Archiv für den Autor: solsocog.de

Seit etwa 15 Jahren nutze ich Headsets neben meinem 5.1 Boxenset.

Grob geschätzt 20 Headsets habe ich seitdem genutzt/umgetauscht/zerbrochen.

Eines meiner ersten Headsets die ich mir gekauft habe war das Wavemaster HPX-2000M (schön mit batteriebetriebenem Bassverstärker/Ohrvibrator).

Ich war drauf und dran das zum dritten mal zu kaufen, aber das ist mir dann doch schon zu altbacken.

Nunja, es folgten einige Headsets, bis ich beim Creative Draco hängen blieb.

Das Headset hab ich etwa 1 1/2 Jahre genutzt, warum ich es dann mit einem anderen Headset ersetzt hatte, weiß ich nicht mehr genau, vermutlich mal daraufgesetzt oder so.

Nun, heute habe ich zum zweiten mal das Creative Draco gekauft.

Hatte jetzt seit… gut einem halben Jahr das Roccat Kave 5.1 im Einsatz.

Das Headset wiegt gefühlte 5kg und hat die unpraktischste Kopfpolsterung die ich kenne.
Nach etwa einer Stunde Tragedauer ist die Polsterung nämlich so eingedrückt, das schön das Plastik, welches die Kopfpolsterungspads hält, die Kopfhaut massiert, äußerst angenehm.
Würde mich nicht wundern, wenn ich jetzt einen vernarbten Oberkopf habe.
Dachte mir, so masochistisch bin ich nicht veranlagt, das ich mir das noch länger antue.
Aber nichts gegen die Ohrpolster, die waren ganz gut.

Nun zum Creative Draco,
Oben ein dickes Stück Schaumstoff zum polstern, so wie es Sinn ergibt, die Ohrpolster sind ebenfalls angenehm und die Ohrmuscheln sind eng am Ohr anliegend.
Ich habe, anders als beim Roccat Kave aber nicht das Gefühl, das ich unter dem Headset ans schwitzen komme.
Aber jetzt der Knüller. Ob ihr es glaubt oder nicht. Es hört sich UM EINIGES besser an, räumlich (ist vermutlich der guten Creative Soundblaster Z Soundkarte zu verdanken) als auch in der Qualität der Tonausgabe, verglichen mit den 5 Mini-Boxen im Kave.

Also merkt euch:
2 40mm Neodymmagnete sind besser als 5 Standardmagnete in einem Kopfhörer.
Gut 50€ billiger und doch besser, es kommt eben nicht immer auf den Preis an.

After checking who @hiawatha_ws is following on twitter, because I often get to know new things by doing so, I saw Hisser, which looks like its made from Hugo Leisink aswell.
Being the experimental person I am, I wanted to give it a try.

I tested it for several hours, I like the simplicity and security of the chat solution equally.

Download is found here and the Installation is as easy as possible.

For Hiawatha users:
UrlToolkit {
ToolkitID = banshee
RequestURI isfile Return
Match ^/(css|files|images|js)($|/) Return
Match ^/(favicon.ico|robots.txt)$ Return
Match .*\?(.*) Rewrite /index.php?$1
Match .* Rewrite /index.php
}
and add
UseToolkit = banshee
to the VirtualHost running the Hisser server.
Lead the WebsiteRoot to the public folder inside the Hisser server.

Change settings inside hisser/settings/website.conf ,
set DEBUG_MODE to no when everything works (or just now, because it will work), don’t forget that.
and set the following to your needs, the script will create it all and install the database for you, so don’t create it yourself.
# Database settings
#
DB_HOSTNAME = localhost
DB_DATABASE = yourdb
DB_USERNAME = youruser
DB_PASSWORD = yourpw

I installed the database and logged into profile,
well I at least tried. It kept telling me wrong password, but I’ve seen admin:banshee as default combination.
Didn’t work for some reason, so I went into phpMyAdmin, into the hisser db, and into the users table.
There, I’ve set username, full name and mail address and used the lost password function to gain control over the admin account.

After doing that, you can use the server.
Unfortunately, there is no comfortable way to use it, YET.
There is a Hisser command line client (PHP), and from the look of the page, android and iphone apps are planned.
Want to use the cli php version?
Use this chain of commands, make sure to edit it to the directory where you want it:
apt-get install php5-sqlite -y && wget http://hisser.eu/files/hisser-php-0.2.tar.gz && tar xvfz hisser-php-0.2.tar.gz && mv hisser /whereever-you-want-it/hisser && cd /wherever-you-want-it/hisser && ./initdb
The initdb scripts asks for the following:
- Hostname of Hisser server:
- Your full name:
- Your username at server:
- Your password:
If everything is correct, this appears:
Generating RSA key pair.
Generating device identifier.
Registering device identifier.

You can now use the ./hisser file for further options, which are
Usage: ./hisser
Commands: contacts: Show contact list.
delete : Delete message from database.
fetch: Fetch messages from inbox.
inbox: Show overview of messages in inbox.
index: Show index of messages in database.
invite : Invite other user.
myhash: show my hash for validation.
read : Read message.
send : Send message to other user.
uninvite : Remove user.
validate : Validate user in contact list.

I’m loving it, trying to get the status of being the first recognized german hisser server at 5zs.de. Just need some way to allow public registration ;).

Can’t wait for a smartphone app, that would surely skyrocket the popularity.

When it’s true, and it’s well crypted so noone knows whats in the message, where it comes from nor where it goes to, it’s much more appreciated than apps like WhatsApp in my eyes.




From my Hiawatha article series

Hiawatha is using PolarSSL for SSL/TLS implemention known commonly as https, which is forced to be used here by setting:
RequireSSL = yes
inside the VirtualHost section.
I think it activates Strict Transport Security (HSTS) with max-age of 31536000 aswell.
Another really cool feature by Hiawatha is the
RandomHeader = 1000
option, which has to be put into the VirtualHost section.
In the above case, it adds between 1 and 1000 Bytes of Header Response.
This helps prevent attackers from guessing what file was requested based on the response length.

Hiawatha is the first webserver I know of, that implements such genious technique.

HTTPS Header when RandomHeader activated:
curl -I https://solsocog.de
HTTP/1.1 200 OK
Date: Sun, 29 Jun 2014 07:20:11 GMT
Server: Hiawatha v9.6
Connection: keep-alive
X-Random: iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked

as you see it adds X-Random, it is indeed random, here are some other X-Random headers
X-Random: 77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777
X-Random: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
X-Random: 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
X-Random: PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
X-Random: 444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444
X-Random: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
X-Random: jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
So every https transfer size differs, even if the page is the same. I like it a lot.

The webserver also uses TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(with Forward Secrecy of course) by default!
1024Bit is the default Diffie-Hellman Keysize, it can be increased up to 4096 by setting
DHsize = 4096
into the servers main configuration.

Lets compare the ciphers of PolarSSL to the more often used SSL Library,
OpenSSL 1.0.1h

Ciphers
AES, Blowfish, Camellia, SEED, CAST-128, DES, IDEA, RC2, RC4, RC5, Triple DES, GOST 28147-89[7]
Cryptographic hash functions
MD5, MD4, MD2, SHA-1, SHA-2, RIPEMD-160, MDC-2, GOST R 34.11-94[7]
Public-key cryptography
RSA, DSA, Diffie–Hellman key exchange, Elliptic curve, GOST R 34.10-2001[7]

(Perfect forward secrecy is supported using elliptic curve Diffie–Hellman since version 1.0.[8])

PolarSSL 1.3.7

Ciphers
AES, Camellia, DES, RC4, RC5, Triple DES, XTEA, Blowfish
Cryptographic hash functions
MD5, MD2, MD4, SHA-1, SHA-2
Public-key cryptography
RSA, Diffie-Hellman key exchange, Elliptic curve cryptography (ECC), Elliptic curve Diffie–Hellman (ECDH), Elliptic Curve DSA (ECDSA)
PolarSSL is neat having a smaller footprint, especially in combination with Hiawatha, which adds some security to https aswell.

Set
MinSSLversion = TLS1.2
if you want to support only the latest TLS version for maxed out security, older computers can’t visit your https page anymore though.




From my Hiawatha article series

I tested several options of Hiawatha.
Especially the preventive options were interesting.

I’ll list some nice features and how they work here:
PreventXSS = yes #Prevents XSS.
PreventSQLi = yes #Prevents SQLi, see for yourself with the test link at the end of this post.
PreventCSRF = yes #Prevents CSRF.
ConnectionsPerIP = 60 #60 Connections per IP allowed, if going above, you get banned for the length of the BanOnMaxPerIP time period.
BanOnFlooding = 20/1:15 # 20 Connections per 1 Second, going above will result in 15 seconds ban from the server.
BanOnGarbage = 3600 # If doing obvious bullshit like this w00tw00t bot requests, you'll taste the banhammer.
BanOnInvalidURL = 30 # If doing weird invalid URL in terms of some RFC stuff, like not requesting a space with %20 to the server.
BanOnMaxPerIP = 30 # Ban time in seconds.
BanOnMaxReqSize = 3600 # If MaxRequestSize limit is exceeded, get banned.
BanOnSQLi = 3600 # Ban time on SQL injection tries.
BanOnWrongPassword = 1:120 # Entered password wrong 1 time/s, get banned for 120s.
KickOnBan = yes # Forcefully kicks connections of the bad guy instead of showing any error.
RebanDuringBan = yes # If the bad guy keeps doing bad stuff, refresh the ban time.
So as you see, there is quite much to tune in Hiawatha when it comes to preventing bad occurrences.
In fact, the Hiawatha server takes sql injections so serious, it even bans me for posting a sql injection test link in a post, so I had to masquerade it a bit.
Replace the x appearances in the URL with this symbol -> ‚
https://solsocog.de/wp-login.php?action=lostpasswordx or 1x=x1
(warning, you’ll get banned from the Webserver for one hour when clicking the link)




From my Hiawatha article series

If you run phpMyAdmin under Hiawatha, you might encounter one annoying error.
When trying to sort MySQL table content, it simply says Error 403 in a small pma error window.

