Am I the only ignorant bastard who is skeptical about this?

Posted on 2012-11-15 by Oliver

Google Fiber in Kansas City. I’m torn between jealousy and skepticism concerning the many areas of our lives that Google tries to invade these days.

Don’t be evil was yesterday, … ever since Larry Page took over the position as CEO of Google in April 2011 (in my opinion). Googlers and Ex-Googlers I have talked to have voiced their skepticism about changes of internal policies and overall atmosphere within the company. Although that could be biased, which I cannot verify or falsify.

Nevertheless the many interests Google shows are actually rather scary, I think. Let’s consider for example the DNS service they offer. So I block as much of the Adsense-nonsense and tracking in place to stalk me while browsing the web, and then of course I’ll use the uncensored DNS server(s) from Google? I think not. Actually that gives them more information than they already get by my search queries even if I empty out cookies and other web storage in my browsers and use different browsers as well as VPNs and proxies. In short: it provides them with yet another puzzle piece to complete their “picture” of me … of us …

The whole philanthropist look of these “services” boils down to getting to know me, the “user” (and potential marketing victim), better.

// Oliver

Posted in EN, Thoughts | Leave a comment

The many uses of cognitive dissonance

Posted on 2012-10-26 by Oliver
  • Believing in a “God” and taunting science all the while using technology based on the very same science to proclaim one’s faith and many more profane tasks
  • Believing in Saddam Hussein’s involvement in 9/11 and WMD in Iraq before the invasion even after the allegations were proven wrong
  • Being for the death penalty and considering life a precious gift “from God”

Surely to be continued …

// Oliver

Posted in /dev/null, EN, Thoughts | Leave a comment

Funny

Posted on 2012-10-25 by Oliver

The Guardian article: Texas attorney general threatens to arrest monitors observing US election

Posted in /dev/null, EN | Leave a comment

“Does the Romney family now own your e-vote?”

Posted on 2012-10-23 by Oliver

Sneaky – this reeks of manipulation indeed. Especially in the light of the Kerry/Bush election where Kerry lost 300,000 votes overnight.

On the bright side Michael Bloomberg, mayor of NYC and billionaire, launched a Super PAC to support inter-partisan policies that the two presidential candidates neglect in his opinion. Not all of his views are in the best interest of 90% of the people, but still …

// Oliver

Posted in EN, Thoughts | Tagged , , , , | Leave a comment

The abuse of (automated) abuse reports

Posted on 2012-10-13 by Oliver

Abuse reports abound. So do false positives in antivirus (AV) products. Worst of all, false positives in AV products spread within the industry, reports (and corrective action) about them don’t. Try to get rid of a false positive that affects your own software and you know what I mean. There is no mechanism to spread the message that a certain executable is not malicious other than sending a message to every single one of the AV vendors.

In the past two years I have gotten several abuse reports sent to Hetzner (my hoster) against my website (assarbad.net). The reason? One of my programs – yes, one of those that come with source code and all – was detected by one or multiple AV engines and thus automatically classified as malicious by wannabe “security experts” … *cough* *cough* … uhm by an automated system taking the results of the AV for given.

None – and I mean not a single one of those “security experts” – seemed to have any notable know-how of their own, such as being able to analyze the files in question. Instead they blindly relied on the results of some multi-scanner such as Virustotal or Jotti – I’ll come to why this is bad in a moment. Anyway. Of course there was a trigger to posting this: I got another one of these abuse reports sent to me on Wednesday.

For starters those abuse reports come with a deadline from my hoster, Hetzner, which is kind of an inconvenience, given that at the end of the deadline stands the potential disconnection of my server from the net. In some jurisdictions this would be considered coercion or worse. Now, I realize that Hetzner is responsible for their network, but what really bugs me about this procedure is that it is nothing less than the reversal of the burden of proof. From this point on I am supposed to prove that the software is not malicious. Against the judgment of x-many AV scanners. Oh, and let’s not mention that my domain has an abuse alias as well, in full compliance with the respective RFC.

