Stop entering Away Mode

technology 2019-03-05
I have finally solved an annoying problem with my Windows 10 setup which was sortof hard to Google, so I am sharing. For quite some time, the computer had refused to go to sleep when it was not running on battery. Instead of going to sleep when instructed to, it would simply turn off the screen and mute the volume while continuing to *actually not sleep*. Moving the mouse a tiny bit would swiftly end the charade. In a recent fit of rage I decided to inspect the event log, and behold, there were some Kernel Power events that said: > _The system is entering Away Mode._ Which is entirely _not_ what I wanted when I told it to go to sleep. However, there was no option _anywhere_ in the power settings to be found that turned off this _"Away Mode"_. Well, the option actually does exist, but for some reason it is not visible unless you set the Attributes value to 2 in the following, easily memorable registry key: 
HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\25DFA149-5DD1-4736-B5AB-E8A37B5B8187
Armed with this registry tweak, you can go back to the _"advanced"_ power settings, aka: 
rundll32 shell32.dll,Control_RunDLL PowerCfg.cpl @0,/editplan:
Navigate to Sleep and there should be an option that says Allow Away Mode Policy or something similar. And that policy should be set to no, not even when plugged in, never, just sleep, for crying out loud, why does this even exist.

Fast XOR in Python

code 2018-11-28
As I [have hinted at before](/2017/09/20/just-some-friendly-advice/), the [PyCrypto library](https://www.dlitz.net/software/pycrypto/) [seems to be dead](https://github.com/dlitz/pycrypto/issues/173). The [PyCryptodome](https://www.pycryptodome.org/en/latest/) library is a fork that is promising because it is maintained and works in Python 3, but they have a bit of a finger-wagging attitude which sometimes means that you have to fight the library a bit: 
>>> from Crypto.Cipher import ARC4
>>> cipher = ARC4.new(B'funk')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Python37\lib\site-packages\Crypto\Cipher\ARC4.py", line 132, in new
    return ARC4Cipher(key, *args, **kwargs)
  File "C:\Python37\lib\site-packages\Crypto\Cipher\ARC4.py", line 57, in __init__
    len(key))
ValueError: Incorrect ARC4 key length (4 bytes)
>>> ARC4.key_size = range(1,257)
>>> ARC4.new(B'funk').decrypt( ARC4.new(B'funk').encrypt( B'Hello World' ))
b'Hello World'
They certainly mean well, but the library is no place to impose security standards, in my opinion. In malware research for example, we often have to verbatim copy the appalling use of certain ciphers, like ARC4 with a 4-byte key. It happens all the time! I have been particularly struggling with [the removal of the XOR cipher](https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html). The XOR implementation of PyCrypto was very fast, and in this article I will both benchmark how fast exactly it was and give you a drop-in replacement which degrades gracefully based on your options. Do you want to know more?

Quick Tipp for First-Time Users of The ArangoDb Python Client

technology 2018-09-22
I started to play around with ArangoDB and used Python to get some data into my first database. Long story short: if you want to set your own key for the documents, do it on the document, not on the initialization data. EDIT: this is only true for the most recent version 1.3.1 release on pypi by the time of writing ((See conversation on github for details)). Read the longer story!

Atomic UPSERT with unique constraint on null-able column in PostgreSQL

technology 2018-08-26
This post will be probably be very boring for everyone who doesn't have this problem. But since it cost me some time to figure out a solution, I think it is worth sharing. I care. You share. Read on!

Cleaning Up Windows Without Interaction

technology 2018-08-10
To reduce the size of some of my virtual machines, I often run the Windows cleanup tool to get rid of update artifacts and temporary files. While the cleanmgr command has some undocumented options such as /setup, /autoclean and /verylowdisk, I could not achive what I wanted with any combination of these: I wanted to have one command that simply cleans _everything_ without interaction. TL;DR: Put this in a batch file: 
@echo off
set rootkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches
for /f "tokens=*" %%K in ('reg query %rootkey%') do >NUL REG add "%%K" /v StateFlags0000 /t REG_DWORD /d 2 /f
cleanmgr /sagerun:0
Essentially, this script manually creates the registry keys that would be created by a call to cleanmgr /sageset:0 and checking all the boxes. It then runs cleanmgr /sagerun:0 which non-interactively calls cleanmgr performing every cleanup task available. Remember to run this as an administrator to remove Windows update artifacts. Would you like to have that as PowerShell?

PMR, SMR, CMR, I-just-want-a-hdd-MR

technology 2018-05-31
I recently wanted to buy a new Harddisk. I did not want one that uses "shingled magnetic recording" because thats awfully slow. Instead I looked for a "perpendicular magnetic recording" HDD, but I learned thats not a thing anymore. Instead I could buy CMR disks. For those getting here by google looking for a quick answer: CMR=PMR. For those who want to know why PMR was renamed to CMR and why SMR disks are slow: read on

Anonymize IP addresses in NGINX log files

technology 2018-05-26
In an attempt to piggyback on the people's vague fear of random lawsuits in Germany, I'll blog on how to remove the last octet of an IP in NGINX log files. Do you want to know more or get sued?

Android without Google Apps

technology 2018-04-19
I recently dropped my Sony Z5 Compact and the glass on its back splintered. So I bought a new phone. Sony A Z5 Compact for the horrendous amount of 70€. When I bought my last phone everything had to go quick, Cyanogen mod was just announced dead and LineageOS was not ready yet. So I just installed the stock rom and lived with it. This time I wanted to go with a custom Rom and without any Google Apps on it. Here is what i did:

Posting POST, getting GET

web 2018-03-24
Recently I once again stumbled upon a detail of the HTTP specification involving the POST verb and "enforced" https. I'll document it here in an attempt to save other people the time (hopefully also future-me). Do you want to know more?

Minify JSON output of flask application on a per-request basis

technology, web 2018-03-05
Flask pretty-prints response generated by the flask.json.jsonify function. Avoiding this on a per request basis doesn't seem to be intended: There is a configuration variable for the whole application: JSONIFY_PRETTYPRINT_REGULAR. But setting that to False minifies every JSON responses. And, in general, I enjoyed the pretty printed output. So implementing X-PrettyPrint - which seems to be a quasi-standard - also sounded like a the wrong way because it means replacing the call to jsonify by a custom implementation. This short story has a happy end though: Flask does not pretty-print the response if it receives an AJAX request. So one can just send the appropriate header: 
curl -H 'X-Requested-With: XMLHttpRequest' "https://exmaple.com/api/endpoint.json";

Separating WiFi from the internet on a Fritz!Box 6490

technology 2018-01-20
![Network improvement](https://blag.nullteilerfrei.de/wp-content/uploads/2018/01/fb_net_ntf.png)
I installed a pfSense firewall behind my Fritz!Box Router, that does several jobs like VPN, Adblocking, etc. What always bothered me was, that this firewall could be easily bypassed by Wireless clients, because I am using my Fritz!Box as a wireless AP and therefore not physically isolated from the Internet connection. One could just set the Fritz!Box IP as the default gateway and bypass pfSense. If you have ssh access to your Fritz!Box you can fix this! Would you like to know how?

Convert Markdown to JIRA Format

technology 2018-01-16
For some reason, [Jira]'s [formatting] is not Markdown. Since you write everything in Markdown, you might be looking for a converter. If you furthermore hate node.js as much as yours truly, the search can easily claim your soul. Rest assured - I think [mistletoe] is the answer we are seeking. It is a pure Python Markdown parser which can render the parsed Markdown in any format, and one of them is Jira. It even comes with a [script] for this exact purpose. [Jira]: https://jira.atlassian.com/ [formatting]: https://jira.atlassian.com/secure/WikiRendererHelpAction.jspa?section=all [mistletoe]: https://github.com/miyuchina/mistletoe [script]: https://github.com/miyuchina/mistletoe/blob/dev/contrib/md2jira.py

Powershell DPAPI Script

technology 2018-01-05
I am writing a backup script which is supposed to backup data to a remote server, encrypted, and run as a scheduled task on a Windows machine. If you want all of that, you will have to store the encryption key somewhere. Instead of storing the password in plaintext, I had the idea to use the [Data Protection API]. Initially worried that I might have to write a wrapper for [CryptProtectData] myself, I quickly found the decent looking github project [DPAPIbridge]. Ultimately however, I figured out that Powershell can do all things. Presenting vault.ps1: 
Param(
  [string] $StoreSecret,
  [Parameter(Mandatory=$True,Position=0)]
  [string] $filename )
[void] [Reflection.Assembly]::LoadWithPartialName("System.Security")
$scope = [System.Security.Cryptography.DataProtectionScope]::CurrentUser
if ($StoreSecret -eq "") {
  $data = Get-Content $filename
  $ciphertext = [System.Convert]::FromBase64String($data)
  $plaintext = [System.Security.Cryptography.ProtectedData]::Unprotect(
    $ciphertext, $null, $scope )
  [System.Text.UTF8Encoding]::UTF8.GetString($plaintext)
} else {
  $plaintext = [System.Text.UTF8Encoding]::UTF8.GetBytes($StoreSecret)
  $ciphertext = [System.Security.Cryptography.ProtectedData]::Protect(
    $plaintext, $null, $scope )  
  [System.Convert]::ToBase64String($ciphertext) > $filename
}
This script can be run as vault.ps1 [-StoreSecret SECRET] FILE. If the optional argument is present, it will store a protected blob containing SECRET in FILE, otherwise it will read a blob of protected data from FILE and print the enclosed secret string. [DPAPIbridge]: https://github.com/vincepare/DPAPIbridge [Data Protection API]: https://msdn.microsoft.com/en-us/library/ms995355.aspx [CryptProtectData]: https://msdn.microsoft.com/de-de/library/windows/desktop/aa380261(v=vs.85).aspx [Borg]: https://borgbackup.readthedocs.io/en/1.1.2/usage/general.html?highlight=borg_passcommand#environment-variables
Authors have copyrights. People say these things in footers.
All Hail the Great Yawgmoth, Father of Machines.