Welcome to my blog of technical explorations. Thanks for stopping by!
I’m self-employed based in Germany and work on software development, security, infrastructure, and general IT consulting projects. I’m available for advisory or hands-on work. Interested? Please get in touch.
Just want to chat? Feel free to send me an email! I try to respond to as many emails as possible.
A while back the FileMaker Server (FMS) installer for Ubuntu Linux started checking the currently installed web server versions and giving warnings and an interactive prompt (!) in case of outdated versions. This is rather annoying if you like to install/upgrade your FMS non-interactively. Using ansible, for example, your playbook would just hang and you would start wondering what’s going on. Let’s see what is actually happening, why it’s happening, and how to solve it. ...
With a few security features added to the FileMaker Server Admin Console in the last few versions, I decided to play around with them to see how they are implemented. In this article I want to highlight three of the issues I found last year (2023) and subsequently reported to Claris/Apple. TL;DR: Until version FileMaker Server version 21.0.1 you can bypass the IP restricions and until version 20.3.1 no administrator role privileges are respected on the server (every role can upgrade itself to all privileges). The latter issue remains only partially fixed. ...
I was recently asked if it’s possible to post a message to a Slack channel whenever the state of a monitor on allgood.systems changes (for example, a web server goes down, a job starts failing, etc.). The answer is “yes”, and it’s quite easy to set this up once you have a Slack app configured. All you need to do on allgood’s side is to add a web hook to your notification group, enter the URL you get from Slack, and define what message you want to send. ...
Introduction I had been planning for a while to dive deeper into the fmp12 file format to explore how data is organized and how accounts and passwords are stored. A few months ago, I finally found the time to do it. The first thing I noticed was just how little information publicly exists about the file format and especially about account and password storage. The only information on the latter was that “a one-way hash” is used for storing passwords and that there are some password reset tools that – according to forums – might work but would also “damage” your file, without any further clarification. ...
The problem statement Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this: You could use a bastion host in your public subnet, harden it and limit access to a certain IP range, and then tunnel your SSH or RDP (or any other TCP) traffic through this host using SSH. Alternatively, you could set up a VPN server through which to connect to your instance. ...