Now don’t get me wrong. I suppose it is a good thing for people to care about a “clean” internet and such. The problem with those self-proclaimed internet-cops is that they have no standards against which to measure their evidence – obviously. Would an abuse report such as those stand trial in front of a proper court of law? Definitely not. In order for real cops to go to the prosecutor, they first need a case. Preferably water-proof. That is the main difference. Not to mention that here the cops and the prosecutor and the judge are the same person/institution – Hetzner obligingly assuming my guilt by default and putting the burden of proof on me. Heck, they don’t even have the option for me to say this was a false alarm. Instead it is assumed that they 1 are right and I am at fault.

Our self-proclaimed internet-cops and “security experts” 2 wouldn’t stand a chance bringing this before a proper court of law. But the knowledge gap works to their advantage. Anyone but people who do possess the required know-how needed will falter and take down the detected program, try to recompile it 3 or do whatever it takes to make the problem go away. The default assumption seems to be: clearly the server got hacked, it’s only just that the admins spend countless hours to fix it.

A real-world example

But let us not take the most recent abuse of automated abuse reports but rather the most unpleasant one I’ve had: Clean MX.

In April last year they sent the abuse report to Hetzner about localsystem.zip, a collection of programs. The program in question, RunAsSYS, won’t even function on anything more recent than XP, including Server 2003. It attempts to use the so-called Debploit to get system-privileges. Clearly a gray area and potentially 4 a security risk. Not a trojan or virus or anything along those lines, however. So I wasn’t particularly surprised by the detection, but I was by the reaction from Clean MX.

Since this seemed serious enough – after all my reputation was at stake 5 – I decided to prove that the program was no different from the accompanying source code. So I loaded it into IDA and did my job. Sure enough the program hadn’t been tampered with. The program was sufficiently small to prove that the assembler code matched the accompanying source code.

While Hetzner quickly dropped the “charges”, Clean MX was reluctant to follow suit. So I decided to send them a letter in which I made it clear and known that I was going to sue them in case they kept claiming it was malware.

First response:

  • why do I think that this is a false positive? – Again, reversal of the burden of proof and that despite having sent an analysis complete enough to convince a malware researcher new to the job.
  • concerning the complaint that the given fax and land line numbers where not reachable he acquitted himself by saying that his cell phone was always reachable, which evidently it wasn’t as the automated female voice assured me several times.
  • the wording of my complaint apparently wasn’t helpful. But neither was their self-proclamation as internet-cops nor the shallow “evidence” they had in store.
  • apparently the email I sent regarding the case to their email address was never received. How surprising, it also never bounced 🙄 …

Next came the triumphant remark that the company I work for is also detecting it – oh, and of course that I should fix that first. Followed by:

your legal announcements in your pdf are not really stunning…

Obviously someone hadn’t heard of the difference between felony and misdemeanor. Not so much my problem, though. I then tried to make my point clear:

Who verified it then? If you read something in the yellow press you also take it for granted and spread the word? It’s called slander. Just because you are not the ultimate source of some gossip doesn’t mean you can’t be held liable. Again, it says “verified”. By whom? When? Using what methods? Where can I find the analysis – or to put it differently: the hard facts?

You spread false accusations about my programs and ultimately me, I am (still) giving you the chance to correct that.

[…]

Most false positives are detected as such after only a few days (at most) and don’t even make it into wide detection.

For something that is not malware I find the result quite respectable. Kaspersky managed to pull something similar last year with 20 decoy samples (which were not malicious, but went into detection by the majority of AVs over time nevertheless).

But please, what does the VirusTotal results tell you? You must be trying to say something with it, right? That the code is malicious? Is it? Have *you* or your employees verified that?

Have you actually looked into the binary as per static analysis methods? Have you looked into the accompanying source code? Have you tried to execute it inside a safe environment/sandbox of any kind?

[…]

What does an outdated link prove to you? What does a link to VirusTotal prove anyway, outdated or not?

Aside from that, this issue is between me as an individual and your company 6.

[…]

Because this is not in the least malicious. But why do I have to prove my innocence – which I, by the way, did with my mail yesterday. Again, I’m the author. Accusing me that this is malware is slanderous. Even more so because I am a malware fighter myself.

What I had to check was whether the binary had been manipulated compared to the source code. This is not the case. The binary is genuine. It’s on you to provide details why you even classify it as malware, not on me to prove otherwise (although I did).

Please consult the source code for further questions as to why this is not “malware”, a “virus” or one of the colorful names given by other scanners like “Backdoor” and “Trojan”. My favorite is “IRC Trojan” as the binary does not even include *any* networking functions (or “secretly” calls these through hashed imports or so), so I’m amazed by how far off those detection names are from even describing the functionality. If it was an IRC client, sure … a false pos as “IRC Bot” or so would make some remote sense. But this way?

Loooong emails, as you can see.

Long story short. The contact person at Clean MX came to senses concerning the false positive and contacted his tech contact at another firm 7. This contact could confirm within less than an hour that the file was indeed genuine and harmless and no malware.

The amazing thing is that there wasn’t a shred of guiltiness on part of the Clean MX contact person. The assumption that AVs are infallible and that one need not have the expertise to prove AVs right or wrong couldn’t be shattered. Amazing. Wild west on the internet, with my hoster being a willing lackey of those self-proclaimed internet-cops.

One can almost hear those internet-cops shout: “Stuff that ei incumbit probatio qui dicit, non qui negat up your …, Romans.”

How is this a problem?

False positives spread because detections spread within the industry because of the sheer amount of malware variants that appear every day which even a sizable company can hardly tackle. So samples of detected malware (including false positives) get shared between AV vendors. Since those AV engines use different techniques and different algorithms it is clear that they aren’t all detecting a sample by the exact same means. So a set of files detected by one AV engine may overlap with the detections of another, but may not – and in most cases will not – be identical to the set of files detected with that other “signature” 8.

This is a problem. As we can see, the detections propagate within the AV industry. Not so with the false positive reports. The false positives themselves spread along with the detections, until a vendor discovers that the detection is a false positive. But that information does not propagate. There is no automatism in place for that.

Multi-scanners to the rescue?

Multi-scanners are a powerful tool for malware fighters and writers alike. The malware writers use them to check whether their creations are being detected already and refine their work. Malware fighters such as those “security experts” mentioned above also use it to classify a program as good or bad. Unfortunately they often don’t even consider that the individual AV scanners have gradual detection levels. Something can be a potential risk or it can be outright malicious. Programs such as netcat can be used for malicious purposes, but that’s clearly not their main purpose. It’s like a kitchen knife: it can be used for murder or for chopping your veggies. Ban all kitchen knives!!! 😆

With the knowledge that false positives spread automatically, it is merely a matter of time that a file makes it into detection with more and more vendors. Fair enough.

However, this means one has to be very very cautious to assume a file is malicious, just because it is in detection by multiple AV scanners. This may be a good default assumption for the unexperienced end-user, but it’s not a good one for security experts, self-proclaimed or not …

Solutions?

I am aware of some more or less public test projects run by the multi-scanner websites as well as falsepositivereport.org that try to notify the makers of programs whenever their programs (or downloads on their websites) start to be detected (hopefully erroneously) and try to create a notification mechanism for the vendors respectively. What would be needed, though, is for the AV vendors to sit down at a table at one of the many industry conferences and join efforts in establishing a false positive reporting mechanism that works industry-wide.

Too much asked? I think not. Given the wide-spread misconception of wannabe security experts that AV engines are infallible enough to sent out automated abuse reports based on their detections, it is on us, the AV industry, to step forward and offer a remedy. Ultimately this will create loopholes, sure. Standards between AV vendors for what to classify as malware or as grayware or security risk differ, sure. Still the consensus cannot be to let software vendors jump through hoops when it is on us to correct our own errors and take their files out of detection – that is what false positives are, after all. Erroneous detections.

// Oliver

PS: please discuss below …

  1. the senders of the abuse report []
  2. without the know-how to reverse-engineer and analyze the claimed malicious code themselves []
  3. a method that will only work with old-style signature-based AVs, whereas heuristics-based scanners won’t easily get fooled by this []
  4. albeit inert with any newer OS version as mentioned []
  5. I work for an AV company []
  6. He was trying hard to somehow connect the fact that I as an individual obviously possess the expertise to do static analysis of executables with my role at FRISK, but my website is my private thing and the company has nothing to do with it. I even acquired most the skills in question before I joined the company. In short: it was a straw man … []
  7. Quite frankly I was surprised that there was any expert knowledge involved after all. []
  8. Signatures and/or fingerprints were the classic means of detection, but most AVs these days have more effective means to detect malware. []
Posted in EN, IT Security | Leave a comment

“Religion akzeptieren, nicht provozieren”

Posted on 2012-10-13 by Oliver

… sah man als Aufschrift auf Plakaten protestierender Moslems mit Kopftüchern.

Definitiv nicht! Religion kann und sollte man tolerieren. Akzeptieren oder gar respektieren muß und sollte man sie jedoch nicht.

// Oliver

Posted in Atheismus, DE, Gedanken, Meinung | Leave a comment

QED

Posted on 2012-10-10 by Oliver

“I refuse to prove that I exist,” says God, “for proof denies faith, and without faith I am nothing.”
“But,” says Man, “the Babel fish is a dead giveaway isn’t it? It could not have evolved by chance. It proves you exist, and so therefore, by your own arguments, you don’t. QED.”
“Oh dear,” says God, “I hadn’t thought of that,” and promptly vanishes in a puff of logic.”

Douglas Adams (1952-2001)

Posted in /dev/null, EN | Leave a comment

Interesting recent article by Hugh Hefner

Posted on 2012-10-04 by Oliver

Sexual Freedom

Posted in EN, Thoughts | Leave a comment

Da spürt man direkt die “Nächstenliebe”

Posted on 2012-10-04 by Oliver

Nicht daß ich Dirk Bach irgendwie besonders gemocht hätte, viele waren aber nunmal seine Fans, eine Berichterstattung zu seinem Tod geht also völlig in Ordnung. Auch wenn er mit Loriot bspw. nicht vergleichbar war. Und ja, ab und an hat mich auch seine Art oder Scherze von ihm froh gestimmt.

Nicht so bei den “Katholiken” von kreuz.net. Dieser kreuzgefährliche Hetzerverein, gegen den sich BILD wie ein linksliberales Sonntagsblättchen ausnimmt, hat einen “Artikel” verbrochen in dem es nur so von “Nächstenliebe” sprüht. Ich verlinke absichtlich nicht auf die Hetze dieser katholisch-fundamentalistischen Haßprediger, aber hier die URL:

http://kreuz.net/article.15957.html

Eine lokale Kopie dieses Schmutzes liegt mir ebenfalls vor.

Während ich bei der Demo am Potsdamer Platz im letzten Jahr ja noch etwas negativ gestimmt war, daß der LSVD Berlin-Brandenburg die Demo so für sich vereinnahmt hatte, verstehe ich im Lichte solcher Hetze schon fast wieso das so ist.

Den Papst mit einem “Fanta- und Schokokuchenfleck” ( :mrgreen: ) auf der Soutane abzubilden reichte bei diversen Katholiken schon für einen Beißreflex und die Forderung aus, den “Gotteslästerungsparagraphen” zu verschärfen. Wohlgemerkt, der Papst. Nicht Jesus oder so … Meine religiösen Gefühle werden doch auch ständig von denjenigen verletzt die an mehr als null Götter glauben. Aber das juckt wieder niemanden 🙄 …

Die Fokussierung auf die Moslems anderswo scheint unsere Innenpolitiker vergessen zu machen wo ebenfalls eine Gefahr religiöser Fundamentalisten lauert. Hier. In Deutschland. Aber kein Wunder, am Ende gehören mehrere Politiker im Kabinett Merkel II ja jener Strömung an zu welcher die Fundamentalisten sich auch zählen. Wäre es nicht an der Zeit von diesen Politikern als prominenten Vertretern dieser Glaubensrichtung ein Bekenntnis zum Grundgesetz und so weiter zu verlangen? Wie man es bei den moderaten Moslems auch tut? …

Kopfschüttelnd ob dieser Hetze von kreuz.net,

// Oliver

PS: zur Aufheiterung: Link

Posted in Atheismus, DE, Meinung, Religion | Tagged | Leave a comment

Beautiful

Posted on 2012-10-03 by Oliver

21 Pictures That Will Restore Your Faith In Humanity

Posted in /dev/null, EN | Leave a comment

Rather balanced

Posted on 2012-10-03 by Oliver

And more goodness follows here.

