DiSo - the distributed social network

The DiSo project is a promising attempt to create a distributed social network - so is not following the "silo" approach as other social networks do. The blog of the project offers a short (4 min) introductionary video in which Chris Messina explains the vision and ideas behind this solution. The project will make use of open standards like OpenID, XMPP and different microformats. Code is available as open source. Really looking forward to see this stuff in action soon.

OpenBSD 4.3 released

After 6 months of hard work the OpenBSD project released version 4.3 of the great, (non-)fishy operating system. As usually there is a collection of micro-interviews with some of the developers about new features at the O'Reilly's BSD DevCenter.

Petition - Open the GCG and SeqLab code

Steven M. Thompson has initiated a petition to make Accelrys' GCG and SeqLab available under an open source software. He wants to prevent the loss of these bioinformatics tool sets after Accelrys' recent decision to stop the support and development of them.

Let's try to keep some privacy

Happy new 2008 1984. Germany has now the data retention but this doesn't mean that we cannot fight back. Via Roland's delicious links I stumble across Anonymouse.org. This proxy lets you surf any page anonymously in a very easy solution if you don't want to set up Tor or JAP. Only disadvantage is it's low speed. For easy use have a look at the toolbar and/or Firefox search plug-in. If you want to use a Firefox keyword search (always handy!) enter

http://Anonymouse.org/cgi-bin/anon-redirect.cgi?sourceid=Mozilla-search&what=%s

into the Location field.

An alternative for the data collector Google could be the metasearch enginge Ixquick. According to their private policy they delete user specific information after maximum 48 hours. There are also different Firefox search plug-ins available. For the above mentioned keyword search use

http://ixquick.com/do/metasearch.pl?query=%s

Any other suggestions for keeping privacy when surfing?

24C3 - report part 9 - Security Nightmares 2008

Frank and Ron filled the "told you so"-karma with the annual Security Nightmares presentation/brainstorming. After a short retrospect they had a look into the crystal ball. Some predictions that were mentioned:

• hijacking of industrial robots will increase
• people will go to jail due to wrong time zone configuration of log servers
• more flash memory problems - e.g. no proper cleaning possible
• more VoIP-hacks
• hacking of large scale storage/computing backends like Amazon S3
• malware for mobile phones especially on iPhone
• crowed-sourcing for breaking CAPTCHA
  

24C3 - report part 8 - Some photo impressions 2

An some more pics ...

A speech bubble machine

Indymedia searches safe habor

"We hate flash"
The ceiling of conference room 1

Quadrocopter

Smiling light

Monitored

Usual suspect

24C3 - report part 7 - Some photo impressions 1

Here are some photos I took at the conference. It's not allowed to take photos downstairs in the so called Hackcenter so no documentation of that.

The congress center with the famous CCC rocket and some decoration

Hacker Jeopardy

Regarding politics

LED cube

MAKING with LEGO

Research lab

Another photo of the demonstration yesterday

Club-Mate - should be a platinum sponsor of this event

24C3 - report part 2 - DNA hacking and web security ooopses

I just listen to two cool talks (actually sitting in a sofa down in the Hackcenter watching the live stream :)):

At first: Drew Endy (MIT - Department of Biological Engineering) introduced the audience to molecular, computational and synthetic biology and showed the connection to Making. He mentioned the possible security issues that come up with decreasing prices of DNA synthesising and the availability of sequences of harmful organisms. The talk ended with the question if there will be soon the "Biological Hacker". I have a stream dump of the talks if anybody is interested.

Second: Dan Kaminsky gave one of his legendary talks ... hilarious! He added more examples to the collection of web security oopses by describing how to exploit really bad design bugs. Starting form DNS rebinding, to an IFrame-Flash-hack to "IP via SPAM" (some live demos included). I am sure I didn't get everything completely but it was great fun!

Dan Kaminsky in action:

Conclusions:

24C3 - report part 1 - intro

Today the 24 Chaos Communication Congress (24C3) the annually hacker meeting organized by the Chaos Computer Club started in Berlin. Here you can find lots of inspiring talks, cool workshops and interesting people. Hacking (in the broadest sense), making, privacy and politic issues and many other topics are covered. The theme"Volldampf voraus" (German for "full steam ahead") is inspired by the retrofuture steam punk genre and you can see at some place of the conference related accessories.


As usually I am mainly hanging out at the OpenBSD booth and am frequently visiting talks and workshops. I will report about some selected stuff in the next days. There are live streams of the talks if you want to watch them yourself and the videos will be available for download some month after the congress.

OpenCON 2007

Since yesterday the OpenCON 2007 - a yearly conference only dedicated to OpenBSD - is taking place in Venice. Around 130 developers and users having a good time here and are socializing (as usually) very well. There were some very helpful tutorials yesterday and now the we have a packed schedule of talks. We expect to celebrate a good OpenSSH birthday party tonight. I hope to finally get started with porting some applications to OpenBSD and Bernd's tutorial (will be online soon) was excellent start for that.

Puffy is back - OpenBSD 4.2

Who needs leopards if you can have fish? The OpenBSD project proudly presents OpenBSD 4.2 - the operating system for the practical paranoid. As usually Federico Biancuzzi has interviewed some of the developers about the current release. The interview will be is online at O'Reilly's ONLamp.

A talk about openness, freedom and transparency

Finally I took the time to record and finalize the screencast (Xvid4, mpeg, Google Video (*)) of a talk I gave some weeks ago at the EMBL PhD retreat in Barcelona. It is called "A quick trip through openness, freedom and transparency" (pdf) and covers open source, open formats, Creative Commons, open access, open science/knowledge in a very introductionary way.

Thanks to Nikolay Sturm who helped me to create a port (not perfect but fine for this purpose) of recordmydesktop for OpenBSD.

(*) bad resolutions on Google Video ... any suggestions how to improve that?

Listen to Wikipedia

Pediaphon, a project of the University of Hagen (Germany), generates audio files of English and German Wikipedia articles on the fly. It can be used with a web browser but there is also a WAP interface and way of requesting the audio file via SMS and a phone call. Nice example barrier-free access to Wikipedia.

[via Pro-Linux]

Web data mining made easy

Man, and I just complained about Spock which is nothing in comparison to this: If you need an efficient tool for collecting and connection web data about people, organizations etc. then Paterva's Evolution is the answer for you ... but hey, why do you need such a thing?!?. I stumbled across it via a good article on Linux.com. Evolution offers a (closed-source) java-based GUI and two web interfaces (only the classic works at the moment, the web-wizzard cannot be used currently). It is a little bit slow but considering the amount of sources it harvests and the results you get it is pretty okay. I am fascinated and scared on the same time. That just makes it too easy.

Sun's hardware documentation wiki

Sun just started the FOSS Open Hardware Documentation wiki and offers to publish specifications of hardware after request. This should make it easier for open source projects to code drivers. Theo de Raadt recently criticized Sun for their lacking hardware documentation which was an inspiration for starting this wiki. I hope more vendors will follow this example.

[via golem.de]

Welcome to Germany, black hats!

As was reported in the media (e.g. title story of the german Spiegel magazine) computers of the German government were compromised by Chinese black hat hackers. The Chaos Computer Club uses this incident to question the competence of the decision makers regarding IT security. Certain politicians are constantly proposing to use Trojan horses to infiltrate computers of "criminals", but are lacking the necessary knowledge to judge the risk of this approach (another proof of this can be found here on netzpolitik.org). The recently established German anti-hacking-tool-law (§ 202c StGB) makes the necessary tools for preventing these attacks illegal. There is something going really wrong.

CCCamp 2007 - 8 - Misc hacks

These events are famous for different kinds of hacks. Here are some of my favorite ones that are not so obvious (many thanks to all the people who uploaded the photos):

• CCC => CCCP
• OpenBSD-shirt => personalized camp-shirt (as the official ones are sold out)
• tent + rain => indoor swimming pool 1, 2, 3
  
• golf cart => garbage truck
  
• pallets + Gulden Draake bottles => bikini contest stage
  

With this post I finish my report series of the camp. It was great fun! Thanks to everybody who was involved!

Update:

• melone + bottle => cocktail glas (thanks to Bernd for this recommendation)
• towel => sunshade
• geek => bikini model
  
• wristband => arm implant stabilizer
• lights => black board (another on from Bernd)
• mud hole => football field (and again Bernd)
• airplane => skull opener
• truck => bottle container

Update 2:

• Lenin => Hippie
  

CCCamp 2007 - 7 - Sputnik

Last project I want to mention that was represented (and applied) on the camp is Sputnik. The aim is to show people the potentials and threats of tracking technologies by personal experience. Active RFID tags (newest version v0.2) with different ids were sold to participants and three shelters were equipped with reader stations. The system (2.4GHz based) can track the tags in the range of 100 meters and discriminates between three levels of proximity. With enough stations you can give a very precise position of a person (this was not the case on the camp, but on the congress last year). A button on the chips can be used by the owner to send at signal that something interesting is going on at the current position. The collected data will be available for public use soon.


Due to the fact that only the owner knows the id of his/her tag and that the active chip can be switched off the user can choose the level of privacy. But it still makes people think more about the possibility of total surveillance. Many things like customer cards and passports are already equipped with (mostly passive, low ranging) RFID tags and the rank-and-file is not aware of this. The technology itself (as usual) is not evil. We just have to make sure that it is applied the right way for the right things.

CCCamp 2007 - 6 - Misc impressions

Here just some impressions quickly presented by photos.

Quite an attraction - The Italian embassy opened Little Venice after the rain:


The first aid base:

Flying drone:


Cool light installation:


A multimedia table in the Art & Beauty area:


Regarding dogs:

CCCamp 2007 - 5 - The BSD village

I am an inhabitant of the BSD village and would like invite all interested camp participants to visit us. You can get information and get cool shirts, caps, sweater, stickers etc. at the OpenBSD shop. The request of rain coats increased heavily after the flood that came down some hours ago so hurry up. OpenBSD developers, users and other nice people (like Mark who did the flash-into-iPod-hack) can be found in our huge white tent close to the airstrip if you need support or good company. We have a bikini contest tonight at 20:00!