General
Everybody is talking about blockchains. No, they mean Blockchains. Or is it Bitcoin? Where is the difference? Isn’t that all the same?
Read more “blockchains, Blockchains and instances of Blockchains”
HowTo
When setting up a new SMTP server (i needed one for my GitLab instance), sometimes it happens that you get a new IP address which was used before for sending spam mails – or other mysterious things which might end up at the blacklist of (major) email providers – like Microsoft. So i just found this:
<xxx@outlook.com>: host outlook-com.olc.protection.outlook.com[65.55.33.135] said: 550 SC-001 (COL004-MC6F4) Unfortunately, messages from aa.bb.cc.dd weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command)
So… i am my own internet provider, what now?
After some time of searching, i found a list of multiple links to the Mircosoft Delisting Service – and none of them is working, except only one. If you want to save your time when having the same problem – here it is:
After using the form, it may take some time until the request is processed. After processing you will receive a mail from Microsoft with the confirmation or rejection. If successful, it would take up to 24-48 hours to be unblocked from all relevant mail servers.
As far as i know, this applies for outlook.com, live.com and hotmail.com email addresses.
Microsoft offers mail server administrators the Smart Network Data Service platform (https://postmaster.live.com/snds/), on which they can register their IP addresses and view the corresponding status, e. g. whether the IP is blocked or not. It is also worth taking a look at the Junk Mail Reporting Program to find out which mails classify users of Microsoft mail services as spam.
HowTo
Recently, i bought a YubiKey NEO (affliate link) with the goal to improve the security and comfort using platforms like GitHub, GitLab – or other tools working with GPG encryption etc. Here i will show you the steps for getting your YubiKey NEO running with your Linux (in my case Ubuntu) system. Read more “How to set up your YubiKey NEO”
HowTo
Now that I was repeatedly faced with the same problem to set up my printer (Canon MG5350) under Ubuntu. So i decided to write a small documentation which steps are necessary for the successful operation. The instructions refer specifically to my printer, but in my experience all models of Canon can be set up in a similar way.
Project
Java is still one of the most widely used programming languages. Especially in the enterprise environment, the use of Java for the development of web applications is often without alternatives. Accordingly, we had to set up an infrastructure for JavaEE operations for one of our customers in which a Java application can run fail-safe. The application uses a MySQL database as data storage.
The functionality of the application depends on the availability of the database, so it was necessary to run the database with appropriate replication and redundancy. For this purpose we use MariaDB with the replication layer Galera with a multi-master replication.
The application servers use a current Tomcat version with the corresponding application and an upstream HTTP load balancer (from Amazon AWS). However, the database access of the Java apps does not run directly to the DB servers, but via an intermediate instance of HAProxy. This makes it possible for us to detect database errors more quickly and to switch to intact nodes without the application itself having to know the status of the database.
With this architecture, we achieve a performance of more than 1500 possible HTTP requests per second, with an average load of approx. 60 requests/s in normal operation.
GitHub
GitLab has recently made a great name for itself in the world of project management software (read this article for a comparision between several source code management systems). Unfortunately, the possibilities for monitoring statistics are still relatively simple at present. For this reason I started a collection of small Python-scripts, which can be integrated in a munin monitoring environment. The code is open source and can be viewed and downloaded on GitHub at https://github.com/MatthiasLohr/munin-plugins-gitlab. Contributions are highly welcome!
Project
For a great service pilgrimage to Rome of the Catholic Church in Germany I was asked to develop the app Minis@Rom.
The special feature here was that the app could only use offline functionalities because of the very high roaming charges in Europe. The aim was to avoid high mobile phone charges for the mainly young pilgrimage participants.
Therefore, large parts of the app consisted of edited, static content such as the program, general information, various tourist information, a small dictionary and a great collection of sightseeing tours. There were also small games and an audio guide for selected routes.
The app was implemented with the framework of Apache Cordova. For the editors, a web-based possibility was created for the implementation phase to formulate parts of the content via Markdown, which was then automatically integrated into the app during the build process. For budget reasons, this app was released exclusively on the Google Play Store. As the app was developed exclusively for the duration of the pilgrimage, it was removed from the Play Store at the end of the event.
General
Vielen dürfte das Problem nicht mehr ganz so am Herzen bzw. eher in der Magengrube liegen wie früher: Der Betrieb, oder noch herausfordernder, die Wahl einer Projekt-Verwaltungs-Software ist inzwischen Dank GitHub und einer Vielzahl kostenloser wie frei zugänglicher Open-Source-Lösungen heutzutage kein Problem mehr. Früher (aus meiner Perspektive am Anfang meiner universitäten und beruflichen Laufbahn) war das nicht ganz so leicht.
