WhoCares?

Neuer Traumjob: Uhrensteller bei SAT.1

Posted on 2012-07-02 by Stefan Rubner

Finally: A Fix for Python 2.7 Aborts on Import of ctypes

Posted on 2012-06-21 by Stefan Rubner

This has been bugging me for quite some time now: Every time I tried to import the ctypes module into Python 2.7, all I would get was the famous “Aborted” message. With some time to spare I could trace the problem down to the file closures.c of the libffi submodule. Most likely due to a compiler/optimization bug in older versions of gcc a double-free is happening there in line 151.
Since the surrounding function only checks for the presence of SELinux on the host and since the box I need to run Python 2.7 on doesn’t have SELinux installed, I opted for simply removing the whole thing:

--- a/Modules/_ctypes/libffi/src/closures.c 2012-04-10 01:07:33.000000000 +0200
+++ b/Modules/_ctpyes/libffi/src/closures.c 2012-06-20 17:35:40.277850045 +0200
@@ -119,52 +119,7 @@
#define LACKS_SYS_MMAN_H 1

#if FFI_MMAP_EXEC_SELINUX
-#include <sys/statfs.h>
-#include <stdlib.h>
-
-static int selinux_enabled = -1;
-
-static int
-selinux_enabled_check (void)
-{
- struct statfs sfs;
- FILE *f;
- char *buf = NULL;
- size_t len = 0;
-
- if (statfs ("/selinux", &sfs) >= 0
- && (unsigned int) sfs.f_type == 0xf97cff8cU)
- return 1;
- f = fopen ("/proc/mounts", "r");
- if (f == NULL)
- return 0;
- while (getline (&buf, &len, f) >= 0)
- {
- char *p = strchr (buf, ' ');
- if (p == NULL)
- break;
- p = strchr (p + 1, ' ');
- if (p == NULL)
- break;
- if (strncmp (p + 1, "selinuxfs ", 10) != 0)
- {
- free (buf);
- fclose (f);
- return 1;
- }
- }
- free (buf);
- fclose (f);
- return 0;
-}
-
-#define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \
- : (selinux_enabled = selinux_enabled_check ()))
-
-#else
-
#define is_selinux_enabled() 0
-
#endif /* !FFI_MMAP_EXEC_SELINUX */

#elif defined (__CYGWIN__)

Compile, install – works. Now on to some other stuff that needs Python 2.7 to run properly ;)

Posted in Helden der Technik, Linux, Software | Tagged Helden der Technik, Linux, NAS, ReadyNAS, Software, Technology | Leave a comment

Astaro ASG as OpenVPN Access Server client

Posted on 2012-05-29 by Stefan Rubner

Just about four weeks ago I posted about the resurrection of the .ovpn to .apc converter script. In the meantime Alois told me in the comments that while this was nice it didn’t work for current versions of the OpenVPN Access Server and the .ovpn files it creates.

Well, since there’s been nothing much else to do I did some more work on the script and I can now happily say that it now also converts the new .ovpn format to an .apc the Astaro can understand. Unfortunately, there’s a little catch: the OpenVPN Access Server relies on ‘tls-auth’ for client connections and the Astaro neither knows of that concept not provides a method to import the needed key file. So I had to do some creative manipulation to make the Astaro do my bidding to include the necessary config statements. In addition, you will need to manually copy the key file to the Astaro to make everything work as expected. To make things as easy as possible, the script will tell you what to do.

If you’re interested, check out the latest version of ovpn-to-apc.sh on Gitorious. If it works for you, let me know. If it doesn’t, let me know, too.

Posted in internet, Linux, security, Software | Tagged Linux, mobile, network, networking, security, Software, Technology, tuning | 7 Comments

Kleine Erfolgserlebnisse

Posted on 2012-05-26 by Stefan Rubner

Vorher

Check name Uptime Downtime Outages Response time
####### 58.54% 9h 57m 02s 189 9649ms

Nachher

Check name Uptime Downtime Outages Response time
####### 100.00% 0h 00m 00s 0 647ms

Posted in Helden der Technik, internet, Linux, Networks, Software, the ugly truth | Tagged Helden der Technik, internet generation, Linux, networking | Leave a comment

.ovpn to .apc Converter Revisited

Posted on 2012-04-17 by Stefan Rubner

The Astaro Security Gateway (ASG) is a great firewall and remote access solution. The only flaw of it being that Astaro, too, tries to build a walled garden around their suite of products. One major drawback here is that while the ASG has outstanding capabilities as a remote access server, there’s no easy way to use it as a client to connect to an OpenVPN SSL server. The main show stopper is that the ASG expects to get all it’s connection information from a .apc file while OpenVPN at best provides a .ovpn file which has a completely different structure.
Back in 2009 Patrick Schneider provided a simple bash script that would convert .ovpn files together with the needed certificates and key files into a .apc file the ASG could read. Unfortunately the script stopped working with newer ASG releases. Since I needed the functionality for a current project, I resurrected the code, polished and updated it a bit. The result can now be found on Gitorious: the new OVPN-to-APC converter script. Feel free to clone and enhance.

