Im Zeitalter von Internet-Flatrates ist ja schon mehrfach darueber gestritten worden, ob Provider die IP-Adressen der jeweiligen Sitzungen speichern duerfen. Wenn diese voellig unnoetige Praxis auf unglaublich unfaehige Richter in unserem voellig maroden und veralteten Rechtssystem trifft, ist das Ergebnis, dass in Deutschland ahnungslose Rentnerinnen zur Zahlung von Abmahnungen verurteilt werden. Und jeder der mal Einblicke in die ISP Netzte und damit verbundenen Systeme und Logfiles hatte, weiss wie schnell dabei Fehler gemacht werden. In den USA ist doch vor ein paar Jahren auch mal von einem Sondereinsatzkommando ein Bauernhof gestuermt worden, weil bei einem ISP jemand die Zeitzone nicht beruecksichtigt hatte. Also, fang endlich an den Grundsatz der Datenvermeidung umzusetzen.
Dec 02 2011
Apple vs. Samsung
Apple seems to be successful in fighting Samsungs Galaxy Tab 10.1 here in Germany. Asked for the (especially for Germany) resigned version of the Samsungs Galaxy Tab 10.1N at a Saturn shop (German chain of electronic device selling shops) and after a phone call to an other department I was told that they refuse to order that device even on customer demand due to Apples restraining order. Although the judgement will be given on December 22nd they seem to fear, not being allowed to sell the modified version in Germany also.
I had a glimpse at a Motorola’s Xoom tablet and am really asking myself why Apple does not jerk Motorola to court for the Xoom tablet too. It also looks exactly like the design patent of Apple’s iPadany $TABLET_PC.
Fridge vs. Apple’s iPad seems to become true if our judges don’t start using their brains very soon. Ever asked yourselves how all the television manufacturers can survive if the devices look so similar!?
Finally I’ve got only two words for you, Apple: FUCK YOU!
You can be sure I’ll never buy or use one of your devices.
EDIT: One day later I bought my 10.1N at a nearby Media Markt store. Although both stores belong to the same group, they seem to deal differently with the Galaxy Tab issue. So I now own a 10.N for more than two weeks and haven’t regret it yet.
Nov 10 2011
M$ Knowledge base quote of the day
This behavior may occur if an FQDN or IP address contains periods. If an FQDN or IP address contains a period, Internet Explorer identifies the Web site or share as in the Internet zone.
Hit me if I’m wrong but the above statement is always TRUE. Exception might be IPv6. But as that article probably beeing a few years old, I don’t think they had IPv6 on their mind.
Nov 09 2011
Looking for a perfect Linux desktop system?
I think I just found it: Installed Ubuntu 10.04 on an Acer Aspire X3910 PT.SEDE2.240 and must say that I am really suprised how well it works. Everything was detected automatically. The whole machine has a very small form factor and is very silent but on the other hand very powerful with its dual-core Intel E6700 CPU. Unfortunately it is not mine 
Oct 20 2011
Hans-Peter Uhl zum Staatstrojaner #0zapftis
Nachdem ich jetzt die letzten Stunden mit Traenen aus den Augen wischen verbracht habe, weil ich die Rede eigentlich urkomisch finde, der Hintergrund aber leider viel zu traurig ist, will ich meine Ankuendigung gegenueber Turrican wahrmachen und die Rede mal kommentieren.
Basis ist das Video unter http://www.youtube.com/watch?v=WduKj0KXBiA
[0:35] Soso, die Linkspartei hat also das “Zerrbild” am glaubwuerdigsten dargestellt, weil niemand besser als ein Vertreter der Linkspartei ueber einen Ueberwachungsstaat reden kann. Na dass ist doch schon mal ein souveraener Einstieg und so eine Stammtischrede.
[1:06] Es muss Sicherheit im Internet hergestellt werden, weil das wird sich ja drrramaaatisch weiterentwickeln, Ihr wisst?
[1:24] Die Computer der kriminellen werden immer ausgetueftelter, sie werden immer raffinierter.
Dass soll wohl heissen: “Wenn ich wuesste wo die nur Ihre scheiss Computer kaufen, ich wuerde den Laden sofort dicht machen und das Problem waere vom Tisch!”
