It stays as an old library here ;-)

Vist me on

SOGo and Cyrus IMAP: 2.4 works well.

| | TrackBacks (0)
The open source group-ware suite SOGo can be married happily together with Cyrus IMAP, using the Version 2.4.x of the powerful IMAP server.

The reason lies in the handling of the very important \Seen-Flag.

In Cyrus 2.3.x, you had to type this in your imapd.conf file:

flushseenstate: 1

login account failure: No account present for user

| | TrackBacks (0)
doukoula console login: pascal
Password:            login account failure: No account present for user
   instance svc:/system/console-login:default exited with status 1

What's the problem?
It is the nscd, the Name Service Cache Daemon.

What did I wrong?

The future of IT: CLOSED.

| | TrackBacks (0)
I just read this (in German):
(in short: For ARM devices, Microsoft insists on having UEFI secure boot for their Windows 8 system, and metro apps will only be available on the Microsoft app store with signed code).

My comment:
The game is already at its end, my opinion.

Everybody wants closed platforms, "ecosystems". Nobody wants an open platform, besides us "freaks".

Developers DO want a closed platform, as a radical DRM/Licensing will generate guaranteed revenue and they can bully the user like they want to motivate them to pay more.

known_hosts in hash format - OpenSSH

| | TrackBacks (0)
When you wonder why your known_hosts file has changed or you don't find your hosts:

|1|AEf8B/QCP+1wRKA761Cq/woad4s=|HVEWXKDdRpZmO3GeQ5T37xCFwgE= ssh-rsa AAAAB3NzaC1

Then your ssh server software is a new version which hashes the known hosts file entries. To remove entries from there because the host key differs (you installed the host completely from scratch), just type:

ssh-keygen -R hostname


ssh-keygen -R ipadress

That's it.

If you have a new ssh package, you may hash yourself your known_hosts file by typing:

ssh-keygen -H

Solaris 10 Minimal, getting started with SSH server

| | TrackBacks (0)
solteaser.jpgJust because it happens again today:

After doing a very minimal Solaris 10 installation without remote services enabled, it is always the same thing to get the SSH server running (Solaris 10 DVD in drive):

# mount -F hsfs /dev/dsk/c2t0d0s0 /mnt
# cd /mnt/Solaris_10/Product
# pkgadd -d . SUNWsshdr SUNWgssc SUNWgss SUNWsshcu SUNWuiu8 SUNWsshdu SUNWsshr SUNWsshu
# cd /etc/ssh
# ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
# ssh-keygen -t dsa -b 2048 -f ssh_host_dsa_key
# svcadm enable ssh

Replace device of the DVD drive with your actual configuration.

OpenSSL 1.0.0: New CApath hashes!

| | TrackBacks (0)
A real case of RTFM of OpenSSL ...

After un upgrade of OpenSSL to Version 1.0.0 (from 0.9.8) the certificate authority chain of my certificate did not show up any more (was not given by the TLS server). A look in the OpenSSL manual could have helped to save 20 minutes of error searching :)


for i in *.pem; do ln -s $i `openssl x509 -noout -subject_hash -in $i`.0; done

was enough to restore the hash index links for my CA certs (the files did not have any whitespace or punctuation marks in their filename so $i was enough).

The manual states:

outputs the ``hash'' of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be lookedup by subject name.

outputs the ``hash'' of the certificate subject name using the olde ralgorithm as used by OpenSSL versions before 1.0.0.

Google Earth clone from Nokia using WebGL

| | TrackBacks (0)

Capture du 2012-01-07 10:16:08.png

Because it uses only WebGL a decent browser dows not need any plugin to render it.

It is faster than Google Earth on my machine and much faster than Google Maps.

But - it does not add additional layers with information, so speed competition my a little bit unfair.

If you want to try:

Merry Christmas and a happy new year!

| | TrackBacks (0)
May many of your wishes may become true in 2012.

Ubuntu 11.10 Oneiric Ocelot available

| | TrackBacks (0)
Just a note: Ubuntu updater offers 11.10 final:


I'll try it to see whether it works.
Just a short note:

It contains important fixes for PKCS11 handling of KMS (Crypto Key Management).

Android 2.2: wrong arabic characters

| | TrackBacks (0)
Apparently Android 2.2 is not capable of displaying arabic characters possible.

Has this changed in Android 2.3, 3.0 and 3.1?

Solaris 10 / 11 and Oracle VM Virtualbox

| | TrackBacks (0)
As I want to test an IP multipathed iSCSI storage configuration under Solaris 10 and 11 I wanted to set them up in Oracle VirtualBox. It was more or less easy.

