Archive for April, 2006

is it about pr0n and other adult entertainment: Second Life

I joined second life some days ago to see what all the fuzz is about. And the first impressions I got is: there’s a shitload of pr0n and adult entertainment.

Being in Second Life for 10 minutes I met “Lucas Pow” on an island …

By the way: My avatars name is “Inspector Columbo”…just in case you want to contact me.


No Comments

Montreal Underground

The last impression of the city of Montréal [1] after CHI2006 [2] was one of the very impressive underground shopping centers, before we left te city.

click to enlarge (3.87 MB)


No Comments

You can never have enough… Backups

Actually, you can never have enough backups, but the original reason for getting Acronis’ TrueImage was to copy an image of my 60GB laptop HDD to a new 100GB HDD. This worked surprisingly well, connecting the new disk, using an external USB case, the tool reboots the system and copies a bootable image of the disk.

Beside this, the tool can perform backups while you work on your system. Very cool and helpfully if you backup to a server, which could take some time. In addition the tool provides a very great feature, which makes accessing files within your backup very comfortable. You can just plug an backup image as a virtual disk to your system and this way you can access the complete backup and access specific files you are looking for.

click to enlarge (36 KB)

click to enlarge (56.47 KB)

click to enlarge (68.35 KB)

click to enlarge (50.77 KB)

click to enlarge (20.27 KB)

click to enlarge (77.51 KB)

No Comments

the gumball 3000 ’06

Every year again the “race” begins. Well it’s not a race per se – but a rally. This year the gumballers will start at sunday morning in London and arrive 8 days later in LA.

The difference this year: All of them are guided by a Windows Mobile powered device with ALKs CoPilot software. (ALK is one of the sponsors)



No Comments

Yet another proxy server… how to turn multicast into unicast…

We are using multicast to deliver more than 20 MPEG-2 encoded video+audio streams in our network. The advantages of using multicasting in a network of more than 2000 machines are well known. But there are several scenarios when multicasting is not the right choice.

For example: in wireless environments you have to use some sort of multicast group management which is not always as flexible as a more simple solution. You would end up multicasting all 20 streams into the wireless network – which would just explode or something. (our multicasting traffic volume is around 125 Mbit/s…which is… quite much)

I started writing such a solution two days ago and now I want to make the first lines of code available for everybody to try out.

To speak simple: it’s just another proxy server. It’s a HTTP Server that can be triggered to join a multicast group (hardcoded in this version) and forward the traffic from that multicast group directly to the client that asked for it. It’s as simple as it can get and to be more technical: the proxy receives udp multicast packets and sends them as tcp unicast packets.

When you tell MPlayer to trigger the proxy by asking for /hr.ts you would get something like this (if you have a multicast group on that IP/Port):

As you can see: MPEG2-Transport Stream inside. So it works as designed. There are some glitches I am afraid to say: one known bug is that there are 12 bytes to much in the outgoing data stream which corrupts the picture. If anyone here can fix it: Do it please 😉 I tried one day and I could not find a solution for the problem.

Anyways: It’s doing what it’s supposed to do. And that’s why I am making it available for everyone:

Sourcecode: (11,18 KB)

It compiles with Microsoft.NET 1.1/2.0 and Mono. There’s a Visual Studio 2005 solution file inside to help you compile it. (Should work with Visual C# Express Edition). Oh… and I am releasing it under the BSD license which is included with the package.

Feel free to comment and contribute.


System.Net.Sockets.SocketException: Protocol not supported

While coding the multi-platform way – with Microsoft .NET framework on Windows and Mono on everything else we discovered an annoying bug. In some source-code examples that deal with networking you often see something like this:

Socket listener = new Socket(0, SocketType.Stream, ProtocolType.Tcp);

This short code-snippet instantiates a new socket object. Mono compiles this code without any error or warning. But when you run it… this shows up:

Unhandled Exception: System.Net.Sockets.SocketException: Protocol not supported
in <0x00100> System.Net.Sockets.Socket:.ctor 
(AddressFamily family, SocketType type, ProtocolType proto)
in <0x00068> HTTPServer.HttpServer:listen ()
in (wrapper delegate-invoke) System.MulticastDelegate:invoke_void ()

Note: this doesn’t happen with .NET 1.1 and .NET 2.0 on Windows.

You can solve this exception just by telling mono which AdressFamily should be used:

Socket listener = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);

Thanks to Ello for his help.


No Comments

A Programmer never can have enough… Coffee

It is shown [1], that filtered coffee – not espresso or French-style brews – does not increase the risk of some heart diseases… Shack-o the next coding session can come.


No Comments

Chicken Force Feedback

If you travel a lot, and if you have a chicken as pet – this solution presented at CHI could be exactly what you where looking for:

click to enlarge (33.92 KB)

  1. Put a special, fluffy jacket with built-in vibrators and wireless communication on your chicken.

    click to enlarge (68.87 KB)

  2. Touch the physical avatar of your chicken, wherever you are.

    click to enlarge (74.79 KB)

  3. And your chicken will definitely like it!

    click to enlarge (61.42 KB)

Actually they have done a “user study” with two chicken. Using a red and a blue door, one with food and water, one with food, water, and 10 minutes of the jacket, the chickens prefer the door with the additional 10 minutes Force Feedback jacket. And no, this is not a joke, it is serious research. For those not believing, a video was also shown with a real chicken remotely touched by a user…

click to enlarge (45.77 KB)

No Comments

Let the good times roll

Wer kennt das nicht: Nostalgisch kramt man durch die alten DOS-Games, die man mal vor Ewigkeiten gezockt hat. Damals, als man noch selber Hand an die Betriebssystemkonfiguration anlegen musste, um die Software zum laufen zu bekommen.

