Archive for the 'Tech' Category

Fixing an incorrect DNS SOA serial

May 16, 2016

Note to self, just in case I mess up a zones’s SOA records’s serial again: Reset the serial number of a DNS zone

ThinkPad T440p X.org touchpad configuration

Sep 13, 2014

While the ThinkPad T440p is a pretty nice device (and finally also available with a quad-core CPU), its touchpad is definitely a step back compared to previous ThinkPad generations, especially for trackpoint users like me. With the default X.org touchpad configuration shipped with (K)ubuntu 14.04 it is nearly unusable (clicks cause subtle mouse movements, palm detection is horribly broken and using the trackpoint is no fun at all due to touchpad interference).

Fortunately, this can be improved a lot using plain configuration.

yesss!-SIM im MiFi-Hotspot nutzen

Apr 23, 2014

Eine österreichische yesss!-SIM im MiFi-Hotspot (bei mir ist das ein XSBox GO) zu nutzen, sollte eigentlich ganz einfach sein. APN eintragen und fertig – denkt man. Funktionierte bei mir allerdings erstmal nicht, der MiFi-Router verweigerte standhaft, sich in das A1-Netz einzubuchen.

Nach kurzer Recherche und Überlegung war die Ursache und damit auch die Lösung allerdings schnell gefunden: yesss! (und vmtl. auch die diversen anderen Discount-Prepaid-Produkte im Netz von A1) nutzt einen eigenen MNC, hat aber kein eigenes Netz und muss also zwangsweise Inlandsroaming zur Erbringung seiner Dienstleistung nutzen.

Lange Rede, kurzer Sinn: Wer eine yesss!-SIM in einem MiFi-Router nutzen möchte, sollte Datenroaming aktivieren, dann klappt’s auch mit der Verbindungsaufnahme zum Netz.

NFC-Security beim eTicket-Rhein-Main [Update]

Mar 15, 2013

Bei Jens Kubiziel und Fefe gibt es gerade eine aktuelle Sammlung von Blogposts [1, 2, 3, 4] zur Sicherheit von Sparkassenkarten mit NFC-Funktion in Bezug auf die unbemerkte Auslesbarkeit von Daten mit Wiedererkennungswert im Vorübergehen.

Das habe ich zum Anlass genommen, um die sich in meiner Geldbörse befindlichen kontaktlos auslesbaren Plastikkarten mal ein wenig genauer unter die Lupe zu nehmen. Als besonders interessant erwies sich dabei das eTicket-RheinMain, eine persönliche, d.h., nicht übertragsbare Jahreskarte des Rhein-Main-Verkehrsverbund (RMV) auf RFID/NFC-Basis. Zu dieser Karte verspricht der RMV auf seiner Website vollmundig:

Sind auf der Chipkarte auch persönliche Daten hinterlegt?

Personenbezogene Daten enthält der Chip nicht. Es werden nur eine Identifikationsnummer (ID) sowie die für Fahrten mit Bus und Bahn wichtigen Daten - wie Fahrkartenart, Gültigkeitszeitraum und Tarifgebiete - gespeichert. Bei persönlichen Chipkarten werden Name und Foto außen auf die Rückseite der Karte aufgedruckt. […]

Das eTicket RheinMain bietet seinen Nutzern hinsichtlich des Datenschutzes ein Höchstmaß an Sicherheit. Bereits bei der Entwicklung des Tickets wurden die Datenschutz-Aufsichtsbehörden mit eingebunden.

Klingt soweit stimmig, stellte mich aber noch nicht zufrieden - könnte doch zumindest eine eindeutige ID der Karte auslesbar sein, die mich zumindest wiedererkennbar macht.

Also habe ich mir die Karte mit ein paar gängigen NFC-Reader-Applikationen für Android angesehen - die meisten kennen die verwendete Applikation “Verband Deutscher Verkehrsunternehmen (VDV) Card” nicht.

Zum Glück gibt es zwei Applikationen, mit denen sich der Karte ein paar - durchaus unerwartete - Details entlocken lassen:

Die von mytraQ auslesbaren Infos schienen noch recht harmlos: Eindeutige (und damit wiedererkennbare) Kartennummer, die Information, dass es sich um eine persönliche Jahreskarte handelt, sowie der Gültigkeitszeitraum der Karte.

Die mit speeKA! auslesbaren Informationen waren dagegen schon interessanter: speeKA! zeigt nämlich direkt einen Hex-Dump des Karteninhalts an. Und siehe da: Inmitten von Zertifikaten und anderen Binärdaten steht doch tatsächlich mein Name im Klartext:

posts/2013-03-15-nfc-security-beim-eticket-rhein-main/rmv-eticket-hexdump-f622d00b9b3a0d2db09aa766dc72e8583186bbe83798e1bd11c408d912fb81ba.png

Keine personenbezogenen Daten. Klar. Was bitteschön, lieber RMV, wenn nicht mein Vor- und Nachname, abgelegt im Klartext, ist denn dann bitte ein personenbezogenes Datum?

Was bitteschön hat die angeblich involvierte Datenschutzbehörde denn geprüft? Irgendein Spezifikationsdokument, das im Endeffekt nichts mit der Implementierung zu tun hat? Die Aussage des RMV, dass das so alles schon seine Richtigkeit habe?

Ich bin jedenfalls auf die Antwort des RMV auf meine Anfrage gespannt, wie ich denn ein Ticket beziehen kann, dass entsprechend der Aussage in der FAQ keine personenbezogenen Daten über mich enthält. Ich werde berichten…

Update: Inzwischen habe ich auf dem Postweg eine neue RFID-Karte erhalten, auf der via Funkschnittstelle tatsächlich keine personenbezogenen Daten mehr im Klartext lesbar sind - bei der Erstellung der ursprünglichen Karte sei ein Fehler unterlaufen.

Reducing T420s Power Consumption under KDE/Linux

Oct 6, 2011

If you own a Lenovo ThinkPad T420s (or any recent-generation notebook with a Sandy Bridge CPU) with Intel HD 3000 Graphics, this information may help you to reduce the power consumption under KDE/Linux:

  • Intel HD 3000 Power-Saving: Enable the following Kernel command-line options: i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1

  • Force ASPM: Enable the pcie_aspm=force Kernel command-line option

  • In KDE, go to “System Settings” “Desktop Effects” “Advanced” and set the “Scale method” to “Crisp”.

Overall, this brings my T420s’s power consumption down below 9 W. For best results, use a recent Linux 3.1-rc pre-release.

Current NVIDIA Drivers for Ubuntu Natty

Jul 31, 2011

If you are looking for current NVIDIA drivers for Ubuntu Natty (11.04), my new PPA may be of interest to you. It hosts an Ubuntu port of the current release version 275.21 of the NVIDIA Linux driver.

To install:

sudo apt-add-repository \
   ppa:thilo.ginkel/nvidia-graphics-drivers
sudo apt-get update
sudo apt-get upgrade

Caution: There are some reports on the nvnews.net forums that this driver version breaks Gnome / GTK applications under certain circumstances, which I can neither confirm nor deny as I am using KDE (but GTK apps work correctly for me). You have been warned, use at your own risk.

Swissvoice Eurit 4000 Headset-Kompatibilität

Jun 22, 2011

Vor kurzem bin ich von meinem betagten Ascom Eurit 40 auf ein Swissvoice Eurit 4000 umgestiegen und war dabei recht naiv der Meinung, mein Plantronics-H141N-Headset einfach weiterverwenden zu können. Dem war leider nicht so, d.h., nach Anschluss des Headsets an das Eurit 4000 tat sich akustisch erstmal gar nichts.

Die Lösung war aber schlussendlich so simpel, dass ich sie hier dokumentieren möchte: Offenbar hat der Höreranschluss des Eurit 40 gegenüber dem Eurit 4000 eine andere Pin-Belegung. Ein passendes Kabel aus dem Zubehör, im Falle des Eurit 4000 ist das die Plantronics-P/N 27190-01, hat das Problem in Nullzeit gelöst.

World IPv6 Day

Jun 7, 2011

Today is World IPv6 Day and as my hosting provider has been offering IPv6 support for some time, I took the opportunity to enable IPv6 support for most services offered under the ginkel.com domain.

Let’s see whether there will be any IPv6-based requests (except for my own ones thanks to the excellent SixXS service).

Welcome to the next evolutionary stage of the Internet! ;-)

Kindle SSID Trouble

Apr 29, 2011

Today, I unboxed my new Amazon Kindle (Wi-Fi). As it turned out, getting it to talk to my wireless router (an AVM FRITZ!Box 7270) was a little more difficult than expected. When connecting, all I got was a rather generic error message “Unable to connect to Wi-Fi network” despite correct settings and credentials. As it turned out later after fiddling around with my router settings, the Kindle does not like special characters in the SSID (in my case that was probably a slash or colon character - yes, I was using a URL as my SSID ;-)). After stripping them, everything started working flawlessly.

Secure Hard Disk Erasure

Mar 15, 2011

Before setting up dm-crypt, one is supposed to overwrite the hard disk with random data. As it turns out, this is harder to do than initially expected. Using /dev/random or /dev/urandom as a data source to overwrite the disk will take ages (multiple days) for a hard disk drive of typical size. The same applies to using the wipe command.

Fortunately, there is an alternative available by means of the badblocks command:

badblocks -c 10240 -s -w -v -t random /dev/<device>

This takes approximately four hours per terabyte of data (YMMV).

Source: http://chakra-project.org/wiki/index.php/LUKS_for_dm-crypt

Minor Asterisk for FRITZ!Box Update

Feb 6, 2011

I am a little short on time, so I will keep this post short.

In brief: If you had trouble compiling Asterisk against the current Freetz development branch or an Asterisk version built against an older version was regularly crashing when establishing a new connection, this update is for you.

The updated version is available for download at http://github.com/ginkel/asterisk-freetz-build/tarball/v0.5. As usual, code contributions are welcome. The source code is available on GitHub.

Confused? ;-) This post tells you what this is all about.

Upgrading Cassandra 0.6.x to 0.7.0

Jan 14, 2011

Just a brief recap of what manual steps are needed to upgrade Cassandra from 0.6.x to 0.7.0 using Debian packages:

  • Convert /etc/cassandra/storage-config.xml to /etc/cassandra/cassandra.yaml using the config-converter script. This currently does not seem to be included in the 0.7.0 .debs, so just grab a binary distribution to get hold of the script.

  • chown -R cassandra.cassandra /var/lib/cassandra/

  • Start Cassandra (typically using /etc/init.d/cassandra start)

  • Fire up jconsole, connect to localhost:8080 (or whatever JMX port you chose instead) and execute org.apache.cassandra.db -> StorageService -> Operations -> loadSchemaFromYAML

Enjoy!

Hash It! 1.3.0: Master Key Caching, Private Key Support and Improved Usability

Dec 25, 2010

Many people seem to get a productivity boost during the holiday season - open source projects all over the world are pushing out new releases these days. Hash It! is not an exception, so I am proud to announce the availability of Hash It! 1.3.0 for Android, a major feature release.

Most new features introduced with this release improve Hash It!’s usability, such as (optionally) caching the entered master key for a configurable amount of time, so that you don’t have to type it again and again as you hash passwords for multiple web sites. Another usability improvement causes Hash It! to automatically return to your web browser once you have hashed the password without the need to manually hit the back button. Of course, this is also configurable.

While previous Hash It! releases covered the functionality of the original Password Hasher Firefox extension, the Password Hasher Plus extension for Google Chrome introduced a new feature to improve the password strength using a private key. Hash It! 1.3.0 puts in support for this feature and should now again be fully compatible with Password Hasher Plus.

Last, but not least a few bugs fell by the wayside. Sorry, guys… ;-)

Hash It! 1.3.0 is available via the Android Market. Details are also available at: http://android.ginkel.com/

Merry Christmas & have fun using Hash It!, your friendly password memorization brain extension! ;-)

Kurztest: EIZO FlexScan S2243WFS-BK

Dec 9, 2010

Es begab sich erst kürzlich, dass mir mal wieder bewusst wurde, wie beengt der Platz auf meinem aktuellen Monitor doch ist. Anfang des Jahres hatte ich bereits zwei Anläufe unternommen, dies zu ändern, die aber nicht von dauerhaftem Erfolg gekrönt waren.

Nun hatte es mir nach Beratung mit einem Kollegen der EIZO FlexScan S2243WFS-BK angetan. Der Monitor bietet auf einer Diagonale von 22” die Auflösung eines 24”-Monitors, d.h., 1920x1200 Pixel. Dabei kommt ein S-PVA-Panel zum Einsatz, dessen Technologie ich bereits von meinem aktuellen Samsung SyncMaster 171P zu schätzen weiß.

Vor einer Woche bestellt, heute geliefert, fristete der EIZO-Monitor allerdings nur ein recht kurzes Dasein auf meinem Schreibtisch.

Rails Scalability

Oct 17, 2010

Pretty interesting Google Tech Talk about scaling Rails apps or web apps in general:

Time is running out...