[1:38] Grandiose Argumentation: Ganze 20Tsd. Menschen sind auf irgend einen dubiosen Online Haendler reingefallen und deshalb brauchen wir die Quellen-TKUE. Warum?!?! Hatten die ein Callcenter betrieben? Ach ja und ausserdem war es eine “kriminelle Bande aus dem Ausland”! Also waren die Computer gar nicht in Deutschland? Duerfen die deutschen Behoerden denn auch Rechner im Ausland damit infizieren?
[2:35] …und Sie alle bekennen sich zur Quellen TKUE und das ist gut so!”
Sorry Peter, aber wenn der Wowereit sagt “das ist gut so”, klingt das irgendwie netter.
Ah ja. Das “Zerrbild” was der CCC gemacht hat ist also unwahr und unredlich und voller Unterstellungen. Soweit ich das im Kopf habe hat der CCC nur gesagt was mit dem Ding moeglich ist.
[4:35] Aha! Es wird also wohl darauf hinauslaufen das rauskommt, dass “die Software vielmehr kann als sie darf”. Echt jetzt … das wird rauskommen. Wahnsinn! Moment, aber das ist doch der Kern der Sache. Ihr habt da ne Software beauftragt, die Dinge tut die das Bundesverfassungsgericht als illegal erklaert hat. Ob der Peter das auch so locker sieht, wenn ich mein naechstes Auto gleich mit scharfen Bordkanonen bestellen werden… Nene die will ich nicht einsetzten, is ja verboten, aber die sehen einfach sooooo schick aus.
[5:20] Ganz suess finde ich ja dieses armselige Piraten und CCC Bashing am Ende.
Oct 13 2011
MobileMe Mail Seems To Be RFC Ignorant
I am pretty sure that RFC 4959 section “4. Examples”, second example tells you, that your IMAP server offering AUTH=PLAIN _MUST_ support it. Now, this is what happens when you try it with a MobileMe Mail account:
* OK iSCREAM ready to rumble (1F28:18179)
R00001 CAPABILITY
* CAPABILITY st11p00mm-iscream001.me.com 1F28 XAPPLEPUSHSERVICE IMAP4 IMAP4rev1 SASL-IR AUTH=ATOKEN AUTH=PLAIN
R00001 OK !!
R00002 AUTHENTICATE PLAIN
R00002 BAD Parse Error
BAD Parse Error
Fucked up, isn’t it?
EDIT: Turns out to be a general problem as media reports about problems after MobileMe > iCloud migration.
UPDATE:Apple has fixes this issue a few weeks ago.
Sep 26 2011
Epic Fail of German ISPs
My employer is running two web servers at two different hosting providers (1&1, Strato). Both webserver IPs are A records for the www hostname. The domains are managed by a third ISP (InternetX). 1&1 currently has a major issue with some of their servers and as a result our webserver is not reachable for more than 30 minutes now. So I decided to remove that one from the list of A records (TTL of the zone is just five minutes).
Now guess what: One of the four authoritative name servers of our InternetX managed domain is hosted at 1&1. As a result of their outage the InternetX AutoDNS system refuses to accept changes of zone data. WTF!
And that is exactly the reason why I prefer to run things on my own!
Note: Carefully audit you ISP infrastructure before signing up the contract.
Aug 05 2011
TLS init def ctx failed: -69 – WTF?
If you ever get into a situation, where you see
main: TLS init def ctx failed: -69
in your syslog, just remove the f**k**g passphrase from the key.
Maybe the error message is to obvious, because I found nothing helpful in the web. BTW: Confucius says: Building LDAP server on ONE day, will prevent you from getting headache, mkay!
Jul 31 2011
Privacy, No Ads And Speed!
As I wrote earlier on this blog, I again started using Privoxy with some slight modified configuration to block advertisment as well as improve privacy by filtering out tracking bugs and all those social networking stuff on websites.
It looks like some of the latest updates for Google Chrome/Chromium broke the “ProxySwitchy !” extension which often made me surf the web without actually using Privoxy although the Privoxy proxy profile was selected in “Proxy Switchy !”. While reading some comments to a Google Plus post of Markus Beckedahl about some privacy enhancing add-ons for Firefox I stumbled about an hint to try Chrome Block. I am trying it out at the moment and it looks very promising at first glance, but as it is mainly designed for privacy protection, a solution for removing ads was also needed. So I installed AdBlock additionally which is doing a great job also.
My feeling is that the impact on browsing speed is extremely low compared to my earlier Privoxy setup and it is more transparent to me than before as both extensions have nice self-explaining status icons right of the location bar.
Jul 16 2011
AIX5L with Samba 3.x and Kerberos 5 as a Windows 2003 ActiveDirctory Member Server
While cleaning up one of my other websites, I stumbled upon this guide I wrote five years ago. Although the content of this guide is already five years old, I don’t want to remove it from the net. I suppose it should work also with a Windows 2008 Active Directory domain as well. But please do not ask me questions about AIX5L as I do not have access to any of those machines any more.
Preperations
First install some packages which are required for the setup. This includes the Kerberos Client as well as the Samba 3.x Server. They are called pware.samba-3.0.23d, krb5.client and strong>krb5.lic
Now make sure your system uses the same timeserver as your domain controller. On most systems this is done by making changes to the xntp server’s configuration file /etc/ntp.conf. Afterwards set up your active directory controller as your system’s nameserver in /etc/resolv.conf.
Kerberos 5 setup
Edit your Kerberos client configuration in /etc/krb5/krb5.conf, that it look similar to this one:
# /etc/krb5/krb5.conf
[libdefaults]
default_realm = MYCOMPANY.LOCAL
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
[realms]
MYCOMPANY.LOCAL = {
kdc = dc.mycompany.local:88
admin_server = dc.mycompany.local:749
default_domain = mycompany.local
}
[domain_realm]
.mycompany.local = MYCOMPANY.LOCAL
dc.mycompany.local = MYCOMPANY.LOCAL
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/kdc.log
admin_server = FILE:/var/log/kadmind.log
Add the KRB5 authentication methods to /usr/lib/security/methods.cfg.
[..]
KRB5A:
program = /usr/lib/security/KRB5A
options = authonly
KRB5Afiles:
options = db=BUILTIN,auth=KRB5A
[..]
Now it is time to test your Kerberos 5 configuration by running kinit with an existing domain user as parameter e.g.
kinit Administrator
Samba 3.x server setup
Now that Kerberos is working for the underlying AIX System you can start to configure your Samba server. To make things easier, create the smb.conf in /etc and link it to the directory where samba expects it to be:
touch /etc/smb.conf ln -s /etc/smb.conf /opt/pware/samba/3.0.23d/lib/smb.conf
Here is the beginning of a working /etc/smb.conf file.
# /etc/smb.conf
[global]
workgroup = MYCOMPANY
netbios name = AIXHOSTNAME
security = ADS
realm = MYCOMPANY.LOCAL
password server = dc.mycompany.local
client use spnego = yes
client signing = yes
encrypt passwords = yes
printcap name = cups
disable spoolss = Yes
show add printer wizard = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind use default domain = Yes
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
use sendfile = Yes
printing = cups
ldap suffix = "dc=mycompany,dc=local"
winbind cache time = 0
#Uncomment to allow these options
log level = 5
log file = /var/log/samba3/log.%m
#max log size = 5000000
#debug timestamp = yes
browseable = yes
obey pam restrictions = yes
auth methods = winbind
[..]
If testparm is not complaining about any errors try joining your domain.
net join -S dc -UAdministrator
Putting it all together with winbind
In order to make WINBIND available to your AIX system copy the winbind security module to /usr/lib/security,
cp /opt/pware/samba/3.0.23d/lib/WINBIND /usr/lib/security/
and add WINBIND config to /usr/lib/security/methods.cfg
[..]
WINBIND:
program = /usr/lib/security/WINBIND
options = authonly
[..]
To make winbind the default user database change the SYSTEM value to WINBIND in the default section of /etc/security/user. You can check wether winbind is working with wbinfo.
After you successfully joined your domain and set up windbind, make sure that the smbd, nmbd and windbind gets started at system startup. The easiest way for me was to add the SysV init scripts to /etc/rc.tcpip.
« Previous Page — Next Page »
