FOTD: Windows driven water dispenser

Standard

Let’s call it Fail Of The Day! I am just back from the the gym and here is what happened while checking out at the counter: The boss was typing with a pen on the water dispenser’s touch screen as the normal touch screen interface obviously crashed. Of cause this attracted by immediate interest and I went over to him to figure out what operating system is running on that device. And now comes the part which really hurts: IT’S WINDtOWS, W-I-N-D-O-W-S!!! Get down everybody and search for cover, we are doomed! The human race has really made it this far: We are building water dispensers driven by a too insecure, probably never receiving patches, unstable operating system.

Not that I would feel much more comfortable with any other operating systems on water dispensers, but at least you could strip down Linux so far, that nearly no services are running and use framebuffer output instead of a X-Sserver which would minimize any attack vector nearly to zero.

But hey, if that is the way we let technology take control over our lives…

Open Rhein Ruhr 2013

Standard

Wieder ist ein spannendes Open Rhein Ruhr Wochenende vorueber. Fuer mich war es diesmal etwas Besonderes, da ich nicht als Helfer sondern als Orga dabei und auf der Veranstaltung fuer das Netzwerk verantwortlich war. Ausser zwei nicht so ganz sauberen DSL-Leitungen gab es jedoch keine groesseren Probleme, weshalb mir genug Zeit blieb mich unter die Besucher zu mischen und interessante Gespraeche an den Staenden zu fuehren.

ORR Social Event

Auch das Social Event war wie in der Vergangenheit eine tolle Sache, nicht zuletzt wegen der Location.

Was mich aber wirklich jedesmal auf solchen Linux und Open Source Events begeistert, ist der Umgang miteinander. Es fuehlt sich eigentlich immer so an, ob als ob es kein oben oder unten gibt, kein gut oder schlecht gibt und jeder ist in irgendeiner Weise Anbieter und Konsument zugleich. Alle packen mit an wo Haende gebraucht werden. Ich hoffe, dass mich mein Eindruck nicht taeuscht und dass all diese Menschen im Alltag genau so einen offenen Umgang miteinander pflegen.

Mein besonderer Dank gilt natuerlich allen Helfern und vor allem den Freifunkern, welche durch Bereitstellen von weiterer Hardware sowohl das ORR eigene WLAN verbessert haben, als auch zusaetzlich noch Ihr eigenes Freifunk Mesh bereitgestellt haben.

Bis zum naechsten Jahr,wenn es wieder heisst: “Ein Pott voll Software”.

Setting IMAP INTERNALDATE to header date

Standard

While setting up a self refilling test mail server, I came across the problem that I need other IMAP INTERNALDATEs (aka arrival date) than the create/modify time of the email file.
As my email generator script creates random dates for the email headers that are between 10 years back and today, it would make perfect sense to also use them as the arrival date of the message.

Five minutes later the following little script was finished, which I think could be pretty useful for anyone who has to update the arrival date in his IMAP server that uses Maildir format or similar. This could for instance become quite handy after an email migration where the IMAP INTERNALDATE could not be retained.

#!/bin/sh

for FILE in `find $1 -type f`
do
    DATE=`grep "Date" $FILE | cut -d ":" -f 2- | sed -e 's/^ *//g' -e 's/ *$//g'`
    if [ -n "$DATE" ]
    then
        echo "Setting modified time of \"$FILE\" to \"$DATE\"."
        touch -c $FILE --date="$DATE"
    else
        echo "No date found in \"$FILE\"."
    fi
done  

NRPE on Centos or RHEL6

Standard

If you are running NRPE on Centos or RHEL 6 and wonder why check commands that are prepended with a sudo command always fail: remove the “requiretty” option from your /etc/sudoers and everything will work fine again. It’s a shame that it takes strace to get the initial error message our of nrpe-server.

Comparison: Condor vs. AirBerlin

Standard

We had the chance to compare both airlines on medium-haul flights to the canary isle Teneriffe, where we spent one week last November and, due to the bad weather in November, we returned for another week this June.

In November we flew with Condor and this time we had to take AirBerlin as no Condor flight were available when we booked the vacation. The price of the flights itself was nearly exactly the same, but at least the difference in the offered meals on board is huge. On Condor flights to Teneriffe you always get a warm meal for lunch and dinner. As we pre-ordered the premium menu, we got a three/four course menu and steel cutlery for additional 10 EUR per person/flight. Compared to what you get the price is quite fair. The selection of food was very good and had a great taste.

What do you get on AirBerlin medium-haul flights? Without paying extra, you get a cheese or ham sandwich. Well that is what most airlines offer even on short-haul flight. We again pre-ordered a premium meal as we once again were flying to Teneriffe right over lunchtime and back in the evening. The premium meal, which costs also about 10 EUR was just one meal that comes additionally to the sandwich. Quality was good, though it felt a little bit over-priced.

Another thing that bugged me on the AirBerlin fight to Teneriffe was the fact they still have those old proprietary aircraft earphones plugs for which you have to buy extra earphones for 3 EUR each. An the other hand advertising of their duty free shop wasn’t as pushy as on the Condor flights and the onboard entertainment on the A330-200 was awesome on our flight home.

Overall, I personally would prefer Condor over AirBerlin for that trip.

DHL…The next episode

Standard

A while back in a different German post on this blog I wrote about some issues with DHL delivering packets to our address. Instead they always dropped them at the same neighbor telling him we were not at home, which tuned out to be nothing else than a big dirty lie.

During the last two months our neighbors that live on the same floor and we took part in the next episode of DHL’s game “cheating on neighbors”. Here is the full story:

Our neighbors bought some stuff from an Amazon marketplace shop. After the package did not arrive within the expected period, they looked up the status on the DHL package tracking site to figure out where it got stuck. To their surprise the DHL package tracking site told them, that it was already delivered to guess who: US! So they asked us about the package they awaiting. Unfortunately we couldn’t help them, as we never received the package and at least I had a good alibi of being over 150km away from home by bike the day it was delivered to us as being recorded in DHL’s tracking system. Luckily we get along very well with our neighbors, so they fully believed in our statement not having accepted such a package. We both agreed that it would be best to request all delivery information from DHL including the signature of the person who accepted the package.

It took some time as this information can only be requested by the sending party which was not very cooperative. When it finally arrived it was funny and terrifying at the same time: The signature was not even close to mine or my wife’s. Yes right: the delivery boy really tried to fake our signature and probably dropped it in someones trash. U-N-B-E-L-I-E-V-A-B-L-E, isn’t it?!

I received a call from DHL this week that they will do anything to prevent such a thing in the future and fortunately Amazon did a refund, although it was bought trough a marketplace shop and not Amazon directly.

Windows 8 really sucks hard

Standard

I had the chance to spend some time playing around with Windows 8 for couple of hours today. And shall I tell you something: It sucks even harder than I ever thought it would after catching just quick glimpses in the last months. The whole language and keyboard logic looks completely broken to me. I ended up in so many annoying situations that I stopped counting after a while. How about user management? Using the new shiny interface enforces the creation of a hotmail.com, outlook.com or live.com account. Sorry guys, don’t need and want that. Especially not when only setting up a test machine. At least using the old Computer Management tool allowed me to get past that step.

I still think the usability of the new interface is horrible with keyboard and mouse. It’s getting even worse when connecting to such a machine through VMWare or RDP, where the mouse isn’t trapped inside the window. It’s mostly the same reasons for which I blame Ubuntu’s Unity that I dislike about the new Windows 8 UI.

Bitte nochmal zurueck auf Los

Standard

Wann hat die IT-Branche eigentlich diese unglaublich dumme Entscheidung getroffen, dass jede Soft- und Hardware immer wieder zu Hause anrufen muss um ggf. irgendetwas nachzuladen? Leute, das ist nicht sicher! Zumindest ist mir kein Fall bekannt, bei dem wirklich mal alle Sicherheitsexperten gesagt haben: Jo, so geht’s richtig.

Huwai Hardware steht ja eh im Ruf ein moegliches Einfalltor fuer chinesische Hacker zu sein. Da ist das worueber Heise berichtet ja schon fast zu offensichtlich schlampig. Mit der Aussage “.., dass sie (Huawai Vertreter) davon ausgingen, dass der Update-Server fachgerecht gesichert sei.” (I LOLED!) wird fuer mich nur noch einmal untermauert, wie gering das Gespuer fuer das moegliche Angriffspotential in solch einem Setup ist.

Ach ja noch was: Standardmaessig web-based Provisioning von VoIP-Telefonen anhand der MAC-Adresse zu machen, so wie es SNOM anscheinend tut, ist auch eine saudumme Idee. Hab vor zwei Wochen viel Spass mit einem neuen SNOM-Telefon gehabt, fuer welches es aus unbekanntem Grund schon eine Konfiguration auf dem Provisioning-System gab.

My new RSS reader

Standard

Unnecessary to tell, that I am one of the million Google reader users that is very disappointed about Google’s announcement to shut down Google Reader in a few months. Recalling WHY I love Google reader, it turns out that it’s mainly for one reason: synchronization. I’m used to access an always in-sync list of my feeds from my phone, tablet, laptop or home/work desktop computers. I remember that I tried TTRSS back in the days where I was naively thinking I could live without all the Google services that are so addictive.

After checking Google Play for a TTRSS app and getting a positive response – the TTRSS developer offers an app himself – this seems to become really satisfying. Having some free time today between talks at the Chemnitzer Linux Days, I re-installed TTRSS on my webserver to see if that’s still an option. And let me tell you: IT IS!!!

Installation is smooth if you read the config.php file carefully. I missed that the database server was set ‘pgsql’ by default, which cost me a few minutes wondering about an empty page and no error messages in the logs. After creating a new user and importing my RSS subscriptions exported via Google Takeout I installed the Android app as well. I have to say that to me, the TTRSS app looks even better than Google Reader. BTW: The app is a seven day trial and the unlock costs 1.59 EUR. I think think it’s a fair price for such a good app (Have seen lots of crappy ones for more).

In case I change my mind about TTRSS, I’ll let you know.

UPDATE: Installed the app on my Galaxy Tab 10.1N. It’s awesome!

Alice IAD 3221 Reloaded

Standard

Nachdem bei mir letzte Woche das Netzteil des Speedport 201 DSL-Modem den Geist aufgegeben hat und ich auf die Schnelle nur das original Alice IAD 3221 an die TAE haengen konnte, um ueberhaupt wieder Netz zu haben, war heute Abend endlich die Gelegenheit zu schauen, mit welchem der hier rumliegenden Geraete ich wieder die Buffalo AirStation mir DD-WRT zu meinem Router machen konnte.

Plan A: Die Samsung 3210 Box, welche eigentlich nur meine TK-Anlage ist, nun als DSL-Modem zu nutzten scheiterte daran, dass einfach kein ADSL-Sync zustande kam. Waere nicht das erste Mal, dass das Modem-Board darin kaputt geht.

Also Plan B: Gucken was man mit dem Alice IAD 3221 noch so anstellen kann. Irgendwie konnte ich nicht glauben, dass die Dinger so unfassbar beschraenkt sein sollen, wie einem das Webinterface versucht weiss zu machen. Nach ein wenig suchen stellte sich heraus, dass das ganze Geheimnis in der versteckten URL: http://192.168.1.1/web.cgi?controller=Internet&action=IndexAccessMode liegt. Dort kann man den Betriebsmodi des IAD umstellen. Der Modus “Modem (1 VC), VoIP over PPPOE” ermoeglicht es, dass IAD als normales DSL-Modem zu verwenden UND gleichzeitig die Alice Telefonfunktion vom IAD selber ueber die zweite PPPOE-Session laufen zu lassen. Letzteres ist nur just for fun aktiviert. Habe die Telefonfunktion noch nie verwendet, da mein eigentlicher Telfon-Anschluss bei Sipgate liegt.

Es gibt uebrigens noch eine Menge mehr solcher versteckter Seiten:

Standard-, Experten- oder Developermodus einschalten
http://192.168.1.1/web.cgi?controller=System&action=IndexAccessConfig

Zwischen “Standart-Installation (PIN)” und “Benutzerspezifische Installation” wechseln
(ja da steht wirklich “Standart)
http://192.168.1.1/web.cgi?controller=Overview&action=IndexPinMode

PIN fuer Standard-Installation festlegen
http://192.168.1.1/web.cgi?controller=Overview&action=IndexPin

IP-Adresse und DHCP-Server Konfiguration
http://192.168.1.1/web.cgi?controller=Network&action=IndexLan

Statische IP-Adressen fuer DHCP-Clients festlegen
http://192.168.1.1/web.cgi?controller=Network&action=IndexStaticDhcp

Statische Routen definieren
http://192.168.1.1/web.cgi?controller=Network&action=actionIndexNewStaticRoute

Uebersicht aktueller NAT-Verbindungstabelle
http://192.168.1.1/web.cgi?controller=Network&action=IndexStatistics

USB-Drucker und -Festplattenkonfiguration
http://192.168.1.1/web.cgi?controller=Network&action=IndexUsbDevices

WebCam-Konfiguration
http://192.168.1.1/web.cgi?controller=Network&action=IndexExtDevices

Betriebsmodi Internetzugang konfigurieren
http://192.168.1.1/web.cgi?controller=Internet&action=IndexAccessMode

Zugangsdaten VoIP PPPOE-Session
http://192.168.1.1/web.cgi?controller=Internet&action=IndexAccessDataVoip

DynDNS-Konfiguration
http://192.168.1.1/web.cgi?controller=Internet&action=IndexDynDNS

DSL-Verbindungsinformationen
http://192.168.1.1/web.cgi?controller=Internet&action=IndexInfoConnection
http://192.168.1.1/web.cgi?controller=Internet&action=IndexInfoAdsl

MAC-Adressen-Filter
http://192.168.1.1/web.cgi?controller=Security&action=IndexMacFilter

Allgemeine Firewall-Einstellungen
http://192.168.1.1/web.cgi?controller=Security&action=IndexSecurityConfig

Paketfilter-Regeln
http://192.168.1.1/web.cgi?controller=Security&action=IndexPacketFilter

URL-Filter
http://192.168.1.1/web.cgi?controller=Security&action=IndexUrlFilter

UPnP-Einstellungen
http://192.168.1.1/web.cgi?controller=Security&action=IndexUPnP

System-Log
http://192.168.1.1/web.cgi?controller=System&action=IndexSyslog

System-Diagnose
http://192.168.1.1/web.cgi?controller=System&action=IndexSystemTest

Sprache aendern
http://192.168.1.1/web.cgi?controller=System&action=IndexLanguage

Zeitserver-Einstellungen bzw. Uhrzeit manuell stellen
http://192.168.1.1/web.cgi?controller=System&action=IndexTime

Firmware-Upgrade
http://192.168.1.1/web.cgi?controller=System&action=IndexFirmware

Aufzeichnen von Datenpaketen
http://192.168.1.1/web.cgi?controller=System&action=IndexDiagnostic