Sep 22, 2010

Well, not for me, but for an integral part of the Internet as we know it today: IPv4. The Internet is getting short on IPv4 addresses and as more and more gadgets get IP-enabled and emerging countries consume the remaining available address space faster and faster it is time to start thinking about switching to IPv6, which should offer sufficient address space for the time being.

Said, done. As of recently, my FRITZ!Box 7270, which I use to connect to the Internet, started offering native, as well as tunneled IPv6 connectivity. I decided to go for a SixXS tunnel, as my ISP does not yet offer native connectivity. I won’t go into all the details of setting this up as it is well-documented elsewhere. Instead, I would like to point out some pitfalls, which I hit, but which can be easily avoided:

  1. Do not try to connect the FRITZ!Box with the tunnel without having a subnet attached to it. It won’t work.

  2. Try to get more than 25 ISK (credits) at SixXS during sign-up. Providing a link to your XING or LinkedIn profile during sign-up should do the trick. Otherwise, you will not be able to bring up your tunnel as you won’t be able to request a subnet with this amount of initial credit. Goto 1. ;-)

If you’re really into adventures, set up a reverse delegation for the revserse lookup of IP addresses from your IPv6 network. You should have a name server at hand, which has excellent IP connectivity. A FAQ covering this aspect is available at SixXS.

Asterisk for FRITZ!Box 7270 Updated to Version 1.6.2.11

Sep 11, 2010

After I had updated my FRITZ!Box to the current “Labor” firmware along with Freetz trunk my existing Asterisk build suddenly stopped working. This was a good reason to bring my asterisk-freetz-build script in sync with the current Asterisk 1.6.2 version as well with Freetz trunk, which I have been using for the most recent firmware build.

The updated version is available for download at http://github.com/ginkel/asterisk-freetz-build/tarball/v0.4. As usual, code contributions are welcome. The source code is available on GitHub.

And if this is all Greek to you, feel free to read my original blog post, which is a little more verbose.

Kubuntu KDE 4.5.0 Glitches

Aug 12, 2010

When it comes to upgrading my Kubuntu environment I am typically an early adopter. This includes backported KDE releases. Naturally, this also means that I am regularly bitten by bugs (which are most common in .0 releases).

Unfortunately, this just happened with KDE 4.5.0 where the systray is completely unusable when hosting icons for non-KDE applications (such as Skype or Google Desktop). As it turned out, a Qt bug is responsible for the mess-up and a fix is already available in the Qt 4.7.x development branch.

To put things short, a fixed Qt version is now available in my PPA until the fix is integrated into the Kubuntu Backports PPA.

Bugs, bugs, bugs...

Jul 10, 2010

Well, it seems that some ugly bugs made it into version 1.2.0 of Hash It!. Unfortunately, it took five days to notice…

Anyway, a new version (1.2.1) is out now, which should hopefully solve these issues. If any force closes remain, please drop me a mail.

Asterisk for FRITZ!Box 7270 Updated to Version 1.6.2.9

Jul 5, 2010

It has been a while since I published my guide to cross-compile Asterisk for the FRITZ!Box 7270. This guide and build script was based on Asterisk 1.6.0.19.

Asterisk development has not stopped, though, so the current Asterisk branch - currently at revision 1.6.2.9 - got out of sync with the asterisk-freetz-build script.

Now, what is so great about community-based software is that it facilitates contributions by others: Recently, I received an e-mail from Thomas Rueter, who provided me with a set of patches to compile Asterisk 1.6.2.8 using asterisk-freetz-build. His patches served as a basis for a revamped asterisk-freetz-build v0.2 package, which is capable of cross-compiling Asterisk 1.6.2.9 and chan_capi 1.1.5 for Freetz 1.1.x.

If you just want the updated package, you can grab it here. In case you are interested into contributing to its development, a copy of it is now available on GitHub.

And if this executive summary does not make too much sense to you ;-), feel free to read my original blog post, which I also updated to reflect the version change.

Hash It! 1.2.0 Adds Site Tag History and FroYo Apps2SD Support

Jul 4, 2010

Today marks another important milestone for Hash It!, your friendly password memorization brain extension. ;-)

While you can conveniently use Hash It! from your preferred mobile web browser via its “Share” feature, some people prefer starting Hash It! from the launcher, which requires manual entry of the site tag. So far, Hash It! did not remember these manually entered site tags, which required repeated re-entry of the respective tag over time. To close this usability gap, Hash It! will remember the site tag in a history from this release on. Just type the first few characters of the desired tag and the history of matching tags will be shown. Users concerned with the privacy implications of this feature can easily disable it in the settings.

Furthermore, Hash It! did not support FroYo’s (Android 2.2) Apps2SD feature. While Hash It! is pretty small (< 100 kB) compared to other Android applications (so this feature is probably not vital), I would still like to leave this decision to the end-user, which is why starting with Hash It! 1.2.0 you can move it to your SD card (given that your phone is running Android 2.2).

Hash It! 1.2.0 is available via the Android Market. Details are also available at: http://android.ginkel.com/

Have fun!

Android Power Management Statistics

Jul 1, 2010

Note to self: To dump the low-level Android power management statistics, use

dumpsys power

from an adb shell.

Google Groups Redirect Loop

Jun 21, 2010

Apparently some people started experiencing a redirect loop when accessing Google Groups while being signed in to their Google (Apps) account. I also did and and started - well - googling for a solution. There were a couple of solution attempts documented, such as erasing your profile and clearing all your cookies, which seemed a little random and came with significant side-effects. This post is supposed to document the minimal set of changes required o get Google Groups working again (if Google does not fix the issue on their end):

Just delete all cookies for the groups.google.{com|de|<yourtld>} hostname and everything should be back to normal.

US International Keyboard Layout w/o Dead Keys for Microsoft Windows

May 3, 2010

As much as I would like to completely switch over to Linux, for some tasks I am unfortunately still stuck with Microsoft Windows. This comes with the issue that Windows natively does not ship with the keyboard layout that I am routinely using under Linux: US International (No Dead Keys).

Fortunately, there is an easy solution available: Using the The Microsoft Keyboard Layout Creator it was a matter of seconds to remove the dead keys from the the stock US International keyboard layout.

The resulting keyboard layout file is available for download for your convenience. You can easily import this file into the Microsoft Keyboard Layout Creator and turn it into installable keyboard layout DLLs.

Hash It! 1.1.0 adds ccSLD support

Apr 30, 2010

A couple of days ago I visited the UK and also took my Android smartphone with me. After accessing some loal .co.uk web sites I quickly noticed that Hash It! would not figure out the right site tag for them when it was invoked from the Android web browser via the “Share” intent.

So, I just rolled an update, Hash It! 1.1.0, which adds support for the most common ccSLDs (country code second-level domains), such as .co.uk, .ac.uk or .com.sg.

Hash It! 1.1.0 is available via the Android Market. Details are also available at: http://android.ginkel.com/

Enjoy!

Hash It! Updated to Version 1.0.2

Apr 20, 2010

It has been a while since I last worked on Hash It!, but thanks to the bug report of an attentive user I just uploaded a new version (1.0.2) of Hash It! to the Android Market. Bottom line: Hash It! now works correctly on Android 1.5.

Hash It! is licensed under the GPLv3 and as such comes with full source code for your entertainment.

Further details on how to download it to your mobile phone as well as the changelog are available at: http://android.ginkel.com/

Get it while it is still hot! ;-)

Android: Maps API Key Issues

Apr 19, 2010

When using Google Maps from within your Android application you need to obtain an API key in order to be able to retrieve Maps data at run-time. This API key is derived from the fingerprint of the signature key used to sign the application’s APK. Consequently, if the signature key used by your application at a given point in time no longer matches the one used to register the Maps API key, using the MapView will silently fail (the map will just display a gray grid instead of the expected map data). So far, so good.

As it seems, the Android ADT Eclipse plug-in also comes with an undocumented “feature”: If no “Custom debug keystore” is set in the Android Build Preferences, it will apparently use a different key to sign the APK when deploying it to a phone connected via USB than when deploying it to the Emulator. So, all your Maps applications will suddenly start to fail displaying map data once they are deployed on a real device for testing purposes.

To work around this issue, set the “Custom debug keystore” setting (empty by default) to the same value as the “Default debug keystore”.

PHP Unicode support - or the lack thereof

Mar 30, 2010

Well, I just had the pleasure to fix special character (umlaut) handling in a legacy PHP application. To put it short: It has been a while since I saw so many i18n issues as I figured out in PHP (version 5) during the last hour:

  • PHP strings are just plain byte arrays. Their content is non-portable as it is dependent on the current default encoding.

  • The same applies to the representation built by serialize. It contains a length-prefixed byte representation of the string without actually storing any encoding information.

  • Most PHP (string) functions have no clue about Unicode. For a detailed list including each function’s risk level, refer to: http://www.phpwact.org/php/i18n/utf-8

Note to self: Never ever use PHP for a new project.

Duplicity - Backup to the Cloud

Mar 7, 2010

Due to current events I started to think about options for a backup solution that would be able to cope with a complete disastrous loss of hardware. So, off-site storage was warranted.

What I came up with is a backup solution based on Duplicity and Amazon S3.

Storing personal data in the cloud may ring one or another alarm, but with Duplicity the data is safe from prying eyes as all backed up data is sent through GnuPG using public-key encryption before being transferred to Amazon’s data center. You should, however, make sure that one of the private keys used for encrypting the backup is locked away in a safe place, so you have it handy when it is time to perform a restore.

As far as storage costs are concerned, storing 50 GB of data in the AWS S3 cloud for a month costs around 6 EUR, which I personally consider quite competitive for redundant off-site data storage.

Naturally, one drawback remains: Bandwidth usage. It takes a while to load the first full backup into the cloud as the upstream of most DSL lines is rather limited. After that initial load has completed, however, Duplicity is capable of appending incremental backup sets to the existing backup data, so the incremental backups complete much faster.

P.S.: It may sound a little weird that I chose Amazon Web Services as a storage provider after my recent trouble with Amazon.de, but after some thorough market analysis AWS remained as the only feasible option.

Das funktioniert doch alles nur zufällig...

Feb 16, 2010

…ist einer der Gedanken, die einem bei einem Blick hinter die Kulissen so mancher Software in den Sinn kommen, wenn verschiedene Komponenten scheinbar mit heißer Nadel miteinander verbunden wurden und sich Bugs gegenseitig ausnivellieren.

Während diese Feststellung bei den meisten Softwarepaketen eher zu einer Fluchtreaktion des Betrachters führt, ist es umso erstaunlicher, dass es klugen Köpfen gelungen ist, das leichtfüßige Nebeneinander verschiedener Komponenten ohne strenge Bindung zum Paradigma zu erheben und darauf eine agile Softwareentwicklungsplattform aufzubauen. Das war die Geburtsstunde von Ruby on Rails.

Hiermit ist es möglich, umfangreiche Applikationen ohne das sonst häufig übliche Abhängigkeitswirrwarr zwischen den verschiedenen Komponenten zu bauen, das die Wartung ebendieser Applikationen sonst häufig zur Geduldsprobe werden lässt. Vielmehr verbinden sich Komponenten über Konventionen - ohne dass in den meisten Fällen eine direkte Abhängigkeit definiert werden muss.

Das ist dann in etwa so, als würde man einen Sack voller Lego-Steine ausschütten und wie durch Magie entsteht daraus ohne weiteres Zutun der Todesstern. ;-)

Mir gefällt’s jedenfalls…

ActionMailer and mod_fcgi

Jan 25, 2010

Lately, I have been playing around a lot with Ruby on Rails and am currently finishing my first full-fledged application. While I am using WEBrick directly launched from my Eclipse development IDE in my development environment the production site is currently using Apache + mod_fcgi to run the application. This is where all the problems started. ;-)

The application sends out e-mail notifications (using ActionMailer) for various state transitions, which worked flawlessly on the development machine. In the production setting, however, sending mails failed complaining that it cannot find the associated mail template:

ActionView::MissingTemplate (Missing template event_mailer/approval_requested_notification.erb in view path app/views): app/models/event_observer.rb:3:in `after_enter_awaiting_approval' /usr/lib/ruby/1.8/observer.rb:185:in `notify_observers' /usr/lib/ruby/1.8/observer.rb:184:in `each' /usr/lib/ruby/1.8/observer.rb:184:in `notify_observers' (eval):10:in `create_or_update_without_callbacks' app/controllers/event_controller.rb:71:in `request_approval' public/dispatch.fcgi:24

Well, after putting some thought into possible differences between development and production and ruling out any relevant configuration differences in config/* all that remained was the fact that dev uses WEBrick while production uses mod_fcgi. One thought lead to another and it turned out that WEBrick sets the application root as the current working directory during startup while mod_fcgi does not.

So, the workaround is simple: Set the current working directory to the application root in config/environment.rb, such as:

Dir.chdir(File.dirname(__FILE__) << '/../')

Wie ein bunter Sternenhimmel

Jan 24, 2010

Da stand ich und richtete meinen Blick nach oben. Lauter kleine funkelnde Sterne. Millionen von Lichtjahren entfernt. Doch irgendetwas stimmte nicht. Ich wusste nur noch nicht, was. Sonderbar grün waren sie alle. Das hatte ich so noch nicht gesehen. Langsam wurde mir klar: Das ist nicht der Sternenhimmel, den du da siehst. Das ist dein neuer Monitor!

