OpenSUSE 12.1: GTK Buttons of Security Pop-up (IcedTea Plugin) not working in Connection with Webstart Application from DELL DRAC WebGUI


13 January 2012 at 22:41



I just noticed that there seems to be a problem with the IcedTea Plugin shipped with the latest OpenSUSE (12.1). So when using the IcedTea Java Plugin ("javaws") it always doesn't matter if I used it directly with Firefox or on the commandline.

Everytime I tried to visit a non-trusted Website like the WebUI of one of our DRAC Management Boards from DELL I've got a pop-up asking me to add an exception to the Security Database in order to proceed.

Unfortunately I wasn't able to use any of the GTK elements within the pop-up. This Problem seems to be caused by the Java Download Window which also came up in the Foreground.

So here I have a little wrapper which may help you to get things working:

$ cat ~/bin/javaws-workaround;
#!/bin/bash
javaws -headless $*;


The "-headless" Parameter prevents the Download Window from coming up which fixes the Problem. Don't forget to make the Script executable otherwise it may not work.

$ chmod u+x ~/bin/javaws*


Now open the Preferences in Firefox and select the "Applications" tab and then select the just created Script for Execution for all Applications of the Type "Java Webstart Application".

DONE! Hope somebody may find this useful :)

Leaving for Brainshare


05 October 2011 at 06:06



Tomorrow we will be leaving for Novell's international Conference, the Brainshare. Our team from B1 Systems will be giving a lot of talks about recent topics like the SUSE Manager, Puppet and also Cloud Computing with Openstack. Feel free to join us if you're interested in any of these :)

See you there!

Apache HTTP Server 2.2.21 Released


28 September 2011 at 06:31

Today Apache 2.2.21 got released!


     * SECURITY: CVE-2011-3348 (cve.mitre.org)
       mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
       unrecognized HTTP methods from marking ajp: balancer members
       in an error state, avoiding denial of service.

     * SECURITY: CVE-2011-3192 (cve.mitre.org)
       core: Further fixes to the handling of byte-range requests to use
       less memory, to avoid denial of service. This patch includes fixes
       to the patch introduced in release 2.2.20 for protocol compliance,
       as well as the MaxRanges directive.

For further information just have a look at on the httpd-announce list.

Mailman Auto-Subscription of LDAP Users


12 September 2011 at 08:15



This is a quick and dirty way on how to keep all your ldap users in sync with a specific mailman list. The sync_members script is part of the mailman package and ensures that also non-existing users will be purged. Before you start make sure that you have the ldap-utils installed.

The rest should be pretty self-explanatory, but if you got any questions so just let me know ;)

#!/bin/bash

LISTNAME="system";
TEMPFILE=$(mktemp "/tmp/$(basename $0)XXXXXX");

/usr/bin/ldapsearch -Z -x -P 3 -LLL \
        -H ldap://ldapmaster.domain.tld \
        -w 'ultrasecrectpassword' \
        -D "uid=binduser,dc=company,dc=de" \
        -s one -b "dc=users,dc=company,dc=de" \
        '(&(VirtualMailDrop=*)(VirtualMailboxForwardActive=FALSE))' \
        grep '^VirtualMailDrop:' | awk '{ print $2 }' \
        > ${TEMPFILE};

/usr/bin/sync_members \
        --notifyadmin=yes \
        --file ${TEMPFILE} \
        ${LISTNAME} >/dev/null 2>&1;

rm ${TEMPFILE};


You'd also have to adapt the filter expression to reflect your directory schemes and desired attributes. Later you might want to use cron to frequently sync your user-base.

OpenSSH 5.9 has just arrived!


06 September 2011 at 10:21

Today, version 5.9 of OpenSSH has been released ;-)

Pizzeria Blizzeria Witten: Gratis Fleischbeilage in Form von Insekten?!


11 August 2011 at 06:14

Hallo Welt,

bis auf wenige Kleinigkeiten wie beispielsweise falsch gelieferte Pizzabrötchen o.ä., hatte ich bisher keine nennenswerten Probleme mit den Bestellungen bei Blizzeria in Witten. Bis heute ....

So long ..

Jan

VoiPINOY™ - Cheap calls to the Philippines


08 August 2011 at 18:26

If you have relatives located in the Philippines you usually want to stay in touch with them as everyone else does with his family. As in most parts of East Asia cell phones are more widespread than regular land lines. Calling a regular land line can be pretty expensive no matter from which country you call (e.g. Germany). So guess what happens if you'd call a mobile phone in East Asia by using your German land line?! Yapp, of course, things would turn ridiculously expensive.. trust me, I know what I'm talkin' about!

During my stays in Asia I found myself talking with to a lot of people including guys from Germany and Switzerland. As we came to the question of how they keep in touch with each other it turned out that all of them were just using Skype. They don't even think about doing regular phone calls .. man how this sucks! I never got the point of using that piece of shitty proprietary software but it looks like we finally got some sort of a cure for that. Just give G+ a try and start using Hangouts! ;-)

Back to topic, so me and my girlfriend don't like to give up flexibility like calling each other from anywhere at anytime. So I finally found a SIP provider, offering a fairly priced flatrate for 35 USD per month (25 EUR) which can be either paid via paypal or AlertPay (for the first time you'll have to pay an additional setup fee of 15 USD!)

VoiPINOY also uses Asterisk and provides access via regular SIP or IAX (Inter-Asterisk Exchange) protocol. I'm using my flatrate on a regular basis (at least every second day) and it's totally worse the price! :-) I have connected my VoiPINOY account to my local PBX at home which is also based on asterisk. This way I'm able to make calls with any device like my cell phone connected to my WiFi access point, a regular handset, my laptop [...] :)

For more information see: VoiPINOY™ - Cheap calls to the Philippines and to any part of the world

My bloody Saturday powered by Dead Space 2


29 July 2011 at 17:09

Hello World,

I've just finished playing Dead Space 2 from Visceral Games and I swear that my brain still has a lot of impressions to deal with! I was rushing through the whole game within 5 hours or so and now you might find yourself asking - "what? just within five hours? what kind of game is this?" - and yeah, just within five hours!

Since from the start the game took me by working off the ancient creepy style of Doom with it's very own character. While I was drifting through the outer space along detailed structures of huge space platforms and spaceships, I was thinking of how much manpower those high realistic game physics and detailed special effects might have cost.

As I'm still waiting for the third part of Mass Effect I honestly haven't seen SUCH a nice game for years! If you think Doom 3 already scared the crap out of you then you better get some fresh panties before you start ;) You've been warned!

Stable Clonezilla live (1.2.9-19) Released


25 July 2011 at 20:15

Today, version 1.2.9-19 of Clonezilla live has been released. Among several enhancements also updates for partclone, Pbzip2 are included. Additionaly support for the Brazilian language has been added (great job!) and a bug about failing to do disk to disk clones was fixed.

Starting with this release you will have to manage boot paramters yourself and due to changes in Live-boot the boot parameter to assign static IP address has also been changed.

Rooting a Vodafone Branded HTC Desire Z including Engineering Hboot and Clockwork via Goldcard (SuperCID) + CyanogenMod


24 July 2011 at 19:55

This howto is based on a chat session between Guhl and me on channel #G2ROOT @ irc.freenode just about two weeks ago. I will try to explain how to remove the branding of your Vodafone HTC Desire Z to be able to install the latest Release of CyanogenMod. My device have had firmware version 1.82.161.1 installed which is known not to be "rootable". In order to install the latest CyanogeMod ROM I had to downgrade the firmware (<=1.34).

Please note, that I take no responsibility if you brick your device! All data on your device will be irrecoverable lost! I highly recommend to read all instructions carefully before proceeding with each step. If you have questions of any kind don't hesitate to give me a message via jabber (tuxaddicted@jabber.org) or simply leave your comment to this article.

Before you begin you'll need to have the Android SDK installed, including it's platform-tools. On more information on how to install the SDK including all necessary components simply follow this guide.

You will also have to manipulate your udev setup for your device to be recognized probably. Follow this guide or simply copy the following ruleset and re-plug your device afterwards:

$ cat /etc/udev/rules.d/00_external.rules;
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bb4", ATTRS{idProduct}=="0ff9", MODE="0666", OWNER="bungart" #Normal g2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bb4", ATTRS{idProduct}=="0c91", MODE="0666", OWNER="bungart" #Debug & Recovery g2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bb4", ATTRS{idProduct}=="0fff", MODE="0666", OWNER="bungart" #Fastboot g2


Now make sure that your device is plugged in via USB. Use the shell functionality of the adb binary to receive the CID (Carrier ID) of the device. You can find the adb binary within the "platform-tools" directory of the android sdk. If you followed the SDK guide accordingly you should have the platform-tools directory in your $PATH variable. This means that you can simply type "adb" without the need to specify the absolute path to the binary.

Enable USB Debugging: You will have to enable the USB debugging feature which is located under "Settings -> Applications -> USB debugging" before you will be able to connect your device with the SDK. After enabling the debugging mode you can simply use adb devices to check for available devices.

$ adb devices;
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached 
HT0BFRT01366	device

$ adb shell 'cat /sys/class/mmc_host/mmc2/mmc2:*/cid';
035344535530384780027e4ea600aac6

Good! Now point your browser to this URL (hexrev.soaa.me) and paste your CID into the designated fill-in field and click the submit button. Use the resulting CID to request a so called "Gold Card Image" from revskills.de. The image size is < 512B and will be send to you via email so be sure to provide a valid email address!

The gold card image is needed to gain "SuperCID" access. With it you will be able to replace the branded firmware with a regular one from stock.

  • If you haven't done it yet you might want to do a complete backup of your data before proceeding! (E.g. use Titanium Backup for this)
  • Insert a SD card to your CARD Reader. We're going to overwrite it's boot sector so it's strongly adviced that you use a dedicated SD card without any important data on it.
  • You can identify the respective block device by using "dmesg | tail" right after insertion of the SD card since there is only one hard drive installed (sda, sdb, sdc, sd...)
  • I will use "/dev/sdb" to be my block device (replace it everytime it's mentioned with the one you've identified!)
  • Attention: As a regular user you should normally unplug any additional mass storage devices like external hard drives, usb memory sticks, smartphones and such. This way you avoid overwriting one of these instead of the sd card. Also take note that the block device /dev/sda is most likely considered to be your system's hard drive. If you accidentally overwrite it's boot sector also the partition table will be gone! (Newer versions of cfdisk can now also seek and restore lost partitions!)
  • Okay, you have been warned, so if you think that you're all set just go on and copy the gold card image to your SD card:

Preparing your SD CARD:
  • Create MSDOS partition table
  • Create first partition of type "b" -> FAT32

$ sudo cfdisk /dev/sdb;

If you haven't got a recent version of cfdisk (>=1.2.4) you will have to create the filesystem by hand:

$ sudo mkfs.vfat -F 32 -n gcard /dev/sdb1;

Okay, now copy the gold card image:

$ sudo dd if=../path/to/your/gc.img of=/dev/sdb bs=512 count=1;

Okay, it's time for some action now :> Download all the files listed below to your current working directory:

Source: wiki.cyanogenmod.com: G2 Downgrade Firmware to 1.34.707.3
Now push the misc_version and psneuter binaries to a temporary working directory on the device. By using the psneuter binary you will gain temporary root access to your device. With the second binary named misc_version you will then set the new firmware version in order to downgrade. Further you will have to reboot the device - simply use the tools given by the SDK -> "adb reboot bootloader".

$ adb push psneuter /data/local/tmp;
$ adb push misc_version /data/local/tmp;
$ adb shell chmod 777 /data/local/tmp/{psneuter,misc_version};
$ adb shell /data/local/tmp/psneuter;
$ adb shell '/data/local/tmp/misc_version -s 1.34.707.3';
$ adb reboot bootloader;

For the downgrade we won't rely on the HBOOT provided firmware 1.82. Instead we will use the ROM UPDATE UTILITY (RUU) via fastboot. For that to work you'll have to download the fastboot binary first and make it executable:

$ wget -c http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/vision_utilities/fastboot;
$ chmod +x fastboot;

Attention: If you encounter any problems with the next step you should head over for the #g2root channel on irc.freenode and remember not to disconnect or turn off your device!

Reboot the device and select "fastboot" from the the menu. The bootloader should now yell "FASTBOOT USB" in red if the device is connected properly - if it does just start the RUU and flash the new firmware image:

$ adb reboot bootloader;
$ ./fastboot oem rebootRUU;
$ ./fastboot flash zip 1.34.707.3_PC10IMG.zip;

[.. zzZZzzZz .. Get yourself some coffee! ..]

$ ./fastboot reboot;


If everything works out fine you should now be seeing a shiny HTC logo during boot. After the device has successfully booted you will have to turn back on USB Debugging. Now you're free to install the Engineering Hboot, Clockwork Recovery. First of all you need to get all of the necessary stuff mentioned below: Source: wiki.cyanogenmod.com: Root, S-OFF, the ClockworkMod Recovery & the Engineering HBoot
Unpack all zip files into the same directory where you have placed the psneuter and busybox binaries. Finally re-create the temporary upload directory and push all necessary binaries to the device:

$ adb shell mkdir /data/local/tmp/;
$ adb push busybox /data/local/tmp/;
$ adb push gfree /data/local/tmp/;
$ adb push hboot-eng.img /data/local/tmp/;
$ adb push psneuter /data/local/tmp/;
$ adb push recovery-clockwork-3.0.2.4-vision.img /data/local/tmp/recovery.img;
$ adb push root_psn /data/local/tmp/;
$ adb shell "/data/local/tmp/psneuter";

Okay, you're almost done, now it's time to flash the HBOOT and Clockwork Recovery images:

$ adb shell;
# cd /data/local/tmp/;
# ./busybox md5sum hboot-eng.img;
# ./gfree -f -b hboot-eng.img -y recovery.img;
# ./busybox md5sum /dev/block/mmcblk0p18;
# exit;

That's it, you're done! Now your phone has HBOOT and Clockwork Recovery installed. The only thing missing is Cyanogenmod which you can install via Clockwork Recovery or alternatively via fastboot. Follow this instructions to install the latest build. It also covers the installation of Google-Apps.

Many thanks to Guhl from #g2root @ irc.freenode for bailing me out ;)

So long...

Jan, aka. tuxaddicted