The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for February, 2022

« Previous Entries

Snowflake – help vulnerable people (like censored or in war zones) access the internet

Posted by jpluimers on 2022/02/28

Via [Archive] Daniël Verlaan on Twitter: “Het is lief dat mensen iets willen doen, maar dit is even “effectief” als heel vaak op je F5-knop drukken. Als je zonder technische kennis mee wil helpen, draai een Tor Snowflake zodat Oekraïners en Russen toegang blijven houden tot een vrij internet: …” / Twitter:

[Wayback/Archive] Snowflake

Snowflake is a system to defeat internet censorship. People who are censored can use Snowflake to access the internet. Their connection goes through Snowflake proxies, which are run by volunteers. For more detailed information about how Snowflake works see our [Wayback/Wayback] documentation wiki.

Run a Proxy

If your internet access is not censored, you should consider installing the Snowflake extension to help users in censored networks. There is no need to worry about which websites people are accessing through your proxy. Their visible browsing IP address will match their Tor exit node, not yours.

If you would like to run a command-line version of the Snowflake proxy on your desktop or server, see our [Wayback/Archive] community documentation for running a standalone Snowflake proxy.

Use Snowflake

If your internet access is censored, you should download [Wayback/Archive] Tor Browser.

Tor Browser screenshot

–jeroen

 

Posted in Awareness, Power User, Privacy, Security | Leave a Comment »

Thinkpad max memory configurations for the models I own

Posted by jpluimers on 2022/02/28

Below are the maximum memory configurations for the Thinkpad models I own.

Note these re only 7-row keyboard configurations, the 6-row keyboards were always “meh”.

I used this command to get the CPU information:

wmic cpu get name

Memory speed

As mentioned in PC3-8500 or PC3-10600:

As PC3-10600 is getting increasingly difficult to acquire, PC3-12800 can be used instead. Using PC3-12800 may or may not increase the performance of your model, as some models may underclock it to their respective original DRAM speeds.

T510 – the midrange

Intel(R) Core(TM) i5 CPU       M 560  @ 2.67GHz

[Wayback] Category:T510 – ThinkWiki

You might think it would fit two 8GB modules and be upgradable to 16GB, but the chipset prevents it. Some of the W510 models seem to accept 8GB modules though:

W701 – the largest of the bunch

Intel(R) Core(TM) i7 CPU       Q 720  @ 1.60GHz

[Wayback] Category:W701 – ThinkWiki

  • 2, 3, 4 or 8GB PC3-8500 memory standard, upgradable to 16 GB

I actually still have 16GB in my version, see: ThinkPad W701: Win7 Ultimate x64 suddenly only saw 8GB RAM of 16GB (via: [H]ard|Forum).

Searching back my blog history, I did note that 32GB should fit: ThinkPad W701 with 32GB of memory via: forum.thinkpads.com • Newer 8G memory sticks in a W700, W701, W500, W510 ?

X201 – the smallest of the bunch

Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz

[Wayback] Category:X201 – ThinkWiki

Some seem to differ however, and got 16GB to work, but others don’t, as only the lower 8GB are accessible:

I might upgrade the W701, order 4*8GB modules, test some in the X201, then order more if it works.

Notes

Just in case I want to ever get a smaller Thinkpad with 7-row keyboard that allows 32-gigabytes of memory, the state as of 2019 is pretty accurate as no 7-row keyboards were manufacturerd after that (not even the horrendously expensive T25, which was a 2017 model [Wayback]/Archive.is] My ThinkPad T25 review : thinkpad):

[WaybackCurrent Thinkpad models that support 32 gb ram (even unofficially) – Thinkpads Forum (state in 2019)

If you really want to go the T25 way, you can modify it to put T480 hardware in it: [Wayback] Thinkpad T25 Gets Less Retro With Hardware Swap | Hackaday

–jeroen

Read the rest of this entry »

Posted in Power User, T510, ThinkPad, W701, X201 | Leave a Comment »

Not sure why: graph.windows.net is missing a security certificate retraction on some Windows machines?

Posted by jpluimers on 2022/02/28

Got this on two Dutch Windows machines, not sure why yet:

Missing information on security certificate retraction

Missing information on security certificate retraction

Certificate path is OK

Certificate path is OK

–jeroen

Posted in Communications Development, Development, Encryption, Internet protocol suite, Power User, Security, TCP, TLS | Leave a Comment »

Bestemmingsplan De Aker: Toelichting

Posted by jpluimers on 2022/02/25

[Wayback] De Aker: Toelichting

[Wayback] PDF.

Found via [Wayback] “NL.IMRO.0363.F1312BPSTD-VO01”, archived version [Wayback] “NL.IMRO.0363.F1312BPSTD-OW01”.

Posted in LifeHacker, Power User | Leave a Comment »

Force downloading Windows 10 ISOs instead of Media Creation Tool

Posted by jpluimers on 2022/02/25

When downloading Windows 10 builds, I usually want them as ISO files because I test them out as Virtual Machines before running on real hardware.

Downloading can be done from [WayBack] www.microsoft.com/en-us/software-download/windows10, however what you get depends on what machine you start browsing.

The above WayBack link, because it got archived from a non-Windows machine redirects from https://web.archive.org/web/20210321163339/https://www.microsoft.com/en-us/software-download/windows10 to https://web.archive.org/web/20210321143203/https://www.microsoft.com/en-us/software-download/windows10ISO.

On Windows systems the redirect goes from https://web.archive.org/web/20210321143203/https://www.microsoft.com/en-us/software-download/windows10ISO to https://web.archive.org/web/20210321163339/https://www.microsoft.com/en-us/software-download/windows10

By default, when you are on a Windows machine, the download link only provides the Media Creation tool. This forces an extra step into getting the ISO file on the virtual machine host.

When downloading from a non-Windows machine, you get a possibility to download the ISO file directly after selecting which kind of build and language you need. This provides you with a time limited https link to download the ISO (in practice this seems to last at least an hour).

I didn’t dig into this before, but luckily others did, and the difference is as easy as changing the User-Agent in your browser, as these posts describe:

Luckily, since ESXi 6.7, VMware ESXi added https as protocol to wget, so now you can download the https link you get via the above trick without hassle.

Oh, this answers my question from a few years back too: How can I get Win10_1511_1_English_x64.iso or Win10_1511_1_EnglishInternational_x64.iso ?

jeroen

Posted in Chrome, ESXi6.7, Power User, Virtualization, VMware, VMware ESXi, Web Browsers, Windows, Windows 10 | Leave a Comment »

“access to your banking” in mijn ING is named differently from this phrase both in English and Dutch

Posted by jpluimers on 2022/02/25

The target URL is this one: https://mijn.ing.nl/banking/settings/security and titled as such in:

  • English: “Access to your banking”
  • Dutch: “Toegang tot je bankzaken”

The page title “Access to your banking” is not to be found when you search on the Mijn ING site no matter if you configured Engish or Dutch as your Mijn ING language.

[Archive.is] Jeroen Wiert Pluimers on Twitter: “Waar zit in de My ING omgeving van @ingnl “access to your banking”? Ook met de site in het Engels kan ik het niet terugvinden, maar 1 van de apps heeft het wel nodig.… https://t.co/GU3TXwMbjf”

–jeroen

Posted in LifeHacker, Power User | Leave a Comment »

Bash functions to encode and decode the ‘Basic’ HTTP Authentication Scheme

Posted by jpluimers on 2022/02/24

IoT devices still often use the ‘Basic’ HTTP Authentication Scheme for authorisation, see [Wayback] RFC7617: The ‘Basic’ HTTP Authentication Scheme (RFC ) and [Wayback] RFC2617: HTTP Authentication: Basic and Digest Access Authentication (RFC ).

Often this authentication is used even over http instead of over https, for instance the Egardia/Woonveilig alarm devices I wrote about yesterday at  Egardia/Woonveilig: some notes about logging on a local gateway to see more detailed information on the security system. This is contrary to guidance in:

  • RFC7617:
       This scheme is not considered to be a secure method of user
   authentication unless used in conjunction with some external secure
   system such as TLS (Transport Layer Security, [RFC5246]), as the
   user-id and password are passed over the network as cleartext.
  • RFC2617:
       "HTTP/1.0", includes the specification for a Basic Access
   Authentication scheme. This scheme is not considered to be a secure
   method of user authentication (unless used in conjunction with some
   external secure system such as SSL [5]), as the user name and
   password are passed over the network as cleartext.

Fiddling with those alarm devices, I wrote these two little bash functions (with a few notes) that work both on MacOS and in Linux:

# `base64 --decode` is platform neutral (as MacOS uses `-D` and Linux uses `-d`)
# `$1` is the encoded username:password
function decode_http_Basic_Authorization(){
  echo $1 | base64 --decode
  echo
}

# `base64` without parameters encodes
# `echo -n` does not output a new-line
# `$1` is the username; `$2` is the password
function encode_http_Basic_Authorization(){
  echo $1:$2 | base64
}

The first decodes the <credentials> from a Authorization: Basic <credentials> header into a username:password clean text followed by a newline.

The second one encodes a pair of username and password parameters into such a <credentials> string.

They are based on these initial posts that were not cross platform or explanatory:

  1. [Wayback] Decode HTTP Basic Access Authentication – Stack Pointer
  2. [Wayback] Create Authorization Basic Header | MJ’s Web Log

–jeroen

Posted in *nix, *nix-tools, Apple, Authentication, bash, bash, Communications Development, Development, HTTP, Internet protocol suite, Linux, Mac OS X / OS X / MacOS, Power User, Scripting, Security, Software Development, TCP, Web Development | Leave a Comment »

Days since last time zone issue

Posted by jpluimers on 2022/02/24

If you do business with for instance Jordan for he first time, then is likely -1 because tomorrow their clock moves forward one hour.

The 2022 daylight saving time changes (summer time / winter time) are at time.is/DST_2022 [Wayback/Archive.is]

[Archive.is] Dr. Jessie Christianstein 👩🏻‍🔬🧟‍♀️ on Twitter: “… “

–jeroen

Read the rest of this entry »

Posted in Algorithms, Development, Software Development | Leave a Comment »

Viewing the last lines of the postfix log with journalctl (with help from Unix & Linux Stack Exchange)

Posted by jpluimers on 2022/02/24

Two command-lines I use to view my Postfix logs:

  1. journalctl --unit postfix --since "2 days ago"
  2. journalctl --unit postfix --pager-end

Note that neither of these work well with the --follow (or equivalent -f) option, as this will effectively disable the pager (which by default is less).

The second is via [Wayback] systemd – How to see the latest x lines from systemctl service log – Unix & Linux Stack Exchange (which got the--pagerend bit wrong, as it misses a dash and should be --pager-end, but still thanks [Wayback] Daniel Kmak):

Just:

journalctl -u SERVICE_NAME -e

Parameter -e stands for:

-e –pagerend

That’s the one ! Other answers will go through the whole log to get to its end, which can be veeeeery long for large syslogs.

The last bit (by [Wayback] Léo Germond, thanks!) is why I like it most.

Similarly, specifying --since in the first example will not go through the whole log.

Some background information:

Read the rest of this entry »

Posted in *nix, *nix-tools, bash, Development, journalctl and journald, Linux, postfix, Power User, Scripting, Software Development, systemd | Leave a Comment »

Egardia/Woonveilig: some notes about logging on a local gateway to see more detailed information on the security system

Posted by jpluimers on 2022/02/23

A follow-up on Source: Some links with notes on WoonVeilig/Egardia security system communications, protocols and support by 3rd party home automation apps:

Notes on the Woonveilig/Egardia GATE-03 model alarm hub (where 192.168.x.y is the IPv4 address that hub):

  1. It still uses the plain-text insecure http to communicate, so it is wise to try and put it in a separate LAN apart from other systems.
  2. Logon is done using HTTP Basic access authentication.
  3. Woonveilig/Egardia by now prefers the XMPP prototol over the CID protocol (the CID protocol is still used by jeroenterheerdt/python-egardia.
    • You can find the configuration at http://192.168.x.y/setting/xmpp.htm.
    • XMPP protocol uses
      • xmpp01.egardia.com as primary and xmpp01.alt.egardia.com as secondary server on port 443.
      • arg-####-auth  where ###### are the last 6 *lowercase* hexadecimal digits of the MAC address of the GATE-03.
      • a long password you can find in the plain-text of the http://192.168.x.y/action/xmppGet http GET request fired by http://192.168.x.y/setting/xmpp.htm.
  4. CID protocol address is ip://######@ics.alt.egardia.com:52010/CID where ###### are the last 6 *uppercase* hexadecimal digits of the MAC address of the GATE-03.
  5. User PIN-codes are not visible at the Woonveilig/Egardia alarm site, but they are at http://192.168.x.y/setting/userCode.htm together with their user names.
  6. Special PIN codes for Installer/Duress/Guard/Master/Temporary are at http://192.168.x.y/setting/codeSetting.htm and obtained via http://192.168.x.y/action/areaListGet and http://192.168.x.y/action/codeSettingGet
  7. On the CID protocol:

I got all of the above via: [Wayback/Archive.is] GATE-03 system does not report to Egardiaserver · Issue #26 · jeroenterheerdt/python-egardia (which by coincidence used the same firmware I had: HSGW 0.0.2.18.1 HPGW-L2-XA35H).

Which brings me to some Google search with some remarkable results:

So I did a quick look at LUPUS XT* based products:

Then at the Woonveilig/Egardia and Climax shops:

Conclusions:

  • Egardia/Woonveilig sensors look remarkably similar to the LUPUS ones
  • LUPUS is a re-brand of Climax with slightly different firmware

Side note on open ports

  • Open ports on the [Wayback] GATE-03 alarm device:
    PORT    STATE    SERVICE      VERSION
9/tcp   filtered discard
25/tcp  filtered smtp
80/tcp  open     http
445/tcp filtered microsoft-ds
  • Open ports on the [Wayback] CAM-06 outdoor camera:
    PORT      STATE    SERVICE      VERSION
9/tcp     filtered discard
21/tcp    open     ftp          oftpd
25/tcp    filtered smtp
80/tcp    open     tcpwrapped
445/tcp   filtered microsoft-ds
554/tcp   open     rtsp
711/tcp   open     cisco-tdp?
1935/tcp  open     rtmp?
6000/tcp  open     X11?
49152/tcp open     upnp         Portable SDK for UPnP devices 1.6.17 (Linux 3.4.35; UPnP 1.0)

jeroen

 

Posted in Communications Development, Development, Python, Scripting, Software Development | Leave a Comment »

« Previous Entries