Alle Beiträge von Christian Hawkins

Lemaker: You’re really being in bad style copying my article

So recently I was checking other search engines for how my posts rank. While doing so, I found a competing article to my guide INSTALL DEBIAN WHEEZY ON YOUR BANANA PI so I decided to click on it.

I am not going to link on the page to boost it even further in search engines‘ rankings.

Lemaker copied my article in full, adding a link in the very bottom as source, however, I never authorized Lemaker to do so. In my opinion, a complete copy/paste of a blogpost of this length, as flattering as it is, is a violation of my copyright – which even exist for free publications.

This might just be another expression of how chinese care about the rest of the world. They bluntly copy everything they can get a hold of and claim it as their own. Lemaker, show some decency. If you need a guide like that on your website, pay me for it and I’ll be glad to sell the rights to you. But stealing. Really?

Update: Lemaker apologized in the same forum thread, stating that they just wanted to share the information. That being an honest intention, they still failed doing it the proper way (Ask first, correct citing, etc). Anyways, they also deleted the pasted article and just left the link to my original article in place, so no hard feelings here.

@Lemaker: If you want some nice guides for your hardware, talk to me! I am sure we can work something out.

Asus RT-N16 with built in backdoor?

I was trying to fix a bug (I gave up now) on my Asus RT-N16. I was trying to use Dual WAN to configure a failback 3G connection with an USB stick. Whenever I disconnected my main WAN modem from it’s uplink, it would take the configured amount of time to switch over to 3G.

However, after a short amount of time, it will terminate the 3G connection with the error „received signal 15, good-bye“. To find out what’s happening, I activated telnet and connected to the box. I ran watch -n 1 ps so I’d see which processes are spawn and so on. I didn’t believe what I saw. Something (wget) was downloading from

http://dlcdnet.asus.com/pub/ASUS/LiveUpdate/Release/Wireless/wlan_update_v2.zip

which is actually a textfile (not a zip as the filename indicates) with currently this content:

RT-AC87U#FW3004100#EXT5834-gbfeb361#URL#UT4208
RT-AC68U#FW3004374#EXT5656-g8d0a991#URL#UT4208
RT-AC66U#FW3004374#EXT5517-g302e4dc#URL#UT4208
RT-AC56U#FW3004374#EXT5656-g8d0a991#URL#UT4208
RT-AC55U#FW3004100#EXT0-g5f5c8d8#URL#UT4208
RT-AC53U#FW3004100#EXT0-g0f3bacc#URL#UT4208
RT-AC52U#FW3004100#EXT0-g0f3bacc#URL#UT4208
RT-N66U#FW3004374#EXT5517-g302e4dc#URL#UT4208
RT-N65U#FW3004374#EXT1317-g17e5f52#URL#UT4208
RT-N56U#FW3004374#EXT5656-g8d0a991#URL#UT4208
RT-N53#FW3004374#EXT311-g6d4f56e#URL#UT4208
RT-N18U#FW3004374#EXT4983-g18ff1de#URL#UT4208
RT-N16#FW3004374#EXT5517-g302e4dc#URL#UT4208
RT-N15U#FW3004374#EXT168-g50fb114#URL#UT4208
RT-N14U#FW3004374#EXT1667-g0005ce2#URL#UT4208
RT-N14UHP#FW3004374#EXT1631-gf2dd1d9#URL#UT4208
RT-N10PV2#FW3004100#EXT168-g50fb114#URL#UT4208
DSL-AC68U#FW3004374#EXT4923-gc53f521#URL#UT4208
DSL-N55U#FW3004374#EXT4422-gc83c78f#URL#UT4208
DSL-N55U-B#FW3004374#EXT4422-gc83c78f#URL#UT4208
WL-330NUL#FW3-0-0-36#EXT0-c7fcd5b9b#URL#UT1-0-3-8
DSL-N66U#FW1073#EXT#URL#UT4208
DSL-N55U-C1#FW1073#EXT#URL#UT4208
DSL-N16U#FW1073#EXT#URL#UT4208
DSL-N14U#FW1073#EXT#URL#UT4208
DSL-N12E-C1#FW1073#EXT#URL#UT4208
DSL-N12U-C1#FW1073#EXT#URL#UT4208
DSL-N10-C1#FW1073#EXT#URL#UT4208
AiCam#FW1_0_1_12_88#EXT#URL#UT

Harmless as it seems these are instructions where to look for further updates for the device. However, an attacker or an evil employee (not to say the agency with those three letters A, N and S) could most easily inject malware to own your network box.

What the hell is going on here? Why is Asus updating software on *my* Hardware without asking me first? This is a huge breach of trust and this is just one more reason to build my own router. After all, this is just a tiny linux running on poor hardware. If you ask me, get some ARM and install linux on it, i.e. the CompuLab Utilite Pro.

Boy, am I pissed!

Edit: Yes, the file is pulled via http. not https. http. H fucking T T P without the S

Google-nest.org might be gone soon

According to this tweet made by Jean Peters, google-nest.org might be no more soon

As it seems, Google is playing nice with it’s offer of „up to 100 USD“ in compensation for web registration and transfer. As this site is clearly using Google branding, they can be happy that Google didn’t sue their buttockses.

If by now this site is already offline, there is a screenshot for the archives: here. Enjoy.

What is Google Nest about? Is it real?

So just today I saw a massive use of the #googlenest hashtag on Twitter – and I almost fell for it. Luckily there is distinct evidence to see, that this is most likely not from Google. Here is my analysis:

What is it about?

