XING’s ganz linke Premium-Tour

Posted on 2011-06-24 by Oliver

Als ich mich, damals noch bei openBC, anmeldete, war dies nur als Ergänzung für mein Profil bei LinkedIn gedacht. Heute heißen sie XING und machen meiner Meinung nach ein ganz linkes Ding.

Irgendwann dachte ich mir, daß ich doch einmal die Premiummitgliedschaft austesten sollte, was ich dann auch tat. Genutzt habe ich sie dann im Prinzip nicht, und da es eine zweijährige (denkste!) Mitgliedschaft war, würde sie ja auslaufen. Nix auslaufen. Dumm gelaufen. Wie schon andere (und hier und hier 1 ) durfte auch ich erleben, daß nach Ablauf der zwei Jahre eine Mail eintrudelte, welche mich benachrichtigte, daß aufgrund der (schon im Januar 2010) abgelaufenen Kreditkarte keine Abbuchung für meine Premiummitgliedschaft erfolgen konnte. Wie jetzt? Das ist ein Abo? Tja, man kann das gut verstecken, wie XING fingerfertig beweist. In der Tat ist nämlich der Charakter des Angebots als Abonnement alles andere als offensichtlich. Und zwar weder in der deutschen noch in der englischen Variante.

Wohlgemerkt, rein rechtlich ist XING in der Tat im grünen Bereich – habe beim Anwalt nachgefragt.

Nach der Benachrichtigung schickte ich dann XING die Kündigung. Eine Antwort bekam ich nicht (nur eine automatische Empfangsbestätigung). Vorgestern trudelte dann eine zweite “Mahnung” (overdue notice) ein. Ich möge doch bitte bis 6. Juli das geschuldete Geld nebst 4,95 € Bearbeitungsgebühr überweisen. Auf meine Anfrage wie es denn mit meiner Kündigung aussehe, nach der ich zwar eine automatische Benachrichtigung aber keine Antwort bekommen hatte, wurde mir empört mitgeteilt, daß doch eine Antwort am nächsten Tag rausgegangen sei. Nur angekommen ist bis heute nix (wenigstens wurde die vermeintlich geschickte Antwort unten an die Mail angehangen, so daß ich den Inhalt kenne). Aber was will man erwarten, deren Mails sind ja nicht einmal signiert – jeder Depp kann derlei Emails fälschen wie er will. Da das SMTP-Protokoll ziemlich strikt ist, kann ich mir nicht vorstellen, daß es den Damen und Herren bei XING entgangen sein kann, daß die Mail nicht ankam, denn zugestellt wurde sie zumindest nicht. Übrigens: da sie nichts signieren befürchte ich, daß selbst die bestätigte Kündigung (bei Ablauf der nochmaligen Laufzeit) eventuell ganz aus Versehen auch nicht mehr wahr gewesen sein soll. Einer Firma die so mit ihren (bald ehemaligen) Kunden umgeht muß man alles zutrauen.

Aber zu spät. Man pocht auf eine Verlängerung und erreicht eine weitere Verärgerung des ohnehin schon unzufriedenen Kunden. Hatte ich schon erwähnt, daß ich den Dienst wegen Untauglichkeit (des Dienstes ;)) kaum benutzt habe? Eine erzwungene Verlängerung um die ursprüngliche Laufzeit natürlich: zwei Jahre.

Selbstverständlich wäre auch keine Minderung der Laufzeit im Interesse von XING, denn dann gingen ihnen ja Einnahmen verloren. Daß man im gleichen Atemzug den ohnehin bereits mit dem “Service” unzufriedenen Kunden – denn warum sonst würde kündigen – gegen sich aufbringt ist da nur noch Nebensache.

Danke, danke, danke XING. Ich hoffe euer “Service”, der dem fliegenden Wort von der Servicewüste Deutschland alle Ehre macht, wird euch entsprechend vergolten. Ich werde zumindest meinen Teil dazu beitragen. Habe ja jetzt zwei weitere Jahre Premiummitgliedschaft an der Backe. Und ohne Premium geht bei XING ja fast g(ar)nix, weshalb man schon Premium braucht um andere wachzurütteln.

// Oliver

  1. letzte Links nun tot []
Posted in DE | Tagged , , , , , | 7 Comments

beroot

Posted on 2011-06-23 by Oliver

… don’t confuse with reboot 😉

alias beroot="sudo su -l root -c \"$(which bash) --rcfile $HOME/.bashrc\""

I like to feel home in my environment, even when I assume root rights. Since not everyone likes my .bashrc file in scenarios where the root account is shared, I have the above alias inside my .bashrc, so that whenever I type beroot it will have the same effect as sudo su - for most practical purposes, but still use my own .bashrc.

Side-note: if you tend to make typos like most of us, you’ll appreciate the helpful intervention from molly-guard (at least on Linuxes) 😉

// Oliver

Posted in EN, Linux, Unix and unixoid | Leave a comment

Liebe Politiker, wo genau …

Posted on 2011-06-18 by Oliver

… kann ich den Antrag einreichen ab jetzt nur noch auf freiwilliger Basis Steuern zu zahlen?

Ich frage nur, weil die Banken – so sie denn nicht ohnehin dem Steuerzahler gehören – ja jetzt auch auf freiwilliger Basis an der Rettung Griechenlands beteiligt werden sollen. Und das unbesehen der fetten Renditen welche sie gemacht haben. Wir haben’s ja mittlerweile alle kapiert, daß Gewinne privatisiert und Verluste sozialisiert werden – kurzum, daß eine riesige Umverteilungsmaschinerie im Gange ist.

Also wo?

// Oliver

Posted in DE, Gedanken | 1 Comment

Eine neue Sau ist im Dorf …

Posted on 2011-06-17 by Oliver

… beziehungsweise wird durch’s Dorf getrieben: Hacker. Böse, fiese Hacker. Auf Begriffe muß man da nicht mehr achten (eigtl. sind Cracker gemeint). Glücklicherweise kommt ja jetzt das Cyber-Abwehrzentrum (was für ein Begriff, gell?) in Bonn.

Das schlimme ist nur, daß man in den Nachrichten einen Schnappschuß von IDA gezeigt hat. Da muß sich doch die deutsche Exekutive fragen lassen ob sie sich an die Gesetze der Legislative hält. Hackerparagraph und so?

Naja, was soll’s. Bin mal gespannt ob zehn Leute etwas reißen können. Eigentlich sind wir ja auf der gleichen Seite der Schlacht. Bis dann eventuell der “Bundestrojaner” kommt (wobei es sicherlich jeweils angepaßte Varianten des gleichen Projektes sein würden – genügend Quellcode der Bösewichte ist ja mittlerweile frei verfügbar).

Wie sind denn eigentlich die Anforderungen für den Job? 😉

// Oliver

Posted in DE, Gedanken, Reversing | Leave a comment

Dear Robert Gates (US Defense Secretary),

Posted on 2011-06-12 by Oliver

… as I understand your words, you wish that the burden of defense costs of the NATO is to be shared in a fairer mode?

In my – not so humble – opinion you have been blinded by the euphemism that your current job title is: Defense Secretary.

Let’s leave aside the fact that in my eyes the NATO has lost any legibility with the disestablishment of the Warsaw Pact, because the problem at hand seems to be a fundamental misunderstanding of what comprises defense and what not. Let’s also leave aside the claim that the nominal costs are the issue here, because – much like Rome in ancient times – the US is in fact receiving tribute from almost every single nation on Earth – including its sworn enemies – due to the singular position of the US-Dollar as the global reserve currency. Of course this is not very visible, but it’s there – anyone with minimal knowledge of economics and the currency system can tell. So your nominal costs are by far not your real costs, especially when looking at the economic dimension of US military engagement in the past. To my knowledge China and Russia decided in recent years to trade between themselves in their respective currencies, rather than in US-Dollar as they did in the past. Now, of course, they’ve got the bomb. Some will remember the fate of the former Iraqi dictator Saddam Hussein, who didn’t have the bomb, after the Iraqi oil trade moved to the Euro. Iran had announced similar plans since (but subsequently backed down), which explains a certain interest in toppling the regime there. But back to the “defense” topic …

Mr. Gates, please, let’s not pretend that what the US did in Afghanistan was in any way – or even still is – defense of a nation under attack. And let us add Iraq to the bill while we’re at it. Defense of certain interests? Perhaps. But then be clear about what you “defend”. This whole talk is not about the defense of one country or several NATO member countries against an enemy, it’s usually about defending someone’s unilateral interests. Much, by the way, like other predominant powers in their times defended their interests.

And, dear Defense Secretary Gates, if the US – such as in Iraq – decides to rush invading a country without evidence of weapons of mass destruction, why should the peoples of other NATO member states pay for this recklessness?

Just because you have one of the biggest arsenals of “nucular” (to stay with the jargon of your former president) weapons and would be able to wipe out most of the planets population and still negatively affect any survivors for years to come does not give you any special rights on the international stage as you asserted them in the past. It also does not justify making unilateral decisions based on a web of lies (Iraq, Afghanistan).

If you expect a fairer mode of burden sharing then it would be time for the US to convince the other two Western partners in the UN Security Council to push for a reform. It’s time to share the rights, too. Waive your (all, not just the US!) rights to veto, let a majority vote be the standard for future decisions instead. And for f***’s sake ratify your membership at the International Criminal Court in The Hague instead of passing laws to free US military personnel accused of crimes and detained at the ICC.

… then and only then could the governments of countries like my home country (Germany) justify a higher burden to their people (and implicitly tax payers).

Just my two €-cents to a discussion that seems to be loaded with populism.

Respectfully,

// Oliver

Posted in EN, Germans have no notion of sarcasm, Thoughts | Leave a comment

EHEC auf dem Kirchentag?

Posted on 2011-06-03 by Oliver

Gott bewahre! :mrgreen:

Bei derlei Schutz muß sich doch der Mensch keine Sorgen machen, oder?

Posted in DE, Ich, der Zyniker | Leave a comment

Installing php5 on Ubuntu requires apache2?

Posted on 2011-05-26 by Oliver

When I wanted to install lighttpd today I added php5 to the apt-get install. But then it would tell me that apache2 and numerous other packages would also get installed.

Turns out that instead of php5 I actually wanted php5-cgi. And this was confusing me a lot.

// Oliver

Posted in EN, Linux, Unix and unixoid | Tagged | Leave a comment

LMAO

Posted on 2011-05-23 by Oliver

Check out the website www.familyradio.com now. Not a single line mentions that reality defied the prediction of rapture for 2011-05-11. Nice job. Well done. Probably ruined some gullible people in the process, but what the heck …

Posted in EN, Thoughts | Leave a comment

Nice clip with pictures of the eruption

Posted on 2011-05-23 by Oliver

http://vimeo.com/24076723

photos

Posted in EN, Island/Iceland/Ísland | Leave a comment

Grímsvötn

Posted on 2011-05-22 by Oliver

Finally an Icelandic volcano with a name news presenters can pronounce. Klaus Kleber, presenter of the heute-Journal in German ZDF, was visibly relieved about the fact that this time the name of the volcano is easier to pronounce :mrgreen:

// Oliver

Posted in /dev/null, EN | Leave a comment

Zum Kotzen

Posted on 2011-05-22 by Oliver

Ich bin sicher nicht der einzige Deutsche, der gegen den Zensus und die gesetzlich verankerten Verpflichtungen ist. Eine Anfrage wurde vorläufig mit folgender automatisch generierter Antwort quittiert:

Sehr geehrte(r) Auskunftspflichtige(r),

vielen Dank für Ihre Anfrage.
Wir werden diese schnellstmöglich beantworten.

Schöner können Beamte dem Volk – bzw. den aus Sicht der Bürokraten offenbar unmündigen Bürgern – nicht klarmachen wer hier das Sagen hat. Ach ja, meine Anfrage war zu dem leidigen Thema, welches ich schon einmal angeschnitten hatte.

Daran hat sich nichts geändert. Meine Anfrage bezog sich dann einmal auf den Punkt wann denn das millionenschwere Projekt unserer Statistiker auch moderne Browser unterstützt und eine zweite Anfrage hatte dann das Thema, daß die drei Links auf der zweiten Seite des Kontaktformulars alle mal kollektiv tote Links waren. Für eine Seite, welche erst vor kurzem online gegangen ist, ist dies schon bemerkenswert.

Anfrage 1

Anfrage 2

Bin mal gespannt. Wer eine 14-tägige Frist setzt, muß sich auch gefallen lassen wenn man von ihm ebenfalls prompte Antwort erwartet.

// Oliver

Posted in DE, Gedanken | Tagged , , , , | Leave a comment

Judgment day over …

Posted on 2011-05-22 by Oliver

… in Iceland, some more countries to go worldwide.

// Oliver

Posted in /dev/null, EN | 2 Comments

Slight miscalculation?

Posted on 2011-05-20 by Oliver

Did you know, today is judgment day:

Family Radio website on 20th of May 2011

“What?”, you say, “… it’s 20th of May, not 21st yet.” Well, you have a point there. But I got a better point: time zones. The 21st of May has started in Australia and Asia. Or perhaps “He” is going by the time zones (which one, though) of “His” own country? :mrgreen:

Hell, here I come. Have a nice judgment day and a successful rapture. Hope it’s going to be sunny. Sadly the Bible does not guarantee that.

For all rich people who want to send me money, please use the Paypal account for donations to WinDirStat: donations at windirstat dot info. Remember Jesus’ words: “…I tell you the truth, it is hard for a rich man to enter the kingdom of heaven. Again I tell you, it is easier for a camel to go through the eye of a needle than for a rich man to enter the kingdom of God.”

// Oliver

PS: source of the above screenshot is www.familyradio.com – I am intentionally not linking to them, because their server seems to be under heavy strain from all the people seeking last-minute salvation.

Posted in EN, Thoughts | 2 Comments

Two years later (update)

Posted on 2011-05-19 by Oliver

A new version of TortoiseCVS is available. Since I have largely parted with CVS, I just noticed now. Well, the issue reported in 2008 and closed as fixed is still not fixed. The respective piece of code looks exactly the same, though at a different address within the executable:

sub_40F200      proc near
  mov     eax, [ecx]
  push    0               ; lParam
  push    0A220h          ; wParam
  push    111h            ; Msg
  push    eax             ; hWnd
  call    ds:PostMessageW
  retn    4
sub_40F200      endp

… and it still gets called and causes the same annoyance it always did. Of course only few people seem to ever part with Windows Explorer, which is why the problem is so ridiculous and not a real problem anyway. Still, here’s the patch to this non-existent problem.

Since the new function takes one parameter (although it doesn’t use it) we need to remove 4 bytes from the stack for the 32bit version.

We change the function to be:

nullsub_93      proc near
  retn    4
nullsub_93      endp

But unlike older versions, this one actually requires to patch several places, because the call to PostMessageW in question has been inlined in several other places. 😕 

TortoiseAct.exe
#INPUT :  d35647a23b2435db0a77e54861e0571b
#OUTPUT:  e23fcd25e35bdc6152eefc11fc73f440
0000E600: 8B C2
0000E601: 01 04
0000E602: 6A 00
00011E03: 74 EB
00011E33: 74 EB
0002046B: 74 EB
000234AB: 74 EB
00023545: 8B EB
00023546: 0E 13
00024F0C: 74 EB
00027796: 74 EB
0002C8CC: 74 EB
0002F3E6: 74 EB
00031D38: 74 EB
00032A7C: 74 EB
00032AE3: 74 EB
00034086: 74 EB
00034ED6: 8B EB
00034ED7: 44 17
00036A8A: 74 EB

This time I leave it to the reader to patch the file themselves with a proper hex editor. I can recommend hte and frhed and hexplorer, even though there are other free ones and good commercial ones. Alternately copy above text into a text file and use my little diffit tool to apply the patch to your TortoiseAct.exe.

Have fun,

// Oliver

PS: If you look at the source code you will notice that someone apparently worked on the fix, but it was effectively commented out using the #if 1 #else method.
PPS: If you can’t understand the above file format without explanation, it’s:
offset: original patched

Posted in C/C++, EN, Programming, Reversing, Software | Tagged , | Leave a comment

Should Germany receive a permanent seat in the UN Security Council?

Posted on 2011-05-18 by Oliver

I don’t think so.

Why not? Well, you may be surprised, because the reason is not mistrust in the German government – which I indeed have. The reason why I think that Germany shouldn’t get a seat is because I think the whole institution should be abolished or completely reformed. No, not the UN, but the UN Security Council.

Why was the Security Council and the UN overall established? It was the answer to World War II. As such we have an easy explanation for the powers that have a permanent seat on the Security Council. But now it’s more than six decades after this war and the power has shifted several times. Why should that not get reflected in the Security Council? Where is Brazil, for example?

But moreover, if on the international stage all sovereign countries are equal, how comes that five countries have veto rights at all? It can’t be the fact that they have nuclear weapons, because we know plenty more countries have those. So what on Earth gives those countries the right to veto a majority decision?

So as I see it, Germany in this position would only mean that Germany gains more powers, but doesn’t help to legitimate the resolutions of the UN Security Council any more. In turn, if the veto rights would be stripped, it would legitimate resolutions more than it currently does.

// Oliver

Posted in EN, Thoughts | Leave a comment

Little annoyance

Posted on 2011-05-18 by Oliver

Lately in Ubuntu 10.04 I got upon login two times the output about the number of packages available to be updated. One of them always outdated. I have long tried to find the reason and finally managed to.

The problem was that apparently at some point a file named /etc/motd.tail was in use and was more or less retired (at least for the purpose of showing the information about available packages). In its stead the file /etc/motd is used. All I did to get rid of the nuisance was to execute:

echo -ne ''|sudo tee /etc/motd.tail

That got rid of the bugger. Besides, this trick with sudo and tee can be used to use pipes instead of shell redirectors to write to files only accessible to root. Note that you can use tee -a if you merely wish to append to an existing file.

// Oliver

Posted in EN, Linux, Software | Tagged , , , , | Leave a comment

“Save food” == “Sichere Lebensmittel”?

Posted on 2011-05-17 by Oliver

Liebe Heute-Redakteure, das könnt ihr doch aber besser, oder? Abgesehen von der Aussprache, die eher an “safe foot” erinnerte, werdet ihr doch bei der heute üblichen Benutzung von Deunglisch wohl noch den Unterschied von “safe” und “save” hinbekommen, oder?

Not amused,

// Oliver

Posted in DE, Gedanken | Tagged , | Leave a comment

Is there a pro to the Skype deal?

Posted on 2011-05-15 by Oliver

I was thinking whether there is a positive side to the Microsoft buyout of Skype. Everyone seems to be worried because of bad bad Microsoft. Personally I’m a bit more worried about some other giant companies. That’s not to say I’m not also worried about Microsoft in a sense.

My guess is that the market power of Microsoft will give enough incentive to certain institutions to try and force them to open/document the protocol – or parts thereof. Imagine other instant messengers finally to be able to talk the text protocol of Skype (not even telephony) without extra gateways or the DLLs that come with Skype.

All is not lost.

// Oliver

Posted in EN, Software, Thoughts | Leave a comment

Nö-Lena

Posted on 2011-05-14 by Oliver

Sie wird also in der Tat Deutschland beim ESC repräsentieren: “unsere” Lena.

Wenn sie dann genauso patzig ab und an ein “Nö” einwirft wie bei der Moderation zusammen mit Frank Elstner, dürfte das den einen oder anderen Europäer vielleicht an das “Nö” unserer Kanzlerin zu den Euro-Rettungsmaßnahmen im letzten Jahr erinnern.

Ist doch auch ein schönes Außenbild welches man so von Deutschland bekommt.

// Oliver

Posted in DE, Gedanken | Leave a comment

StartSSL code signing certificate

Posted on 2011-05-13 by Oliver

Today I want to explain how to get the StartSSL code-signing certificates into a state that is usable for signtool. It is an affordable solution for individuals that would rather sign the code they publish. I bought one this week and will probably rebuild some of my code and then sign it and leave other really old code completely alone, though.

The current price is 59 USD, but it is being charged for the validation of your identity, not the certificate itself as far as I understand. There are plenty of explanations on how to do everything within the StartSSL control panel, but I’d like to explain how to do it “correctly”.

Because even though you trust them – otherwise you wouldn’t have them sign your certificate – you shouldn’t ever give them the means to decrypt your private key. But this is exactly what’s being asked of you if you choose the “easy” route.

It’s assumed that you did a class 2 or 3 validation with them before following these steps. Note that these steps are generally also valid for other issuers, not just StartSSL. For other issuers you would just use a different time stamp service in the signtool command line (or rather you might want to use a different one, it’s not mandatory).

  1. Create a certificate signing request (CSR) and a key with OpenSSL. You can also use an existing key, such as your PGP key, as long as you convert it into the proper format.
    openssl req -new -newkey rsa:4096 -keyout key.pem -out csr.pem
    It is absolutely fine if you accept the defaults OpenSSL gives you. The reason for this is that StartSSL will only use the public key from your CSR along with the identity information from the validation step. They include: E (email), CN (common name, would be your name), L (location), S (state) und C (country).
  2. Under “Object Code Signing” in the second tab on the StartSSL control panel you paste the CSR and then submit it.
  3. At the end of the previous step you receive the certificate in a text field, which you save into a text file under some name. We will assume the file name cert.crt for subsequent steps.
  4. Now use the tool cert2spc.exe from the Windows SDK to convert the certificate to SPC format:
    cert2spc.exe cert.crt cert.spc
  5. Now one uses pvktool to convert the private key generated in step one (or pre-existing) into PVK format. Newer versions of OpenSSL supposedly include the functionality to achieve exactly the same, but I was too lazy to sift through the complete docs. To build pvktool I had to append -ldl to the gcc command line in the make file. Otherwise I got a linker error with OpenSSL 1.0.0d.
    pvk -in key.pem -topvk -strong -out key.pvk
  6. It’s now time to merge the private key and the certificate into a PFX file. This file contains thus both, the key and the certificate. It’s what can be used to sign your binaries. We use pvk2pfx.exe from the Windows SDK to do the conversion step:
    pvk2pfx.exe -spc cert.spc -pvk key.pvk -pfx cert.pfx
    NB: many consider this sufficient, but it is way more convenient and arguably more secure to store the certificate in the machine’s or the user’s certificate store. Follow the next step.
  7. To import the certificate in PFX format into the certificate store of either the user account or the machine, use either of these methods:
    • User’s certificate store:
      certutil -user -importPFX cert.pfx
    • Machine’s certificate store:
      certutil -importPFX cert.pfx

From this point on you can conveniently use the certificate. Note that the last step is mandatory for the case where you have to sign kernel mode code for Vista or newer (i.e. according to the kernel mode signing policy).

If it was installed in the machine’s certificate store one uses the /sm switch:
signtool.exe sign /v /a /sm /ph /d "..." /du "http://..." /tr http://... my.exe

If it was installed in the user’s certificate store simply leave the /sm switch off:
signtool.exe sign /v /a /ph /d "..." /du "http://..." /tr http://... my.exe

Now the short explanation for the used command line switches:

  • /v means verbose and is not strictly needed. It’s useful for the first invocation when you want to see which certificate was ultimately chosen (see next bullet point).
  • /a automatically selects the certificate that is valid the longest and that can be used for code signing. In most cases only one certificate will be installed on the machine anyway.
  • /ph computes hashes over each section of the binary file (more secure but not strictly necessary).
  • /d adds a description.
  • /du adds a URL.
  • /t or /tr is the URL of a time stamp service. This part is very very important. The reason being that without this the signature of a file will expire unless the signature is time stamped. Once time stamped, the signature will remain valid even beyond the expiry date of the certificate. However, StartCom also sets the “Enhanced Key Usage” property “Lifetime Signing (1.3.6.1.4.1.311.10.3.13)” which will cause the signed binaries to fail validation after the certificate ran out 1. (turns out this is no longer the case, see in the comment section below)
  • /ac has to be used for kernel mode drivers to include issuer intermediate and root certificates in the signature.
    The choice of /t versus /tr depends on the timestamp service running at the URL you are using (were given)
  • /i, /n and /r can be used to select the right certificate in case more than one is installed.

Timestamp URLs which can be used:

  • http://timestamp.verisign.com/scripts/timstamp.dll works with /t (Note: no ‘e’ in timstamp.dll)
  • http://timestamp.globalsign.com/scripts/timestamp.dll works with /t
  • http://www.startssl.com/timestamp works with /tr

Hope it’s helpful for someone else.

// Oliver

  1. StartCom claims their extended validation certificates don’t have that issue, though. []
Posted in EN, IT Security, Programming, Software | Tagged , , , , , , , , | 11 Comments