Update: Just pushed a new version to Gitorious that now handles the new .ovpn format provided by the OpenVPN Access Server as well.

Posted in internet, Linux, security, Software | Tagged Linux, mobile, networking, security, Technology | 23 Comments

Nginx + Dokuwiki and nice URLs

Posted on 2012-04-15 by Stefan Rubner

After almost tearing my hair out while trying to get those two to fully work together, I found the solution in the end. While most of the things that can be read here and there are right and true, all solutions I found one the web have one problem: After activating nice URLs in Dokuwiki, you won’t be able to use ACLs anymore with Nginx as the web front end.
The solution is quite simple, there’s an additional global rewrite needed:

rewrite ^/?$ /doku.php last;

The reason being that if you rely on “try_files” doing the right thing, it will do what you want for normal pages. But it will trigger a 302 redirect for admin pages, thereby losing all the POST data that should have been sent. Using the rewrite will keep the POST data and thus make the ACLs editing work again, even with pretty URLs.

Posted in internet | Tagged networking, Software, Technology | Leave a comment

Spiel, Spass, Spannung, Abenteuer

Posted on 2012-01-26 by Stefan Rubner

Posted in Helden der Lyrik, Linux, Software | Tagged Helden der Lyrik, Linux, networking, Software | Leave a comment

Das mit dem Rabatt üben wir nochmal, oder?

Posted on 2011-12-26 by Stefan Rubner

Posted in Helden der Lyrik, Helden der Technik, Mac, Software | Tagged Helden der Lyrik, Mac, Software | Leave a comment

Slowing down

Posted on 2011-12-14 by Stefan Rubner

This has been a very hectic couple of weeks. Not only the beta testing for the (now not so) new Netgear ReadyNAS boxes with ARM architecture: the Duo v2 and the NV+ v2. But also building add-ons for the new interface. Currently available are:

Especially the new web interface was a major obstacle there for in some situations it behaves quite different than the old and trusty Frontview. But now that I’ve got the hang of it I’m quite confident that more stuff is going to follow soon. And of course updates to the ReadyNAS Sparc stuff that has been put on hold for doing the ARM thing ;) Since I’ve just upgraded this site to WordPress 3.3, I might do an add-on for that as well – we’ll see.

For now it’s relaxing time – at least until the end of the week.

Posted in Cloud Computing, Hardware, internet, Linux, ReadyNAS, Software | Tagged Hardware, ReadyNAS, Software | 3 Comments

Die Rückkehr des runden Töpfchens

Posted on 2011-11-25 by Stefan Rubner

Ich bin wirklich nicht so vermessen zu glauben, dass Lidl aufgrund meiner Nicht-Kaufen-Empfehlung reagiert hat. Aber ich freu’ mich, dass es das Töpfchen wieder gibt und die Qualität auch wieder die alte ist ;)

Posted in Entertainment, the ugly truth | Tagged internet generation, the ugly truth | Leave a comment

Fixing PHP-FPM’s SCRIPT_NAME Bug The Brute Force Way

Posted on 2011-11-25 by Stefan Rubner

It’s not really news that PHP in it’s CGI or FPM flavor has slight to modest problems getting it’s environment right when using Apache as the front end web server, especially the $_SERVER['SCRIPT_NAME'] variable many scripts rely on to determine their true location on the hard drive. This erratic behavior is heavily documented in bug reports 51983 and 55208. As is common practice for the PHP-FPM team, their approach is to sit still and wait until this bug goes away on it’s own. This approach, proven to work for many politicians, may however not work for those folks, that need a solution to the problem at hand. A quite simple solution that unfortunately requires to recompile PHP is the following brute force patch for PHP 5.3.8:

--- php-5.3.8/sapi/fpm/fpm/fpm_main.c.org 2011-07-18 23:03:44.000000000 +0200
+++ php-5.3.8/sapi/fpm/fpm/fpm_main.c. 2011-11-24 18:29:37.000000000 +0100
@@ -1084,6 +1084,7 @@
{
char *env_script_filename = sapi_cgibin_getenv("SCRIPT_FILENAME", sizeof("SCRIPT_FILENAME") - 1 TSRMLS_CC);
char *env_path_translated = sapi_cgibin_getenv("PATH_TRANSLATED", sizeof("PATH_TRANSLATED") - 1 TSRMLS_CC);
+ char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
char *script_path_translated = env_script_filename;
char *ini;
int apache_was_here = 0;
@@ -1118,6 +1119,16 @@

/* Hack for buggy IIS that sets incorrect PATH_INFO */
char *env_server_software = sapi_cgibin_getenv("SERVER_SOFTWARE", sizeof("SERVER_SOFTWARE") - 1 TSRMLS_CC);
+ if (env_redirect_url &&
+ strncmp(env_server_software, "Apache", sizeof("Apache")-1) == 0) {
+ /*
+ * If we have an env_redirect_url and the web server is Apache
+ * it's very likely that env_redirect_url is the one we really
+ * want
+ */
+ env_script_name = _sapi_cgibin_putenv("SCRIPT_NAME", env_redirect_url TSRMLS_CC);
+ }
+
if (env_server_software &&
env_script_name &&
env_path_info &&
@@ -1159,7 +1170,7 @@
if (CGIG(fix_pathinfo)) {
struct stat st;
char *real_path = NULL;
- char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
+ // char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
char *env_document_root = sapi_cgibin_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT") - 1 TSRMLS_CC);
char *orig_path_translated = env_path_translated;
char *orig_path_info = env_path_info;

Posted in Helden der Technik, internet, PHP, Software, the ugly truth | Tagged Linux, PHP, Software, the ugly truth | Leave a comment

Best Summing-up of Google’s new Search App for iPad

Posted on 2011-11-22 by Stefan Rubner

Yep its great and now they can move on to a decent Google+ app for iPad.
–Carlos Rodrigues

[ More ]

Posted in Cloud Computing, Helden der Technik, internet, mobile, the ugly truth | Tagged Helden der Technik, internet generation, iphone, networking, Software, Technology, the ugly truth | Leave a comment

Interessanter Algorithmus

Posted on 2011-11-15 by Stefan Rubner

Posted in Helden der Lyrik, internet, Misc, the ugly truth | Tagged Helden der Lyrik, internet generation, the ugly truth | Leave a comment

On heavy rotation

Posted on 2011-10-15 by Stefan Rubner

… on my Sonos while porting CUPS 1.5.0 to the ReadyNAS ;)

Posted in Entertainment, Misc, Multimedia, Sonos | Tagged Home Entertainment, Multimedia, Sonos | Leave a comment

Fourtyfour

Posted on 2011-08-27 by Stefan Rubner

’nuff said :)

Posted in Misc | 1 Comment

Nicht-kaufen-Empfehlung der Woche

Posted on 2011-07-27 by Stefan Rubner

Früher gab’s bei Lidl mal eine tolle Sache. Nannte sich “Butterschmalz”, verpackt in einem runden Töpfchen, und war total genial geeignet zum braten, kochen, backen.

Das Produkt an sich gibt’s immer noch – es nennt sich sogar gleich. Geändert hat sich aber neben der Verpackung (jetzt in Quaderform) noch was: im Gegensatz zu früher ist der Wasseranteil im Schmalz um gefühlte 1000% gestiegen.

Das Zeug zischt, brutzelt und spritzt jetzt schon, wenn man es in die Pfanne schmeisst. Und es will sich auch schon bei Raumtemperatur in seine flüssige Aggregatsform umwandeln, was die Verarbeitung nicht wirklich leichter macht.

Keine Ahnung, wer hier Gewinnmaximierung betrieben hat, Lidl oder der Zulieferer. Auf alle Fälle ist das Produkt in der aktuellen Form nur für einen Zweck zu empfehlen: so lange bei Lidl im Regal stehen lassen, bis die wieder bessere Qualität liefern.

Posted in Misc, the ugly truth | Tagged Lebensweisheiten, the ugly truth, weisheiten | 1 Comment

Ich war’s nicht.

Posted on 2011-07-24 by Stefan Rubner

Könnte aber durchaus von mir sein ;)

Posted in Misc, the ugly truth | Tagged internet generation, Lebensweisheiten, the ugly truth | Leave a comment

External Supervisor of Illegal Services

Posted on 2011-07-06 by Stefan Rubner

Posted in Misc | Leave a comment

So nutzt man Facebook richtig

Posted on 2011-07-04 by Stefan Rubner

Sehr geehrter Herr Xxxxxx,

sind Sie der Michael Xxxxxx aus der Xxxxxxxxxxstr. 46, in XXXXX Xxxxxxxx-
Wenn ja, ich bin der Allianz-Fachmann von Ihrem Nachbar Gunter Xxxxxxx. Der hat Ihren autositz beschädigt.
Damit ich den Schaden begleichen kann, benötige ich Ihre Bankverbindung.

Mit freundlichen Grüßen
Mathias Xxxxxxx
Allianz Agentur Xxxxxx-Xxxxxxx

Wozu einen Brief schreiben, wenn man doch über Facebook wahllos (die falschen) Leute anschreiben kann?

Posted in Helden der Lyrik, Helden der Technik, internet, Misc | Tagged Helden der Lyrik, Helden der Technik, internet generation | Leave a comment

Most Legally Encumbered “Hello World” Program

Posted on 2011-05-26 by Stefan Rubner

can be found right there, at Oracle’s ;)

Hat tip goes to the Webmink

Posted in Entertainment, Helden der Lyrik, Helden der Technik, Software, the ugly truth | Tagged Software, the ugly truth | Leave a comment