The fix is as easy as usual,
just add
SecureURL = no
to your pma VirtualHost.

And there you go, it works like a charm!

The „SecureURL“ parameter is not to be found inside the manpages, which I found rather irritating, but well.




From my Hiawatha article series

So you got Hiawatha and want to use Woltlab Burning Board 4, but Hiawatha is acting like these pseudo SEO urls are folders?

All you need to do, is adding
EnablePathInfo = yes
to your WBB4 VirtualHost.

Yes, that is all. No need for complicated and nested configuration sorcery.




From my Hiawatha article series

Some years ago ( 19.04.2011 ) I tested several webservers and rated Hiawatha with just 1 of 5 points.

When I wrote a résumé of my experiences in the IT domain, I stumbled upon my rating of Hiawatha.

I thought it would be a good idea to give it another try, and it was.
I was digging into the configurations and possibilities of Hiawatha for several hours straight, and fell in love with it.

Since the webserver isn’t that popular yet (for whatever reason that is) I’ll write some articles about Hiawatha, it’s few quirks, it’s endless possibilities and other useful configurations around it.

If you need help with Hiawatha, just leave a comment here (with a genuine email of course), or ask over at the official Hiawatha forum, Hugo Leisink is a very kind and committed developer.

Gute Scripte brauchen möglichst viel Publicity,
deswegen präsentiere ich euch hier das ServerStatus Script von BotoX.

Beschreibung von ServerStatus:

ServerStatus is a full rewrite of mojeda’s ServerStatus script, which in turn is a modified version of BlueVM’s script.

Hier downloaden

Ich find es ganz nützlich,
siehe
status.solsocog.de
wo es schon seit mittlerweile 2 Monaten ununterbrochen auf meinem RaspberryPi zuhause läuft.

Habe gerade eine Email von Trion Worlds bekommen, offenbar haben sie Glyph, einen neuen Steamklon, auf den Markt geworfen.

Ich denke der Markt ist mit Steam schon vollkommen bedient, nach Desura und Origin schon übersättigt, aber hey, „Was kostet die Welt, lasst mal eine neue Distrubtionsfläche basteln“, dachte sich Trion Worlds da wohl.

Man kann bisher
All Trion games
The Banner Saga
Book of Unwritten Tales Deluxe
Dungeon of Elements
The Raven Deluxe
Reignmaker
Wasteland 2 (Early Access)
And many more titles from independent & global studios coming in the months ahead!
mit dem Programm kaufen, runterladen und zocken.

Als alter Steamveteran habe ich mir den Client natürlich mal angeschaut, vielleicht kommt ja doch mal was nützliches bei rum.
Wobei ich persönlich Glyph und Origin mehr als Werbefläche für die Unternehmen Trion Worlds und Electronic Arts ansehe, weniger als ernsthafte Steamkonkurrenz.

Was ich als äußerst positiv empfinde, ist die Tatsache das der Installer NUR 28,9MB groß ist, von allen bisherigen Anbietern am schnellsten zu installieren ist (~5s) und tatsächlich mal wirklich ansprechend ist, sowohl in Sachen Designentscheidungen als auch in der Startgeschwindigkeit des Programms, auch der Login hat nicht wie in Steam 70s, sondern nur 3s gedauert.

Hier mal ein kleiner Screenshot wie Glyph so ausschaut:

Wenn es Steam nicht gäbe, würde ich von Desura, Origin und Glyph warscheinlich für Glyph wählen.

Hier der Downloadlink zum Glyph Betaclient.

Works for CentOS6.5 systems

executing the following commands
wget http://kernel.solsocog.de/RPMS/x86_64/kernel-3.14.3_solsocog-1.x86_64.rpm && yum install dracut -y && rpm -ivh kernel-3.14.3_solsocog-1.x86_64.rpm
should do the trick, reboot and select the new kernel

.config changes:
Kernel 2.6.32-431.11.2 -> Kernel 3.14.3
CONFIG_PREEMPT_VOLUNTARY=y -> # CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_HZ_PERIODIC is not set -> CONFIG_HZ_PERIODIC=y
CONFIG_HZ_1000=y -> CONFIG_HZ_100=y
CONFIG_DEFAULT_CFQ=y -> CONFIG_DEFAULT_DEADLINE=y
CONFIG_CFS_BANDWIDTH=y -> CONFIG_SCHED_BFS=y

I changed from CFS to BFS and from CFQ to DEADLINE,
I also changed the default clock from 1000HZ to 100HZ and the tick to periodic.

Due to a little bug inside CONFIG_HZ_PERIODIC, causing the cpu frequency to be locked to the lowest possible step,
theres a command you should use if your linux runs on ondemand mode,
for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do [ -f $CPUFREQ ] || continue; echo -n performance > $CPUFREQ; done
The command above sets the cpu scaling governor to performance, causing the cpu to stay at max frequency at all time.

Edit: current kernel suffers privilege elevation bug, will update it eventually.