Dirk-Jan's blog

Ixquick claims to be the only search engine that does not record your IP address. According to Wikipedia, “Ixquick is a metasearch engine based in New York and the Netherlands, and has provided over 120 million searches since 2004.”, but even more interestingly “Ixquick.com became the first search engine to delete private details of its users. IP addresses and other personal information are deleted within 48 hours of a search.
Ixquick also does not share its users’ personal information with other search engines or with the provider of its sponsored results. As of January 29th 2009 Ixquick no longer records users’ IP addresses at all.”
Even better, it’s also available via https, which means your ISP, or your employer cannot normally track what you are searching.

I’ve just added it to my browsers default search bar and it does it’s job quite well, so I thought let’s share. Give it a try yourself!

Today I have received my HP TouchPad I have waited for. This is a new tablet from HP with the same form factor as the well known iPad. The greatest difference between them is the operating system. HP acquired Palm for it’s advanced webOS. With features like true multitasking, non interrupting notifications, intuitive navigation and work flow and a lot more.

In the short amount of time I have spend getting to know the TouchPad make me realize I’m already quite accustomed to it.

This post is actually written on the TouchPad using the WordPress app from the HP app store which I’m currently test driving and I like it! 

Today I have spend half a day on fixing my totally wasted looking first generation iPhone. Have a look at the picture for what remains of the LCD and digitizer I took out. Since it is such a robust device I thought let’s give it a try to repair the heavily damaged glass screen, so I ordered a ‘iPhone 2G Complete Replacement Screen – Includes LCD & Digitizer’ at DirectFix.

Once finished the repair, my iPhone 2g was alive and with a shiny new LCD. Only the bezel is still heavily scratched and remembers me of the accident. It adds some unique industrial look and feel *lol*. The guys at pdaparts who created the tutorial and rated the LCD replacement as very difficult were very right. It took me quite some time to dis- and reassemble.

So, after all I am mobile again..

It took me some time to figure out how to get the wireless device of my Amilo Li 2727 working with Windows 7. For the ones who stumble across the same problem I have describe how to solve it.

1. Download the Windows XP Drivers For Amilo Li 2727 here
2. Extract the contents of the compressed file
3. Open ‘Control Panel’, click on ‘System’ and choose ‘Device Manager’
4. Open the ‘Action’ menu item and click on ‘Add legacy hardware’
5. Next -> Next -> Next and pick ‘Network Adapters’
6. Choose ‘Have disk’ and Navigate into the ’04 WLAN’ directory
7. Select ‘Atheros AR5007EG Wireless Network Adapter’
8. Install the FSC Launchmanager from the ’05 FSC_LaunchManager’ directory by executing the setup.exe
9. Reboot

Once you have rebooted you should have a working wireless device. To active the wireless device, you need to press the Fn+F1 button combination and choose WLAN. I can confirm this driver works on Windows 7.

Good luck!

This howto describes how to configure vsftpd to enable SSL using so called intermediate/ chaining certificates.

Edit vsftpd.conf so that SSL is enabled:

ssl_enable=YES
rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem
force_local_data_ssl=NO
force_local_logins_ssl=NO

It is very important to construct the certificate file /usr/share/ssl/certs/vsftpd.pem with the correct certificate order. The fist Your certificate file has to be a .pem file. If you also received an Intermediate Certificate then you have to concatenate this with the Domain Certificate and your Private Key file into one single .pem file. Make sure all the information is included, without any spaces or blanks, see below.

-----BEGIN CERTIFICATE-----
 (your_domain_name.crt)
-----END CERTIFICATE KEY-----
-----BEGIN CERTIFICATE-----
 (chaining certificate 3)
-----END CERTIFICATE KEY-----
-----BEGIN CERTIFICATE-----
 (chaining certificate 2)
-----END CERTIFICATE KEY-----
-----BEGIN CERTIFICATE-----
 (chaining certificate 1)
-----END CERTIFICATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
 (your_domain_name.key)
 -----END RSA PRIVATE KEY-----

This is how to check a SSL enabled FTP service (FTP Secure). See the result below:

