cimnine's Tech-Blog

What this all about is....

Mon, 29 Sep 2008 03:22:09 +0200

So first of all... Welcome!

I want to talk in my blog about problems I solved, or I am trying to solve, and about gadgets, impressions and daily web stuff...

First of all I want to share my impressions of products with others, so that they don't have to do the same experience.

Second, I want to present solutions I found to various problems. May they help other people as well.

Third, I wan't to point to extraordinary web stuff I like to give a think about.

That's basically what I suppose to do with this blog.

So, come and have a look, or - this eggBlogg does have a RSS-Feed - subscribe to the RSS.

Regards,
Chris

svn checksum error

Wed, 06 Jan 2010 18:09:16 +0100

I just had this scary problem: "SVN: checksum missmatch"

Don't worry, it's easy to fix.
If you use a berkleyDB as filestore, please read here: http://ilovett.com/blog/programming/subversion-checksum-error
If you use FSFS, you'll be fine with me. :)

Important: You do all action on your own risk! The solution below worked for me, it may or may not work for you! You're said now to backup your repositories files NOW!

Good. Now to your problem.

First, make sure you have a good hex editor. hexcurse worked pretty good for me and is available in the debian & ubuntu repositories. (So install it with "apt-get install hexcurse")

First, execute "svnadmin verify /path/to/your/svn/repo".
You should now get messages like "Verified Revision 1, 2, ...". And the last message is a "Checksum mismatch. Expected XXXX. Calculated YYYY." (Something in LIKE that, I'm writing this out of my mind.)

Now you know which revision is the bad one. (svnadmin showed you the last good one, not the corrupt one!).

Now cd to /path/to/your/svn/repo/db/revs. (eg. ~ $ cd /var/svn/repo)
Now cp YOURBADREVISIONNR to YOURBADREVISIONNR.bak . (eg. repo $ cd 178 178.bak)
Now execute hexcurse with YOURBADRESISIONNR (eg. hexcurse 178).
The CTRL+F for XXXX.
Now replace the hexvalues of XXXX with the hexvalues of YYYY.
Save the file.
It should be fine now.

I hoped this worked for you too!
Otherwise, try to email me. You'll find the address on my webpage.

~Chris

Flash Games

Thu, 03 Dec 2009 11:35:51 +0100

I don't know why, but a lot of flash games are very poor designed in many aspects.
I'll explain some common mistakes in an example:
Kitag, a Swiss cinema group, put up a Christmas game this year, developed (at least hosted) by a company called netvision. Kitag raffles prices totally 3'120 CHF worth. (That's currently about the same in USD).

The game's a very classic jump-and-run game in Mario manner: Santa has to collect some items and get to the end of the level. The more items he collect, and the faster you'll get through the level, the more points you'll get. It's possible to invite friends to the game. Each of your friends gets an email with a one-time-link to register. For every registered friend you'll get another 500 points.

The design of the game is poor in several aspects:

Data Transmission: All data gets submitted without any encryption. Usernames, Passwords, Email-addresses; just everything. And we all know how lazy normal users are: Same username, password and mail for everything. Plus: This would stop less advanced people from exploring the underline protocol of the game.
Data Integrity: There is no check if the data sent by the client could be faked or not. The score made in each game is submitted as POST parameter (like points=42) without any validation, like a checksum. It's very easy to fake such a request plus it is very easy to set a new, just slightly higher, score like this. There are no time limits for submission (which should be at least the absolute minimal time it takes to get through the game). As I already mentioned, there's no checksum, which would, even if its algorythm was hardcoded, force a person to disassemble the swf file. But this way is clearly against the defined rules and could en up in instant exclusion.
Invitations: This more a fail-by-decision, as a fail-by-design. It would be an effort of some hours to write a script getting mails from a mail server and register on the link given in the mail. (Where we have the same problem with the full accessible protocol again.) This could get me lots of points a day - and is not clearly against the rules.

I don't know if only these more easy games are affected by such weak designs, or if Flash-Developer in general are less concerned about data intergrity and security.
But it's at least the second game I examined and it was very easy to trick a better score. (I'm talking about speedfingerzzz from the Swiss Post. It's design is a bit robuster, but not robust enough. It's running for the second year now - without any improvments and the same protocol.)

In my opinion, the only way to effectively secure a flash game is to verify each action a user does on a server. The best way would be to do every calculation on the server, but this isn't that fast if you have lots of users, or if you have users with slow internet connections. The other way I'd propose it to log every action in the client, send it for evaluation to the server, and send the points made back to the client. The important part is: The server calculates how many points the user made, not the client!

~Chris

Breaking your company's proxy with SOHT

Fri, 16 Oct 2009 10:07:07 +0200

After years of trying solutions to break my company's proxy, I finally found the tool SOHT.

What you need:

Web-Access to the internet in general
HTTPS allowed.
The credentials of your company's firewall. (hostname, port, username, password)
A Server/PC which

is always on an has broadband connection. (best would be a symetric connection)
has a running Java Servlet Container (f.e. Tomcat/JBoss/...)
has a running HTTP-Proxy (f.e. tinyproxy)
for HTTPS-Support: An Apache with SSL and mod-proxy

A workplace-PC which

Has Java or .NET runtime installed
Allows you to configure a proxy or to run (portable) firefox

minor technical knowhow
some time

What you get:

The ability to access every webpage you like
The ability to run every tool you like (ssh, irc, ...)

Please note:
Be aware, that what you do might be against your companys rules and this could end up in getting fired!
There is no warranty that this works.
This guide should provide everything you need. If you need more use google or just start thinking. It took me years to figure a way out of my company!

Let's start:

Make shure your Java Container is running with a least Java 1.5
Download and deploy the soht server war-file. (In Tomcat this can be done in the 'Tomcat Manager')
Adjust the Security Manager Settings of your Servlet Container if you have the security manager running. Otherwise you will not be able to change the server-config (eg make users) and to make any tunnel.
Install a HTTPProxy on the webserver. Set it to listen on port 8888. Restrict it to only accept connections from localhost (127.0.0.1).
Download the soht client to your workplace-pc. (If you want to / have to use the .NET client, please try yourself. But it should be about the same.)
Extract the ZIP to a folder.
Windows only:

Copy a 'javaw.exe' (normally in "%JAVA_HOME%/bin") to that folder. Rename it to 'soht.exe'. (Now you are able to kill the process if it hangs once.)
Create a shortcut to 'soht.exe'. Name it 'soht-client' for example. Adjust the 'target': Add " -jar soht-client.jar" to the end of the line. The full line should look now like ' "C:your_soht_foldersoht.exe" -jar soht-client.jar '

Linux/Unix (Mac OS X is a UNIX too):

start soht with this command: "javaw -jar soht-client.jar &"

Open the 'soht.properties' file with a text editor. (Windows: Notepad; Mac: TextEdit; Unix/Linux: You know how.)

Fill in your soht server url. If you have users configured (not described here), fill them in too.
If you have problems that connection begin to hang, set 'server.stateless=true'
Fill in your companys proxy credentials. Set 'proxy.useproxy=true'
Add a tunnel from port 8888 to host localhost:8888 like this
"port.8888=localhost:8888" (Note: SOHT can handle binary protocols, as long as they are TCP based! So SSH can be tunneld to.)

Start the soht-client.
Open your browser. Set the proxy for http and https to 'localhost:8888'
Good luck.

If something is not working:

Open the a shell. (Windows: Start->Run->"cmd"->Ok; Mac: CTRL+Space->"terminal"->[Enter]; Unix/Linux: You know how.)
Navigate to the soht-client folder.

Windows:

Enter Drive: "C:"
go step by step to the folder: "cd to", "cd your", "cd folder"

Linux/Unix (Mac OS X is a Unix too):

go to the folder: "cd /where/ever/your/folder/is"

Everyone: Enter "java -jar soht-client.jar"
You should see now the output of the soht-client. And there should be written why it is not working. Now turn on your brain ;)

For more safety: SSL Encryption

It depends how advanced you are, but I prefer my Apache HTTP Server to handle my SSL, instead of Tomcat. (It's also because I don't have that many IPs).
What you need:

A recent, configured Apache HTTP Server with mod-proxy.
A SSL-Certificate. (Self-Signed, CA-Cert, VeryTrust, that doesn't matter: SOHT accepts them all.)
Again, some time and a bit of technical knowhow.

