Corona App of Deutsche Telekom lacks SSL security

Be careful what kind of app you are installing in these days. Especially Corona apps (also known as COVID-19 apps) are supposed to be on the market as soon as possible (like yesterday), but this might come at the cost of reliability and security.

The Corona App of Deutsche Telekom uses insecure SSL encryption to communicate to cloud servers. While the app itself is functioning and useful, personal health data should be handled in a more secure way.


Coronavirus: The Age of the Internet

Right now on the Internet you read a lot about staying at home and washing your hands thoroughly to prevent further spread of the virus.

But way more important is what you don't read. I stumbled across the following online news article of the Jerusalem Post. Looks legit to me. Nevertheless I haven't read anything about those Israeli scientists anywhere else.

Neither denying nor confirming news articles like these is probably the worst thing officials in other countries can do. It ultimately leads to disorientation and panic.

Lessons learned: Today we already live in the age of the internet. But while infrastructure and communication services might be functioning pretty good, we still need to learn how to communicate effectively, and distribute the right news and information at the right time.

You better stick to your promises:
Israeli scientists: 'In a few weeks, we will have coronavirus vaccine' (MARCH 15, 2020)


NetworkManager in Ubuntu 19.10 and 20.04 not working

NetworkManager in Ubuntu 19.10 and 20.04 is disabled by default, except for WiFi connections.

If you experience any problems with Ethernet connections or vlans (including a vlan that might be configured by netplan but somehow doesn't get activated), check out the configuration file 10-globally-managed-devices.conf.



As you can see, all devices are declared unmanaged by default, except for wifi, gsm and cdma devices. Move the file to /etc/NetworkManager/conf.d and change it to:


Restart NetworkManager.

sudo systemctl restart network-manager

Free Julian Assange

My personal prediction:
It is pretty obvious that the US government has no special interest in an early conviction. They just want to hunt Julian Assange down and torture him for the rest of his life. And there sure are plenty of mentally deranged psychos on the CIA payroll who are more than willing to and take great delight in skillfully exercising this task.

If he is found guilty, a lot of people will accuse the US government of disregarding the freedom of press.

If he is not or only partially found guilty, the US government might be considered weak and send a wrong signal to all future whistleblowers.

So why would the US government be in a hurry for a fair trial that the whole world will be watching closely? Slowly cook him to death surely is the more gruesome alternative.


First Deepfake Face Swap Movie

Georges Melies was one of the first creators of special effects in early silent movies. In "A Trip to the Moon" (1902) he projected his own face on the surface of the moon.

While the image quality is not comparable to modern movies, the effects are still amazing considering they were created almost 120 years ago, without the help of any computers!


Chelsea Manning is being tortured

A top United Nations official just condemned the continuing imprisonment of Chelsea Manning as torture and called for her immediate release.

Sign the petition: tell the government to stop torturing Chelsea Manning and set her free.

Chelsea Manning already gave an extensive statement in her 2013 trial and was sentenced to 35 years in prison. After 7 years in prison and 2 suicide attempts she was released in 2017 being commuted by President Obama himself ("Justice has been served."). This case is history.

Chelsea Manning has been released from prison as of 12.03.2020. Finally some good news this year.


Evolution of Managed Network Services


... or how to get rid of monolithic service architectures.

1991 - CORBA
A distributed management framework for network services. The father of it all. First on Uni* systems, later on other operating systems as well.

- Not monolithic as everything before.
- The "O" stands for "Object", so it must be totally awesome.

1996 - DCOM
A distributed management framework for network services. The Microsoft way. Back in the days Microsoft reinvented everything to set new standards and own them.

- Not monolithic as everything before.
- The "O" stands for "Object", so it must be totally awesome.

1997 - Java JNDI and RMI
A distributed management framework for network services. Along came the bytecode revolution with Java, and yes, of course Java wanted to do it the Java way.

- Not monolithic as everything before.
- It's Java, so it must be totally awesome.

1999 - Java JNDI and EJB
A distributed management framework for network services. Way cooler than RMI.

- Not monolithic as everything before.
- Even more object-oriented, so it must be totally awesome.

1999 - Java JNDI and Tomcat
A distributed management framework for network services. Way cooler than EJB.

- Not monolithic as everything before.
- Everyone is using it, so it must be totally awesome.

2003 - SOAP
Distributed network services. Can be used by other programming languages than Java. In case there are any. Lacks service discovery, as e.g. CORBA already provided out of the box more than 20 years ago. So you need an additional layer called ESB.

- Not monolithic as everything before.
- The "O" stands for "Object", so it must be totally awesome.

201? - REST
Distributed network services. Advancement of SOAP.

- Almost the same as SOAP, just a bit smaller.

2015 - Cloud Microservices
A distributed management framework for network services. Based on REST. Lacks service discovery though, as e.g. CORBA already provided out of the box more than 20 years ago. So you need an additional layer called service mesh.

- Not monolithic as everything before.
- It has the word "Cloud" in it, so it must be totally awesome.

202? - ...
Not sure what it will be called, but sure as hell it will be a distributed management framework for network services. And it will be way hotter than everything before, because it will not be monolithic.


Criswell Predicts ... IT in 2020

It Predictions

As new year is approaching, there are - inevitably as every year - predictions about what's coming up in IT in the next year.

Unfortunately everything I have read so far is bleeding obvious: Moving to the cloud, AI will be used everywhere, and Python is becoming the most dominant programming language. Without merely continuing the trends from 2019, here are my wild predictions for 2020:

  • With yet another devastating side channel security breach in Intel and AMD processors, all major cloud providers are moving their server hardware to ARM processors.
    Update 14.11.2020:
    Amazon Launches a Killer ARM Server Chip With the Graviton2
    Apple Silicon M1 Chip in MacBook Air Outperforms High-End 16-Inch MacBook Pro
    Update 22.12.2020:
    Microsoft is designing its own Arm-based data-center server
  • An unnamed whistle blower reveals that the NSA is using quantum computers and AI to profile every single citizen in the world in real-time. Data is retrieved from decrypted TLS connections by quantum computers, and numerous micro satellites orbiting the earth.
  • Chinese smartphones running their own Chinese Open Source operating system are becoming the defacto standard for secure and affordable mobile devices.
    Update 14.11.2020:
    Huawei to shift phones to its own Harmony operating system from 2021
  • Large companies like Apple, Google and Microsoft are launching their own space missions to mine natural resources on moon and mars.
  • Large companies like Apple, Google and Facebook begin to span their own micro satellite networks to provide mobile phone and internet services around the globe. National telecommunication companies become obsolete.
    Update 04.08.2020:
    Bezos' internet from space plan moves a step close
  • Deep fake videos are banned by all major industrial countries around the globe. Social media platforms are legally obliged to detect and delete deep fake videos.
    Update 07.01.2020:
    Facebook bans 'deepfake' videos in run-up to US election
  • In a rather controversial press conference Microsoft announces it will discontinue Outlook as an installable email program and urges Windows users to migrate to the corresponding cloud service Office365. Users will have to pay a monthly fee for using Outlook email services. Alternatively Microsoft recommends Mozilla's Thunderbird as an installable email client on local Windows computers.


Let's Encrypt Certificate for SMTP with STARTTLS

TLS Encryption

Let's Encrypt provides an easy way to get free certificates not only for web servers, but also for email servers like Postfix.

The way Let's Encrypt usually works requires you to setup a web server. Let's Encrypt sends you a challenge, and you have to prove ownership of the domain by providing a response to that challenge. You do this by placing the response in a certain URL on your web server:

That way you prove that you are the owner of the domain "". But there is another even easier way to prove ownership of a domain: DNS. You place the response in a specific TXT record of your domain:

  • You can use your domain hosting service (GoDaddy, Whois, etc.) to create a new TXT record.
  • The "certbot" command line client does all the rest in just one call.
  • Under Debian 9 and 10, "certbot" is part of the official package repository.
  • You can run certbot on any Linux client. You don't have to run it on the email server.


In this example the public hostname of your mail server is Therefore you have to create a TXT record called . The value of the TXT record is in the output of certbot.

# certbot certonly --manual --preferred-challenges dns -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log 
Plugins selected: Authenticator manual, Installer None 
Obtaining a new certificate 
Performing the following challenges: 
dns-01 challenge for 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
NOTE: The IP of this machine will be publicly logged as having requested this 
certificate. If you're running certbot in manual mode on a machine that is not 
your server, please ensure you're okay with that. 
Are you OK with your IP being logged? 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
(Y)es/(N)o: Y 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
Please deploy a DNS TXT record under the name with the following value: 
Before continuing, verify the record is deployed. 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
Press Enter to Continue 
Waiting for verification... 
Cleaning up challenges 
 - Congratulations! Your certificate and chain have been saved at: 
   Your key file has been saved at: 
   Your cert will expire on 2020-02-15. To obtain a new or tweaked 
   version of this certificate in the future, simply run certbot 
   again. To non-interactively renew *all* of your certificates, run 
   "certbot renew" 
 - If you like Certbot, please consider supporting our work by: 
   Donating to ISRG / Let's Encrypt: 
   Donating to EFF: