Today I received a weird email. Its contents are:

Return-Path: <www-data AT ba-computer.at>
X-Original-To: <<ME>>
Delivered-To: <<ME>>
Received: by mail.lambdalifting.org (Postfix, from userid 65534) id 89B9891D5; Sat,  9 Apr 2011 03:33:55 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on coroutine.lambdalifting.org
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable version=3.3.1
Received: from www.ba-computer.at (www1.ba-computer.at [85.125.193.130]) by mail.lambdalifting.org (Postfix) with ESMTP id 37E8291D1 for <<ME>>; Sat,  9 Apr 2011 03:33:55 +0200 (CEST)
Received: by www.ba-computer.at (Postfix, from userid 33) id 84FB54FA82CF; Sat,  9 Apr 2011 03:33:54 +0200 (CEST)
To: <<ME>>
Subject: Your deposit temporarily blocked #5633 M. Max.
X-PHP-Originating-Script: 1002:cookie_usage.php(4) : eval()’d code(1) : eval()’d code
Content-type: text/plain
From: BA-Computer Shop <shop AT ba-computer.at>
Message-Id: <20110409013354.84FB54FA82CF@www.ba-computer.at>
Date: Sat,  9 Apr 2011 03:33:54 +0200 (CEST)

Your deposit being temporarily blocked until the verification is complete.
This is for security reasons, to help protect against card fraud, but can be inconvenient.
All credits cards used must be in the casino account holders name, and not be lined in any way to a business.

More detailed information is available by reviewing the URLs listed in http://inforeseau.net/details/ .

BA-Computer

First thing I did was of course clicking the link (these are the enjoyable things about using a browser/OS combination no malware author could possibly care about). I ended up at www.google.at. I had no idea what this meant and was literally unable to do anything about it, because it was six o’clock in the morning and I just woke up. Three coffees later I’m back to life and start taking a look at it.

This header is what gives away what’s happening:

X-PHP-Originating-Script: 1002:cookie_usage.php(4) : eval()’d code(1) : eval()’d code

If you google for it, you will find many people complaining about PHP’s verboseness here, because this header tells you which script invoked sending the email. In this case though it was very helpful, because the filename cookie_usage.php indicates an OS Commerce installation. If the filename didn’t make it obvious enough that this is not an intentional email from the shop owner, googling for it will bring up a nice exploit description. As stated there, www.yoursite.com/cookie_usage.php?cookies=1 is kind of a status page for the attacker to tell whether the installation is already infected or not. And yep, sure enough http://www.ba-computer.at/cookie_usage.php?cookies=1 shows me the signature of an infection according to the exploit description:

Goog1e_analist_certs
v..1

http://inforeseau.net/details/ really is nothing but a HTTP 302 redirect to www.google.com. No malware or ads there. Either the attacker launched his spam emails too soon, before he could set up his scam/ads/malware (unlikely), or the HTTP redirect was implemented as a quick bandaid by the hoster in reaction to the spam campaign (a bit odd, but OK), or the attacker really just wants to see you connect to his server, record your IP etc. and then send you to google (mind-bogglingly unlikely!). So I’ll settle for the second explanation.

What does all this drivel have to do with pwdhash?

Since the attacker was able to inject his own code into the web application, we have to assume he was able to steal the database the web shop is connected to. This means he’s got my name, address, username, password, etc. There’s not much I can do about the first three items. There is something the website administrator can do about the fourth: Hashing of passwords, and every administrator in his right mind will do just that. Users are lazy, most of them will have one set of username/password, MAYBE two, for all websites they use. Hashing will prevent an attacker from just trying the username/password combination he stole on a large number of websites and get lucky, because he would need to get the unhashed password for that, which is exactly what should be infeasible when using a secure hash function.

There is a downside: Hashing depends on the website administrator’s willingness to do it. There are two reasons he would not do it: Criminal intent to abuse your login information and carelessness. If you think this is rare and could only apply to shady back alley websites, think again: geizhals.at, Austria’s sixth largest website, does not hash your password and stores it plaintext in the database. Maybe go there right now and change your password . (There is a third, very rare reason why your password is stored unhashed and that is if the purpose of the website is to somehow process your login info on other sites, but even then the password should NOT just be stored plain-text and instead should be stored encrypted and only be decrypted by a separate entity when needed.)

It is very hard to tell accurately whether a website’s owner is criminal or incompetent beforehand, so there is only one thing you can do: Hash your password yourself, before you submit it. This is exactly what pwdhash is doing. It takes your master password, combines it with the domain name of the web site you are on and computes a password by hashing. The domain name is incorporated in generating a hashed password, otherwise all generated passwords would be the same and you end up still having the problem of shared passwords. So, with the master password “foobar” the hashed password for lambdalifting.org would be HP6PbRxg, for heise.de it is M07mLlCO, etc.

There are extensions for all decent web browsers to generate your hashed password automatically. If you’re ever on a computer without the extension installed, you just go to https://www.pwdhash.com/, which hosts a javascript version of the extension. Your master password is never sent over the wire, everything is computed locally.

Remark: OS Commerce should do hashing appropriately, so this specific attack should have no significance either way. It is however comforting that an attacker can never gain a useful password, when you are using pwdhash.

Remark2: There is a plethora of password managers that do not generate a hashed password, but simply generate a random password for every site. The disadvantage is that you absolutely need to keep track of every single password. Typically this is achieved by storing all passwords in a local password database, which is itself encrypted with a master password. If you lose your password database, you lose access to the websites. The advantage is that if, due to some unfavorable circumstances, your master password is stolen, the attacker can not simply generate the passwords as with pwdhash and instead needs to steal the password database as well.

The only one I can recommend is 1passwd, and the reason is not that its security guarantees are any better than pwdhash’s, but instead because it integrates well across Apple devices. Your password database can be synced between your Mac, your iPhone, your iPad, etc. via dropbox, which is pretty comfortable.

Now that the nuclear accident in Fukushima seems to be close to being under control it’s time to take a look around and review the matter of nuclear power. Every leading politician, who wants to be reelected, stopped nuclear power expansion for now. The situation is so serious that the aforementioned group even includes the otherwise quite nonchalant Berlusconi.

Nonetheless a number of new nuclear sites are in production or planned[0], partially because of nuclear power being free of CO2 emissions – another hot topic in energy policy.

Most nuclear reactors today have a service life of 40 years. The EPR has a planned service life of 60 years[1]. This is an awfully long time in technology. Imagine technology from 1951 being used today. In fact, I’ll give you some visually aiding examples:

This is a picture of a groundbreaking new satellite from 1951:

This room houses a 1951 computer running at 2.25 MHz, having about 12 kB of RAM and costing about $43,000 in today’s money.

The thing in the middle is just the control panel.

It is unlikely that our tech from 2011 will be any less antiquated in 2071. On the contrary, there’s no indication that the exponential growth in information and knowledge will stop any time soon[2], even though a lot of it is videos of cats.

This has practical implications even on today’s reactors, as can be seen in the design of later nuclear power plants. Reactor design is evolutionary. Just to give a few examples:

• Early reactors did not have a solid concrete containment, e.g. Chernobyl.
• Neither did they have a core catcher, preventing the liquid core from escaping in case of a meltdown.
• The PWR design[3] that became popular after the BWR design uses two separate coolant loops with the distinct advantage that the coolant in the outer loop is not radioactive. Hence a leak or blowing off steam does not contaminate the area.
• After 9/11 governments realized the danger of terrorist attacks on nuclear power plants. The measures taken range from thicker concrete walls to installing smokescreens to confuse the attacking aircraft[4]. Apparently the existence of GPS is not universally known.

Retrofitting generally does not work on anything inside a reactor, as the reactor is highly radioactive, needs to be cooled idly for years, before it can even be decommissioned, let alone adapted.

Years from now, when the Fukushima situation will be long over, investigations will lead to reports and reports will lead to new improvements in reactor design. It is unlikely that a tsunami will ever cut off power to a new reactor again, just as it is unlikely that an attack like 9/11 is going to happen the same way again.

But what about the old ones?

In 60 years technology changes in ways that nobody can predict. As do threats and dangers. Trying to anticipate every catastrophic event is futile as the number of things that can go wrong is limitless. Will the next nuclear catastrophe be caused by a meteor? Or maybe tempered fuel (there lies an idea for a terrorist movie)? It will probably be something unexpected, because for everything that can be expected engineering of course has a solution in place. And that is exactly the problem in safety and security engineering: Expecting the unexpected. And it’s the reason why it’s never going to be perfect.

The problem on top of that is being unable to retrofit solutions to new problems and therefore lagging behind the current state of the art. By up to 60 years. This is already biting us now, e.g. the Fukushima reactors, built in 1971, do NOT have a core catcher installed, even though that technology is known for a long, long time now.

But why don’t we just turn them off, when we see that the technology is no longer on par?

Firstly: Because nuclear reactors are a heavy, HEAVY investment. One EPR reactor runs for about €5b. This very high cost is the reason for pushing for higher service lives in the first place, as a nuclear power plant is essentially making a loss for a long time. Any profits are made at the end of a reactor’s life.

Secondly: Because an exit strategy takes years to decades to avert an acute energy shortage. Some countries rely to more than 40% on nuclear energy and need time to install alternatives[5].

Thirdly: Because we didn’t do it with the old ones either.

Ultimately we have to ask ourselves whether we really want to take the risks of nuclear energy for a few percent savings in energy cost. Risks that stay with us for decades, while being unable to do anything about it.

Further read:

http://en.wikipedia.org/wiki/List_of_nuclear_reactors

http://en.wikipedia.org/wiki/Economics_of_new_nuclear_power_plants

References:

[0] http://en.wikipedia.org/wiki/European_Pressurized_Reactor

[1] http://www.areva.com/EN/global-offer-419/epr-reactor-one-of-the-most-powerful-in-the-world.html

[2] http://www.preoccupations.org/2007/03/exponential_inf.html

[3] http://en.wikipedia.org/wiki/File:PressurizedWaterReactor.gif

[4] http://www.nuclearcounterfeit.com/?p=3717

[5] http://en.wikipedia.org/wiki/Nuclear_power_by_country

Yesterday Valve released an update for Left 4 Dead 2. Ever since, it crashed with a strange SIGBUS error at start-up.

Steam said no more updates were available, neither for L4D2, nor for Steam. Even Google was clueless.

A little investigation showed that Steam was owned by a different user. When I got this Mac I transferred data from an already existing account. This account had also installed Steam. Clearly, Steam can’t change it’s own files, because they are not owned by the current user. It will not ask you for your password in one of these “sudo”-like boxes, it will not tell you there’s an error, it will just tell you there are no updates available. Due to the old Steam version newer game updates crash.

chown -R user Steam.app/

fixes the problem.

Besides the whining about vuvuzelas, most discussion regarding the current FIFA World Cup seems to center around the lack of offensive playing and the resulting lack of goals [1]. It’s particularly frustrating to see a drive towards the goal being stopped, because an offensive player was offside, when both the passing and receiving player are right in front of the goal. To me, this is the most annoying grievance in football, even more than blatantly incompetent referees [2] and FIFA’s blinding greed and money-grabbing corporate whore hands [3].

A little history for the uninitiated: Since the “goal” in soccer is to get the ball into the other team’s goal box, a good strategy would seem to be placing your own dudes close to the opponent’s goal and kicking the ball in. That’s why, in the old days, the field looked more or less (slightly exaggerated) like this:

While very effective, this type of gameplay is also ultimately boring. The middle part of the field is essentially useless. So the football dudes came up with “offside” some time in the 19th century, and it goes like this:

When you pass to a dude of your own team, there have to be two dudes of the other team between your dude and the other team’s goal line. Yes, the goalkeeper is a dude as well.

And it worked! Looking at the picture above you can see that _all_ the non-goalkeepers are offside, and this type of play no longer works.

However, offside becomes terribly annoying when a drive is stopped close to the goal, like here:

The scrambled red dudes are _defenders_. Their job is to defend. If they can’t get the ball or prevent the pass in their own penalty box, then they deserve to be scored against. Yet, the current rules don’t allow the depicted pass.

How can you prevent the old-age problem of “kick-throughs”, while still allowing for dynamic, aggressive play close to the goal, without unnecessary offside calls? Here is the idea I came up with during the Euro2008.

First, we extend the vertical penalty box lines. Then, we make offside not punishable, if both offensive players are between the opponent’s goal line and the offside line. To give an example, this is still offside, because the passing player has not crossed the offside line:

However, the fairly common situation already depicted above, is not offside anymore and perfectly legal:

This way there is still the strikers and mid-field to play on the rest of the field, and the defenders really need to prevent passes. Offside traps (trying to lure a member of the other team into being offside) will be harder. The weakening of offside rules is definitely helping the offense and will result in more goals than before. Moreover, it will at least partially offset the slowing effects on game play of modern playing formations, like 4-4-2, that place a heavy emphasis on defensive and mid-field play.

There you go, FIFA and football leagues all around the world. It’s published. If you have some time between locking up girls and deleting youtube videos, you can implement it royalty-free; it’s yours. Enjoy.

Am Ikea-Parkplatz stehen seit neuestem, für mich zumindest ist es neu, betriebsfremde Personen, die versuchen eine bestimmte Zeitung zu verkaufen. Dieses Geschäft scheint nicht allzu gut zu gehen, daher wird Kunden außerdem vermeintlich beim Einparken geholfen, indem auf freie Parkplätze durch Winken und Zeigen hingewiesen und als Lohn für diesen Dienst ein Trinkgeld erwartet wird.

Die gleichen Personen sind es auch, die Kunden ungefragt beim Einladen der Einkäufe helfen. Leider spielt sich das so ab, dass ein solcher Helfer auf den Kunden zu galoppiert, einen Karton vom Einkaufswagen reißt und in das offene Auto presst, bevor man auch nur irgendeine reelle Chance hat darauf angemessen zu reagieren. Durch die rabiate Handlungsweise kann es nur allzu leicht passieren, dass ein Schaden am Fahrzeug entsteht, wie es mir heute widerfahren ist.

Schaden am Innendach

Ein heftig ins Auto gepresster EXPEDIT-Karton hat das Innendach eingedrückt und den Stoff aus der Verankerung gerissen. Der Schaden mag gering wirken, ist aber ärgerlich und wirft Fragen bezüglich möglicher anderer, schwerwiegenderer Schäden auf, wie zB gebrochenen Windschutzscheiben.

Die Krux ist wie darauf reagiert werden kann. Meiner Einschätzung nach ist ein jeder Versuch den Schaden ersetzt zu bekommen sinnlos, da man wohl bereits an der Einholung einer ladungsfähigen Adresse scheitern wird. Selbst wenn man diese Hürde meistern sollte, und selbst wenn die einstudierten Phrasen der verhinderten Spediteure bezüglich ihrer desaströsen finanziellen Situation nicht ganz die Wahrheit widerspiegeln sollten, so dürfte dennoch kein ausreichendes Vermögen vorhanden oder zumindest bekannt sein um den Schaden adäquat reparieren zu lassen. Daher kann ich dem geneigten Leser nur anraten Beladungshilfe proaktiv und energisch abzulehnen; so man alleine zur Beladung fähig ist, wird keine Hilfe benötigt. Im anderen Falle sind auftretende Schäden durch Fremdverschulden de facto das Problem des Kunden.

Im gegenständliche Falle wurde selbstverständlich auch nach vollendeter Zerstörung ein Trinkgeld in der Höhe von 5 EUR verlangt.

Update: Sowohl in Vösendorf als auch in Wien-Nord wird einem “geholfen”, in Vösendorf kann man dem aber einfach entkommen indem man die höheren Parkdecks nutzt.

Zwei Stunden Autofahrt, um mir Möbel mit einer Lieferzeit von acht Wochen im Katalog zeigen lassen zu können. Das nenn ich mal “Im Internetzeitalter angekommen”.

Womit sich wieder mal zeigt, dass man ruhig völligen Schrott verkaufen kann, wenn man dem Kunden dabei nicht allzu sehr auf die Nerven geht, um es höflich auszudrücken.

If your HDBC connections are suddenly broken for no reason:

* Database.HDBC Database.HDBC.PostgreSQL> conn <- myconnect
* Database.HDBC Database.HDBC.PostgreSQL> getTables conn

<interactive>:1:0:
No instance for (IConnection Connection)
arising from a use of `getTables’ at <interactive>:1:0-13
Possible fix:
add an instance declaration for (IConnection Connection)
In the expression: getTables conn
In the definition of `it’: it = getTables conn

see if somebody upgraded HDBC-postgresql and downgrade it to a sane version:

cabal install HDBC-postgresql-2.2.0.0
ghc-pkg unregister <<newer version>>

Voilà:

* Database.HDBC Database.HDBC.PostgreSQL> conn <- myconnect
* Database.HDBC Database.HDBC.PostgreSQL> getTables conn
["a","b","c","d"]

Das Haus war sicher alt und so weiter:
http://derstandard.at/3000443/Abbruch-zum-Aufbruch

Ob das neue Design aber so viel besser ist, darf bezweifelt werden:
http://de.wikipedia.org/w/index.php?title=Datei:OPEC-building-01.jpg&filetimestamp=20100124122146

Vielleicht dient das aber auch nur dem Aufbau einer Mitarbeiterhierarchie mit Leistungsanreizen:
Wer brav ist, darf irgendwann mal weg vom schmalen Fenster hin zum breiten.

Since ZFS was introduced in 2004 there’s been a lot of praise for its advanced features and Sun’s new understanding of file systems. There’s a lot of info about that already out there, probably the most comprehensive reference is the Administration Guide: http://docs.sun.com/app/docs/doc/819-5461

I’d like to do the opposite of all the ZFS praise and shed some light on the pitfalls I encountered, when setting up a home/small business server with ZFS. No dealbreakers, no trash-talking this excellent product, just some things everybody should know before setting up a ZFS server. My new file server is running FreeBSD 8, which has a stable ZFS implementation. The “main” ZFS implementation is part of (Open)Solaris, which is of course an excellent system, but I like the ports and packages system of FreeBSD, that’s why I decided to go with it.

I’m mostly going to compare ZFS to the current technology  in Linux, which I used before, and all my concerns are with the volume management in ZFS, not with the file system itself, which I find pretty much flawless.

In ZFS, first you create a pool, which is roughly the same as a volume group on Linux (LVM).

% zpool create mypool raidz ad1 ad2 ad3 ad4

This gives you one pool of four disks, using RAIDZ, which is a “better” RAID-5, for details see: http://blogs.sun.com/bonwick/entry/raid_z

The pool should look something like this:

% zpool status
pool: mypool
state: ONLINE
scrub: none requested
config:
NAME        STATE     READ WRITE CKSUM
mypool        ONLINE       0     0     0
raidz1    ONLINE       0     0     0
ad1     ONLINE       0     0     0
ad2     ONLINE       0     0     0
ad3     ONLINE       0     0     0
ad4    ONLINE       0     0     0
(broken/ugly formatting courtesy of wordpress)

This is a pool of one raidz “vdev”. What happens if we add another one?

% zpool add mypool raidz ad5 ad6 ad7 ad8
% zpool status
pool: mypool
state: ONLINE
scrub: none requested
config:
NAME        STATE     READ WRITE CKSUM
mypool        ONLINE       0     0     0
raidz1    ONLINE       0     0     0
ad1     ONLINE       0     0     0
ad2     ONLINE       0     0     0
ad3     ONLINE       0     0     0
ad4    ONLINE       0     0     0
raidz1    ONLINE       0     0     0
ad5    ONLINE       0     0     0
ad6    ONLINE       0     0     0
ad7    ONLINE       0     0     0
ad8    ONLINE       0     0     0

The resulting pool is now striped over both raidz vdevs. You can imagine it like two RAID-5′s, over which you construct a RAID-0 (sort of).

And this is where one of the larger pitfalls lies: While you can expand a pool in this way arbitrarily (pretty cool!), there is currently no way to remove a (top-level) vdev from a pool again. There is a ticket submitted to remedy this (http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4852783), and apparently Sun is working on it, but don’t hold your breath (just take a look at the submission date of the ticket ). And: The LVM on Linux allows you to do this, so if you really need this feature, you’re currently better served by Linux.

Something else I also expected as a given is what would be called RAID-5 growing on Linux, i.e. adding one or more disks to an existing RAID-5. For RAIDZ this feature was never planned, and it does not fit nicely into the rest of the RAIDZ design. Recently, Adam Leventhal figured out how to do it anyway (http://blogs.sun.com/ahl/entry/expand_o_matic_raid_z), but Sun is NOT working on it, so if this is ever going to be implemented, it will certainly take a while. Keep this in mind, as it means that the only truly supported way of adding to a RAIDZ pool is adding _another_ RAIDZ to the same pool (which gives you more redundancy, for better or worse).

There is however something else you can do: While the number of disks in a raidz is fixed (for now), you can, one by one, replace the disks with larger ones. Once you did that for all disks, your raidz will resemble the new size of the disks. Yes, you can do that with traditional Linux as well.

On a related note, I would have liked kind of an optimal media allocation to raidz’s, i.e. let’s say you have 4x1TB in a raidz vdev. Now you add 4×1.5TB to the pool. Wouldn’t it be cool, if zpool could automatically expand the RAIDZ to 8x1TB and create a new RAIDZ with 4x500GB, striping over both? This is not exactly a pitfall, not even something I expected, but still a nice-to-have. Of course it’s not entirely clear upfront what’s optimal for any given user: Do you prefer more or less redundancy?

Finally, device names. The components of a pool are remembered by the host system. Solaris uses a disk’s “device ID”, which is essentially computed using the drive’s serial number. This is pretty robust against modification. FreeBSD uses the device name instead, which causes pain when you, e.g. add a controller. What used to be ad1-4 might be ad10-13 then. FreeBSD will then even hang at boot, because ZFS cannot start (need to remove zfs_enable from rc.conf in single-user).

What can you do about it? The correct way is to “zpool export mypool” before doing anything involving hardware changes. This writes all the necessary data to the disks for importing the pool later, with “zpool import mypool”. Now the question is: Why the heck isn’t this done in a transparent, automatic way? Without going into the details, it was a design decision to let the OS handle the naming (and to be fair, I believe on Solaris it works rather perfectly). On the other hand, Linux’s lvm/mdadm store a UUID in component devices, which works rather well.

There are some hints floating around to use “glabel” to label the individual disks and give them permanent names (which is done by the GEOM subsystem of FreeBSD), and then tell zpool to use the labels instead of the device names, i.e.

% zpool create mypool raidz /dev/label/mylabel1 /dev/label/mylabel2 /dev/label/mylabel3

I think this is a bad idea. When you give ZFS control over a disk, you really give away ALL of the disk. glabel has to save metadata for its label on the disk somewhere. Even if that is usually not a problem in practice, it may cause trouble one day, perhaps when you move your disks to a different OS with ZFS support, which may overwrite the label, or interpret the label as something it is not, etc. I’d rather just use zpool’s export/import.

I also wonder what happens if you just delete the zpool-cache file at /boot/zfs/zpool.cache. Either it’s going to import the pool successfully even though you did not export it, or everything is broken forever. Maybe I’ll try it in a VM .

Concluding, let me say that the perceived shortcomings in volume management clearly stem from ZFS’s enterprise background. When you spend $30k on a storage solution you’re not dealing with expanding a 3-disk raidz to a 4-disk raidz, instead you throw entire vdevs around, and if you really absolutely want a larger raidz for some reason, you backup the data, destroy and recreate the pool, and restore.

Some blogs of ZFS developers with very interesting in-depth info:

http://blogs.sun.com/eschrock/
http://blogs.sun.com/ahl/
http://blogs.sun.com/bonwick/

Once the pooling stuff is out of the way, have a look at some of the truly cool stuff in ZFS (not all of which is supported in FreeBSD yet!):

http://hub.opensolaris.org/bin/view/Community+Group+zfs/dedup
http://blogs.sun.com/eschrock/entry/shadow_migration
http://blogs.sun.com/relling/entry/zfs_copies_and_data_protection

One nice thing about OS X is that it allows you to trivially change the OS’ language in System Preferences. In the past my only complaint about that was that it works too well and too universal: If you want to write a letter in a different language in iWork you have to change the system language, otherwise the templates, dates, etc. will be off.

Today I tried switching to French for a change. This should be as simple as dragging the entry for Français to the top of the language list. The idea of having a language _list_ is that programs, which do not support the primary language, should try to use the secondary language, and so on. See Sample Picture.

There’s also a separate language setting for formats, like date, time and numbers. In the following I always switch both.

After changing language preferences you have to log out and log in to make the changes visible in Finder.

So what happens when switching to Français?

A-ha, Gigabytes are now Gigaoctets, Dates are French, but other than that… not much of a success. After trying to make it work for a while (reboot, etc.), I decided to switch to another language I know a few words of: German.

Ok, so the OS X folders are now German, however some of the dates are French, and I have Gigaoctets. Oh, and what’s that: 45,8 Go _available_? This doesn’t look good. What happens if I switch to Spanish?

This is turning into a Babylonian mess. I now have English, French, German and Spanish in my Finder. I hope I can fix this again.

I realized that a reboot cleans up the mess somewhat, however only English and German are fully working translations. All the others I tried use elements, e.g. the bar on the bottom of the finder window, of either English or German, depending on which one is higher up in the list. What’s going on, did Apple really only partially translate into French? If this was true, they could sell maybe two machines a year in France…

Reinstalling the languages from the Snow Leopard disc entirely fixed the problem. No idea what was causing it, but it’s gone.

So if you’re having trouble with languages, just reinstall the language packs. Takes less than two minutes.