Okt 292014

The current Avira Antivirus has got a module it calls “Internet scurity” which in turn has an option for e-mail security.

What it does is capturing all connections to POP3, IMAP and SMTP servers and scanning them for viruses. That sounds good until you find, that your e-mail client stopped working even though you haven’t changed anything in it’s configuration.

Why is that? It’s because of this e-mail “security” feature. If you are using encrypted transport (START TLS or SSL/TLS), Avira cannot read the traffic and blocks it! This is so stupid, there must be an award for it somewhere.

To work around this, you can of course

  • disable the e-mail security feature
  • disable transport encryption

The first has the drawback that Avira now complains that your computer is not secure. The second has the drawback that your e-mails can be read by everybody who can access your connection to the server. So both options aren’t really solutions. If Avira forces you to do that (e.g. if the following doesn’t work for you because your mail server does not have alternative ports for encrypted connections), your computer is actually less secure than without Avira e-mail “security”.

Then there is the third option: Don’t use the default SMTP (25), POP3 (110) and IMAP (143) ports but use different ones, e.g. the ones that are reserved for encrypted transports:

  • SMTPS: 465
  • POP3S: 995
  • IMAPS: 993

Unfortunately that means your mail servers must support these protocols / ports. E.g. if you are using postfix you have to change / uncomment the following lines in the /etc/postfix/master.cf file:

smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

And, or course, restart postfix.

The same applies to your POP3 or IMAP server.

If you can’t do that and your e-mail provider doesn’t support this, tough luck!

In addition, you must change the configuration in your e-mail client. In Thunderbird that’s pretty much straight forward:

WARNING: I will not fix your computer if you break it even if you followed my instructions. It’s your own responsibility. Making a mistake in the Thunderbird configuration will prevent it from receiving and/or sending e-mails.

  • Open the account settings dialog.
  • Select “Server Settings”.
  • Under Connection Security, select SSL/TLS (preferred) or STARTTLS, depending on what your server supports.
  • The port number will change automatically. If it doesn’t or your server does not use the default ports for encrypted transport, change the port number.
  • Select “Outgoing Server (SMTP)” (it’s down, below “Local Folders”).
  • Edit the entry you want to change (usually there is only one).
  • Change Connection Security to SSL/TLS (preferred) or STARTTLS, depending on what your server supports.
  • The port number will change automatically. If it doesn’t or your server does not use the default ports for encrypted transport, change the port number.

Now test it and have fun.

Fighting Secure Boot

 Windows, Windows 8.1  Kommentare deaktiviert
Okt 232014

I have bought an Acer Extensa notebook after reading the under 300 Euros notebooks test in the latest c’t magazine where it came up as the winner regarding battery life and the rest wasn’t too bad either. I chose the 4 GB model so it won’t thrash the hd all the time. The Extensa comes preinstalled with Windows 8.1 and – as so many computers nowadays comes without an install medium and also without a user’s manual. (The link given in the short setup guide for downloading the manual http://go.acer.com/?id=17833 leads to a non-functional site. Not very user friendly in my book.)

Now, what is the first thing you do, when you get a new computer which comes pre-installed with an operating system but does not come with an install medium? I for one, make a backup, preferably an image backup of the whole hard disk using Clonezilla. Since this is my image backup tool of choice I carry it with me on a USB stick almost all the time (Hey, I work in IT, so it’s pretty much normal to carry USB sticks and other stuff. ;-) ). So I plugged that USB stick into the notbook and booted it up. It went straight into the Windows 8.1 setup screen. :-(

So I tried to get a boot menu. Perusing Google told me that Acer notebooks use F12 for the boot menu. Unfortunately this didn’t work. Windows 8.1 setup again. :-(

Next, I tried to get into the BIOS, or whatever the UEFI stuff nowadays calls this tool. The usual DEL key didn’t work but after several reboots and key presses I ended up in some windows boot menu that allowed me to boot from an USB stick. Only, it didn’t. It told me there was a secure boot failure and stopped.

