blog
wiki
cartoons
yorine

Author Archive

BugBlue

Ripoff?

July 15th, 2008 11:37

A long long time ago somewhere in a nice small city not far from the normal world I bought a nice bluetooth stick…

A nice bluetooth stick \

It’s a damn nice thing does something like bluetooth 1.2 or so and is nice enought to transfer photos.

After a while (1 morning) in my pocket it opened up:

It\'s opened up!

As good viewers can see there is nothing that connects die antenna to the stick. Seems to be useless.

For the people with glasses or who do see the small pictures on high-resolution screen:

A bluetooth stick in pieces
Now for sale: A “bluetooth antenna”! For only 5 euro you can have it (that’s what the ‘extended range’ costs more instead of the normal version)….

BugBlue

version 1.0 != 1.00

June 6th, 2008 12:47

In some definitions 1.0 isn’t 1.00 in this case it’s a crucial version numbering of documents regarding the OV-chipkaart[1].

A long time a ago there was someone steaming chipcards clean with acid. This resulted at the beginning of this year in some media-hype-rumors about the shiny new-not-yet-implemented dutch public transport card. But never trust a hacker and ask for a second opinion. They asked TNO, a dutch research company who also helped to develop this application card and some of the security measures.

They wrote a very nice report but a new hack voided this report.

Next step in the process was ‘let’s ask an independent researcher somewhere else‘. This worked and after a while they came up with a document version number 1.0. Normally in scientific publications this means it’s final you can release it and everybody would be happy.

Not this time. They wrote a newer version with version number 1.00 and changed (or just deleted) some little facts:

  • They ‘forgot’ to mention the possibility of a DOS/DDOS on the system since ‘it hasn’t to do anything with the security of the card’
  • They changed the part in the conclusions where they mentioned that ‘a low cost cardreader’ can make good copies into ‘relative simple to copy a card’
  • They changed the statement that ‘money and work could be better used for finding a securer card instead of introducing the current one’ into ‘put more effort in finding a better card’ (Effects of this statement for a ‘normal reader’: Go on with the current card and meanwhile have some fun spending a lot of money).

Meanwhile TLS (TransLinkSystems or so) doesn’t want to talk to the reported who found the version 1.0 (NOT the 1.00 that one was already public) and they are gone in some form of hiding about what is happening.

To make it more funny they are now going to do a ’softer’ approuch in deploying the system overall: They are going to introduce it into the large cities, phase out all the old paper tickets and if (and when) it works well they will deploy it in ‘the countryside’. This could bring me (and others) in the situation that you can’t take bus 1 from A to B with an OV chipkaart and you can’t take the next one with a strippenkaart.

It’s recipie for disaster.

And don’t get me started on some more crap about the lying from the minister about the money already spended on this project (about 1.000.000 EURO (that’s about 1.560.000$!) in tax money alone.

Maybe I should hop on to this project as a consultant or so. There should be a LOT of money hanging around.

KEEP HACKING….

[1]: A chipcard with mifare chip protected by crypto-1

P.S. Starbug: when can I get my backup of my OV chipkaart?

BugBlue

Certificates…

June 1st, 2008 19:17

Hello dear ladies, sirs and sysadmins.

Lately I got some problems with stricter SSL certifcate checking (which is a good thing) but….

From RFC2818 3.1

If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.

But what I see is that a lot of people don’t understand this quite well and users end up with a lot of errors about wrong hostnames. Pretty funny to see

“Certifcates hostname.domain.tld is not valid for hostname.domain.tld’

The easy answer to solve this: Put also the Commonname in the certificate request as SubjectAltName.

And for the fun…. Apple did implement the RFC the right way.

BugBlue

KPN is nice, NLUUG is fun (and a couple of funny phone calls)

May 16th, 2008 00:25

It was a nice day again. Just traveled 28km to ede and 25 back by bike home just to visit the NLUUG  conference.

It was possible thanks to KPN. Since they broke a very large part of the dutch internet (many private networks, many DSL networks and everything else you can imagine which runs over ATM) much of our customers didn’t call us if something broke but just blamed KPN (it was propably right too, after all they did break a lot for about 3 days long and it’s still not fixed!).

I got 3 nice phone calls today:

 

  • “hello this is the dutch railways, we need a photo from <person1>” (not so nice)
  • 20 minutes later: ”hello this is the dutch railways, we need a photo from <person2>” much more funny
  • Somewhere in the afternoon: “Hello I like maps, you know touristic maps and so on do you make them?” “No we don’t” “Yeah I searched kaarten (dutch for maps) somewhere on the internet and I find your page” “That’s just our own route information. Please go to the nearest bookstore, buy a map and call the maker of that map if you want to order maps”.
  • This evening: “Hello I just bought a laptop, I don’t have internet and I found your number in the old fashioned phonebook, and it has windows vista on it. But I was just reading the license agreements I have to click trough.” “Ok….” “I heard something about Linux, where can I find that company, I want that I guess” “Please go (or call them first) to an academic bookstore and buy your distro of choice”.
The last one was very happy that I could help him.
It was a nice day. Ohw and not to forget: I did get permission to attend to the speakersdinner (an expensive, free and nice dinner for people who give lectures at the NLUUG conference) although I wasn’t a speaker. (Getting the permission is nice enough, I didn’t have time to go :))

 

BugBlue

Is paypal secure? Have you ever lost a password?

May 7th, 2008 18:13

Yesterday afternoon I tried to order something at dealextreme.com (Yes I know that’s all chinese crap you don’t want to have but still order because it’s cheap).

A convinient way to pay there is to have a paypal account. That way you only have to export your (american) creditcard number to the USA and not to china. Another nice thing is that you can pay with your bank account (direct debit or so) if you have linked your bank account into paypal.

Nice nice nice that big bad internet these days. However here comes the lazy user: he has forgotten his password (or the postit with password). A real nice feature is the ‘lost password’ link overthere. I clicked it and it wanted some answer for a secret question. I didn’t know that either but nice as they are at paypal (and stupid as normal users can be) you can change the question in 3 other options. Including ‘what is your phone number which is like xxxxxxx42). Whow that would keep someone busy for hours….. The next question options where even funnier. ’secret question’, ‘creditcard number’ and ‘bank account number’. For the last two the last two digits where given again. After entering my bank account number I could set my password again.

Hello morons over there? I just entered:
* my bank account number
* my mobile phone number
* my emailaddress
and I could set my password without problem.

I don’t know how bank account numbers are threated in other countries but here it’s not a real secret and not that difficult to obtain. And for mobile phone numbers we have sites like orkut,hyves,linkedin,xing/openbc and my alltime big friends at google.

I was wondering why paypal didn’t email me a new password (or some activation link) but there is the point of scammers around the corner.

Ohw and you hackers/slackers/… out there don’t bother: I don’t have a paypal account anymore.

(any spelling errors are because MaemoWordPy don’t have spellchecking)

 

Update 2007-06-07 21:39

FooBar just checked it with his own account and told me that this trick doesn’t work anymore. I used an other paypal account to check it too and it doesn’t work this way anymore. They now call you by phone. And just after logging in it asked me to ‘update contact information’ and add an extra phone numer.

Seems that paypal is secure again (for now).

BugBlue

Blogging on the N810

April 7th, 2008 21:39

Whow it seems to work out of the box software download.

MaemoWordPy seems to be great.

BugBlue

And now some ranting again.

April 7th, 2008 20:31

Someone already experienced that you had to configure an IP by hand somewhere in an OS?

Good. I have been experiencing that for a while and I REALLY would like it if UI designers made life a little more nicer for me.

If I type an IP like 172.16.16.1 in a box and a netmask of 255.255.255.0 the software could fill out 172.16.16. already for me in the ‘default gateway’ box. Maybe a bit greyed out (like you see in much searchbars all over the internet) but I would really like it. Even Mac OS X doesn’t have this feature.

Ohw and for anyone who wants to implement it, it’s a very simple rule: at every position where the netmask is 255 you can just copy the number from the IP. It would make life just a bit easier.

BugBlue

New blog new stuff

April 7th, 2008 20:27

Damn.. wordpress was bad, is bad and will be bad. But at least I have a new version.

For some technical reasons I don’t have my old posts here. I maybe will put them back.

See ya,

Mendel

BugBlue

Delivery?

October 22nd, 2007 20:33

As everybody who has ordered hardware some day knows, Delivery companies suck.

However, there are companies that suck more than others do and most times you don’t have a choice what company should deliver your stuff.

A nice case I had last week, a company (which I won’t name as GLS) tried to deliver something somewhere at a address, however nobody was home (that happens). So we called them and asked them to deliver it at the neighbours. A nice woman on the phone told us that she would do so. But suprise: they didn’t. Same story happened again, but this time they left the package at the depot. They kindly told me that they wouldn’t try to deliver it again and we had to pick it up somewhere far away at a desolate place (I’m not sure, but I guess it looks like a big parking lot).

Since I didn’t have the time to go by there and we had to pick it up within 3 days I asked another company (let’s call them UPS) to go there, pick it up and deliver it.

A new surprise: It worked. I have the package. Sadly enought it costed 2 times the shipping costs but saved me a real lot of travel. Even the gas for a car or a trainticket would be more expensive.

Sadly UPS didn’t take a camcorder to film the scene where they picked up the package…

But it’s still a nice reminder for the future….

BugBlue

Verloofd/Engaged/Verlobt

September 23rd, 2007 20:34

[Nederland/English/Deutsch]

Op 20 september 2007 zijn Joanne Bouw en ik verloofd.

Dit gaan wij vieren met een leuk feestje. Het feestje zal op 20 oktober 2007 plaatsvinden op de Voorstraat 23 te Echteld. Het feest begint overdag vanaf een uur of 3 en zal vermoedelijk een uur of 12 later eindigen.
Helaas is het teveel werk om een ieder die wij persoonlijk kennen uit te nodigen. Indien je denkt dat je welkom bent ben je dat vermoedelijk ook ;-) Toch zouden wij een comment hieronder waarderen als je denkt langs te komen om ons te feliciteren zodat wij rekening kunnen houden met eventuele slaapplaatsen en eten/drinken.

On the 20th september 2007 Joanne Bouw and I engaged.

There will be a party on the 20th october 2007 at the Voorstraat 23 in Echteld, The Netherlands. The party will start at about 3 o’clock in the afternoon and could end about 12 hours later.
Sadly enought we together know too much people, that’s why you’re all invited if you think you’re invited. However we would appriciate it if you could leave a comment down here so we have just a little nice idea how much food, drinks and sleeping places we need.

Seit dem 20. September 2007 sind Joanne Bouw und ich verlobt

Die Party findet am 20. Oktober 2007 in meinem Haus in der Voorstraat 23 in Echteld, Niederlande, statt. Die Party beginnt um 15:00 an und endet vielleicht 12 Stunden später.
Leider kennen wir zusammen zu viele Leute, deswegen seid ihr alle eingeladen, wenn ihr meint, dass ihr eingeladen sein könntet. Es wäre aber ziemlich toll, wenn du hier einen Kommentar hinterlassen würdest, damit mir wissen, wie viel Essen, Trinken und Schlafplätze wir organisieren müssen.

« Older Entries