Broken love: letting my IDA maintenance period run out next year

With IDA 9.0 Hex-Rays says they are switching to a subscription only model. This was already threatened to existing customers before 1 — roughly two or three years ago — and of course it is being sold with totally great benefits that this comes with.

Benefits like being able to access all supported platform versions instead of having to pick one.

Those who have been in the game a little longer will remember that this used to be the status quo for IDA. If you had a license, you could get all versions. I think they switched to single-OS license when they moved to Qt. So probably between IDA 5 and 6 or maybe even 4 and 5. Can’t be bothered to look it up in my archive.

Back when they announced the subscription model I asked when that would take effect and what about the perpetuity of access to the product under such a model. Quoting myself from 2022-01-06 (excerpt):

my maintenance renewal is due later this month. I already generated a
quote. However, now I found the blog entry from December and it worries
me: https://hex-rays.com/blog/hex-rays-is-moving-to-a-subscription-model/

In particular it makes me wonder about perpetual access to the software.
After all the existing maintenance model is already more or less a
subscription (annual), except if I slip up (intentionally or not) I can
keep using the latest version released at that time perpetually. Now,
given you are calling it a move to a subscription model, I suppose
there’s a catch there – or let’s say a difference to the existing
“annual subscription model” with perpetual access after expiry.

Unfortunately the blog post doesn’t mention details beyond the
superficial, let alone a price tag or length of the subscription period(s).

Could you please explain how this is planned as this will guide my
decision whether or not to renew once again.

The answer was as follows (relevant excerpt):

We decided to postpone the launch of the subscription model. We do not have the new date yet.

With the perpetual license, you will be able to use the software forever. You can decide to move to the subscription model or not, this will not have an impact on the access to the software, only on the next updates. Same as now if you decide no to renew your license.

We will inform you as soon as we have all the details and a new launch date.

All existing prices and conditions remain applicable.

Next year when my maintenance would be due, I will not renew. There won’t be IDA 9.0 for me under the outlined conditions. And yes, of course the statement from back in 2022 is still true: “You can decide to move to the subscription model or not, this will not have an impact on the access to the software, only on the next updates.” … just that they won’t even sell IDA 9.0 without the subscription model.

It’s a pity and it means I’ll have to re-learn a lot with other tools. On the other hand several candidate tools are open source and I can contribute to them directly instead of merely improving the ecosystem some vendor creates with my IDAPython scripts or plugins or by contributing to others who created such.

I’m sure there are a lot of people, especially companies who invested in people and getting people trained on IDA who will have a much harder time to switch. And obviously it’s a bitter pill to swallow for me as well. Muscle memory dies hard and at work I had access to the x64 decompiler which certainly is the best decompiler of all those I was able to try out. But, I don’t think I am too old to re-learn these things and look forward to it.

I wish them well and perhaps they change their minds about software that one can’t own; or I do — either way I wish them the very best. Their product has been a companion for many years and the largest part of my career up to now. There are no hard feelings from my side. I just don’t like software or other digital goods that I can’t own 2.

Farewell, IDA!

// Oliver

  1. I’ve been a customer of theirs of over twenty years; started out on a student’s license and then switched to the professional one []
  2. It’s not like Lumina isn’t already tying me to Hex-Rays or the terms of how you needed to refresh your maintenance period. But taking away perpetual access to the software is the red line I won’t cross. I told them that in 2022 and nothing has changed from my side. But a lot has changed from the competition. There are plenty of alternatives, even if not all of them “are there yet”. []
Posted in EN, Reversing, Software | Tagged , | Leave a comment

Das Aus für MetaGer … zumindest so wie’s mal war

MetaGer, die datenschutzfokussierte Suchmaschine des gemeinnützigen Vereins SUMA-EV, wird es ab sofort nicht mehr in der bekannten Form geben. Zwar wird es weiterhin möglich sein, den Service tokenfinanziert zu nutzen. Für die Mitglieder und Nutzer, die mit einem Schlüssel MetaGer nutzen, ändert sich nichts. Es ist aber die werbefinanzierte Suche, die den Hauptteil der Einnahmen und damit den Betrieb und die Weiterentwicklung sichergestellt hat. Diese „normale“ Suche ist ab heute leider nicht mehr möglich. Das ist genauso dramatisch, wie es sich anhört: Dem SUMA-EV ist es nicht mehr möglich, weiterhin Mitarbeiter zu beschäftigen. Alle Mitarbeiter werden gekündigt, ebenso die Büroräume.

(Quelle)

Posted in DE | Leave a comment

Tomorrow it will be decided if I agree with Victoria Nuland

… and her infamous line “Fuck the EU”. Why? Because tomorrow the decision will be made whether the EU introduces surveillance for what’s meant to be private communication.

Originally the voting was supposed to be done today (2024-06-19).

More information on the website of Patrick Breyer (deutsche Version).

We should not be surprised that this initiative happens during the tenure of Ursula von der Leyen who — in Germany — is also known by the moniker Zensursula, a portmanteau of Zensur (German for censorship) and her first name, thanks to her initiatives to push for surveillance. What’s similar is the pretext, which is to fight CSAM.

Who could possibly be against that? And why are you against that, Oliver?

I am not against fighting CSAM. Heck, there’s little that would be worse to think of for loving parents than their children falling prey to those criminals. However, in this case the proposed measures are quite intrusive, undermine the purpose of end-to-end encryption and — worst — they will do exactly nothing against the creation and spreading of CSAM. See, that’s the issue with these sorts of measures. They may be well-meaning, but none of them will prevent the perpetrators of child sexual abuse from “documenting” their abuse and spreading the resulting CSAM. Generally criminals rarely give a flying fuck about laws and are masterful in avoiding and evading measures meant to prevent their actions. So what this will achieve is this: it will criminalize people who have nothing to do with CSAM, or make it impossible or impossibly inconvenient for them to communicate by modern means.

And at this point we haven’t even talked about who would get to see the video clips or photos uploaded before the end-to-end encryption takes place. Why is this important? Well for starters we live in a day and age where such data is being used to train machine learning models 1. This means that data such as photos which you entrust to software like Signal or WhatsApp — and which you hope to be end-to-end encrypted — may indeed end up somewhere else entirely as well than merely on the recipients’ devices and may be trained to hone biometric recognition technology which will be used to push for even more surveillance down the road.

Ironically the push for these measures is done by the same entity that has been praised for the GDPR in the past. And no less ironically the data will in all likelihood end up in the data centers of huge US corporations. And before anyone claims that this means it’s harmless as long as the data centers are situated within the jurisdiction of the EU, think again!

Posted in EN, Human Rights, IT Security, Opinion, Privacy | Tagged , | Leave a comment

Reminder to myself

env GIT_CONFIG_NOSYSTEM=true GIT_CONFIG_COUNT=0 GIT_CONFIG_GLOBAL=/dev/null git ... can be used to suppress reading the configuration file. Useful with this error:

BUG: refs.c:2083: reference backend is unknown
error: git-remote-https died of signal 6

… which is caused by a particular configuration option.

Posted in EN, VCS | Tagged | Leave a comment

The end of international law?

Well, I guess the inaction of the UNSC in the case of the Israeli bombing of the Iranian embassy in Damascus emboldened Ecuador to raid the Mexican embassy.

I wonder if future historians — provided there will be any — will see this as the beginnings of World War Three. Personally I think that the causes have much deeper roots, but it’s hard to tell if this is already the spark.

// Oliver

Posted in EN, Opinion, Peace | Leave a comment

Why?

I have written about Microsoft Teams before (in German), how horrible a user experience it is and so on. Let me tell you, it hasn’t gotten any better. Only “newer”.

Remember, Microsoft loves Linux now. Right? Or so people, including apparently MS itself, keep bullshitting around all the time all the while WSL is a horrendous trap — albeit a technically interesting one (especially v1) — to ensnare Linux-curious devs on Windows. They love Linux so much that less than 18 months (2022-11-07) ago they announced that they were going to throw out the — by that time already utterly outdated 1 — Linux Teams app and pushed Linux users to the so-called PWA 2. 🤮

And now we’re plagued with the “New Teams” (Microsoft’s PR-lingo) on Windows and literally no option left on Linux. Great, Microsoft loves Linux, right?! 🤦

What the flying F, Microsoft? Really? Why? 🖕

Microsoft makes it deliberately nigh-impossible to continue using the PWA which they — no 18 months ago — shoved down the throats of everyone who wasn’t using Windows.

Screenshot of modal dialog preventing any action in the Teams PWA

Never mind that Teams has gotten progressively 3 crappier over the years. Microsoft hadn’t even managed to get it to work the same in the — non-Microsoft — browser as in the “old” app 4 the same way. Heck, they didn’t even manage that the desktop app and the PWA in Edge, Chrome and Firefox worked consistently compared to each other. A feature working or not was was good as the lottery, just felt like even fewer winning tickets.

And now that the “New Teams” is being shoved down the throats of millions of involuntary 5 users, based on the Edge WebView2 which — surprise surprise — is nothing other than yet another Chromium-based “foundation” 6, just like Electron was in “old” Teams.

Once you install the Teams desktop application, it appears, approximately 70% of your CPU resources and at least several GiB of RAM are being reserved for it. It’s an incredible resource hog indeed. It’s either running a build or attending that video call. Pick either one.

I sincerely hope that the anti-trust authorities step in as soon as possible to put an end to this. Although arguably it is probably too late by now. Alternative solutions 7 have been all but pushed out of the market by Teams. The fact that many companies struggled to accommodate the home office workers starting in 2022, helped Teams as the apparent “gratis” solution to become the de facto standard. Competitors have been hampered by the loss of of income from the potential customers that ended up using “gratis” Teams. But even the push for “Teams Premium” starting last years doesn’t seem to have hampered Teams’ conquest.

// Oliver

PS: use the following filters from the “My Filters” tab in uBlock₀ on a browser that allows uBlock₀ to work to its full potential:

teams.microsoft.com##div#ngdialog1
teams.microsoft.com##.app-switcher
teams.microsoft.com##.ngdialog-overlay
teams.microsoft.com##.app-switcher-install-by-policy-dialog.ts-modal-dialog.ngdialog
teams.microsoft.com##.app-switcher-warning.link-banner.dark-banner.warning-error-banner.banner-show.app-notification-banner
Posted in Linux, Software | Tagged , | Leave a comment

Migrating data from 2 TB SSD to 4 TB SSD with iODD ST400 drive enclosure

Linux is my main system, but I prefer using NTFS for various use cases and in fact some use cases require something like NTFS.

The ST400 is the successor of several Zalman-rebranded iODD devices which bring a similar feature set. The main selling point: store your ISO files, VHDs and what not on an NTFS, FAT32 or exFAT drive and mount them in a way that makes the drive enclosure pose as an optical drive (CD/DVD …).

I had so far used the older Zalman-branded and iODD-branded drive enclosures with up to 2 TB hard drives and SSDs. I also have an iODD mini with 512 GB and now wanted to upgrade the ST400 from a 2 TB SSD to 4 TB.

So the first thing I did was generate the two partitions I wanted on the drive, then copy the data over from the old one using rsync. Nothing spectacular here.

Then, after moving the new bigger SSD into the ST400 enclosure, the enclosure would report “No supported partition” with the 2.74.4 firmware. Dang.

Well, so I thought this could be remedied by converting to GPT from MBR. After all the size is known to create boot problems, because of start sectors being beyond the addressable range. Alas, I don’t want to boot from the drive itself (in its function as HDD/SSD). Anyway, gdisk /dev/sdX will basically do the whole job swiftly, if you write (w) the converted GPT it automatically creates from the MBR partition table. I did a backup of the first 2 MiB of the disk using dd in order to recover from a possible botched conversion 1. But all went well. A quick partprobe /dev/sdX as superuser made the changes available.

I also had to do some shuffling of the partition sizes, since the iODD ST400 manual states:

At the first time, automatically finds mountable files on the largest partition (GPT / MBR, NTFS / exFAT / FAT32)

… and I needed to accommodate that. The outcome was this:

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048      4294967295   2.0 TiB     8300  Linux filesystem
   2      4294967296      8001509375   1.7 TiB     8300  Linux filesystem

Notice something? For starters of course the device kept complaining about “No supported partition”, but also it says Linux filesystem. What the heck? Well 8300 is Linux, I get that. But why did it pick that in the first place?

Turns out gdisk does that independent of the file system on the actual partition, so I neede gdisk again to switch to type 0700 (Microsoft basic data). And lo and behold that did the trick. After syncing, disconnecting and reconnecting the firmware on the ST400 was able to recognize the larger partition and is able to list the files and folders on it as it did with the 2 TB drive.

So success.

