Category Archives: General

Hiking Tours

Posted on by

All the hiking tours in chronological order, together with TC, Anti and other colleagues.

  • 1997 – Brixen / Sellagruppe : Taps, Anti, Birgit, TC
  • 1998 – Via Alto 04 : Erich, Michael, Didi, Joe, Mag, TC
  • 1999 – Ortler Gruppe : Erich, Didi, Joe, Mag, TC
  • 2000 – Via Alto 04 Drei Zinnen : Taps, Gernot, Markus, Steve, Dokta, TC
  • 2001 – Brenta Dolomiti : TC, Bruno, Steve, Andi, Gernot, Taps
  • 2002 – Marmarole : TC, Anti, Taps
  • 2003 – <<Ausgefallen>>
  • 2004 – Dachstein : TC, Steve, Anti, Taps
  • 2005 – Sorapiss, Cortina d’ Ampezzo: Taps, Anti, Bruno, Götschi, TC
  • 2006 – Brenta Dolomiti : Taps, Anti, Götschi, TC
  • 2007 – Schober Gruppe : Christoph, Anti, Götschi, Hele, Tommä, TC
  • 2008 – Monte Viso : Anti, Hele, Tomä, TC
  • 2009 – Biz Bernina : TC, Christoph, Steve, Hele, Tommä
  • 2010 – <<Ausgefallen>>
  • 2011 – Dolomiten / Alta Badia / Gardasee : TC, Hele, Tommä, Christoph
  • 2012 – Karnischer Höhenweg : TC, Christoph, Götschi, Anti, Hele
  • 2013 – Lechtaler Alpen / Leutasch : Hele, Christoph, TC
  • 2014 – Karwendel : TC, Anti, Hele, Götschi
  • 2015 – <<Ausgefallen>>
  • 2016 – Lienzer Dolomiten : TC, Anti, Christoph
  • 2017 – Cinque Torri / Monte Pelmo : TC, Christoph
  • 2018 – Schladminger Tauern : TC, Anti, Christoph
  • 2019 – Ackernalm : TC, Anti, Christoph
  • 2020 – Lasörlinggruppe: TC, Anti, Hele, Christoph
  • 2021 – Karnischer Höhenweg: TC, Christoph
  • 2022 – Lienzer Dolomiten : TC, Christoph
  • 2023 – Schladminger Tauern: TC, Anti, Christoph

Back to the roots – addendum

Posted on by

Oh, I have some few more observations (thanks also to Martina pointing out these subtle differences).

Green blinking traffic light

It’s a genius idea – but only a very few countries realized that till now. In Austria, just before the traffic light turns orange/red, the green light blinks 4 times to indicate the driver to push down accelerator pedal avoiding to get a fine due to crossing a red light  to let the car coast towards the crossing economically.

The ratio dogs / human

Here in Carinthia, I feel like everybody owns 5 dogs. At least it sounds like that. Not sure if this is just pure love to these animals or if they are simply afraid being a victim of a crime. Or maybe it’s even an arms race between neighbors …

Back to the roots

Posted on by

Finally – after 6.5 years. Just in the week where the newspress announced that there is a significant economic downturn in Austria and that Carinthia (a province in Austria) is close to being bankrupt, we have moved our principal residence from Switzerland to exactly that place! According to the motto: It can only get better!

Why are we doing that? Well, that’s not part of that blog. But what you’ll get is a fact list what I am leaving behind and what I expect to happen.

What I will miss

  • The trust in the government. Well, maybe not that comprehensible for a Swiss citizen. But if you follow Austrian politics, you know what I am talking about.
  • The idea of direct democray. It’s being questioned – even in Swiss newspapers. Still, it’s the best option to involve people in the political process.
  • My job – great people, great company and – lucky I was- great project! Fyi, I was employed at Landis + Gyr in Zug.
  • The “gym club” of my former home town, aka “Zolliker Turnverein”. I am still unable to make more than 10 press-ups.But at least I am a little better in playing Volleyball and way better in partying. Thanks to that I reached the level I had when I was a student. In both disciplines. And yes, a club consists mainly of people. And that was the biggest asset, no question.
  • The net – salary. Even in the non-banker business. Much better than in Austria, no doubt.
  • You know what you get. No bad surprises.

 What I won’t miss

  • The city of Zurich. Too clean, too stylish, too perfect. That’s too much for a person who grew up in the middle of nowhere.
  • The Swiss food – except for the cheese-foundue.
  • Swiss broadcasting (i.e. SRF, SF) – made for Swiss people. Probably the same as ORF in Austria. Only the native citizens can make anything out of that.
  • You know what you can expect. So it’s twofold (as I indicated the same in the previous section). The downside is simply that you hardly get positive surprises.
  • It’s all too pedantic perfect. But that’s probably also one of the reasons why Switzerland is that successful in the economy.
  • The Swiss keyboard layout. Maybe a reasonable compromise between German and French layout, but for somebody who only uses German/English it’s just a mess.

Rest to come in the next few days…

Use your own PKI in Thunderbird

Posted on by

It took me quite some effort to set up a PKI in Thunderbird. Most challenging was the inconsistent syntax of openssl and the way you have to import your certificates in Thunderbird.

The script below generates an example PKI tree with

  • 1 Root-CA
  • 2 Sub-CAs
  • 3 Client Certificates for each Sub-CA

What you require:

  • Thunderbird (I have used V16.0.0.1 / Win32)
  • OpenSSL (I have used V1.0.1 / cygwin)
  • Bash (I have used cygwin)

The files:

  • Bash Script
    Please rename that file after downloading to script.sh
  • Configuration File
    Please rename that file after downloading to 1.conf. Create a folder called conf and move that file into that folder.

The procedure:

  • Adjust the bash script (i.e. the email addresses and the common names)
  • Execute the bash script; this generates all the required certificates
  • Add certificates to Thunderbird – note the sequence:
    • Import root certificate through Tools->Options->Certificates->View Certificates->Authorities
      In the trust settings dialog, you should at least enable “mail users” option.
    • Import client certificate(s) through Tools->Options->Certificates->View Certificates->Your Certificates
      The intermediate CA will be imported automatically (by Thunderbird) because it is part of the client certificate. You can observed that be checking your CAs. The password is set to 5678.
    • Select your certificate Account Settings -> Security
    • When writing an Email, activate Security -> Digitally Sign This Message

 What the script basically does:

The description below explains these 3 steps. The commands have been simplified to improve readability.

  • Generate a Root-CA by (which will by nature be self-signed)
    The commands below generate a certificate cert_root.crt with a corresponding private key contained in keys_root.pem.
openssl genrsa -out keys_root.pem 2048
openssl req -new -subj "/CN=Whatever Root-CA /emailAddress=whatever@gmail.com" -key keys_root.pem -out csr.pem
openssl x509 -days 3650 -extfile settings.txt -extensions v3_ca -req -in csr.pem -signkey keys_root.pem -out cert_root.crt
  • Generate a Sub-CA and sign it with the Root-CA
    The commands below generate a certificate file cert_subca1.crt with the corresponding private key file keys_subca1.pem.
openssl genrsa -out keys_subca1.pem 2048 
openssl req -new -subj "/CN=Whatever Sub-CA 1/emailAddress=subca1@gmail.com" -key keys_subca1.pem -out csr.pem
openssl x509 -days 3650 -extfile settings.txt -extensions v3_ca -req -in csr.pem -CA cert_root.crt -CAkey keys_root.pem -out cert_subca1.crt -CAcreateserial
  • Generate a client certificate and sign it with the Sub-CA
    The commands below generate a certificate cert_subca1_user1.crt, a corresponding private key file named keys_subca1_user1.pem and a PKCS#12 file subca1_user1.p12, which allows you to import your certificate including the private key into your browser or Email client.
openssl genrsa -out keys_subca1_user1.pem 1024
openssl req -new -subj "/CN=User Certificate 1.1 for user1@gmail.com /emailAddress=user1@gmail.com" -key keys_subca1_user1.pem -out csr.pem 
openssl x509 -days 3650 -req -in csr.pem -extfile settings.txt -extensions v3_usr -CA cert_subca1.crt -CAkey keys_subca1.pem -out cert_subca1_user1.crt -CAcreateserial
openssl pkcs12 -export -in cert_subca1_user1.crt -out subca1_user1.p12 -nodes -inkey keys_subca1_user1.pem -name "User Certificate 1.1 for user1@gmail.com" -certfile cert_subca1.crt -passout pass:5678

Important Notes:

  • Ensure that the line ending of the scripts are okay. Especially If you run the script in Windows based on cygwin.
  • Thunderbird 16 / Win32 seems to be unable to correctly handle ECC. Therefore  I had to use RSA certificates. In the script you can switch between RSA and ECC. Maybe other client support ECC.
  • You should follow the import order in Thunderbird as indicated above . Otherwise you may run into problems. I would also recommend to remove all your certificates imported before you add a new set.