to us – and far away from us. That’s the biophilia paradox.”
Source: Dense Discovery

Kids and urban space

Yeri Tiete — Thu, 25 May 2023 16:36:28 +0200

My local council recently bought a bunch of warehouses and turned them into a public park with a playground. What used to be a barren, semi-industrial area suddenly came alive with people and plants. Everyone visiting the park looked in surprise at the playground wondering the same thing: ‘Where have all of these kids been hiding?’

Today’s urban spaces are designed for cars and commerce, making them particularly hostile towards kids. With most streets being considered unsafe, there has been a huge drop in outdoor play. This study, for example, claims that today just 27% of children play outside their homes, compared to 71% of the baby boomer generation. Or look at this fascinating map showing how an eight year old’s ‘range of exploration’ has changed from ~10 km a few generations ago to a mere ~300 metres today.

This short piece makes some cogent points about how our society tends to divide children into two categories undeserving of autonomy – ‘angels’ and ‘demons’:

“On one hand children are considered too small, vulnerable and innocent to roam and play in urban spaces because of traffic, ‘stranger-danger’ and other hazards. On the other hand, teenagers are constructed as a public threat and should not be allowed to hang out on the streets with their bikes, skateboards and presumably bad intentions. … Children and young people are increasingly sequestered in homes, cars or institutional spaces for adult-controlled education and play.”

Research tells us that limiting children’s sense of safety and autonomy also hampers their mental and social wellbeing. And yet, we continue to design spaces that completely robs them of their right to participate in public life. “Children should not be reduced to mere ‘future investments’ or ‘adults of tomorrow’. They are also people with present-day rights to citizenship, participation and autonomy in their living environments.”

As a kid who grew up in the country, I spent my summers roaming the neighbourhood, local fields and woods. I was pretty shocked to hear about friends in Melbourne having spent much of their early teenage years inside shopping malls. They did so because we gradually made every public space unsafe or unwelcoming for them. The irony of now blaming them for being glued to screens all day!

Many of us (especially people like me who don’t have kids of their own) move about a city oblivious to the lack of infrastructure suitable for young people. Away from home, their ability to move freely is often constrained to fenced off spaces: playgrounds, daycare centres, school yards, sports grounds. They are often chauffeured between these spaces in the very thing that makes streets unsafe for them: cars.

It doesn’t have to be this way. We know that designing cities for children ends up benefitting everyone which is why all of us should be demanding child-friendly, slow streets and engage in community efforts to take back public space from cars. Just watch any video of a Bike Bus in action and witness the joy of reclaiming our streets.
Source: Dense Discovery

The Rules for Rulers

Yeri Tiete — Tue, 11 Apr 2023 22:33:14 +0200

2022 by Vox

Yeri Tiete — Sat, 31 Dec 2022 18:59:16 +0100

Why Car-Centric Cities are a GREAT Idea

Yeri Tiete — Fri, 16 Dec 2022 19:27:56 +0100

Third Place

Yeri Tiete — Wed, 30 Nov 2022 20:19:37 +0100

I guess that's one thing that I do miss in Singapore: informal places that are affordable (almost everything here costs money) and that are not shopping malls (exactly what he mentions in the video).

Sure, there are bars, but they are usually expensive and atas, and not the place people go for an informal chitchat (more for date nights). There are the places around the hawker centres (i.e.: the food courts) with a lot of "uncles" sitting down -- but that's hardly my crowd. ;)

But maybe I'm also just in a bad neighbourhood. Chinatown has more craft beer places (somewhat affordable) right inside the food courts (i.e.: no air-conditioning, but it's informal and easily accessible).

But I'll admit I miss the Belgian-style pub where we'd go for a drink before dinner, or later at night for a tea. Places like Fenikshof in Grimbergen.

On the Beating of Children

Yeri Tiete — Tue, 27 Sep 2022 10:54:00 +0200

[...]
The story illustrates the level of violence we accept amongst children in otherwise non-violent societies, but it gets even worse: differing speeds of development lead to huge differences in size and strength, meaning bullying is often like getting picked on by a Shaq-like giant.
[...]
Yes, in the developed world “corporal punishment” (literally “bodily punishment”, an eloquently Latinized euphemism for “beatings”) is on the decline, but if a 19th-century person told you that though wife-beating was still legal, it was on the decline, you’d look at them at least a little bit askance.
Corporal punishment, while permitted for children, is never allowed for adults, even for convicted murderers. It's legal to beat a child for talking out of turn, but not for adults who have repeatedly, viciously, murdered people (*).
Countries that do beat people for talking out of turn are universally regarded as brutal dictatorships, just so long as those beaten include grown-ups.
[...]
Children are expected to never resort to violence. If on the playground they’re hit, they should not hit back, but find an authority figure instead. Generally, this authority will do nothing meaningful, and the only result will be the status penalty of being labeled a tattle-tale, resulting in an even more vulnerable personal position.
[...]
Meanwhile, if a reasonable adult simply feels threatened, such as from having popcorn thrown at them (**), they can shoot someone to death.
[...]
The value of truth as a virtue and liars as dishonorable is universally held, except when speaking to children.
[...]
Source

Very insightful article, and many of what they touch on is true in a western society.

(*) Singapore is an exception.

(**) Probably only in the US.