Please do not forget to install the VirtualBox guest tools, otherwise the guest will crash as soon as the host system "steals" CPU cycles.

On text-only installs, mount the CD image like this (Solaris 10, CD is IDE master):

# mount -F hsfs /dev/dsk/c0t0d0p0 /mnt
On Solaris 11, the CD was attached to controller "7" target "1" (SATA, Port 1)

# mount -F hsfs /dev/dsk/c7t1d0p0 /mnt


# pkgadd -d /mnt/VBoxSolarisAdditions.pkg

If you accidentally upgraded your root zfs pool (which is not recommended until it is supposed to be done from Oracle) do not forget to update your boot signature,  your boot archive and your grub installation -

but do not reboot before having done this, otherwise the system won't boot any more.

Don't upgrade the root pool! You won't be able to repair your system when booting from the actual Solaris 10 boot CD (09/10) as the root pool cannot be mounted then. The following steps are to make sure that your system will at least boot when you did the upgrade accidentally.


Since Kernel patch/update 144501-19, Oracle now puts zpool version 29 and zfs version 5 into production.

One visible change is the more detailed status when doing a scrub or a resilver operation:

# zpool status
  pool: rpool
 state: ONLINE
 scan: scrub in progress since Mon Aug  8 16:18:21 2011
    1.98G scanned out of 3.66G at 50.7M/s, 0h0m to go
    1.98G scanned out of 3.66G at 50.7M/s, 0h0m to go
    0 repaired, 54.13% done

        NAME        STATE     READ WRITE CKSUM
        rpool       ONLINE       0     0     0
          c1t0d0s0  ONLINE       0     0     0

errors: No known data errors

My linux month: Start!

| | TrackBacks (0)
My "day-book" of my Ubuntu experiences as a day-by-day system can be found here:

The article will grow and be split in multiple ones.

Thanks to kissmetrics for having killed ETags!

| | TrackBacks (0)
As you know, kissmetrics' tracking algorithm is based on the ETag resource sent along with every document from http servers. Its normal use is to distinguish cached documents from new versions, if the document to be delivered has altered a new ETag is generated. In web caches every cached resource is stored with its ETag.

For a request on a resource stored in the web cache a http header line like

If-None-Match: "H33jh3gggIU§gug3kjhgHhjbkc3"

will be added to the request which means "please send out the document only if its ETag is no longer H33jh3gggIU§gug3kjhgHhjbkc3".

kissmetrics generates ETags as User-IDs to be tracked and every site which uses kissmetrics to analyze web traffic data will include a small in their web site. The web browser cache will cache this little resource along with its ETag which is NOT its calculated ETag but the kissmetrics "user id". So on every site with a kissmetrics "bug" the request gets done with the

If-None-Match: "your_kissmetrics_user_id"

And voilà, you're tracked. Deleting cookies does not help. You have to clear your cache in your web browser after every site visited. Not very useful.

A possible solution would be to use a web proxy like squid which can easily filter out the "ETag" headers. So web browsers will use the "If-Modified-Since:"-method to make web servers to deliver documents only if they have changed. This will not work on most dynamic web sites however as web application programmers often forget to set and to honor this request header (using the last changed timestamp of the displayed data for example).

I will try it.

I'll begin on Wednesday. No more Macintosh, no more Windows - I chose Ubuntu 11.04 on a Fujitsu Siemens Esprimo PC with an Intel Core 2 Duo CPU running at 2,1 GHz. 4 GB RAM and a 500 GB Western Digital Enterprise Storage Hard Disk.

Not an expensive choice - I spent 150 Euros for the old PC, the new RAM and the new hard disk.

Will I be able to work day by day with this machine? Doing business? Watching movies? Playing games? Writing letters? Browsing the Internet? We'll see!

Google+ now open for everyone

| | TrackBacks (0)
Just in case you want to try it.


SPARC support for my vhci_stat utility is ending.

| | TrackBacks (0)
I don't have any SPARC Solaris 10 (and 11) machine left under my hands.

So I cannot test/evaluate future changes any more. Actual version is 1.3.1 which includes a Solaris 10 SPARC binary/package (pkg).

x86/amd64 binary versions are not affected.

vhci_stat is an utility created by myself to get a simple overview of all multipathed volumes and the appropriate SCSI inquiry result and ZFS pool membership. It works with FiberChannel links as well as with iSCSI connections.

Source is still included but I won't be able to create SPARC binaries any more.

December 2015

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    


This blog is owned by:

Pascal Gienger
Jägerstrasse 77
8406 Winterthur

Google+: Profile
YouTube Channel: pascalgienger