Posts

Posted on

MS feedback :)

A premiere for me:

That’s pretty cool :) I always asked myself what MS will be doing with all the many error reports I already sent them. Do they just pipe them to /dev/null? Collect them in the marketing department to do some data mining on how much more stable product xy is than product yz? Forward them to Bayer so they can send me a free pack of Aspirin in order to fight the headache these bugs are causing? ;)

Well, after all, MS seems to use these reports to actually *fix* the errors (surprised? ;). Or at least some of them ;) And they inform their customers about new patches if available.. nice reward for sending bug reports! :) Like this, the whole thing makes sense. Instant feedback, that’s what customers want nowadays.

Posted on

Postfix outgoing/outbound SMTP authentication for smtp.hispeed.ch/cablecom.ch

It afforded quite some packet sniffing and debugging to find out the correct settings and encodings.

Here are the settings for postfix outbound/outgoing/upstream SMTP AUTH, smtp.hispeed.ch/cablecom.ch and Gentoo:

To /etc/postfix/main.cf, add:

smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd_outgoing_smtp
smtp_sasl_security_options = noanonymous

For debugging purposes, you might want to temporarily set “smtp_use_tls = no” in order to disable transport layer security encryption. Setting “smtp_sasl_mechanism_filter = plain” is not mandatory but might be helpful if AUTH LOGIN doesn’t seem to work for some reason.

Then create a file /etc/postfix/sasl_passwd_outgoing_smtp (or whatever name you chose) consisting of the following line:

smtp.hispeed.ch login:password

where “login” is your hispeed e-mail address (e.g. name@hispeed.ch) and “password” the password for your e-mail account at hispeed.ch. Don’t even try to use the credentials they sent you by snail mail. These are only valid to setup an initial e-mail account at hispeed.ch.

Now create a postfix-readable hash database of this text file by executing:

# postmap hash:/etc/postfix/sasl_passwd_outgoing_smtp

reload postfix:

# /etc/init.d/postfix reload

That’s it :) You can now check whether SMTP authentication works by sending a test message to a local and to a remote recipient while monitoring /var/log/messages or /var/log/mail.info (‘tail -f /var/log/messages’ etc.). If necessary, you can temporarily increase the log level of postfix by starting postfix with the “-v” option (adjust /etc/init.d/postfix accordingly). For general debugging of SMTP problems, telnet comes handy.

Use perl to encode your login and password as base64:

$ perl -MMIME::Base64 -e ‘print encode_base64(“name\@hispeed.chname\@hispeed.chpassword”);’
bmFtZUBoaXNwZWVkLmNoAG5hbWVAaGlzcGVlZC5jaABwYXNzd29yZA==

You could also use ‘mimencode’ (or ‘mmencode’ etc.) instead, but using perl is recommended as feeding the special characters (“nul”) to mimencode is pretty error-prone. The above, encoded string is suitable for AUTH PLAIN. Note that you need to specify your credentials as “loginloginpassword” and mask any perl special characters like “@”, “$” etc. with backslashes. denotes the ASCII nul character (0x00). For AUTH LOGIN, separate the login and password, i.e. do

$ perl -MMIME::Base64 -e ‘print encode_base64(“name\@hispeed.ch”);’
bmFtZUBoaXNwZWVkLmNo
$ perl -MMIME::Base64 -e ‘print encode_base64(“password”);’
cGFzc3dvcmQ=

If AUTH PLAIN works, your telnet session should look similar to this one:

$ telnet smtp.hispeed.ch 25
Trying 62.2.95.12…
Connected to smtp.hispeed.ch.
Escape character is ‘^]’.
220 smtp.hispeed.ch ESMTP Sendmail 8.12.6/8.12.6/tornado-1.0; Thu, 2 Jun 2005 18:25:33 +0200
EHLO smtp.hispeed.ch
250-smtp.hispeed.ch Hello cut.dclient.hispeed.ch [cut], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 10485760
250-DSN
250-AUTH PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
AUTH PLAIN bmFtZUBoaXNwZWVkLmNoAG5hbWVAaGlzcGVlZC5jaABwYXNzd29yZA==
235 2.0.0 OK Authenticated
QUIT
221 2.0.0 smtp.hispeed.ch closing connection
Connection closed by foreign host.

For AUTH LOGIN, the login and password need to be separated and submitted separately.

Posted on

Gentoo: libsdl gone mad? Nope.

If you’ve emerge sync’ed today and the output of an ’emerge -puD world’ on your CLI-only box looks similar to mine..

o2 media-libs # emerge -pu lib-compat

These are the packages that I would merge, in order:

Calculating dependencies …done!
[ebuild N ] media-libs/audiofile-0.2.6-r1
[ebuild N ] media-sound/alsa-headers-1.0.8
[ebuild N ] media-libs/alsa-lib-1.0.8
[ebuild N ] x11-base/xorg-x11-6.8.2-r1
[ebuild N ] sys-apps/utempter-0.5.5.5-r1
[ebuild N ] x11-terms/xterm-200-r1
[ebuild N ] media-libs/lcms-1.13-r1
[ebuild N ] media-libs/libmng-1.0.4
[ebuild N ] x11-libs/qt-3.3.4-r3
[ebuild N ] kde-base/kde-env-3-r3
[ebuild N ] kde-base/arts-1.3.2-r1
[ebuild N ] media-libs/libsdl-1.2.8-r1
[ebuild N ] sys-libs/lib-compat-1.4

..you might want to adjust your USE flag settings to anticipate the recent soft dependency changes in libsdl. Add “-arts” (KDE sound server, not needed on a headless server) to your USE flags in /etc/make.conf and the output will look like

o2 media-libs # emerge -puD lib-compat

These are the packages that I would merge, in order:

Calculating dependencies …done!
[ebuild N ] media-libs/audiofile-0.2.6-r1
[ebuild N ] media-sound/alsa-headers-1.0.8
[ebuild N ] media-libs/alsa-lib-1.0.8
[ebuild N ] media-libs/libsdl-1.2.8-r1
[ebuild N ] sys-libs/lib-compat-1.4

Much better, isn’t it? ;) Of course, if you don’t like alsa, you can opt it out too.

Posted on

Bug tracking tools

Installed Bugzilla and Trac and a couple of other dev tools to complete the first development and runtime environment infrastructure of our[1] upcoming startup company (which will revolutionize quite some things in the blogosphere, if successful :)

If you take a close look at common OSS dev tools, it’s astonishing how limited most of them are. They usually follow a conservative, traditional “me too” approach to accomplish their tasks – despite of foreseeable drawbacks. I’d like to see more inventive and courageous approaches that lead to unconventional, but finally superior software instead of having a variety of very similar tools which are limited by design. It’s worth to take the time to think deeply about different (and also radically new :) approaches before digging into coding matters.

[1] So far, Ben’s and mine (interested to join? Contact us!)

Posted on

London sightseeing tips?

I’ll be off to London from 05.05.-09.05.2005. Regarding the current London agenda, all I know so far is that there will be UK elections 2005 on 5th of May (perhaps the reason why accommodation in London is so scarce ATM?).

Are there any other {unique, great, funky, unconventional} must-see events (sounds, arts, sports, tech, business,..) in London between 05.-09.? Any hints welcome! :)

Posted on

Swiss Gentoo derivative – Pentoo LiveCD

There’s a new Gentoo derivative:


“Pentoo” is an acronym for “PENetration on genTOO”. It is based on kernel version 2.6.10, uses the Gnome desktop environment, and aims to provide a complete platform for intrusion detection, penetration-testing and security assessment. The content of the LiveCD can be updated, allowing for
up-to-date fingerprint and vulnerability databases, for tools that require regular updates like the Nessus plugins, or scanner fingerprint files, metasploit etc. Users can optionaly store data on USB sticks for non-volatile storage support. Pentoo’s author, Michael Zanetta, emphasizes that “it
has to be considered beta as I have not much time to test it carefully,” so feedback and comments are very welcome, at bugs@pentoo.ch. A roadmap for the project is available, too.

(Source: Gentoo Weekly Newsletter: April 25th, 2005)