Turning the computer off and on again, this time I apparently got the BIOS setup key right: F2 (I didn’t work the first several times I tried it, why?) I got something called “Insydeh” which looked like a BIOS of old. And there it was: An option to turn off “secure boot”, only it was disabled. I could only switch to BIOS mode which I didn’t want to. WTF?

Google to the rescue again: To turn off secure boot, you first must set a supervisor password. So I did that, came back to the secure boot screen and lo and behold, the option to turn it off was enabled now. After turning it off, I could clear the supervisor password and the option was still enabled. Another setting I changed was the F12 boot menu. It was disabled by default so I enabled it.

Save and reboot, press F12 and – voila – a boot menu which finally allowed me to boot clonezilla from my USB stick. The backup is running now.

Praise Microsoft for requiring PC manufacturers to have an option to turn off secure boot if they want to be Windows 8 compliant (I wonder whether that will still be a requirement for Windows 10, though.). But curse Microsoft and the bloody PC manufacturers to come up with the pretty much useless secure boot feature at all. It’s my computer, I paid for it, so it should be my choice to install whatever operating system I want on it!

mounting a Samba share

 Linux  Kommentare deaktiviert
Okt 092014

The Linux mount command can also access Samba (Windows) shares, but in contrast to the smbclient command it does not do a Netbios based lookup for machine names. So while

smbclient //server/share

will work, the corresponding

mount -t cifs //server/share /mnt/point

will tell you that it can’t resolve the host name (unless you add the host to your hosts file or it can be looked up via dns).

This StackExchange answer pointed me in the right direction:

There is a command for actually doing that lookup. It’s called nmblookup.
It returns the IP address of the server like this:

nmblookup server server<00>

While this is fine for manually looking it up, if you want to mount a share multiple times or in shell script, this won’t do because you need the IP address only, not the suffix after it.

It gets even worse if the machine in question has more than one IP address:

nmblookup server2 server2<00> server2<00>

Bash to the rescue (I found that solution via this StackOverflow question and this article.)

shift  # Remove machine name from argument list

shift  # Remove share name from argument list

# nmblookup the machine
RES=$(nmblookup $MACHINE)
#echo "RES=\""${RES}"\""

# remove everything but the ip address
# note that this will not return anything meaningful
# if nmblookup returns an error (e.g. cannot find the machine)
#echo "IP=\""${IP}"\""

# Mount smbclient share (passing any arguments on to smbmount
mount -t cifs -r //${IP}/${SHARE} "$@"

Put this code into a file, e.g.


and call it like

mount-win-share server share /mnt/point

If you add additional parameters or options, they will be passed on to mount.

Creating a new RAID 5

 Linux  Kommentare deaktiviert
Okt 082014

Another reminder to myself, so I don’t forget it again.

Warning: Use this on your own risk! You might lose all the data stored on any of the hard disk drives if you make a mistake!

To create a new raid, all the disks must be partitioned first.

To actually create the RAID we need the tool mdadm which is not installed (on Ubuntu Server) by default.

apt-get install mdadm

This will also install a few dependencies, in particular it will install a mail transfer agent (MTA, postfix in my case). This MTA needs to be configured so it can send e-mails to the administrator (root).

Creating the raid is as easy as typing:

mdadm --create /dev/md0 --level=5 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1

Mdadm might detect that the disks have already been used in a different raid and will warn you. It then gives you the option to continue creating a new array or not.

Create an ext3 file system on the newly created RAID device with the label “daten1″:

mkfs --type=ext3 -L daten1 /dev/md0

This takes quite a while.

To automatically start the RAID, it must be added to mdadm.conf:

mdadm -Es | grep md[0-9]  >>/etc/mdadm/mdadm.conf

Note that this will append to mdadm.conf, so if you execute it multiple times you will get duplicate entries. So make sure to check the file afterwards.

To mount the partition, it must be added to /etc/fstab like this:

/dev/md0    /mnt/daten1   ext3    defaults,noauto

noauto means that it should not be mounted automatically on boot. This is a safeguard against boot failures on headless servers. If any of the automatically mounted devices fails. We don’t reboot our servers very often so we will just ssh into it after reboot and mount the partition manually with

mount /mnt/daten1

To check the RAID status, use

cat /proc/mdstat

Using parted to partition a drive

 Linux  Kommentare deaktiviert
Okt 082014

This is just a reminder to myself so I don’t forget again.

