Bei A1 ist Security noch nicht angekommen

Bei A1 ist der Begriff Security noch nicht angekommen.

Durch Zufall kam ich kürzlich bei einem Kunden mit dem A1 Webspace Business in Berührung. Im Produktnamen ist der Begriff Business zu finden, was darauf schließen lässt, dass es sich eben um ein Profiprodukt handelt. Aber was genau zeichnet es aus? Gute Frage, denn der Webspace bietet alles was beinahe jeder Webspace heute kann. Der Grund ist vermutlich der, dass man mit ein bisschen klicksi-klicksi ein CMS2 installieren kann.

Erschreckend an der Sache ist, dass fürs Dateiupload lediglich FTP zur Verfügung steht, ein Protokoll aus den frühen 80ern das beinahe ohne Sicherheitsmechanismen ausgestattet ist, wie man sie heute, 30 Jahre später, kennt. Eine nicht ganz zu vernachlässigende Tatsache in Zeiten, wo jeder ISP per Gesetz zum Herumschnüffeln verpflichtet ist.

Liebe A1-Telekom! Nach stundenlanger Recherche habe ich folgende Links gefunden, die da evtl. weiterhelfen:

http://www.google.com/#q=sftp+ftps

http://www.google.com/#q=secure+ftp

 

  1. Auch mal bekannt gewesen unter dem Namen Telekom Austria und auch mal unter Jet2Web und noch ein paar andere Namen. Weiß sowieso kein Mensch mehr wie die heißen. Vermutlich ist das ganze eine gekonnte Verschleierungstaktik, da man früher einfach “die Post” sagte und das etwas negativ behaftet war.
  2. Zur Auswahl stehen WordPress, Typo3, Joomla und noch ein paar andere.

RF_KILL sucks!

This is not the first time that I have troubles with the RF-kill “feature” as reported on this blog.

Recently I set up an old notebook. I did a clean Linux network install of Debian Lenny. Everything worked fine, all hardware was detected properly.

But it took not long to find out that the wifi does not work although the card was detected correctly. `lspci` showed that it is a IPW2100 which is a pretty well-known wifi adapter. After unloading and loading the appropriate kernel module, it was reported that RF_KILL is enabled.

The notebook is an old Toshiba notebook. It has a wifi indicator LED and the symbols on the keyboard showed that Fn+F8 should enable it. But simply nothing happens. I made sure that the Fn key and the F8 key both work. I expected the kernel to report something but it didn’t.

I have seen various methods of enabling and disabling wifi: soft keys, hard keys, key combinations on the keyboard, simply just enabling/disabling it by software, and BIOS disable/enable. And of course combinations of those methods.

I restarted the Toshiba notebook to have a look at the BIOS setup. Unfortunately, its BIOS didn’t allow any settings. I tried to “reset to factory defaults” but it didn’t change anything. Then I tried to find a software enable option. Luckily I’m working on Linux, thus I have direct access to most hardware features. In this case the RF_KILL enable/disable option is found in the special file /sys/devices/pci0000:00/0000:00:1e.0/0000:02:0a.0/rf_kill. Writing neither 0 nor 1 to it didn’t change anything. This indicated that there must be some other hardware enable/disable method.

I assumed to have found a BIOS bug…which would not be the first time. And flipped the notebook to gather the product specification and I found something…

 

Inder Hood hat wohl gelogen

Mein erstes Handy erwarb ich 1997 — schon eine Zeit lang her. Den ersten Vertrag hatte ich bei der Mobilkom. Damals gab’s ja nichts anderes. Eine Marktbelebung war dann MaxMobil wohin ich dann auch gleich gewechselt bin. Irgendwann wurden die dann gekauft vom deutschen Riesen T-Mobile, was mein patriotisches Herz natürlich erschütterte, wodurch ich dann wieder zu irgend einem anderen Anbieter gewechselt bin.

In Österreich hatten wir einmal verhältnismäßig viele Anbieter. Die Mobilkom (heute Vodaphone) als Tochter der Telekom Austria, der Ex-Monopolist. MaxMobil (heute T-Mobile), ein österreichisches Startup. Dann gab’s One, heute (noch) Orange, und Hutchinson (3G). Ach ja und Telering auch noch.

Mobilkom war immer qualitativ gut, hatte in erster Linie Business-Kunden im Plan. MaxMobil war anfangs ein bastelndes Startup-Unternehmen, bat aber auch immer relativ hohe Qualitität. Das Programm war auch auf Business-Kunden ausgerichtet. One hat immer mit angeblich hoher Sprachqualität geworben, die Netzabdeckung war aber eher zurückhaltend. Hutchinson hat im Miniland Österreich experimentiert. War offenbar nur ein Rundungsfehler in deren Bordkassa. Und Telering war immer einfach nur billig. …und so hochwertig war auch das Produkt *lol*

Wie dem auch sei, bis heute habe ich immer fürs Telefonieren und SMSen gezahlt. Vor einem halben Jahr habe ich wieder einmal den Vertrag gewechselt. Muss so sein, bringt von Zeit zu Zeit Vorteile. Irgendwie habe ich mich zum ersten Mal in meinem Leben für Telering interessiert — aber auch nur deshalb, weil Telering seit ein paar Jahren in Wahrheit T-Mobile ist. Ein wesentlicher Inhalt deren Werbung sind “keine Versteckten Kosten”. Das kann man auch auf deren Website lesen.

 

Das Ganze soll nur 9 Euro im Monat kosten; wunderbar. Aber was lese ich dann auf der letzten Rechnung?

SMS Empfangsbestätigung   134   20%    5,58

Ich bekomme die Rechnungen immer per Email. ich habe also sogleich auf das Email geantwortet. Leider erfolglos. Ein Robot antwortete mir das man auf diese Emailadresse nicht antworten kann — *lol*

Auf der Homepage findet man den Link “Email senden”, hinter dem sich aber ein HTML-Formular verbirgt und keine Liste von Emailadressen. In dem Formular gibt es keine passende Auswahl um eine passende Frage zum Thema “Empfangsbestätigung” zu fragen. Ich habe die Sache getwitter, und — oh Wunder — @telering hat geantwortet ich solle mich doch per DM melden. Habe ich auch gemacht; naja, warte nun seit einem Monat auf eine Antwort.

Nun gut. Ich denke, dass ich genug Text geschrieben. Noch nie in meinem Leben, d.h. konkret seit 15 Jahren, habe ich etwas für SMS Empfangsbestätigungen bezahlt. Aber die Telekom-Branche ist sehr erfinderisch wenn es ums Abzocken von Kunden geht.

Kmail does not ask for PGP password

A few days ago I fucked up my Debian installation. It ran properly for several years but because of mixing different repositories (squeeze, wheezy, backports,…) aptitude somehow lost track about packet versions. I spent several hours but was unable to fix it. It just got worse.

Thus, I decided to do a completely fresh installation of Debian/Wheezy. I always do a basic installation first without X11 desktop. If everything works then I add X11 and KDE being my favorite.

Of course I kept my home directory as usual to keep all settings, all emails, and all other stuff that hangs around in this directory.

Most things worked immediately but kmail did not ask for the password of my PGP key anymore, when trying to sign emails. I check its settings and everything looked fine. I also checked kgpg which continued to successfully sign/encrypt messages.

I found the following bug report which also contains some links:

https://bugs.kde.org/show_bug.cgi?id=167960

http://randomguy3.wordpress.com/2008/07/24/kmail-trunk-signing/

In my new installtion the gpg-agent is installed by default and it is running as can be simply verified. I then check for pinentry and I found out that pinentry-gtk2 was installed but pinentry-qt4 not. I don’t know if this is by intention or if there is a wrong dependency somewhere. I think the latter is the case because I installed KDE which is Qt-based but I did not install Gnome (which is GTK-based).

I simply installed pinentry-qt4 but kmail still did not ask for the password (just “signing error: illegal passphrase”). I looked at gpg-agent in more detail and found out that it creates an environment file in my ~/.gnupg directory. When looking into this directory I remembered that I had a similar problem several years ago. Therein is the configuration file gpg-agent.conf which is loaded by gpg-agent at startup. It contained the following line:

pinentry-program /usr/bin/pinentry-qt

I now tried to start pinentry-qt manually but the binary didn’t exist although I had installed the package. Apparently the binary was renamed to pinentry-qt4. I changed the corresponding line in gpg-agent.conf, restartet gpg-agent and the problem was solved.

Polyline Refinement with Smrender

The latest version 1.1.r1230 of Smrender now implements a new feature which I call polyline refinement. It highly improves the appearance of the map specifically in such areas which are just “roughly” mapped. Ideally, it is applied to the coastline, for example.

Polyline refinement is invoked rule-based. It is an internal function. The following shows an example of how to call it.

<way>
<tag k='natural' v='coastline'/>
<tag k='_action_' v='func:refine_poly?deviation=500,iteration=5'/>
</way>

The function parameters deviation and iteration are optional.1

Have a look at the following two images to see the difference!

Rendering w/o polyline refinement

Rendering w/ polyline refinement

 

Download the most recent version at http://www.abenteuerland.at/download/smrender/.

Have fun!

Pdflatex does not compile Beamer class documents

For several years now I use the Beamer class to create slides with Latex. For whatever reason pdflatex does not compile my Latex documents anymore. It stops with the following error message:

! Undefined control sequence.
\Gm@lmargin ->\Geom@lmargin

I found out that this seems to be caused by an update of the geometry package. The newer version breaks the Beamer class. The workaround is to insert the following code before the document class definion:

\makeatletter\let\ifGm@compatii\relax\makeatother

Actually, I found this solution in the following posting. I think it may help several other people, hence, I concluded it here again.

http://groups.google.com/group/comp.text.tex/browse_thread/thread/b3acfd525b7fcddb

C Source Code Analyzer for Graphviz

I am currently working on a graph based visualization tool for the output of an i386 emulator. The basic idea is to do some kind of intelligent malware analysis and behavior prediction.

I experimented a little bit and suddenly got the idea to do some kind of source code graphing of some of my programs. Unfortunately, I did not found a suitable solution ready to use on the Internet although I admit that I didn’t search thoroughly. I proudly present my simple C source code analyzer which produces output that is suitable for Graphviz.

It reads C sources from stdin and identifies functions and all function calls from within those functions. The output can be directly fed into e.g. ‘dot’ for generating nice graphs. You may manually refine the output before rendering.

I call the tool simply just canalyze and it can be downloaded here: http://www.abenteuerland.at/download/proggies/canalyze

At the beginning I defined an array which contains function names that are ignored. Those functions are mainly typical library and system calls. You may adapt this to your needs.

To use it, simply pipe all your C sources to it:
$ cat *.c | canalyze > callgraph.dot
Now open the file 'callgraph.dot' in your favorite editor and edit it up to your needs and then run dot:
$ dot -Tpng callgraph.dot -o callgraph.png

The picture above is an example which shows the current version of Smrender. The call graph source may be downloaded from here:

http://www.abenteuerland.at/download/proggies/smrender.dot

Have fun playing with it, the output is really nice!

 

Rendering Depths with Smrender

Rendering Depths with Smrender

I started to experiment with the rendering of depths with Smrender. At a first glance this looks trivial but one might err. OSM data as well as a chart is just a two-dimensional plane. So, where’s the problem?

As long as the elevation is monotonic, observed from any point in the two-dimensional “plane”, there is no problem. But if this is not the case, filling areas on the chart properly gets difficult. In particular this is true at least if there is no structural information about the third dimension in the data.

Non-monotonic cases are such where areas of lower elevation are enclosed by areas of higher elevation or vice versa or combinations of both. Typical examples are lakes, islands within lakes, or lakes on such islands. Of course, the same structures are also found on the bottom of the sea.

As already mentioned, filling such areas is difficult. Although I do not know, I believe that this is the reason for the existence of the relation type multipolygon in OSM. It targets exactly those cases from above.

Smrender does not care about relations and multipolygons; it uses an approach of ordered filling and “clearing” dependent on the area and the order of the nodes of the polygons.1 This works because areas of different elevation do never intersect.2

Tagging depths

I am into OSM and sea charts in particular since more than two years and there is a long ongoing and seemingly endless discussion about tagging of marine features. In my opinion this is an unnecessarily prolonged political discussion. However, OpenSeamap uses a well-structured S-57-based tagging scheme.

I introduced some new tags:3 seamark:type=sounding + seamark:sounding=<x> for soundings; x is the depth in meters. These tags are used for nodes only. Additionally seamark:sounding:quality=* may be added (INT-1 II 10). The value of reported_unconfirmed may be used for to draw a dotted line arround the sounding (INT-1 II 4) and approx for a dashed line (INT-1 II 31).

For ways, the tags seamark:type=depthcont + seamark:depthcont=<x> (INT-1 II 30) is used.

Where did I get the soundings from?

Well, since I needed some data for my render test, I simply scanned a part of an official sea chart, imported it into Josm using the Piclayer-Plugin and just copied the soundings and some isometric lines into a new layer 😉

Of course I did not and I will not publish this data because it is copyright protected and I use it just for my personal test.

  1. This feature is not implemented in the currently release version 1.1 of Smrender.
  2. I am currently working on a technical report in which I describe all algorithmic details about Smrender.
  3. It is nowhere implemented except in my personal rule set for smrender.

Smrender now uses GNU Autotools

After publishing Smrender I got several mails regarding the compilation and installation process. Mainly because I just used a simple Makefile and because it was not tested on other operation systems beside my Linux computer. Thanks to all beta testers for now!

I now introduced the GNU Autotools into the Smrender package, thus the compilation and installation process should work smooth.

It is tested to compile and run fine on Debian/Linux 6.0 (Squeeze), Ubuntu/Linux 10.04 (Lucid), FreeBSD 8.2, OpenBSD 5.0 (and 4.7), and Mac OSX 10.7.3 (Lion). Of course, it should work on most POSIX-style operating systems.

As mentioned in the manual, Smrender depends on the GD graphics library, thus it must be installed. For Debian and Ubuntu the package is called “libgd2-xpm-dev”, on FreeBSD and OpenBSD it is simply called “gd-2.0.35” (it resides in the graphics directory of the ports tree). On Mac OSX the package is called just “gd2”. The GD library further depends on at least fontconfig and freetype which should be installed automatically. On OpenBSD this requires having installed the distribution packages xbase50.tgz and xfont50.tgz.

Download the package from here and then do the following as usual:


tar xvfz smrender-1.1.tgz
cd smrender-1.1
./configure
make
sudo make install

Please note, that I didn’t update the documentation yet, to reflect this new style compilation process.

Have fun using it!

Smrender released into the wild

It was hard work to create smrender and it was even more work to create a documentation for it. And both are not finished yet. But nevertheless I decided to release it now. I have talked a lot about it and there are several articles about it found in the Internet. It is time now to show this great piece of software to the public.

The description and download links are found here: www.abenteuerland.at/smrender. Please try it out, use it, report bugs back to me, contribute to it.

Smrender is a rule-based renderer for OSM data. The rule set is very flexible and it supports dynamic loading and linking of third party libraries which makes it easy and highly interesting for others to write additional modules. Currently it includes one module. This is libsmfilter which is a replacement for smfilter. Libsmfilter also supports generation of light character strings as are used on official sea charts and in the list of lights.