$ lftp -u username localhost -e "debug;set ftp:ssl-protect-data true;ls;exit"
Password:
---- Connecting to ftp.student.vu.nl (130.37.129.243) port 21
<--- 220 Welcome to the Storage FTP service.
---> FEAT
<--- 211-Features:
<---  AUTH SSL
<---  AUTH TLS
<---  EPRT
<---  EPSV
<---  MDTM
<---  PASV
<---  PBSZ
<---  PROT
<---  REST STREAM
<---  SIZE
<---  TVFS
<---  UTF8
<--- 211 End
---> AUTH TLS
<--- 234 Proceed with negotiation.
---> OPTS UTF8 ON
Certificate: C=NL,O=Vereniging VU-Windesheim,OU=UC-IT,CN=ftp.student.vu.nl
 Issued by:        C=NL,O=TERENA,CN=TERENA SSL CA
 Checking against: C=NL,O=TERENA,CN=TERENA SSL CA
  Trusted
Certificate: C=NL,O=TERENA,CN=TERENA SSL CA
 Issued by:        C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware
 Checking against: C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware
  Trusted
Certificate: C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware
 Issued by:        C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root
 Checking against: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root
  Trusted
Certificate: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root
 Issued by: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root
  Trusted
<--- 200 Always in UTF8 mode.
---> USER xxx330
<--- 331 Please specify the password.
---> PASS XXXX
<--- 230 Login successful.
---> PWD
<--- 257 "/"
---> PBSZ 0
<--- 200 PBSZ set to 0.
---> PROT P
<--- 200 PROT now Private.
---> PROT P
<--- 200 PROT now Private.
---> PASV
<--- 227 Entering Passive Mode (130,37,129,243,196,139).
---- Connecting data socket to (130.37.129.243) port 50315
---- Data connection established
---> LIST
<--- 150 Here comes the directory listing.
Certificate: C=NL,O=Vereniging VU-Windesheim,OU=UC-IT,CN=ftp.student.vu.nl
 Issued by:        C=NL,O=TERENA,CN=TERENA SSL CA
 Checking against: C=NL,O=TERENA,CN=TERENA SSL CA
  Trusted
Certificate: C=NL,O=TERENA,CN=TERENA SSL CA
 Issued by:        C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware
 Checking against: C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware
  Trusted
Certificate: C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware
 Issued by:        C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root
 Checking against: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root
  Trusted
Certificate: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root
 Issued by: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root
  Trusted
---- Got EOF on data connection
---- Closing data socket
drwxrwsr-x    3 72745    513          4096 Oct 23 14:28 public_html
<--- 226 Directory send OK.
---> QUIT
---- Closing control socket
$

This website was served by an old timer PC running on an Intel N440BX Server Board codename Nightshade. Despite being a rock solid system, it housed a dual Intel Pentium III 600Mhz processor configuration which did not meet today’s performance demands and energy consumption.
So I decided to build a new computer system that was a little bit faster and more energy efficient than it’s predecessor and thus environmentally friendly.

After doing some research I decided to go for the following setup:

• Antec NSK3480 MicroTower, EarthWatts 380 Watt PSU
• Intel Desktop board D945GCLF2, Atom 330
• Kingston ValueRam 2GB DDR2 533MHz C4
• 2 Western Digital AV-GP Green 1TB, 5400~7200rpm, 8MB, SATA2
• 2 Serial ATA II Cable, 0.75m
• Scythe Mini Kaze Ultra 40mm x 20mm

The Antec casing comes with an energy efficient PSU. It’s 80 PLUS® certified and is equipped with a built-in active PFC to make the PSU reduce electrical waste and protect the environment.

As some reviews at silentpcreview.com stated, the stock cooler on the chipset is not that quite as you would expect. I decided to replace the 40mm x 10mm stock cooler with the Scythe Mini Kaze Ultra 40mm x 20mm. Because the motherboard sits inside a MicroTower there was space enough to put the Mini Kaze Ultra on top of the heatsink as you can see on the pictures below.

As expected there’s nearly no noise coming from the system. The case itself is designed to do noise cancellation with it’s dual chamber structure, and the new cooler only whispers silently. Besides doing a nice quite job it also makes a difference at it’s cooling task. That’s because it’s 10mm higher then the stock cooler.

Temperatures with the stock cooler:

1. Chip Temp: +33.0°C
2. CPU Temp: +43.0°C
3. Sys Temp: +38.0°C

Temperatures with the Scythe Mini Kaze Ultra cooler:

1. Chip Temp: +31.0°C
2. CPU Temp: +41.0°C
3. Sys Temp: +36.0°C

I’ve planned to do an energy consumption test in the coming days.

Last weekend I installed the upgraded version of Leopard on my Mac mini. The installation went successfully but took a long time to complete. At first nothing seemed to be broken, but soon I discovered the loss of my NFS shares. So I started to look for the Directory Utility, because that was the tool I used for auto mounting my NFS shares in Leopard. After a little digging, I found out that I needed to re-add them using Disk Utility.

- Inside Disk Utility, click File then NFS Mounts..

So if you’re looking for your lost NFS shares you now know what to do.

Recently I have a personal certificate also known as a Digital ID on a smart card (Aladdin eToken) to access a secure web service. While installing the certificate I noticed it is also possible to use it to digitally sign and encrypt email with the same certificate, so I fired up Thunderbird and added the PCKS#11 security device to configure signing using S/MIME. See the steps below.

“PKCS#11 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules (HSM) and smart cards.” (Source: http://en.wikipedia.org/wiki/PKCS11)

I assume you already have installed the eToken software. In case you haven’t, take a look at this article I wrote earlier.

Open Thunderbird and go to Preferences -> Advanced -> Encryption -> Security Devices

Click on “Load” and enter a Module name or choose the default like I did, which is “New PKCS#11 Module” and browse for the ‘libeTPkcs11.so’ library. This file probably sits in ‘/usr/lib’ or ‘/usr/lib64′. Be sure to pick the right one, because you need the 64bit version if you’re using 64bit Firefox.

Open Account Settings -> Security

Select the certificate on your smart card you like to use.

Thunderbird and Firefox are not bundled with the needed CA’s to support GlobalSign PersonalSign Class 2 out-of-the-box. You have to Import the GlobalSign Primary Class 2 CA (http://secure.globalsign.net/cacert/PrimClass2.crt) and GlobalSign PersonalSign Class 2 CA (http://secure.globalsign.net/cacert/PersonalSignClass2.crt) to make it work in Thunderbird, otherwise you’ll notice you’re not able to send digitally signed email.