MKTileOverlay with gdal2tiles or other TMS tiles

from iOS 7.0 onward there’s the neat MKTileOverlay::initWithURLTemplate: for tiled overlay maps.

Sadly it can’t display old-school Tile Map Service maps as e.g. produced by gdal2tiles.py1) because the y-values are flipped upside down. The OSM Wiki says about this fact: „This is really just an unfortunate historical misalignment.“

But with the drop-in MKTileOverlay replacement below, you can use flipped geometries and add {-y} in the URL template to indicate such:

Continue Reading »

Flattr this!

App ShaarliOS im Store

brandneu für einen Euro im App Store ist meine ‚Share Extension‘ für iOS 8+ und Shaarli.

Und – das ist ein Experiment – gleichzeitig als GPLv3 Free Software bei github.

Bin gespannt.

Flattr this!

Autolayout: change constraint multiplier

the NSLayoutConstraint multiplier property is read-only. But if you need to change it, you can replace the constraint with a modified clone like

@implementation NSLayoutConstraint(ChangeMultiplier)
// visal form center
-(NSLayoutConstraint *)constraintWithMultiplier:(CGFloat)multiplier
  return [NSLayoutConstraint

and replace it like

  NSLayoutConstraint *c = [self.constraintToChange constraintWithMultiplier:0.75];
  [self.view removeConstraint:self.constraintToChange];
  [self.view addConstraint:self.constraintToChange = c];
  [self.view layoutIfNeeded];

Flattr this!

hardening ssh (debian wheezy)

LogJam requires some action. (Article in german)

Update (open-)ssh to a recent version (6.6)


$ echo "deb wheezy-backports main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-get -u update
$ sudo apt-get install -t wheezy-backports ssh
$ sudo apt-get autoremove

Harden crypto


$ sudo tee -a /etc/ssh/sshd_config <<EOF_SSH_CFG
$ sudo /etc/init.d/ssh restart


Replace host keys, /etc/ssh/sshd_config

Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key


$ cd /etc/ssh
$ sudo rm ssh_host_*key*
$ sudo ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
$ sudo ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
$ sudo /etc/init.d/ssh restart


Flattr this!

redmine & chruby (fetch emails)


# chruby needs bash
# redmine email import with chruby.
# Put this script into <redmine_dir>/script and a set crontab like
#   $ sudo -u www-data crontab -l
#   */15 * * * * <redmine_dir>/script/
cd "$(dirname "$0")/.."
log="log/$(basename "$0" .sh).log"
cat >> "$log" <<EOF
$(date --rfc-3339=seconds) $0
source /usr/local/share/chruby/
source /usr/local/share/chruby/
# in case we use rbx in .ruby-version, we need to explicitly set ruby in
# script/ due to
chruby ruby || { echo "Failed to change ruby." 1>> "$log" && exit 1; }
bundle --version 1>/dev/null || { nice gem install bundle 1>> "$log" 2>> "$log" ; }
bundle check 1>/dev/null 2>/dev/null || { nice bundle install 1>> "$log" 2>> "$log" ; }
nice bundle exec rake redmine:email:receive_imap \
  RAILS_ENV="production" \
  host=<foo> \
  ssl=1 \
  port=993 \
  username=<bar> \
  password=<foobar> \
  unknown_user=accept \
  1>> "$log" \
  2>> "$log"


Flattr this!

USER_AGENT Blocking – sowas gibt’s wirklich!

schon kindisch, oder?

$ curl --head
HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 290
Expires: Mon, 27 Apr 2015 21:01:07 GMT
Date: Mon, 27 Apr 2015 21:01:07 GMT
Connection: keep-alive
Vary: User-Agent
$ curl -A Mozilla --head
HTTP/1.1 200 OK
Server: Apache
res-obj: www
Content-Type: text/html; charset=UTF-8
Date: Mon, 27 Apr 2015 21:01:14 GMT
Content-Length: 132153
Connection: keep-alive
Vary: User-Agent

Flattr this!

#Qualitätsjournalismus und Datenschutz*) denkt sich wohl „was interessiert mich der Datenschutz meiner Besucher“.

an wen verpetzt mich die SZ alles? Natürlich ohne jeden Hinweis im Impressum - ganz zu schweigen davon das VORHER zu tun.

an wen verpetzt mich alles?
Hinweise versteckt weit unten im Impressum – allerdings wird selbst dort geschnüffelt und nicht vorher gefragt.

Danke Requestpolicy und ablopac, so bleiben mir die Schnüffler vom Hals.

*) andere große Verlage sind ähnlich, das ist im #Qualitätsjournalismus leider üblich.

Flattr this!

lua & timezones by name

A bit hard to puzzle due to scarce documentation.

#!/usr/bin/env lua
local luatz = require 'luatz' --
local tz_name = 'Europe/Berlin'
local ts_loc = luatz.time({year=2014, month=12, day=31, hour=23, min=59})
-- %z isn't supported yet:
local function tz_off_iso8601(tz_offset_seconds)
  local separator = '' -- 8601 %z compliant
  -- separator = ':' -- 8601 W3C compliant
  local tz_offset_minutes = tz_offset_seconds / 60
  local sign = string.byte('+')
  if tz_offset_minutes < 0 then sign = string.byte('-') end
  return string.format('%c%02d%s%02d', sign, tz_offset_minutes / 60, separator, tz_offset_minutes % 60)
local tzi = assert(luatz.get_tz( tz_name ), 'No such timezone: \''..tz_name..'\'')
local ts_utc = tzi:utctime ( ts_loc )
local t_loc = luatz.timetable.new_from_timestamp( ts_loc )
local t_utc = luatz.timetable.new_from_timestamp( ts_utc )
print( t_loc:strftime('%F %T'), tz_off_iso8601(tzi:find_current( ts_utc ).gmtoff), tz_name )
print( t_utc:strftime('%F %T'), tz_off_iso8601(0), 'UTC' )

Flattr this!

Why PHP is utterly broken

tl;dr: neither does DATE_RFC1123 produce a rfc1123-date, nor does DATE_RFC850rfc850-date. What sense does that make?

This example may look scrupulous but seems typical.

Mind the mandatory word ‚GMT‚ at the end of rfc1123-date. While DATE_RFC1123 renders something ending with +0000. Which is the same timezone but not the same string.

So DATE_RFC1123 is useless for HTTP headers (RFC2616). I wonder what else it should be there for.

While this isn’t an issue of PHP (the language) itself, it’s IMO typical for the actual PHP code existing. It does work somehow, despite the fact that it’s totally agnostic of the basics it claims to be based upon. So it may fail any given, unforeseeable, moment, when any of the implicitly assumed side-conditions change.

P.S.: The newer RFC7231 (HTTP-Date) and e.g. RFC 7232, Last-Modified don’t change a thing.

P.P.S.: I don’t do PHP, I just came across when patching a bit.

Update: Another nice one.

Flattr this!

Validate GPX

xmllint --noout --schema <gpx file or url>

Flattr this!