Archiv

Software

If you have LUKS partitions on gpt-partitioned drives, you might have noticed that cryptsetup doesn’t handle PARTUUID=[…] entries in /etc/crypttab, even though it does understand the traditional UUID=[…]. There’s an Ubuntu bug for this (since 2010, because that’s how much Ubuntu cares about bug reports), and apparently Arch is patching cryptsetup to make it work.

But it turns out there’s an elegant workround for everyone, as inspired by this Debian mailing list post, where a user has /dev/disk/by-id/[…] entries in their /etc/crypttab. /dev/disk is just the most delightful symlink squaredance! If you don’t know about it yet, just ls -lR /dev/disk and prepare to be amazed 🙂

So, to make cryptsetup correctly parse the gpt partuuid of your drives, just use /dev/disk/by-partuuid/[…] symlinks in /etc/crypttab. Here’s an example of such a setup:

root                     UUID=00000000-[…]-444444444444 none luks
backup0 /dev/disk/by-partuuid/55555555-[…]-999999999999 none luks
backup1 /dev/disk/by-partuuid/aaaaaaaa-[…]-eeeeeeeeeeee none luks

Have fun!

German freemail heavyweights web.de and gmx.net (several millions of users combined) are using deceptive techniques in order to manipulate Firefox and Chrome users into removing AdBlock and its variants. This message is displayed for people with the respective setup:

web_deThe yellow bar is part of the website (it even scrolls with the site). It says:

The security of your computer is compromised by a Firefox Add-On. [Restore Security]

Clicking the fake button or the „Further information“ link takes the user to a shady-looking website charmingly named browsersicherheit.info (browser security dot info).

This site imitates the look of Chrome’s browser settings and uses a seemingly objective and caring tone, explaining how „content manipulating browser add-ons“ pose an enormous security risk. It also contains a surprisingly short list of allegedly „known malicious browser add-ons“:

plugins2Note how AdBlock and several variants of it are shown at the top of this list, described as „filters page contents“. Every user of AdBlock is aware that it filters contents—that’s its purpose. Still, this list is obviously supposed to cause insecurity and fear, especially since the same list contains obscure and dubious sounding add-ons. Many of them are described as „inserting external elements like advertising“. One, ironically, is accused of „creating false security alerts“.

Otherwise, the page purports to be a well-meaning security initiative. Only the legally-mandated and well-hidden Contacts page shows that 1&1 Mail & Media is behind it. The 1&1 DSL and hosting franchise is part of the German United Internet company, which in turn owns web.de and gmx.net. A press release at gmx.net praises it, but gmx.net is not named as part of this „program“ anywhere on the site. However, in the ridiculously short „press comments“ section, gmx.net and web.de appear as two out of three sources (the third being a nasty tabloid’s computer spinoff magazine).

This practice is all the more more malicious, as it has taken years to establish that browsers show meaningful security notifications, and to get everyone’s parents to actually read and follow them.

Apparently, the Mozilla security team is looking at the situation, which I’m very grateful for.

Find a short English summary of this article here:
German freemail sites trick Firefox & Chrome users into removing AdBlock

Diese Meldung zeigen GMX und web.de derzeit Nutzern, die AdBlock installiert haben:

web_deEin Klick auf „Weitere Informationen“ führt auf die enorm unseriös wirkende Seite browsersicherheit.info. Dort wird anhand von Screenshots erklärt, wie Nutzer von Firefox und Chrome auf verschiedenen Betriebssystemen vor allem AdBlock in verschiedenen Varianten deinstallieren können. Insbesondere wird diese „schwarze Liste“ angezeigt:

plugins2Im Impressum der Seite bekennt sich die „1&1 Mail & Media GmbH, Zweigniederlassung Karlsruhe“ zur Autorenschaft. In der Tat gehört 1&1 dem deutschen Konzern United Internet, wie auch web.de und GMX.

Diese ganze Nummer ist eine gezielte Manipulation unbedarfter und vertrauensseliger Internetnutzer, um sie dazu zu bringen, Adblocker zu löschen und ungestört Werbeanzeigen verkaufen zu können.

Erstens: Die Meldung erweckt den Eindruck, vom Browser selbst angezeigt zu werden. Eine gelbe Leiste oberhalb der angezeigten Seite assoziieren Nutzer mit Browser-Benachrichtigungen, zumal beispielsweise auf der Seite von GMX die Farbe gelb völlig fremd wirkt. Insofern täuschen GMX und web.de dem Nutzer eine Browser-Meldung vor, die sie selbst erzeugen. Die Meldung hat außerdem einen objektiv-sachlichen Ton und lässt keinen Hinweis darauf zu, bloß eine Empfehlung – einen Wunsch! – der Seitenbetreiber wiederzugeben. Auch insofern werden Browser-eigene Benachrichtigungen in täuschender Absicht nachgeahmt. Die Seite browsersicherheit.info lässt ebenfalls (außer hinter dem gut versteckten „Impressum“-Link) nicht durchblicken, von United Internet erstellt worden zu sein, sondern zitiert noch scheinheilig GMX und web.de als zwei von drei „Pressestimmen“.

Zweitens: Welche Erweiterungen werden auf’s Korn genommen? Angeblich „seitenmanipulierende“ Addons. Das stimmt, AdBlock manipuliert tatsächlich die Seiten, die mir mein Browser anzeigt, nämlich indem die nervige Werbung ausgeblendet wird. Das ist seine Aufgabe. Klingt natürlich trotzdem erstmal böse. Alibihaft werden dann auch noch ein paar echte Adware-Erweiterungen genannt, darunter so obskure, unbekannte Kandidaten wie „JollyWallet Bar“ und „SuperFish“, sowie – oh, the irony! – „getSavin“, welches „falsche Sicherheitshinweise erzeugt“! So denkt der Nutzer: Aha, diese Plugins blenden also ungefragt Werbung ein, und das eine da manipuliert mich sogar – wie böse! Dann werden die „seitenmanipulierenden Addons“ am Anfang der Liste bestimmt genauso böse sein. Ich deinstalliere besser AdBlock – und zack, wird ihm wieder ungebetene Werbung angezeigt, aber diesmal wieder von web.de und GMX.

Drittens: Wem nützt dieser Zirkus? Ganz klar in erster Linie United Internet, deren Anzeigenverkäufe offenbar schwinden, weil mündige Internetnutzer die Werbung ausblenden lassen. Nützt es auch den Surfern? Nun – dass es Sicherheitsprobleme im Bereich von Browserplugins gibt, stimmt durchaus. Aber warum werden von den tausenden „seitenmanipulierenden Addons“ da draußen (neben ein paar Alibi-Kandidaten) ausgerechnet die bekämpft, die:

  1. in Deutschland weit verbreitet sind,
  2. großes Vertrauen genießen, und
  3. United Internet die Werbeeinahmen madig machen?

Was ist mit anderen verbreiteten, seitenmanipulierenden Addons wie NoScript, Ghostery, DownloadHelper, Firebug usw.? Sind die alle von United Internet einzeln getestet worden und machen irgendetwas richtiger als AdBlock, oder sind sie bloß im Kampf um Werbeanzeigen egal?

Fazit: Diese Aktion „zugunsten der Sicherheit“, für die sich United Internet auch noch selbst feiert, ist ein schlecht getarnter Angriff auf die Mündigkeit von Internetnutzern, sich von Anzeigenwerbung zu befreien. Es wird manipulativ vorgegangen und das Vertrauen von Nutzern missbraucht, die sich auf das verlassen, was ihnen (vermeintlich!) ihr Browser empfiehlt. Das ist insofern besonders perfide, als sich erst in den vergangenen Jahren Nutzer daran gewöhnt haben, einfach formulierte Sicherheitshinweise ihrer Browser zu beachten, die meist auch tatsächlich einen Sicherheitsgewinn bringen.

Und wahrscheinlich wird United Internet mit dieser hinterlistigen Strategie Erfolg haben und der Nutzung von AdBlock (zumindest unter ihren eigenen Besuchern) einen spürbaren Dämpfer verpassen. Wir können uns schonmal auf Anrufe unserer Eltern freuen: „Da kam so ’ne Meldung, mein Browser wäre unsicher!“

Faced with a growing number of mailboxes to fetch messages from, I devised a little script to help me easily manage lots of accounts with getmail. It was inspired by this post from Charles Cazabon, the developer of getmail.

The advantage of this solution is that you need to create, name and manage getmail’s rcfiles for different mailboxes in one place only, without modfying other scripts, crontabs or whatever.

First off, this is the folder structure I created. It may remind you of the old /etc/rc.d/ folder structures that were common for system start scripts before we had upstart and all this modern whoop-de-do:

.getmailsets
├── set-all
│   ├── rc.blog
│   ├── rc.freemail
│   ├── rc.provider
│   ├── rc.uni
│   └── rc.work
├── set-often
│   ├── rc.provider -> ../set-all/rc.provider
│   ├── rc.uni -> ../set-all/rc.uni
│   └── rc.work -> ../set-all/rc.work
├── set-rare
│   ├── rc.freemail -> ../set-all/rc.freemail
│   └── rc.blog -> ../set-all/rc.blog
└── set-important
    ├── rc.uni -> ../set-all/rc.uni
    └── rc.work -> ../set-all/rc.work

.getmail/ -> .getmailsets/set-all/

All the getmail-typical rcfiles live in the .getmailsets/set-all/ folder. Others sets are defined by folders with a corresponding name and contain links to the actual rcfiles in the „all“ set.

And this is the script that puts it to use. I call it checkmail:

#!/bin/bash

RCARGS=""
RCPATH=/home/myself/.getmailsets/set-$1
shift  # deletes argument $1 and shifts the others forward

cd $RCPATH
for F in rc.*; do
  RCARGS="$RCARGS --rcfile $F"  # prepares the --rcfile args for getmail
done

exec getmail $@ --getmaildir $RCPATH $RCARGS  # $@ contains all (remaining)
                                              # arguments to the script.

You use checkmail by calling it with the set name as the first argument, and any arguments you want to pass on to getmail, like in these examples:

$ checkmail all -q
$ checkmail important -v
$ checkmail rare -q -d

And these calls, of course, are what you want to place in your scripts, shortcuts and whatnot. You can then manage the set contents or rename the rcfiles in your .getmailsets without changing any of the scripts. How about, for example, a button on your desktop that runs:

$ ssh mailserver "checkmail important -v"

The script is also ideal, of course, for your crontabs. Here’s an example of my configuration:

*/5  0-3,9-23  * * * checkmail often -q
  0      8-23  * * * checkmail rare -q

As a bonus, I symlinked $HOME/.getmail/ to my .getmailsets/set-all/. This allows me to call getmail for one single mailbox without additional arguments, like in a basic setup:

$ getmail -r rc.work
$ getmail -vr rc.uni

Known problem and solution: There is a problem with this setup when it comes to old mail in your mailboxes. If you always delete all mail on the remote servers, as set by delete = True in your rcfile, this will not affect you and you don’t need to read on. If you don’t, here is the thing:

As you may have noticed, getmail creates files with names like oldmail-[server]-[port]-[username] in the same folder as the rcfiles. They contain a list of mails on the server that getmail has already downloaded. Now, because we have symlinks to the same rcfiles in different folders, there will be different oldmail files in the different folders, which will contradict each other and will lead to mails being downloaded multiple times in certain situations.

To prevent this from happening, always run checkmail all after adding a new rcfile and hardlink (symlinks don’t appear to do the trick) the new oldmail file to all set-folders you also linked the rcfile in. This way, getmail will always use the same oldmail file, no matter what set the rcfile is called from.

In my university’s research group, there’s a traditional weekly seminar known as „Kaffee und Technik“, where people will show each other tricks and methods they learned in the course of their research. Recently having taught myself a working knowledge of simple binary data storage and readout with Python, I compiled a little lecture on the subject.

Hoping that someone out there might also find this useful, I’m posting my slides here:

In case you’re wondering: The editor I am using is wxHexEditor. I found it to be a very good hex editor, with many more capabilities than most others out there. It is actively being developed and works equally well on Windows and Linux. It even compiled without any dependency hassle on an oldish system of mine.

So, if you’re looking for a good hex editor, try wxHexEditor. The project’s homepage is somewhat of a hassle to navigate around, but it’s definitely worth it.

28c3 was my first Chaos Communication Congress, and it was an awesome experience. I loved the atmosphere, dominated by what might be called the hacker way of life. Stuff didn’t start before 11 AM, and few people went to sleep before 4 AM. There was plenty of Mate for everyone, and I slept in a frickin‘ ball pit! I also got to know a bunch of cool people, took my first steps in the sport of lockpicking and made an acquaintance that may prove very fruitful for my university studies. Also, I got to play in both the Pentanews Game Show and Hacker Jeopardy, and I gave a Lightning Talk!

I called the Lightning Talk Life Hacking: Personal Finance Logging for Fun and Profit, and in it I talked about how I have been keeping track of all my private incomes and spendings for five years. Boring as it may sound, this actually produces a lot of useful data over the course of time, and being a physicist, I love to play around with data and statistics. The amazing video crew of 28c3 has uploaded separate videos of all the Lightning Talks to Youtube, and here’s mine (I also have the slides right here):


As for KMyMoney, the software I used: You can visit their project site to download it, but you will probably also find it in most distributions‘ repositories. As @Scheneiderlein42 has reported on Twitter, it will also run on Mac OS X using Macports. As for Windows, there is no sure way, but there seem to be several possible avenues: a) Downright installing KDE on Windows: see this guide, b) using a lightweight Linux for use with Windows running as described here, and then there’s an Australian guy pledging to build a Windows port, and you can sign up for notifivations on his progress here.

If you’ve done interesting stuff with KMyMoney, or your favorite personal finance software, or if you know a way to use them on other platforms than described, or how to use them efficiently and with even more fun, post a comment!

(If you don’t care about my life and just want the technical information, skip to the fourth paragraph. I don’t mind!)

It’s been almost 12 years since Star Trek: Armada came out. It was relased just two weeks after Windows 2000, so naturally it was developed and tested for Windows 98/ME. I was 13 years old at the time and played the game up and down like crazy. Maybe it’s mostly nostalgia, but to me it’s still one of the most fun RTS space games ever. I never liked the sequel, Star Trek: Armada II very much. It came out almost exactly 10 years ago and was based on the same graphics engine, but significantly changed the navigation mechanics of the game, that just felt much too fiddly to me.

Over the last couple of years, I’ve tried time and again to get the game running on my more modern systems. I tried everything from emulators to varying compatibility settings. At one point, I even built a machine from old parts and installed Windows 98 on it – but time and again I failed, the blame lying with graphics drivers and/or DirectX being too old or too new, or just not working together. I even got myself another original release version from England after I had somehow lost the one I’d been using (which I paid for with what happened to be the only cheque I ever sent in the mail for anything).

Now, finally, I got my beloved Star Trek: Armada working on my gaming laptop! Despite the negative effects this might have on my work and social life, I am more than happy 😉 I am writing this post to collect the information I gathered and to help others play the game on their modern machines as well.

(Technical information starts here.)

My gaming laptop is running Windows 7 Service Pack 1 64 bit. Everything described here should work the same on 32 bit. It has 3 GB of memory installed. Although there are some reports of trouble running ST:Armada with more than 2 GB of memory, I am not seeing those problems. For a proposed solution, see here.

The laptop has an NVIDIA GeForce 9500M GS graphics adapter. Many reports (like this one) say that ATI cards are not causing any trouble, whereas NVIDIA cards have lots of problems. This seems to have changed only recently. I can confirm that NVIDIA’s driver software version 180 did not work with ST:Armada, whereas with 281, it works!

When installing the game on Windows 7, no special action is needed. Just run the installer as you normally would. Unless you game version already includes the patch to version 1.2 (like mine does), you must patch the game (you can get the installer here). There is also an unofficial ‘version 1.3’ patch from the Star Trek Armada II: Fleet Operations team developing the eponymous fan-driven mod. You can get the installer here. It promises to fix some bugs on newer systems and introduces additional screen resolutions. I am running this version with great success.

When the game is installed and patched, you need to make some settings. Set the compatibility level for Armada.exe to Windows XP (SP2) (for detailed instructions, see here). Also, the game must be run with Administrator privileges (don’t ask me why).

In-game, I had to enable the “Use alternate font” options for the fonts to look decent. More importantly, you should not try to Ctrl-Tab out of the game, as you will probably not be able to enter the game again, thus losing any unsaved progress.

This is how I got Star Trek: Armada running! The decisive change over the previous years definitely lies in NVIDIA’s new drivers.

Additional option: If new NVIDIA drivers are not an option for you, there is a tool called 3D-Analyze. It can emulate some graphics functions that are missing from many recent drivers, and thus enable older games to run (albeit with slower software emulation of said functions). For a description of how 3D-Analyze can help with ST:Armada, see here. The tool’s official homepage seems to be this one. When I tried it, it didn’t help me run the game, but I managed to at least get it running as intended by a) ensuring write access to the Armada game data directory (which 3d-Analyze writes data to) and b) setting the compatibility for 3D-Analyze to Windows XP (SP2).

Additional resources for help and hints: One of the single most informative forum threads on the topic is this one on techsupportforum.com (which I have linked above a couple of times). It is, however, not very active anymore. But fret not! There is an active community of players working to get ST:Armada back into action on modern systems, and even in online gameplay! Their forums community is called Star Trek Armada 2011. The forum requires registration, but it is worth it. There is even a dedicated subforum for installing and running the game in Windows 7. As a starting point, see this post for installation and configuring instructions (many of which I have already covered above).

Gimmicks: You can find the official manual to ST:Aramda on the game’s page at TrekCore. They also have cheats, strategy guides, historical information and a lot of other neat stuff revolving around the game.

So, with all this information, I hope you are well eqiupped to enjoy Star Trek: Armada like we did more than a decade ago (yeah, you heard me—more than a decade ago! :-))