// Oliver

PS: the only issue I had was gparted erroring out on me with a mysterious error. Given the whole resizing process ran for 12 hours or so and I didn’t attend it throughout, it was quite annoying to see an error and no indication of where it failed. Fortunately going by the timestamp the relevant resizing should have been done and looking at the disk confirmed it. After checking the integrity of the partitions, I resized the remaining one and was finally done. Error was:

$ sudo gparted /dev/sdh
GParted 1.4.0
configuration --enable-libparted-dmraid --enable-online-resize
libparted 3.3


(gpartedbin:55435): glibmm-ERROR **: 20:22:47.643:
unhandled exception (type std::exception) in signal handler:
what: basic_string::_M_replace_aux

Trace/breakpoint trap
Posted in Administration, EN, Linux | Tagged , | 7 Comments

Two more useful flags for cl.exe

/Be appears to spit out a make file 1 snippet that contains the recipe to reproduce a given run of cl.exe. It takes into account variables.

Check it out:

all:
        @cd D:\17.7.5\x64
        @set INCLUDE=
        @set LIB=
        @set LIBPATH=
        @set CL=/nologo /utf-8
        @set _CL_=-permissive -nologo
        @set LINK=
        D:\17.7.5\x64\cl.exe /nologo /BE /Be /?

As you can see it takes care of changing into the directory, setting the various recognized environment variables and copying stuff from those that were set (CL and _CL_ in my case) and then invoking the same command line that I invoked.

Another useful switch appears to be /Bv which shows the versions of the binaries involved like so:

cl.exe /nologo /Bv
Compiler Passes:
 D:\17.7.5\x64\cl.exe:        Version 19.37.32825.0
 D:\17.7.5\x64\c1.dll:        Version 19.37.32825.0
 D:\17.7.5\x64\c1xx.dll:      Version 19.37.32825.0
 D:\17.7.5\x64\c2.dll:        Version 19.37.32825.0
 D:\17.7.5\x64\c1xx.dll:      Version 19.37.32825.0
 D:\17.7.5\x64\link.exe:      Version 14.37.32825.0
 D:\17.7.5\x64\mspdb140.dll:  Version 14.37.32825.0
 D:\17.7.5\x64\1033\clui.dll: Version 19.37.32825.0

cl : Command line error D8003 : missing source filename

// Oliver

Posted in C/C++, Reversing, Software | Tagged | Leave a comment

(New) shittiest software from Microsoft in my book

Previously the so-called Office and especially Teams were ranking quite high among the shittiest software from Microsoft in my book. In fact Teams in all its incarnations is probably going to take up the four rear slots in my top five shittiest software list for as long as I have to use this crap.

Well, right now robocopy took this the first place, however. It just wiped a whole folder of ISO files clean when I told it — or rather that’s what I thought I had told it — to mirror folder A to location B\.

This shit piece of software wiped the whole of B and it did so prior to commencing the copying of the new content. What the flying eff? …

Common sense tells me copycommand A B\ means put A into B. However, robocopy knows that I meant to delete everything up front and then copy some stuff there, but not into it but instead the contents of A into B\.

Intuitive. Big time!

// Oliver

PS: I have backups and several GiB of the ISOs were only downloaded yesterday from my.visualstudio.com. So the annoying part is that this costs extra time and bandwidth now …

Posted in /dev/null, Software | Tagged | Leave a comment

NATO’s open door policy

Now, while any small town club is able to reject applications for membership and scholarships are tied to preconditions — and ignoring for a minute that NATO even refused to talk about Russia’s security interests, including its unwillingness to accept NATO right on its borders 1, in November/December 2021 — NATO has maintained that its open door policy essentially keeps it from outright rejecting Ukraine’s attempts at joining the “alliance”.

Curiously though, NATO’s open door policy either wasn’t a thing back in the early nineteen-fifties, shortly after it was founded 2, or the door isn’t quite as open as NATO strategic communications — a neologism for propaganda — would make us believe.

Not only did the USSR — aka Soviet Union — of which Russia eventually became the sole successor in terms of international law 3 apply to NATO in 1954, one year after Stalin’s death; nope, Russia did again according to the account of George Robertson. Although perhaps the term “apply” is a stretch here, given the form it is alleged to have had. That is, Putin allegedly said he didn’t want Russia to wait in line with “countries that don’t matter”.

Still, it turns out that, in fact, NATO doesn’t have an open door policy.

Just like Putin reached out to Germany, to the West, exactly two weeks after 9/11 and tried again, but slowly realizing that Russians were not welcome by “the West”.

Well, one should not be surprised, since in the words of NATO’s first secretary general the purpose NATO’s creation always has been to “keep the Soviet Union out, the Americans in, and the Germans down.” 4

The supposed open door policy seems more like a ruse to get Ukraine to fight for NATO’s interests to the last Ukrainian. After all, let’s not forget that Saakashvili, mistaking the outcome of the NATO summit in 2008 for something it wasn’t, attacked South Ossetia and got rebuffed by Russia. A fact that is these days often distorted into “Russia attacked Georgia”, despite the findings of a EU-sponsored study which found the opposite: i.e. Georgia attacked Russia.

