install skype under lucid lynx

a howto how I like it:

For 32-bit
$ wget
For 64-bit
$ wget

$ sudo apt-get install libqt4-dbus libqt4-network libqt4-xml libasound2

$ sudo dpkg -i skype-XXXXXXXXXXXX.deb

$ sudo apt-get -f install


Tuesday, 17 August 2010 at 10:00 UTC Leave a comment

write specifications and implement in parallel

I stumbled today about a discussion on HTML 5 with a mozilla developer.

Implementations and specifications have to do a delicate dance together. You
don’t want implementations to happen before the specification is finished,
because people start depending on the details of implementations and that
constrains the specification. However, you also don’t want the specification
to be finished before there are implementations and author experience with
those implementations, because you need the feedback. There is unavoidable
tension here, but we just have to muddle on through … I think we’re doing

I can agree completely. Waterfall model was yesterday.
You need the feedback from developers!

What Mozilla does OK should all other software development projects consider.


Thursday, 17 June 2010 at 16:57 UTC Leave a comment

Jira at was hacked

The Apache Infrastructure Team Incident Report 04/09/2010 released today 13. April 2010 about the hack of

Thank you guys for this helpful disclosure.

There is no clear information available today what was the root cause of the Atlassian security breach (published yesterday).

Today we got detailed information from Apache Infrastructure Team about the breakin at

1. We notified Atlassian of the previously unreported XSS attack in JIRA and contacted SliceHost. Atlassian was responsive. Unfortunately, SliceHost did nothing and 2 days later, the very same virtual host (slice) attacked Atlassian directly.
2. The attackers had root access on for several hours, and we could no longer trust the operating system on the original machine.
3. Service isolation worked with mixed results. The attackers must be presumed to have copies of our Confluence and Bugzilla databases, as well as our JIRA database, at this point.


What todo now:

  1. Checkout all background information about this vulnerability of JIRA.
  2. Check and Upgrade all non-internal JIRA and other Atlassian systems world-wide to prevent these attacks.

And we all should never forget:
Install 3rd party applications as root and run them as user with limited privileges.

[1] Apache Infrastructure Team Incident Report (13 Apr 2010) related to
[2] Max on Improving Web Security: Six Ways the JIRA Attack Could Have Been Prevented by Better Cod (13 Apr 2010)

Tuesday, 13 April 2010 at 14:21 UTC Leave a comment

Atlassian security breach and customer support in real-time

About an hour ago customers of Atlassian (the company behind great tools like Jira and Confluence) got an email about a security breach and to change their password.

Be aware that this security issue only affects Atlassian customers who created an Atlassian account and purchased one of our products before June 2008. Since then, we have been using a more secure user management system based on Atlassian’s Crowd product. When you change your Atlassian account password using the procedure below, your Atlassian customer account details will be stored in our updated Crowd user management system, which will further minimise the chance of a security breach occurring in future.

[1] Source: Jason Winder Webnet IT Blog: Atlassian Stored Passwords in Cleartext?

Just after this email it seems that most people were not able to retrieve Atlassian’s service to react.

Now after one hour there was no official statement of Atlassian!

Guys @Atlassian ! Please use Twitter or Uservoice to react in our real-time live and give us some background information!

Twitter User Feedback

Update 1:

[2] @atlassian on Twitter at 7 00 PM GMT replied:

Atlassian had a security breach. Apologies for the confusion. Our site is experiencing heavy loads. We are working on getting back up ASAP.

[3] Zoli Erdos at Cloudave: Atlassian Security Breach and Warning

Update 2:
[4] Atlassian’s Mike Cannon-Brookes initial customer feedback today morning

The legacy customer database, with passwords stored in plain text, was a liability. Even though it wasn’t active, it should have been deleted. There’s no logical explanation for why it wasn’t, other than as we moved off one project, and on to the next one, we dropped the ball and screwed up.
Disclosure: in terms of the security breach itself, we will disclose the various attack vectors and what happened once we have a full picture. Expect this in the coming week.

