<![CDATA[sch0ll | blog]]> http://www.sch0ll.de/blog/rss Mon, 10 Dec 2018 15:23:31 +0100 (sch0ll) Treedy CMS en http://blogs.law.harvard.edu/tech/rss <![CDATA[Secretary - A secure place for shared infos]]> http://www.sch0ll.de/blog///article/secretary-a-secure-place-for-shared-infos Trying to set up a company for more then one person means running in problems, you never thought of before. Sharing business processes with other people means getting really fast into the situation, that a sensitive information is needed by more then one person. For example: the Online Banking Password for your company account. If you only get one, there is no other solution, then sharing this information. Next example could be servers you rent. Or the password for the Facebook company account. And every day you try your get your business up running, you will end up into getting more and more accounts, passwords and sensitive informations,  that need to be used by different people inside your company. 

There are tools out there to do your personal password management: 1Password for example. And there are plenty of tools for organizing your business workflow: ProjectManagement tools, Wikis, Blogs, "Cloud Apps", Dropbox, etc pp. Perhaps they encrypt your data, but in most cases you don't know. You only know, that your data is lying around in the cloud. And could be saved in plaintext, without any encryption. If someone would get into your project management database, how big is the chance, he will find the credentials for the staging or live system?

So, thinking about this problem, I definitly was sure about having to use encryption for all of this stuff. I knew about SMIME and PGP  already, for getting mails/content encrypted. And while using both I had so many issues, problems produced by technic (having different SMIME certs for one person makes it def really tricky to send a encrypted mail, you don't know, which key is choosen and the recipient having the "new" cert only will not be able to decrypt it) or by humans (I tried several times to explain PGP and Mail signing/encryption to my brother - I failed hard!). At least I cannot imagine having every customer of me to create and use a PGP key. So this is not a solution, that works for me. 

Encrpyted Diskimages inside of Dropbox sounds like a pervert but good idea. But it just doesn't work. Try creating a 10MB encrypted DiscImage and put it into your Dropbox. And then have two people playing with it. You only need to know, that the process of opening the DiscImage is enough to change one bit inside of the 10MB chunk. So your 10MBs will be synced again and again and beautiful sync conflict files will be created inside the image, again and again. Play around for 10 minutes and you will have a minimum of 50MB disc image with many sync conflict files. So, no solution. An OS X keychain file inside Dropbox? Not bad, that could work, at least for Mac users. But there is no Windows solution for that. And handling this stuff with many different customers? Sounds like a crazy project.

Round up: there was nothing out there I knew, that cares about this problem and seems to be usable by a normal customer (or my brother, father, friends). Seems like everybody is using FAX (or Evernote?). This was the point, where my brain started to get rolling… there must be a solution for this… 

@roidrage and @janl making jokes about Evernote and shared credentials 


I discussed this with my partner and he had no idea, too, how to handle this stuff. His comment was short and a little bit frustrated: "You don't want to have any passwords and you don't want to deal with any password at all". I was arguing against that with remembering him about server passwords for all the hosting we plan to do. "So, we should use keys!". And yes, with servers you could get everything automated, so now password is needed at all. But there are other credentials like Domain Administration Tool, Webmail Management, etc pp…

But he was leading me into the right direction (thanks @lenada): You want to have key. Like for your door. You want a key, that enables you to open all the needed doors. And of course no one else then your secretary will be able to remember, which person has access to which room. So what we need, is a "digital secretary", that we can trust in and delegate the management of permissions to it. And the only thing we would have, is a key, that enables us, to decrypt all the encrypted stuff. That is all, what we need.


And out of this idea: https://github.com/wesrc/secretary was born.

  • Secretary is open source, MIT license, so you don't have to trust, you can watch every single process in code, that is working behind the scene. 
  • Secretary is written in PHP and uses its OpenSSL extension for encryption
  • Secretary will generate a key for you (you will need a passphrase for it, too) and encrypt all the "notes" with the public part (the private part is not saved on the server and will be saved by yourself to decrypt notes).
  • Secretary offers Group Management for sharing infos with other persons, you want to be able to encrypt it.
  • Secretary offers you to remove a person from a note/group (agile teams with a high fluctuation of workers will need that, of course!)
  • Secretary needs a SSL cert to run with!
  • Secretary offers i18n (german/english right now)
  • Secretary is a proof of concept. It works in sense of, yeah, it works.
  • Secretary needs people with security background to verify this process (I'm an absolute beginner at this point)
  • Secretary runs in the browser, the private key does no stay there at any point. But it needs to be transfered. And its need to be transfered again and again and again…

So, it would be nice to get some feedback for this. There are many features, that could be useful to be integrated into Secretary. Imagine Tag filters, Writer Permission for other note members, registration by invitation only, enabling upload of your own public key reference, Pagination for list view, … it would be possible to build an API inside Secretary, that could be used by other apps to fetch secure informations. There is a huge list of things that could be useful and interesting. But I would really like to have more people than me playing around with it and reading the code first. That would help myself to keep engaged in this project! 

[Related: http://www.sch0ll.de/blog/article/talk-app-development-with-zf2-a-real-world-problem-example-at-bephpug]

Sidenote: Wesrc

Secretary is the first "release" of my new company I run with Leander Damme now, Wesrc. The last three month were full of todos and issues we ran while founding the company. And I was really busy getting all this stuff done. We're not final at all, we're more at alpha state. But think about Secretary to be a good example, of what Wesrc is all about. We hope you will like the output Wesrc will generate and we are sure, that a company like Wesrc behind a project like Secretary is not that bad. So yes, it will be possible to get professional support for Secretary. Or we could integrate a special feature you really need (authentication adapters for example). Feel free to contact us!


so long


Wed, 06 Mar 2013 01:17:23 +0100
<![CDATA[Talk "App development with ZF2 - a real world problem example" at BEPHPUG]]> http://www.sch0ll.de/blog///article/talk-app-development-with-zf2-a-real-world-problem-example-at-bephpug Talk is about Zend Framework 2 development in general. But instead of using the generic "Album" example, that is popular in the ZF world, I choose to do the talk with examples out of my new project Secretary.

If you want to take a look, the slides are online at SpeakerDeck: 
App development with ZF2 - a real world problem example

Talk was a little bit long, would be better fit into a workshop like setting. Perhaps I should try to give this talk again at some PHP conference. 

Hope my talk, slides and provided material helps someone out there to get a better understatement of how things work in a ZF2 MVC App! 

Have fun learning & coding!

Tue, 05 Mar 2013 23:15:40 +0100
<![CDATA[HTML5, CSS3, Fonts and the lovely Internet Explorer]]> http://www.sch0ll.de/blog///article/html5-css3-fonts-and-the-lovely-internet-explorer First rule: Try it with the highest version of the IE Browser that is available on your system.

This rule is only for caring about your own health (high blood pressure for example)! But the game already started with this first rule. Of course you would like to test it with the shiny new Internet Explorer 9 (would be good for your health, I think). But… you need to have a shiny new Windows to get this piece of superb engineering running on your system. Windows XP? Errrr… try again. You only have XP? Ok… we have this shiny new Internet Explorer 8 for you. Running Windows 2000? Errr… come on!

So, me running XP inside a virtual box, IE 8 is the only option. Last thing I did before watching my website project: search in Google "ie8 html5 support". First result: With full CSS 2.1, strong HTML 5 support, and interoperability fixes for the Document Object Model (DOM).

Strong HTML5 support, sounds good. So time to do it, lets start IE, type in the url and…

Second rule: Better have strong (steady) nerves instead of hoping for strong HTML5 support in IE 8.

I got something looking a little bit like what I expected to see, but more watching my website inside a screenreader or without any CSS styles. There were some styled boxes, but most of the elements were rendered without any style. Watching the source code in connection to the CSS code I got more and more the feeling, that this fancy shiny new HTML5 elements like <nav>, <article> or <footer> are not supported in IE 8. Using Google I found https://github.com/aFarkas/html5shiv. Downloaded it, integrated the js script into my project and yeah, at least, I got something looking like my project in IE 8.

So, to sum it up. Don't know what strong HTML 5 support means. I only can say, that this basic HTML5 elements are not supported. Didn't read more about why you need some special js to get this working. But hey, thats part of the game.

Third rule: Don't think about it - just get the job done.

No more words for this rule. It's just not worth the money. Instead, refer to last rule.

Fourth rule: You want to use some of this new web fonts - go, spend money for it.

So, my project website used some truetype fonts. I included them with the CSS font-face feature and it worked in all Browsers fine. Great thing, I really like this enhancement of CSS3. It changes the web in such a nice way, I'm full of <3. But lovers gonna hate. At least if they will meet the IE Browser. It just does not work there. So you will end up using Google to find out, that Microsoft decided to integrate the CSS font-face feature in some special way and to support fonts only in a special format. You will learn about the .eot font format and that there is a special program from Microsoft out there (Windows only) to convert truetype fonts to eot fonts. But, to make it short: it sucks. The tool failed to load my website and only threw an error, that my url could not be loaded (allthough I could preview the page there).

So, I ended shoping a Typekit account, creating a font set for my website, embeded the js code and everything worked fine in every browser. 

Last rule: Never loose hope!

There will be a Internet Explorer Browser supporting all the standards supported by other browsers. Perhaps whe can tell our children the story about the great Internet Explorer game and they will look with big eyes what strange times we grew up in. And of course, Internet Explorer 6 will die. It's only a question of time… Never loose hope!

Note: Tell your customer, that the website you will build won't support the IE 6!

Thu, 15 Mar 2012 02:55:13 +0100
<![CDATA[My first Apple Support experience]]> http://www.sch0ll.de/blog///article/my-first-apple-support-experience We're talking about a Mac server/client setup. The part that changed in the last weeks were the client mac computers being updated to Mac OS X 10.6. Before they were running 10.5. At this office we have 15 clients connected to the Mac OS X 10.6 Server (a MacMini, btw). When we bought the client machines, 10.5 was the offered system, so client stayed there andy only the server was upgraded to 10.6 with buying the new MacMini Server when it was introduced. The clients connect mainly to remote home folders that stay on the server, so all company workers can change their working place, which is quite nice feature (allthough it will cause some other things to break - like Adobe Acrobat Reader - because they never test their software with remote home users).

But a few workers need to be able to use their accounts while being away from office on their MacBooks. Mac OS X Server offers a solution for that problem (since server version 10.4): Mobile Home Folder Sync. So, being a "mobile user", if you login the first time on a mac inside the network, you can decide to create a local copy of your remote home folder. So you get exact the same user experience you're used to inside the network while being on the train. And thats a great feature. I really love it!

One problem of this solution with the 10.5 client was the sync being really really slow sometimes. So, I always tried to convince the company to upgrade clients to 10.6. I liked the idea of having same versions on server and clients. Of course, the sync would run like a real snow leopard out in the wild chasing his food. That was my expectation. Really! So one of my christimas presents were: a package of Snow Leopard 10.6.3 DVDs. Great. Awesome. But?

Yeah, 10.6.3, really. We bought the systems from Apple, yes. They send you a bunch of DVDs with 10.6.3 on it. Yes. No matter, what version is up to date. We have internet. No problem. 10.6.8 is just a download away. And to be honest, the download thing is not my problem with it. You can't imagine how long this update needs until a MacMini is rebooting. Moments of sitting around and listening to the sound of hard discs. In some way it was like an orchester playing music from past times (as being a SSD user since one year), so I tried to enjoy and remember the gold old times starring on process bars. 

And I got a running sync. It was amazing. The first time I logged into a mobile account. It was just boom, there. Wow. Great Apple experience. So tried it again. Boom, synced. Wow. Then I tried to start the sync manually by menu bar droplet. Clicked on the icon and there was written: Home never synced. A, great. Starting the sync manually was same experience. Boom, done. But after three times trying to sync manually the "Home never synced" status didn't change at all and I was starting to wonder, if everything is right with the sync.

So, I started to play with that user. Create some files. Logout, login as remote user on anther mac. No files there, sync does not work. Hmmm, great stuff. And thats the moment, where I started to feel uncomfortable. After some years with computers and some experiences with all kind of different problems, there is one thing, I really try to avoid: sync problems. If you got one, you know why. Data not being in sync, if it should be in sync, thats pain. Always, period.

So after that, I started to find out what could be the problem. First of all, always look inside console app:

"HomeSync.getSyncSet: [[SFFileSyncManager sharedFileSyncManager] createPHDSyncSetWithName:"HomeSync_Mirror" remoteXMLSpec:"/Users/test" mountSuffixPath:"afp://server.foo.de/users"] returned nil!+"

Ok, that sounds like a problem. Testing afp://server.foo.de/users inside the logged in user works like expected. Volume is mounted in seconds and appears on the desktop. So, next step, google it:

First impression after reading through these discussions: sounds not good.

So I started removing the mobile user folder from the machine and to create a new one. And, hoho, sync was working again! But, and thats the point, most times exactly only once. The sync stops running, status shows "never synced" again. Removing ~/.FileSync and ~/Library/FileSync results in a working sync again, but only for the first login after it. Then it stops again. I checked the settings in Workgroup Manager again and again. I did not change anything on the server part while migrating to 10.6 clients. So mostly, this part should work. It worked over one year. There must be something on the client side not working like it should. 

I logged in, logged out, logged in, logged out. There were sometimes this moment of: yeah, got it, sync works. Logout, login again, and all happiness was gone. 

After spending two days trying to fix the sync problem, using google, trying this and that I started thinking about calling Apple Support. A solution was needed to get the three mobile workers back to a working setup. The status of mobile user and the server home was developing more and more individually. And thats pain, merging home folders by hand. You don't want to deal with things like this. Thats why Apple build a solution for it, right?

Next Google search was about Apple Support for Server Systems. And at this point I really started getting nervous. A plan for getting 10 problems solved by Apple: 7199,- € (http://store.apple.com/de/product/MC667). Yeah, and there is a plan for 23.999,- € (http://store.apple.com/de/product/D5690). Not enough? 59.999,- € (http://store.apple.com/de/product/D5691). Got the numbers?

So, time for calling Apple Support. And while listening to great Reggae music I thought about how much money I would spend on this strange sync problem. After being redirected three times, all people being very friendly and explaining everything, I got one person being able to tell me, how much money I would have to spend without having any Apple Care for my Server product.

He was telling me, that 99,- € would fit to problems I have only with the server, 679,- € if some extern machines (like a PC) is involved in the problem. I told him, that it is onyl about macs. So perfect, great deal, 99,- €. I was getting happy and I really was looking forward to send in my problem description. Next question was: "Which system version do you use?" 10.6 Server and Clients I answered relaxed. "ohhh - thats a problem". Problem? "We cannot offer any support for 10.6 systems!"

He then switched back and offered me to send some links to the Knowledge Base of the Apple website and to consultants network. After telling my mail address I asked again: "So it is not possible to get any support for 10.6 servers. No 7199,- plan, nothing?" - "No, only if you have an old Apple Care plan". "And if I would upgrade to 10.7 Server?" - "You would have 90 day free telephone support."

Wow. My first Apple Support experience in my life. Awesome. I was shocked about the friendly information I got. There is no support by Apple for a system they're selling right now on their website. You have to upgrade or you're lost. No money will help you out. I just got my setup to the point, where server and clients are running at same version.

I'm disappointed. This was not what I expected to be the good Apple experience. I'm one of the people trying to encourage people to use a mac. Even if they think about a server setup for small companies. I try to support them and find answers for all the problems they have while getting into the mac world. Mostly I was able to convince people, that it was not a bad idea to switch to the Mac. I'm sometimes working really hard (all night) to give my customers this "great Apple feeling" about everything just working as expected. And  I know quite a few situations where Macs where not just working as expected. But mostly I got it working and my customers where happy again using a Mac. I watched them buying iPhones and other Mac stuff for their personal part of life and was glad, that my efforts were showing them the good sides of the Apple world.

So, I phoned Apple Support for a Server problem. To be told, that my system version is not supported anymore. No money can help out. No 59.999 Euros. For sure, it's not the best idea to have no Apple Care, for sure. But thats running out after 3 years - so what is after this time? Got the point? For sure you can update. As long as Apple is offering a new OS X Server. Perhaps they won't offer a 10.8 Server (all done by iCloud)? So if you bought a Lion Server setup right now you're fucked in three years? 

Apple, this arrogance doesn't fit well! I think it's worth listening to the problems your customers have. Your customers are used to spend money, yes. They even think about spending 7199,- Euros on a single problem (!). Just listen, say something optimistic, send some more links and empower the admins to work further on the problem. And you could ask for giving feedback as soon as the problem is solved, to get it back into the knowlegde base. To have it online for other users. A good documentated kb entry is better than 3 discussions full of ideas but no real solution.

Just an idea. Always give love back to your admins!


Update: See https://github.com/Mischosch/MobileUserHomeFileSyncAgentCheck for more Info update an AppleScript I wrote to check ~/Library/Preferences/com.apple.FileSyncAgent.plist for the "havePHDSyncSet" attribute. For me it was the error point for all mobile sync users not syncing anymore. It's only a workaround so far! So, feedback is appreciated, especially for any ideas, why havePHDSyncSet is set to false.

Wed, 01 Feb 2012 17:44:16 +0100
<![CDATA[PHP music lovers]]> http://www.sch0ll.de/blog///article/php-music-lovers #1 most popular artist to code to: Metallica.  Runners-up: Pink Floyd and Linkin Park

#1 biggest ‘guilty pleasure’ artist: Lady Gaga (artists that coders only listen to with their headphones on).  Runners-up: Britney Spears and ABBA

#1 least popular artist: Justin Bieber.  Runners-up: Lady Gaga and Britney Spears (ironically, these least popular artists also topped the ‘guilty pleasure’ category).

(See http://www.zend.com/en/company/news/press/334_zend-reveals-what-music-will-keep-developers-productive-and-happy-this-holiday for full article)

So, yeah, incredible. Now I know why so many people are scared about PHP coders. It has nothing to do with the PHP language. It's just about the music they have to hear, if they sit next to a PHP developer. I mean, it's just about the pictures you get while imagine people sitting in front of linux system and listening to, ok, let me call it music. Metallica - eeh - Pink Floyd and Linkin Park. There are GBs of music I would listen to while doing code work. There are a few GBs of music I would really like listen to while doing my work. But Metallica - I think code never drived me so crazy to need music like this. And about the picture I get imagining Metallica - it is about some huge guys with hairs all over the body looking dark and you never want to ask them something.

But wait, now you have to cross that picture with the next top ones: Justin Bieber, Lady Gaga and Britney Spears. And of course: ABBA (to be fair, if I would have to choose one, ABBA might be the one). And now the picture should get weird. Really weird. 

I'm completly distracted by theese results. It's the first time asking myself to change my main coding language. Really. But to be sure I should first do the same survey for all different languages. Perhaps Ruby will show up to be full of German Schlager fans? And Python developers? Can it get more worse than Justin Bieber, Lady Gaga and Britney Spears?

Ah, it really hurts!

Where are all the music lovers out there? Jazz, electronic or classical music?

Thu, 22 Dec 2011 02:34:20 +0100
<![CDATA[Software running this site]]> http://www.sch0ll.de/blog///article/software-running-this-site
  • FreeBSD
  • Nginx
  • PHP
  • MySQL
  • Treedy CMS
    • ZendFramework
    • Doctrine
    • Smarty
    • TinyMCE
    • Twitter Bootstrap
    • EasyBib_Form_Decorator
    • jQuery 
    • jQuery UI
    • Plupload
    • getid3
    • fancybox
    • videoJS
  • TypeKit
  • Disqus Comments Service
  • ]]>
    Fri, 09 Dec 2011 22:55:28 +0100
    <![CDATA[Welcome]]> http://www.sch0ll.de/blog///article/welcome Thu, 08 Dec 2011 19:41:03 +0100