How to redirect all traffic thru Tor by default on Mac OS X

October 2nd, 2013 by admin | Permalink

As in my previous post, sometimes it is necessary to have “full” internet access instead of limited access. Even that Tor is initially done to anonymize you, it also does a great job in such occasions.

To redirect all traffic on Mac OS X thru Tor, follow these steps.

Step 1 – Choose “System Preferences” from the Apple  menu.
Step 2 – Choose “Network” from the menu.
Step 3 – Choose “Edit Locations” from the Location menu.
Step 4 – Click the “+” icon to add an additional location.
Step 5 – Type in a new name for your location (I used Tor), then click “Done”.
Step 6 – Select “Airport” from the list on the left side.
Step 7 – Click “Advanced”
Step 8 – Click on “Proxies” in the list.
Step 9 – Activate “SOCKS Proxy” by ticking the checkbox
Step 10 – In the SOCKS Proxy Server box, type localhost and 9050.
Step 11 – Click “OK” and then click “Apply”.

Now you can easily switch the environments in the upper center menu of the system preferences.

SSH and other protocols via Tor on Mac OS X

October 1st, 2013 by admin | Permalink

I travel a lot and sometimes I end up in hotels that claim to have internet, but after a couple of minutes I realize they mean HTTP and HTTPS, maybe Skype.

I am not sure why some hotels are super paranoid about outgoing protocols, but the second you want to upload something (e.g. GIT over SSH) or administrate your server you need a lot more ports than a usual user.

My way of “tricking” the hotel firewall is using Tor for such things.

Step 1 – Install Tor on the Mac
I am using the Command Line tools for Tor and load them using MacPorts (you will need to download and install MacPorts).

Step 2 – Install the tor components
$ sudo port install tor torsocks

Step 3 – Run tor (could take a couple of seconds)
$ tor &

Step 4 – Connect using torify
$ torify ssh

This will not anonymize your traffic, this is just a way around firewalls etc..

Why Apple is not working on a smart watch!

September 17th, 2013 by admin | Permalink

When the rumor came up that Apple is working on a smart watch, a lot of people got pretty excited. More interesting, a lot of big hardware vendors started working on smart watches, which some just got announced. E.g. Sony and Samsung.

The main question still is, how could a smart watch change your life? I doubt there is a big benefit in having your phone hooked to your watch constantly. Especially as your phone is just 30 centimeters away.

But more important, a watch is something very special to most man (sorry ladies, but I think they are the main audience for a smart watch) wearing one. It is the only peace of jewelry a man is wearing in the usual case. And in addition to that, it is usually a pretty expensive, but classical watch like a Rolex, Patek Philippe or Panerai.

Can you imagine business man running around with a display on there hands just to see the latest Tweet or Facebook update from his mates?

Brings me to the conclusion that such a thing would just be a niche product.
If Apple is really hopping on this wagon they are really lost and out of ideas!

3rd party cookies in Firefox…

June 10th, 2013 by admin | Permalink

… seem so small since we know about Prism.

How about UNSUBSCRIBE-June?

June 1st, 2013 by admin | Permalink

How about cleaning up your inbox by unsubscribing to useless newsletters you are getting every day?
I am actually doing this once a year and this year I am calling it UNSUBSCRIBE-June.

It is really interesting how many companies put you on their mailing list and spam you weekly, daily or even more.
I am even getting newsletters in languages I don’t even speak, just because I once used the free wi-fi at an airport or anything like that.

Join me – unsubscribe!

Why disabling 3rd party cookies in Firefox 22 is a big mistake!

April 15th, 2013 by admin | Permalink

Before I start, let me quickly outline two things. I am working in the online advertising industry + this is representing my personal opinion.
I have built several ad serving solutions and tracking engines within the last years and the chance of you having a cookie on your harddisk that comes from one of these solutions is quite likely.

Mozilla recently announced that with the release of Firefox 22 they will, per default, disable 3rd party cookies.
This in the first place looks like a big advantage to users. People fear to be tracked and analyzed across their whole internet behavior. I will come to data privacy a little later in detail.

I believe that data privacy is extremely important, I am just not happy the way Mozilla or to be specific the Firefox developers are handling this.
The idea is simply to avoid 3rd party cookies to be granted as long as the user hasn’t visited the 3rd party and the cookie became a 1st party cookie.

Or in other words, I am an ad network and as long as you haven’t ever clicked on one of my ads, I am not able to know identify the browser, how often you have been exposed to a specific ad and so on. Good? Sounds quite fair.

But the second you are putting this into a different context, the whole thing becomes a little awkward.

What is the default page that a Firefox shows you when you install it? Right that’s a customized Google search page. You just got a 1st party pixel by Google.
What’s the main income stream for Google? Right advertising!

Ever asked yourself how Mozilla is financing their servers, employees etc.? Right donations!


Let me quote Wikipedia on this:

“The Mozilla Foundation is funded by donations and “search royalties”. Since 2005, the vast majority of funds have come from Google Inc. […]
In 2006, the Mozilla Foundation received US$66.8 million in revenues, of which US$61.5 million is attributed to “search royalties” from Google.[9]
The foundation has an ongoing deal with Google to make Google search the default in the Firefox browser search bar and hence send it search referrals; a Firefox themed Google search site has also been made the default home page of Firefox. […] On 20 December 2011 Mozilla announced that the contract was once again renewed for at least three years to November 2014, at three times the amount previously paid, or nearly US$300 million annually.[11][12] Approximately 85% of Mozilla’s revenue for 2006 was derived from this contract.”

Same also counts for Facebook. You are scared by advertising? Facebook knows already a lot about you, but with making the Like Button available across the web, they know your actual browsing behavior. They know what you like and now they also know what you have been exposed to on the web! And as they are everywhere, like Google Analytics, they have the full picture. This is actually not happening for any other advertising network as the market is fragmented across a lot of companies.

Let’s talk a little bit about data privacy. I am working for a pan-european advertising company and we are investing a lot of time and money into data privacy compliance. We are TrustE certified, we have regular audits with lawyers across Europe, we are participating in the Do-Not-Track initiative, we are on the global IAB opt-out page, we don’t store any IP addresses and we have a dedicated page to explain how we handle data privacy. The industry is 100% aware of the situation and we are adopting to all rules and are extremely pro-active in what we are doing.

If you ever thought cookies are the only thing that enables companies to track you, you are absolutely wrong.
Beside standard cookies there is technologies like LSO, LocalStorage, e-tags and lots and lots more. To be more direct on this, every browser plugin brings its own technology. A good collection of these can be found at the Evercookie of Samy Kamkar.

The online industry committed within the last years to not use LSO, also known as Flash cookies, anymore. The most obvious reason is that a plugin cookie like Flash LSO is not being removed when removing cookies. In addition a LSO can be read out across browsers. Means your behavior on Firefox could be read out when you are using Internet Explorer or Safari!
Needless to mention that the Firefox approach is technically not stopping this.
From a data privacy perspective this is a nightmare and that’s exactly why the industry stopped this.

A lot of people are annoyed by commercials and there is a simple trick to stop seeing these ads, but please for one moment think about using an ad blocker.

Internet infrastructure, a team of editors, creators, writers, system administrators and developers are not cheap.
The reason why the majority of the internet is still free is the fact that advertising is paying for this! So instead of having an internet where you need to pay for every article, blog post or video that you are seeing, they show you commercials. So whenever you are talking about net neutrality, keep this in mind!
Or otherwise the internet will look like this in a couple of years.
Btw. same is happening when you are watching TV or buying a magazine. Part of it is paid by advertisement!

Dear Firefox developers, please think again about your approach. The industry has done a lot of things to comply with current law. It would be a shame if this would have been for nothing!
And the bad guys use another technology anyway!

How to check if a SSL certificate is valid using command line

January 18th, 2013 by admin | Permalink

Quite easy:

openssl s_client -connect

Shred – How to format a disk save on a rented machine

November 8th, 2012 by admin | Permalink

There is lots and lots of hosting companies that ask you for a couple of dollars and give you your own machine for that.
This is normally the cheapest way to have your “own” server in the internet.

After a couple of years, you realize that there is a better deal including better hardware at some other hoster or even the same.
So you decide to move your stuff over.

Now you want to cancel the current contract, but what is happening to the data that is on that server. Simply deleting is not really a solution. There are plenty of reports of harddisks turning up on ebay and the new owner has no problem restoring your data.

There is a solution to that called shred. It is a basic tool that is available with all popular linux distributions.

The easiest way is to use the following command. shred /dev/sda -f -v -z

This will overwrite your harddisk 25 times with garbage and it is really, really hard to get your data back.

Here is the shred man page.

5 years spamcollect – Happy Birthday

April 22nd, 2012 by admin | Permalink

Actually I was quite surprised when I realized that I am maintaining this blog now since 5 years.

Initial idea was just to store things I had trouble with and found a solution. So I don’t have to use Google or any other search engine.

I have to say I am also quite surprised that the PHPList Hack is since years the most popular one I have wrote. Seems like the system is used widely but not as open as expected.

Also one of my favorite posts is the one about SLES 10 sucks. Especially the comments section is fun.

Lets see what the next years will bring.

Fixed! – SugarCRM – Module Loader blank page after installing module

April 11th, 2012 by admin | Permalink

This took me a while till I found a solution. The module builder in SugarCRM seems to have a bug. Whenever you install something using the module loader, the system seems to kind of crash. The module loader page is not showing anything any more except the saying “Module Loader”. This seems to be a bug in all 6.2.x versions.

I found a solution here.

Goto the file ModuleInstall/PackageManager/PackageManager.php and edit line 668.


$target_manifest = remove_file_extension( $upgrade_content ) . '-manifest.php';


$target_manifest = UploadFile::realpath(remove_file_extension( $upgrade_content ) . '-manifest.php');

%d bloggers like this: