Categories
Networking WTF

AVG can’t get DNS Setup right

It seems that antivirus company AVG can’t get their DNS Setup right.

Today I spotted the below in syslog:

DNS format error from 204.193.144.47#53 resolving crashportal.avg.com/AAAA for client 127.0.0.1#34590: Name avg.com (SOA) not subdomain of zone crashportal.avg.com -- invalid response

So the AVG updater tried to contact via IPv6, as a record type of AAAA was requested, a host called crashportal.avg.com. To do so it had to “resolve” that hostname crashportal.avg.com to an IP address in order to submit a crash dump for a recent crash of their virus scanner (very trustworthy!), and the DNS resolver failed to resolve the IP address. So why is this?

Let’s see:

# dig -t AAAA crashportal.avg.com

; <<>> DiG 9.9.5-9-Debian <<>> -t AAAA crashportal.avg.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21322
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

Huh? We can’t resolve this because our server failed? Let’s see what’s going on…

# dig -t SOA avg.com

; <<>> DiG 9.9.5-9-Debian <<>> -t SOA avg.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42124
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;avg.com.                       IN      SOA

;; ANSWER SECTION:
avg.com.                1160    IN      SOA     ns.grisoft.cz. domainadministration.avg.com. 2015061601 86400 3600 1209600 10800

;; AUTHORITY SECTION:
avg.com.                172607  IN      NS      a11-66.akam.net.
avg.com.                172607  IN      NS      a20-66.akam.net.
avg.com.                172607  IN      NS      a13-65.akam.net.
avg.com.                172607  IN      NS      a26-67.akam.net.
avg.com.                172607  IN      NS      a1-182.akam.net.
avg.com.                172607  IN      NS      a6-67.akam.net.

Ok, so the above quoted Akamai nameservers should be able to help… Let’s see:

# dig -t AAAA crashportal.avg.com @a11-66.akam.net.

; <<>> DiG 9.9.5-9-Debian <<>> -t AAAA crashportal.avg.com @a11-66.akam.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63788
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;crashportal.avg.com.           IN      AAAA

;; AUTHORITY SECTION:
crashportal.avg.com.    300     IN      NS      gtm-atl.avg.com.
crashportal.avg.com.    300     IN      NS      gtm-self.avg.com.
crashportal.avg.com.    300     IN      NS      gtm-tnt.avg.com.

;; ADDITIONAL SECTION:
gtm-atl.avg.com.        3000    IN      A       204.193.144.47
gtm-tnt.avg.com.        3000    IN      A       173.245.115.70
gtm-self.avg.com.       3000    IN      A       212.96.161.252

So the server was not authoritative to answer the request and pointed us to a different set of servers.

Note that the IP address from my error message (204.193.144.47) belongs to one of the nameservers mentioned above!

Ok, let’s ask that server:

# dig -t AAAA crashportal.avg.com @204.193.144.47

; <<>> DiG 9.9.5-9-Debian <<>> -t AAAA crashportal.avg.com @204.193.144.47
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47390
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;crashportal.avg.com.           IN      AAAA

;; AUTHORITY SECTION:
avg.com.                60      IN      SOA     gtm-tnt.avg.com. hostmaster.gtm-tnt.avg.com. 2015052909 10800 3600 604800 60

Why does the nameserver respond with an SOA record even though it’s supposed to be authoritative and was asked for AAAA? It’s not a delegation as — and this is exactly the error message — avg.com is not a subdomain of crashportal.avg.com. Duh!

In my humble opinion it is very disappointing if an IT security company cannot even get the basics right, such as DNS.

This issue reminded me of another similar issue I observed a while ago: Avira can’t get their DNS Setup right. And guess what? This was an antivirus company, too…

Categories
Cell Phones Communications deutsch

Aktuelle Smartphones verglichen

Kürzlich stand ich vor der Anschaffung von zwei neuen Mobiltelefonen (im Rahmen von Vertragsverlängerungen bei Vodafone). Daher habe ich die wichtigsten bei diesem Anbieter erhältlichen aktuellen Smartphones verglichen.

