lighttpd + letsencrypt.sh

via letsencrypt.sh

Three cases,

  • a ’normal‘ www domain: www.filmfestapp.com
  • a ’normal‘ subdomain where the naked domain is part of shared webspace: drop.mro.name
  • a proxy subdomain for a rails application (redmine): developer.mro.name

Continue Reading »

Flattr this!

Bedienungsanleitung Telephon „Telekom Actron B“

Bedienungsanleitung Telekom Actron B

90° gedreht von Quelle: odendahl.gmxhome.de

Flattr this!

MKTileOverlay with gdal2tiles or other TMS tiles

from iOS 7.0 onward there’s the neat MKTileOverlay::initWithURLTemplate: for tiled overlay maps.

Sadly it can’t display old-school Tile Map Service maps as e.g. produced by gdal2tiles.py1) because the y-values are flipped upside down. The OSM Wiki says about this fact: „This is really just an unfortunate historical misalignment.“

But with the drop-in MKTileOverlay replacement below, you can use flipped geometries and add {-y} in the URL template to indicate such:

Continue Reading »

Flattr this!

App ShaarliOS im Store

brandneu für einen Euro im App Store ist meine ‚Share Extension‘ für iOS 8+ und Shaarli.

Und – das ist ein Experiment – gleichzeitig als GPLv3 Free Software bei github.

Bin gespannt.

Flattr this!

Autolayout: change constraint multiplier

the NSLayoutConstraint multiplier property is read-only. But if you need to change it, you can replace the constraint with a modified clone like

@implementation NSLayoutConstraint(ChangeMultiplier)
// visal form center http://stackoverflow.com/a/13148012/349514
-(NSLayoutConstraint *)constraintWithMultiplier:(CGFloat)multiplier
{
  return [NSLayoutConstraint
    constraintWithItem:self.firstItem
    attribute:self.firstAttribute
    relatedBy:self.relation
    toItem:self.secondItem
    attribute:self.secondAttribute
    multiplier:multiplier
    constant:self.constant];
}
@end

and replace it like

  NSLayoutConstraint *c = [self.constraintToChange constraintWithMultiplier:0.75];
  [self.view removeConstraint:self.constraintToChange];
  [self.view addConstraint:self.constraintToChange = c];
  [self.view layoutIfNeeded];

Flattr this!

hardening ssh (debian wheezy)

LogJam requires some action. (Article in german)

Update (open-)ssh to a recent version (6.6)

 

$ echo "deb http://ftp.de.debian.org/debian wheezy-backports main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-get -u update
$ sudo apt-get install -t wheezy-backports ssh
$ sudo apt-get autoremove

Harden crypto

 

$ sudo tee -a /etc/ssh/sshd_config <<EOF_SSH_CFG
 
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
 
EOF_SSH_CFG
$ sudo /etc/init.d/ssh restart

Keys

Replace host keys, /etc/ssh/sshd_config

Protocol 2
# https://stribika.github.io/2015/01/04/secure-secure-shell.html#server-authentication
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

and

$ cd /etc/ssh
$ sudo rm ssh_host_*key*
$ sudo ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
$ sudo ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
$ sudo /etc/init.d/ssh restart

Resources

Flattr this!

redmine & chruby (fetch emails)

 

#!/bin/bash
# chruby needs bash
#
#
# redmine email import with chruby.
#
#
# Put this script into <redmine_dir>/script and a set crontab like
#   $ sudo -u www-data crontab -l
#   */15 * * * * <redmine_dir>/script/fetch-email.sh
#
cd "$(dirname "$0")/.."
 
log="log/$(basename "$0" .sh).log"
cat >> "$log" <<EOF
 
$(date --rfc-3339=seconds) $0
EOF
 
# https://github.com/postmodern/chruby
source /usr/local/share/chruby/chruby.sh
source /usr/local/share/chruby/auto.sh
 
# in case we use rbx in .ruby-version, we need to explicitly set ruby in
# script/fetch-email.sh due to
# https://github.com/rubinius/rubinius/issues/2916
chruby ruby || { echo "Failed to change ruby." 1>> "$log" && exit 1; }
 
bundle --version 1>/dev/null || { nice gem install bundle 1>> "$log" 2>> "$log" ; }
bundle check 1>/dev/null 2>/dev/null || { nice bundle install 1>> "$log" 2>> "$log" ; }
 
# http://www.redmine.org/projects/redmine/wiki/RedmineReceivingEmails
nice bundle exec rake redmine:email:receive_imap \
  RAILS_ENV="production" \
  host=<foo> \
  ssl=1 \
  port=993 \
  username=<bar> \
  password=<foobar> \
  unknown_user=accept \
  1>> "$log" \
  2>> "$log"

 

Flattr this!

USER_AGENT Blocking – sowas gibt’s wirklich!

schon kindisch, oder?

$ curl --head http://www.wetteronline.de/wetter/traunstein
HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 290
Expires: Mon, 27 Apr 2015 21:01:07 GMT
Date: Mon, 27 Apr 2015 21:01:07 GMT
Connection: keep-alive
Vary: User-Agent
 
$ curl -A Mozilla --head http://www.wetteronline.de/wetter/traunstein
HTTP/1.1 200 OK
Server: Apache
res-obj: www
Content-Type: text/html; charset=UTF-8
Date: Mon, 27 Apr 2015 21:01:14 GMT
Content-Length: 132153
Connection: keep-alive
Vary: User-Agent

Flattr this!

#Qualitätsjournalismus und Datenschutz

sz.de*) denkt sich wohl „was interessiert mich der Datenschutz meiner Besucher“.

an wen verpetzt mich die SZ alles? Natürlich ohne jeden Hinweis im Impressum - ganz zu schweigen davon das VORHER zu tun.

an wen verpetzt mich sz.de alles?
Hinweise versteckt weit unten im Impressum – allerdings wird selbst dort geschnüffelt und nicht vorher gefragt.

Danke Requestpolicy und ablopac, so bleiben mir die Schnüffler vom Hals.

*) andere große Verlage sind ähnlich, das ist im #Qualitätsjournalismus leider üblich.

Flattr this!

lua & timezones by name

A bit hard to puzzle due to scarce documentation.

#!/usr/bin/env lua
local luatz = require 'luatz' -- https://github.com/daurnimator/luatz/
 
local tz_name = 'Europe/Berlin'
local ts_loc = luatz.time({year=2014, month=12, day=31, hour=23, min=59})
 
-- %z isn't supported yet: https://github.com/daurnimator/luatz/blob/523b2e0f1ece77c569f6db4c040886ed3124512e/luatz/strftime.lua#L178
local function tz_off_iso8601(tz_offset_seconds)
  local separator = '' -- 8601 %z compliant
  -- separator = ':' -- 8601 W3C compliant http://www.w3.org/TR/xmlschema-2/#dateTime-timezones
  local tz_offset_minutes = tz_offset_seconds / 60
  local sign = string.byte('+')
  if tz_offset_minutes < 0 then sign = string.byte('-') end
  return string.format('%c%02d%s%02d', sign, tz_offset_minutes / 60, separator, tz_offset_minutes % 60)
end
 
local tzi = assert(luatz.get_tz( tz_name ), 'No such timezone: \''..tz_name..'\'')
local ts_utc = tzi:utctime ( ts_loc )
local t_loc = luatz.timetable.new_from_timestamp( ts_loc )
local t_utc = luatz.timetable.new_from_timestamp( ts_utc )
 
print( t_loc:strftime('%F %T'), tz_off_iso8601(tzi:find_current( ts_utc ).gmtoff), tz_name )
print( t_utc:strftime('%F %T'), tz_off_iso8601(0), 'UTC' )

Flattr this!