Too Far Afield

Good morning … from Hamburg. I’m feeling a bit like the protagonist of this Cluseo song at the moment. Anyway, if you’re awaiting email from me, you will probably receive my answer before Christmas. Just give me some time to struggle through the pile of mail. In not so related news, Hamburg is looking for a new data protection officer. When I first heard of this, I thought it would be a good idea, if M. applied for this position. I wish someone like him will be appointed. The geek shall inherit the earth. As current senator of justice, Till Steffen will conduct the interviews. If we’re all lucky, eventually, Hamburg will get a real, independent data protection officer, like the one in Schleswig-Holstein. You think that the independent doesn’t really make a difference? Probably not, but I’ve listened to both the former Hamburg officer and the independent Kiel officer talking about privacy and data protection. And it made a difference ;). If nothing else, it has a symbolic value at least.

It seems that German whistle-blowers recently discovered Wikileaks. While you have to take into account a confidential part of the Schäfer Bericht, most documents published by Wikileaks didn’t have a direct relation to Germany so far. But last week they published a document that is said to contain network blocks used by the German intelligence service Bundesnachrichtendienst and as of this morning there are a number of internal reports on failures in the nuclear power plant Krümmel. The Krümmel nuclear power plant is located at the Elbe river, just south-east of Hamburg, so this is especially interesting to me. I even sailed past a bank of fog caused by hot Krümmel cooling water a few years ago.

The website of the Obama Biden Transition Project is now live. Significantly, the domain name is change.gov. And while there is not much up there for now, you can already apply for a non-career job in the new administration and, perhaps more interesting, share your vision of a new America.

Citing the MySQL documentation (emphasis added):

Stage 4: Very difficult repair

You should reach this stage only if the .frm description file has also crashed. That should never happen, because the description file is not changed after the table is created:

And why do they document it in the first place? Because, sometimes, it does happen. Doh!

On Tuesday I wanted to establish a VPN connection into the university network, but it didn’t work. A quick search on Launchpad revealed, that this was a bug in a recent upgrade to NetworkManager. The downstream maintainer said, one could either use the NetworkManager packages from the personal package archive of the downstream NetworkManager team or upgrade to Intrepid. I wanted to upgrade to Intrepid anyway, so why not now?
I backed up my home directory on an external hard disk and downloaded the Ubuntu alternative installer (64 bit version). Unfortunately, the first CD I had burned was corrupted. The second one was fine. Installation went ok. It didn’t find my network card, because of the e1000e issue, but as this was fixed in a recent Ubuntu kernel, I opted for a network-less installation.
Ater installation I downloaded the kernel packages for the recent 2.6.27.7 kernel, which has a fix for the e1000e issue, and transferred the files to my notebook via the external hard disk (Note to myself: Get a USB stick!). It was a bit strange to download packages for the architecture amd64 (as you can see from the e1000e thing, I’m on an Intel stack). Installation of the new kernel was successful and lsmod revealed, that the e1000e module was loaded.
Unfortunately, there still was no internet access. After some debugging, I found out that ping worked to all sites, but connections in Firefox or lynx only worked for the local network. Any attempt to connect to the outside net would just time out. By searching on Launchpad for ping works I found bug 11721. It turns out to be a slight incompatibility between the TCP/IP stack of my veteran Netgear router and that of the 2.6.27 kernel. Luckily, there is already a patch and there also is an easy workaround. Open a terminal and type in the following (you need root access to the machine):

1. sudo su -
2. echo 0 > /proc/sys/net/ipv4/tcp_sack
3. exit

It’s really sack, not stack as you might think.

Update: After further investigation upstream, there is now a better workaround for this issue. Please refer to the detailed description of the workaround at the Mandriva community wiki.

All that’s left to do for me now is transferring the rest of my home directory and installing some additional software packages.

I’m working on a larger project this weekend. The deadline is on Monday and I’m mostly ready, but there are some rough edges that need to be sorted out. Tonight was productive, things came along nicely. I was happy. Until 30 minutes past midnight. At 0:30 the window decorations of my text editor disappeared. The window was maximized and I could not resize or move the window. After two hours of messing around with Compiz settings and shortcuts, I finally found the solution: The editor was set to full screen mode. Pressing F11 solved this issue. My productivity is gone by now, of course, and I’m behind schedule again. Next time something like this happens I’ll switch to vim immediately. And: Yes, I know. This wouldn’t have happened with Emacs…

In the spirit of restaur.antville:

Food: Lo Zodiaco

Pizzeria and Restaurant near Yen Place. Best for you, if you want to enjoy original Italian pizza. You can also eat a number of other things from the large menu. Everything comes in great quantities. If you want to go there on a Friday or Saturday, book in advance.

Lo Zodiaco, Via Sassari 59, 09124 Cagliari, Tel. +39-70-670333, $$

Suppose you use PHP’s fsockopen method in your code. For example you want to send POST requests to a remote server. Chances are you’ve got something like this:

1. $socket = @fsockopen('ssl://xmlapi.example.org' , 9090 , $errno , $errstr , 30);

There is nothing wrong with this code, but if your web server listens to multiple IP addresses, you might not be happy with the default IP used for the outgoing connection to the remote server. In this case you might want to specify the IP address, that is used by PHP to send the request.

Alright, the title of the post is a bit misleading. Actually, you can’t bind sockets opened with fsockopen to a specific IP address. But you can use the methods stream_context_create and stream_socket_client to open a socket that can be used equal to a socket opened by fsockopen. You can use the ressource handle $socket returned by stream_socket_client like a source handle returned by fsockopen. The drawback is, that these methods are only available since PHP version 5. But as PHP version 4 is no longer supported by the PHP team, you should switch anyway, if you haven’t already.

The following code tests, if the methods in question are supported by your PHP installation. If so, they bind the socket to the IP address 192.0.2.1. :0 means, that we do not care about the outgoing port number used by the socket. You could specify a specific port here, too.

1. if (function_exists('stream_context_create') && function_exists('stream_socket_client')) {
2. $socket_options = array('socket' => array('bindto' => '192.0.2.1:0'));
3. $socket_context = stream_context_create($socket_options);
4. $socket = stream_socket_client('ssl://xmlapi.example.org:9090', $errno,
5. $errstr, 30, STREAM_CLIENT_CONNECT, $socket_context);
6. } else {
7. $socket = @fsockopen( "ssl://xmlapi.example.org" , 9090 , $errno , $errstr , 30 );
8. }

The only requirement is, that your web server is configured to listen to the IP you want to bind the socket to. If you specify a specific port number, the port number must not be used by another service. It must be a port above 1024 also. Unless your web server runs as root, which would be a big security problem.

(My) cabinets are like the deep sea. You don’t really know what’s in there and you’ll find something interesting once in a while. I just found another 5 DM bank note in one of them. To be honest, I didn’t remember that a bank note with a 5 DM denomination ever existed. I just remember 5 DM coins. On one side is Bettina von Arnim, on the other side is the Brandenburg gate.

I also found a 1 Pfennig coin and three 1 Escudo coins.

I guess I need to visit the building with the elevator usability issues once more.

Apple often does the right thing^tm. Many things Apple does are copied by other companies later. There are good copies and bad copies. But not everything Apple does is good. And sometimes the wrong thing^tm is copied also. Take the recent software update issue as an example. My mother just came to me and said: I installed $randomSecurityUpdate and now I’ve got the Yahoo tool bar on my computer. Can you please remove it? Sure. I can remove it. But this is still bad, as it discourages my mother from installing important security updates on her computer in the future. Adobe is one of those bad players, too. If you download Acrobat Reader, you also install a number of other applications, if you’re not careful. Bad. I wonder why Apple and Yahoo and all the other vendors, who are doing this, compare apples and oranges here. What makes you think I might possibly want a Yahoo tool bar in my Firefox browser, just because I install a security update for another totally unrelated application?

On the 20th of July 1944, at 12:10 hours, the German army officer Claus von Stauffenberg, placed a briefcase with a bomb under the table of a conference room in East Prussia around which Hitler and more than 20 officers had gathered. At 12:20 hours, Stauffenberg left the room. At 12:40 hours, the bomb exploded. While other officers and a stonographer died soon after, Hitler survived.

Yesterday evening I listened to an interesting broadcast on the topic by Deutschlandradio Kultur. You can download the manuscript of the broadcast at Fromm und das realpolitische Kalkül beim Attentat auf Hitler – Hintergründe des 20. Juli 1944.

A friend regularly sends me emails with the subject heutiges shooting (in English: today’s shooting). They always contain links to his photo site. The first time I got one of those mails I thought of something like Littleton or Erfurt.

Security? We don’t need it. We do not place our wireless routers near windows or exterior walls. Doh!

Der Beklagte hätte daher Sicherheitsvorkehrungen treffen müssen, wie die Sicherung des Routers durch ein individualisiertes Passwort, den Einsatz der besonderen Verschlüsselungsmethode WPA 2 und den Verzicht einer Aufstellung des Routers am Fenster oder Außenwänden.

OLG Frankfurt a. M., Az. 11 U 52/07 (emphasis added)

If you are so productive, your coffee will be cold when you remember to take a sip, you are too productive ;). Or simply too late… *sigh*

European Football Championships. Now playing: Croatia – Germany. I’m sitting in a coffee shop at Hamburg university. Suddenly, one of the waitresses screams from the back of the coffee shop. What happened? Well, Croatia just made a goal. Strange world… Back to work now.

The 2007 Microsoft Office system already provides support for 20 different document formats within Microsoft Office Word, Office Excel and Office PowerPoint. With the release of Microsoft Office 2007 Service Pack 2 (SP2) scheduled for the first half of 2009, the list will grow to include support for XML Paper Specification (XPS), Portable Document Format (PDF) 1.5, PDF/A and Open Document Format (ODF) v1.1.

When using SP2, customers will be able to open, edit and save documents using ODF and save documents into the XPS and PDF fixed formats from directly within the application without having to install any other code. It will also allow customers to set ODF as the default file format for Office 2007. To also provide ODF support for users of earlier versions of Microsoft Office (Office XP and Office 2003), Microsoft will continue to collaborate with the open source community in the ongoing development of the Open XML-ODF translator project on SourceForge.net.

Quoted from a Microsoft press release titled Microsoft Expands List of Formats Supported in Microsoft Office (emphasis added)

Enjoying water melon and instant coffee after a looooong telephone call and almost 2 hours of work. What an experience…

In the spirit of restaur.antville:

Food: Riki

Nice Japanese Restaurant near Grand Central station. Japanese menu. Japanese waitresses, Japanese cooks, mostly Japanese guests. Enjoy original Japanese specialities like Sushi and other things. Excellent place. Best visited with Japanese-speaking people, who can translate the menu for you.

Riki, E 45th St. and Lexington Ave., $$

Drinks: VON

Little bar in East Village/SoHo. Low priced cocktails and whine. Jever draft beer. Very crowded. Nice atmosphere.

VON, #3 Bleecker St. and Bowery, $

Facilities: Peer 17

Public canvas chairs on the 2nd level featuring a nice view at Brooklyn Bridge, Brooklyn and the harbour. Come here to relax after a visit to Brooklyn Bridge and enjoy the nice weather.

Peer 17, near Brooklyn Bdge. and Fulton Market at the South Street Seaport, Fulton St. and Franklin D. Roosevelt Dr.

Drinks: local

Club/bar next to Madison Square Garden featuring a roof-deck with gas heaters and a nice view at the garden. Best enjoyed at the end of an event in the garden and in a t-shirt (because the heat lamps are so hot).

local, W 33rd St. and 8th Ave., $$

Drinks: Irish Pub

Irish pub across the street from the above bar featuring a wide range of national and international (and of course Irish) draft beer. Life high definition tv from the garden and other sport events across NY and North America. Also a good restaurant, if you are hungry.

Irish Pub, W 33rd and 8th Ave., $$

Someone is sending spam about Perfectly crafted Pieces under the identity of one of my many email addresses. Unfortunately, there seem to be a lot of mail servers out there, that do not check SPF records and simply send error messages about unknown mailboxes and the like back to my address. Got at least 40 of those in the last three hours. Many of those even saying that the message was not accepted because it is spam. Doh!

Just found this via Google:

NOTE: duplicity does not allow you to run a backup (full or otherwise) on the same command line as a –remove-older-than. Your –remove directive will need to be run from a separate duplicity command.

Unfortunately, this is not documented on the man page of duplicity. At least I did not find it there. On the other hand, this seems to be the answer to the question, why the hard disks of some of my servers got out of space so often. This is now fixed on all servers (that are already using duplicity for backup; The majority still uses some ugly shell scripts with a lot of gpg and rsync hacks). We actually kept several full and a number of incremental backups from the last 6 months for the duplicity servers. This seems to be a bit overkill, I guess. And more importantly: It does not scale very well. Back to 2 months now… What shall we do with all the free disk space now?