Meta
September 2025 M T W T F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Blogroll
IP info
Programs
Yeah … they are big, they can do it, right?
Connected_to_65.55.92.152_but_sender_was_rejected./Remote_host_said:
_550_SC-004_Mail_rejected_by_Windows_Live_Hotmail_for_policy_reasons.
_A_block_has_been_placed_against_your_IP_address_because_we_have_received_complaints_concerning_mail_coming_from_that_IP_address.
_If_you_are_not_an_email/network_admin_please_contact_your_E-mail/Internet_Service_Provider_for_help._Email/network_admins,_we_recommend_enrolling_in_our_Junk_E-Mail_Reporting_Program_(JMRP),_a_free_program_intended_to_help_senders_remove_unwanted_recipients_from_their_e-mail_list:_http://postmaster.live.com/
I wasn’t sending from my own mail server, but through a really big German ISP. And that makes it even more delicate.
// Oliver
Posted in EN, IT Security
Leave a comment
Star Wars in Old Icelandic
A hilarious “treatise” about the old Icelandic saga of the people from the Tattooine river valley. The English introduction should be fun to read for almost anyone.
Check it out on tattuinardoelasaga.wordpress.com.
Thanks to the author. I had to laugh very hard when reading things like:
Tattúínárdœla saga tells of the youth of Anakinn himingangari, beginning with his childhood as a slave in Tattúínárdalr, notably lacking the prolonged racing scene of the MHG version, […]
… or:
After this killing, for which Anakinn’s owner (and implied father) refuses to pay compensation, Anakinn’s mother, an enslaved Irish princess, foresees a great future for Anakinn as a “jeði” (the exact provenance of this word is unknown but perhaps represents an intentionally humorous Irish mispronunciation of “goði”).
… or:
Because of his great skill in hunting, Anakinn is now known to most as Veiðari-Anakinn, “hunter-Anakinn,” or often simply Veiðari.
// Oliver
Posted in EN, Island/Iceland/Ísland
Tagged fun, Iceland, icelandic, norse, old icelandic
Leave a comment
ecryptfs and sshd, again
In January I described an issue with ecryptfs and sshd. Now I wanted to get X11 forwarding to work with it, but the problem essentially remains the same. All I got this time was:
/usr/bin/X11/xauth: timeout in locking authority file /home/oliver/.Xauthority
Well, the problem is that with ecryptfs set up, the permissions are somewhat messy in the folder that will later be overlaid by the (encrypted) home folder contents once logged in. Creating the .Xauthority
file and fixing permissions didn’t do the job either, and I refrained from changing the parent folder permissions. Until I noticed, well there got to be some way of mounting the encrypted home folder from the console again. And there is: ecryptfs-mount-private
. Well, if that’s what happens if I log on via the terminal, why doesn’t it work via SSH? Simple, my sshd was configured to:
#UseLogin no
So once I changed that to yes, the .Xauthority file could be created and updated without problem. A look into the PAM settings reveals why:
# (cd /etc/pam.d && grep ecryptfs *|sed 's/[ \t]/ /g') common-auth:auth optional pam_ecryptfs.so unwrap common-password:password optional pam_ecryptfs.so common-session:session optional pam_ecryptfs.so unwrap common-session-noninteractive:session optional pam_ecryptfs.so unwrap
Now the only question was, would it work with UseLogin yes
in sshd_config
but without the ~/.ssh/authorized_keys
inside the “unmounted” home folder? Unsurprisingly the answer is nope. One still has to go through hoops in order to update the authorized_keys
file. And a web search tells you that apparently the majority of people still uses passwords for their SSH connections, no one seemed to have the same problem so far. So my hope is that this post is going to help someone else 😉
To sum it up – all one has to do is:
- Use login(1) in order to log into your account via SSH
- Make sure that the “raw” home folder before mounting the ecryptfs‘d part contains your
.ssh/authorized_keys
file.
It seems like the home folder gets unmounted as soon as one logs off and no other sessions are still running. Fair enough … once we know the rules, we can play by them …
// Oliver
PS: A symptom of not auto-mounting the private home folder is seeing this during logon:
keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private'
Running ecryptfs-mount-private && cd $HOME
fixed that for me.