I see dead pixels

Jan 22, 2010

Für’s Protokoll: Mein neuer 24-Zöller, ein HP LP2475w, hat zwei tote rote Subpixel (einen am unteren Bildschirmrand, einen in der Mitte) und geht damit postwendend an den Händler zurück.

Und nun hoffe ich, dass ich ein Montagsgerät erwischt habe und das nächste Exemplar Pixelfehler-frei ist. Bis auf die Pixelfehlerproblematik konnte der Monitor auf den ersten Blick nämlich durchaus überzeugen.

Hash It! - Stop overloading your brain with passwords

Jan 5, 2010

As a happy long-term user of the Password Hasher extension for Mozilla Firefox I got used to being able to use different secure passwords per web site without having to take the burden of remembering them all.

When I recently bought an Android-based smartphone I was missing most of that convenience while surfing the Internet from my smartphone as Password Hasher was not available natively on that platform.

Hash It!, an application for the Android platform I developed, is there to bridge this gap: It eases using unique passwords per web site without overloading your brain by generating site-specific passwords derived from a secret master key. It maintains compatibility with the Password Hasher Firefox extension.

Hash It! is free (as in speech) open source software released under the GPLv3 with the source code being available on GitHub.

Further details on how to download it to your mobile phone are available at: http://android.ginkel.com/

Enjoy!

26C3 - A Picture is Worth a Thousand Words

Dec 31, 2009

posts/2009-12-31-26c3-a-picture-is-worth-a-thousand-words/2009-12-28_21.16.00-dee77b8f4939f9ad9df8d19fa520cf2a9dfd76b8da8fb240a431b26e3dda46ab.jpg

GSM Encryption (or the Lack Thereof)

Dec 31, 2009

At 26C3 there were a couple of pretty interesting talks dealing with GSM security and how it can be easily broken through active (IMSI catching) and passive (rainbow table attacks on the A5/1 cipher) attacks.

Now, researcher’s are pushing to phase out GSM’s A5/1 cipher replacing it with modern, non-proprietary cryptography as countermeasure to the weaknesses facilitating A5/1’s susceptibility to passive eavesdropping. While this is certainly not a bad idea, it will end up with all but secure GSM calls considering that for GSM calls only the wireless interface benefits from the encryption. It will prevent John Doe from listening to your GSM calls using a wiretapping device placed in front of your apartment, but by no means will it lead to end-to-end security for GSM calls.

So, instead of attacking the wireless interface a malicious hacker would have to turn to the (fixed) telephone network to get hold of your calls.

In the end, only end-to-end encryption of calls will be able to prevent such attacks, so this is IMHO what we should be striving for in the long run.

Running Asterisk on a FRITZ!Box 7270

Dec 20, 2009

Around a week ago I started experimenting with running Asterisk on my FRITZ!Box 7270 to replace my DECT phone, which has been getting a bit long in the tooth, with a SIP client running on my new Motorola Milestone HTC Desire cell phone so that when I am at home and my cell phone is signed in to my WLAN I can use it as a mobile handset for calls arriving on my landline.

As it turned out it is a little bit tricky to get Asterisk to compile for the FRITZ!Box, so this posting is supposed to summarize the steps I had to take and also comes with a neat helper script, which should automate most of the required preparation and compilation steps.

Ext4 Performance Improvements

Nov 24, 2009

In order to speed up the general performance of my personal computer I put an Intel X25-M SSD into it some time ago and made sure that most binaries that are needed to start up Linux are loaded from the SSD. I could not go without a conventional hard disk, though, because the storage capacity of typical SSDs (or the budget that I am willing to spend) is still too limited. While boot times already improved dramatically after adding the SSD, mounting the file systems located on my conventional hard disk was still limiting the overall speed of the boot process.

That was when I read about the performance improvements introduced by the ext4 file system.

Sparse File Support for rsync

Nov 24, 2009

From time to time one needs to migrate large amounts of data from one file system to another, such as when migrating to a new hard disk, setting up a RAID array or migrating a file system from ext3 to ext4. Each time this happens I find myself googling for the exact rsync command to do the sync operation and each time the command line parameters mentioned in most search results neglect the existence of sparse files. So, mostly as a note to myself, here is the rsync command line I tend to use when replicating data to a new file system (including sparse file support):

rsync -aqxPSH _source_ _destination_

Garmin Oregon 300 Firmware 3.30

Nov 21, 2009

In a previous post I outlined how to apply a firmware update for the Garmin Oregon series under Linux without the use of Garmin’s proprietary web updater. In the meantime, Garmin has released a new firmware revision, version 3.30, so if you’d like to update your device to that new version, just grab the .gcd file and follow the instructions in my previous post.