// Oliver

Posted in EN, Opinion, Thoughts | Tagged , | Leave a comment

Undocumented MSVC

Some ongoing research. For obvious reasons I can only share results and tools, but not actual sample data.

Posted in EN, Reversing, Software | Tagged , , , | Leave a comment

Log build command lines with cl.exe, link.exe and friends

Turns out you can enable detailed logging of the command lines run by MSBuild when building from Visual Studio or the command line.

This may not seem like much, until you realize that technically you rarely get to see the actual command lines executed, from the logs. That’s because of response files. These are files containing the command line arguments, one per line, and passed as @FILENAME. This trick even logs those command lines that end up being written into response files.

An environment variable named LOG_BUILD_COMMANDLINES can be set to the path of a file into which to log the build command lines. As far as I can tell the containing directory ought to exist.

I have done this simply in a Directory.Build.props for one of my pet projects, so you can have a look there. Alternatively observe the trick (again, this ought to go into a Directory.Build.props):

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" InitialTargets="LogBuild">
  <PropertyGroup>
    <ThisProjectBuildLogFileName>$(MSBuildThisFileDirectory)BuildCommandLines.log</ThisProjectBuildLogFileName>
  </PropertyGroup>
  <Target Name="LogBuild" BeforeTargets="SetUserMacroEnvironmentVariables;SetBuildDefaultEnvironmentVariables">
    <SetEnv Name="LOG_BUILD_COMMANDLINES" Value="$(ThisProjectBuildLogFileName)" Prefix="false" />
  </Target>
</Project>

This logs the build command lines into the directory in which the Directory.Build.props resides, under a name BuildCommandLines.log.

SetEnv isn’t well-documented, in my opinion, but you can simply leave off the Target attribute and it’ll default to the current (MSBuild) process and any commands invoked from that will inherit it.

How did I find out? I found out by investigating link.exe and other MSVC toolchain binaries 1. However, turns out there was prior art over here (earliest archived link).

This environment variable seems to have this effect at the very least with cl.exe and link.exe, but it stands to reason that other related tools also use it.

Enjoy,

Oliver

Posted in C/C++ | Tagged , , | Leave a comment

Jetzt wird Farbe bekannt

Mit der Ankündigung Großbritanniens panzerbrechende Munition mit abgereichertem Uran (Englisch “depleted uranium”) an die Ukraine zu liefern — und den quasi nicht existenten medialen Einsprüchen — haben die “Unterstützer” der Kiewer Regierung unter Selenskij Farbe bekannt.

Behauptete man bisher noch es ginge bei Waffenlieferungen um die Ukraine und die Ukrainer und mochte man vielleicht auch der verworrenen “Logik” folgen mit Waffen einen Frieden zu schaffen 1, während andererseits nachweislich die Friedensbemühungen der beiden offiziellen Konfliktparteien — Ukraine und Rußland — wenige Wochen nach dem Angriff Rußlands seitens des Westens hintertrieben wurden 2.

Mit der Lieferung von Munition mit abgereichertem Uran ändert sich die Lage gewaltig. Hierzu sei an die Folgen der “Nutzung” dieser Munition (Artikel auf Englisch) erinnert. Schon vor knapp zwei Monaten munkelte man, daß die USA planten diese Sorte Munition zu liefern. Jetzt legt Großbritannien vor, während sich die USA offiziell noch zieren. Dabei ist die Ukraine doch eine so wunderbare Endlagerstätte für den Atommüll dieser beiden Atommächte!

Die “Clou” bei dieser Munition aus einer Uran-Titan-Legierung ist, daß sie auch starke Panzerungen — wie eben bei Kampfpanzern — mühelos durchschlagen kann. Die Russen verwenden stattdessen Wolfram (Englisch: Tungsten), der als Munition aber nicht ganz die Durchschlagskraft der Munition mit abgereichterem Uran erreicht. Ein anderer “Vorteil” ist, daß man seinen Atommüll so kostengünstig einer Nachnutzung zuführt. Der klare Nachteil ist, daß sich die Munition beim Durchdringen der Panzerung in feinen Staub zerlegt und sich in der Folge sowohl mit dem Wind verbreitet als auch im Erdreich ablagert. Und das in der Kornkammer Europas!

Während die Stäube angeblich kaum oder nicht radioaktiv sind, sind die freigesetzten Uranverbindungen umso giftiger. Nochmal zusammengefaßt aus dem englischsprachigen Artikel den ich oben weiter verlinkte: in Falludscha kam es infolge der “Nutzung” dieser Sorte Munition zu einer Vervierfachung über alle Krebssorten hinweg und einer Verzwölffachung von Krebssorten im Kindesalter 3. Der Anstieg bei Leukämie allein war 32-fach, bei Brustkrebs 10-fach — als Vergleich wird im Artikel Hiroschima genannt, wo der Anstieg von Leukämie “nur” 17-fach war.

Hier wird also mit dem Leben der Bevölkerung in den umkämpften Gebieten, sowie — aber das ja ohnehin — der Soldaten gespielt. In diesem Rahmen weiter auf einen Sieg der Ukraine durch Waffenlieferungen zu pochen ist nichts weniger als zynisch. Denn angenommen der hypothetische Fall — daß die Ukraine wirklich in der Lage wäre die durch Rußland vereinnahmten Gebiete zurückzuerobern — sie würde mit Uranverbindungen verseuchten Boden zurückerobern. Nähme man eine langwierige Dekontaminierung an, bleibt die Frage ob die gepriesene ukrainische Schwarzerde ihre Wirkung behielte — ganz zu schweigen davon ob das auf Jahrzehnte verschuldete Land 4 in der Lage wäre die Früchte der nicht dekontaminierten Schwarzerde außer Landes gewinnbringend abzusetzen.

Auch die ehemaligen Jugoslawen können ein Lied von der fatalen Wirkung dieser Munition singen. Das Verbrechen des Einsatzes dieser Munition wird nicht dadurch kleiner, daß irgendeine bekloppte englische Adlige aus deren Kriegsministerium verlautbart, die britische Armee setze diese Munition bereits seit Jahrzehnten ein. Klar, Asbest wurde auch jahrzehntelang eingesetzt. Aber wenn es nicht im eigenen britischen Vorgarten passiert, sondern irgendwo in Osteuropa kann einem das ja schließlich scheißegal sein.

Der Wertewesten hat damit einmal mehr Farbe bekannt und zeigt wie sehr ihm die Ukrainer 5 am Herzen liegen. Es wird nicht nur bis zum letzten Ukrainer gekämpft und das ohnehin arme Land weiter verschuldet — nein, die Zukunft der Menschen und der Erde auf der sie leben wird auch nachhaltig auf Generationen zerstört. So geht Frieden! Da kann ein vermeintlicher Diktatfrieden von Putins Gnaden natürlich nicht mithalten.

// Oliver

Posted in DE, Meinung, Wertewesten | Tagged , , | 1 Comment

Geschichte und Geschichten

Ist schon faszinierend daß die Kubakrise häufig zum Vergleich mit der aktuellen Weltlage — mithin der Beziehung zwischen Rußland und den USA — bemüht wird, jedoch regelmäßig auch hier die “Krise” entsprechend der US-amerikanischen Lesart mit der Stationierung von Raketen in Kuba beginnt.

Dabei wird die Vorgeschichte, wie auch aktuell, komplett ausgeklammert. Es waren damit USA und NATO welche nuklear bestückte Mittelstreckenraketen direkt an den Grenzen zur Sowjetunion stationierten.

Auch so eine Zeitenwende, scheint’s. Bei Zeitenwenden gibt es ja generell nur ein Nachher. Und beim aktuellen offiziellen Geschichtsrevisionismus von orwellschem Ausmaß, ist es nur eine Frage der Zeit bis Rußland der Zweite Weltkrieg angelastet wird. Zumindest für die Grüne Jugend München ist schon einmal klar, daß die “Operation Barbarossa” 1 1941 der Höhepunkt russischen Kolonialstrebens war:

Russland wollte ab der zweiten Hälfte des 19. Jahrhunderts in die “Riege der europäischen Großmächte” aufsteigen. Das große russische Reich konnte seine damalige Größe nur durch Siedlungseroberung erreichen, wobei die Expansion nicht Übersee (sic!) sondern auf den Norden, asiatische Nachbarländer und die indigene Bevölkerung im Süden abzielte. Den damaligen Höhepunkt stellte 1941 die “Operation Barbarossa” dar.

GJ München auf Twitter (verlinkt ist Nitter, mittlerweile gelöscht)

// Oliver

Posted in DE, Gedanken, Meinung | Tagged , , , | Leave a comment

Aiding reproducibility in builds with MS Visual C++

<AdditionalOptions>%(AdditionalOptions) /d1trimfile:"$(SolutionDir)\"</AdditionalOptions>

In your .vcxproj file or a Directory.Build.props when passed to the compiler (cl.exe, ClCompile) this should trim the leading path used for __FILE__. The backslash is actually required here, because SolutionDir ends in a backslash itself, but we do not want to escape the double closing quote, i.e. the backslash in SolutionDir is essentially escaping the backslash we give, because otherwise the single backslash in the expanded version of the command line would wreak havoc.

GCC and Clang appear to have __FILE_NAME__. However, it should be noted that this expands only to the last component (i.e. past the last path separator). This may be desirable, but I find Microsoft’s idea a little more convincing in this case.

Additionally you could pass /Brepro to cl.exe and link.exe

Another good one is passing /pdbaltpath:%_PDB% to link.exe to cause it to leave out the full path to the .pdb file, i.e. only the file name itself will be recorded in the build artifact. Note, however, if you are copying around your resulting DLLs and executables, for example, and you don’t use a symbol store which you populate post-build, chances are that the debugger won’t find your debug symbols files. One way to get around this is to copy the .pdb files alongside the binaries or use a symbol store 1, as is customary.

// Oliver

PS: here’s another blog article about the subject matter, leading to even further resources.
PPS: this comment on GitHub also provides some further details, including two other options: /experimental:deterministic (to warn about problematic code) and /d1nodatetime (which, according to the comment is implied by /Brepro).

Posted in C/C++, Programming, Software | Tagged | Leave a comment

Initialization of static variables (reminder)

Nice blog article which I ran across again recently: gynvael.coldwind.pl/?id=406

PS: probably also worth a look: Paged Out

Posted in C/C++, Uncategorized | Leave a comment

FIDO2 für Kreditkarte (Sparkasse). Aber nicht mit Linux!

Im letzten Jahr hatte ich eine Kreditkarte bei der Sparkasse beantragt — Mastercard war das einzige was im Angebot war, aber gut.

Also beantragt und direkt nach Erhalt einmal benutzt. Schon der zweite Versuch ging in die Hose, da aufgrund von Vorschriften eine Form von MFA 1 zum Einsatz kommen müsse. Ich möge doch bitte die S-ID-Check App der Sparkasse auf meinem Androidgerät installieren. Gesagt getan. Aber huch, die App verweigerte den Dienst, denn mein Androidgerät ist aus Privatsphäre- und Sicherheitsgründen 2 gerootet. Also schnell angefragt bei der Sparkassenberaterin. Ja, es gäbe da noch die Option auf die Nutzung von FIDO2. Ah, super … für mich der erste praktische Anwendungsfall privat, also schnell vom empfohlenen Sparkassen-Shop ein Feitian ePass Fido2 A4B bestellt.

Das war nach ein paar Tagen auch da. Jetzt wurde es schon erstmals bizarr. Bei meiner Sparkasse auf der Webseite gab es keinerlei Dokumentation zum Vorgehen, bei irgendeiner Sparkasse aus Friesland dann hingegen schon. Also hin zu www.online-zahlen-mit-fido.de und Registrierung gestartet.

Und das war es dann, was man als Linuxnutzer zu sehen bekam:

Registrierung abgebrochen

Das Freche daran: mein Browser unterstützt sehr wohl die Nutzung von FIDO2 von Linux aus 3 und die Beschränkung ist wohl ganz einfach eine künstlich geschaffene der PLUSCARD Service-Gesellschaft für Kreditkarten-Processing mbH, bei der man die Registrierung vornehmen soll.

Auf Anfrage kam folgende erhellende Antwort:

Die wichtigste Information zuerst. Der FIDO Token ist in unserem Haus nur mit Windows 10 und macOS (Big Sur) und höher kompatibel.
Alle anderen Betriebssysteme sind von diesem Bezahlverfahren leider ausgeschlossen.

Leider steht da nicht: “Windows 10 und macOS (Big Sur) und besser“, sonst hätte man ja noch diskutieren können 😉

Zu Ihrer zweiten Frage, warum die App nicht auf einem gerooteten Handy genutzt werden kann.
Die Installation der App S-ID-Check kann generell nicht auf gerooteten Geräten durchgeführt werden. Grund hierfür sind die Vorgaben der Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin). Diese besagen, dass verschiedene Sicherheitsvorkehrungen zu treffen sind, wenn der Einkauf als auch die Legitimation der Zahlung über das gleiche Gerät erfolgen.

Die Annahme ich wolle auf dem gleichen Endgerät auf dem ich diese S-ID-App einsetze auch Käufe vornehmen ist zumindest eine gewagte. Wäre mir bis dahin nicht in den Sinn gekommen, aber ist jenes Szenario was verhindert werden muß.

Und weiter:

In diesem Fall muss verhindert werden, dass das Original-Betriebssystem verändert wurde. Dies hat den Ausschluss von gerooteten Geräten zur Folge. Auch bei vergleichbaren Apps am Markt, mit welchen Zahlungen ausgelöst werden können oder auch bei Online-Banking Apps ist diese Konfiguration zu beobachten. Ein Rooting wird in der Regel immer ausgeschlossen.

Das stimmt wohl, auch bei meiner isländischen Bank habe ich bei deren App das Problem. Fazit scheint mir: Rooten == generell böse und unsicher.

Es stellte sich übrigens auch heraus, daß die FAQ der Firma in der Tat die Nutzung von FIDO 4. Der Wortlaut aus der FAQ (bis zum Tag der Veröffentlichung dieses Beitrags):

FIDO ist mit Windows (ab Windows 10) und macOS (ab Big Sur) nutzbar.

FAQ: nur Windows und macOS

Habe dann einen alternativen Wortlaut vorgeschlagen 😉:

Nutzen Sie ein anderes Betriebssystem als Windows (ab Windows 10) oder macOS (ab Big Sur), verweigern wir Ihnen die Registrierung und Aktivierung Ihres FIDO2-Tokens, sowie dessen Nutzung.

Ebenfalls hatte ich noch geschrieben:

Lassen Sie mich gern wissen, sobald auch Ihre Firma die “Betriebssystem-Apartheid” abgeschafft hat, die ich aufgrund des Plattform-Charakters bei browserbasierten Technologien seit Jahren für Geschichte hielt.

Die Kreditkarte wurde dann nach einmaliger Nutzung seitens der Sparkasse rückabgewickelt. Nächster Versuch wird eventuell dieses Jahr eine Visa-Karte, da die offenbar als Ersatz für die maestro-Karten ab diesem Jahr ausgegeben werden sollen.

Ist schon ein starkes Stück, daß man aufgrund der Nutzung eines bestimmten Betriebssystems einfach ausgeschlossen wird.

// Oliver

Posted in DE, IT Security, Meinung | Tagged , | 7 Comments

Floating point precision … printf-VS2013-vs.-later-VS-version edition

As developers we probably all know that floating point precision can be an issue 1. It can haunt us in various ways.

Generally when we talk about precision, though, we probably don’t have in mind printf as the first thing. This blog post is about a particular change from Visual Studio 2015, which caused some hassle — and how to work around it. It’s more about the formatting than actual precision, but the first thing that comes to mind here would be precision, which is why I chose it for the title.

It is the issue also presented in this forum thread and the relevant excerpt from the change announcement on the VS blog reads: Continue reading

Posted in C/C++, EN, Programming | Tagged , , | Leave a comment

Enabling RSA (with SHA-1) again in OpenSSH server

The sshd version that ships with Ubuntu 22.04 seems to have abandoned RSA authentication. Well, that’s not true. It’s about the hash algorithm used by the “old” protocol by the name ssh-rsa, which is deemed insecure by today’s standards. RSA is alive and kicking inside the protocols going by the names rsa-sha2–256 and rsa-sha2–512.

Either way, that caused an immediate issue with my favorite file manager on Windows: SpeedCommander 1.

Anyway, the solution was to enable a protocol on the server side (in my case a VM) that was understood by the client, i.e. SpeedCommander. Thus I added in /etc/ssh/sshd_config:

PubkeyAcceptedKeyTypes=+ssh-rsa

… restarted sshd and was happily churning on.

// Oliver

PS: I have no qualms about the use case, because it’s a VM to which I locally connect. For other use cases I would probably resort to other solutions. But then: my main system at home runs Linux, not Windows 😉

Posted in EN, Software | Tagged | Leave a comment

Bash training I gave some years ago

This is a Bash training I gave some years ago, which I had — however — prepared on my own time.

Some parts may be outdated. Others may need some touching up, but in general I think it can be valuable for others.

I license it under CC0.

Posted in Bash, EN | Tagged | Leave a comment