Posted in EN, IT Security, Linux, Software, Unix and unixoid
Tagged Linux, sshd, ubuntu, X11, x11 forwarding, xming
4 Comments
Don’t allow Iceland to win the ESC
Citizens of Europe, I implore you: don’t make Iceland win the European Song Contest 2010 if they make it to the finals. In the current economic situation, this would be the final deadly blow.
So please, don’t force this onto them, even if they should have the best song in the world! I mean it, this would be a disaster for Iceland.
// Oliver
Posted in EN, Island/Iceland/Ísland
2 Comments
Not Valgrind, CDPATH
The problem I described just yesterday (here) seems not be to with Valgrind in particular. Today I was trying to build the file(1) utility and mysteriously failed with the same symptoms. So that made me curious.
Apparently the cd
command on my shell
$ $SHELL --version GNU bash, version 3.2.39(1)-release (i486-pc-linux-gnu) Copyright (C) 2007 Free Software Foundation, Inc.
behaves differently when called via /bin/sh
rather than /bin/bash
. In any case, the fact that cd
was failing got me thinking. It obviously had to do with cd itself, so it must be some factor that influences how cd
acts. CDPATH
does just that and in my .bashrc
it was set to /mnt
. So I was giving it a try to unset CDPATH
and suddenly the build would succeed. I’m going to try that with Valgrind later, but given the identical symptoms and the fact that both use automake/autoconf to create the make files, increases the likelihood of this being the problem.
The gist: unset CDPATH
(or don’t set it in your profile ;))
// Oliver
PS: I verified it, this is indeed also the problem for Valgrind.
Posted in EN, Linux, Programming, Unix and unixoid
Tagged autoconf, automake, bash, debian, file, Linux, valgrind
Leave a comment
Getting Valgrind to build on Debian 5.0.3
I’ve been trying this already several times over the last three months, but always failed to build the latest Valgrind from sources on my Debian box. At last I had success.
The problem appears to be that for some unknown reasons GNU Make (or one of its callees, e.g. the shell?!) acts up on cd $$subdir
which is used in numerous places in the Makefile
s in the source tree. This is taken from the make files, so it will collapse to cd $subdir
before the shell gets to see it. $subdir
is in most cases a variable in a for loop, iterating over subdirectories of the “current” one. Strangely enough all seemed right, the include
subdirectory exists, it contains a Makefile
and so on. I even inserted some additional commands before the cd
in order to get some diagnostic output. The output of pwd
suggested that we were in the right folder, the value of $subdir
was correct and all side conditions seemed in order. But still, it wouldn’t build.
So I used the dirty trick (also archived in the valgrind-users mailing list) to modify the Makefile.in
files to replace all occurrences of cd $$subdir
with cd $(CURDIR)/$$subdir
and suddenly everything worked after running configure
again. Magic … 😉
Here’s the line I used:
find -name 'Makefile.in' -exec \ sed -i 's/cd \$\$subdir/cd \$(CURDIR)\/\$\$subdir/' {} \;
That took care of it for me. So I’m a happy Valgrind 3.5.0 user now, instead of using 3.3.1 as it comes with Debian 5.0.3.
// Oliver
PS: The reason why we replace it in Makefile.in
is that this way running configure
again will not undo our modifications, because those files are used to create the actual Makefile
s.
Posted in EN, Linux, Programming, Unix and unixoid
Tagged autoconf, automake, Linux, valgrind
3 Comments
Listing the CVS tags on a file
cvs status -v file |\ awk '/Existing Tags:/{c=1;next}c{print}' |\ awk '{print $1}'
Gives a plain list of tags, nothing fancy, though …
Posted in EN, Programming, VCS
Leave a comment
Demokratie endlich ad acta legen …
Wie die scheidende EU-Kommissarin Ferrero-Waldner jetzt auf eine Anfrage hin antwortete:
ACTA should not contain measures restricting end-users’ access to the internet that would not be approparite (sic!), proportionate and necessary within a democratic society and without a prior, fair and impartial procedure.
Auf gut Deutsch:
ACTA sollte keine Maßnahmen enthalten, die den Zugriff der Endnutzer beschränken und nicht in einer demokratischen Gesellschaft angemessen, verhältnismäßig und notwendig wären; und nicht ohne ein vorheriges, gerechtes und unvoreingenommenes Verfahren.
(Hervorhebungen durch den Autor dieses Beitrags)
Man beachte die doppelte Verneinung und die Verwendung von sollte, welche von Politikern gern als Nebelkerzen benutzt werden. Gerade die Verhandlungen zu ACTA, die bekanntlich – einer modernen westlichen und demokratischen Gesellschaft angemessen – im Geheimen ablaufen und die Tatsache, daß auf dem Etikett “demokratische Gesellschaft” draufsteht, zeigt uns, daß wir die Demokratie ad ACTA legen können.
… denn wo demokratisch draufsteht, muß noch lange nicht Demokratie drin sein, wie die “Deutsche Demokratische Republik” (DDR) eindrucksvoll in den vierzig Jahren ihrer Existenz nachgewiesen hat. Das ist vermutlich auch der Grund warum so oft von “demokratischen Prozessen”, “demokratischen Parteien” (?) und anderen “demokratischen” Dingen, aber so selten von Demokratie die Rede ist, oder? Laut Etikett ist auch die Nationaldemokratische Partei Deutschlands “demokratisch”, laut den “demokratischen Parteien” eher nicht. Das Volk, beispielsweise in Sachsen, juckt das eher weniger bei Wahlen. Dehalb gilt “das Volk” als inkompetent. Das Volk hat eben noch nie die Deutungshoheit über das Wort Demokratie beansprucht, weshalb das jetzt andere übernehmen. Für eine Umkehr dürfte es auch zu spät sein, denn “demokratische Parteien” scheuen direkte Demokratie wie der Teufel das Weihwasser und unsere westlichen “demokratischen” Gesellschaften sind auf dem besten Weg das ganze Gegenteil von dem zu werden was auf dem Etikett steht …
// Oliver
The mysterious case of the swallowed script call
Just had this “mysterious” case of DDKBUILD not properly working. I could swear everything worked fine before, but the unconscious creation of a script named build.cmd
would take precedence over the build
utility from the DDK. Now batch and NT scripts have this peculiar feature that scripts called from within scripts without using the call
command will actually swallow the rest of the “parent” script, because the child script will never return. Anyway, mystery solved.
Hint: never put a file named foo.cmd
into your local folder if you’re going to execute a script which relies on foo
(e.g. as foo.exe
) from within that folder.
// Oliver
Posted in DDKWizard/DDKBUILD, EN, Programming
Leave a comment
Annoying use of GNU make
Whenever I download some source code and find that the respective maintainer/author has a Makefile
or makefile
inside the source tree but requires GNU make specifically I can get really annoyed really fast.
Dear maintainer/author: there are literally dozens of make flavors on Earth and the fact that your source requires the use of GNU make as opposed to BSD make or “some other flavor” should get you thinking. GNU make has this really nice way of picking up files in the current directory in a certain order of precedence (you can see it when having it output what it does). One that implies the use of GNU make is the name GNUmakefile
which doesn’t get accidentally picked up by other make flavors. Why is it so difficult to use that instead of the generic name that will get picked up by every other flavor and will cause any other flavor to choke? … And moreover, why does it seem to be so difficult for configure
scripts to write it to disk as GNUmakefile
?
// Oliver (grumpy and annoyed ;))
Moon or nukes? Nukes or moon?
… well, for the Nobel Peace Prize winner of 2009 it’s an easy answer: nukes; a modern and better arsenal of nuclear weapons. The ultimate goal: a world without nuclear weapons.
How? To be honest I haven’t got a clue. Sounds a bit like doublethink to me, but my current working theory is that the world is going to be nuked which solves just about all problems mankind got, including itself …
// Oliver
Hmm, being an …
Adonis I might also have no problem with those body scanners. But on second thought I probably still would. As BBC reports:
Transport Secretary Lord Adonis said in the immediate future only a small proportion of airline passengers would be selected for scanning.
In a written statement to the House of Commons, he said: “If a passenger is selected for scanning, and declines, they will not be permitted to fly.”
Well, good for them. But what really freaks me out are the “excuses”:
The new security rules have been introduced following the attempt to blow up a plane over Detroit on Christmas Day.
Hullo? So let’s use body scanners because the current freakishly paranoid security measures aren’t enough to catch nutters like the one in the plane to Detroit about which the US agencies were well informed (even by the father of the bomber)? Oh, not to forget that according to some news reports that person was on board without a passport?!
So what they are saying is that despite all the current security measures they have to create more false security by pretending to “do something” through the introduction of some additional technical measures? Did I get that right? So what? It’s been proven that the body scanners only work on things that are close to the skin. And that doesn’t even include body cavities. Hey, pensioners won’t be a problem in future if every passenger is going to be x-rayed and dies of cancer early. As far as I’m concerned they can shove their fake security where terrorists are going to shove their plastic explosive once body scanners have been widely introduced …
Nothing, nothing at all will keep a determined attacker from pursuing his attack plan and succeeding with it, if whatever drives those nutters is enough for them to forfeit their lives. Nothing! The only thing we could attempt to do is to make this a more just world in which nutters like these won’t even have a place. But that’s too idealistic and far-fetched …
Somehow this world is getting more and more surreal with every year that goes by.
// Oliver
PS: Israel, certainly one of the more exposed countries when it comes to (actual) terrorism, has been very successful with airport security. And guess how?! Not so much with technical measures that will produce a false sense of security, but with people who are trained to notice certain behavioral patterns.
Update: this is a good match for this topic …
lads
… and, I don’t mean the other word for “guys” or the Yule Lads, is a little program I wrote. It’s nothing special really, just a class that enumerates (or lists) alternate data streams on a given file or directory.
The program itself may not be of any use, but the class CAlternateDataStreams
is in the PUBLIC DOMAIN and may therefore be used anywhere without attribution, even though attribution is appreciated.
Have fun,
// Oliver
Download: lads.zip (35 KiB) (SVN)
REDISTRIBUTION TERMS: The source is of course included. The whole package is released into the PUBLIC DOMAIN. Disclaimer: This software is provided ‘as-is’, without any express or implied warranty. In no event will the author be held liable for any damages arising from the use of this software.
PS: The name lads was already given to other tools with similar intent, so I decided to throw in another s and make it lsads.
Posted in DDKWizard/DDKBUILD, EN, Programming, Software
Tagged ads, alternate data stream, public domain
Leave a comment
Praktisch
Nachdem ich auf der isländischen Seite von IKEA einiges gesucht aber leider nicht alle Details verstanden hatte, habe ich mich der Tatsache entsonnen, daß bei denen die Namen ja schwedisch und weltweit einheitlich sind. Das ist äußerst praktisch, denn nun kann ich auf der deutschen Seite suchen und nachgucken und danach den Namen bei der isländischen Seite suchen …
Einziger Nachteil: nicht alle Produkte finden sich in den Webshops.
// Oliver
Matching pool tags in Windows drivers
This is a note to myself, mainly. If the PROTECTED_POOL
flag is set on a pool tag, freeing it will require the use of the same tag as when allocating it. For all other purposes the tag will be ignored when freeing.
Microsoft states for the Tag
parameter in ExAllocatePoolWithTag
:
Specifies the pool tag for the allocated memory. Specify the pool tag as a character literal of up to four characters delimited by single quotation marks (for example, ‘Tag1’). The string is usually specified in reverse order (for example, ‘1gaT’). The ASCII value of each character in the tag must be between 0 and 127. Every allocation code path should use a unique pool tag to ensure that debuggers and verifiers identify a distinct allocated block.
Presumably most tags used by system components themselves will have that flag set, but to be honest I haven’t checked the pooltag.txt lately 😉
// Oliver
China is right, it is censorship
If Germany or other EU countries try to block certain content due to “local laws” what’s the difference if China does it according to their “local laws”? And even the US, home of the free, is not exempt from censorship. It’s not new, but there’s a new case that is especially hard to understand. SourceForge is now blocking IP ranges from certain countries that are listed on sanction lists. I like, though, how they exercise the part of freedom of speech that cannot be touched by these sanctions forced upon them:
As one of the first companies to promote the adoption and distribution of free and open source software, and one that still puts open source at the center of its corporate ideals, restrictions on the free flow of information rub us the wrong way. However, in addition to participating in the open source community, we also live in the real world, and are governed by the laws of the country in which we are located. Our need to follow those laws supersedes any wishes we might have to make our community as inclusive as possible. The possible penalties for violating these restrictions include fines and imprisonment. Other hosting companies based in the US have similar legal and technical restrictions in place.
Read the full post in their blog.
// Oliver
Posted in EN, IT Security, Programming, Software, Thoughts
Leave a comment
Updated looklink again …
The program looklink has received an update. This time I replaced the CSimpleBuf class by a simpler one that is owned by the CReparsePoint class for ease of use.
This is also a preparation to make use of the class from within WinDirStat.
// Oliver
Posted in /dev/null
Leave a comment