Warning: Use this on your own risk! You might lose all the data stored on any of the hard disk drives if you make a mistake!

On Linux hard drives > 2 GB must be partitioned with parted and a partition table in gpt format.

Create a new gpt partition table (deleting the entire drive!):

parted /dev/sdX mklabel gpt

Create a new partition spanning the entire drive and using optimal alignment:

parted -a opt /dev/sdX mkpart primary 0% 100%

Set a partition’s raid flag:

parted /dev/sdX set 1 raid on

Some changes to CustomContainerPack

 Delphi  Kommentare deaktiviert
Sep 202014

Today I made some small changes to the CustomContainerPack.

If you don’t know about the Custom Container Pack, see my previous blog post.

Apart from removing two with statements I changed the place where the wizard shows up in the File -> New -> Other dialog. Up to Delphi 7 it is still in the “New” category.


For newer Delphi versions, it now shows up in the “Delphi Files” category:


It took me quite a while to figure out how to do it. Just returning “Delphi Files” from the IOTARepositoryWizard.GetPage function doesn’t work. The trick is to use the IOTARepositoryWizard80 interface that was introduced with Delphi 2005 (or, judging from the name, probably with Delphi 8). It added two new functions to IOTARepositoryWizard:

    function GetPersonality: string;
    function GetGalleryCategory: IOTAGalleryCategory;

GetPersonality is easy, you just return one of the pre-defined string constants sXxxxPersonality, in this case: sDelphiPersonality

function TCCWizard.GetPersonality: string;
  Result := sDelphiPersonality;

(If anybody wants to check if CustomContainerCack can be used with the C++Builder personality, please contact me through my Google+ page.)

GetGalleryCategory is a bit more tricky. I found the solution in Steve’s Blog:

function TCCWizard.GetGalleryCategory: IOTAGalleryCategory;
  cat: IOTAGalleryCategory;
  catMgr: IOTAGalleryCategoryManager;
  catMgr := (BorlandIDEServices as IOTAGalleryCategoryManager);
  cat := catMgr.FindCategory(sCategoryDelphiNewFiles);
  Result := cat;
Sep 142014

I just updated the Custom Container Pack sources to support Delphi XE2 to XE7. It was mostly a matter of creating the packages for the newer versions. I also had to adapt the registration code to changes in Delphi XE2.

It now compiles and installs. I have not tested it extensively. We use it at work with Delphi 2007 and I know of no bugs with it.

Custom Containers Pack (CCPack) is an integrated tool and component mini-library to produce and maintain composite controls (or simply “composites”) and other containers (forms, data modules and frames). The process of building composite components looks like ActiveForm and Frame creating, but the result is the native VCL component. You can create new composites just as usual forms.

Here is the original documentation in RTF format.

It was originally developed by Sergey Orlik who posted the source code to code central

Sep 132014

Today I spent some time to make dzlib compile with all Delphi versions from 2007 to XE6 (XE7 to come later). It didn’t take too long since it already supported 2007, XE2 and XE6.

It’s interesting to see, how the RTL evolved between these versions. Some examples:

  • The IsWhitespace function started out as a class method of TCharacter, then moved to TCharHelper and finally ended up as a method of the Char type itself (probably added through a class helper, I didn’t check).
  • The global DecimalSeparator variable was marked deprecated for a long time (replaced by a property of the global FormatSettings class) and has finally been removed from the RTL.

There is also a breaking change in the Delphi XE6 RTL:
You can no longer create a TThread suspended and then call Resume/Start from within its constructor. If you do that, you will get an exception. But since the thread no longer gets started until the constructor has run that is no longer necessary.

[German only] Fahrradbeleuchtung

 Delphi  Kommentare deaktiviert
Sep 132014

Es wird wieder dunkel, und so allmählich braucht man auch zu normalen Radfahrzeiten wieder Licht. Seit einiger Zeit sind laut STVZO batteriebetriebene Lampen auch für normale Fahrräder zugelassen, sofern sie einige Bedingungen erfüllen. Passend dazu hatte Aldi Nord am 11.8.2014 die Pedaluxx LED Fahrradbeleuchtung im Angebot. Ich habe zugegriffen, weil ich dachte, dass man für 9,99 Euro nicht allzuviel verliert, wenn sie nichts taugt.

Die Lampen an sich sind ganz OK, auch wenn es ziemlich verwirrend ist, dass die Lade-Kontrolleuchte der Frontlampe an geht, wenn die Batterien gewechselt werden sollen, die des Rücklichts hingegen geht dann aus.

Die Halter allerdings sind ziemlich wacklig. Ich bin mir sicher, dass sie nicht lange halten werden. Schon bei der Montage der Halterung für die Frontlampe habe ich bemerkt, dass sich das dünne Plastik, in dem die Schraube halten soll, nach außen verbiegt.

Ich hatte vorher (bevor mir das Fahrrad komplett geklaut wurde) eine andere (aber auch deutlich teurere) Frontlampe, damals noch ohne STVZO-Zulassung, deren Halter bombenfest sass. Leider gibt es die nicht mehr zu kaufen.

Batterien (8x AAA) waren dabei, aber ich werde sie, sobald sie leer sind, durch Akkus ersetzen.

Man sollte vielleicht erwähnen, dass die neue Fassung der STVZO zwar batteriebetriebene Lampen erlaubt, man diese allerdings nach STVO bei der Benutzung des Fahrrads (also auch tagsüber) montiert haben muss. Mitführen alleine reicht nicht. Genaugenommen ist es sogar noch schlimmer: Die Leuchten müssen “fest” am Rad montiert sein, danach wären Ansteckleuchten gar nicht zulässig. Ob das so ist, ist noch nicht endgültig geklärt.

Mir persönlich ist es ziemlich egal, was diese Vorschriften zur Fahrradbeleuchtung sagen. Mir ist wichtig, dass ich im Straßenverkehr gesehen werden, denn ich möchte gerne noch ein paar Jährchen leben und ich weiß, wie schlecht Radfahrer ohne Licht in der Dämmerung zu sehen sind. Deshalb werde ich diese Beleuchtung testen und verwenden, wenn sie ihren Zweck erfüllt. Wenn nicht, muss eine andere her, Zulassung oder nicht.

Vielleicht noch ein Hinweis: Anders als früher sind Fahrradlampen heute so hell, dass sie entgegenkommende Verkehrsteilnehmer blenden, wenn sie falsch eingestellt sind. Die Frontlampe muss so eingestellt sein, dass ihr Leuchtkegel die Straße max. 15 m vor dem Fahrrad beleuchtet. Mir kommen in letzter Zeit leider immer wieder andere Radfahrer entgegen, deren Licht viel zu hoch gestellt ist.

(STVO = Straßenverkehrsordnung, STVZO = Straßenverkehrs-Zulassungs-Ordnung)

Autosave Wizard for Delphi 6 to XE7

 Delphi  Kommentare deaktiviert
Sep 062014

Since the stability of some Delphi IDE versions leave something to desire, people have asked for an autosave feature for a long time.

Delphi 2010 eventually got “Save on compile” while older versions only had “Save on run”.

Ray Lischner originally wrote an AutoSave wizard for Delphi 5 (if I remember correctly) and ported it to Delphi 6 and 7 later. I have taken his code, extended it and ported it to all later Delphi versions.

The wizard does the following:
Whenever triggered it checks for files that have not been saved yet. It saves these files as ~filename.ext. When the file is saved, it deletes these ~files again. In the event of the IDE crashing, it will on restart ask the user whether he wants to load the regular file or the last autosave file.
The wizard can be configured to trigger

  • every x minutes
  • whenever the IDE “compiles”

I recommend to activate the latter setting. You will be surprised how often the IDE “compiles” stuff.

There are no precompiled packages. Just get the sources, open the package that corresponds to your Delphi version, compile and install it.

You can find the current sources on the dzAutoSave page on sourceforge.