Google Nest is apparently the attempt to get your most personal data – be it your feelings, a livestream of your property or your afterlife. As an incentive to use all of Google’s products, they are also offering an insurance, which will adjust the insured sum according to amount of services you use. It will be payed out whenever data misuse happens. (Side note: If that is still benificial to you after you got arrested for some weird claims by some weird government agency to shut you up is a question to be answered)

Screenshot of google-nest.org
Screenshot of google-nest.org

Read more at http://google-nest.org.

Satire or real?

What is Google Nest about? Is it real? weiterlesen

Woman finds her phone more interesting than her surroungings

Whenever I am in Amsterdam, I am amazed at how many bikes you see. It is virtually impossible to look anywhere without seeing a bicycle. In this particular shot, I like how the bike looks like it belongs to her, but something on her phone is more interesting, so she took a rest.

I am not so pleased with the light reflection in her face, but I left it, as a reminder to not fail like that again – and also I suck at photoshop.

Amsterdam - woman plays with her Phone    © 2013  Christian Bock
Amsterdam – woman plays with her Phone    © 2013  Christian Bock
Exif Info

Woman finds her phone more interesting than her surroungings weiterlesen

Oktoberfest subway scene

I’m not a man of vivid words, so I make this one quick. Oktoberfest is happening every year in the last two weeks of September. People get drunk on beer with more than average alcohol in it and the only subway station directly connected to the Theresienwiese becomes so overcrowded, it needs crowd control. In this particular photo you can see a scene later the evening close to 11pm (closing time of the beer halls). I talked to the woman afterwards, this guy was trying to get her number while her duty was, to get the doors clear for the driver to close them.

Oktoberfest subway scene    © 2011  Christian Bock
Oktoberfest subway scene    © 2011  Christian Bock
EXIF Info:

Oktoberfest subway scene weiterlesen

Mit tar über ssh Dateien schneller kopieren als per scp

Wer viele kleine Dateien von einem Server zum anderen kopieren muss, der kann z.B. scp benutzen. Das ist allerdings langsam, da für jede Datei die Netzwerklatenz hinzukommt, da zusätzlich zum Datenstream noch eine Anweisung „Hier kommt Datei xy“ geschickt werden muss.

Um das ganze zu optimieren, schicken wir einen Datenstream, welcher bereits mehrere Dateien versteht, hierzu bietet sich tar an. Tar wurde übrigens geschrieben, um viele Dateien auf Bandlaufwerke zu speichern, und in gewisser Weise übertragen wir jetzt auf diese Weise ähnlich, wie man damals auf Band aufnahm. In einem Schub:

Ohne Komprimierung (für hohe Bandbreiten)

tar -cf - /quelle | ssh user@example tar -xvf - -C /ziel/

Mit bzip2-Komprimierung (für langsamere Verbindungen)

tar -cjf - /quelle | ssh user@example tar -xjvf - -C /ziel/

Diese Methode hat außerdem den Vorteil, dass tar auch Symlinks kopiert und die Dateiberechtigungen beibehalten kann. Falls die Dateiberechtigungen beibehalten werden sollen, muss noch der Parameter Mit tar über ssh Dateien schneller kopieren als per scp weiterlesen

Strings mit zufälligem Inhalt in PHP erzeugen (z.B. für Passwörter)

Mit diesem Codebeispiel lassen sich zufällige Buchstaben und Zahlenkolonnen in beliebiger Länge erzeugen. Hierzu einfach im Funktionsaufruf generateRandomString(6) die gewünschte Länge des Strings angeben.

In den ersten 4 Zeilen werden die möglichen Zeichen vorgegeben, hier könnt ihr nach belieben das Array bearbeiten. Wer nur Kleinbuchstaben möchte, entfernt einfach die Zeile mit der Range für die Großbuchstaben. In der Zeile von array_push() werden zusätzliche Zeichen hinzugefügt, die nicht per range() abbildbar sind.

<?php
function generateRandomString($length) {
 
  foreach(range('a', 'z') as $char) { $index[] = $char; }
  foreach(range('A', 'Z') as $char) { $index[] = $char; }
  foreach(range('0', '9') as $char) { $index[] = $char; }
  array_push($index, '-', '_', '~');
 
  while ($position < $length) {
    $randomString .= $index[mt_rand(0,count($index)-1)];
    $position++;
  }
  return $randomString;
}
 
echo generateRandomString(6);
?>

Vielleicht hätte ich auch suchen können, aber ich dachte mir, ich schreibe das schnell selber. Über Verbesserungsvorschläge würde ich mich freuen.

Wie implementiert man die P3P-Header zur Verwendung von Cross-Site-Cookies

Warum sollte ich sicherstellen, dass P3P für die Verwendung von Cross-Site-Cookies implementiert ist?
Die Antwort kurz und knapp: Weil sonst das Session-Management nicht funktionieren könnte.

Wieso ist das so?
Wenn Sie auf Ihrer Seite Elemente von Drittanbietern einbinden (Iframe, JavaScript, Werbemittel), dann kann es unter bestimmten Browserkonfigurationen dazu kommen, dass die externen Elemente keine Cookies setzen dürfen. Ohne Cookies ist auch kein Fenster-/Tabübergreifendes Sessionmanagement möglich. Die Betroffenen Browser sind Internet Explorer 6, 7 und 8 in der Standardkonfiguration (Privatsphäreneinstellung auf „Mittel“).
Wie implementiert man die P3P-Header zur Verwendung von Cross-Site-Cookies weiterlesen