RedDot / Opentext Language variants for page / Sprachvarianten

VBS Script

Function getAvailableLanguageVariantsForPage(callingPageGuid)
    dim XMLString
    dim resXML
    dim xmlDoc
    dim xmlNodeList
    dim i
    XMLString = "<IODATA loginguid='" & session("LoginGuid") & "' sessionkey='" & session("SessionKey") & "'>" & _
            "<PROJECT>" & _
            "<LANGUAGEVARIANTS action='pageavailable' pageguid='"&callingPageGuid&"' />" & _
            "</PROJECT>" & _
    resXML = objIO.ServerExecuteXml(XMLString, sError)
    Set xmlDoc = server.CreateObject( "Msxml2.DOMDocument.4.0" )
    xmlDoc.loadXML( resXML )
    Set xmlNodeList = xmlDoc.getElementsByTagName( "LANGUAGEVARIANT" )
    For i = 0 To( xmlNodeList.Length - 1 )
        strAvailableInLanguageVariant = strAvailableInLanguageVariant & xmlNodeList.Item(i).getAttribute( "guid" )
        ' strAvailableInLanguageVariantName = xmlNodeList.Item(i).getAttribute( "language" )
    Set xmlDoc = Nothing
    Set xmlNodeList = Nothing
End Function

RedDot / Opentext Render Tags Action

String Trim Kürzen

<%!! Escape:HtmlEncode(Context:CurrentIndex.Page.Elements.GetElement(hdl_headlin­e).Value.PadRight(Int:15).Substring(Int:0, Int:15).Trim().Remove(Int:1, Int:3).ToUpper().Equals(String:test).ToString().Length.ToString()) !!%>

Get file extension / Dateiendung ermitteln

<%!! Escape:Text(<%att_med_pdf_filename%>.Substring(Escape:Text(<%att_med_pdf_filename%>).LastIndexOf(.)) !!%>

Cannot load modules/ into server: undefined symbol: ap_unixd_setup_child

I got the following error message after compiling apache against the latest OpenSSL version.
Cannot load modules/ into server: undefined symbol: ap_unixd_setup_child
It looks like a compiler error that happened, but it isn’t. In fact, there are two options why there is this error message appears.
One mod_unixd isn’t loaded or loaded after mod_fcgid. Two mod_fcgid can’t create a directory for the socket or the socket itself. aka file permissions.
That error message could be much better. It is misleading. This error does not happen on Windows. It comes from the old Unix philosophy: “Everything is a file”. This lead to a ton of code in the kernels. Even more, code exists for block devices in /dev. All that symlinks and magic directories. I wonder when “Everything is a file” will have exceptions everyone agrees on.

Choosing the right cipher / alias crypto wars part twelve

Choosing the right cipher for your server.

The wanted options:

  • Only 256 bit
  • Only Mac AEAD[1]  since in TLS 1.3 that is only allowed.
  • Kx (Key exchange) and Au (Authentication) PSK (pre-shared key) is not an option for a webserver
  • DSS cipher is for key auth
  • Kx=DH without an EC ( Elliptic curves) is not secure enough
  • Kx=RSA is weak
  • AESCCM is also a Cipher Block Chaining (CBC)
  • Aria is for Secure Real-Time Transport Protocol (SRTP)
  • DHE-RSA-AES256-GCM-SHA384 and DHE-RSA-CHACHA20-POLY1305 have no EC (elliptic curves)
/opt/openssl/bin/openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "(128)" | grep "Mac=AEAD" | grep -v "Kx=PSK" | \
grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | grep -v "Au=DSS" | grep -v "Kx=RSA" | grep -v "Enc=AESCCM" | \
grep -v "Enc=ARIAGCM" | grep -v "Au=None" | grep -v "Kx=DH"

The Output

TLS 1.3
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD

TLS 1.2

At last POLY over AES for speed, and ECDSA over RSA also for speed.

SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

This was done with the current latest OpenSSL version 1.1.1l

Only for the completeness, GCM is Galois/Counter Mode[2]



Enable hibernate / suspend to disk on Windows 10

I don’t know why, but the admins tend to disable hibernate via group policies from time to time. It is pretty simple to enable, but you need admin permissions.
This script first forces UAC and then enables hibernation.

@echo off

:: BatchGotAdmin
REM  --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
    echo Requesting administrative privileges...
    goto UACPrompt
) else ( goto gotAdmin )

    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"

    exit /B

    if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
    pushd "%CD%"
    CD /D "%~dp0"

powercfg.exe /hibernate on

How to extract img src, title and alt from html using php

preg_match_all match the regexp in all the $html string and output everything as
an array in $result. “i” option is used to make it case insensitive

preg_match_all('/<img[^>]+>/i',$html, $result);


Get the metadata

$img = array();
foreach( $result as $img_tag)
preg_match_all('/(alt|title|src)=("[^"]*")/i',$img_tag, $img[$img_tag]);


Here you go.

iptables 101

How to do things with iptables. Safety first: How to reset everything.

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
Also, safety first: Don’t just copy something and run it on your server. You better understand what you are doing.
How to block a service?
Instead of using “DROP” you should use “REJECT –reject-with tcp-reset”. If you want to be able to access that service from the inside, you have to add an allow rule first.
sudo iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT #mysql allow local
sudo iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with tcp-reset #mysql

The “REJECT –reject-with tcp-reset” looks to the outside like there is no service running. A “DROP” will show that there is a firewall / iptables working.

Blocking an IP range

sudo iptables -A bannedDownloader -s -j DROP

Disallow NTP queries

sudo iptables -A INPUT -p udp -s localhost --dport 123 -j ACCEPT #ntp allow local
sudo iptables -I INPUT -p udp --dport 123 -j REJECT #ntp

Block timestamp

sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
sudo iptables -A INPUT -p icmp --icmp-type 13 -j DROP

PHP XML tag contains colon

With PHPs’ simple xml functions it is possible to read xml easily. However, that doesn’t work any longer when a tag contains a colon. That tag is simply ignored and can’t be accessed. Often in RSS feeds there is content:encoded.

There is a trick. Instead of using simplexml_load_file use

$feed = file_get_contents($url);
$feed = str_replace("<content:encoded>", "<contentEncoded>", $feed);
$feed = str_replace("</content:encoded>", "</contentEncoded>", $feed);
$xml = simplexml_load_string($feed);

have fun!

Author Archive

Archives by Month: