die wirren gedanken eines nerds
sebastian
This user hasn't shared any profile information
Home page: http://juerges.net
Yahoo Messenger: juergess
Jabber/GTalk: sjuerges@gmail.com
AIM: juergess
Posts by sebastian
Plesk Spamassassin & SASL Authenticated Users
I have been having a problem with Plesk 10.4.4 using Postfix and the Plesk Spamassassin:
Mails from SASL Authenticated local domain users was being tagged as Spam by Spamassassin, with, amongst others, RCVD_IN_PBL.
I fixed this by doing two things:
1) adding the following to the /etc/postfix/main.cf
smtpd_sasl_authenticated_header = yes
AND
2) adding the following to /etc/mail/spamassassin/local.cf (replace your.host.name with your hosts FQDN that shows up in mail headers)
header SASL_AUTH_RCVD Received =~ /\(Authenticated sender: .*@.*\) by your.host.name \(Postfix\) with/
score SASL_AUTH_RCVD -10
describe SASL_AUTH_RCVD received from SASL authenticated user
Problem fixed 
Lastpass & Yubikey Neo
Ever since I started using Lastpass Premium, I have been using Two-Factor Authentication (TFA). First with printed OTPs, then Google Authenticator on my Android.
The only reason why I thusfar not considered using Yubikey as my TFA was the missing ability to use it on my android phone. But especially on the PHONE I want TFA, because it is in much higher danger of being stolen. But the traditional Yubikeys dont work on phones.
But the guys @ Yubico came up with the Yubikey Neo (http://yubico.com/yubikey-neo)
The Yubikey Neo is NFC-enabled and works perfectly in tandem with my Samsung Galaxy Nexus. I can now safely use Lastpass on my Android with TFA, and I don’t have to worry about the security of my passwords when my phone gets stolen.
Here is how to do it:
- Get a Lastpass Premium Account
- Get a Yubikey Neo
- Register the Yubikey with your Lastpass account
- “Disallow” mobile access in the Lastpass account settings.
- Download the Personalization Tool
- Select the “Write an NDEF configuration (YubiKey NEO only)” option
- Then select URI record type, identifier=https:// and URI string lastpass.com/mobile/?otp=
- press NEXT twice to get to the programming page and press the RUN button to write the NDEF2 string to your YubiKey NEO.
- Enjoy (make sure you have the Lastpass App installed on your Phone)
The Yubikey Neo can be used on any Computer like a normal Yubikey and on any NFC enabled phone. Fantastic, isn’t it ?
~~ sebastian
Update 1, 13.03.2012: Thanks to a comment from Evelina @ Yubico, I changed the above howto to include the need to change your lastpass account settings to “disallow” mobile access. This setting will enforce the YubiKey TFA on mobile devices.
Automounting all available Shares on a NAS under Mac OSX 10.7.3
I have recently been using my girlfriends Macbook with Mac OSX Lion (10.7.3) for sorting files on my Synology DS-1511+ NAS. The way OSX handles Volumes/Shares frustrates me, and having to reconnect every time the Macbook leaves standby is even more annoying.
So I started looking for ways to utilize the Mac OSX automount (autofs) tools. With a bit of looking around on the net and a few modifications, this is what I came up with:
First, I created /etc/auto_smb:
|
1 2 3 |
cd /etc sudo curl -O "http://juerges.net/files/mac_autofs/auto_smb" sudo chmod +x /etc/auto_smb |
Script Content:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
#!/bin/bash ##################################### # Save this to /etc/auto_smb # Set execution bit with chmod +x /etc/auto_smb # Add this in /etc/auto_master as: # /mountpoint auto_smb # # Create .smb_credentials file in user home dir # format: # username=[username] # password=[password] ##################################### LOCAL_USER=yourLOCALusername SMB_SERVER=yourNASipORhostname OPTIONS="-fstype=url" CACHE_TIME=900 if [ -e /Users/${LOCAL_USER}/.smb_credentials ]; then . /Users/${LOCAL_USER}/.smb_credentials SERVER=$username:$password@$SMB_SERVER else SERVER=$SMB_SERVER fi if [ $# = 0 ]; then if [ -e /tmp/.smb_cache ]; then eTime=`date +%s` eval $(stat -s -t %s /tmp/.smb_cache) if [ $(($eTime-$st_mtime)) -lt $CACHE_TIME ]; then cat /tmp/.smb_cache exit 0 fi fi rm -rf /tmp/.smb_cache sudo -u $LOCAL_USER smbutil view //$SERVER | grep Disk | grep -v homes | cut -d " " -f 1 | while read MOUNT; do if [ -n "$MOUNT" ]; then echo "\"${MOUNT}\" ${OPTIONS} cifs://${SERVER}/${MOUNT}" | tee -a /tmp/.smb_cache; chmod 0600 /tmp/.smb_cache fi done exit 0 fi echo "${OPTIONS} cifs://${SERVER}/$1" |
So far, so good: Now I have a script that handles the doing, but I have to tell the automounter where to apply this script, so I append a directive to /etc/auto_master, create the designated mountpoint and reload the automounter:
|
1 2 3 |
sudo echo "/Volumes/storage auto_smb" | sudo tee -a /etc/auto_master > /dev/null sudo mkdir /Volumes/storage sudo automount -vc |
At this point, the automounter is registered for /Volumes/storage/, but since I haven’t actually ACCESSED any of the shares yet, there are no subfolders under /Volumes/storage (automounter creates those after initial access).
Since I want a TRUE automount, I use a little script that can be added to the users startup routine.
This script just reads all available shares from the NAS, and cd’s to each of the corresponding automount subdirectories to create the initial stubs.
|
1 2 3 4 |
sudo mdkir -p /usr/local/bin cd /usr/local/bin sudo curl -O "http://juerges.net/files/mac_autofs/connect_mounts" sudo chmod +x /usr/local/bin/connect_mounts |
Script Content:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
#!/bin/bash # Cycles through SMB shares from server and cds into each as the specified user # Setting this script as a launch daemon on a calendar schedule can be useful LOCAL_USER=yourLOCALusername LOCAL_MOUNT=/Volumes/storage SMB_SERVER=yourNASipORhostname if [ -e /Users/${LOCAL_USER}/.smb_credentials ]; then . /Users/${LOCAL_USER}/.smb_credentials SERVER=$username:$password@$SMB_SERVER else SERVER=$SMB_SERVER fi sudo -u $LOCAL_USER smbutil view -N //$SERVER | grep Disk | grep -v homes | cut -d " " -f 1 | while read MOUNT; do if [ -n "$MOUNT" ]; then echo "Joining ${MOUNT}" sudo -u $LOCAL_USER cd "${LOCAL_MOUNT}/${MOUNT}" fi done |
Finally, something working But wait, shares mounted this way dont show up on the desktop as Volumes. Fair enough. I just linked the automounter base_dir to my desktop to have easy access:
|
1 |
sudo ln -s /Volumes/storage /Users/yourLOCALusername/Desktop/storage |
Tadaaa! A working Mac OSX 10.7.3 automounter, easy to use and comfortable. I hope you find this as useful as I do
~~ sebastian
Samsung Galaxy Nexus: Probleme
*seufz*
Da denkt man sich kurz nach Weihnachten, es wäre mal Zeit sich ein neues Android Gerät zuzulegen, und was hat man davon ?
Nichts als Ärger 
- Kalender Sync von sekundären Google-Kalendern funktioniert nicht ordentlich
-> Update: Fixed - Der Primäre Kalender wird automatisch auf den Originalnamen (Email-Adresse) zurückgesetzt, und lässt sich nicht wieder umbenennen.
- Facebook Contact Sync funktioniert nicht (das ist allerdings eher die Schuld von Facebook, wg. des ewigen Streites. Aber für uns User trotzdem SCHEI*E)
- Ganztägige Termine die NICHT im primären Kalender sind, werden über Widgets nicht angezeigt. (API-Fehler, liegt nicht am Widget)
-> Update: Fixed
Es ist einfach zum heulen. Verdammte Bananenware die beim Kunden reift.
@Google, das war ja mal ein Griff ins Klo. Nachbessern, und zwar zügig ! Und hört endlich auf den Kalender zu stiefmütterlich zu behandeln, damit wollen auch Leute ARBEITEN !
@Facebook: Hosen runter, und die Google People 4.0 API nutzen, damit der verdammte Contact Sync wieder geht Sonst seit ihr bald völlig weg vom Fenster, und Google+ macht euch platt.
Und jetzt: Schluss mit dem Genörgel.
Ich wünsche trotzdem allen einen guten Rutsch ins neue Jahr.
~~ sjuerges
Digitale Disruption
Martin Weigert erläutert bei Netzwertig die “Folgen der digitalen Disruption”
Sehr lesenswert.
~~ sjuerges
Internetsperren-Kasperletheater: Akt II — Die Terroristen
oder auch: “Die Idiotie der JU”
Immer wenn ich denke ich könnte die CDU im Allgemeinen bzw. die JU im speziellen nicht noch mehr zum Kotzen finden, bringen die solche Klopper. Wie sagt der gute fefe noch immer: “Ich kann garnicht soviel essen wie ich gerade kotzen möchte” — Die haben nichts begriffen.
Aber lest selbst (Vorsicht Brechreiz) !
~~ sjuerges
Standardabmahnartikel | saschalobo.com
*genial*
Auszug:
Recht vor Gnade – nach diesem Motto mahnt [Weltmarke] derzeit verstärkt Blogger, Forenbetreiber und Internetcommunitybenutzer ab. Kaum jemand weiss, dass sich [Weltmarke] bereits vor Jahren die Rechte an allen [irgendwas] sicherte, und zwar inklusive sämtlicher Fotos, Darstellungen und Zeichnungen sowie an Abbildungen der von schräg hinten so ähnlich aussehenden [irgendwas ganz anderes]. Das Markenrecht ist hier auf der Seite des Konzerns und erlaubt ihm auch, Lizenzgebühren auf [sonstwas] zu erheben. […]
political correctness #fail
*grins* Soviel zur political correctness:
<Arschh0l!o’> 4 ma wegen der behinderten schwarzen verloren
<Daywalker!> !! du rassist
<Arschh0l!o’> ? wir haben pool gespielt -_-
~~ sjuerges