Folgende Handys habe ich verglichen (in alfabetischer Reihenfolge):

Apple iPhone 5S, Apple iPhone 6, HTC One (M8), HTC One (M9), HTC One mini 2, LG G3, Huawei P8, Nexus 6, Samsung Galaxy Alpha, Samsung Galaxy S5 16 GB, Samsung Galaxy S5 mini, Samsung Galaxy S6 32 GB, Samsung Galaxy S6 64 GB, Sony Xperia Z3 Compact, Sony Xperia Z3.

Die Kriterien bei meinem Vergleich waren Folgende:

  • Geschwindigkeit der CPU und Anzahl der Kerne
  • Größe des Arbeitsspeichers (RAM) und des internen Massenspeichers (Flash),
  • Bildschirmgröße und -auflösung,
  • LTE-Geschwindigkeit und Anzahl der LTE-Bänder (wichtig, da ich Geschäftsreisen auch auf andere Kontinente unternehme),
  • Verfügbarkeit von VoLTE,
  • Bluetooth/WiFi/WLAN-Versionen,
  • NFC-Verfügbarkeit,
  • Wechselbarkeit des Akkus durch den Benutzer,
  • Repair Score (wichtig, falls das Handy auch nach Ablauf der Gewährleistung weiter benutzt werden soll!),
  • Akku-Kapazität,
  • drahtlose Akku-Ladefähigkeit über Qi,
  • SIM-Typ und
  • Marktpreis.

Und hier nun der Vergleich in Form eines Excel-Sheets:

Handyvergleich 2015-07-09

War das hilfreich? Dann würde ich mich über entsprechende Kommentare hier in meinem Blog sehr freuen.

Update 2015-07-09: Excel-Sheet upgedated. Huawei P8 hat deutlich mehr LTE-Bänder als hier angegeben — insgesamt nämlich 16 beim Modell GRA_L09 laut Huawei selbst. Damit scheint es das Mobiltelefon mit den meisten LTE-Bändern zu sein.

Categories
deutsch

“Kampf für die Glasfaser”

Wer sich wundert warum hier in der letzten Zeit nicht viel los ist:

Ich bin seit einer Weile aktiv in der Bürgerinitiative PRO Glasfaser, die sich für den Ausbau unseres Dorfes Grevenbroich-Kapellen mit schnellem Internet per Glasfaser einsetzt. Die gemeinsame Arbeit mit den Nachbarn macht viel Spaß, verschlingt aber auch viel Zeit.

Doch ich denke es lohnt sich hier mitzumachen, denn es geht um die Zukunft unseres Ortes. Wenn wir jetzt — im wahrsten Sinne des Wortes — “den Anschluss verpassen”, wird unser Ort für junge Leute uninteressant. Diese ziehen dann gar nicht erst nach Kapellen, oder die, die schon hier wohnen, verlassen ihn.

Also, habt Geduld, es kommen auch wieder Zeiten wo ich wieder interessante Artikel für Euch schreiben kann.

Bis dahin viele Grüße!

Categories
English Networking Security WTF

Avira can’t get their DNS Setup right

Since many months I’m seeing the following issue with Avira‘s DNS setup, and I’m thinking it’s extremely embarassing for a company working in IT Security not to even get the basics right… 🙁

This is what I’m seeing:

named[2597]: DNS format error from 89.146.248.46#53 resolving dl4.pro.antivir.de/AAAA for client 127.0.0.1#52127: Name avira-update.net (SOA) not subdomain of zone antivir.de -- invalid response

So what does that mean?

Let’s have a look at which nameservers Avira are using anyway:

$ dig -t ns antivir.de

;; ANSWER SECTION:
antivir.de.        3600    IN    NS    ns13.avira-ns.net.
antivir.de.        3600    IN    NS    ns10.avira-ns.de.
antivir.de.        3600    IN    NS    ns9.avira-ns.net.
antivir.de.        3600    IN    NS    ns12.avira-ns.de.
antivir.de.        3600    IN    NS    ns14.avira-ns.de.

;; ADDITIONAL SECTION:
ns10.avira-ns.de.    86400    IN    A    80.190.154.111
ns12.avira-ns.de.    86400    IN    A    89.146.248.46
ns14.avira-ns.de.    86400    IN    A    74.208.254.45

Ok, so 89.146.248.46 in the error message quoted above is indeed one of the nameservers for domain antivir.de.

So let’s look up the IPv6 address record (AAAA) for dl4.pro.antivir.de on the given nameserver:
$ dig @89.146.248.46 -t AAAA dl4.pro.antivir.de

;; AUTHORITY SECTION:
avira-update.net. 3600 IN SOA ns1.avira-ns.net. domains.avira.com. 2015010301 10800 3600 2419200 3600

WTF?!

Why are they returning a domain name that is not a subdomain of the original domain?! That’s an error.

And it’s especially embarassing as this is the update URL for Avira’s AntiVir product. Again remember we’re talking about a security firm here!

Categories
Photography

MeiKe/Neewer LCD Battery Grip: time lapse shooting

I recently got myself a battery grip for my Canon EOS 550D from Amazon.

It has a really cool feature, namely to create time-lapse shots. However the “manual” that came with it is not really helpful trying to understand how to set it up. It really took me quite some time to figure it out…

So let me briefly explain what the four time settings mean:

  • Delay: the time that expires until execution of the series begins.
  • Long: how long the shutter will be pressed. Must be greater than 0 sec, I normally use 1 sec.
  • Interval: the time between shots in a series.
  • N: the number of shots in a series.

If this is helpful, please let me know.

In case you’re interested in buying this battery grip, please have a look on Amazon:

Categories
Datenschutz Security Storage

Remove sensitive files from Synology debug.dat

Sometimes Synology support ask that you support a debug log. This can be done by launching the Support Center application. Then go to Support Services > Log Generation > push button “Generate logs”.

If you are concerned that you might give them sensitive information you can clean up the debug.dat file and remove the sensitive files from it.

I wrote a quick shell script that should runs under Mac OS X, but should also run under Linux. Here it is:

#!/bin/bash

DEBUG_FILE="$1"
NEW_FILE="$2"
if [ -z "${DEBUG_FILE}" -o -z "${NEW_FILE}" ]; then
    echo "You must specify the path to the debug AND to the new file, quitting..."
    exit 1
fi

if [ -z "$TMPDIR" ]; then
    TMPDIR="/var/tmp"
fi

PROG="`basename $0`"

if [ ! -r "${DEBUG_FILE}" ]; then
    echo "Debug file ${DEBUG_FILE} is unreadable, quitting..."
    exit 1
fi

if [ -f "${NEW_FILE}" ]; then
    echo "New file ${NEW_FILE} already exists, quitting..."
    exit 1
fi

EXCLUDE_PAT="`mktemp -t ${PROG}`" || exit 1

cat >"${EXCLUDE_PAT}" <<EOF
volume1/@tmp/SupportFormAttach28229/dsm/etc/application_key.conf
volume1/@tmp/SupportFormAttach28229/dsm/etc/shadow*
volume1/@tmp/SupportFormAttach28229/dsm/etc/ssl/*
EOF

tar cfz "${NEW_FILE}" -X "${EXCLUDE_PAT}" @"${DEBUG_FILE}"

rm -f ${EXCLUDE_PAT}

If this is helpful for anybody, please let me know by commenting on this article.

Categories
Storage TV

Terratec Cinergy Hybrid XE not working on Synology

Even on the latest 5.1-5021 version of Synology‘s DSM I couldn’t get my Terratec Cinergy Hybrid XE working on my Synology NAS — the corresponding kernel module tm6000 would always generate a general protection fault on my DS414.

Today I upgraded to a DS415+ (with a completely different CPU), and the module still crashes.

So it seems it’s a real bug in the driver, not just a defect on a single platform (which can happen e. g. due to compiler bugs).

Update 2015-06-19:

Unfortunately Synology seem not very interested in this kind of problems. I repeatedly reported this issue, but all they replied is “Thanks for your report, we’re looking into this.” Even in the latest DSM release 5.2 the issue is still present.

Categories
Computers Linux

vzlogger 0.3.9 for Raspbian with microhttpd included

I had a hell of a time compiling vzlogger 0.3.9 for Raspbian with microhttpd included — in the end the resulting binary lacked that functionality.

After a lot of trial-and-error and “forced” the code to be included by hard-coding the following define into as follows:

#define LOCAL_SUPPORT 1
#ifdef LOCAL_SUPPORT
#include "local.h"
#endif /* LOCAL_SUPPORT */

As a convenience to those who want that functionality I’ve attached a ready-made package to this post. Let me know if this helps.

Update 2014-12-28: Version 0.4.0 package with uhttpd support available here.

Update 2015-01-05: Version 0.4.0 package based on Git source with SHA d16c0c4c8d83ab9c13f65eb51d931897e7462bc9 available here.

 

Categories
Cell Phones English

How to install Android 5.0.1 on HTC Desire S

By chance I came across a thread on xda-developers that explains how to install CyanogenMod 12 (cm12) on an HTC Desire S (codename “Saga”). Being a newbie in “hacking” and rooting Android phones I had to read, investigate, and try a lot.

To spare you this effort I’m trying to summarize the steps required below:

  1. Unlock bootloader: To be able to flash a custom bootloader you first need to unlock the bootloader, which is easy since HTC makes this officially available via their web site.
  2. Flash recovery image: I used Team Win Recovery Project 2.8 (or short TWRP 2.8) which I downloaded from a link on this site.
  3. Flash cm12 and Google Apps: Download the latest cm12 image (on 2014-12-05 it was cm-12-20141204-UNOFFICIAL-saga.zip) from this page. Download Google Apps from this page. Put both ZIP files on the micro-SD card.
  4. Reboot to your recovery image by keeping “volume down” key depressed and then switching on the phone. Keep volume key depressed until TWRP splash screen appears. Perform a factory reset. Flash the two ZIP files, add cm12 first, then add Google Apps.
  5. Extract boot.img from cm-12-20141204-UNOFFICIAL-saga.zip and flash that with fastboot. Flash it using these instructions.
  6. Reboot your phone. CyanogenMod splash screen should appear after a while. Your first boot will probably take very long (I think for me it was about 15-20 min). Be patient!

After carefully following all the above instructions I now have the following on my HTC Desire S:

  • Boot rom HBOOT-2.02.0002 in mode S-ON
    bootloader
  • Radio/modem/baseband firmware RADIO-3831.19.00.110 (20.76.30.0835U_3831.19.00.110)
  • TWRP v2.8.0.0
  • Android 5.0.1 in the CyanogenMod flavor, version 12-20141204-UNOFFICIAL-saga. Kernel version is 3.0.101.
    cm-splash
  • Google Apps referred to from this page.

Thanks to everyone on xda-developers for their excellent work and support!

You might encounter the following issues which can be fixed as specified:

  • Touch screen not working properly: You have kind of a “mouse pointer” which you can drag around with your finger on the screen. To “click” something you have to double-tap on the mouse pointer. Fixing this can be accomplished by following this procedure.
  • The home softkey doesn’t work. Fix it by following these steps.

I had success with the following (not meant to be complete, just a couple of things which I consider important or surprising):

  • Sending audio to my Plantronics Blackwire C720 Bluetooth headset works properly, using Google Play Music. This was obviously using the “Media Audio” Bluetooth profile.
  • Skype via the above headset works perfectly well. Sound quality is crystal-clear.
  • Hand-over of a voice call to the above Bluetooth handset and back works perfectly well — maybe even better than on my S4… 🙂
  • Paired my Samsung Galaxy S4 with the HTC Desire S. Successfully sent a contact as VCF file from the S4 to the Desire S. But then process com.android.media crashed.
  • Connect phone to Windows 7 via USB, using MTP protocol. Write speeds to micro-SD card seemed normal.

The following limitations still exist (or at least these are the ones I noticed so far):

  • Phone is somehow regarded as a tablet by the Android OS.
  • Front camera not working. I thought I had seen it working once, but maybe I’m confused. Anyway, as of now the front camera seems not to be detected/functioning. The back camera is working well with the camera app from the minimal Google Apps package as well as from the official Google Camera you can download from Google Play. Skype and Google Hangouts also work well, apart from the front cam.
  • I replaced some of the apps in the apps dock with apps I installed from Google Play. Some of these apps will disappear after a reboot. When I noticed this and wanted to put them back by opening the apps drawer I observed that Android was currently populating/updating the apps drawer with some still missing apps. But even after it had finished showing all installed apps in the app drawer the apps dock was still missing some apps. So I dragged them back from the drawer onto the dock. Again, after a reboot they will be gone again.
  • Speed of cellular data connections seems slow. Unfortunately I couldn’t verify whether the cellular network settings are ok, since every time I tried to enter one of the corresponding  Settings menu item the process com.android.phone would crash (with the effect that I had to re-enter my SIM PIN and also the screenlock PIN).
    Later I tried it again, and this time it didn’t crash. All the settings were fine, so I wonder whether there is a problem with regards to the modem firmware? (I would like to note that I don’t have a voice SIM in this mobile phone, but just a data-only SIM. Eventually the firmware tries to perform operations that work on voice SIMs and doesn’t properly handle situations where those operations cannot be carried out?!)
  • Update 2014-12-11: Connecting the charger when the phone is powered down will cause it to boot into the TWRP recovery system.
  • Trying to open menu item Wireless & Networks > Cellular networks > Carrier Settings might cause process com.android.media to stop.
  • Ringtone will be quiet on incoming calls.
  • Microphone will be muted (or not properly amplified) when the first outbound(!) call takes place (in non-speakerphone mode). After you have gone on speakerphone and back, the microphone will then be working.
  • Moving apps to the external SD card is unreliable. Often it doesn’t work without any indication as to why. If you then repeat it again it may actually work.
Categories
Computers WTF

USB device draws too much power, PC will shut down

My dad in law recently asked me about a problem he had with his PC since a couple of days. When he switched on the PC he got an error message as follows:

A USB device is drawing too much power, the PC will shut down in 15 seconds.

Which it did. 😉

I asked him: “What did you do?” He: “Nothing.” Me: “Really?! Nothing at all?!” He: “Well, just connected a USB stick to copy over some pictures.” I: “Huh, so nothing… Let’s see…”

First thing I did is disconnect all USB devices (because I thought he might have done something else he couldn’t remember or didn’t want to tell ;-)). The error still prevailed.

So I inspected the front USB ports. And when I saw that I didn’t know whether I should laugh or be angry. He complete destroyed one of the USB sockets, obviously by trying to force in the USB stick the wrong way. The plastic was broken (and removed!!!), and the contacts were smashed against the “cage” of the sockets, obviously causing a shortcut (and thus this “phantom” device drew too much power ;-))

I opened the case to see whether I could disconnect just the single front USB port from the motherboard. But the two ports were connected to the motherboard with a single 10-pin connector block. I could have tried identifying the wires that led to the damaged port, but I was not in the mood for it, so I just used a screwdriver with a small flat blade to “stretch out” the contacts out of the metal cage and make sure that they don’t cause any shortcuts anymore. I then “sealed” the port with sticky tape, so that he wouldn’t use the port anymore.

Afterwards the PC booted up again as usual.

That was a 20 min. measure and cost nothing at all. I bet a computer repair shop would at least have sold him a new motherboard, if not even a new board plus CPU and RAM (since the combo is already 4 years old or something…), plus work of course.

Hope this helps people with similar issues.