RedDot / Opentext Language variants for page / Sprachvarianten

VBS Script

Function getAvailableLanguageVariantsForPage(callingPageGuid)
    dim XMLString
    dim resXML
    dim xmlDoc
    dim xmlNodeList
    dim i
    XMLString = "<IODATA loginguid='" & session("LoginGuid") & "' sessionkey='" & session("SessionKey") & "'>" & _
            "<PROJECT>" & _
            "<LANGUAGEVARIANTS action='pageavailable' pageguid='"&callingPageGuid&"' />" & _
            "</PROJECT>" & _
            "</IODATA>"
    resXML = objIO.ServerExecuteXml(XMLString, sError)
    Set xmlDoc = server.CreateObject( "Msxml2.DOMDocument.4.0" )
    xmlDoc.loadXML( resXML )
    Set xmlNodeList = xmlDoc.getElementsByTagName( "LANGUAGEVARIANT" )
    For i = 0 To( xmlNodeList.Length - 1 )
        strAvailableInLanguageVariant = strAvailableInLanguageVariant & xmlNodeList.Item(i).getAttribute( "guid" )
        ' strAvailableInLanguageVariantName = xmlNodeList.Item(i).getAttribute( "language" )
    Next
    Set xmlDoc = Nothing
    Set xmlNodeList = Nothing
End Function

RedDot / Opentext Render Tags Action

String Trim Kürzen

<%!! Escape:HtmlEncode(Context:CurrentIndex.Page.Elements.GetElement(hdl_headlin­e).Value.PadRight(Int:15).Substring(Int:0, Int:15).Trim().Remove(Int:1, Int:3).ToUpper().Equals(String:test).ToString().Length.ToString()) !!%>

Get file extension / Dateiendung ermitteln

<%!! Escape:Text(<%att_med_pdf_filename%>.Substring(Escape:Text(<%att_med_pdf_filename%>).LastIndexOf(.)) !!%>

Cannot load modules/mod_fcgid.so into server: undefined symbol: ap_unixd_setup_child

I got the following error message after compiling apache against the latest OpenSSL version.
Cannot load modules/mod_fcgid.so into server: undefined symbol: ap_unixd_setup_child
It looks like a compiler error that happened, but it isn’t. In fact, there are two options why there is this error message appears.
One mod_unixd isn’t loaded or loaded after mod_fcgid. Two mod_fcgid can’t create a directory for the socket or the socket itself. aka file permissions.
That error message could be much better. It is misleading. This error does not happen on Windows. It comes from the old Unix philosophy: “Everything is a file”. This lead to a ton of code in the kernels. Even more, code exists for block devices in /dev. All that symlinks and magic directories. I wonder when “Everything is a file” will have exceptions everyone agrees on.

Choosing the right cipher / alias crypto wars part twelve

Choosing the right cipher for your server.

The wanted options:

  • Only 256 bit
  • Only Mac AEAD[1]  since in TLS 1.3 that is only allowed.
  • Kx (Key exchange) and Au (Authentication) PSK (pre-shared key) is not an option for a webserver
  • DSS cipher is for key auth
  • Kx=DH without an EC ( Elliptic curves) is not secure enough
  • Kx=RSA is weak
  • AESCCM is also a Cipher Block Chaining (CBC)
  • Aria is for Secure Real-Time Transport Protocol (SRTP)
  • DHE-RSA-AES256-GCM-SHA384 and DHE-RSA-CHACHA20-POLY1305 have no EC (elliptic curves)
/opt/openssl/bin/openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "(128)" | grep "Mac=AEAD" | grep -v "Kx=PSK" | \
grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | grep -v "Au=DSS" | grep -v "Kx=RSA" | grep -v "Enc=AESCCM" | \
grep -v "Enc=ARIAGCM" | grep -v "Au=None" | grep -v "Kx=DH"

The Output

TLS 1.3
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD

TLS 1.2
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD

At last POLY over AES for speed, and ECDSA over RSA also for speed.

SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

This was done with the current latest OpenSSL version 1.1.1l

Only for the completeness, GCM is Galois/Counter Mode[2]

 

[1] https://de.wikipedia.org/wiki/Authenticated_Encryption
[2] https://en.wikipedia.org/wiki/Galois/Counter_Mode

Enable hibernate / suspend to disk on Windows 10

I don’t know why, but the admins tend to disable hibernate via group policies from time to time. It is pretty simple to enable, but you need admin permissions.
This script first forces UAC and then enables hibernation.

@echo off

:: BatchGotAdmin
:-------------------------------------
REM  --> Check for permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"

REM --> If error flag set, we do not have admin.
if '%errorlevel%' NEQ '0' (
    echo Requesting administrative privileges...
    goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"

    "%temp%\getadmin.vbs"
    exit /B

:gotAdmin
    if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
    pushd "%CD%"
    CD /D "%~dp0"
:--------------------------------------

powercfg.exe /hibernate on

How to extract img src, title and alt from html using php

preg_match_all match the regexp in all the $html string and output everything as
an array in $result. “i” option is used to make it case insensitive

preg_match_all('/<img[^>]+>/i',$html, $result);

print_r($result);

Get the metadata

$img = array();
foreach( $result as $img_tag)
{
preg_match_all('/(alt|title|src)=("[^"]*")/i',$img_tag, $img[$img_tag]);
}

print_r($img);

Here you go.

iptables 101

How to do things with iptables. Safety first: How to reset everything.

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
Also, safety first: Don’t just copy something and run it on your server. You better understand what you are doing.
How to block a service?
Instead of using “DROP” you should use “REJECT –reject-with tcp-reset”. If you want to be able to access that service from the inside, you have to add an allow rule first.
sudo iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT #mysql allow local
sudo iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with tcp-reset #mysql

The “REJECT –reject-with tcp-reset” looks to the outside like there is no service running. A “DROP” will show that there is a firewall / iptables working.

Blocking an IP range

sudo iptables -A bannedDownloader -s 14.120.0.0/16 -j DROP

Disallow NTP queries

sudo iptables -A INPUT -p udp -s localhost --dport 123 -j ACCEPT #ntp allow local
sudo iptables -I INPUT -p udp --dport 123 -j REJECT #ntp

Block timestamp

sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
sudo iptables -A INPUT -p icmp --icmp-type 13 -j DROP

PHP XML tag contains colon

With PHPs’ simple xml functions it is possible to read xml easily. However, that doesn’t work any longer when a tag contains a colon. That tag is simply ignored and can’t be accessed. Often in RSS feeds there is content:encoded.

There is a trick. Instead of using simplexml_load_file use

$feed = file_get_contents($url);
$feed = str_replace("<content:encoded>", "<contentEncoded>", $feed);
$feed = str_replace("</content:encoded>", "</contentEncoded>", $feed);
$xml = simplexml_load_string($feed);

have fun!

McChicken selbstgemacht

Zutaten

Pflanzenöl
1    Ei
1    Tasse Wasser
1    Tasse Mehl
2    Teelöffel Salz
1    Teelöffel Zwiebelpulver
1/4 Teelöffel Pfeffer
1/8 Teelöffel Knoblauch(-Pulver)
4    Hühnerbrust(-Streifen/Fleisch)
4    Sesam-Brötchen (Hamburger-Brötchen)
1    Tasse gehackten Eissalat

 

Die Soße

 

1/4 Tasse Mayonnaise
1/6 Teelöffel Knoblauch(-Pulver)

Beides zusammen geben in einer kleinen Schüssel und kühl stellen. Gut mischen.

Zubereitung

Zuerst das Ei aufschlagen und es dann mit einer Tasse Wasser in einer kleinen, flachen Schüssel gut verrühren. Mehl, Salz, Pfeffer, Zwiebel(-Pulver) sowie das Knoblauchpulver in eine Schüssel. Die Hühnerbrust-Streifen schön flachklopfen. Beide Seiten der Hühnerbrust-Streifen mit der Mehlmischung einreiben. Die Streifen und die Soße dann in den Kühlschrank.
Die Hühnerstreifen 10 bis 12 Minuten frittieren bis sie knusprig und hell-braun sind. Danach können die Brötchen auf dem Backblech leicht anrösten.
Ganz oben auf die “Füllung” kommt ein Esslöffel Mayonnaise. Noch mal kurz in die Mikrowelle.