Posted in EN, Programming, Software, VCS | Leave a comment

Once again updated: looklink

Posted on 2012-10-02 by Oliver

As already in the past, I updated looklink again. This time it received two command line options, --verbose and --nologo and the CReparsePoint class was overhauled. One issue was fixed. CReparsePoint would behave improperly when being passed the current directory name in the form ".", while ".\" worked. I blame GetFullPathName, but that’s another story.

The files (now 32 and 64bit version) have been signed by me. Download location is the same: looklink.zip (approx. 90 KiB)

// Oliver


CC0


To the extent possible under law,
Oliver Schneider
has waived all copyright and related or neighboring rights to
looklink tool and CReparsePoint class.

Posted in C/C++, EN, Programming, Software | Leave a comment

Premake4 snippet to create solution names depending on target Visual Studio version

Posted on 2012-09-29 by Oliver

I prefer to name my solutions and projects something like projectname.vsX.sln and projectname.vsX.vcproj respectively. However, by default Premake4 generates the names as they are passed to the builtin solution and project functions respectively. Not cool enough for me. By the power of Graysk…uh uhm…Lua:

do
    function myoverride(orig_func)
        local func = orig_func
        return function(name)
            if _ACTION == "vs2003" then
                name = name .. ".vs7"
            elseif _ACTION == "vs2005" then
                name = name .. ".vs8"
            elseif _ACTION == "vs2008" then
                name = name .. ".vs9"
            elseif _ACTION == "vs2010" then
                name = name .. ".vs10"
            end
            elseif _ACTION == "vs2012" then
                name = name .. ".vs11"
            end
            return func(name)
        end
    end
    solution = myoverride(solution)
    project = myoverride(project)
end

… this way the names fit my taste much better.

// Oliver

PS: somewhat more concise but achieving a similar effect:

do
    function myoverride(orig_func)
        local func = orig_func
        return function(name)
            if _ACTION:sub(1,2) == "vs" then
                name = name .. "." .. _ACTION
            end
            return func(name)
        end
    end
    solution = myoverride(solution)
    project = myoverride(project)
end
Posted in EN, Lua, Programming, Software | Tagged , | Leave a comment

Religions of peace?

Posted on 2012-09-23 by Oliver

Most institutionalized religions, especially the proselytizing ones, seem to take an issue with criticism of any kind. Not that one should consider it criticism what I saw in the first few minutes of that unspeakable “Mohammed movie trailer”, but the cartoons in the French satirical magazine certainly were.

So, by the way, were the recent cartoons showing the Pope with a yellow stain on his cassock on the front cover saying “The leak has been found” (referring to Vatileaks) and a brown stain on his cassock on the back cover saying “Another leak found”. Being a subscriber to this particular satirical magazine I had to laugh out loudly when I took it out of the envelope.

The reactions from German Catholics weren’t all that joyful. They tried to invoke what’s called the “blasphemy law” (Gotteslästerungsparagraph) and actually managed to get an injunction against the magazine. Strange, I thought, given that the Pope isn’t a deity and Christianity (if we forget the trinitarian idea) only accepts a single god. The chief editor countered by saying that the yellow stain can be easily explained by the Pope’s love for Fanta (a fizzy drink invented in Germany 1) and that he accidentally sat down into a chocolate cake would explain the brown stain on his back. It is to show that not just the Muslims are outraged by what they perceive as blasphemous remarks. However, the Catholics didn’t start burning the editors at a stake or similar things, like parts of the Muslims did, leading to some fatalities the world over.

Well, (un)fortunately we live in a world of many competing religions, spiced with a lot of people who dismiss any deities at all (atheists) or don’t care (agnostics). Personally I hold it with the following quote:

I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours.

Peace!

// Oliver

  1. the German Coca Cola company didn’t have all the supplies to make Coke during the second world war and had to improvise … []
Posted in /dev/null, EN, Peace, Thoughts | Leave a comment

SSL error with a newly signed cert?

Posted on 2012-09-20 by Oliver

Last night I literally spent hours figuring out an alleged issue with the certificate from StartCom. Of course the problem was entirely on my end, in the editor to be precise. But what happened?

I fetched ca-bundle.pem and entered it as ssl.ca-file. Furthermore I concatenated my private key used for the CSR and the signed cert I got from StartCom (excellent service in every respect) into a PEM file that I assigned in lighttpd using the ssl.pemfile directive. Then I tried to restart the server (shortened output for brevity):

# service lighttpd restart
Stopping web server: lighttpd.
Starting web server: lighttpd [...] (network.c.607) SSL: Private key does not match the certificate public key, [...]
 failed!

Wait! But I had just gotten the cert from the StartCom control panel, pasted it into my PEM file and did the same with the key.

Inspecting the certificate public key modulus and comparing it with the one from the private key brought a surprise:

# openssl rsa -modulus -noout -in domain.pem
unable to load Private Key
16986:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: ANY PRIVATE KEY

… uhm, that is essentially what lighttpd was telling me already. I looked at the old working PEM for another domain and saw no obvious differences there. So I decided to exchange the key and certificate positions and retry:

# openssl x509 -modulus -noout -in domain.pem
unable to load certificate
17095:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

… I thought I’m onto something here.

Eventually I was sanity-checking some assumptions that the inspection inside Vim and my other editor on Windows seemed to support. Alright:

# grep '^-----' domain.pem
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

… opening the file in an editor again seemed to disprove the silly grep(1) output, until it dawned on me.

Of course, when I pasted the cert had created a new file. My editor was set to default to UTF-8 and thus must have prepended the BOM (byte order marker) to the file. However, every self-respecting editor is going to suppress that and instead show you some subtle piece of information in the status bar or so, telling you of the fact. Sure enough file(1) agreed with me:

# file key.pem
domain.pem: UTF-8 Unicode (with BOM) text

Removing the BOM was relatively easy (did it on the stored keys and certs, of course), but I wanted to verify upfront what file(1) would say. So I did:

# tail -c +4 key.pem|file -
/dev/stdin: PEM RSA private key

Fair enough. So I removed it on the actual file:

# tail -c +4 key.pem > key.pem
$ file key.pem
key.pem: PEM RSA private key

End of story. It works now:

# grep '^-----' domain.pem
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

// Oliver

PS: thanks to Eddy Nigg from StartCom for some pointers and questioning some of my assumptions.

Posted in Administration, EN, IT Security, Linux, Software | Tagged , , | 3 Comments

Begeisternd …

Posted on 2012-09-17 by Oliver

… zu sehen wie wir seit Jahren unsere Bürgerrechte wegen religiös motiviertem – sprich islamistischem – Terrorismus ausverkaufen und sich nunmehr auch das Recht auf freie Meinungsäußerung in diese Reihe ausverkaufter Bürgerrechte einreiht. Keine Frage, die Rechtsausleger (damit meine ich nicht Anwälte) von Pro Deutschland sind augenscheinlich allesamt grenzdebil. Aber ihnen deswegen das Recht auf freie Meinungsäußerung absprechen? Geht es den Politikern nicht vielmehr um Kontrolle? Etwas Angst hier, etwas Angst dort und schwups ist wieder ein Bürgerrecht eingesackt.

Schon lange kämpfen Ungläubige in diesem Land gegen den §166 StGB, vor allem wegen der recht eigenwilligen Auslegung durch die Bayerntaliban und andere inländische Fundamentalisten. Schon der Wortlaut läßt einen eher an Mittelalter denn an Aufklärung denken. Das große Problem ist nämlich, daß es scheinbar im Ermessen des imaginären Empfängers der Meinungsäußerung liegt ob es sich um Beschimpfung handelt oder nicht. Da bisher kein Normalsterblicher den Himmelspapi in einer Gerichtsverhandlung oder auch anderweitig gesichtet hat, übernehmen dann seine selbsternannten Lakaien die Interessenvertretung. Das unterscheidet sich nur unwesentlich von der “Interessenvertretung” eines seit mehr als eintausend Jahren toten Propheten durch einen aufgebrachten Mob.

