The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,867 other followers

Archive for the ‘Power User’ Category

Fritzbox 7490 ISDN landline and intenral ISDN S0 bus links

Posted by jpluimers on 2022/08/08

Somehow WordPress.com failed to post it on the scheduled date 20150331, not sure why.

Though ISDN has been phased out in The Netherlands as and almost phased out in Germany, you can still use end user Terminal Equipment on the internal S-bus.

Since scheduling the post for 2015, the same information as the original diagram below appeared in text form on Wikipedia and there it also adds TAE connector information: Fritz!Box: Belegung der kombinierten DSL-Telefon-Buchse – Wikipedia

Die Anschlussbelegung der Kombibuchse ist wie folgt:[44]

  • Pin 1: ISDN 1a
  • Pin 2: ISDN 1b
  • Pin 3: analog La
  • Pin 4: DSL
  • Pin 5: DSL
  • Pin 6: analog Lb
  • Pin 7: ISDN 2a
  • Pin 8: ISDN 2b

Der RJ-45-Stecker am grauen DSL-Zweig des Y-Kombikabels zeigt folgende Belegung:[44]

  • Pin 4: DSL
  • Pin 5: DSL

Die übrigen Pins sind unbenutzt.

Am schwarzen Telefonzweig ist der RJ-45-Stecker folgendermaßen belegt:

  • Pin 1: analog La
  • Pin 2: frei
  • Pin 3: ISDN 2a
  • Pin 4: ISDN 1a
  • Pin 5: ISDN 1b
  • Pin 6: ISDN 2b
  • Pin 7: frei
  • Pin 8: analog Lb

Somit ist ein direkter Anschluss an ISDN möglich, für analoge Anschlüsse liegt für Deutschland ein Adapter auf TAE bei:

  • Pin 1 RJ-Buchse auf Pin 1 TAE
  • Pin 8 RJ-Buchse auf Pin 2 TAE

Ein normales Kabel mit TAE-Stecker und sechspoligem RJ-Stecker, wie es für den Anschluss analoger Telefone an eine TAE-Dose verwendet wird, funktioniert nicht.

Bei entbündelten Anschlüssen (ohne analoges oder ISDN-Telefon) kann ein direktes Kabel verwendet werden.

Das Kabel für deutsche Anschlüsse:

  • Pin 4 RJ-Stecker auf Pin 1 TAE
  • Pin 5 RJ-Stecker auf Pin 2 TAE

Original article

Some links:

–jeroen

FritzBox-7490-Y-Cable-DSL-ISDN-Fritz.33

Posted in Power User, Hardware, Network-and-equipment, Telephony, ISDN, DECT, PSTN, Fritz!, Fritz!Box | Leave a Comment »

Fritz!box 7590 interface extremely slow : fritzbox

Posted by jpluimers on 2022/08/05

I tried the solution in [Wayback/Archive.is] Fritz!box 7590 interface extremely slow : fritzbox (remove the some 30-40 unused machines from the network overview), but it didn’t matter: since Fritz!OS 7.x, the Fritz!Box 7490 UI is just very very slow: each page takes 10+ seconds to load.

Hopefully I can get rid of these and move to pfSense based hardware eventually.

–jeroen

Posted in Fritz!, Fritz!Box, Hardware, Network-and-equipment, pfSense, Power User, routers | Leave a Comment »

ropg/ipocalypse: FreeBSD jails with web servers on a single IPv4 address

Posted by jpluimers on 2022/08/04

Rob Gongrijp has this nice repository [Wayback/Archive.is] ropg/ipocalypse: FreeBSD jails with web servers on a single IPv4 address:

To deal with web servers (which all need to be reached at ports 80 (http) and 443 (https), I describe a convenient Apache reverse proxy setup in its own jail, and the management script I wrote to make things super-easy.

