Simple thoughts #{programming} || #{mountains} Wed, 22 Jun 2016 14:14:00 +0000 en-US hourly 1 Apple devices (MacBook Pro) and 5 GHz WiFi access points (Ubiquiti NanoStation) Thu, 19 May 2016 18:52:20 +0000 x-ian Deploying 5 GHz NanoStations as ‘end-user access points’ always gave some ‘hiccups’ with various Apple MacBooks. Usually they could see the signal, but were never able to connect to it. Finally with these settings they hooked up:

  • Disable airMAX
  • Set Country code to US
  • Channel width 20 MHz
  • Frequency 5785 MHz
  • Wifi security WPA2-AES

I simply assume that not all of these settings are required, but I’m simply too lazy to see which ones are required and which ones are optional.

]]> 0
Migrate Windows (XP) guests from VMware Fusion to Virtual Box Mon, 04 Jan 2016 16:54:51 +0000 x-ian Kind of outdated toolset, but just that I don’t forget it…

I still had some old VMware Fusion 6.0.6 virtual machines laying around on my Mac OS X 10.9.5. As I was recently using more advanced Virtual Box features, I decided to unify all virtual machine instances with Virtual Box. Turned out this is straight forward, if only you know what you do!

  1. First of all delete unneeded snapshots as they couldn’t be migrated anyways.
  2. Then uninstall the VMware Tools (Guest additions).
  3. Get Disk2VHD from Microsoft Technet
  4. Export the VHD image with disabled VHDx from within the VM you want to migrate
  5. Create a new Virtual Box instance, instead of creating a new disk attach the VHD file as harddisk
  6. Enable IO-APIC
  7. Start up the VM and install Virtual Box guest additions

That’s it.

]]> 0
Gboard: Arduino-compatible board with integrated GSM/GPRS Mon, 11 Feb 2013 19:13:09 +0000 x-ian With my recent work (aka pet project) on embedded systems mainly based on Arduino I finally came across an Arduino board with built-in GSM/GPRS connectivity. Getting an Arduino with an GSM/GPRS shield is pretty straight forward, but if the device is meant to be strong and durable, these shields don’t feel good.

Itead’s Gboard does. And it is also pretty cheap; definitely cheaper than e.g. the ordinary Arduino Uno with a GSM/GPRS shield from Seeedstudio.

However. The Gboard is “Arduino-compatible” and as such I was expecting a few hiccups to get it up and running. And as usual a few turns quickly into a lot. So let’s have a look.


Like most communication boards the GSM chips is connected through a serial port. But the Gboard just like the Arduino Uno only has one. And this one is also used for programming purpose. In order to use both programming and GSM connection, make sure jumpers are set to ST-D2 and SR-D3 (‘Software UART to SIM900, Hardware UART to Specific’).

Programming connection

Just like the Arduino Ethernet board (and others) the Gboard doesn’t have its own USB connection. So a ‘FTDI-style basic USB-to-serial board’ is required. But unfortunately the ones from Adafruit or Sparkfun don’t work out of the box. First you need to be careful as the boards from Arduino itself require 5 Volts. But the FTDI connection on the Gboard only takes 3.3 Volts. Don’t mix this up! Additionally the wires aren’t compatible. It seems best to spend the few additional dollars to get the dedicated FOCA board from Itead. But of course this removes the fun of tinkering and I wanted to reuse my existing programming board. Connecting GND, DTR, TX, and RX with dedicated wires does the trick (I had to swap the TX and RX connections). In order to power up the board either a 3.3V connection is required, or simply remove the VCC connection at all and power the Gboard through an external power supply.

External power source

If you need to test the GSM features, make sure you have an external power source connected. Just because the lights go on with a FTDI connection doesn’t make the GSM chip work.

Digital ports

The connections of the Gboard differ quite a bit from the default Arduino layout. In particular the board doesn’t list any digital ports; just connections labeled with A0 to A7. But in the Arduino world the first 6 analog ports can be used as digital ones as well. Address them by starting from digital pin 14 for A0. The interface on the Arduino is called ‘Electronic brick interface’ and it seems to be used in other boards as well. So there are pre-made 3 pin connections with sensors available. But as long as you connect +, -, and Signal in the proper way, most other sensors will work too.

Arduino IDE

I assume other options might work as well, but for me the board ‘Arduino Pro or Pro Mini (5V, 16 MHz) w/ ATmega328′ and Programmer ‘Arduino as ISP’ did the trick. Sometimes an upload to the board fails, but most often a single repeat will be successful.

If it still doesn’t work, consider this trick by pressing the Arduino RST button at the right point in time.

GSM/GPRS features

Finally there is a dedicated lib to ease the use of the GSM chip. I assume sending AT command straight to the soft serial port will work as well, but I haven’t tried it. But even though the lib claims it is compatible with the Arduino 1.x IDE, it didn’t work in my environment. I had to do a couple of tweaks to the lib (but I don’t remember every single step). Steps like removing newsoftserial from lib folder and adding ‘#include ‘ in GSM_Shield.cpp.

Driver hiccups

Sometimes, especially under Windows it seems as if the wrong drivers are taken for the FTDI communication. Check here to see get an idea of the correct ones. Note that installing the correct driver might fail as a wrong one is somehow blocking it. Follow FTDIs uninstall instructions and try re-installing the driver again.

]]> 0
WTF Apple? Wed, 23 Jan 2013 14:45:48 +0000 x-ian So langsam reicht es. Die Apfel-Logo Company scheint wirklich alles falsch zu machen. Wie um alles in der Welt kann man dann immer noch so erfolgreich sein?

Nach ein paar Jahren nun erneut ein herantasten an die Apps Entwicklung. Ein erster Versuch ist schon damals mit einem der ersten iPod Touchs misslungen. Dabei schrie der standardmäßige gähnend leere Startscreen mit nur 4 oder 5 Icons in dem 4×4 Raster geradezu danach, mit eigenen Apps ge-pimpt zu werden. Aber ne, damals wollte Apple nicht mal nen SDK rausbringen. Dann gab es das, aber bloss für MacOS. Seitdem haben sich noch ein MacBook sowie ein iPad 2 Zeit im Haus angesammelt. Und kürzlich bestand sogar die Chance, beruflich einen Protoypen auf iOS zu platzieren.

Also frisch ans Werk. Eigentlich braucht es ja nur Xcode und schon geht’s os. Ach ne, ich vergass. Mein MacOS 10.6 wird nicht mehr unterstützt von der aktuellen Xcode Version. Also müsste ich erstmal MacOS aktualisieren. Keine 3 Jahre alt, schon unbrauchbar: What the fuck?

Aber selbst wenn das erfolgt, dann ist mein iPod schon Elektronik-Schrott. Denn der wird schon lange nicht mehr unterstützt. Dabei fiel mir auf, dass einige 3rd Party Apps Apps, die noch auf dem iPod waren, meinten ein dringendes Update einspielen zu müssen. Ohne das würden diese nicht mehr funktionieren. Doch der App Store meinte nur noch, dass iOS erstmal aktualisiert werden müsse, dies aber leider nicht mehr geht. Also: keine 4 Jahres altes Gerät – nicht mehr zu gebrauchen und auch nicht mehr selbst zu entwicklen. What the fuck.

Kein Wunder, dass die Äpfel-Männer so viel Geld haben. Wenn immer alle willenlos und megageil auf das ‘nächste Ding’ warten. Und dabei bevorzugt um Mitternacht Schlangen bilden und ihr Geld auszugeben. Die ersten ausgemusterten iPhones wurden schon hinterm Busch in Afrika gesichtet. Die Elektronik-Müllhalden von heute werden nix gegen die iPhone- und iPad-Berge der nächsten Jahre. Natürlich hilft es, dass wir die nicht direkt vor *unserer* Haustür sehen und zerlegt sehen müssen. What the fuck!

Scheiße! Wacht auf und hört endlich auf, so geile Geräte zu bauen die nicht immer alle kaufen müssen!

]]> 0
Create static HTML pages from a local WordPress installation Tue, 13 Nov 2012 07:52:25 +0000 x-ian WordPress is convenient when setting up a little web site / blog. You might even think about self-hosting instead of using the services from

Doing so is easy, but also eats up resources on your system and even worse, opens the door of security holes. You need to think about a lot of things like file permissions, database access, web server config, the PHP subsystem. And of course WordPress itself. So you need to update often. Over and over again.

If you are like me, then you don’t. But always feel bad and that you should do something about it.

If you depend on many WordPress plugins, then move on. This isn’t for you. But if not, then why not setting up a local installation and simply fetch the static HTML pages generated by WordPress and deploy them on a brain-dead simple static HTTP server?

Of course with this you remove all the dynamics of your system. I think comments could easily moved to an external service like And as I don’t really like all these fancy widget changing content automatically all over, I see this purification as another advantage.

To jump-start your local installation, the wonders of virtualization came in handy for me. Among others TurnKey Linux provided a recent version of WordPress running on a stripped down Linux. Deploying this to a virtual machine of your choice, migrating your old data from the live WordPress over to the Turnkey installation is all you need.

Afterwards you can work completely locally on your WordPress content and setup. Then simply invoke a script similar to the one below to automatize the update of your production system. And voila, you have a static mirror of your WordPress content for free.

As a nice benefit you already get a local backup of your content in your virtual machine.

# mirrors and uploads a wordpress blog to a static web site
# check for details

# my configs
SSH_LOGIN=<your ssh credentials>

# preparation
cd /tmp
rm -rf wordpress_mirror
mkdir wordpress_mirror
cd wordpress_mirror

# mirror of whole wordpress installation in static html pages
wget --mirror -R xmlrpc.php,trackback http://$LOCAL_WORDPRESS

# replace remaining links with real server
find ./$LOCAL_WORDPRESS -type f -exec sed -i "" "s/`echo $LOCAL_WORDPRESS`/`echo $REMOTE_WORDPRESS`/g" {} \;

# upload static html pages
tar czf ../wordpress_mirror.tgz .
scp ../wordpress_mirror.tgz $SSH_LOGIN:
ssh $SSH_LOGIN "rm -rf; mkdir; cd; tar xzf ../wordpress_mirror.tgz"

# cleanup
rm -rf /tmp/wordpress_mirror*
ssh $SSH_LOGIN "rm wordpress_mirror.tgz"
]]> 0
APZUnet – Probably the biggest public WiFi hotspot in Malawi Tue, 13 Nov 2012 07:48:13 +0000 x-ian For Abwenzi Pa Za Umoyo (APZU), Partners In Health’ sister organization in Malawi, technology is playing its role in delivering health services and improving communities. IT services like access to computers and especially communication gets more important. Even (or especially) in rural places like the south-eastern District of Neno.

As one basic principle everybody gets access to the network – either government, APZU employees and to some extend private people. Of course this has the downside of potentially hurting commercial Internet cafes as many people throughout Neno Boma get Internet access for free. But a (relatively) fast and working Internet has a number of impacts on the work. Medical research, easy communication, and heck, sometimes it simply entertains…

Over the past few years the communication needs were growing rapidly. We have tried multiple approaches for the local network and the Internet connectivity and went through a couple of design generations. Usually just to realize that the reality was outgrowing our solution.

With the current network in Neno we are probably running the biggest public WiFi hotspot in Malawi. With a coverage of a half square mile and up to 120 unique systems utilizing the network on average.

Currently the system combines a couple of freely available software components together with carefully selected, inexpensive commodity hardware and 1.5 local engineers to keep everything up and running. As we have gained quite a bit of experience we feel that the current system will scale-up even beyond our expectations for the next 2 or 3 years. But TIA, you never know what’s coming next.

Putting down all the details is a little bit too much for this post, so I only provide stuff for the buzzword bingo. Get in touch if you want to learn more about it:

  • Traffic accounting
  • User management
  • Local caching (among others esp. for Windows Updates)
  • Segmented network
  • Content filtering
  • Real-time monitoring
  • Bandwidth management

Of course such a system still costs money, but it seems well worth the price if the system is designed carefully. And as most of the components are free and the hardware costs are minimal, it basically comes down to the costs for the sat link (granted still fricking expensive in rural Africa) and your expertise.

]]> 0
How to print a book from a wordpress blog Mon, 12 Nov 2012 10:24:28 +0000 x-ian Even in our digital world you might want to convert your wordpress blog into a paper book. Of course there are services available claiming to do so. But the ones I found didn’t match my specific requirements of

  • Minor content tweaks
  • Custom formatting
  • Inline comments
  • High resolution pictures for offline processing
  • Picture captions and mouse-over labels
  • DIY attitude

So after a lot of trial & error, I found out that I can

  1. export the wordpress content as XML,
  2. create a single page HTML file with all content locally,
  3. automatically tweak some styles,
  4. import the HTML into Word,
  5. re-format as needed,
  6. save as PDF and optionally create an eBook version.

If you want to follow my steps, you need these tools (highly ‚personalized’ and quite a bit developer-driven – it might not be the right process for you).

Export the wordpress content as XML
Easily done through your WordPress Dashboard.

Create a single page HTML file with all content locally
Run the attached Ruby script to convert the WXR file into a single page HTML document. This is where most of the magic happens and also the most fragile part. The script is aligned to the elements I typically on my blogs and it might differ from others. But with a little bit f Ruby knowledge it shouldn’t be too hard to tune this. Basically it takes the XML file, filters for the posted and published stories, tags the various elements with different HTML classes and has some processing around images to include captions and mouse-over titles. It returns the HTML on the console, so best is to invoke it like this: wordpress_to_single_html.rb ‘your wordpress export’ > single_html.html

Now the pictures are still on the wordpress server. Use Firefox to open the HTML and save it again with the option ‘website complete’ to have everything on your system (incl. pictures) for faster offline access.

Finally open the newly saved HTML file in a text editor and search&replace all relative img URLs with absolute paths (e.g. substitute ‘myblog_files/ with file:///c/myblog_files/. This is sadly required for the Word import.

import the HTML into Word & reformat styles
After opening/importing the HTML in Microsoft Word you can modify styles and ‚pimp’ the content as you want. Check for styles beginning with an _ created by the Ruby script to mark different elements of the blog (content, headings, comments, post_date, …). Save as docx for future needs (and always keep the images folder with the docx).

save as PDF and optionally create an eBook version.
Most print on demand services take a PDF, so simply save your document as a PDF. If you want to create an eBook version as well it you enter the ‚format hell’ for eBook content. Calibre seems to understand most formats and can also load the HTML export from Word to e.g. create a version in the epub format. (More general info about ebooks.)

That’s all. Isn’t it simple?

Note about Apple Pages: Using Apple Pages seems the more obivous choice for text processing on a Mac. However the recent Pages versions removed the HTML import. So there wasn’t an easy way to get the wordpress content nicely formatted into Pages. Two workarounds are available: One ist to simply copy&paste content from the safari and the other is to use TextEdit (which still has a HTML import) to create a RTFD (RTF including attachents) and then load it into Apges. Unfortunately all pictures are scaled up tot he full page and this makes it painful if you have plenty of pictures embedded.

Note about Microsoft Word for Mac: It turned out that my mac version had multiple hiccups with a few hundred pages of text and plenty of included pictures. Switching to Windows made it less stressful for me.

Note about Microsoft Word: Seems plain wrong to me that recent versions of Word have problems with images you want to link in. My impression is that if you include a picture via a link to an external file, Word creates an absolute file path reference to this. Of course this makes it impossible to move the document and files around – even on your own local system. And when trying to embed to files right into the docx (which of course can seriously bloat the file size up), at least form e many pictures changed the scaling. Some oft hem were even uglily transformed.

]]> 0
Gmail and IMAP – an odd couple: How gmail plays nicely with IMAP Sat, 03 Nov 2012 13:27:04 +0000 x-ian Lots has been written about it. There is even an official guideline provided by Google. Many different ways to use it, but fact is that the default config is bloody useless. Partially because IMAP only knows hierarchical folders and gmail has labels, partially because IMAP has a few underspecified parts.

Here are my 2 cents of hands-on configuration for IMAP clients like Apple Mail or Microsoft Outlook:

  • If you are on a mobile devices, use ActiveSync/Exchange connectivity. [Reason: increase your lifetime by reducing blood pressure]
  • Modify Labels in gmail via Settings. Deactivate ‘Show in IMAP’ at least for ‘All mail’, maybe also for ‘Starred’, ‘Important’, ‘Chat’ [Reason: Mails can be tagged with multiple labels and therefore show up in every folder derived from the labels. Hence a message tagged with more than one label will be duplicated in these folders.]
  • For custom labels use ‘[Gmail]/ as a prefix [Reason: This way they will show up underneath the Default folder path [Gmail] in your mail client.]
  • Consider deactivating ‘store draft messages on server’ [Reason: depending on your network this can slow down and eat up bandwidth together. Additionally it might happen that mails currently drafted and saved multiple times will show up as deleted mails whenever the auto save on the client happens.
  • Store sent messages on the server, Store junk messages on the server, and Move deleted messages to the Trash mailbox [Reason: keep these folders in sync with your gmail UI or other mail clients.]
  • Store deleted messages on the server and never permanently erase deleted messaged [Reason: Use the trash just like in gmail. But remember that gmail automatically deletes your trash after 30 days. So don't use your trash folder as your hidden archive!]
  • Consider using the IMAP Path prefix of [Gmail] as all the folders/labels are mapped under the folder [Gmail] in IMAP.
  • Tell your mail client which folders are used for Sent messages, Trash, Spam, Drafts. In Apple Mail right click in the corresponding Gmail folders and say: ‘Use this mailbox for …’ [Reason: IMAP knows about folders, but doesn't standardize these special folders (apart from the Inbox). So one client might use 'Deleted messages, while another client might use 'Trash' to store deleted messages. This tells the mail client that it should use the same folder gmail uses.]

And now: Go and test it! Test it multiple times, in and out of every direction you can think of. Only use the setup if you are confident you didn’t mess it up!

If your local mail client shows weird behavior after all these configs, invoke a Rebuild or Reconcile or however it is called from your client to re-sync mails with Gmail.

]]> 0
Freaking Ruby implicit return values interferes with Rails ActiveRecord callbacks Thu, 25 Oct 2012 07:22:52 +0000 x-ian I just need to rant that (again) I run into a problem with unexpected side-effects of the usually neat feature of implicit return values in Ruby. This (although not really obvious) feature always returns the value of the last executed statement in a method as a return value. But this isn’t always as obvious as it sounds. This can cause strange side-effects.

As an example take the Rails callbacks for ActiveRecord. These callbacks like :before_create are typically used to handle data validation. Thus if they return ‘false’, the process to save the record is canceled.

But now instead of validation you want to ensure that certain other attributes are automatically set depending on other attributes; maybe even boolean attributes like in this block:

class Message < ActiveRecord::Base
  belongs_to :probe
  attr_accessible :probe_id, :value1, :value2, :probe_enabled

  before_create :set_probe_enabled
  def set_probe_enabled
    self.probe_enabled = self.probe.enabled?
    true # if only this would have been obvious...

Here we simply want to set the boolean attribute enabled? depending on the value of the enabled attribute of the associated probe. Obviously the probe.enabled? can either return true or false. Unfortunately in case of false the whole statement ‘ self.probe_enabled = self.probe.enabled?’ returns false. And if this is the last statement being executed, the whole method will return false. And a false in such a callback will cancel the creation of the object…

Take-away lesson: Pay attention to implicit return values especially in Rails ActiveRecord callback methods when dealing with boolean values.

]]> 0
Making your EMR work in resource-poor settings Sat, 20 Oct 2012 22:35:25 +0000 x-ian Lots has been written about EMRs. Most of it for the ‘developed world’ and most of it indicates that there are some ‘issues‘ in making it work. Now how can someone think this can possibly work in resource-poor settings? Settings that constantly attract classifications like under-staffed, under-trained, under-paid, under-motivated, under-equipped?

Well, among a few others Partners In Health tries. In my role as the Medical Informatics Manager for APZU in Malawi we took the open source medical record system OpenMRS and were looking for ways to adapt it. Finally we could scale up and keep the system running. Even with the ongoing decentralization of clinical services when we went from 0 to 12 distributed, remote clinics and from 0 to thousands of patient records. At that time we might have had the only working EMR capturing the population of a whole District and being compliant to the guidelines for HIV services defined by the Ministry of Health in Malawi.

First lesson: Go local

If you look for an EMR for high-volume clinics in Malawi, get in touch with Baobab Health. They have the most complete set of tools for the health care sector in Malawi and were a constant source of inspiration.

Second lesson: Go OpenMRS

If you still find gaps and the need for other tools, or you aren’t in Malawi, check out OpenMRS. But be aware and don’t see it as a ready-to-be-used system. Health care systems can be different, so are users and particular workflows. Therefore a one-size-fits-all system might fail. OpenMRS tries to address this by providing a framework for building your own EMR. But a framework doesn’t necessarily address your problems, your workflows, or your user skills off the shelf. Be prepared to adapt it. Just like for the ‘western world’, efficient, easy-to-use, simple, error-avoiding interfaces are the key, they are for resource-constraint environments. Maybe even more so.

Third lesson: Know your users (and your ‘stakeholders’)

To make it short: The current UI of OpenMRS 1.x … sucks. A big part of data entry is … well … data entry. So make this easy and fool-proof. Otherwise you have a perfect example of GIGO.

  • Use common sense: It is sometimes surprisingly uncommon.
  • Start small and stay focused: 10 half-solved problems are nothing compared to 1 solved one.
  • Make data entry error- and fool-proof.
  • Say ‘no’. Double question requirements from ‘stakeholders’ (whoever they might be) as they often have a vision beyond the scope and possibilities of your environment.
  • Simplify the UI: Simple things can already help. Try to bring the number of user interactions close to the number of words you need to describe an action. If you need 25 mouse-clicks for an activity like ‘transfer this patient to another clinic’ in the system, then go back to point #1.

Fourth lesson: KISS

Well known and often referred too. But almost as many times (cluelessly) ignored. Throw away stuff were you (or someone else!) feel that it might be interesting after X years (with X anything greater than 1) to look at Y. Yes, famous question of ‘numbers of goats living in a household’: YAGNI!

Fifth lesson: Setting up a system initially is hard, but keep it running is even harder.

This does not only apply to an EMR, but already to a clinic itself. Often little things can decide about winning or loosing. And in almost all cases it is not about the big upfront design of the form, but how you ensure that is going to be used over time. And if it is not used, then it is useless. Especially in environments where there is so much of ‘nothing’. Don’t waste time and energy. There are too many variations of ‘no plain paper available’, ‘no batteries for weight scale’, ‘no drugs for a certain disease’ to address all of them upfront. If you design it, be part of it the first 6 months. If you can’t or don’t want to, don’t design it!

All of this is based on a couple of years of experience living and working in rural Malawi. It might be totally different for other, yet similar places. But always take it ‘one day at a time’.

]]> 1
Your very own SMS – Internet gateway with Arduino Tue, 09 Oct 2012 18:46:38 +0000 x-ian There are plenty of SMS services on the web to link SMS and the Web together. However especially if you need a local SMS number in an unsupported country like Malawi or simply want to DIY, then this Arduino-based solution might be your right choice. For sure you could also go big-scale with your own full-blown SMS gateway like Kannel. But where is the tinkering fun?

Combining an Arduino Uno, a GSM/GPRS shield like the one from Seeedstudio, and an Ethernet shield is all you need besides a SIM card. Now simply stack everything together and upload this Sketch.

Process incoming SMS
Depending on your requirements you might want to modify the code. E.g. one obvious case would be an SMS-to-Email forwarder, but for the typically free email service like the Arduino lacks resources and power to process their TLS/SSL security. But other ways are possible. The code is already prepared to post an incoming text message right into a Google Spreadsheet with a way described on open-electronics. Or you could notify your own web app with a custom HTTP request. Or simply forward the incoming text message to another mobile number. Or what else can you think of?

As the SoftwareSerial library is used the code also inherits its default buffer size of 64 bytes. Not too much even in the context of SMS. Better patch the Arduino code (argh!) and increase it to something like 128 bytes as I’ve done. Still not the full size of a SMS, but enough for my purpose. Carefully check the documentation – it can save you days!

Process incoming HTTP requests
For the opposite way of sending text messages to mobile phones from the Internet you could use a provider specific solution. E.g. some (many?) providers offer email addresses like Every incoming mail is forwarded to the corresponding text phone as a text message. Just check if you can find information about your specific provider. But in case where your provider doesn’t provide this solution, or you need to find a generic way across different providers, or you want to do it via HTTP requests rather than emails, this Arduino Sketch can also be used.

As the sketch will run a little local HTTP server, you might need to change the current IP ( to fit your needs. Once the system is available in the local network you can use a simple HTTP post to send out a text message, e.g. with curl:

curl --data "number=&message=innovative message"

Of course you should protect the access to it as otherwise you might invite hitchhikers to misuse your airtime.

Feel free to have a look and use this code the way you want.

Note that the code uses the SimpleTimer library so make sure this is installed locally first.

]]> 0
Rooting stock Kindle Fire 6.3 for Dummies Fri, 20 Apr 2012 13:04:55 +0000 x-ian So, it turned out that I eventually couldn’t leave my hands off the Kindle Fire. Of course I can claim that I need this toy to be evaluated for my job. But after buying it with my German credit card I found out that it is heavily locked into the Amazon hemisphere. Too bad that they accept my German credit card to buy the device, but not to get any content or apps from the Amazon App Store. So there is of course the natural motivation to free this from all this stuff. This is f’ed up – you Mofos.

Unfortunately it seems that the rooting exercise is a pretty big mess. During my first night I thought I already totally bricked my Fire. However after tons of ‘research’ (fancy word for reading too many articles which only contain part of the truth) I finally got the real summary. This and a fresh new Windows system finally brought my Fire back to life. And if this doesn’t help, a physical USB Factory cable like this one should almost always do the trick.

Now I can explore the unlocked Android world and it might even be that I eventually really use this as a low-cost, high-quality remote data collection tool for my job. If not, I have at least one more blog post…

]]> 0
pfSense: Self-registration for Captive Portal Tue, 14 Feb 2012 09:20:17 +0000 x-ian Managing your users is good. But the work that comes with creating user accounts upfront is tedious and boring. At one point we got lost in trying to hook up each system manually to our WiFi. So we decided to outsource this to our users so that they have to register their devices by themselves.

Luckily pfSense proves to be extremely flexible, so with a custom portal page and some additional scripts we are able to get the important information we need. We ask the user to provide

  • User
  • Email address (to get in touch with the user) and
  • Accept our Acceptable use policy.

From there the system automatically detects

  • MAC address (for device identification)
  • Initial IP during registration (the subnet from where the users connects tells us roughly from which geographical area the devices is connected to)
  • Date of registration
  • Hostname

Every time a new devices is connected to the network, the system redirects the very first HTTP request to our custom portal page. After entering the required fields and hitting ‘Register’ the system automatically detects MAC address and system hostname and creates a new user in our FreeRADIUS installation. If successful, the user is granted access to the network. If the system connects again, it uses RADIUS MAC authentication to see whther the user is already registered. If yes, then access is permitted. If not, the user is redirected to the portal page again.

(Note: Using solely the MAC address makes the system vulnerable to spoofing attacks. However our users typically don’t have this knowledge. At least not yet.)

During this self-signup, the user is only granted access with restricted traffic limits (we make use of pfSense’ WISPr-Bandwidth-Max-Down and WISPr-Bandwidth-Max-Up capability with low initial values). From there the admins can promote the system to higher traffic caps if found eligible.

The whole configuration/deployment process is a little bit more complex. If someone wants to dive deep into it, make sure to check out our project page.

]]> 0
pfSense: Shows ‘Users last connected’ to Captive Portal Tue, 07 Feb 2012 09:13:49 +0000 x-ian Using pfSense with the built-in FreeRADIUS can give you quite a lot of information; they are just not always visible through the Web UI.

For instance if Radius logging is turned on you can keep track of all Captive Portal sessions by accessing the log files. This is particular useful when the users have the ability to create their own accounts on the fly through a custom portal page based on their MAC addresses. But you might want to clean old and unused accounts once in a while.

In order to spot accounts that have been inactive for some time, you need to know who connected when for the last time. With shell access, simply copy and invoke this script. This compiles a CSV list of all users ever registered with their MAC addresses together with the last time they have been connected through the Captive Portal. Import the CSV into Excel, filter and sort by the last connected column to see which accounts are ready for removal.

The result looks like this:


(Note that part of the above dump has some custom information as it is tight to they way we use pfSense with a self-register capability for new users. But it should be straight forward to customize this.)

It would be simple to do this automatically (e.g. delete every account not connected in the last 3 months), but as I have some VIP users that I don’t want to clear, I just do this once in a while manually. Additionally it could be run as a cronjob every now and then and I guess you could automatically publish it through a web page or mail it to someone. Let me know if you did this, then I can steal it from you ,)

]]> 0
pfSense: Sending emails through gmail Wed, 01 Feb 2012 09:10:16 +0000 x-ian It seems troublesome to send email especially through gmail accounts from *nix systems. Using pfSense as our Captive Portal box running on top of FreeBSD is no exception. So that’s what we did to get pfSense sending us emails through shell scripts.

I’ve tried a couple of things, but eventually sticked to a perl module (including the BSD packages mailx and msmtp), but they all didn’t work in one way or another. I came pretty far, but at the end figured out that TLS/SSL support is not build-in. And compiling the packages on the pfSense box seemed not advisable. After all it is a firewall.

To install it, simply invoke this from the shell:

pkg_add -r p5-Net-SMTP-TLS

In case you have a sligthly outdated pfSense installation like I do and this command fails, you might need to tune the package repository a little bit.


Afterwards use this script as an example on how to send mails through the perl module.

Don’t forget to put your gmail password in a file called send_gmail_config.txt (just the password, nothing else) and well protect it.

]]> 0
Shell perls Sun, 29 Jan 2012 06:50:00 +0000 x-ian As I always forget them, I just put them down right now right here (they were sitting for too long in my Drafts folder). And I might update them as I go.

Replace multiple chars

sed "s/=ABC=//g"

Grep for multiple words

I know, I know. This shouldn’t be here, but I kept on forgetting it…

egrep "FULL|bytes|speedup" snapback.log

Calculate size of directories

du --max-depth=1 -h .

Not sure what I did with this, but it seems pretty important…

NUMBER=$[ ( $RANDOM % 100 )  + 1 ]
cat servers | while read line; do ./ $line done; done
awk -F":" '{ print $1 }' /etc/passwd
cat tt | while read line; do export NUMBER=$[$NUMBER + $line]; echo $NUMBER total size &gt; s1; done;

Replacing newlines

My first thought about replacing newlines in files would have been sed, but it is not. tr is the way to go:

cat file | tr 'n' ','

To not only replace line endings, but also text before or after them, give this a try:

sed -n '1h;2,$H;${g;s/n/,/g;p}' <file>

Simulate system load

dd if=/dev/zero bs=100M | gzip | gzip -d | gzip | gzip -d | gzip | gzip -d > /dev/null &amp;

Howto kill all child processes of a (bash) process

Killing a single process is easy; killing multiple processes also. But only if you know all of the PIDs. If you need to kill a process including all children (sub-processes), try this one:

ps -o pid= --ppid $PID_TO_KILL | xargs kill

(Note that there are a gazillion solutions out there, but they all seem to be a bit over-complicated. Or I’m missing something..)

Check if a process is running

kill -0 pid 2>/dev/null
echo $?
]]> 0
pfSense: Lessons learned Sun, 29 Jan 2012 07:36:23 +0000 x-ian In my current role as the ‘IT guy’ for Partners In Health I’m also managing the whole IT including our networks in Malawi (note: It is only a rumor that ‘IT guy’ translates to everything that has a power plug…). We not only provide Internet access to our employees, but also for the government including the local Ministry of Health. As our project has grown a lot in the last few years, so did the numbers of computers that are connected to the network.

Currently we are have connect 20+ access points and with this roughly ~100 devices are connected to the network every day (designed partially on top of this). And all of them squeeze through our tiny satellite link. We came a long way with adding network management tools and traffic shaping to manage the scarce bandwidth better, but at the end we also depend on the fairness of the users: If someone (or his/her system) is misbehaving, it impacts everyone else. With this it is crucial to know who is using the network and how: Welcome to the world of pfSense.

Throughout the upcoming months some of the important lessons learned and findings are shared here. This will include topics like

With all this I guess we may run one of the biggest (if not _the_ biggest) freely available public hotspot in Malawi. I like my work in the low-resource settings…

]]> 0
Calculate MySQL database size Fri, 08 Jul 2011 16:00:23 +0000 x-ian Not sure anymore where I found this, but this is a nice script to see which MySQL tables take how much space.

# Per Schema Queries
SET @schema = IFNULL(@schema,DATABASE());
# One Line Schema Summary
SELECT table_schema,
 SUM(data_length+index_length)/1024/1024 AS total_mb,
 SUM(data_length)/1024/1024 AS data_mb,
 SUM(index_length)/1024/1024 AS index_mb,
 COUNT(*) AS tables,
 CURDATE() AS today
FROM information_schema.tables
WHERE table_schema=@schema
GROUP BY table_schema;
# Schema Engine/Collation Summary
SELECT table_schema,engine,table_collation,
 COUNT(*) AS tables
FROM information_schema.tables
WHERE table_schema=@schema
GROUP BY table_schema,engine,table_collation;
# Schema Table Usage
SELECT table_schema,table_name,engine,row_format, table_rows, avg_row_length,
 (data_length+index_length)/1024/1024 as total_mb, 
 (data_length)/1024/1024 as data_mb, 
 (index_length)/1024/1024 as index_mb,
 CURDATE() AS today
FROM information_schema.tables 
WHERE table_schema=@schema
# Schema Table BLOB/TEXT Usage
select table_schema,table_name,column_name,data_type 
from information_schema.columns 
where table_schema= @schema
and ( data_type LIKE '%TEXT' OR data_type like '%BLOB');
set @schema = NULL;
]]> 0
WiFi Performance FAQ Mon, 18 Apr 2011 19:25:32 +0000 x-ian I’m by no means an expert in WiFi network planning and installation, but over the past year I have collected some knowledge and best guesses on how things work in terms of performance. Here is an open call for everyone to correct my views and not so obvious elements that impact the speed of your wireless network.

Which 802.x standards are relevant?
- 11a on 5 GHz; almost unused
- 11b on 2.4 GHz; nominal up to 11 Mbit/s, effectively max 600 Kbyte/sec
- 11g on 2.4 GHz; up to 54 Mbit/s, effectively max 3 Mbyte/sec
- 11n on 2.4 GHz and 5 GHz; some devices only follow the draft spec and not the final one (impact?)

Which standards has the best coverage/signal range?
Unclear. In general 5 GHz signals have a reduced signal range due to its higher frequency, but as 11n sends with higher power, the standard claims that the range is extended compared to 11b/11g.

What are sources for Non-WiFi interference?
Technically everything in the license-free 2.4 GHz and 5 GHz frequency bands like Bluetooth, Microwaves, Babyphones, Wireless Video Transmission adapters, Amateur radio, Walkie-Talkies.

Is WiFi using a shared medium?
Yes, kind of similar to a BNC or “hub-ed” ethernet every participant needs to share the same medium. Therefore the more traffic is seen on the medium or the more clients are using it, the more likely are collisions and therefore re-transmissions. Minimizing shared access to this shared medium is one element of improving WiFi network performance. In other words wireless is a shared medium, meaning that all clients and neighboring APs compete for the same limited bandwidth, in addition, each client’s speed varies depending on the protocol it is running (802.11 a/b/g/n) and the signal strength, interference and noise it is experiencing.

Which channels for 11b/11g are available?
In the US 1 – 11; in Europe 1 – 13; in Japan 1 – 14 (14 only for 11b, note that channel 14 is not linear therefore channel 10 and 14 are completely non-overlapping). The availability of different channels will depend on the device and maybe the country setting. So channels 12+ are not guaranteed to be fully functional. However it might be worthwhile to configure backbone links to this unusual channels (even though it might be against local law). This leaves 4 channels (instead of the typical 1, 6, 11), namely 1, 6, 10, and 14 as (almost) non-overlapping channels.

Airtime consumption / utilization
A wireless frame transmitted to or from a client connected at a low data rate may utilize 10 milliseconds of airtime, whereas it may take only 100 microseconds for a client connected at a high data rate. Even though the high speed client could have sent 100 frames in the time the slow client takes to send one frame, the fast client still has to compete fairly for the airtime on a frame by frame basis, so it spends most of its time sitting idly waiting for the slow client to finish so it can have another chance to transmit. Unfortunately this means that a single low speed client can slow down all of the other clients on the WLAN.

What is the impact of client connected with poor signal strength?
As explained with the airtime consumption slow clients consume more airtime to transfer a given amount of data, leaving less airtime for other clients, decreasing network capacity and significantly degrading the performance of all clients on the network.

What is a poor signal and how to detect it?

RSSI: over -50 perfect, below -85 unusable

Noise: from 0 bad over 90 very good to -120 none

SNR: higher is better
25 min requred for full 54mbps link
40 dB Excellent signal strength
25-40 dB Very good signal s
15-25 dB Low signal
10-15 dB Very low signal
5-10 dB No signal strength

For the Voice you need a minimum -25 dB

In OS X option-mouseclick on WiFi icon to see stats of connected network. Open Performance windows of Wireless Diagnostics to track signal strength over time.

What is the Basic Rate?
Depending on client device and signal strength the AP and client are handshaking about the maximum available performance. The farther away a client is from the AP (read the weaker the signal), the lower is the Basic Rate. 802.11g supports rates of 6, 9, 12, 18, 24, 36, 48, 54 in addition to the 802.11b rates of 1, 2, 5.5 and 11Mbps. These can be seen e.g. with inSSIDer. A client can fall back to lowest basic rate to save energy or to increase link stability.

Will one client with a low basic rate slow down other clients?
Depends. If the client is not busy than there shouldn’t be a big impact. But if the far away client is busy transmitting and receiving many connection drops and re-transmissions, the whole shared medium air should be congested. Additionally the latency should be higher, so that errors are detected later. In these cases even closer clients with a high Basic rate should suffer.

What is the maximum number of concurrent connected clients to one AP?
Numbers seem to vary quite a bit. There are some Enterprise-devices which limit the number of connected clients to 10. Consumer APs seem to be more open, but the performance will suffer as all of them are talking on the same channel. Looks like above 20 is unreasonable.

What happens if clients with different 802.11 standards are mixed on one AP?
If 11b clients are connected to a 11b/11g AP point or 11g clients to a 11g/11n AP it will decrease the performance. Statements vary from “just a little bit for everyone” to “bigger performance penalty” due to the compatibility mode that one AP is using for these mixed cases. It seems like if possible the mixed mode should be avoided, e.g. if still legacy 1b clients are present (most likely the case in our environments), than a dedicated AP 11b only could overcome this.

What is the best alignment of external antennas for indoor APs?
Sometimes APs have up to 3 external antennas that can be aligned in different angles. Facing them in all three room axes is best to increase signal strength and to reduce interference. If there are less than 3 (up to none) antennas, then they will be molded inside of the case. Knowing its position might help with mounting or placing such an AP.

Can one Wifi client bring down an AP?
To a good degree: yes. If the client is misbehaving (accidentally though wrong configs or drivers or purposely e.g. by trying to break into encryption) it can flood the shared medium air with packets. This way there will be many collision with other clients and therefore packet losses and re-transmissions. This way one client can monopolize the whole network segment.

What impact has a client-to-client communication?
As every communication goes through the AP, the sending client first needs to send the data, which is then repeated by the AP for the receiving client. Therefore the same message goes over the air twice and leaving only half of the available throughput.

Hiding SSIDs
Hiding SSIDs will not improve security as special WiFi clients (I refer to them as promiscuous WiFi stacks, but I’m not sure whether this is technical true) are still able to sniff transmissions within hidden SSID and extract the SSID from there. But hiding SSIDs might get rid of the beacon announcements at the basic rate. Additionally if this is used for backbone links they don’t indicate the availability of an AP to ordinary users if there is no for them. On the other side a hidden SSID will not be detected by survey tools like inSSIDer and therefore make the channel planning less obvious: If your neighbor doesn’t see your SSID and channel, he might be not aware of a collision.

How to test real-world WiFi speed?
iperf daemon running on a server and iperf client on a wireless client measures the “real-world” IP performance.

Mixing encryption
Some AP offer multiple encryption methods (like WPA2/AES and WPA2/TKIP). Even though it is supposed to work seamlessly there seem to be sometimes performance problems in the wild; especially with 11n networks. So the rule of thumb should be to not allow mixed encryption. As TKIP needs to be seen as almost broken anyways, switching to WPA2/TKIP for at least 11g networks is a good advice.

Which features offer “enterprisey” components?
- Centrally managed through a WiFi controller
- VoIP support through QoS
- Roaming between multiple AP (internal roaming); helpful especially for mobile VoIP phones
- Load Balancing
- Ability to run AP with reduced power. This can be used to place the APs a lot closer together (higher density) while still avoiding radio interference among access points, resulting in more consistent coverage

What is Client Isolation (sometimes called AP isolation)?
When activated an AP is blocking all client-to-client communication in his wireless network segment (is done on layer 2 through MAC addresses). Even though it seems common understanding that this doesn’t have any impact on performance, it might not be the whole truth. Client-to-client communication is always happening with half of the max speed as it always goes through the AP: First the client needs to send out his message, the AP picks it up and re-distributes it in the wireless segment. Thus the same message goes over the air twice. Now for general broadcasts and Windows shares this might happen more often than expected and for this case AP isolation should block and therefore eliminate unnecessary traffic resulting in higher performance. Unsure: Will this help against tools like Firesheep in unprotected networks?

Which tools are available to troubleshoot WiFi problems?
- inSSIDer
- GPS device
- Others: NetStumpler, EarthStumpler, KnsGem, Kismet
- External scanners (necessary if Non-WiFi interference should be detected)

What are Wireless repeaters or Wireless Distribution systems (WDS)?
Although the details vary both technologies can be used to increase the coverage of a WiFi area. In a nutshell they pick up a WiFi signal from another AP and re-distributes it into its area. Usually they operate (they have to?) with the same settings for channel and encryption and could also offer a roaming capability. The drawback is that it reduces the maximum speed significantly as the signal will be re-send as many times as there are repeaters or WDS with the same settings (must be so, but I could only find reference to reduce the speed once by 50%). So they can be used to easily extend the coverage, but need to be carefully chosen to not introduce more bottlenecks.

Are multicasts in WiFi settings different than in wired settings?
From a high point of view, no. But as an AP needs to make sure that every connected client is able to receive the multicast (same for broadcasts?), it will send out multicast packets with the lowest basic rate configured for the AP. And here the airtime consumption is (much) higher (leaving lesser room for other packets) and the available maximum throughput is capped at the basic rate (making HD video broadcasting impossible).

What is a “hidden node”?
Two Wireless clients can be connected from the opposite ends of the coverage area to an AP point. Both see the AP, but are not able to see each other. This is one of the reasons why every traffic always goes through the AP.

What impact has the Beacon interval?
Every AP announces its presence and configurational details in the interval of the beacon. Typically every minute a broadcast is send with the lowest basic rate so that clients can pick up the details. For static backbone link there is no need to constantly announces their details so increasing the interval will reduce the number of broadcast. Unsure if turning out the SSID broadcast also eliminates the beacon at all.

What is the ACK Timeout (Sensitivity Range)?

Keep WiFi signal locally wherever possible
Don’t give client access to wireless backbone links; separate backbone from enduser connections

]]> 4
Do-it-yourself WiFi Catcher Sun, 01 Aug 2010 06:08:19 +0000 x-ian Ever had to track down a client devices in an area covered by many (unmanaged) WiFi Access Points?

If tools like kismet/kismac are not working for you to track computers (e.g. because of unsupported hardware, crashes, bad wifi antenna on your laptop, then just build it yourself.

All you need is a flashable consumer-level wifi access point (like a Linksys WRT54) and flash it with dd-wrt. This can put the router in monitor mode and together with the addon wi-viz you get an overview over all wireless activity.

And in case you want it mobile, simply put a bunch of batteries, e.g. 8 AA batteries with 1.5V each in a row and connect it to the router. Finally connect your laptop with an Ethernet cable, stuff everything in a little bag and walk around. If you know the MAC address of the devices your are looking for (laptop, handheld,…) just see very you have the strongest signal and walk in that direction. And voilà, you are able to geographically localize every WiFi device. Regardless of it’s connection to a specific access point. Welcome wiFi Catcher. Welcome Jack Bauer.

]]> 0
Mehr Höhenmeter gehen nicht Wed, 30 Dec 2009 20:05:24 +0000 x-ian Zumindest nicht für mich. In einem Tag von Meereshöhe auf den El Teide (mit 3718m) zu laufen, ist nicht besonders zur Nachahmung empfohlen. Aber auch irgendwie cool und wahrscheinlich auf lange Zeit mein persönlicher Guinessbuch-Eintrag.

]]> 0
SSH tunnel Quickie Tue, 13 Oct 2009 18:10:06 +0000 x-ian Sometimes I prefer to have a private (read secure and non-observable) web connection – being a developer and admin makes you a bit more paranoid…

So how can you establish a connection that besides from being non-observable may also bypass potential content filters or firewall rules? Of course with a simple SSH tunnel:

ssh -D 8080 -f -C -q -N user@server

Now simply configure your browser to use the SOCKS proxy running on your localhost at port 8080 and off you go.

The drawback is, that you need a Unix server outside to connect to. But who has not such a system somewhere? And even if not by now, maybe just go in the clouds.

And for those unlucky guys running Windows and PuTTY: even you could do that.

Update: It seems like SSH can even be misused to tunnel Remote Desktop connections. This might do the trick:

sudo ssh -D 8180 -p 8999 <SSH user>@<public external IP>  -L<internal IP of target RDP system>:3389

]]> 0
Amerikanisches MacBook mit deutschen Umlauten Sun, 13 Sep 2009 17:29:13 +0000 x-ian

Wie bringe ich einem amerikanischen Mac mit englischer Tastatur unsere heiß-geliebten deutschen Umlaute bei?

Darüber ist schon (zu?) viel geschrieben worden, also darf ich jetzt auch mal ran. Ich erspare mir hier eine ausführliche Auflistung möglicher Gründe, warum man als Kraut ein solches Gerät überhaupt hat (Software-Entwickler, Firmenangestellter, @, Ausnutzung von Währungsvorteilen).

Universell kann die Tastenkombinationen ⌥-u (option-u) gefolgt von dem jeweiligen Umlautbuchstaben benutzt werden, um landes-spezifische Umlaute einzugeben. Ein ⌥-u U erzeugt also ein Ü. Ferner bringt ein ⌥-s das ß hervor.

Mir ist das aber noch zuviel Getippe. Mit Ukulele habe ich mir die Tasten a, o, u, A, O, U in Verbindung mit der option Taste so umbelegt, dass Umlaute ohne Umweg über option-u direkt mittels ⌥-a, -o, -u, -A, -O, -U eingeben werden können.

Und weil so schön einfach ist, kommt das gleich noch auf ⌥-e

]]> 0
Stop a long running shell/bash process after timeout Thu, 10 Sep 2009 13:01:46 +0000 x-ian Sometimes a process should just run for a maximum amount of time. A nightly long network transfer, a backup, or a statistical report shouldn’t accidentally run until next business hours. A watchdog timer which kills a process once a certain time has passed by is needed.
As usual in Shell programming multiple ways are possible, all of them have certain drawbacks. The simplest one would be just to call the long running process in the background and capture its PID. But then it is not that easy to capture the return value of it. Here is my shot with an additional at job:

TIMEOUT=1 # in minutes

# Install at job as watchdog to remove long running process
WATCHDOG_CMDFILE=/tmp/`basename $0`-$MY_PID
echo &amp;quot;# watchdogfile script&amp;quot; &amp;gt; $WATCHDOG_CMDFILE
echo &amp;quot;kill -0 `echo $MY_PID` 2&amp;gt;/dev/null&amp;quot; &amp;gt;&amp;gt; $WATCHDOG_CMDFILE
echo &amp;quot;if [ $? -eq 0 ]; then&amp;quot; &amp;gt;&amp;gt; $WATCHDOG_CMDFILE
echo &amp;quot;  ps -o pid= --ppid `echo $MY_PID` | xargs kill&amp;quot; &amp;gt;&amp;gt; $WATCHDOG_CMDFILE
echo &amp;quot;  echo &amp;quot;long running process aborted because it ran too long&amp;quot;&amp;quot; &amp;gt;&amp;gt; $WATCHDOG_CMDFILE
echo &amp;quot;fi&amp;quot; &amp;gt;&amp;gt; $WATCHDOG_CMDFILE
echo &amp;quot;rm -f `echo $WATCHDOG_CMDFILE`&amp;quot; &amp;gt;&amp;gt; $WATCHDOG_CMDFILE

# Start my very sophisticated long running task
sleep 3600 # 1 hour

# do whatever you normally do after the long running process finishes
echo $RET

(Note that at sends out emails with the stdout/stderr. If you have another notification method to indicate an aborted job, ensure that nothing is printed to std & stderr.)

]]> 0
Summit-Sammlung: Mt. Humphreys Sun, 23 Aug 2009 22:29:22 +0000 x-ian Okok, anspruchsvoll ist er ja nicht, der Mt. Humphreys von den San Francisco Peaks in Arizona. Die 1000-irgendwas Hm lassen sich mit etwas Muehe in knapp 2 Stunden bewaeltigen. Aber dann hat man auf 3850 m einen ganz gewaltigen Rundumblick; Grand Canyon eingeschlossen…

Warmduscher koennten auch ein wenig abkuerzen, indem die lokale Sesselbahn den Weg auf den hoechten Gipfel von Arizona vereinfacht.

]]> 0
Enough birthday stuff Sun, 28 Jun 2009 18:53:20 +0000 x-ian Finally I solved all my struggles with my birthdays calendar at once. I just changed my OS… No more homegrown VBA macros to get what I want from Outlook.

Although I have to admin that even iCal and Addressbook from MacOS are not capable to manage more than 1 birthday per contact out of the box. But Birthday Scanner X comes to the rescue. And it’s free.

If you’re still interested in my Outlook macros and have problems, let me know. I will be mercy…

]]> 0
ERb’in “ActionMailer fixtures” Up Tue, 16 Jun 2009 05:00:30 +0000 x-ian I don’t know if my slightly outdated Rails 2.2.2 is the problem. But unlike in the fixtures for normal unit tests, I can’t use ERb for my ActionMailers templates.

Add this method to your ActionMailer::TestCase to let ERb pre-process your fixtures:

  def read_fixture(action)
    a = super
    template =
]]> 0
Outlook-iPhone birthday synchronisation Sat, 30 May 2009 18:59:46 +0000 x-ian
  • Not satisfied with the way Outlook (2003) handles birthdays and anniversaries?
  • Want to have multiple birthdays just for one contact entry (maybe because you have one contact for a family, but want to track the birthdays of the countless kids)?
  • Do you need to control the reminders for the birthdays?
  • Wish you had the classical Palm solution (Feiertage) for your iPhone or iPod touch?
  • Yippee! Macro time – (again)!


    Add multiple birthdays to the notes of your contact and create proper recurrent events. Basically enter for every birthday you want to track for this contact in a new line with the format GEB Name: 24.12.2000 (Note the European style date format day.month.year and the prefix GEB (german abbreviation for Geburtstag = birthday)). Simply add all of your birthdays or anniversaries to your contacts, run the macro, and of you go. For more details see the linked docu.


    Remove all (automatically) created recurrent events (e.g. for cleanup purpose)

    And if your Outlook asks you for every single modification for allowance, use Advanced Security for Outlook to suppress those questions.

    If you are interested: This is all my knowledge about the way Outlook 2003 handles it’s standard birthday field:

    1. While saving the current contact Outlook automatically creates a new yearly recurrent event for birthdays and anniversaries.
    2. Sometimes this series is created, even if an existing entry is simply modified. E.g. if you change parts of name, then Outlook seems to consider this a new entry and creates a new recurrent event. Of course without removing the old event…
    3. Even just change an existing birthday or anniversary and Outlook doubles the event as the old one is not removed.
    4. You can see the list of all associated events of a contact in the tab activities. (Therefore somehow the calendar entries are linked with the contact.
    5. There is (sometimes?) a dedicated and predefined calendar view for yearly events.
    6. Besides those small caveats the major drawback is that there is no easy and reliable way to have more birthday entries per contact (not taken into account that you could misuse the concept and iterativly overwrite the birthdays and rename the contact to create multiple recurrent events).
    ]]> 2
    No remote root logins (even with SSH) Tue, 19 May 2009 21:51:33 +0000 x-ian OK. Not really “Programming stuff” anymore. But still important:

    Don’t allow remote root logins at all, even with SSH

    Why not? Because:

    • User name of root is known, therefore the account is vulnerable for brute-force attacks
    • Working as root should be an explicit switch and not the default policy. Just like being aware of switching hats.
    • Bad for auditing, if multiple users have root access.

    But now you say: “I don’t care as I use SSH for logins”.

    • Depending on the auth method, password is still transfered over the wire.
    • But using public key auth instead of passwords might be even worse. Still you have to trust all(!) clients that the private key is stored safely. Read:
    • “Good enough” passphrase.
    • There is no way to tell from the public key (which is the only thing known by the server), if the private key has a passphrase at all.
    • Trust the client system (that it is not compromised)
    • Auto lock of the client system must be enabled after a few minutes of inactivity.
    • Sensible use of background daemons like ssh-agent or Pageant(Putty for Windows) on client systems necessary. What if the users start the keyring app, enters his passphrase and never shuts down his system. And now imagine a laptop running out-in-the-wild without any local password protection having an open private key in its memory!

    What to do? Dunno. Maybe:

    • Use “ordinary” user accounts
    • SSH with either public key or passwd auth (depending on your decisions reg the previous points)
    • Enforce sudo (better) or su (less better) to gain temporarily root privileges

    Anything else???

    ]]> 0
    Resume rsync transfer after SSH connection crash Fri, 15 May 2009 00:35:22 +0000 x-ian Are you using SSH for your secure maintenance of your servers? – Sure.

    Do you copy files with SCP between hosts? – Most likely.

    Is there a need to transfer big files over slow and unreliable network connections (*)? – Could be.

    Can SCP resume a download after the connection crashed? – No.

    So why not simply use rsync over SSH for your file transfer. A minor drawback is, that unless you set up a rsync daemon (not appropriate for my case) you have to call rsync manually. Sadly rsync doesn’t offer something like “automatic retry in case of a connection failure”. (**)

    Good for us, because now it’s tool time again; a single bash script does the trick:

    # reliable file transfer
    # try rsync for x times
    while [ $I -le $MAX_RESTARTS ]
      I=$(( $I + 1 ))
      echo $I. start of rsync
      rsync -av --partial --progress -e "ssh" .
      if [ $LAST_EXIT_CODE -eq 0 ]; then
    # check if successful
    if [ $LAST_EXIT_CODE -ne 0 ]; then
      echo rsync failed for $I times. giving up.
      echo rsync successful after $I times.

    Ah, just a sidenote as I always forget the syntax: If you need to remote execute a command via SSH with variables from your local shell, take this:

    CMD="test -e M_BIG_FILE || cp MY_BIG_FILE `hostname -s`-MY_BIG_FILE"
    ssh $CMD

    (*) If you only have an unstable satelitte link, even 150 MB are way too big.
    (**) Make sure that you actually test over the network; using rsync with source and destination files on the same system deactivates the delta-calculation algorithm.

    ]]> 0
    Testing Webapps with multiple browsers Wed, 13 May 2009 21:04:42 +0000 x-ian Developing web applications can be fun and hard almost at the same time.

    But when it comes down to testing, it can be a .

    Sure every developer has his favorite environment and develops against it. But his special browser is just a part of the big picture and there are way to many different browsers and versions out there in the wild. Of course you know them all:

    • Internet Explorer [ 6 | 7 | 8 with Compatibility View | 8 ]
    • FireFox [2 | 3 ]
    • Safari [ 3 | 4 ]
    • Chrome
    • Opera

    And those are only the traditional desktop browsers for MacOS, Win and Linux. (Personally I assume, that one browser behaves almost the same on different OS when it comes to the programming model. But this is not necessarily true for layout issues). Note that this list totally ignores the growing mobile market. I don’t know yet how to deal with them…

    It will get even ridiculous if you could only install one version of a browser at the same time. Yes, IE – most credits go to you! There are some hacks out there to install the Internet Explorer in different versions on one system.

    In the past I’ve simply virtualized my system and got one image for every single browser. Worked, but it always felt like “shooting cannons to sparrows“. There is quite some overhead involved to install and actually fire up the VM image.

    Why not simply virtualize the browser? That’s exactly what Xenocode is doing. Download, run and test. Nice. The seamlessly network integration even make those things like local proxy servers work.

    ]]> 1
    Develop with Firefox Mon, 11 May 2009 02:02:48 +0000 x-ian What is your favorite environment to develop new web applications?

    Currently I think there is no way around good ol’ Firefox. Not because of the browser, but more because of all those addons. It took me some time to find my configuration. Here it is:

    But too bad, I’m too lazy to describe them all. Anyway you have to get comfortable with your own list. What’s on it?

    ]]> 0
    Swap Lastname with Firstname in Outlook Fri, 01 May 2009 20:26:20 +0000 x-ian Even my [ of course way too old, grandpa-style, ugly, quite unsexy, and nothing close to a nerd gadget ] mobile phone Nokia 6230 offers a PC sync. OK. They were supposed to offer this even in the last millennium. But ever since then I was struggling with it. Not even with a real day-to-day sync but just with a one-time copy operation of my contacts from my PC to the phone. Surely, if I only had/have a Mac. But life is never easy and you should always challenge yourself…

    But why on earth is Nokia only offering one entry for a combined name field. In digits: 1, in letters again: ONE. But even more why on earth am at least I not able to put my Outlook contacts in the “Lastname Firstname” order to the phone. The PC Suite seems just to know it better and doesn’t let me. Therefore an alphabetic sort on the phone just shows of all the firstnames first. Crap and I need another solution.

    So as I’m a developer I was refusing to simply look for already working solutions or even spend money. I had to do it the do-it-yourself way (for sure hundreds must have done this before).

    So here is a small Outlook macro which takes all of your entries in the address book and places them in a new outlook address book called NokiaAddressBook. There it simply swaps lastname with firstname and I get my “Lastname Firstname” style. Stupid ugly, but also stupid simple.

    Too bad my Nokia broke recently and now I switched to a Sony Ericsson.

    PS1: This solution was heavily influenced. Thanks!
    PS2: If you do the sync, close the Nokia Phone browser as it seems to block to connection of the PC Suite to your phone.
    PS3: The Nokia Phone Browser supports an import/export of vCards. But (not surprisingly) Outlook does not. Another but: The standard windows address reads vCards. So import vCards first to the Windows addressbook and from there to Outlook…

    ]]> 0
    Network (HTTP) speed simulator Thu, 23 Apr 2009 14:17:08 +0000 x-ian If you’re seriously developing a webapp, sooner than later one of your clients will come with some Internet Explorer 6 related complains. Still in 2009, the year of the IE Death march. So what to do if they say: With IE6 is takes 3x longer to load the page than with _any other browser_?

    But even if it is not the IE6, you still might wonder how your app behaves with different connection speeds. There are some (windows) applications out there, which try to simulate different network connections. There must be others, but I’ve found Netlimiter and Speed Simulator as out-of-the-box solutions. But Netlimiter is not free and Speed Simulator seems to have some problems with certain requests (AJAX, forwards, … who knows).

    When it comes to HTTP-related things, why not using Squid as the de-facto standard for Proxy Servers?

    Installing Squid is not as difficult as it may sound, even under Windows. Just make sure that the Delayed Pools Feature is enabled.

    For your personal development you can leave all of the default configs in the squid.conf, except those:

    1. # allow all requests
      acl all src
      http_access allow all
      icp_access allow all
    1. # delayed pools
      delay_pools 1
      delay_class 1 1
      delay_access 1 allow all
      delay_parameters 1 4000/4000
      # 64000 = 64 kbytes = 512 kbits
      #  8000 =  8 kbytes =  64 kbits
      #  4000 =  4 kbytes =  32 kbits

    To change the connection speed, simply tweak the values for delay_parameters e.g. to 64000/64000.

    And if your are using Firefox as one of your development browsers, simply install the SwitchProxy Addon. This allows you to quickly switch between preconfigured proxy settings on-the-fly.

    [And if you really what to go "pro", set-up multiple instances of Squid with different connection speeds, provide their services under different ports, and create different proxy configs for SwitchProxy. Then you don't even have to modify the squid.conf every time you want to switch the speed.]

    ]]> 0
    Everyone can start a business Tue, 21 Apr 2009 07:24:44 +0000 x-ian Even his brother. So why not me?

    Granted. I’m not the only head behind, it is still in beta, and under construction at best,  but hey:

    You have to start somewhere.

    So if this flies off, then you might find more (personal) posts here.

    Oh, and yes: Just another side built on Ruby on Rails.

    ]]> 0
    Großer Daumen im Schneeschuh-Stil Sun, 19 Apr 2009 19:44:35 +0000 x-ian OK, heute war keiner so blöd, mit Schneeschuhen zu stapfen.

    Alle waren mit Tourenski auf den Großen Daumen unterwegs. Alle?

    Nein! Nicht alle.

    Bloss einer kam auf die Idee, nur mit Schneeschuhen die 2280 m zu erklimmen. Dafür habe ich immerhin “by fair means” die 15 km Anfahrt mit dem Radel und den Schneeschuhen auf dem Rücken zurücklegt.

    ]]> 0
    Kategorie Tourenbuch Sun, 19 Apr 2009 19:43:12 +0000 x-ian Was kommt eigentlich in ein Tourenbuch?

    • Muss eine Tour anstrengend sein?
    • Gefährlich?
    • Möglichst viele Höhenmeter?
    • Als bestimmte Sportart ausgeführt?

    Also, ich weiss ich nicht und das ist wohl auch egal. Ich sammel einfach alles, was mir (vor allem in den Bergen) Spass gemacht hat. Hauptsächlich weil mein Gedächtnis zu lückenhaft ist, um mir dies alles zu merken.

    ]]> 0
    It’s about to start Sat, 18 Apr 2009 19:08:13 +0000 x-ian A new blog for my simple thoughts; regarding my work and (some parts of) my private activities. Let’s see if and how it grows.

    Oh, and yes. Even though this is the very first post, I will add some entries with older dates. Just for me to not forget them. I know that I will fake the history, but hey, who cares?

    ]]> 1
    Immer mal wieder “Großer Feldberg” Tue, 24 Feb 2009 22:10:48 +0000 x-ian Dem Großen Feldberg gebürt als der “Summit” meiner ehemaligen Hausberge hier ein eigener Abschnitt.

    Im Sommer wie im Winter; zu Fuss, mit dem Rad oder auch im Auto ist man oben um runter zu gucken. U.a. auch weil hier wichtige Dinge entschieden und verarbeitet wurden.

    ]]> 0
    Schnell noch aufs Füssener Jöchle Sun, 14 Sep 2008 21:17:08 +0000 x-ian Erster, aber wohl nicht letzter Berglauf (befürchte ich zumindest).

    Es bleibt mir aber die Hoffnung, dass es im Alter besser wird. Denn gemessen an meiner Konkurrenz, die ich vom Start weg eigentlich nur von hinten gesehen habe, hätte ich sonst wohl keine Perspektive. Auf jeden Fall hatte mein direkter Konkurrent nicht nur 52 Sekunden, sondern viel mehr gut 40 Jahre Vorsprung…

    ]]> 0
    Hoher Ifen Sun, 22 Jun 2008 21:19:13 +0000 x-ian Mal wieder eine kombinierte Bergtour: Hoch Wandern auf der einen Seite, Runter Pseudo-Skifahren nur in seinen Bergschuhen auf der anderen Seite.

    Nett war’s am Hohen Ifen. Nur warum muss ich immer auf “Bichln” sein, wenn was wichtiges im Leben passiert?

    ]]> 0
    Happy birthday Sat, 29 Mar 2008 10:18:11 +0000 x-ian Even though I feel at bit embarrassed to point to because of my (current) effords, I’m one of the co-founders. It was finally released as version 1.0!

    jmove eases the understanding and valuation of the design and architecture of complex software written in java. It provides dependency analysis, metrics, design rule checking and impact analysis. Define your desired architecture model and check consistency with the implementation.

    The complete thing (framework, UI) is implemented in Java and therefore has Java programs in it’s focus. If you want to measure and improve the quality of your Java-based software, give it is still worth giving it a try.

    ]]> 0
    Hindelanger Klettersteig, (free tripple) Sun, 17 Jun 2007 21:26:37 +0000 x-ian Schon so oft habe ich auf das Ende vom Klettersteig geguckt, aber erst jetzt war er wirklich komplett dran. Die Strategie war als erster am Einstieg zu sein, nur Handgepäck dabei zu haben und allen anderen Fersengeld zu geben.

    Hat geklappt, aber wenn die Tour nicht als konventioneller Rundweg ausgelegt wird, dann hat gibt’s noch einen elendig langen Abstieg; heftiger Muskelkater zumindest bei einer von uns Dreien inklusive.

    ]]> 0
    Val de Mesdì in den Dolomiten Sat, 03 Mar 2007 22:25:34 +0000 x-ian Mal eine Skitour durchs Mittagstal bei Wolkenstein unternommen; (mal wieder) als kleines Geschenk ausgelegt.

    Der “Grand Canyon” der Dolomiten macht wirklich was her. Erstmal rauf auf den Sellastock, dann Ski geschultert und eine stunde maschiert. Anschließend einen cool-steilen Einstieg ins Tal und dann “cruisen”.


    ]]> 0
    Skitour rund die Jungfrau Sun, 28 May 2006 03:25:35 +0000 x-ian 4-Tages Rundtour vom und zum Jungfraujoch. Mit Abstechern auf das Gross Wannenhorn (3905m) und zum Fiescher-Sattel (3973m). Ohne Worte und nur was für Masochisten.

    ]]> 0
    Zweisam nebenan auf der Spitze Mon, 22 Nov 2004 04:16:58 +0000 x-ian Fast wie die richtigen Bergsteiger. Und auch noch ganz nah dran am Patagonischen Inlandeis. Cool, anstregend, einmalig (?).

    Der Cerro Solo mit Gipfel (~2100m).

    ]]> 0
    Vulcano Villarica Sat, 30 Oct 2004 03:37:06 +0000 x-ian Einmal im Leben wollte ich auf auf so’nem Vulkan stehen. Der Villarica (2847 m) versprach (zu) einfach zu werden, und so musste flugs ein Snowboard mit hochgeschleppt werden. Zu dumm, dass eine so Wind-ausgesetzte Spitze eigentlich kein Boarden erlaubt. Also das Brett brav wieder runter geschleppt.

    Egal. Immerhin mal Schwefel gerochen!

    ]]> 0
    Mi montaña más alta – Huayna Potosi Tue, 19 Oct 2004 19:11:38 +0000 x-ian Mein bisheriger Rekord: der Huayna Potosi.

    Aber keine Sorge, die 6088m ü. NN (oder was auch immer das amtliche Maß in Bolivien ist) waren nur als Trecking-Berg ausgeschrieben…

    ]]> 0