Vielleicht erinnern sich einige noch an Trac: Ticket-System, Wiki, Verwaltung des Code-Repositories – und das alles webbasiert. Für mich als Entwickler damals beim ersten Kontakt ein Meilenstein der Software-Entwicklung, da man eine zentrale Anlaufstelle für Code, Aufgaben und weiterführenden Informationen hatte. Wenn man als Team jedoch mehrere Projekte zu stemmen hatte, kam man dabei auch schon recht schnell an die Grenzen von Trac: Pro Projekt musste eine neue Instanz eingerichtet werden, ein automatisches Setup oder gar eine komplette Verwaltung über das Webinterface war nicht ohne Weiteres möglich. Ein bis dato noch nebensächliches, kleines Manko: Trac war limitiert auf SVN, Git, damals gerade dabei bekannt zu werden, war auch nur durch mehr oder weniger stabil laufende Plugins nutzbar.
Auf der Suche nach einer Lösung für die Multiprojektfähigkeit, ohne jedesmal einen Administrator bemühen zu müssen, landeten wir dann bei Redmine. Webbasiertes Einrichten von Projekte, nach späteren Updates sogar mit der Möglichkeit mehrere Repositories pro Projekt anzulegen – und nebenbei natürlich Unterstützung für Git – sorgten recht schnell für eine Migration aller Trac-Projekte hin zu Redmine. Kleiner Schönheitsfehler hierbei: Die Repositories mussten immernoch per Hand initialisiert werden.
Ein Kollege unseres Teams kam dann auf die Idee, mal mit Git herumzuspielen, und – wenn man schon dabei ist – einfach mal GitLab auszuprobieren (“Ich hab’ da mal was gehört…”). Kurzum: Trotz der gerade erst erfolgten Migration auf Redmine waren gerade die kollaborativen Funktionen von GitLab in Kombination mit Git Killer-Features, welche sehr schnell gute Argumente für eine erneute Migration der Projekte auf den Tisch brachten. Recht schnell wurde die Plattform auch außerhalb des Teams und auch über die Abteilung hinweg genutzt. Entsprechend dem aktuellen Funktionsumfang von GitLab richteten wir noch Backup-Prozesse etc. ein, Änderungen am Kern der Software waren aus unserer Sicht nicht notwendig. Alles, was wir brauchten, war eben dabei. So beschränkte sich die Tätigkeit des Teams auf Benutzung (für die Entwicklungs-Projekte, die wir betreuten) sowie das Management (Server-Betrieb, Wartung, Updates, Migrationen und Schulungen) der Plattform.
Project
In addition to running water and electricity, one could assume that Internet access has also become a basic requirement of our society. (Like: “Do you want something to drink? Do you need the Internet?”).
Here too, the possibilities range from maximum simplicity (public WiFi, everyone can connect and access everything) to maximum complexity (WiFi for connections per se open, but often access is only possible via a – in the worst case – proprietary VPN software). The latter is – for reasons not known to me – apparently the preferred option for a large number of universities. Although to be fair, the Cisco VPN, which is almost always used, can be seen as a standard rather than a proprietary solution. This solution is established, works and is relatively secure compared to open WiFis or WebAuth solutions. Only question: What if the end device does not support Cisco VPN? This is the case, for example, with small IoT devices or some smartphone solutions, and not every user is experienced or interested enough to deal with the special features of a VPN solution.
For years now (I don’t know exactly when, but the RFC document is dated September 2003) there has been a standard that offers quite comprehensive and almost everywhere supported authentication options: 802.1X is the official name, often called Enterprise WiFi.
As part of the restructuring work in the network of the University of Trier, we now have decided that we should migrate from the VPN solution to 802.1X authentication. After some planning work and test setups, we have now decided on the following structure: Cisco AccessPoints, which are connected to a so-called Concentrator that controls both access and data traffic, serve as access points. The university’s central user directory is an Active Directory, so we had to connect Concentrator and Active Directory. Since the Concentrator did not offer a satisfactory direct integration for the Active Directory, we decided to add a FreeRadius installation (consisting of 2 servers in HA mode) in between. (Free)Radius is fully supported by the Concentrator appliance as a standard triple-A system (Authentication, Authorization and Accouting). The ntlm_auth tool provided with FreeRadius then offers a simple interface for authentication against the Active Directory.
We also implemented the connection to the Eduroam network during the conversion.
GitHub
I’m not really a JavaScript developer, because I haven’t been commissioned with a JavScript project yet. However, I am very interested in P2P communication. When I came across a news feed about PeerJS, a library for browser-based P2P communication, I decided to start a small experiment.