How to do it:

Open your apache configuration. I can't tell you which file, cause XAMPP, Debian, RedHat, Apple and everyone has there one way to organize the config files.
So, 'somewhere', where your have a SSL-Encryption, add something like this:
        ProxyRequests off

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyPass /soht/ http://localhost:8080/soht/
        ProxyPassReverse /soht/
Restart your Apache (or just reload the configs)
Don't forget to adjust the URL in soht.properties (on the client side)

If something is not working, try to think why, try google, try call a friend. It's also worth to read what the author of SOHT wrote on his page!

I hope it helped you. I know it's not the definite guide, and it's not for beginners. I apologize. But I don't like writing that much and you should have an idea now how a SOHT setup could work.

~Chris

Hunger.

Mon, 06 Jul 2009 11:07:27 +0200

Today something for my German friends. An ASCII Art telling that I'm hungry right now. =)

http://pastebin.ch/2210
(or plain-text: http://pastebin.ch/2210/txt)

~Chris

PS: because all my blog layout went to nirvana, I moved the content to my pastebin.

Download Videos from YouTube and other from the CL

Tue, 30 Jun 2009 17:15:31 +0200

Today I needed to download a Video from YouTube just with a CommandLine.
So I searched the Debian Repo's for a tool's able to do that. ($ sudo apt-cache search youtube). The tool which catched my attention is called "clive". --> $ sudo apt-get install clive
It's very simple to use: $ clive http://youtube.com/VIDEOURL
It will download the high-res video by default. (Very nice!)
There are some other functionalities, like scanning a page for videos ($ clive -s http://page.com). I refer you to the man page ($ man clive).
~Chris

svn: Base checksum mismatch -- very simple solution

Mon, 15 Jun 2009 16:57:05 +0200

commit -m "Done Something." /path/to/Class.java
    /path/to/Class.java Sending
    Transmitting file data ...
    A checksum mismatch occurred
svn: Commit failed (details follow):
svn: Base checksum mismatch on '/path/to/Class.java':
   expected: ccfa7fbde34401b8db0930afc62bXXXX
     actual: 212062ca0fe2745fdf462377da58XXXX

If you face this problem, copy every (at least modified) file out of this directory, delete the folder, and do an «svn up». In simple Unix-Commands:

mkdir /tmp/path/to
cd /path/to/* /tmp/path/to
rm -R /tmp/path/to/.svn /path/to
svn up
mv /tmp/path/to /path/toP>

Now you should be able to commit again.

~Chris

Compiz Fusion

Sun, 22 Mar 2009 10:24:27 +0100

If you have ever the problem, that compiz(-fusion) does not show any window borders, first start "ccsm" and check if the "Window Decorator" Plugin is activated.
If that doesn't solve your problem, I recommend the official troubleshooting page.

~Chris

Rare Windows Trick

Mon, 09 Mar 2009 19:02:26 +0100

Today I present a simple, yet effective, and very old Windows Trick. (It might work on Unix/Linux too, I've never tried.)
The Trick's to enter Characters by their Unicode/ASCII Code.
This can be done by holding down the ALT-Key and using the Keypad (with NumLock on). Type for example ALT+174 and you will get "«". ALT+175 for "»".

There are a lot of ASCII Tables around, I often use http://www.asciitable.com.

Have fun,
~Chris

How To Request A CACert-Certificate for your server.

Sun, 15 Feb 2009 21:06:08 +0100

I wrote this some time ago, and I now wan't to share it with the world:

Pre Actions:
-Create CaCert Account (http://cacert.org)
-Register Domain you want to generate a Cert for

Now

1) Enter your SSL directory: cd /etc/apache2/ssl
2) Create Key-File: openssl genrsa -out sub.domain.com.key 1024
3) Create Certification Request: openssl req -new -key sub.domain.com.key -out sub.domain.com.csr
4) On CaCert Page: Click "Server Certificate"=>"New"
5) Paste content of sub.domain.com.csr
6) Copy the Certificate to sub.domain.com.crt
7) Remove sub.domain.csr
8) Edit Apache Conf
9) Done

~Chris