Via [Archive.is] ᖇ⦿ᖘ Gonggrijp on Twitter: “HOWTO for setting up a FreeBSD host with multiple jails running web servers on a single IPv4 address. (No rocket science: just a general HOWTO plus an easy certificate management / reverse proxy script which also works on other systems with adaptation.) … “

With an interesting response [Archive.is] corbosman on Twitter: “I use kubernetes/traefik pretty much like that, and before that docker/traefik. It’s getting more and more difficult to get IP space at all.… “

–jeroen

Posted in *nix, BSD, Development, Power User, Software Development, Web Development | Leave a Comment »

OWASP WebGoat repositories: Deliberately insecure JavaEE application to teach application security

Posted by jpluimers on 2022/08/02

Last year in OWASP top rated security “feature” A01:2021 – Broken Access Control, I promised to write more about how learn about OWASP documented and rated security vulnerabilities.

Today is the day you should start learning from [Wayback/Archive.is] Github: OWASP WebGoat:

Deliberately insecure JavaEE application to teach application security

It is a Java backend with a JavaScript/HTML frontend, but the vulnerabilities just as easily apply to other back-end stacks.

Repositories:

  1. [Wayback/Archive.is] WebGoat/WebGoat: WebGoat is a deliberately insecure application

    WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

    This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

    WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat’s default configuration binds to localhost to minimize the exposure.

    WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.

  2. [Wayback/Archive.is] WebGoat/WebGoat-Lessons: 7.x – The WebGoat STABLE lessons supplied by the WebGoat team.

    This repository contains all the lessons for the WebGoat container. Every lesson is packaged as a separate jar file which can be placed into a running WebGoat server.

  3. [Wayback/Archive.is] WebGoat/WebWolf (Can’t have a goat without a wolf, but I wonder where the cabbage is)
  4. [Wayback/Archive.is] WebGoat/WebGoat-Legacy: Legacy WebGoat 6.0 – Deliberately insecure JavaEE application
    This is the WebGoat Legacy version which is essentially the WebGoat 5 with a new UI.
    This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application penetration testing techniques.
  5. [Wayback/Archive.is] WebGoat/WebGoat-Archived-Releases: WebGoat 5.4 releases and older

    WebGoat 5.4 releases and older

  6. [Wayback/Archive.is] WebGoat/groovygoat: POC for dynamic groovy/thymeleaf based lesson system

    POC to demonstrate dynamic lessons with groovy controller/thymeleaf templates

They are by OWASP:

The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.[4][5]The Open Web Application Security Project (OWASP) provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 – 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

Very important is the [Wayback/Archive.is] OWASP Top Ten Web Application Security Risks | OWASP:

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Globally recognized by developers as the first step towards more secure coding.

Companies should adopt this document and start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.
Changes in the OWASP Top 10 between 2017 and 2021:

More OWASP repositories (including the [Wayback/Archive.is] OWASP/Top10: Official OWASP Top 10 Document Repository and [Wayback/Archive.is] OWASP/www-project-top-ten: OWASP Foundation Web Respository which seem to be at a 4-year update interval got updated in 2021) are at [Wayback/Archive.is] Github: OWASP.

Related: [Archive.is] Jeroen Wiert Pluimers on Twitter: “This so much sounds like German government IT-projects: …”

Via:

–jeroen

Posted in Authentication, CSS, Development, Encryption, HTML, Java Platform, JavaScript/ECMAScript, Pen Testing, Scripting, Security, Software Development, Web Development | Leave a Comment »

de Burrito Truc (dekbed in je overtrek stoppen)

Posted by jpluimers on 2022/08/01

Via [Wayback/Archive.is] S07E15 – Digitale festivalbeleving en betalingsinnovatie met Ibo Orgut – Met Nerds om Tafel:

de Burrito Truc (dekbed in je overtrek stoppen)

De burritotruc om je dekbed in de hoes te stoppen.

De burritotruc om je dekbed in de hoes te stoppen.

–jeroen

Read the rest of this entry »

Posted in LifeHacker, Power User | Leave a Comment »

 
%d bloggers like this: