Much of the content in this blog is pretty old (10y+) and likely outdated, either because the world has moved on or because I would approach things differently today. I’m still keeping the articles around because why not… Maybe someone will find something useful in here.
Blog
Vulnerability in IBM's Kitura - Update ASAP
The short version: If you’re running the Swift web framework Kitura, update to the latest version as soon as possible. The fixed versions are 2.3.2 and, from older branches, 2.2.3, 2.1.5, 2.0.4 and 1.7.11. They were released on May 21 and May 22. If you run an older version, anybody can read all files that the server process can access, over the network and without authentication. This can leak credentials, the machine code of your server, and everything else that might be found on your production servers.
Blog
Skype for Linux doesn't ring: How to fix it
I noticed this weird behavior in Skype on Linux: When I was on a call, the audio worked fine. But when someone was calling me, I only got the small notification window but no ringing sound.
I couldn’t figure this out for a long time, but now I found a solution: Open the system-wide sound settings and unmute alerts/notification sounds. Now, you should get a ringing tone whenever somebody calls you.
Blog
Globally handling uncaught exceptions and signals in C++
If you have a sementation fault in your C++ program, the program crashes and this is printed to standard error:
Segmentation fault (core dumped) It tells you that a core dump has been created if your system was configured to do so. You can use it to further debug the crash, but when you have a quick look at the error message, you learn near to nothing about the cause of the crash.
Blog
Call me names
While looking through old projects on my computer, I found a small one called “Call me names”. It’s about remembering the names of people. You only need a text editor and a browser to get going.
Try it out: Demo
Get the source code
Blog
Refresh your SSD
SSDs need some maintenance from time to time to perform well on the long run. After some use, an SSD gets slower and slower if it isn’t told which parts of it are still in use and which hold only garbage. This is due to the internal workings of the disk that I won’t go into here. If you’re interested in the gory details, please head on to Wikipedia: TRIM.
Blog
Blue Screen with STOP 0x0000007F: What does it mean?
I recently got a blue screen on a Windows XP machine with the following error code:
STOP 0x0000007F (0x0000000D 0x00000000 0x00000000 0x00000000) I wanted to find out what went wrong. This is what Microsoft has to say on the issue:
This error message can occur if either of the following conditions exists:
Your computer has hardware or software problems (hardware failure is the most common cause). You try to over clock the speed of your computer’s processor (for example, you set a 150 MhZ processor to run at 187 MhZ).
Blog
Django: Prevent email notification on SuspiciousOperation
Django 1.4.4 introduced the ALLOWED_HOSTS setting as implemented in django/http/__init__.py:
A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent an attacker from poisoning caches and password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe webserver configurations.
If the host header holds an unknown host and DEBUG is set to False, a SuspiciousOperation exception is raised.
Blog
Building the Botan library for Android
Botan is a C++ crypto library with a wide range of supported cryptographic algorithms. In this article, I’ll walk you through building Botan for Android, so that it can be used in applications that are built with the Android NDK.
Preparations In the following, I use Ubuntu 12.04 LTS (x86_64) with Eclipse as my development platform. If you use another operating system, the commands may differ.
First, we pull in the Java Development Kit (here: OpenJDK 6), some essential build tools and Python which is needed for the configure script:
Blog
Backup-Erinnerung für Windows
Vor einiger Zeit habe ich ja bereits über eine einfache Backuplösung für Windows mit RdiffBackup (jetzt HardlinkBackup) geschrieben. Diese funktioniert für mehrere Rechner meiner Familie ganz hervorragend. Das verbleibende Problem war jedoch, dass der Benutzer regelmäßig daran erinnert werden sollte, ein Backup anzufertigen. Unter Linux habe ich dafür schon länger eine Lösung: eine Erinnerung nach dem Login mit direkter Möglichkeit, ein Backup zu starten. Ein Artikel dazu, der meinen leicht angestaubten Artikel zu Backup unter Linux aktualisiert, folgt demnächst.
Blog
Reporting plagiarism to publishers of Computer Science papers
So you have found that someone plagiarized your research paper and you don’t know who to contact to report your findings? Here are pointers for some of the relevant publishers of Computer Science literature:
IEEE: FAQ and email address ACM: Plagiarism policy and email address Springer: Contact form Elsevier: I could only find out that authors should contact the editors of the publication. If you have anything to add, feel free to add a comment or drop me a message.
Blog
Clarification concerning the ICQ 7 security issue
Since ICQ seems to spread inaccurate information about the security issue in ICQ7’s update process, I think I need to clarify:
It is not necessary to successfully attack the users machine or his ISP’s network first to use my exploit.
Long version:
Imagine a public hotspot at your favorite café. You have ICQ 7 installed on the laptop that you carry with you to get some work done. You start up your machine and connect to the wireless network.
Blog
Update on the ICQ 7 update issue
(This is a follow-up to my original posting on a security issue in ICQ 7)
This is what I sent to Bugtraq today after testing the new ICQ 7.4:
UPDATE:
This week, ICQ 7.4 (build 4561) was released. Even though the original version of my exploit does not work anymore, the vulnerability was not resolved: ICQ only changed the product ID that is included in the path to the update file.