Bakfiets

Yeri Tiete — Fri, 26 Aug 2022 19:20:00 +0200

Wish this was an option in Singapore -- sadly, driving a bike here is needlessly dangerous. But likely a viable mode of transportation when we move back to Europe.

Cost of Cars

Yeri Tiete — Tue, 16 Aug 2022 09:04:33 +0200

Changing from a car-centric Paris to a cycling city

Yeri Tiete — Thu, 23 Jun 2022 21:59:00 +0200

I've not been in Paris since 2015, I believe. Feel like I should probably pop-by again and see if it really changed that much. I remember it to be mostly one big traffic jam with all the 2 and 3 wheeled motorcyclists racing in between.

It would be interesting to see if other major cities in Europe follow suit.

I'm actually quite looking forward to the biking future: riding (e-)bikes, a proper last-mile method (i.e. combing rental bikes or e-scooters with public high-speed railway).

Brussels definitely had a change of heart (for the better), but it'll take 10+ years to properly realise all these projects. Is it too little, too late?

Bike Highways are becoming a thing in a few cities in Belgium (but not in Wallonia; and sadly, the one in Vilvoorde will take 4+ years to build). But I'm excited to see what this will become once all this is finalised.

Would love to see Singapore work on something similar.

For a very brief moment, we had rental bikes in Singapore that were hugely popular. That is, until the gahmen decided to regulate rental bikes because of stupid wild parkers; a lot of these companies either pulled out of Singapore or went bankrupt.

And we had e-scooters, that were banned pretty much overnight (or well, "only allowed on biking lances" -- however, Singapore probably only has 5, or some absurd low number, biking lanes across the entire island; so it was an effective ban).

Since then, the desire of car ownership only went up (there is technically a cap -- which is good, but leaves little alternative for families that need a car for things that are impractical with ride hailing). Speaking of, ride hailing companies are doing tremendously (prices nearly doubled in the past 2-3 years with the lack of competition).

I see an increase in (amateur) bikers, but it's insanely dangerous as there's no dedicated lanes except for a couple of PCN.

So dear Singapore, please please please build a city that does not revolve around cars (the plans are there, but all new development seem to still have all roads on top, with little to no cycling lanes).

Make it easier to use (e-)bikes, (e-)skateboards, unicycles and what not!

3M PFOS

Yeri Tiete — Mon, 20 Jun 2022 22:45:00 +0200

Several layers of corruption. Bring forth the criminal charges and put these people in prison.

[...]
Last year she found out her 65-year-old mother had 1,100 micrograms of PFOS per liter of blood—a concentration more typically found in industrial wastewater. Her 68-year-old father had about 800. Her 19-year-old daughter tested at 300. D’Hollander’s own level had come down to about 100, which she attributes to not eating eggs and to breastfeeding, a theory backed up by studies showing mothers pass on high amounts of the chemical through their milk. She and her mother both have malfunctioning thyroids, a condition now associated with PFOS, and doctors have told them that at some point the drugs they take for the condition will stop working. Other health problems associated with high PFOS levels include high cholesterol, diabetes, hormone and immune disorders, and even diminished vaccine efficacy.
[...]
One sample showed 257,000 micrograms per liter, according to a 3M-commissioned study submitted to the Flemish waste management agency. For context, Minnesota’s current safe limit is 0.015 micrograms per liter.
[...]
After more than a decade of fighting, Flemish officials were eager to go ahead with the Oosterweel. They needed 3M’s help. In November 2018, Lantis and 3M signed their secret pact allowing the most dangerous of the toxic dirt (with 70 to 1,000 micrograms of PFOS per kilo) to be dumped on 3M’s site. Lantis argued Flemish regulations allowed it to move the soil without treating it as toxic waste as long as it served a function, in this case a security wall. Lantis estimated it would cost €63 million to move all that soil. 3M’s cost would be €75,000.
[...]
The Province of Antwerp planned to move roughly 4 million cubic meters of soil from the tunnel-highway project to a nature reserve far south.
[...]
Alongside health anxieties, farmers in the area have lost business. Koen Doggen grows organic vegetables that he sells to consumers through a subscription service. He says tests last summer showed his soil had more than twice the level of PFOS at which the government says sanitization is required. “I considered quitting,” he says. “I didn’t know if I wanted to work on contaminated soil. I breathe it in daily in the summer and wash it off my skin every evening. I wondered how I could ever sell this product again now that Zwijndrecht has become PFOS land, like it’s Chernobyl.”
[...]
High concentrations of PFBSA had made it into fish in the estuary of the western side of the Scheldt leading into the North Sea, according to a study paid for by residents of Zwijndrecht late last year. Flounder in the estuary had 24 micrograms of PFOS, seven times above safe limits for people who eat fish once a week.
[...]
Last autumn, 3M’s chief medical officer, Oyebode Taiwo, flew to Antwerp from the US to defend the company in Parliament. He argued that blood tests showing high PFOS levels weren’t proof the chemical caused the health problems that individuals were experiencing. “It could be due to reverse causation, meaning that it’s not the exposure that is causing the health outcome, but it is the health outcome that is causing the exposure to build up,” he said.
In other words, he argued certain people with specific health conditions are more prone to build up PFAS chemicals in their blood. Scientifically, the idea is dubious. Legally, it’s absurd, says Berezofsky. She points to the “eggshell skull” rule accepted in US law. “If I walk down the street and I hit somebody over the head, a normal person with a normal skull may just feel a bump. Somebody who has a skull made of an eggshell might die,” she says. “I’m still responsible. The fact that they have an eggshell skull does not relieve me of the liability of what I did.”
[...]
Source: Bloomberg

Charleroi metro line that never opened

Yeri Tiete — Sat, 28 May 2022 16:50:28 +0200

Continuous Sidewalks

Yeri Tiete — Thu, 30 Sep 2021 11:32:25 +0200

Living in Singapore -- a city extremely unfriendly towards bicycles and pedestrians (to the point they banned e-scooters because they had to blame someone for the accidents, and it couldn't be the cars) I started paying attention to urban design in Europe and started noticing the little things I wouldn't pay attention before.

Having just come back from Belgium, Amsterdam and Copenhagen it's great seeing a video pointing out the differences and how it all works.

Also, very excited that Belgium is investing in massive "biking highways" (as a result of many cities going car-free in a few years): big investments in clear, wide cycling lanes and making. We'll hopefully be more like the Netherlands (which, with the massive amount of e-bikes is really needed).

(Source)

SIN - DXB - BRU

Yeri Tiete — Sat, 11 Feb 2017 01:20:54 +0100

Emirates. Finally. Been trying so long to fly with them. And in business class. :)

1x A380 and 3x B777.

I’ll be around for a few drinks in Belgium !

Brussels

Yeri Tiete — Sat, 15 Oct 2016 23:40:25 +0200

I guess I get to post now when flying to Brussels.

Flying SIN to BRU with Lufthansa.

BRU to MAD with Brussels Airlines (which I guess is now Lufthansa too) from 20/10 till 23/10.

BRU to BCN with Brussels Airlines from 27/10 till 31/10.

Leaving the 5th November to SIN again with Lufthansa and returning with Swiss (their brand new b777!) on July 6th.

Also changed blog timezone to Singapore.

Surreal

Yeri Tiete — Wed, 23 Mar 2016 00:29:13 +0100

Grounded flights here.

Facebook Safety Check

Yeri Tiete — Tue, 22 Mar 2016 18:31:17 +0100

Never thought I’d ever have to mark myself safe …

Belgian banks & SSL — part 5

Yeri Tiete — Fri, 18 Dec 2015 11:35:57 +0100

Minor end of year update. No big SSL exploits have been released since (bar DH, see below).

Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure.

It’s worthy to note that some banks are serious about security and fixing their SSL. Most improved their rating and solved all issues (especially getting rid of SHA1 in the chain). However, a couple lowered from B to C (see below). But… No more F’s. :)

The noteworthy changers:

Hello Bank! went from A to B though due to weak DH,
Triodos lost their Forward Secrecy,
Optima from F to A(-) (and a bunch others from B to A, and higher),
A bunch from B to C due to SSLLabs being more severe (see below). Most did solve some of their issues,
BKCP is doing a lot wrong.

Edit: Tested wrong AXA domain; updated to A+.

Update 11 Jan 2016: ABK & BvB updated to A.

Note that not supporting TLS 1.2 or supporting RC4 capped sites to grade B about a year ago; it now caps to grade C (aka SSLLabs is more severe).

Grade A

Rabobank (A+): no known issues.
Evi (A+): no known issues.
Crelan (A+): no known issues.
Binck (A+): no known issues.
ING (A+): no known issues.
Keytrade Bank (A+): no known issues.
CPH (A+): no known issues.
NIBC Direct (A+): no known issues.
AXA (A+): no known issues.
Delta Lloyd Bank (A): no known issues.
Deutsche Bank (A): weak signature (SHA1).
MeDirect Bank (A): no known issues.
Monte Paschi (A): no known issues.
Belfius (A): no known issues.
BNP Paribas Fortis (A): no known issues.
bpost bank (A): no known issues.
Argenta (A): no known issues.
Fortuneo (A): invalid HSTS policy.
Fintro (A): no known issues.
DHB Bank (A): no known issues.
VDK (A): no known issues.
ABK: (A): no known issues.
Bank Van Breda (A): no known issues.
Ogone (payment facilitator -- A): no known issues.
Moneyou (A-): no Forward Secrecy.
Record Bank (A-): no Forward Secrecy.
Triodos (A-): no Forward Secrecy.
Optima Bank (A-): no Forward Secrecy.
KBC (A-): no Forward Secrecy.
Isabel (banking tool for corps -- A-): no Forward Secrecy.

Grade B

Hello bank!: Weak Diffie-Hell (aka DH) (info).

Grade C

PSA Bank: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
beobank: weak DH, no TLS 1.2, RC4 (insecure), no Forward Secrecy, no secure renegotiation.
BKCP: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy, weak DH.

Grade D

Grade E

Grade F

Europe

Yeri Tiete — Sun, 15 Nov 2015 21:50:50 +0100

Belgian bank & SSL slashdot effect

Yeri Tiete — Sat, 28 Feb 2015 10:11:01 +0100

Quick wrap up of the slashdot effect 10 days ago.

A peak of 12k views on Monday 16/02, with a small buildup on Sunday (15/02).

The top pages were Part 3, Part 1, Part 4 and Part 2 respectively.

De Redactie is the highest referrer, surpassing De Morgen (first to publish in printed media, front page) & Datanews (first to publish online):

Second highest, after Twitter (t.co), was Tweakers (Dutch website, oddly enough).

OS wise, about 60% is Windows, 12% of OSX and 10% of iOS; 79% desktop, 15% phones, 6% tablets. Way more mobile than I expected to be honest.

This was easily handled on a Debian virtual machine: running a dual core Xeon vCPU (3.2Ghz) with 2Gb of RAM. Nginx as webserver. No slowdown was noticed. Google Analytics reported peaks of ~100 concurrent users (but not sure what timeframe they consider "concurrent").

There was, what looks like, a DoS on Monday around 12h00 for about 30 minutes causing a 100% load (2.00 linux load, on 2 vCPUs), however there was no out of the ordinary traffic data peak -- but I didn't have time to look into it, and by the time I had notice it was already long over.

Interesting networks:

Usually Telenet & Belgacom consumer networks are high above anything else (they were still #1 and #2 respectively, this time), but closely following up where a lot of corporate networks, as as these:
Bank van Breda (177 pageviews)
ING (167)
Fortis (125)
KBC (114)
AXA (104)
And others (< 50 pageviews) Ogone, HP, Crelan, Argenta, Infrabel, Deutsche Bank, Microsoft, Vlaamse Overheid, AGFA, Getronics, De Post, etc.

Interesting referrers:

a bunch of intranets (fedict, kbc, ing),
a bunch of bank website & mailings: updated list on part 4.

Interesting reads:

Frank,
And a few comments on part 3 and part 4.

Ripple effect:

Same tests in Norway.

Belgian banks & SSL — part 4

Yeri Tiete — Mon, 16 Feb 2015 20:32:24 +0100

Because of the mediastorm it’s time for an update. The previous (1, 2, 3) blog posts are outdated!

I’ll do my usual slashdot-effect post in a couple of days (it’s already at 10k views today).

Banks that changed rank since last post (all for the better):

16/02/2015:
- Keytrade: B to A
- Hello Bank!: C to A
- ING: F to A-
- Record Bank: F to A-
17/02/2015:
- ABK: F to B
- Bank Van Breda: C to B
18/02/2015:
- MeDirect: F to A
- Added 6 new (small) banks
27/02/2015
- Ogone: C to A-
02/03/2015
- Fortuneo: C to B
03/03/2015
- Crelan: B to A

I cannot test Europabank using SSL Labs. I can only speculate they requested SSL Labs to not scan them. I have also added a couple new banks (Delta Lloyd, Deutsche Bank, Moneyou, Fortuneo, BKCP, Binck, and Isabel as bank tool).

I would like to apologise for every IT’er that had a crappy Monday morning, and thank you for fixing SSL so fast. :)

The entire list updated (last partial update 18/02/2015 around 20h00):

I’ve updated the sites to now correctly test the login page and not the main homepage. If that’s not the case somewhere, please tell me.

Grade A

Rabobank (A+): no known issues. Support for HTTP Strict Transport Security and prevented downgrade attacks.
Triodos (A+): no known issues. Support for HTTP Strict Transport Security and prevented downgrade attacks.
Evi (A+): no known issues.
Crelan (A): weak signature (SHA1).
Delta Lloyd Bank (A): no known issues. [news post]
Deutsche Bank (A): weak signature (SHA1).
Hello bank! (A): no known issues.
Keytrade Bank (A): weak signature (SHA1, intermediate, very very minor issue).
MeDirect Bank (A): no known issues. [newsletter: 1, 2]
Monte Paschi (A): no known issues.
Belfius (A-): weak signature (SHA1), no Forward Secrecy.
BNP Paribas Fortis (A-): weak signature (SHA1), no Forward Secrecy.
bpost bank (A-): weak signature (SHA1), no Forward Secrecy.
Binck (A-): weak signature (SHA1), no Forward Secrecy.
Fintro (A-): weak signature (SHA1), no Forward Secrecy.
ING (A-): no Forward Secrecy. [press release via Standaard]
Moneyou (A-): weak signature (SHA1), no Forward Secrecy.
Record Bank (A-): no Forward Secrecy. [news post]
Isabel (banking tool for big corps - A-): weak signature (SHA1), no Forward Secrecy.
Ogone (payment facilitator): no Forward Secrecy. [newsletter via twitter]

Grade B

Argenta: SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
ABK: weak signature (SHA1), no TLS 1.2, no Forward Secrecy, no support for secure renegotiation. [update]
AXA: weak signature (SHA1), SSL3 (insecure), RC4 (insecure), no Forward Secrecy.
Bank Van Breda: weak signature (SHA1), no TLS 1.2, no Forward Secrecy, no support for secure renegotiation. [update]
beobank: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy.
BKCP: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy. [newsletter]
CPH: no TLS 1.2, RC4 (insecure), no Forward Secrecy.
DHB Bank: weak signature (SHA1), RC4 (insecure).
Fortuneo: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
KBC: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
NIBC Direct: weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
VDK: SSL3 (insecure),no TLS 1.2, weak signature (SHA1), RC4 (insecure), no Forward Secrecy

Grade C

PSA Bank: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy.

Grade D

Grade E

Grade F

Optima Bank: vulnerable to POODLE attack in SSL3 and TLS format, weak signature (SHA1), RC4, no Forward Secrecy.

Information about SSL Labs grading can be found here. Grade A (+) being the best possible ranking, and F the worst.

Respect to those that send a mailing list to their customers with more detailed information. Communication++

Respect to Rabobank to be the only bank that directly contacted me (officially, not hiding behind a Gmail or Hotmail address) and thanked me for the work I did, asking for more details, etc.

And thank you for an anonymous person, working for one of the big banks, to give me more details about why they are slow at patching this, how legacy works, etc. I wish he could take this discussion public, but alas.

Belgian banks & SSL — part 3

Yeri Tiete — Sun, 15 Feb 2015 11:11:42 +0100

EDIT: ING is now A- (not reflected in this blog post). EDIT 2: Keytrade & Hello Bank also went to A. I’ll post a new blog post later tonight. EDIT 3: Updated post here.

Part three, or how I single-handedly “fixed” SSL at the Belgian banks. ;)

Part one and two are available here. Not related but useful nonetheless NY Times article about bank hackers.

Argenta promised to fix their SSL, so it’s the time to check everything again.

TL;DR: Only Argenta’s status changed for the better.

Those that did not change:

Rabobank: A+
Triodos: A+
Belfius: A-
BNP Paribas Fortis: A-
bpost bank: A-
AXA: B
beobank: B
CPH: B
KBC: B
Keytrade Bank: B
Crelan (internet banking): B
Hello bank!: C
Bank Van Breda (internet banking): C
- BvB no longer supports secure renegotiation (which, afaik, it did before). However, it's still rated as C, as this isn't a real issue.
ING: F
Record Bank (internet banking): F

Those that did change:

Argenta (internet banking): F to B
- No longer vulnerable to POODLE,
- Support for protocol downgrade attacks prevention,
- Still using SSL3 (obsolete and insecure),
- Weak signature (SHA1),
- RC4 cipher is supported (insecure),
- No Forward Secrecy.

Still a little way to go for Argenta, but it’s on the right path.

Those that I hadn’t tested before:

VDK: B
ABK: F
MeDirect Bank: F
Ogone: C (technically not a bank, and promised a fix, but it got delayed).

The entire list updated:

Grade A

Rabobank (A+): no known issues. Support for HTTP Strict Transport Security and prevented downgrade attacks.
Triodos (A+): no known issues. Support for HTTP Strict Transport Security and prevented downgrade attacks.
Belfius (A-): weak signature (SHA1), no Forward Secrecy.
BNP Paribas Fortis: (A-) weak signature (SHA1), no Forward Secrecy.
bpost bank: (A-) weak signature (SHA1), no Forward Secrecy.

Grade B

Argenta: no SSL on main page.
- internet banking: SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
AXA: weak signature (SHA1), SSL3 (insecure), RC4 (insecure), no Forward Secrecy.
beobank: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy.
CPH: no TLS 1.2, RC4 (insecure), no Forward Secrecy.
KBC: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
Keytrade Bank: weak signature (SHA1), RC4 (insecure).
VDK: SSL3 (insecure),no TLS 1.2, weak signature (SHA1), RC4 (insecure), no Forward Secrecy
Crelan: no SSL on main page.
- internet banking: weak signature (SHA1), SSL3 (insecure), no TLS 1.2, RC4, no Forward Secrecy.

Grade C

Hello bank!: vulnerable to POODLE attack, weak signature (SHA1), RC4 (insecure).
Bank Van Breda: no SSL on main page.
- internet banking: vulnerable to POODLE attack, weak signature (SHA1), no TLS 1.2, no Forward Secrecy, no support for secure renegotiation.
Ogone: payment facilitator
- weak signature (SHA1), RC4, vulnerable to POODLE, no Forward Secrecy

Grade D

Grade E

Grade F

ABK: SSL2 (insecure), vulnerable to POODLE attack, weak signature (SHA1), RC4 (insecure), no Forward Secrecy, no TLS 1.2.
ING: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
MeDirect Bank: vulnerable to POODLE attack, OpenSSL CCS vulnerability (quite bad),
Record Bank: no SSL on main page.
- internet banking: vulnerable to POODLE attack, RC4 (insecure), no Forward Secrecy.

Information about SSL Labs grading can be found here. Grade A (+) being the best possible ranking, and F the worst.

Also, shame on you ING. More than any other bank.

Belgian banks & SSL -- part 2

Yeri Tiete — Sun, 01 Feb 2015 11:32:43 +0100

I previously wrote about Belgian banks & SSL. Updated version (15/02/2015) here.

Going through my Google Analytics I noticed some noteworthy network domains, which Google discribes as “The fully qualified domain names of your visitors’ Internet service providers (ISPs)”.

There are a few more (Belgian) government institutions and universities, and the top in the list are “(not set)” and “unknown”.

Clearly some people at the banks read the post during their work time. So it’s only fair to recheck the websites… Here goes:

Those that I hadn’t tested before:

CPH: B
Record Bank (internet banking): F

Those that did not change:

Rabobank: A+
Belfius: A-
AXA: B
beobank: B
KBC: B
Keytrade Bank: B
Crelan (internet banking): B
Hello bank!: C
Bank Van Breda (internet banking): C
ING: F
Argenta (internet banking): F

Those that did change:

Triodos: A to A+
- downgrade prevention correctly applied.
BNP Paribas Fortis: F to A-
- No longer vulnerable to POODLE,
- Disabled SSL3 (insecure),
- Disabled RC4 (insecure),
- Still using a weak signature (SHA1),
- No Forward Secrecy.
bpost bank: F to A-
- No longer vulnerable to POODLE,
- Disabled SSL3 (insecure),
- Disabled RC4 (insecure),
- Still using a weak signature (SHA1),
- No Forward Secrecy.

Huge thumbs up for these last three banks! Well done, especially BNP & bpost! :)

Keep on shaming the others.

The entire list updated:

Grade A

Rabobank (A+): no known issues. Support for HTTP Strict Transport Security and prevented downgrade attacks.
Triodos (A+): no known issues. Support for HTTP Strict Transport Security and prevented downgrade attacks.
Belfius (A-): weak signature (SHA1), no Forward Secrecy.
BNP Paribas Fortis: (A-) weak signature (SHA1), no Forward Secrecy.
bpost bank: (A-) weak signature (SHA1), no Forward Secrecy.

Grade B

AXA: weak signature (SHA1), SSL3 (insecure), RC4 (insecure), no Forward Secrecy.
beobank: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy.
CPH: no TLS 1.2, RC4 (insecure), no Forward Secrecy.
KBC: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
Keytrade Bank: weak signature (SHA1), RC4 (insecure).
Crelan: no SSL on main page.
- internet banking: weak signature (SHA1), SSL3 (insecure), no TLS 1.2, RC4, no Forward Secrecy.

Grade C

Hello bank!: vulnerable to POODLE attack, weak signature (SHA1), RC4 (insecure).
Bank Van Breda: no SSL on main page.
- internet banking: vulnerable to POODLE attack, weak signature (SHA1), no TLS 1.2, no Forward Secrecy.

Grade D

Grade E

Grade F

ING: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
Argenta: no SSL on main page.
- internet banking: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
Record Bank: no SSL on main page.
- internet banking: vulnerable to POODLE attack, RC4 (insecure), no Forward Secrecy.

Information about SSL Labs grading can be found here. Grade A (+) being the best possible ranking, and F the worst.

Belgian banks & SSL

Yeri Tiete — Tue, 20 Jan 2015 11:40:50 +0100

Tested using SSL Labs on 20/01/2015. Updated version 01/02/2015 here and 15/02/2015 here.

Only providing the weak points. Once there is one SHA1 key in the chain, I will report everything as weak.

Check SSL Labs for a full report, including what they actually did good (if anything).

Grade A

Rabobank (A+): no known issues. Support for HTTP Strict Transport Security and prevented downgrade attacks.
Triodos (A): no downgrade attack prevention.
Belfius (A-): weak signature (SHA1), no Forward Secrecy.

Grade B

AXA: weak signature (SHA1), SSL3 (insecure), RC4 (insecure), no Forward Secrecy.
beobank: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy.
KBC: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
Keytrade Bank: weak signature (SHA1), RC4 (insecure).
Crelan: no SSL on main page.
- internet banking: weak signature (SHA1), SSL3 (insecure), no TLS 1.2, RC4, no Forward Secrecy.

Grade C

Hello bank!: vulnerable to POODLE attack, weak signature (SHA1), RC4 (insecure).
Bank Van Breda: no SSL on main page.
- internet banking: vulnerable to POODLE attack, weak signature (SHA1), no TLS 1.2, no Forward Secrecy.

Grade D

Grade E

Grade F

BNP Paribas Fortis: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
bpost bank: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
ING: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
Argenta: no SSL on main page.
- internet banking: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.

Information about SSL Labs grading can be found here. Grade A (+) being the best possible ranking, and F the worst.

PS: none of the domains support IPv6 (while expected, it would have been nice – Belgium has the highest IPv6 adoption rate for end users, but almost no IPv6 websites or businesses).

diplomatie.belgium.be

Yeri Tiete — Fri, 21 Feb 2014 07:42:45 +0100

odd!

#TEGENGAS

Yeri Tiete — Wed, 19 Feb 2014 16:12:00 +0100

By Miet.

JCVD

Yeri Tiete — Sat, 16 Nov 2013 17:30:13 +0100

Losing all faith in news papers

Yeri Tiete — Wed, 09 Oct 2013 11:53:01 +0200

That moment when I copy pasted “Tesla Roaster” to Google it:

This is what ended up in my clipboard:

Kwaliteitsjournalistiek vergt veel investeringen. Als u een artikel wil delen, 
gebruik daarom onderstaande link in plaats van de tekst te knippen/kleven. Meer 
informatie over auteursrechten of intellectuele eigendom vindt u in onze Algemene 
Voorwaarden.  http://help.tijd.be/?op=detail&articleId=8916071&nodeId=3474  
Wie bijkomende rechten wil kopen voor collectief of commercieel gebruik, kan 
terecht bij Reprocopy.  http://www.reprocopy.be/  Hierbij vindt u de link die 
u makkelijk met anderen kan delen:  http://www.tijd.be/r/t/1/id/9376774.
Tesla Roadster

Le sigh.

GCHQ hacks Belgacom

Yeri Tiete — Sat, 21 Sep 2013 11:28:33 +0200

And thus, we can assume, they had (have?) access to a lot of European instances and personnel, both residing here in Belgium and roaming using BGC’s network.

And not a single fuck was giving. Not one. Please remain calm and keep on hypnotoad.

If GCHQ was indeed the agency concerned then this investigation is unlikely to go anywhere and the most that can be expected is some sort of diplomatic complaint from Belgium to the UK, its EU and Nato partner.

Gif of Antwerp sunset

Yeri Tiete — Sat, 14 Sep 2013 22:43:09 +0200

Made from my previous recording.

last summer days timelapse in Antwerp

Yeri Tiete — Sun, 08 Sep 2013 12:08:59 +0200

Het Eilandje sunset

Yeri Tiete — Wed, 14 Aug 2013 10:38:05 +0200

Antwerp nightfall timelapse

Yeri Tiete — Mon, 12 Aug 2013 03:20:33 +0200

London Tower time lapse (Eilandje)

Yeri Tiete — Sun, 11 Aug 2013 22:19:44 +0200

Having some fun. Definitely need a better battery.

Happy easter

Yeri Tiete — Sun, 08 Apr 2012 08:00:07 +0200

(Source)

i-Vlaanderen - De Vlaamse overheid en open data

Yeri Tiete — Fri, 16 Mar 2012 12:11:31 +0100

Carnival

Yeri Tiete — Tue, 21 Feb 2012 08:41:11 +0100

facepalm

Yeri Tiete — Mon, 22 Aug 2011 10:50:31 +0200

And I quote;

(Source: Google cache, ss, Twitter)

Bezinning na PP11

ZATERDAG 20 AUGUSTUS 2011, 03U00
AUTEUR: PETER DUPONT

HASSELT - Pukkelpop. Het lijkt alsof de duivel er ook speelt. Verkrachting, zelfmoord en ongeluk spaarden het festival de afgelopen jaren niet. En gisteren op PP11, als een adem Gods, vielen er vijf doden en meer dan tien zwaargewonden. Bezinningstijd voor de organisatoren, heet dat. En niet alleen rond de pijnlijk dure tickets. Ook de schaal van het festival kan in vraag gesteld worden. Want hoe goed het rampenplan zich ook ontvouwde, vraag is of een zo grote concentratie van mensen niet altijd de schikgodinnen wekt. En feit is dat de organisatoren op dat moment niet enkel verantwoordelijk zijn voor zestigduizend bezoekers, maar ook verantwoording moeten afleggen voor de honderdduizenden mensen gelinkt aan hun muziekfeest.

De storm die PP11 donderdagavond insloot, had een bijna bijbelse dimensie en boorde zich diep in mijn denken. Sodom en Gomorra leek het wel. En zoutpilaren te over achteraf. Rond de wei wemelde het van angstige ouders. Mensen die hun kinderen enkele uren daarvoor zonder veel bezorgdheid naar het grootste zuip, neuk- en drugsfest van België hadden laten gaan. Een dierentuin voor predatoren, een witwasfestival voor immoraliteit. Ook hier moeten de organisatoren zich dringend over bezinnen. Muziek moet geen orgie zijn, maar een feest. Pret kan zonder slikken.

Maar nog het meest zorgwekkende was het besluit donderdagnacht om het festival laten door te gaan. Op een moment dat meer dan tienduizend mensen op Facebook het tegendeel vroegen. Hoeveel doden is Pukkelpop waard? Gelukkig was de druk van festivalgangers, jongeren, opiniemakers en muzikanten groot genoeg om de beslissing te kelderen. De euro moest de duimen leggen. Het was niet Chokri’s ‘finest hour’.

Toch onthoud ik bovenal de bubbel van verbijstering boven de PP-wei. En het moment dat ze uiteenspatte. Toen huilende ouders en kinderen elkaar in de armen vielen. En vrienden elkaar terugvonden. De 16-jarige tiener die haar moeder vijf minuten lang vastpakte. Onder het reuzenrad. De tranen vloeiden als de regen.

Sigh, tard...

Edit: Seems like he got fired (via FB)

The Subs - Pukkelpop 2011 tribute

Yeri Tiete — Sun, 21 Aug 2011 02:50:19 +0200

Something to think about

Yeri Tiete — Sat, 20 Aug 2011 18:37:05 +0200

Imagine, a couple of years from now.

Apple’s patent to block recordings is reality and in operation. At some event such as Pukkelpop. During a crisis.

No one, as the infrared is beaming light into every smartphone, telling it to shut down the camera, is able to record or take pictures of what’s going on. Countless of proof is lost (or never made). Nothing on Twitpic, nothing on Youtube. No proof of how severe the storm/crisis actually was. No usable data for journalists and researchers to reuse afterwards. Unable to see whether the roof/screen/pillar/sound system/… fell before or after the whole tent actually collapsed…

Telenet, the satire

Yeri Tiete — Tue, 07 Jun 2011 11:02:02 +0200

Another news site that gets the facts wrong.

I only retweeted and posted the image on my blog. @raf__ is the author of this image (or at least, the one that spread it). Not me.

I thought the “Source” part at the end of my blog was clear enough…

De aanhoudende YouTube-problemen bij Telenet inspireerden Twitteraar Yeri Tiete (@Tuinslak) tot deze satirische advertentie.

ZDnet was wrong. Now ITprofessionals. Who’s next?

Telenet

Yeri Tiete — Sat, 04 Jun 2011 12:07:57 +0200

Source.

AppsForGhent

Yeri Tiete — Fri, 13 May 2011 12:42:42 +0200

AppsForGhent! Tomorrow!

Les Belges

Yeri Tiete — Sun, 20 Mar 2011 12:22:59 +0100

Source.

Politieke Chaos

Yeri Tiete — Fri, 14 Jan 2011 13:48:53 +0100

Maxim of the Day: #nogov

Yeri Tiete — Mon, 10 Jan 2011 07:16:18 +0100

Asking your gov to build the future is like asking Google to build the next Social Network. They just can't. #begov #nogov

(Xavier Damman - Source)

Belgium

Yeri Tiete — Wed, 22 Sep 2010 22:55:22 +0200

Sun

Yeri Tiete — Tue, 14 Sep 2010 19:10:56 +0200

Aint it a beauty?

View on Flickr →

Flickr set.

Fwd: Workshop Reprocopy 22 september

Yeri Tiete — Sun, 12 Sep 2010 00:52:15 +0200

Mail I received in my inbox today.

Posted, because I can’t attend, and, well, someone should. To save the planet. Or something.

To progress, instead of regress.

Begin forwarded message:

From: "Katrien Kiekens" Date: 10 Sep 2010 12:22:35 GMT+02:00 To: "Katrien Kiekens" Subject: Workshop Reprocopy 22 september

Beste

Reprocopy – beheersvennootschap van de Vlaamse krantenuitgevers - nodigt u uit om samen met deze uitgevers de voorwaarden rond dieplinken naar krantencontent te bekijken. Op woensdag 22 september om 10u organiseren we een workshop in de kantoren van Reprocopy, vlakbij het Brusselse Zuidstation.

Wij waken in eerste instantie over een correcte toepassing van de wetgeving inzake het auteursrecht. Dat wil zeggen dat we het online verspreiden van beschermde krantenartikels - zonder voorafgaande toestemming van de auteur - tegengaan.

Krantenuitgevers willen dieplinks uiteraard toelaten. De voorwaarden die we voor dat linken hebben uitgewerkt, zijn vandaag het voorwerp van kritiek.

Indien interesse in deze workshop, bevestigt u uw komst? Indien u reeds inschreef via info@reprocopy.be, hoeft u niet meer te replyen.

We kijken uit naar uw feedback.

Vriendelijke groet Katrien Kiekens Reprocopy www.reprocopy.be

T +32 2 558 97 64 M +32 485 100 692 t @katrienkiekens

Barastraat 175 1070 Brussel Route: http://vdpma-route.notlong.com/

Reprocopy – Internet in België anno 2010…

Yeri Tiete — Wed, 14 Jul 2010 17:01:03 +0200

Help. Waar gaan we naartoe?!?!

Tweakers.net - PDF.

SMTP-server list

Yeri Tiete — Sat, 23 Feb 2008 17:46:18 +0100

Whilst on the move, it’s always handy to be able to send e-mails. Most providers tend to block all SMTP-servers, besides their own. Quite unhandy if you’re on a FON (or… well… open & unsecure) WiFi network.

Here’s a list with all mayor Dutch & Belgian ISPs their SMTP-servers.

Skynet - relay.skynet.be Telenet - uit.telenet.be

Het Net - mailhost.hetnet.nl Home - mail.home.nl KPN - mail.direct-adsl.nl Versatel - relay.versatel.net Xs4all - smtp.xs4all.nl

Belgium – Yeri Tiete

GTFS

Long holiday

EU pushes for digital surveillance

Nature in an urban setting

Kids and urban space

The Rules for Rulers

2022 by Vox

Why Car-Centric Cities are a GREAT Idea

Third Place

On the Beating of Children

Bakfiets

Cost of Cars

Changing from a car-centric Paris to a cycling city

3M PFOS

Charleroi metro line that never opened

Continuous Sidewalks

SIN - DXB - BRU

Brussels

Surreal

Facebook Safety Check

Belgian banks & SSL — part 5

Europe

Belgian bank & SSL slashdot effect

Belgian banks & SSL — part 4

Belgian banks & SSL — part 3

Belgian banks & SSL -- part 2

Belgian banks & SSL

diplomatie.belgium.be

#TEGENGAS

JCVD

Losing all faith in news papers

GCHQ hacks Belgacom

Gif of Antwerp sunset

last summer days timelapse in Antwerp

Het Eilandje sunset

Antwerp nightfall timelapse

London Tower time lapse (Eilandje)

Happy easter

i-Vlaanderen - De Vlaamse overheid en open data

Carnival

*facepalm*

Bezinning na PP11

The Subs - Pukkelpop 2011 tribute

Something to think about

Telenet, the satire

Telenet

AppsForGhent

Les Belges

Politieke Chaos

Maxim of the Day: #nogov

Asking your gov to build the future is like asking Google to build the next Social Network. They just can't. #begov #nogov

Belgium

Sun

Fwd: Workshop Reprocopy 22 september

Reprocopy – Internet in België anno 2010…

SMTP-server list

facepalm