Mit dem Aufkommen von Windows ist das Geschichte, allerdings auch die Kompabilität der alten Spiele.

Was also tun, um sie doch spielen zu können (z.B. unter XP)?

Die Antwort: Man lädt sich einen kostenlosen Emulator aus dem Internet herunter, in diesem Fall DOSBox in der Version 0.65.

Bedienoberfläche DOSBox

Die Bedienung ist recht einfach:


mount :\ -t cdrom

lädt man das CD-Laufwerk, falls man das entsprechende Spiel auf CD besitzt.

mount :\

steht für das Verzeichnis, wohin das Programm installiert werden soll, wobei man immer ein Verzeichnis angeben sollte. Die Software erkennt dieses dann als das normale C:\-Laufwerk.

Anschließend das jeweilige Installationsprogramm starten, das Programm installieren und schon kann es losgehen (Die Bedienung ist eben wie in DOS), wie in diesem Fall mit dem Klassiker “Beneath a steel sky” von 1994.

Ein Adventure der alten Art, wie es sie heute nicht mehr gibt.

Übrigens: Dieses Spiel ist Public Domain und kann demnach frei heruntergeladen werden.

Download (DOSBox 0.65):

Download (Beneath a steel sky):

Einige Anmerkungen:

Falls einige Spiele sehr langsam laufen, kann man mit Strg-F8 Frames überspringen (rückgängig mit Strg-F7) und mit Strg-F12 DOSBox mitteilen, dass man einen sehr viel schnelleren Prozessor besitzt (rückgängig mit Strg-F11).

Jens Heymann


the knowledge of our time: Berkeley courses available for free download (audio)

Berkeley University of California just made a great number of their audio courses available for free download on iTunes. Just tune in and get a taste of cal.

I actually got a taste of the incomparability of two universities… The courses are great!

ACCESS & DOWNLOAD COURSES on your computer or MP3 player
LISTEN TO EVENTS about the Arts, Education, Politics, Science and Technology
BE CONNECTED with what’s happening at UC Berkeley

But Berkeley is not the only university which has some sort of online-courses. FeM e.V. offers you a growing number of complete courses of the TU-Ilmenau with video+audio.

Source 1: Berkeley on iTunes

Source 2: FeM e.V. Streaming TU-Ilmenau


Working Atmposphere

Even during CHI [1], a lot of work is left to do: So I take the chance und finish some stuff in the evening hours in a very special working atmosphere.

click here to enlarge (73.14 KB)


1 Comment


2006 All Stars

click to enlarge (71.79 KB)

No Comments

Microsoft Time Zone Utility

The Microsoft Time Zone Utility [1] is a small tool [2], available for free, which indicates the time on different places on earth by a mouse click. It also provides a convenient way to change your current time zone.



Windows Security…a great (german) podcast episode…

If you are interested in software / security / windows, I recommend listening to this episode of Chaosradio. It’s a german language podcast, sorry for the others…

“Microsoft Windows hat in der Öffentlichkeit was Sicherheit betrifft einen schlechten Stand. Windows gilt als System mit offenen Scheunentoren und wird von der Elite gemieden. Doch in den letzten Jahren hat sich eine Menge getan und die letzten Releases von Windows XP wie auch das bevorstehende Windows Vista kommen mit signifikanten und grundlegenden Änderungen daher, die das Bild bald ändern könnten.

Im Gespräch bietet FX Einblicke in die Vorgehensweise von Microsoft in den letzten Jahren und erklärt, welche konkreten Ergebnisse Microsoft in seinen aktuellen und kommenden Betriebssystem-Releases erreicht hat und anstrebt. Am Ende gibt es auch einen Blick auf die Ist-Situation bei Linux.”


No Comments

CHI 2006

Yesterday evening we arrived in Montréal, Québec for CHI 2006 [1]. Just some impressions from the place. At the bottom you can see which area is covered by the panoramic view.

click to enlarge (85.32 KB)

click to enlarge (3.36 MB)

click to enlarge (77.67 KB)


No Comments

office coffee machine mod

What happens when cosrahn does some “proof-of-concept” work…

Guess! What is this supposed to be?

Right! It’s a water reservoir for the coffee machine…

Here is a video of it in action:

No Comments

the first coup: the Venzero ONE … share the love!

99 grams is enough. They certainly are right on that point and on many others. 8 GB, 320×240 display (2″), sleek black look, MP3, WM*, FM-Radio, RSS Feeds, audio and video podcasts (though: no video in germany (why?!))

And there is more.. You get this port on one side of the gadget:

Venzero calls it “SharePort” and extends the USB-on-the-Go! considerably says Venzero… One feature only the Venzero ONE comes with is the so calles “MusicMarker”. You can record short audio clips while you’re on the road/in the bus/train whatever. Back at home you can sync it with your PC and with venzeros’ servers et voilá: you get the artist and title of the song which was playing in your short audio recording. A great feature and I cannot wait to test it.

Venzero says it’ll be available in mid-June 2006 for about 289,90 Euro. (remember: an iPod comes with 4 GB at 249 Euro…)


No Comments

parts coming together…

The last two days I configured an Activedirectory+Exchange+Sharepoint combination for the first time… and well it was worth the work. When you see all the parts coming together, forming a fully working and flexible overall picture.

welcome to the domain…

Outlook Web Access

the Sharepoint… nearly empty… but it’ll get crowded once
the user accounts are created


Web Map

I just checked out the Kartoo [1] map using aheil as query. Interesting links and relations are found by this tool. But I do not have any clue how is realted to the whole map.

click to enlarge



Silver Bells and Golden Spurs

“Silver Bells and Golden Spurs is an exploration of the movie making capabilities of Second Life. It serves as a proof of concept for doing such, as well as the need for certain technical improvements.

With all the available Second Life tools, customized avatars and animations, and with the help of Bedazzle Studios, I knew we could create a high quality, compelling movie.

I first read the anonymous poem in a collection of cowboy poems I picked up several years ago, and immediately knew I had to make this story into a movie. I made notes in the margins of the book describing camera angles, dolly moves and crane shots. When I ran out of room, I decided to adapt the poem for the screen. In the screen play I could accurately describe the action in each scene, and use it as my guide through the production process (just like a real movie is made).

Pulling information from the script, I created lists for props and set pieces, avatar animations, audio, and costumes. These helped streamline the production and assured that no details were overlooked.

The set and all of the props were created on a single simulator, maximizing visual quality while minimizing overhead. I met regularly with the set modeler, character animator and costume designer to review and discuss the progress of their work. Although I had a very specific mental picture of what everything should look like, I needed to allow each of these artists the latitude to explore and use their creativity.”


No Comments

newly found friendliness

Oh well..we are sorry…very very sorry that… please forgive us for the inconvenience caused by our software…

No Comments

HEXIC HD Soundtrack downloadable…

Finally the complete soundtrack of Hexic HD – a puzzle game that comes pre-installed with the XBOX 360 – is available for download. The composer himself made them available for everyone.

If you don’t know what Hexic HD is all about…take a look:


No Comments

the illegal side of mathematics

I always knew that there is the bad taste of crime and the smell of illegality involved when it comes to mathematics…

“The first illegal prime to be announced, when interpreted a particular way, describes a computer program which bypasses copyright protection schemes on some DVDs. Because that program has been found illegal by courts in the United States of America, this has produced debate about whether the number itself could be considered illegal.”


No Comments

speed: play games as fast as you can.

There are gamers who don’t enjoy the games the same way the average gamer does. They are called runners. And they are doing Speed-Runs through games.

For example: the complete HalfLife 2 in 1 hour 36 minutes and 57 seconds…

And there is an archive to give you an insight on what is going on in the speed-run-scene:

“SDA is the home of speed runs done on many computer and console games. A speed run is a video of a player striving to complete a video game in as fast a time as they can manage. Sound easy? It’s not! A large number of tricks are usually used, possibly skipping whole areas of a game in the process, and there will always be mistakes.”


No Comments

hands-off! unattended windows

Since Nico wrote some articles about the Windows unattendet installation procedure I decided to take a closer look. And you can too:

“Have you ever wanted a Windows CD that would install Windows by automatically putting in your name, product key, timezone and regional settings? And have it merged with the latest Service Pack to save time? Followed by silently installing all your favourite applications along with DirectX 9.0c, .Net Framework 1.1 and then all the required hotfixes, updated drivers, registry tweaks, and a readily patched UXTheme.dll without any user interaction whatsoever? Then this guide will show you how you can do just that! “




If you did not know: You can have a great astronomy picture each day…

“Each day a different image or photograph of our fascinating universe is featured, along with a brief explanation written by a professional astronomer.”



master blaster strato caster … miniature guitar mania

Today is the “gift day”. I received a package with miniature guitars. Well, I am note playing a guitar but those miniatures are great 🙂

Placed them right next to the Intel-Silicon-Wafer…


No Comments

Sixt rocks!

I just received a love-letter from Sixt. What a great way to please a satisfied customer even more.

Three double upgrade vouchers…yeah! Ride on!

It seems that they want to thank me for my comments I made on their cars and service.


No Comments

sun and rain over Ilmenau…

Hey it’s april! And on my way home I took some pictures…giving you an impression of the cloudy sky which is characteristic for Ilmenau at this time of the year…

No Comments

Why DRM sucks

Actually, I do not have any problem paying for music. Sometimes I just want to listen to a piece of music, I checkout e.g. Musicload. I copied the music files, made a backup of the licenses and reinstalled my machine. So I decided to listen to a particular song:

Because I have freshly installed my box these days, I needed to restore my licenses but I do encounter this message while trying to restoring them:

Let’s see what “Web Help” says:

This is not helpfully at all. OK, let’s check the radio button to tell this to the people over there. An additional text box appears, asking for my experience; I was spending a lot of money on music, 2 o’clock a.m., I want to listen to my music, I am so somewhat angry… But I do not give up so easily. So I tried to restore another backup. Of course I did backup by licenses on a regular basis. And all I get is this:

Also this message does not satisfy me a lot. So I decide to try it a third time:

The very interesting thing: Depending on which backup I try to restore, I get always the very same message but I do never get my licenses back. Let’s go back where I bought the music, downloading the license again, because it looks like this is my very last chance:

But the song is not available anymore… they do only keep it for six months.. That sucks. Only the last three songs are left. And of course they write I should make backups of my licenses… Remark to myself: Do not purchase any music anymore.


Actually the DRM policy allows you to restore your licences on four different systems. Lucky day, because I just backed up my licences on another system and tried to restore them. This was th so-called plan. But DRM does not give up so easily and fires this message:

At least some of my licences which I bought and payed for, I own , i.e. they belong to me and I do have the right to hear the song whenever I want (at least I thought so), do work again. But some others still suck…

No Comments

some information about highspeed memory cards…

A widely known electronic store (in germany) did an advertisement for the fun and information of everyone:

The text:

“If you want to take a picture of fast moving objects: Speed counts! Every delay of the memory card can distort the picture, or even worse: the motive is not visible. There’s an end of it! The new HighSpeed-Memory cards transfer the picture data at up to 20 MBit per second. Even a formula 1 world champion could not escape.

The data transfer to your PC only takes 5 seconds, instead of the 20 seconds with a normal memory card.”

Hmkay… understood?

Source: DSLR-Forum

No Comments

Wireless Worlds

It started like a fairy tale

Son to father: “Hey Dad! What about these strange slots on the side of my notebook?”

Father to son: “Son! These things are made for PCMCIA-Cards. What a coincidence that you are asking about it. I just have one of these cards in my pocket.”

So today with fewer fairy and more reality I had the opportunity to test a Vodafone Mobile Connect Card UMTS Broadband manufactured by Novatel.

After an easy installation it worked immediately. Unfortunately due to the lack of available UMTS (a mere 500 meters to far away for it…) I had to go with GPRS.

The profile automatically switches between it – if you have chosen it during installation.

the menu


With a flatrate the whole package costs about 30€ a month with no additional costs for the PCMCIA-card.

Jens Heymann


Apple Crumble

I just did it: I ordered one of those nifty Apple Mac minis with the new Intel inside. Actually I plan to put a Windows on it. Fortunately, when I bought the Office for Mac last year, the package also included on Windows XP license… btw: I ordered the English Mac OS X. A few weeks ago I spend some time together with some colleagues in a Apple store in Seattle. And yes, the hardware does look great.

No Comments

22c3 recordings – release this week?

So here are some news about the 22c3 recordings:

According to the last information I got, 130 of 146 recordings are ready to go. I don’t know why the team decided to release them all at once only but unfortunately you’ll have to be patient.

The release is planned for THIS WEEK. So stay tuned and check back for more information.



Exchange “12”…


Anyone already working with it?

No Comments

universal connections

“this is an example of technology being clearly understood and accepted by the general public. something democratic evolves and develops and therefore often even receives a totally different usage than was originally intended. given the current, often exotic use of USB, it would even be argued that there is a ‘USB subculture’!”


No Comments

BMW 320i touring on the road…

Sixt gave me a brand new BMW 320i touring. What a great car! It could use some more bhp but it was fun to drive in every way: Fast and Slow.

Since my GPS logging tool is not working at the moment I just made a picture of the timer that comes with BMWs iDrive. So it’s 9 Minutes 25 seconds for the complete racetrack…very nice.


trip to erfurt…

Since my girlfriend has two turtles we wanted to check out the reptiles exhibition in Erfurt. Which we didn’t because, well lets call it disappointment in the first place.

To small. To dubious. Well… you get the idea. And 12 Euro for 1700 qm is quite a price…

Then we decided to take a walk in the old town of Erfurt. Where we found a new product…(sorry, german only joke)

No Comments

the web is international

I just figured out that the web is indeed worldwide.

No Comments

Microsoft Studentpartner Summit 2006 – panoramic views

I am at the Microsoft Studentpartner Summit 2006 in Duesseldorf-Mettmann at the moment. And of course I made some panoramic views:

No Comments

Microsoft Studentpartner Summit 2006 – Düsseldorf-Mettmann

1 Comment


Uhh… more than 13k SPAM Mails last month… 🙁

No Comments

Macs do Windows, too

Now since Apple officially supports Windows on their Intel based machines I really think about getting one of them. If they manage to run both operating systems concurrently (like they could with Intels Vanderpool technology)… THAT would be the killer argument.

The thing is: It’s so not Apple. Why would they support the operating system they always bashed?



water can actually flow uphill

You were told that water does never ever flow uphill. But now this is proven wrong…and who did it? A german engineer working for americans…

“When a liquid drop is placed on a surface held at a temperature much higher than the liquid’s boiling point (such as a drop of water in a very hot pan) it hovers on its own vapor cushion, without wetting the surface. This phenomenon is called film-boiling and occurs beyond a surface temperature called the Leidenfrost point (about 200 – 300 ºC for water on flat surfaces, depending on surface quality).”

“This method uses heat to pump liquid, and could therefore be used in pumps for coolants, for instance to cool microprocessors. Such a pump would need no additional power (it’s run by the heat that needs to be removed anyway), it would have no moving parts, and it wouldn’t require a thermostat. Whether this method will actually be powerful enough for applications in, say, a laptop, is not yet known.”


1 Comment

How to setup secure 802.1x WPA2 enterprise wireless lan on a linksys WRT54G / GS Revision 4

This article is in german, but I am going to make a translated english version available soon. Thanks to Volker -cosrahn- Henze for writing this great how-to.

Für Feedback und/oder Fragen bitte die Kommentarfunktion verwenden.


Dieses Howto ist ein bischen anders als andere. Es ist ein “Monolitisches” Howto. Wir haben sozusagen einen Snapshot des, bis dato, aktuellen OpenWRT auf unseren Server gezogen und werden damit das gesamte System aufbauen. Es wird keine Updates geben. Das ist natürlich nicht gut aber wir haben diesen Ansatz gewählt um ein Howto zu realisieren bei dem keine Fragen offen bleiben. Also wenn Du es GENAU so machst wie wir hier, solltest Du danach einen wunderschönen Linksys haben der dir einen sicheren und komfortablen Weg bietet dein WLAN vor Unbefugten zu schützen aber trotzdem schnell und einfach Freunden, Bekannten und Nachbarn den Zugriff zu gewähren oder wieder zu enziehen. Warum kein Customized-Image? Wir müssten es testen und dazu felht einfach die Zeit und die Hardware. Aber ich denke das wir demnächst evtl. solch ein Image bauen werden. Allerdings hat solch ein Howto auch den Vorteil das ihr wisst was in eurem Linksys steckt und nicht einfach sagt “Ich glaub der Klumpen da in der Ecke macht das…” Gut dann viel Spass!


  • Linksys WRT54GS Revision 4

  • Ein Rechner mit telnet und SSH (SSH für Windowser gibt es hier)

  • Möglichkeiten Dateien per scp zu übertragen (mit scp, WinSCP usw.)

  • Grundkenntnisse mit dem Umgang mit Maus und Tastatur


Linksys auspacken. Die Warnung “Zuerst CD laufen lassen, dann die Kabel anschließen.” kann man getrost überlesen. Und steckt nun das beiliegende Kabel an den Port 1 und an einen beliebigen Rechner. Nun bekommt man eine IP (, die IP des Linksys ist die also mit in deinem Browser kommst Du auf das Webinterface. Login: admin und Passwort: admin

Die Logindaten sollten auch auf der beiliegenden
Dokumentations-CD zu finden sein.

So sieht das Webfrontend von Linksys aus. Nach dem Flashen wir der Linksys kein
Webfrontend haben. Man kann allerdings eines Nachinstallieren.
Aber dies ist ein anderes Howto…


Die entsprechende Firmware erhält man hier: (1,61 MB) – Dies ist ein Mirror des

!!!!!!!!!! ACHTUNG nun wirds heiß !!!!!!!!!!
Überprüfe unbedingt noch einmal ob nicht doch ein Stromausfall angekündigt wurde oder der Nachbar versucht mit dem Föhn baden zu gehen. Ein Stromausfall wäre fatal für den Linksys.

Klick auf Administration->Firmware Upgrade

Die Datei openwrt-wrt54gs_v4-jffs2.bin angeben

laufendes Update


Nun ist es soweit. Wenn alles geklappt hat kannst du dich per telnet einloggen.

Das erste Telnet

root@OpenWrt:~# telnet
Connected to
Escape character is ‘^]’.
=== IMPORTANT ============================
Use ‘passwd’ to set your login password
this will disable telnet and enable SSH

BusyBox v1.00 (2006.03.27-00:00+0000) Built-in shell (ash)
Enter ‘help’ for a list of built-in commands.

_______ ________ __
| |.—–.—–.—–.| | | |.—-.| |_
| – || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
WHITE RUSSIAN (RC5) ——————————-
* 2 oz Vodka Mix the Vodka and Kahlua together
* 1 oz Kahlua over ice, then float the cream or
* 1/2oz cream milk on the top.

Nach dem einloggen erstmal ein Reset da die Dateisysteme noch read-only sind:

root@OpenWrt:~# reboot

Nach diesem Reboot kann man sich wieder einloggen. Als erstes muss ein neues Passwort gesetzt werden:

root@OpenWrt:~# telnet
root@OpenWrt:~# passwd
Changing password for root
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:
Re-enter new password:
Password changed.

Nun loggen wir uns wieder aus, da Telnet nicht besonders sicher ist
und jeder mitlesen könnte was wir eingeben.

root@OpenWrt:~# exit
volker@buran ~ $ ssh root@
root@’s password:

BusyBox v1.00 (2005.07.18-21:49+0000) Built-in shell (ash)
Enter ‘help’ for a list of built-in commands.

_______ ________ __
| |.—–.—–.—–.| | | |.—-.| |_
| – || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
WHITE RUSSIAN (RC2) ——————————-
* 2 oz Vodka Mix the Vodka and Kahlua together
* 1 oz Kahlua over ice, then float the cream or
* 1/2oz cream milk on the top.


Nun sollte man sich um Internet kümmern. Dies ist aber nicht Teil dieses How-To da es da einfach sehr viele Möglichkeiten gibt einen Linksys mit dem Internet zu verbinden. Deshalb die, meiner Meinung nach, zwei gängigsten hier und noch mehr Infos dazu gibt es hier.

FeM-Net oder andere größere LANs

Hier die Vorgehensweise wenn ihr das Gerät an einem größeren LAN wie dem FeM-Net betreiben wollt. Bitte achtet darauf das der Internet-Port(das ist der der ein Stückchen weiter weg ist on den anderen) des Linksys mit dem LAN verbunden ist. ACHTUNG wenn ihr einen anderen Port mit dem FeM-Net verbindet wird euer FeM-Net-Port deaktiviert.

Jetzt braucht ihr die MAC-Adresse des Linksys um ihn im FeM-Net freizuschalten. Das ist ganz einfach.

root@OpenWrt:~# ifconfig vlan1
vlan1 Link encap:Ethernet HWaddr 00:14:BF:CA:FE:01
inet6 addr: fe80::214:bfff:feca:fe01/64 Scope:Link
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 MiB) TX bytes:0 (0.0 MiB)

Bei unserem Gerät wäre die MAC-Adresse “00:14:BF:CA:FE:01”.


Das ist leicht. Einfach ein paar NVRAM Variablen setzen und das DSL-Modem an den WAN-Port des Linksys stecken.

nvram set wan_ifname=ppp0
nvram set wan_proto=pppoe
nvram set ppp_idletime=10
nvram set ppp_mtu=1492
nvram set ppp_passwd=
nvram set ppp_redialperiod=15
nvram set ppp_username=
nvram set pppoe_ifname=vlan1
nvram commit

Wenn du fertig bist schalte das WAN-Interface ein mit:

ifup wan


Jetzt machen wir erstmal ein Update der Softwarepakete. Wir stellen eine Packet-Sammlung bereit um sicherzustellen das alles genauso funktioniert wie wir es beschrieben haben. Das heißt aber nicht das diese Howto auch nicht mit späteren Versionen funktionieren wird.

root@OpenWrt:~# cp /etc/ipkg.conf /etc/ipkg.conf.old
root@OpenWrt:~# vi /etc/ipkg.conf
* Taste “i” drücken (Insert-Modus)
* nun die folgenden Einträge ändern
src whiterussian
src non-free
src whiterussian
src non-free
den Rest lassen wir einfach so
* Taste “Esc” drücken (Kommando-Modus)

Jetzt kann man mit einem ipkg update die Paket-Informationen holen.

root@OpenWrt:~# ipkg update
Downloading …
Connecting to[]:80
Packages 100% |******************************************|
121 KB 00:00 ETA
Updated list of available packages in /usr/lib/ipkg/lists/whiterussian
Downloading …
Connecting to[]:80
Packages 100% |******************************************|
568 00:00 ETA
Updated list of available packages in /usr/lib/ipkg/lists/non-free


Dieser Schritt ist wichtig da ihr mit diesem Tool den Linksys mit der Zeit im Internet syncronisieren müsst. Der Linksys besitzt keine Pufferbatterie und kann seine Zeit nicht zwischenspeichern. Die Zeit wird aber unbediengt gebraucht damit die PKI(das mit OpenSSL erstellte Zeug) funktioniert.

root@OpenWrt:~# ipkg install ntpclient

ntpclient_2003_194-2_mipsel.ipk …
Connecting to[]:80
ntpclient_2003_194-2 100% |*******************************************|
9555 00:00 ETA
Unpacking ntpclient…Done.
Configuring ntpclient…Done.

Nun schnell die Zeit syncen.

root@OpenWrt:~# ntpclient -h -s

Ggf. kann hier statt ein beliebig anderer Zeitserver verwendet werden.

Und ein Startscript welches beim einschalten des Linksys die aktuelle Zeit aus dem Internet holt.

root@OpenWrt:~# echo “#!/bin/ash” >/etc/init.d/S70ntp
root@OpenWrt:~# echo “ntpclient -h -s” >>/etc/init.d/S70ntp
root@OpenWrt:~# chmod a+x /etc/init.d/S70ntp

Geschaft, nun haben wir, so Gott will, immer die richtige Uhrzeit auf unserem Linksys.


Installation der propritären Tools. Auch wenn es nicht schön ist, diesen Schritt kannst Du nicht überspringen. Der propritäre NAS und die WL-tools müssen nachinstalliert werden.

root@OpenWrt:~# ipkg install nas

nas_3.90.37-16_mipsel.ipk …
Connecting to[]:80
nas_3.90.37-16_mipse 100% |******************************************|
75771 00:00 ETA
Unpacking nas…Done.
Configuring nas…Done.
root@OpenWrt:~# ipkg install wl

wl_3.90.37-1_mipsel.ipk …
Connecting to[]:80
wl_3.90.37-1_mipsel. 100% |******************************************|
40906 00:00 ETA
Unpacking wl…Done.
Configuring wl…Done.

Der NAS wird benötigt um die Kommunikation zwischen WLAN-Device des Linksys und dem Radius-Server. Die WL-Tools werden benötigt um alle Funktionen des propritären WLAN-Treibers zu nutzen.


Mit OpenSSL wird nun eine Root-CA erstellt. Dies bietet die Möglichkeit dynamisch Zertifikate an beliebige Personen zu verteilen ohne das ihr euch kompliziert Pre-Shared-Keys zuflüstern müsst. Außerdem kann man Zertifikate zurückziehen wenn man jemanden nicht mehr leiden kann. Das ist besonders in größeren Infrastrukturen sehr sinnvoll. Installiert euch openssl-utils auf eurem, mittlerweile liebgewonnen, Linksys. Im übrigen ist es ratsam die Root-CA auf einem anderen PC zu erstellen. Hier der Einfachheit-wegen direkt auf dem Linksys.

root@OpenWrt:~# ipkg install openssl-util

Legt euch ein Verzeichnis an in dem die Root-CA gespeichert wird.

root@OpenWrt:~# cd /usr/share/
root@OpenWrt:/usr/share/CA# mkdir CA
root@OpenWrt:/usr/share/CA# cd CA

OpenSSL brauch ein paar Verzeichnisse, in dem es seinen sinnlosen Mist ablegen kann.

root@OpenWrt:/usr/share/CA# mkdir certs crl newcerts private users

Erstelle die Seriennummer und die Indexdatei für die Root-CA.

root@OpenWrt:/usr/share/CA# echo “01” > serial
root@OpenWrt:/usr/share/CA# cp /dev/null index.txt
root@OpenWrt:/usr/share/CA# cp /etc/ssl/openssl.cnf .

Mach eine Kopie der Orginal OpenSSL-Konfig-Datei und ändere es wie Du es benötigst.

root@OpenWrt:/usr/share/CA# vi openssl.cnf
* Taste “i” drücken (Insert-Mode)
* mit den Pfeiltasten nach unten scrollen bis zum Feld [ CA_default ]
* den Parameter
dir = ./demoCA
* tauschen gegen
dir = ./
* Dann die beliebigen Anpassungen machen
* Taste “ESC” drücken (Kommando-Modus)

Für die Client Zertifikate benötigt man spezielle Windows XP Extensions. Dazu legen wir eine neue Datei mit dem Namen xpextensions an.

root@OpenWrt:/usr/share/CA# vi xpextensions
* Taste “i” drücken (Insert-Mode)
Die Zeilen hinzufügen
[ xpclient_ext ]
extendedKeyUsage =
[ xpserver_ext ]
extendedKeyUsage =
* Taste “ESC” drücken (Kommando-Modus)


Sie ist 1095 Tage gültig. Das kann natürlich nach belieben angepasst werden in dem man die Zahl nach der Option -days verändert.

root@OpenWrt:/usr/share/CA# openssl req -new -x509 \
-keyout private/cakey.pem -out cacert.pem -days 1095 -config openssl.cnf
Generating a 1024 bit RSA private key
writing new private key to ‘private/cakey.pem’
Enter PEM pass phrase: “Das_Root-CA_Passwort”
Verifying – Enter PEM pass phrase: “Das_Root-CA_Passwort”
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Thueringen
Locality Name (eg, city) []:Ilmenau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.
Organizational Unit Name (eg, section) []:Technik
Common Name (eg, YOUR name) []:Cosrahn
Email Address []:somemailadress

Tipp: Merkt euch das Passwort. Und dieses sollte niemals in falsche Hände geraten.

root@OpenWrt:/usr/share/CA# openssl pkcs12 -export -in cacert.pem -inkey private/cakey.pem \
-out caroot.p12 -cacerts -descert
Enter pass phrase for private/cakey.pem: “Das_Root-CA_Passwort”
Enter Export Password: “caroot_p12_Passwort” (kann auch leer sein)
Verifying – Enter Export Password: “caroot_p12_Passwort” (kann auch leer sein)
root@OpenWrt:/usr/share/CA# openssl pkcs12 -in caroot.p12 -out caroot.pem
Enter Import Password: “caroot_p12_Passwort”
MAC verified OK
Enter PEM pass phrase: “caroot_pem_Passwort”
Verifying – Enter PEM pass phrase: “caroot_pem_Passwort”

Und für Windows.

root@OpenWrt:/usr/share/CA# openssl x509 -in cacert.pem \
-inform PEM -out cacert.der -outform DER


root@OpenWrt:/usr/share/CA# openssl req -nodes -new -x509 -keyout radius-req.pem \
-out radius-req.pem -days 730 -config openssl.cnf
Generating a 1024 bit RSA private key
writing new private key to ‘radius-req.pem’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Thueringen
Locality Name (eg, city) []:Ilmenau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.
Organizational Unit Name (eg, section) []:Technik
Common Name (eg, YOUR name) []:Cosrahn
Email Address []:somemailaddress
root@OpenWrt:/usr/share/CA# openssl x509 -x509toreq \
-in radius-req.pem -signkey radius-req.pem -out radius-tmp.pem
Getting request Private Key
Generating certificate request

Zertifizieren des Request Bitte achte hier auf die Reihenfolge “-infiles radius-tmp.pem” ist die letzte Option in der Kommandozeile.

root@OpenWrt:/usr/share/CA# openssl ca -config openssl.cnf \
-policy policy_anything -out radius-cert.pem -extensions xpserver_ext \
-extfile xpextensions -infiles radius-tmp.pem
Using configuration from openssl.cnf
Enter pass phrase for /usr/share/CA/private/cakey.pem: “Das_Root-CA_Passwort”
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Not Before: Jan 1 05:15:35 2000 GMT
Not After : Dec 31 05:15:35 2000 GMT
countryName = DE
stateOrProvinceName = Thueringen
localityName = Ilmenau
organizationName = FeM e.V.
organizationalUnitName = Technik
commonName = Cosrahn
emailAddress = somemailaddress
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Certificate is to be certified until Dec 31 05:15:35 2000 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Konvertieren des Zertifikats in PKCS12-Datei damit es lesbar für Outlook; MSIE; Mozilla wird. (dieser Schritt ist nicht unbedingt nötig, da unser Radius kein PKCS12 benötigt).

openssl pkcs12 -export -in radius-cert.pem -out radius-cert.p12\-inkey radius-req.pem -descert


Dieser Schritt muss für jeden Client wiederholt werden.

root@OpenWrt:/usr/share/CA# openssl req -nodes -new -x509\
-keyout client-req.pem -out client-req.pem -days 730 -config openssl.cnf
Generating a 1024 bit RSA private key
writing new private key to ‘client-req.pem’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Thueringen
Locality Name (eg, city) []:Ilmenau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.
Organizational Unit Name (eg, section) []:Technik
Common Name (eg, YOUR name) []:Cosrahn
Email Address []:somemailAddress
root@OpenWrt:/usr/share/CA# openssl x509 -x509toreq -in client-req.pem \
-signkey client-req.pem -out client-tmp.pem
Getting request Private Key
Generating certificate request

Zertifizieren der Request – Bitte achte auf die richtige Reihenfolge “-infiles client-tmp.pem” ist die letzte Option auf der Kommandozeile.

root@OpenWrt:/usr/share/CA# openssl ca -config openssl.cnf -policy policy_anything \
-out client-cert.pem -extensions xpclient_ext -extfile xpextensions \
-infiles client-tmp.pem
Using configuration from openssl.cnf
Enter pass phrase for /usr/share/CA/private/cakey.pem:
DEBUG[load_index]: unique_subject = “yes”
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Not Before: Jan 1 05:37:37 2000 GMT
Not After : Dec 31 05:37:37 2000 GMT
countryName = DE
stateOrProvinceName = Thueringen
localityName = Ilmenau
organizationName = FeM e.V.
organizationalUnitName = Technik
commonName = Cosrahn
emailAddress = somemailAddress
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Client Authentication
Certificate is to be certified until Dec 31 05:37:37 2000 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Konvertieren des Zertifikat in PKCS12-Datei (Outlook; MSIE; Mozilla).

openssl pkcs12 -export -in client-cert.pem -out client-cert.p12 \
-inkey client-req.pem -descert

Um grössere Sauerein zu vermeiden hab ich den obigen Teil zu einem kleinen Script zusammen gefasst. Dieses kleine Script hilft beim erstellen eines neuen Clients. Man findet die erstellten Zertifikate in /usr/share/CA/users/[clientname].

Hier das Skript: (,43 KB)

Man kann nun zB. einfach mit:

root@OpenWrt:/usr/share/CA# ./ Paul

ein Zertifikat für den User “Paul” erstellen.


Um den Verschlüsselungsspass komplett zu machen brauchen wir noch eine random-Datei und eine Diffi-Hellmann-Parameter Datei. Dazu gehen wir wie folgt vor.

root@OpenWrt:/usr/share/CA# openssl dhparam -out dh1024.pem 1024
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
root@OpenWrt:/usr/share/CA# dd if=/dev/urandom of=random bs=1k count=1


Wir haben jetzt viele Dateien generiert aber welche ist jetzt wozu da? Also werden wir das jetzt mal aufdröseln.

radius-req.pem – der Key
radius-cert.pem – das Zertifikat
cacert.pem und cacert.der – das CA-Zertifikat
dh1024.pem – das DH Parameter
random – beinhaltet einfach nur zufällige Daten


Der Client:

diese Dateien müssen auf den Rechner der sich in das WLAN einloggen will.

Die Dateien für den Radius behandeln wir später.


Nach dem wir das geschaft haben, können wir mit dem Radius-Server weiter machen. Wenn Du schon einen funktionierenden Radius-Server in deinem Netz benutzt, kannst Du diesen Schritt überspringen. Um den FreeRadius-Server zu installieren geht man wie folgt vor:

root@OpenWrt:~# ipkg install freeradius

root@OpenWrt:~# ipkg install freeradius-utils

root@OpenWrt:~# ipkg install freeradius-mod-eap

root@OpenWrt:~# ipkg install freeradius-mod-eap-md5

root@OpenWrt:~# ipkg install freeradius-mod-eap-peap

root@OpenWrt:~# ipkg install freeradius-mod-eap-tls

root@OpenWrt:~# ipkg install freeradius-mod-eap-ttls

root@OpenWrt:~# ipkg install freeradius-mod-files

root@OpenWrt:~# ipkg install freeradius-mod-pap


Bitte achte darauf dass du kein Paket vergesst.

Damit der RADIUS auch nach einem reboot zur richtigen Zeit startet, muss das Startscript noch umbenannt werden.

mv /etc/init.d/radiusd /etc/init.d/S41radiusd

Dann die erstellten OpenSSL-Zertifikate kopieren.

mkdir /etc/freeradius/ca
cp /usr/share/CA/cacert.pem /etc/freeradius/ca
cp /usr/share/CA/radius-req.pem /etc/freeradius/ca
cp /usr/share/CA/radius-cert.pem /etc/freeradius/ca
cp /usr/share/CA/dh1024.pem /etc/freeradius/ca/
cp /usr/share/CA/random /etc/freeradius/ca/

Die wichtigen Dateien für die Radius Konfiguration sind

  • clients.conf
  • eap.conf
  • radiusd.conf
  • users


client {
secret = Das_RADIUS_Passwort
shortname = localhost
nastype = other




Nun wollen wir einfach mal unsere 802.1X Umgebung aktivieren.

root@OpenWrt:~# nvram set wl0_akm=wpa wpa2
root@OpenWrt:~# nvram set wl0_auth_mode=radius
root@OpenWrt:~# nvram set wl0_crypto=aes+tkip
root@OpenWrt:~# nvram set wl0_radius_ipaddr=
root@OpenWrt:~# nvram set wl0_radius_key=Das_RADIUS_Passwort
root@OpenWrt:~# nvram set wl0_radius_port=1812
root@OpenWrt:~# nvram set wl0_ssid=My_8021X_Network
root@OpenWrt:~# nvram set wan_hostname=My_8021X_Gateway
root@OpenWrt:~# nvram set wl0_wep=aes+tkip
root@OpenWrt:~# nvram commit

Nun sollte nach einem Reboot der Zauber beginnen. Viel Spass!


ipkg install wireless-tools
ipkg install webif


WPA2 Enterprise-Howto
OpenWRT Konfig Hilfen
OpenSSL X509


the new rythm

Gooooooooooooooooooooooooooooooooood morning my feathered friends!

The new semester starts today and I successfully introduced a new diurnal rythm. It’s quite hard to go to sleep at 12 PM when you did go at 5 AM the last months. But it worked. It’s 7:30 AM and I am awake, already showered and fit to start the day.

Even the sun is shining… a bit…


wanna raise some gamerscore?

One of the new key features of XBOX Live! and XBOX 360 is the gamerscore. Every user has a gamerscore which simply is the number of points the user achieved in all the games he/she played.

Since the games more and more tend to NOT have any cheat-possibilities everyone likes to get some tips how to boost the gamerscore. That’s exactly what Achieve360points does. It lists all the available achievements for every XBOX 360 game and gives you some advise how to actually get them.


No Comments

the new Office 2007 user interface

I am quite flashed by the new Office User Interface. It’s really a step forward and this short video shows you just some of the new concepts of Office 2007:

click to watch


No Comments

XBox3000 TV – episode March 2006

Here we are – the newsest episode of XBox3000 TV (german).

click to watch

Natürlich kann das ganze auch iPod kompatibel über den Podcast bezogen werden.


  • Mutiplayer Patch für CoD2
  • Halo kommt als Comic
  • Microsoft gibt Entwickler vollen Zugriff auf Xbox Live
  • Shane Kim Interview: Halo3, E3 2006 und PS3
  • Epic Records Partnerschaft mit Microsoft
  • Silent Hill 1 für 360
  • Ein Blick zum Konkurrenten: Playstation 3


  • Samsung Euro Championship auf der CeBit 2006


  • The Outfit
  • Full Auto
  • Oblivion
  • Tomb Raider


  • Wir sparen für Xbox „DREI“

Preise von THQ:

  • Faceplates „The Outfit“

No Comments

the beauty of directories

Andreas Job, a friend of mine, wrote a tool which visualizes a machines directory tree in a very beautiful way…

click to watch the movie…


No Comments