Dietrich Schroff

Subscribe to Dietrich Schroff feed
Dr. Dietrich Schroffhttps://plus.google.com/101232877473830670008noreply@blogger.comBlogger299125
Updated: 1 hour 51 min ago

How to embed HTTP content inside a HTTPS webpage / Mixed content problems

Sat, 2017-03-04 03:27
If you are running a webpage and you decide to move to SSL protection you can encounter the following problem: Inside your webpage you are using tags like "iframe", "script" or "link" pointing to HTTP servers. This is considered as mixed active content (mozilla):

Mixed active content is content that has access to all or parts of the Document Object Model of the HTTPS page. This type of mixed content can alter the behavior of the HTTPS page and potentially steal sensitive data from the user. Hence, in addition to the risks described for mixed display content above, mixed active content is vulnerable to a few other attack vectors.
And this will not work...

The best solution is: change all links from HTTP to HTTPS and you are done.

But there are still websites which offer their content in HTTP only. If you really trust them, you can do the following:
Add the link inside a https proxy like https://ssl-proxy.my-addr.org/myaddrproxy.php/http/yourlink

Of course this is not an excellent solution, but a workaround which allows you to protect your website and if you seperate this solution from the pages, which deal with sensitive content you should be fine...

Linux: keyring-password for wlan needed / legitimate wlan login

Sat, 2017-02-18 03:20
Each time i resume my notebook after a suspend to disk-cycle the connection to WLAN hangs with the following message:

 (Die Systemrichtlinien verhinder das Bearbeiten von Netzwerkeinstellungen für alle Benutzer / Enter password for default keyring to unlock)
I tried to fix this via network-manager with adding the hook at the checkbox "Alle Benutzer dürfen dieses Netzwerk verwenden", but this did not help at all.
The point is, that after resuming my login keyring wants a authentication with password again. But this behaviour can be easily changed with the tool seahorse.
(Installation in debian with:  apt-get install seahorse)

After starting seahorse choose "File -> New" and you will get the following dialog:
 Create a new password-keyring (Passwort-Schlüsselbund) -
 Choose a name -
 and do not enter a password (this is not really secure, but if you configure your screensaver to lock your screen with a password, this should not be a problem)
 Confirm an empty password - and the you are done.

At the end you have to delete the old keyring (the one with the password):
This is done with right clicking the appropriate item...

After all this steps you should not see this legitimate-popup anymore...

Review at amazon: Projektbegleitendes Projektmanagement

Fri, 2017-02-17 14:06
Today i finished the book "Projektbegleitendes Projektmanagement:


The author created a quite good reference for project and quality management. If you need a short summary of ISO 9001 or best practices for quality assurance, you will find this in a few pages.
I would like to pay particular attention to the following part: The chapters 9 to 11 contain many checklists, table of contents for some needful documents and so on...
From my point of view this is already sufficient for the purchase of this book.


If you are interested, take a look at my review at amazon.de. (like all my reviews: written in german ;-) 

10 years of "run like hell" - an anniversary after nearly 300 blog entries...

Sun, 2017-02-12 10:42
Ten years ago after a lecture given at the Technische Universität Kaiserslautern i started this blog with this posting (about the lecture). And you can see: the link does not work anymore but the screenshot still remains after such a long time.
After this post, i owned a blog, with one entry and noticed that finding topics to write about is not really easy.
In August 2017 i started to write about Oracle products like jDeveloper, 11c, ... With more than 100 posts over 30% of the blog entries are related to Oracle. In respect to this fact my blog is listed by 2 Oracle aggregators.
But for the last three years i did not write about Oracle anymore. But nevertheless there are still readers visiting:
The blog was called 350.000 times in 10 years - not really a big site, but nearly 3000 readers per week.
So thank you for reading my postings - let's see if i will run like hell for another 10 years ;-)

Review at amazon: Fundamentals of 5G mobile networks

Sat, 2017-02-11 16:02
Today i read the book "Fundamentals of 5G mobile networks":

This book is a collection of 10 articles around 5G, framed by an introduction and summary from the editor Jonathan Rodriguez.

More or less every article starts with the same motivation for 5G: mobile traffic will increase 1000times form 2010 to 2020.
Here some findings from the articles:
  • 5G is not one radio access technology (RAT). It will be a collection of RATs like small cells, SON, ... (chapter 1)
  • Spectral efficiency is about 1 bps/Hz/cell - gains can be achieved with multi-antenna techniques and small cells (chapter 3)
  • 5G devices are expected to exploit spectrum opportunities efficiently on the fly (chapter 6)
  • new transceivers have to be built with excellent power saving characteristics and tunable RF frontend radio. (chapter 11)
If you are interested, take a look at my review at amazon.de. (like all my reviews: written in german ;-) 

Review at amazon: Software Product Lines in Action: The Best Industrial Practice in Product Line Engineering

Sun, 2017-01-29 15:47
This weekend i read the following book:

Software Product Lines in Action tries to explain, why a company should move from contract-based development to its own product strategy. But this change does not only involve software engineering - organizational changes, business process changes, technology changes, .... And the author states "Bringing comprehensive change to a software development organization isn't easy, and false starts are expensive."
The book has three divisions: "Aspects of Software product line engineering", "Experience Reports" and "Conclusions"
Part one covers the theoretical statements and is quite readable.
Part two presents 9 experience reports, which are not really helpful. Different companies are presented with their problems and their lessons learned. The best example is Nokia Mobile Phones - it is clear that their change to software product line has not worked very well. Nokias software for mobile phones was not a magic bullet...
Part three ("Conclusions") is much to short, to learn something.
Reading the 300 pages is at the beginning quite interesting, but after page 80 i did not get anything new or helpful...

If you are interested, take a look at my review at amazon.de. (like all my reviews: written in german ;-)

Review at amazon: Fallbuch BIP

Sun, 2017-01-29 07:39
Sometime ago i read the following book:


For all who do not know what BIP stands for: Bochumer Inventar zur berufsbezogenen Persönlichkeitsbeschreibung

And as you can see: This is something, what is only used in Germany - wikipedia has no translation in english or any other language.

If you are interested, take a look at my review at amazon.de. (like all my reviews: written in german ;-).

Ubuntu: Hibernate/Suspend to disk: Resume problem with ATI Radeon R7

Sun, 2017-01-15 14:08
On a new Lenovo laptop i had some issues with supsend/resume.
I installed tux on ice and the suspend process worked, but the resume just freezed after some seconds.

First step to solve this problem was to stop the graphics (/etc/init.d/lightdm stop) and try it again.

This attempt worked without a problem, so it was clear: the resume problem is a issue with the graphic card:
laptop:~$ lspci
[...]
01:00.0 Display controller: Advanced Micro Devices, Inc. [AMD/ATI] Topaz XT [Radeon R7 M260/M265] (rev ff9)
[...]So i tried to disable the modesettings with grub. I changed in /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="resume=/dev/sda9 quiet splash"to
 GRUB_CMDLINE_LINUX_DEFAULT="resume=/dev/sda9 quiet splash  nomodeset"and then the command
update-grubAnd after that everything worked...



Here an explanation from https://ubuntuforums.org/showthread.php?t=1613132:
nomodeset
The newest kernels have moved the video mode setting into the kernel. So all the programming of the hardware specific clock rates and registers on the video card happen in the kernel rather than in the X driver when the X server starts.. This makes it possible to have high resolution nice looking splash (boot) screens and flicker free transitions from boot splash to login screen. Unfortunately, on some cards this doesnt work properly and you end up with a black screen. Adding the nomodeset parameter instructs the kernel to not load video drivers and use BIOS modes instead until X is loaded.

Note that this option is sometimes needed for nVidia cards when using the default "nouveau" drivers. Installing proprietary nvidia drivers usually makes this option no longer necessary, so it may not be needed to make this option permanent, just for one boot until you installed the nvidia drivers.


Ubuntu: WLAN module for bcm43-chipset gone after reboot...

Sat, 2016-11-12 02:05
Today i ran with a laptop into the following problem:
After a reboot the system lost its WLAN:
 # uname -a Linux Notebook 3.13.0-86-generic #131-Ubuntu SMP Thu May 12 23:33:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linuxand
# lspci | grep 802.11
02:00.0 Network controller: Broadcom Corporation BCM43142 802.11b/g/n (rev 01)
Trying a modprobe wl failed...
There were some posts, which suggested to install kernel-drivers, dkms and so on, but this was not the problem, but it led me to the solution:
I tried to install this packages an i got the following:
root@Notebook:~# apt-get install linux-headers-$(uname -a) build-essentials dmks E: Der dpkg-Prozess wurde unterbrochen; Sie müssen manuell »sudo dpkg --configure -a« ausführen, um das Problem zu beheben.And here we go:

root@Notebook:~# dpkg --configure -a
mysql-client-core-5.5 (5.5.53-0ubuntu0.14.04.1) wird eingerichtet ...
libgpgme++2 (4:4.13.3-0ubuntu0.3) wird eingerichtet ...
sudo (1.8.9p5-1ubuntu1.3) wird eingerichtet ...
Konfigurationsdatei »/etc/sudoers«
 ==> Geändert (von Ihnen oder von einem Skript) seit der Installation.
 ==> Paketverteiler hat eine aktualisierte Version herausgegeben.
   Wie möchten Sie vorgehen? Ihre Wahlmöglichkeiten sind:
    Y oder I : Die Version des Paket-Betreuers installieren
    N oder O : Die momentan installierte Version beibehalten
       D     : Die Unterschiede zwischen den Versionen anzeigen
       Z     : Eine Shell starten, um die Situation zu begutachten
 Der Standardweg ist das Beibehalten der momentanen Version.
*** sudoers (Y/I/N/O/D/Z) [Vorgabe=N] ?
xscreensaver-data (5.15-3+deb7u1ubuntu0.1) wird eingerichtet ...
...
...
initramfs-tools (0. 103ubuntu4.4) wird eingerichtet ...
update-initramfs: deferring update (trigger activated)
bcmwl-kernel-source (6.30.223.248+bdcom-0ubuntu0.2) wird eingerichtet ...
Loading new bcmwl-6.30.223.248+bdcom DKMS files...
Building only for 3.13.0-86-generic
Building for architecture x86_64
Building initial module for 3.13.0-86-generic
Done.
wl:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/3.13.0-86-generic/updates/dkms/
depmod........
DKMS: install completed.
update-initramfs: deferring update (trigger activated)
unity (7.2.6+14.04.20160408-0ubuntu1) wird eingerichtet ...
...
...
Now the WLAN was up again...
Apparently the last system update was waiting for an enter, but i forgot this windows and did the reboot...

Debian dist-upgrade: from 7(wheezy) to 8(jessie): udev...

Tue, 2016-11-01 15:01
I was running my own kernel on my laptop. But doing the upgrade from debian 7 to 8, i ran in the following problem:
Since release 198, udev requires support for the following features in
the running kernel:

- inotify(2)            (CONFIG_INOTIFY_USER)
- signalfd(2)           (CONFIG_SIGNALFD)
- accept4(2)
- open_by_handle_at(2)  (CONFIG_FHANDLE)
- timerfd_create(2)     (CONFIG_TIMERFD)
- epoll_create(2)       (CONFIG_EPOLL)
Since release 176, udev requires support for the following features in
the running kernel:

- devtmpfs         (CONFIG_DEVTMPFS)

Please upgrade your kernel before or while upgrading udev.

AT YOUR OWN RISK, you can force the installation of this version of udev
WHICH DOES NOT WORK WITH YOUR RUNNING KERNEL AND WILL BREAK YOUR SYSTEM
AT THE NEXT REBOOT by creating the /etc/udev/kernel-upgrade file.
There is always a safer way to upgrade, do not try this unless you
understand what you are doing!


dpkg: Fehler beim Bearbeiten des Archivs /var/cache/apt/archives/udev_215-17+deb8u5_i386.deb (--unpack):
 Unterprozess neues pre-installation-Skript gab den Fehlerwert 1 zurückSo i changed to the default kernel of debian, but with this one systems was not able to mount the partitions, because the old kernel mounted the disk on /dev/hda and the new one on /dev/sda.
So i had to rewrite the /etc/fstab and after that, the dist-upgrade could continue...

Debian dist-upgrade: from 7(wheezy) to 8(jessie): udev...

Tue, 2016-11-01 15:01
I was running my own kernel on my laptop. But doing the upgrade from debian 7 to 8, i ran in the following problem:
Since release 198, udev requires support for the following features in
the running kernel:

- inotify(2)            (CONFIG_INOTIFY_USER)
- signalfd(2)           (CONFIG_SIGNALFD)
- accept4(2)
- open_by_handle_at(2)  (CONFIG_FHANDLE)
- timerfd_create(2)     (CONFIG_TIMERFD)
- epoll_create(2)       (CONFIG_EPOLL)
Since release 176, udev requires support for the following features in
the running kernel:

- devtmpfs         (CONFIG_DEVTMPFS)

Please upgrade your kernel before or while upgrading udev.

AT YOUR OWN RISK, you can force the installation of this version of udev
WHICH DOES NOT WORK WITH YOUR RUNNING KERNEL AND WILL BREAK YOUR SYSTEM
AT THE NEXT REBOOT by creating the /etc/udev/kernel-upgrade file.
There is always a safer way to upgrade, do not try this unless you
understand what you are doing!


dpkg: Fehler beim Bearbeiten des Archivs /var/cache/apt/archives/udev_215-17+deb8u5_i386.deb (--unpack):
 Unterprozess neues pre-installation-Skript gab den Fehlerwert 1 zurückSo i changed to the default kernel of debian, but with this one systems was not able to mount the partitions, because the old kernel mounted the disk on /dev/hda and the new one on /dev/sda.
So i had to rewrite the /etc/fstab and after that, the dist-upgrade could continue...

Debian dist-upgrade: Laptop suspends 30s after boot / startup

Tue, 2016-11-01 14:58
After i moved to jessie (Debian 8) my laptop moved to suspend to RAM about half a minute after startup.
There was no message in the logfiles and even worse the resume does not work at all...
The configuration for the suspend was in here:
/etc/systemd/logind.conf:
 [Login]
#NAutoVTs=6
#ReserveVT=6
#KillUserProcesses=no
#KillOnlyUsers=
#KillExcludeUsers=root
#InhibitDelayMaxSec=5
#HandlePowerKey=poweroff
HandleSuspendKey=ignore
#HandleHibernateKey=hibernate
HandleLidSwitch=ignore
#PowerKeyIgnoreInhibited=no
#SuspendKeyIgnoreInhibited=no
#HibernateKeyIgnoreInhibited=no
#LidSwitchIgnoreInhibited=yes
#IdleAction=ignore
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RemoveIPC=yesAfter changing the lines "HandleLidSwitch" and "HandleSuspendKey" to ignore and one more restart the laptops stays alive and no unwanted suspend is happening anymore.
That was a strange behaviour, because my first guess was overheating. But after waiting 10 minutes the laptop was really cool, so overheating was not the point...

Debian dist-upgrade: ipw2200 firmwares missing...

Tue, 2016-11-01 05:25
After the dist-upgrade the ipw2200 wireless chipset drivers are missing.
Grrrr...
No more internet access - so i had to use a good old LAN cable ;-)

The fix was very easy:
apt-get install firmware-ipw22x00
rmmod ipw2200
modprobe ipw2200 and the wireless network is up again...

Debian dist-upgrade 5 (lenny) to 6 (squeeze): insserv: exiting now

Tue, 2016-11-01 04:02
After several years i decided to upgrade my old laptop to the current debian version.
The first
apt-get dist-upgrade ran into the following problem:
insserv: warning: script 'K01hotplug-net' missing LSB tags and overrides
insserv: warning: script 'K01x2goserver' missing LSB tags and overrides
insserv: warning: script 'K01oracle-xe' missing LSB tags and overrides
insserv: warning: script 'S85vpnagentd_init' missing LSB tags and overrides
insserv: warning: script 'S02vpnclient_init' missing LSB tags and overrides
insserv: warning: script 'S15initrd-tools.sh' missing LSB tags and overrides
insserv: warning: script 'S15hotplug' missing LSB tags and overrides
insserv: warning: script 'S15modutils' missing LSB tags and overrides
insserv: warning: script 'modutils' missing LSB tags and overrides
insserv: warning: script 'hotplug' missing LSB tags and overrides
insserv: warning: script 'initrd-tools.sh' missing LSB tags and overrides
insserv: warning: script 'hotplug-net' missing LSB tags and overrides
insserv: warning: script 'vpnclient_init' missing LSB tags and overrides
insserv: warning: script 'x2goserver' missing LSB tags and overrides
insserv: warning: script 'oracle-xe' missing LSB tags and overrides
insserv: warning: script 'vpnagentd_init' missing LSB tags and overrides
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true!
insserv: There is a loop between service vpnagentd_init and rc.local if started
insserv:  loop involving service rc.local at depth 23
insserv:  loop involving service vpnagentd_init at depth 1
insserv: exiting now without changing boot order!
update-rc.d: error: insserv rejected the script header
dpkg: Fehler beim Bearbeiten von /var/cache/apt/archives/util-linux_2.20.1-5.3_i386.deb (--unpack):
 Unterprozess neues pre-installation-Skript gab den Fehlerwert 1 zurück
Fehler traten auf beim Bearbeiten von:
 /var/cache/apt/archives/util-linux_2.20.1-5.3_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)Hmmm. A further try with
apt-get dist-upgrade -f  failed with the same error. What was wrong?
insserv: Starting vpnagentd_init depends on rc.local and therefore on system facility `$all' which can not be true! I just searched for "vpnagentd_init" in /etc und found it in /etc/init.d. Quick workaround: I moved the vpnagentd_init in a backup directory and after that the upgrade worked without any problem...

Journalismus, den die Welt braucht. Teil 3 | Pearls of journalism. Part 3

Tue, 2016-08-23 14:00
Yippie! I got a new release of IT-BUSINESS:
 And inside there was really nice article:
aha. I did not get this, but there is a magic weapon called chain management. Let's see what Google Translate does with this text:
Channel conflict threatens

The comparison of the "delivery price of Distribution" (blue line) with the average "sales price of Channels" (green line) makes it clear that price reductions on the part of distribution only be partially passed through the channel to the end customer. This focuses thus partially more on profit than on volume growth. A coordinated supply chain management is the solution to avoid such a channel conflict and specifically to develop benefits for participants
I think the english text is much more understandable than the german version...





Journalismus, den die Welt braucht. Teil 2 | Pearls of journalism. Part 2

Sun, 2016-08-21 13:47
Two weeks ago i started a first experiment with translating strange articles by Google (see here).
This was the next snippet (from IT-BUSINESS), which was a little bit weird:
Aha. Fog Computing...

Let's see, what Google Translate means to this:

Fog Compuing

The Fog is all symbolize the cloud around. It is all about the primary processing of data close to the data encoder, such as in the car or in the refrigerator before it is to be forwarded to cloud services. The more devices are connected to the cloud, the more data must be downloaded from and to the cloud. Fog Computing to store data that are needed for a specific device right there too and process.
"Downloaded from and to the cloud"...
For this snippet it wasn't really helpful to translate it into to english. But Fog Computing is a nice neologism ;-)

Journalismus, den die Welt braucht. Teil 1 | Pearls of journalism. Part 1

Fri, 2016-08-05 14:07
Today i browsed the magazine IT-BUSINESS  and read some really annoying articles. It was just words without building meaningful setences. It was so stunned, that i decided: I have to do something...


The  following idea came into my mind:
What about translating the part of the article, which i did not understand via Google Translate? Perhaps in english it sounds more meaningful (and more than 20% of the words are just technical terms in english...)






And after Google Translate:

Matching promotional concepts

In replacement markets optimization of promotional activities is one of the easiest ways to improve the profit. A price reduction associated with the direct delivery into the channel leading to a significant decline in sales in the distribution. A channel conflict could follow: The inventory turnover in the distribution decreases the Profitabliltät in the width of the channels decreases. It is a further price action required to stimulate demand again. It is more settled, for all concerned but worsens the profit situation.
Wow. It is really easier to understand this...


Android Update: 5.0

Tue, 2014-11-18 14:27
Today my Nexus 7 got the upgrade to Android 5.0:
 After this upgrade, many things changed, like the system settings:



But everything is slower than before.... ;-(

For a complete history of all updates visit this posting.


Virtualbox: only 32bit guests possible even though virtualization enabled in BIOS / Intel Process Identification Utility shows opposite to BIOS virtualization setting

Fri, 2014-10-03 04:08
Virtualbox on my Windows 8.1 stopped running 64bit guests a while ago. I did not track down this problem. Now some months later i tried again and found some confusing things.

First setting:
BIOS virtualization enabled
Intel Processor Identification Utlility in 8.1: virtualization disabled
Second setting
BIOS virtualization disabled
Intel Processor Identification Utlility in 8.1: virtualization enabledWith both settings: Virtualbox runs 32bit guests but no 64bit guests.
 

After some searching, i realized, what was happening:
I added Microsofts Hyper-V virtualization. With that enabled Windows 8.1 is no longer a real host. It is just another guest (the most important guest) on this computer. So with Hyper-V enabled i was trying to run Virtualbox inside an already virtualized Windows 8.1.
After that it was easy: Just disable Hyper-V on Windows 8.1:


And after a restart of Windows 8.1 i was able to run 64bit guests on Virtualbox again....

Wireshark hanging on Windows 8.1 at startup

Wed, 2014-09-24 14:09
After upgrading Windows 8 to Windows 8.1 my wireshark freezed on every startup without showing up the main window.
The only workaround was to deinstall wireshark including wincap and installing it again. But after the nex reboot, it freezed again.

After searching around i found the following fix, with cured this problem:

inside the registry you have to change the DWORD start in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npf

from 0 or 1 to 2. After that wireshark will start properly even after reboots....

Another possible solution are to issue these commands as administrator:
sc start npf
sc config npf start= delayed-auto

Pages