Looking forward to it, so everybody can learn from such IT security mistakes.

Monday, 12 April 2010 at 19:56 UTC 3 comments

using xpidl under 64-bit Snow Leopard

i’ve been using xulrunner sdk for years to develop #Firefox add-ons with #netbeans with the #foxbeans plugin.

Since the migration to 64-bit Snow Leopard xpidl failed with the same bug as described on

But i could not followed the solution described there, because in my environment it failed with a typical 32-bit / 64-bit architecture compilation issue:

dyld: Library not loaded: /opt/local/lib/libIDL-2.0.dylib
Referenced from: /usr/local/xulrunner-sdk/bin/xpidl
Reason: no suitable image found. Did find:
/opt/local/lib/libIDL-2.0.dylib: mach-o, but wrong architecture
Result: 133

After a short Google search i found the solution Patko described on his blog.

It did not work for me from scratch. I run in a architecture dependency error again:

bash-3.2# port -f install libiconv +universal—> Computing dependencies for libiconv
—> Configuring libiconv
—> Configuring libiconv for architecture x86_64
Error: Target org.macports.configure returned: configure failure: shell command ” cd “/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_textproc_libiconv/work/libiconv-1.13.1-x86_64″ && ./configure –prefix=/opt/local –disable-dependency-tracking –enable-static –docdir=/opt/local/share/doc/libiconv –without-libiconv-prefix –without-libintl-prefix –disable-nls –enable-extra-encodings –disable-dependency-tracking ” returned error 1
Command output: checking for random.h… dyld: Library not loaded: /opt/local/lib/libintl.8.dylib
Referenced from: /opt/local/bin/grep
Reason: no suitable image found. Did find:
/usr/local/lib/libintl.8.dylib: no matching architecture in universal wrapper

Here is my simple modification to this solution to install libidl for both architectures (32bit und 64bit):

port uninstall gawk
port uninstall grep
port uninstall autoconf213

port install libtool +universal
(that also installs libiconv, gettext, grep)

port install gawk +universal

port upgrade –enforce-variants ncurses +universal
port upgrade –enforce-variants expat +universal
port install gettext +universal

port install libiconv +universal
port install glib2 +universal
port install libidl +universal

Running foxbeans build using xpidl is now successful.

Copying 1 file to /Volumes/…
BUILD SUCCESSFUL (total time: 0 seconds)

Saturday, 6 March 2010 at 01:25 UTC 1 comment

howto combine locale en_US and de_DE in Ubuntu

I prefer my Ubuntu Desktop in English,
but want to have some settings in German, like date and time.

So i get e.g. the German date format 07.02.2010 instead of 02/07/2010 in Orage calendar.

To setup mixed en_US and de_DE locale simple configure /etc/environment


see also:
[1] Ubuntu Wiki Locale Documentation

Sunday, 7 February 2010 at 22:16 UTC Leave a comment

automatic wordpress update with subversion and wptool

i’m updating and upgrading my wordpress installations per cronjob with the cool wptool from Christiane Ruetten, published in German “c’t magazin fuer computertechnik”.

This little script uses the as subversion base.
Today this location is not available and the update terminates with the following failure:

svn: PROPFIND request failed on '/wordpress/tags/2.8'
svn: PROPFIND of '/wordpress/tags/2.8': could not connect to server (

Don’t know, if this is forever or a temporary failure.
If moved their svn repository to completely, the wordpress wiki must be updated!

To update wordpress installations from the “new” repository with wptool, some slight modifications are necessary:

1. go to wordpress installation directory and relocate the svn repository

cd /usr/local/your_wordpress_dir
svn switch --relocate

2. update the wptool script


3. run the upgrade again

./wptool upgrade /usr/local/your_wordpress_dir
Updated to revision 11719.


Saturday, 18 July 2009 at 13:21 UTC 1 comment

Older Posts