Dietrich Schroff

Subscribe to Dietrich Schroff feed
Dietrich Schroff
Updated: 1 month 17 hours ago

Oracle Sign up: more problems

Fri, 2019-09-13 14:03
I thought, i was successful, but:

I received a mail with the following content:

"We have re-authorized a new, specific amount on the credit/debit card used during the sign up process."


"To verify the account you have created, please confirm the specific amount re-authorized."

My problem: there is not any "re-authorized amount" on my banking account. I do not know, what is "re-authorized"?
Is this: this amount is charged on my credit card (then i should see it).
Or is this process buggy and i was for some reason not charged?
Or is re-authorization something else?

Oracle Cloud: First login

Thu, 2019-09-12 13:53
After signing up to Oracle cloud i tried my first login:

but i only got:
I think the problem is, that there i a manual review step on Oracle's side which i have not passed for now:
So let's wait for a day or two...

Oracle Cloud: Sign up failed... [3] & solved

Tue, 2019-09-10 13:44
Finally (see my attempts here and here) i was able to sign up to Oracle cloud.
What did the trick?

I got help from Oracle support:
So i used my gmail address and this worked:

and then:

Let's see how this cloud will work compared to Azure and AWS

Oracle Cloud: Sign up failed... [2]

Fri, 2019-09-06 14:36
After my failed registration to Oracle cloud, i got very fast an email from Oracle support with the following requirements:
So i tried once again with a firefox "private" window - but this failed again.
Next idea was to use a completely new installed browser: so i tried with a fresh google-chrome.
But the error still remained:
Let's hope Oracle support has another thing which will put me onto Oracle cloud.


There is a tiny link "click here" just abouve the blue button. This link a have to use with the verification code provided by Oracle support.
But then the error is:
I checked this a VISA and MASTERCARD. Neither of them worked...

UPDATE 2: see here how the problem was solved.

Oracle Cloud: Sign up failed...

Sun, 2019-09-01 08:38
Yesterday i tried to sign up for oracle cloud:

 So let's start the registration process:

The mobile number verification is done with SMS and after entering the 7 digit pin, you are allowed to enter a password:

As payment information only credit cards are accepted:
  • VISA
  • Mastercard
  • Amex

Eve though my credit card was accepted:

"Your credit card has been successfully validated. Please proceed to complete the Sign up."
I got the following error:

"We're unable to process your transaction. Please contact Oracle Customer Service."
The link "Oracle Customer Service" did not work, so i used the Chat Support. But inside the chat was no agent available and only "Send E-Mail" worked. Let's see what kind of response i will be given...

EDIT: Some further attempts...

EDIT 2: see here how the problem was solved.  

Ubuntu Linux: Change from Legacy boot to UEFI boot after installation

Sat, 2019-08-31 10:01
This weekend i did an installation of Linux on a laptop where already a windows 10 was installed.
Because laptop did not recognize my linux boot usb-stick i changed from UEFI to legacy mode and the installation went through without any problem.

At the end grub was in place but the windows installation was not listed. This is, because windows does not support booting.

The problem: If i switch back to UEFI the linux installation did not start anymore.

My solution:
  • Change to UEFI and boot with a live linux
  • Install boot-repair into the live linux
    sudo add-apt-repository ppa:yannubuntu/boot-repair
    sudo apt-get update
    sudo apt-get install -y boot-repair
  • Then run boot repair
  • Follow the instructions on the Boot-Repair homepage (s. above)
  • Enter the commands of the following popus:

And after removing the live CD i got an boot grub menu, where windows was in place and working (and the Ubuntu Linux worked, too ;-)

Linux: Configuring hosts per ssh in parallel: pssh

Fri, 2019-08-16 15:11
If you have to set up some hosts in a way, that a number of commands has to be executed on each node, than you should consider PSSH:

The installation is straight forward:
root@zerberus:~# apt-get install pssh
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.      
Statusinformationen werden eingelesen.... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
  btrfs-tools geoip-database-extra libcryptui0a libjs-openlayers seahorse-daemon
Verwenden Sie »apt autoremove«, um sie zu entfernen.
Die folgenden NEUEN Pakete werden installiert:
0 aktualisiert, 1 neu installiert, 0 zu entfernen und 8 nicht aktualisiert.
Es müssen 29,0 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 135 kB Plattenplatz zusätzlich benutzt.
Holen:1 bionic/universe amd64 pssh all 2.3.1-1 [29,0 kB]
Es wurden 29,0 kB in 0 s geholt (71,0 kB/s).
Vormals nicht ausgewähltes Paket pssh wird gewählt.
(Lese Datenbank ... 488993 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../archives/pssh_2.3.1-1_all.deb ...
Entpacken von pssh (2.3.1-1) ...
pssh (2.3.1-1) wird eingerichtet ...
Trigger für man-db (2.8.3-2ubuntu0.1) werden verarbeitet ...
But executing on ubuntu is a little bit tricky:
If you want to do a test, you have to know, that ubuntu has renamed the binary to parallel-ssh. pssh is not known at commandline:

schroff@zerberus:~$ parallel-ssh -i -H "localhost" ls -l .bashrc
[1] 00:04:48 [SUCCESS]
-rw-r--r-- 1 schroff schroff 3815 Jul 14  2017 .bashrc
[2] 00:04:48 [SUCCESS] localhost
-rw-r--r-- 1 schroff schroff 3815 Jul 14  2017 .bashrc
Please note the syntax highlighting, which i found very helpful:

Oracle VM Server: Why the server uuid is important and why changes to this uuid are critical

Sun, 2019-08-04 15:02
After working a while with Oracle VM server it turns out, that a very important parameter is the UUID of a Oracle VM server.

This UUID is used by the ovs-agent (take a look at the Oracle documentation). Here a few excerpts of these chapter:
The Oracle VM Agent is a daemon that runs within dom0 on each Oracle VM Server instance. Its primary role is to facilitate communication between Oracle VM Server and Oracle VM Manager.
Oracle VM Agent is responsible for carrying out all of the configuration changes required on an Oracle VM Server instance, in accordance with the messages that are sent to it by Oracle VM Manager.
If you wish to allow another Oracle VM Manager instance to take ownership of the server, the original Oracle VM Manager instance must release ownership first.
Oracle VM Agent also maintains its own log files on the Oracle VM Server that can be used for debugging issues on a particular server instance or for auditing purposes. 
The oracle vm server gets identified at the oracle vm manager by its UUID. There is a very nice blogposting from Bjorn Naessens:
He made his way through the source code and comes up with the following important things about this uuid:

From an architectural point of view, this is a really bad way, because the UUID will change, if you change the motherboard SMBIOS oder change a network MAC.
With loosing your UUID, the OVS-agent will no longer communicate with your OVM-manager and therfore you can not start/stop any VM on that host.

You can get the UUID of a server from the OVM Manager GUI:
(--> "Servers and VMs": select the server on the tree under "server pools" --> change the dropdown to "info")

How to fix a UUID change can be found here:

Firefox on Linux: password field flickering / curser blinks...

Sat, 2019-07-20 07:53
After upgrading to firefox 68 i was not able to enter the password (and configuration password) field in online registrations.
The cursor in the password fields kept flickering/blinking and on some pages firefox completely freezes.
With other browsers this does not happen, but i wanted to stay with firefox.

The solution was starting firefox with an additional environment variable:

GTK_IM_MODULE=xim firefox

apt-get install aspnetcore-runtime-2.2 fails on ubuntu: workaround with snap

Sun, 2019-07-14 05:10
Two week ago i tried to install a microsoft tool on my linux laptop and i got the following error:
So i tried:

apt-get install aspnetcore-runtime-2.2
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
Einige Pakete konnten nicht installiert werden. Das kann bedeuten, dass
Sie eine unmögliche Situation angefordert haben oder, wenn Sie die
Unstable-Distribution verwenden, dass einige erforderliche Pakete noch
nicht erstellt wurden oder Incoming noch nicht verlassen haben.
Die folgenden Informationen helfen Ihnen vielleicht, die Situation zu lösen:

Die folgenden Pakete haben unerfüllte Abhängigkeiten:
aspnetcore-runtime-2.2 : Hängt ab von: dotnet-runtime-2.2 (>= 2.2.5) soll aber nicht installiert werden
E: Probleme können nicht korrigiert werden, Sie haben zurückgehaltene defekte Pakete.

A quick workaround was to use the dotnet snap package:
snap install dotnet-sdk --classic
And then to a link from /usr/bin/dotnet to /snap/dotnet...:
$ ls -l /usr/bin/dotnet 
lrwxrwxrwx 1 root root 31 Jun 23 20:56 /usr/bin/dotnet -> /snap/dotnet-sdk/current/dotnet

Ubuntu Server: How to activate kernel dumps

Fri, 2019-06-21 14:25
If you are running ubuntu server, you can add kdump on your system to write kernel dumps in case of sudden reboots etc.

Installing is very easy:
root@ubuntuserver:/etc# apt install linux-crashdump
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following additional packages will be installed:
  binutils binutils-common binutils-x86-64-linux-gnu crash kdump-tools kexec-tools libbinutils libdw1 libsnappy1v5 makedumpfile
Suggested packages:
The following NEW packages will be installed:
  binutils binutils-common binutils-x86-64-linux-gnu crash kdump-tools kexec-tools libbinutils libdw1 libsnappy1v5 linux-crashdump makedumpfile
0 upgraded, 11 newly installed, 0 to remove and 43 not upgraded.
Need to get 2,636 B/5,774 kB of archives.
After this operation, 26.0 MB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 bionic-updates/main amd64 linux-crashdump amd64 [2,636 B]
Fetched 2,636 B in 0s (28.1 kB/s)    
Preconfiguring packages ...
Selecting previously unselected package binutils-common:amd64.
(Reading database ... 66831 files and directories currently installed.)
Preparing to unpack .../00-binutils-common_2.30-21ubuntu1~18.04_amd64.deb ...
Unpacking binutils-common:amd64 (2.30-21ubuntu1~18.04) ...
Selecting previously unselected package libbinutils:amd64.
Preparing to unpack .../01-libbinutils_2.30-21ubuntu1~18.04_amd64.deb ...
Unpacking libbinutils:amd64 (2.30-21ubuntu1~18.04) ...
Selecting previously unselected package binutils-x86-64-linux-gnu.
Preparing to unpack .../02-binutils-x86-64-linux-gnu_2.30-21ubuntu1~18.04_amd64.deb ...
Unpacking binutils-x86-64-linux-gnu (2.30-21ubuntu1~18.04) ...
Selecting previously unselected package binutils.
Preparing to unpack .../03-binutils_2.30-21ubuntu1~18.04_amd64.deb ...
Unpacking binutils (2.30-21ubuntu1~18.04) ...
Selecting previously unselected package libsnappy1v5:amd64.
Preparing to unpack .../04-libsnappy1v5_1.1.7-1_amd64.deb ...
Unpacking libsnappy1v5:amd64 (1.1.7-1) ...
Selecting previously unselected package crash.
Preparing to unpack .../05-crash_7.2.1-1ubuntu2_amd64.deb ...
Unpacking crash (7.2.1-1ubuntu2) ...
Selecting previously unselected package kexec-tools.
Preparing to unpack .../06-kexec-tools_1%3a2.0.16-1ubuntu1_amd64.deb ...
Unpacking kexec-tools (1:2.0.16-1ubuntu1) ...
Selecting previously unselected package libdw1:amd64.
Preparing to unpack .../07-libdw1_0.170-0.4_amd64.deb ...
Unpacking libdw1:amd64 (0.170-0.4) ...
Selecting previously unselected package makedumpfile.
Preparing to unpack .../08-makedumpfile_1%3a1.6.3-2_amd64.deb ...
Unpacking makedumpfile (1:1.6.3-2) ...
Selecting previously unselected package kdump-tools.
Preparing to unpack .../09-kdump-tools_1%3a1.6.3-2_amd64.deb ...
Unpacking kdump-tools (1:1.6.3-2) ...
Selecting previously unselected package linux-crashdump.
Preparing to unpack .../10-linux-crashdump_4. ...
Unpacking linux-crashdump ( ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up libdw1:amd64 (0.170-0.4) ...
Setting up kexec-tools (1:2.0.16-1ubuntu1) ...
Generating /etc/default/kexec...
Setting up binutils-common:amd64 (2.30-21ubuntu1~18.04) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up makedumpfile (1:1.6.3-2) ...
Setting up libsnappy1v5:amd64 (1.1.7-1) ...
Processing triggers for systemd (237-3ubuntu10.12) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up libbinutils:amd64 (2.30-21ubuntu1~18.04) ...
Setting up kdump-tools (1:1.6.3-2) ...

Creating config file /etc/default/kdump-tools with new version
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/50-curtin-settings.cfg'
Sourcing file `/etc/default/grub.d/kdump-tools.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.0-45-generic
Found initrd image: /boot/initrd.img-4.15.0-45-generic
Created symlink /etc/systemd/system/ → /lib/systemd/system/kdump-tools.service.
Setting up linux-crashdump ( ...
Setting up binutils-x86-64-linux-gnu (2.30-21ubuntu1~18.04) ...
Setting up binutils (2.30-21ubuntu1~18.04) ...
Setting up crash (7.2.1-1ubuntu2) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.12) ...
Within the installation you have to answer these questions:

After the installation the following parameter is added to the kernel cmdline:
grep -r crash /boot* |grep cfg
/boot/grub/grub.cfg:        linux    /boot/vmlinuz-4.15.0-46-generic root=UUID=a83c2a94-91c4-461a-b6a4-c7a81422a857 ro  maybe-ubiquity crashkernel=384M-:128M
/boot/grub/grub.cfg:            linux    /boot/vmlinuz-4.15.0-46-generic root=UUID=a83c2a94-91c4-461a-b6a4-c7a81422a857 ro  maybe-ubiquity crashkernel=384M-:128M
range=start-[end] 'start' is inclusive and 'end' is exclusive

The configuration is done via /etc/default/kdump-tools. Here the parameter to control the directory to dump the core into:

cat /etc/default/kdump-tools  |grep DIR
# KDUMP_COREDIR - local path to save the vmcore to.
Next step is to reboot and verify the kernel cmdline.

#cat /proc/cmdline 
BOOT_IMAGE=/boot/vmlinuz-4.15.0-46-generic root=UUID=a83c2a94-91c4-461a-b6a4-c7a81422a857 ro maybe-ubiquity crashkernel=384M-:128M

To get a coredump just use the following commands:
root@ubuntuserver:/etc# sysctl -w kernel.sysrq=1
kernel.sysrq = 1
root@ubuntuserver:/etc# echo c > /proc/sysrq-trigger

Google Jamboard ?!

Sun, 2019-06-09 04:24
By reorganising my Google drive i ran into "Jamboard"...
This is a tiny Google web application, where you can do some fast sketches but the functionality is really limited:

Ubuntu Server: eBook

Sat, 2019-06-01 09:31
For testing waagent (Microsoft Azure Linux Guest Agent) i downloaded Ubuntu Server. Ubuntu advertised an ebook for administrators:

Here the short summary from this webpage:

Server provisioning: what Network Admins and IT pros need to knowThis document is designed to help system administrators and DevOps focused organisations to understand bare metal server provisioning, understand its value proposition, and learn about how leading companies are using server provisioning solutions within their hyperscale environments.
Canonical’s MAAS helps organisations to take full advantage of existing hardware investments by maximising hardware efficiency, and a pathway to leverage the performance and security of hardware based solutions with the economics and efficiencies of the cloud.With MAAS = Metal As A Service

The eBook contains 6 chapters on 20 pages:
  1. Executive summary
  2. Cloud speed with bare metal reliability and efficiency 
  3. Get the most out of your hardware investment
  4. How the smartest IT Pros let software do the work
  5. Make hardware investments more strategic 
  6. Conclusion
Ubuntus MAAS is the idea to create your own cloud with your own metal. Its about the automation of installing and provisioning hardware. There are region controllers (regiond) and rack controllers (rackd) which will manage your systems by using DNS, DHCP, PXE, TFTP and some others...
They are introducing availibility zones like they exist in Amazon Web Services or Microsoft Azure:
 If you are interested take a look here:

Get started with MAAS
To download and install MAAS for free please visit

Oracle JDeveloper: Is this IDE dead? Are there new releases?

Fri, 2019-05-24 12:22
Some weeks ago i read the Java Magazine (

They report from a survay taken place in 2018 about Java. One of the questions was which application server do you use in production:

This was not really amazing.
But the question about the IDE gave a really surprising result:

More developers use IntelliJ than Eclipse?
Not really surprising was the usage of Oracle's JDeveloper: Only 1% of the developers use this tool.

You have to keep in mind, that with using Oracle's SOA Suite / BPEL / ESB you are forced to use JDeveloper - which means this SOA stuff is not used by many people out there.

If you take a look on the Oracle homepage you will find:

The last version was released in august 2017 - this does look like living software.

For architects and consultants JDeveloper can be very useful because it has a very nice visualization of XSDs and XSLTs (Take a look here). So hopefully JDeveloper will stay alive...

Wireguard: Status information / using the wg command

Fri, 2019-05-10 14:10

After the installation of wireguard on two servers i shut down the secondary server and after 4h i did the wg command:
root@zerberus:~# wg
interface: wg0
  public key: XXX=
  private key: (hidden)
  listening port: 46932

peer: YYY=
  allowed ips:
  latest handshake: 4 hours, 19 minutes, 2 seconds ago
  transfer: 348 B received, 436 B sent
With the "ip addr" command there is nothing really interesting:
root@zerberus:~# ip addr show wg0
5: wg0: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet scope global wg0
       valid_lft forever preferred_lft forever
Just to get some information about the "wg" command:
root@zerberus:~# wg help
Usage: wg []

Available subcommands:
  show: Shows the current configuration and device information
  showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
  set: Change the current configuration, add peers, remove peers, or change peers
  setconf: Applies a configuration file to a WireGuard interface
  addconf: Appends a configuration file to a WireGuard interface
  genkey: Generates a new private key and writes it to stdout
  genpsk: Generates a new preshared key and writes it to stdout
  pubkey: Reads a private key from stdin and writes a public key to stdout
You may pass `--help' to any of these subcommands to view usage.
and one more example:
root@zerberus:~# wg showconf wg0

ListenPort = 46932
PrivateKey = TTT=

PublicKey = XXX=
AllowedIPs =
Endpoint =

firefox extension do not work anymore....

Sat, 2019-05-04 02:39
Today some of my extensions stopped to work and a reinstall failed due to "Download failed. Please check your connection.":

There is an article about this issue, which says, that this is due to an expired certificate:

The workarounds stated there, do not work for my extensions, so i have to wait, that firefox gets a solution (and a new certificate).

For all others with this problem: Do not deinstall your extensions (like i did) - just wait...

Edit: Here the statement from mozilla:
On twitter i found this nice comment

Edit: For latest infos read

Wireguard: Installation & configuration

Fri, 2019-05-03 04:31
To install wireguard i followed this instruction.
First step is to add the repository to your machine:

root@zerberus:~# add-apt-repository ppa:wireguard/wireguard
 WireGuard is a novel VPN that runs inside the Linux Kernel. This is the Ubuntu packaging for WireGuard. More info may be found at its website, listed below.

More info:
Packages: wireguard wireguard-tools wireguard-dkms

Install with: $ apt install wireguard

For help, please contact
 Mehr Informationen:
[ENTER] drücken zum Weitermachen oder Strg-c, um das Hinzufügen abzubrechen.

OK:1 bionic InRelease
OK:2 bionic InRelease                                
OK:3 bionic InRelease                                                               
OK:4 bionic InRelease                                                       
Paketlisten werden gelesen... Fertig               
Then the installion:

root@zerberus:~# apt install wireguard
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.      
Statusinformationen werden eingelesen.... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
  btrfs-tools geoip-database-extra libcryptui0a libjs-openlayers seahorse-daemon
Verwenden Sie »apt autoremove«, um sie zu entfernen.
Die folgenden zusätzlichen Pakete werden installiert:
  wireguard-dkms wireguard-tools
Die folgenden NEUEN Pakete werden installiert:
  wireguard wireguard-dkms wireguard-tools
0 aktualisiert, 3 neu installiert, 0 zu entfernen und 1 nicht aktualisiert.
Es müssen 640 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 4.814 kB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren? [J/n]
Holen:1 bionic/main amd64 wireguard-dkms all 0.0.20190123-wg1~bionic [551 kB]
Holen:2 bionic/main amd64 wireguard-tools amd64 0.0.20190123-wg1~bionic [85,2 kB]
Holen:3 bionic/main amd64 wireguard all 0.0.20190123-wg1~bionic [4.136 B]
Es wurden 640 kB in 0 s geholt (1.307 kB/s).
Vormals nicht ausgewähltes Paket wireguard-dkms wird gewählt.
(Lese Datenbank ... 471444 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../wireguard-dkms_0.0.20190123-wg1~bionic_all.deb ...
Entpacken von wireguard-dkms (0.0.20190123-wg1~bionic) ...
Vormals nicht ausgewähltes Paket wireguard-tools wird gewählt.
Vorbereitung zum Entpacken von .../wireguard-tools_0.0.20190123-wg1~bionic_amd64.deb ...
Entpacken von wireguard-tools (0.0.20190123-wg1~bionic) ...
Vormals nicht ausgewähltes Paket wireguard wird gewählt.
Vorbereitung zum Entpacken von .../wireguard_0.0.20190123-wg1~bionic_all.deb ...
Entpacken von wireguard (0.0.20190123-wg1~bionic) ...
wireguard-dkms (0.0.20190123-wg1~bionic) wird eingerichtet ...
Loading new wireguard-0.0.20190123 DKMS files...
Building for 4.17.0-rc3
Building initial module for 4.17.0-rc3
Secure Boot not enabled on this system.

Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/4.17.0-rc3/updates/dkms/


DKMS: install completed.
wireguard-tools (0.0.20190123-wg1~bionic) wird eingerichtet ...
wireguard (0.0.20190123-wg1~bionic) wird eingerichtet ...
Trigger für man-db (2.8.3-2ubuntu0.1) werden verarbeitet ...
And then the configuration:
(i extracted the steps from the video here)
root@zerberus:~# wg genkey > /root/private.wireguard
Warning: writing to world accessible file.
Consider setting the umask to 077 and trying again.

root@zerberus:~# ls -l /root/
insgesamt 4
-rw-r--r-- 1 root root 45 Apr 27 18:55 private.wireguard

root@zerberus:~# cat /root/private.wireguard 
root@zerberus:~# wg pubkey  < /root/private.wireguard

root@zerberus:~# ip link add wg0 type wireguard
root@zerberus:~# ip addr add dev wg0
root@zerberus:~# wg set wg0 private-key /root/private.wireguard
root@zerberus:~# ip link set wg0 up

root@zerberus:~# ifconfig
wg0: flags=209  mtu 1420
        inet  netmask  destination
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
All the steps up to here, have to be done on both servers.
My setup was
  • server 1: "public ip", vpn ip
    public wireguard key XXX
    wirguard port: 46932 (how to get this number, just move on)
  • server 2: "public ip", vpn ip
    public wireguard key YYY
    wireguard port: 35891
 To get the public keys and the port number use this command:
root@zerberus:~# wg

interface: wg0
  public key: XXX
  private key: (hidden)
  listening port: 46932
Then use the ip, port and public key from the secondary server:
root@zerberus:~# wg set wg0 peer 23P8GMzwpnpaw38wEERXev1jJIQlkhB/lZB35wwXVD4= allowed-ips endpoint
Do the some on the secondary machine with the ip, port and public key from primary server.

And after that you can check with:
root@zerberus:~# ping

PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=47.0 ms
64 bytes from icmp_seq=2 ttl=64 time=63.8 ms
--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 47.018/55.442/63.866/8.424 ms
I think this was much easier than setting up IPSec or OpenVPN.

Review at amazon: SAP Cloud Platform

Mon, 2019-04-29 13:47
Last week i read this book:
Before starting with the Oracle Cloud i wanted to read something other than AWS or Microsoft Azure. I was surprised at the completely different target of this cloud in respect to AWS and Azure. It is much more focused on business and business value - which is clearly one core domains of SAP.

This book contains a very well written introduction into cloud services - many other books could take this as an example. Very impressing are the over 120 mainly conceptional pictures - they make it much easier to understand the SAP Cloud Platform.

If you are interested, take a look at my review at (like all my reviews: written in german ;-).

Oracle Database 19c (19.3) released!

Sat, 2019-04-27 13:59
And after nearly 3 months of waiting - Oracle released 19c:

First special feature: The rpm is still there and the release is only done for Linux and Oracle Solaris.

To get to the Linux download page just click here.

But the Grid Infrastructure is still not delivered as RPM package. :-(

Wireguard: An easy way to build VPNs

Sat, 2019-04-27 03:35
Last week i came across the following tool:

If you want to build up a VPN you can choose one of the following strategies:
  • based on IPSec
  • using TLS
(These two are the options to choose - of course there are some others...)

The nice thing with wireguard (from the linux point of view) is, that the wireguard interfaces are handled like all other  network interfaces on your device.

If you are really interested in this way, you should read the whitepaper. Here some excerpts:

... IPSec ... updating these data structures based on the results of a key exchange, generally done with IKEv2 [13], itself a complicated protocol with much choice and malleability. The complexity, as well as the sheer amount of code, of this solution is considerable. Administrators have a completely separate set of firewalling semantics and secure labeling for IPsec packets.... based solution that uses TLS. By virtue of it being in user space, it has very poor performance—since packets must be copied multiple times between kernel space and user space—and a long-lived daemon is required; OpenVPN appears far from stateless to an administrator. A WireGuard interface,wg0, can be added and configured to have a tunnelIP address of10.192.122.3in a/24subnet with the standard ip(8)utilities...One design goal of WireGuard is to avoid storing any state prior to authentication and to not send any responses to unauthenticated packets. With no state stored for unauthenticated packets, and with no response generated,WireGuard is invisible to illegitimate peers and network scanners. Several classes of attacks are avoided bynot allowing unauthenticated packets to influence any state. And more generally, it is possible to implement WireGuard in a way that requires no dynamic memory allocation at all, even for authenticated packets, as explained in section 7.So next step is to install this VPN solution and see, if the administration is really so easy as promised...