Scheinbar sind all diese selbsternannten Gläubigen so unsicher in ihrem Glauben, daß sie nicht abwarten können bis der postulierte Himmelspapi unsereins für die Ewigkeit in der Hölle schmoren läßt 1, sondern erpicht darauf in ihrem Eifer jeden mit abweichender Meinung vorab zu richten um ihren Glauben öffentlich sichtbar zu beweisen. Was sie dabei übersehen ist, daß sie damit einzig ihre Unmenschlichkeit beweisen und gleichzeitig den unaufgeforderten Nachweis erbringen daß Religion gute Menschen dazu bringt Böses zu tun.

// Oliver

  1. ich nehme an in der Hölle braucht es nur mal einen vernünftigen Klempner []
Posted in Atheismus, DE, Gedanken | Leave a comment

Uhm … what?

Posted on 2012-09-17 by Oliver

Okay, so I didn’t have time to even watch this weird trailer about this anti-Islamic “movie” last week. Last night I did. Well, actually I did up to minute three (out of fourteen) or so. It was somewhere between really really bad, hilarious and preposterous. It’s very difficult to describe.

However, the fact that people had to die because of some mob going bonkers over this bullshit is simply saddening.

As an atheist I’d say that the rioting Muslims have once again proven that their claims about Islam as a religion of peace are nothing but lip service. Sure, not all Muslims go bonkers over every little bit of perceived heresy, but a lot of them do. And I’d say as soon as lives are lost due to those reactions the line is crossed – again and again and again.

The only thing more saddening than that is the way our spineless politicians react. Instead of explicitly condemning those acts of excess violence, they end up using legal means to prevent the screening of this crap movie. I mean, honestly, if I couldn’t already sit through one fourth of the bloody trailer – and I’ve had my share of truly bad movies – who could possibly sit through the whole film?

// Oliver

Posted in Atheism, EN, Peace, Thoughts | Leave a comment

DiBa, DiBaDumm …

Posted on 2012-09-11 by Oliver

Watt soll ich sagen. Da biete ich ner gewissen Bank an mein Konto bei denen aufzumachen und die sind nicht interessiert weil ich keinen Wohnsitz in D habe 1. Na dann leckt mich halt am A…llerwertesten, liebe ING-DiBa.

Geldeingang wäre gleich zum Anfang nicht unwesentlich gewesen und auf’s Girokonto kämen auch pro Monat mehrere hundert Euronen … aber was soll’s.

DiBa DiBa … la la la leckt mich … 👿

// Oliver

PS: von einer Bank gesagt zu bekommen “wir wollen dein Geld nicht” ist wie wenn ein Junkie die angebotene Dosis ablehnt … :mrgreen:

  1. nach dt. Recht kann ich nicht meinen Zweitwohnsitz in D haben wenn nicht auch mein Erstwohnsitz in D ist. Macht ja Sinn … man animiert die Leute im Ausland zu arbeiten, aber der Rest ist egal 😉 []
Posted in DE, Gedanken, Ich, der Zyniker | Leave a comment

Google Code now only via login …

Posted on 2012-09-10 by Oliver

Google Code apparently requires logging into your Google account now before you can do anything. Well, good for them. Makes the use of svnsync and similar tools impossible, especially in unattended scenarios. Byeeeeeeee …

svnsync: OPTIONS of 'http://fuzzdb.googlecode.com/svn': authorization failed: Could not authenticate to server: rejected Basic challenge (http://fuzzdb.googlecode.com)

// Oliver

PS: so where’s your “Don’t be evil” now, Google?

Posted in EN, Programming, Thoughts | 1 Comment

Highly useful: ddrutility

Posted on 2012-09-10 by Oliver

During a rescue mission I encountered read errors on both hard drives of a degraded RAID. Since most commercial end-user tools limit your flexibility I went for Ubuntu Rescue Remix 12.04 in order to use ddrescue. However, to my delight I found that a utility was added to accompany ddrescue. The name of that utility?: ddrutility.

This is a little script taking as its input the log file from a run of ddrescue and giving you the name(s) of the file(s) affected by disk errors.

So with this I found out that on the disk in question the error was in the file msoe.dll, belonging to Windows Mail and thus not in use there. Brilliant. I could live with that loss without a problem.

// Oliver

Posted in Administration, EN, Linux, Software, Thoughts, Unix and unixoid | Tagged , | Leave a comment