Der technische Fortschritt

Oct 21, 2009

Endlich hat man mal einen klaren Vorteil durch seine Technologieaffinität: Möbel Kamprad hat seit meinem letzten Besuch SB-Kassen eingeführt. Ergebnis: Die regulären Kassen vereinigen den Großteil der zahlwilligen Kundschaft in langen Schlangen auf sich, während man an den reichlich vorhandenen SB-Kassen gerade mal eine halbe Minute warten muss. Besonders intuitiv sind diese dann zwar nicht zu bedienen, aber was soll’s. Sonst kommen vielleicht noch andere Kunden auf die Idee, diese zu nutzen. ;-)

Garmin Oregon 300 Firmware Update Under Linux

Sep 20, 2009

During the recent beta period Garmin regularly released its beta Oregon firmware in a format that could be easily downloaded and installed on the Oregon by unzipping it copying it to the unit when connected as a mass storage device. Unfortunately, Garmin changed this policy again after the beta phase ended, the official firmware only being available through their proprietary (Windows-based) WebUpdater.

Thank You, MSI...

Aug 16, 2009

…for using crappy capacitors for the CPU voltage stabilization on my (now former) MSI P965 Neo2 v2 mainboard. This cost me a couple of hours of error-analysis plus ~ 80 EUR for a new mainboard (as I can’t just wait a couple of weeks for the repair of the RMA’d one)…

The Answer Has Arrived: KDE 4.2 Has Been Released

Jan 29, 2009

The (at least by me) long-awaited KDE 4.2 release has hit the road! What can I say: It’s beautiful and now contains most of the features that one wanted from a modern desktop environment that were still missing in KDE 4.1. I think I will write a more-detailed article about KDE 4.2 in a couple of days and so will concentrate today on a feature that many people were missing in previous 4.x releases: Icons on the desktop. Yes, there were some workarounds in 4.1.x like placing a large folder view plasmoid on the desktop, but nobody really liked it. In 4.2 the whole desktop becomes a large folder view at the user’s command just as one is used to from KDE 3.5 or Windows. To activate it, just right click on the new shiny desktop and select Appearance Settings from the context menu. Select “Folder View” from the “Type” drop-down and you are done.

Windows 7 Test Drive

Jan 11, 2009

Yes, I did it… Albeit being a confirmed Linux enthusiast I thought it would be a good idea to have a sneak peek at what Microsoft is calling its next-generation Windows operating system. My plan was to install Windows 7 into a KVM (= hardware-accelerated QEMU) virtual machine. After taking some hurdles such as Windows to refuse installing on a 9 GB file system image complaining about a lack of temporary storage space although I had created a separate 5 GB partition for exactly that purpose, the installation went through smoothly and surprisingly fast - on a 10 GB partition. Somewhat weird math the MS engineers have invented: 9 GB + 5 GB is insufficient, but 10 GB is sufficient. Anyway…

The first unpleasant surprise after the installation had completed was the lack of support of QEMU’s graphics adapter: It was just detected as a standard VGA adapter limiting the maximum available screen resolution to 1024 x 768. One, however, should probably not blame Microsoft for not including a graphics driver for a chip set that is older than ten years. Network briefly worked after the installation, but became dis-functional after some time. That, however, may very well be a QEMU issue as I recall having already seen this on Windows XP running inside QEMU.

Apart from that Windows 7 makes a robust and polished impression although I did not experience it to be as fast as other sources claimed - probably related to the non-accelerated graphics driver being used.

In the end, I will definitely stick to my Linux desktop for the time being. ;-)

Ascom/Swissvoice DECT Phone Hacking

Jan 1, 2009

Or: How to enable the “Support” menu of Ascom/Swissvoice DECT handsets…

While playing around with the DECT base station built into my new AVM FRITZ!Box Fon WLAN 7270 I just got a day ago I actually managed to get the handset into an endless loop signing on to the base station, failing, beeping and starting all over. I remembered having read about a support menu built into the handsets of these phones and after a little trial and error managed to revive my phone by disabling DECT in the FRITZ!Box base station (to stop the endless looping) and clearing the phone’s registration via the handset reset built into the support menu.