Hanno's blog

Having used my PGP key 3DBD3B20 for almost eight years, it's finally time for a new one: 4F9F43A9. The old primary key was a 1024 bit DSA key, which had two drawbacks:
1. 1024 bit keys for DLP or factoring based algorithms are considered insecure.
2. It's impossible to set the used hash algorithm to anything beyond SHA-1.

My new key has 4096 bits key size (2048 bit is the default of GnuPG since 2.0.13 and should be fairly enough, but I wanted some extra security) and the default hash algorithm preference is SHA-256. I had to make a couple of decisions for my name in the key:
1. I'm usually called Hanno, but my real/official name is Johannes.
2. My surname has a special character (ö) in it, which can be represented as oe.

In my previous keys, I've mixed this. I decided against this for the new key, because both my inofficial prename Hanno and my umlaut-converted surname Boeck are part of my mail adress, so people should still be able to find my key if they're searching for that.

Another decision was the time I wanted my key to be valid. I've decided to give it an expiration date, but a fairly long one: 10 years from now.

I've signed my new key with my old key, so if you've signed my old one, you should be able to verify the new one. I leave it up to you if you decide to sign my new key or if you want to re-new the signing procedure. I'll start from scratch and won't sign any keys I've signed with the old key automatically with the new one. If you want to key-sign with me, you may find me on the 27C3 within the next days.

My old key will be valid for a while, at some time in the future I'll probably revoke it.

Update: I just found out that having a key without SHA-1 is trickier than I thought. The self-signatures were still SHA-1. I could re-do the self-signatures and revoke the old ones, but that'd clutter the key with a lot of useless cruft and as the new key wasn't around long and didn't get any signatures I couldn't get easily again, I decided to start over again: The new key is BBB51E42 and the other one will be revoked.
I'll write another blog entry to document how you can create your own SHA-256 only key.

Prologue of this story: A very long time ago (2004 to be exact), I decided to create a new PGP / GnuPG key with 4096 bits (due to this talk). However, shortly after that, I had a hardware failure of my hard disc. The home was a dm-crypt partition with xfs. I was able to restore most data, but it seemed the key was lost. I continued to use my old key I had in a backup and the 4096 key was bitrotting on keyservers. And that always annoyed me. In the meantime, I found all private keys of old DOS (2.6.3i) and Windows (5.0) PGP keys I had created in the past and revoked them, but this 4096 key was still there.

I still have the hard disc in question and a couple of dumps I created during the data rescue back then. Today, I decided that I'll have to try restoring that key again. My strategy was not trying to do anything on the filesystem, but only operate within the image. Very likely the data must be there somewhere.



I found a place where I was rather sure that this must be the key. But exporting that piece with dd didn't succeed - looking a bit more at it, it seemed that the beginning was in shape, but at some place there were zeros. I don't know if this is due to the corruption or the fact that the filesystem didn't store the data sequentially at that place - but it didn't matter. I had a look at the file format of PGP keys in RFC 4880. Public keys and private keys are stored pretty similar. Only the beginning (the real "key") part differs, the userid / signatures / rest part is equal. So I was able to extract the private key block (starting with 0x95) with the rest (I just used the place where the first cleartext userid started with my name "Johannes"). What should I say? It worked like a charm. I was able to import my old private key and was able to revoke it. Key 147C5A9F is no longer valid. Great!

P. S.: Next step will be finally creating a new 4096 bit RSA key and abandoning my still-in-use 1024 bit DSA key for good.

Yesterday I was at a talk at the FSFE Berlin about free software and GSM. It was an interesting talk and discussion.
Probably most of you know that GSM is the protocol that keeps the large majority of mobile phones running. In the past, only a handful of companies worked with the protocol and according to the talk, even most mobile phone companies don't know much of the internal details, as they usually buy ready-made chips.
Three free software projects work on GSM, OpenBTS and OpenBSC on the server side and OsmocomBB on the client side. What I didn't know yet and think is really remarkable: The Island State of Niue installed a GSM-network based on OpenBTS. The island found no commercial operator, so they installed a free software based and community supported GSM network.

Afterwards, we had a longer discussion about security and privacy implications of GSM. To sum it up, GSM is horribly broken on the security side. It offers no authentication between phones and cells. Also, it's encryption has been broken in the early 90s. There is not much progress in protocol improvements although this is known for a very long time. It's also well known that so-called IMSI-cachers are sold illegally for a few thousand dollars. The only reason GSM is still working at all is basically that those possibilities still cost a few thousands. But cheaper hardware and improvement in free GSM software makes it more likely that those possibilities will have a greater impact in the future (this is only a brief summary and I'm not really in that topic, see Wikipedia for some starting points for more info).

There was a bit of discussion about the question how realistic it is that some "normal user" is threatened by this due to the price of a few thousand dollars for the equipment. I didn't bring this up in the discussion any more, but I remember having seen a talk by a guy from Intel that the tendency is to design generic chips for various protocols that can be GSM, Bluetooth or WLAN purely by software control. Thinking about that, this raises the question of protocol security even more, as it might already be possible to use mainstream computer hardware to do mobile phone wiretapping by just replacing the firmware of a wireless lan card. It almost certainly will be possible within some years.

Another topic that was raised was frequency regulation. Even with free software you wouldn't be able to operate your own GSM network, because you couldn't afford buying a frequency (although it seems to be possible to get a testing license for a limited space, e. g. for technical workshops - the 27C3 will have a GSM test network). I mentioned that there's a chapter in the book "Code" from Lawrence Lessig (available in an updated version here, chapter is "The Regulators of Speech: Distribution" and starts on page 270 in the PDF). The thoughts from Lessing are that frequency regulation was neccessary in the beginning of radio technology, but today, it would be easily possible to design protocols that don't need regulation - they could be auto-regulating, e. g. with a prefix in front of every data package (the way wireless lan works). But the problem with that is that today, frequency usage generates large income for the state - that's completely against the original idea of it, as it's primarily purpose was to keep technology usable.

Recently, Nintendo released a new game called "Donkey Kong Country Returns" - I thought I'd take that as an opportunity to tell you a bit about it and it's main figure, Donkey Kong.

What's interesting about this is that it's a revival of a revival - the original game is almost as old as I am (from 1981, so I can't tell you about the "good old times" here). It was released on an arcade machine and later ported to several consoles. You played Mario in the game (yes, this was also the very first time Mario appeared in a video game) and had to rescue the princess from a big evil Gorilla. Not very creative, but who cares about game stories anyway, right? You had to jump over barrels to get to the gorilla.

I think the first time I saw the game was this one. It is from the Game and Watch series, mobile devices that had just one game built in. The Game and Watch games had no real display, they were only able to switch some elements on and of. For that limitation, the games had surprising complexity (another one I really liked is the Super Mario Bros. 3 wrist band game). Still, it is far away (or let's say rather different) from the original game.

The second time I saw a Donkey Kong game was a (probably inofficial) remake in DOS. To be honest, it wasn't very good, but I had not many games at that time, so I played it a lot. You had to go up to the princess and after that, the gorilla threw something over the screen and you had to go down again, but now with fires and more holes. Sadly, I can't provide it to you as I didn't find it online (maybe I have it on an old CD, I'll have to look for that).

The very first time I played the "real" Donkey Kong was much later - 1992 Nintendo released the first two Donkey Kong games together as "Donkey Kong Classics" on the NES. There was also an advanced version for the Gameboy which featured the original Donkey Kong levels and about 100 more levels afterwards (I played through all of them).

1994 was the "first revival" - Nintendo released Donkey Kong Country on the Super Nintendo, a game which had impressive graphics and was a technical breakthrough at that time. It has not much in common with the original game beside the character and the fact that barrels still play an important role. A nice gimmick: It had a character called "Cranky Kong", who was said to be the "original Donkey Kong" from the old game. He was always grumbling that todays games are far to easy.

Now Nintendo is doing the second revival - interesting enough, it doesn't really use much of the possibilities the Wii offers. It is a classic jump and run game, very much like Donkey Kong Country (Nintendo just recently released "New Super Mario Bros", quite similar also a classic Mario jump and run). I like that. Though I played the game a bit and I must say I'm not highly impressed (at least yet). I'd rate it a nice game, but not a great game. But I also have to say that the old Donkey Kong Country is not on my all-time-favorite video games list. Maybe I'll tell you more when I played it longer.

What else? No blog about retro gaming without some links to really cool stuff:
A house with Donkey Kong design (does anyone know where this is?
Donkey Kong in Lego
(have more? post links in the comments)

Vor einigen Tagen wurde gemeldet, dass die GEMA eine neue Einnahmequelle gefunden hat: Kindergärten und Laternenumzüge. Die waren nämlich, so erfahren wir, bislang meistens illegal, weil die BetreuerInnen der Kleinen hemmungslos Noten kopiert haben, obwohl das streng verboten ist. Um diesen untragbaren Zustand schleunigst zu beenden, bieten die GEMA und die VG Musikeditionen den Kindergärten nun einen Lizenzvertrag an. Die GEMA erklärt, man stoße dabei auf »großes Verständnis«. Ich kann mir das sehr gut vorstellen, wie groß das Verständnis von Kindern ist, wenn man ihnen erklärt, dass nächstes Jahr der Laternenumzug aufgrund der prekären Finanzlage der Gemeinde leider ausfallen muss. Da lernen sie gleich etwas über Finanzpolitik und Sparzwänge. Auch wird ihnen sicher schnell deutlich, dass die Nachricht des Sankt Martin, man solle doch teilen was man hat, nicht für Noten gilt - zumindest nicht solange man nicht einen Lizenzvertrag hat.

Nun ist die Aussage der GEMA, dass das Kopieren von Noten strengstens verboten ist, allerdings nur ein Teil der Wahrheit. Denn extrem viele populäre Kinderlieder sind uralt. Und das Urheberrecht währt zwar lange, aber nicht ewig. In Deutschland endet es 70 Jahre nach dem Tod des Urhebers. (Vorsichtig muss man allerdings sein, wenn es sich um veränderte Neuauflagen handelt - die können weiterhin geschützt sein.)

Um die GEMA-Aktion also weitgehend ins Leere laufen zu lassen, müsste man dafür sorgen, dass zumindest die Kinderlieder, deren Urheberrecht abgelaufen ist, möglichst gut frei verfügbar sind. Ich möchte lieber bestehende Projekte unterstützen als das Rad neu erfinden: Die Wikiseite Choral Public Domain Library (CPDL) sammelt freie Chornoten - ich habe nochmals nachgefragt und auch Kinderlieder sind ihnen dort herzlich willkommen. Ich habe also mit Hilfe des schönen (freien) Programms Lilypond die drei populärsten Laternenumzugslieder gesetzt (als PDF, bei CPDL kann man die Lilypond-Datei und eine Midi finden):
Laterne, Laterne, Sonne, Mond und Sterne (bei CPDL)
Sankt Martin (bei CPDL)
Ich geh mit meiner Laterne (bei CPDL)

(ich weiss, Laternenumzüge und Sankt Martin sind für dieses Jahr vorbei, aber alle KindergärtnerInnen können das ja schonmal für nächstes Jahr vormerken)

Ich würde mich freuen, wenn andere Leute dem folgen und möglichst viele Kinderlieder bei CPDL verfügbar machen, ein tolles freies Projekt damit unterstützen und die GEMA etwas ärgern. Wer mitmacht, darf gerne Links in den Kommentaren posten. Vielleicht basteln wir dann daraus ein PDF-Liederbuch oder ähnliches. Wem das hochladen bei CPDL zu kompliziert ist, der darf mir die auch gern per Mail zukommen lassen, ich kümmer mich dann darum.

(mir zwitscherte gestern noch jemand zu, dass andere ganz ähnliches vorhaben - ist auch noch im Anfangsstadium und das kann sich ja vielleicht gut ergänzen)

Update: I got some nice hints in the comments. cpufreqd also includes this functionality and is probably the much more advanced solution. Also, I got a hint to linux-PHC, which allows undervolting a CPU and thus also saves energy.

I recently quite often had the problem that my system suddenly was shutting down. The reason was that when my processor got beyond 100 °C, my kernel decided that it's better to do so. I don't really know what caused this, but anyway, I needed a solution.

So i hacked together overheatd. A very effective way of cooling down a CPU is reducing its speed / frequency. Pretty much any modern CPU can do that and on Linux this can be controlled via the cpufreq interface. I wrote a little daemon that simply checks every 5 seconds (adjustable) if the temperature is over a certain treshold (90 °C default, also adjustable) and if yes, it sets cpufreq to the powersave governor (which means lowest speed possible). When the temperature is below or at 90 °C again, it's set back to the (default) ondemand governor. It also works for more than one CPU (I have a dual core), though it's very likely that it has bugs as soon as one goes beyond 10 CPUs - but I have no way to test this. Feel free to report bugs.

This could be made more sophisticated (not going to the lowest frequency but step by step to lower frequencies), but it does its job quite well for now. It might be a good idea to support something like this directly in the kernel (I wonder why that isn't the case already - it's pretty obvious), but that would probably involve a skilled kernel-hacker.

Kurz zum Hintergrund: Mit Shale Gas (oder Schiefergas) werden Gasvorkommen bezeichnet, die früher als nicht nutzar galten, aber mit neueren Fördermethoden (sogenanntes Hydraulic Fracing) vor allem in den USA abgebaut werden. Es gibt dabei gravierende Umweltprobleme, vor allem die Trinkwasserversorgung ist gefährdet. Wer sich für das Thema näher interessiert, dem empfehle ich diese Studie der ASPO, weiterhin kann man sich auf den Webseiten von Umweltinitiativen in den USA schlau machen.

Kürzlich habe ich in einem Spiegel-Artikel über Shale Gas-Förderung folgendes gelesen:
Das Landesamt für Bergbau, Energie und Geologie in Niedersachsen gibt ebenfalls keine Auskunft, über die Chemikalien, die Exxon beim Probe-Fracing verwendet hat.

Da ich sowieso am Recherchieren zu dem Thema war, dachte ich, es wäre eine gute Gelegenheit, mal die Wirksamkeit der Gesetze zur Informationsfreiheit auszutesten. Also habe ich an das Bergbauamt eine Anfrage nach dem Umweltinformationsgesetz gestellt und darum gebeten, mir alle Standorte der Shale Gas-Förderung in Niedersachsen, sowie die dabei in den Boden eingebrachten Chemikalien mitzuteilen. Ich hatte mit ziemlicher Sicherheit damit gerechnet, dass die Anfrage abgelehnt wird und war am überlegen, ob ich das ganze mit Hilfe eines Anwalts zu einem Präzedenzfall machen möchte. Doch zu meiner großen Überraschung erhielt ich circa einen Monat später eine Antwort und die gewünschte Liste der Chemikalien.

Für diejenigen, die es nicht wissen: Es gibt in Deutschland, sowie in den meisten Bundesländern, seit einigen Jahren ein Informationsfreiheitsgesetz. Dieses besagt, dass jeder Mensch das Recht haben, beliebige Informationen von Behörden zu erhalten. Es gibt dabei eine Reihe von Ausnahmen, die im deutschen Gesetz leider sehr lange ist. Für Umweltbelange gibt es ein ähnliches Gesetz, das Umweltinformationsgesetz. Die Unterscheidung hat vor allem historische Gründe (das Umweltinformationsgesetz gibt es schon länger), aber es gibt auch ganz praktische Unterschiede. So haben etwa im Informationsfreiheitsgesetz Geschäftsgeheimnisse immer vorrang vor dem Informationsbedürfnis des Anfragenden, im Umweltinformationsgesetz ist hier eine Abwägung vorgesehen.

Leider sind die Möglichkeiten, die das Informationsfreiheitsgesetz bietet, noch viel zu wenig Menschen bekannt. Ich habe die tiefste Überzeugung, dass es für politische Außeinandersetzungen nur förderlich sein kann, wenn möglichst viele Fakten öffentlicht bekannt sind (Baden-Württemberg hat übrigens bislang noch kein Informationsfreiheitsgesetz - den Bezug zu aktuellen politischen Themen herzustellen überlasse ich dem geneigten Leser selbst).

Vor einiger Zeit habe ich auch eine Seminararbeit zum Thema Informationsfreiheitsgesetze geschrieben, die ich bisher nirgends veröffentlicht hatte.

Ein (ausgesprochen schlechter) Artikel bei der Tagesschau, der den Wiener mit dem Stuttgarter Bahnhofsneubau vergleicht, brachte mich auf einige Gedanken über Besonderheiten des Protests gegen Stuttgart 21.

Im Normalfall geht man eigentlich davon aus, dass Massenproteste gut funktionieren, wenn sie eine einfache Message haben. Als Grund hierfür wird etwa häufig angegeben, dass es einem in den Medien meistens nur gelingt, eine sehr kurze Nachricht unterzubringen. „Gegen AKWs, denn sie sind gefährlich“ wäre ein solches Beispiel. Damit hat man zwar noch nicht jeden überzeugt, aber es ist zumindest sofort klar, worum es geht. „Gegen Grundlastkraftwerke, weil sie aufgrund ihrer Unflexibilität den Ausbau der erneuerbaren Energien blockieren und damit schädlich für den Klimaschutz sind“ wäre jetzt in dem Themenbereich das Gegenbeispiel – das zu erklären, da braucht man schon ein paar Minuten.

Nun scheint mir aber der Stuttgarter Protest ein eklatantes Gegenbeispiel – die Message ist alles andere als kurz und einfach. Die Menschen sind gegen einen Bahnhofsneubau – aber nicht weil sie gegen Bahnhöfe sind. Die Proteste werden ganz wesentlich von Fahrgast- und Umweltverbänden getragen, die sich für besseren Bahnverkehr einsetzen. Auch nicht weil sie gegen Bahnhofsmodernisierung sind – eines der Protestsymbole ist ja das K21-Logo, welches für das Konzept eines optimierten Kopfbahnhofes steht.
Die Motivation lässt sich ungefähr so zusammenfassen: Die Menschen sind gegen Stuttgart 21, weil sie die Befürchtung haben, dass hier gut funktionierende Bahninfrastruktur durch schlechter ersetzt werden soll (8 statt 16 Gleise). Sie sind außerdem dagegen, weil die Kosten bereits jetzt aus dem Ruder laufen und darunter andere Bahnprojekte (sowie Sozial- und Kulturausgaben) zu leiden haben.

Die Redebeiträge auf den Demos sind vergleichsweise inhaltlich komplex. Das letzte Mal, als ich dabei war, sprach ein Energiewissenschaftler (Dr. Joachim Nitsch) über die Auswirkungen des Güterverkehrs auf den Klimawandel. Das mal davor ein Geologe (Dr. Jakob Sierig) über die Gefahren des Quellgipses im Stuttgarter Untergrund. Das ist jetzt natürlich kein komplettes Alleinstellungsmerkmal, aber (ohne das empirisch überprüft zu haben) die Zahl der Menschen mit wissenschaftlichem Hintergrund bei den Rednern finde ich schon bemerkbar.

Spüren tut man die vergleichsweise Komplexität des Themas oft daran, dass Menschen, die nicht aus Stuttgart kommen, oftmals eher ratlos auf die Proteste reagieren.

Von den Auswirkungen habe ich das Gefühl, dass das eine ganz große Stärke der Proteste ist. So wirkt es einigermaßen hilflos, wenn man den Protesten vorwirft, sie hätten ja keine Ahnung. Jedem halbwegs informierten Beobachter ist sofort klar, dass Frau Merkel noch viel weniger Ahnung hat, wenn sie den Grünen vorwirft, sie seien ja sonst immer für die Bahn und hier plötzlich nicht. Auch ist ein Artikel wie der oben zitierte bei der Tagesschau natürlich völlig absurd: Abgesehen davon, dass in Wien auch ein Kopfbahnhof durch einen Durchgangsbahnhof ersetzt werden soll, haben die beiden Projekte praktisch nichts miteinander gemeinsam.

Und das Überraschende: Es funktioniert total gut. Es gelingt den Protesten, über mehrere Woche zehntausende auf die Straßen zu mobilisieren. Wohlgemerkt in einer Region, die bislang nicht unbedingt für Massenproteste bekannt war.

Eine wirkliche These, warum das so ist, habe ich noch nicht. Eine (optimistische) Interpretation wäre, dass das Internet die Menschen unabhängiger von traditionellen Medien macht, die alles auf zwei Sätze verkürzen wollen. Eine weniger optimistische wäre der gerade häufig geäußerte Vorwurf, dass es den Protesten „eigentlich um etwas ganz anderes geht“ - das entspräche aber überhaupt nicht der Wahrnehmung, die ich von den Protesten mitgenommen habe. Überzeugen tun mich bisher beide Interpretationen nicht.

Fazit: Falls hier Soziologen mitlesen, die sich der Bewegungsforschung verschrieben haben - die Stuttgart 21-Proteste sind sicher ein total spannendes Untersuchungsobjekt. Zweites Fazit: Vielleicht ist es auch möglich, gegen „Grundlastkraftwerke, weil sie den Ausbau der erneuerbaren Energien blockieren“ Massen zu mobilisieren – oder anders ausgedrückt: Proteste mit komplexer Message können funktionieren.

In the City Stuttgart in Germany, a massive police operation against environmental protesters took place. More than hundred people got injured at the eviction of a local park in order to cut down trees for the construction of a new train station. There are many reports about police violence. A pupils' demonstration took place before the event, so lots of young children got injured Also, the protest is deeply rooted in the local population, so many average citizens took part.

The project in question, Stuttgart 21, is the plan to bring Stuttgart's main train station underground. The current railhead station is planned to be replaced by a through station. The majority of the local population is opposed to that project for various reasons. The new station has only eight tracks while the current one has 16. Before the project has even started, the costs have more than doubled, currently five billion Euros are expected – but even the governor of Baden-Württemberg, Stefan Mappus, admitted that it probably will be more than seven billion. Critics expect it to be much more.

For that, local public transport services have been cut down in the area. Various other savings in social services were done in order to finance the megaproject, for example the subsidies for pupils' bus tickets have been cut. Stuttgart 21 is not a public transport project, it's a public transport cut down. It is mainly an urban construction project, because it will free a large area of rail tracks. The city's mayor Wolfgang Schuster promised a referendum after his last election if the costs of the project raise – he lied, the referendum never took place. Two years ago, environmentalists tried to enforce a referendum by collecting signatures. But it was not approved due to legal reasons – the laws for direct democracy in Baden-Württemberg are upon the worst in whole Germany.

In the park beside the station 300 trees need to be cut for the project. For that reason, activists from the envrionmental organization Robin Wood and others have built tree platforms in some of them in the past weeks. Many average people had declared in advance that they will take part on acts of civil dissobedience to protect the park and called themselves „Parkschützer“ (park protectors).

The violent operation took place on the 30th september. Thousands of policemen evicted the park with water cannons, pepper spray and police batons. In the night, about 20 trees got cut. Afterwards, the local Interior Minister Heribert Rech defended the police act by saying that the protestors had thrown stones. Some hours later he had to admit that this was a false information. Still, and despite of hundrets who got injured, he and the local governor Stefan Mappus from the CDU (conservative party) claimed the police act was completely legitimate.

For (german) information see:
http://www.kopfbahnhof-21.de/
http://www.parkschuetzer.de/
http://www.bei-abriss-aufstand.de/

Please feel free to copy this article or parts of it. I want this information to spread.

Ich möchte heute mal etwas Werbung machen für ein gerade laufendes Volksbegehren zur Berliner Wasserversorgung, welches die Offenlegung von Geheimverträgen über die Wasserprivatisierung fordert.
Worum geht es? 1999 wurden die Berliner Wasserbetriebe teilprivatisiert. Die Verträge zwischen dem Land Berlin und den Unternehmen RWE und Veolia sind jedoch Verschlusssache. Es gibt Gerüchte, dass in den Verträgen eine Passage existiert, die den Unternehmen gewisse Gewinnmargen garantiert - notfalls auf Kosten der öffentlichen Hand. Das jetzige Volksbegehren fordert nun die Offenlegung der Verträge. Egal wie man zur Privatisierung steht - es sollte eigentlich eine Selbstverständlichkeit sein, dass bei einer so zentralen Frage wie der Wasserversorgung den Menschen alle Fakten bekannt sein sollten. Informationsfreiheit ist schließlich die beste Basis für jede weitere politische Diskussion.

Um ein Volksbegehren zu ermöglichen, müssen zunächst Unterschriften gesammelt werden - insgesamt 172.000. Zuletzt meldeten die Initiatoren 77.000 Unterschriften - also etwa die Hälfte. Das heisst es bestehen sehr gute Chancen, es wird aber vermutlich knapp. Bis zum 27. Oktober kann noch gesammelt werden.

Deshalb an alle hier mitlesenden BerlinerInnen: Druckt Euch ein paar Unterschriftenliste aus, lasst ein paar Freunde und Bekannte unterschreiben. Und verbreitet die Nachricht weiter - für Transparenz und gegen Geheimverträge.

In 2008, a rather interesting new kind of security problem within web applications was found called Clickjacking. The idea is rather simple but genious: A webpage from the attacked web application is loaded into an iframe (a way to display a webpage within another webpage), but so small that the user cannot see it. Via javascript, this iframe is always placed below the mouse cursor and a button is focused in the iframe. When the user clicks anywhere on an attackers page, it clicks the button in his webapp causing some action the user didn't want to do.
What makes this vulnerability especially interesting is that it is a vulnerability within protocols and that it was pretty that there would be no easy fix without any changes to existing technology. A possible attempt to circumvent this would be a javascript frame killer code within every web application, but that's far away from being a nice solution (as it makes it neccessary to have javascript code around even if your webapp does not use any javascript at all).
Now, Microsoft suggested a new http header X-FRAME-OPTIONS that can be set to DENY or SAMEORIGIN. DENY means that the webpage sending that header may not be displayed in a frame or iframe at all. SAMEORIGIN means that it may only be referenced from webpages on the same domain name (sidenote: I tend to not like Microsoft and their behaviour on standards and security very much, but in this case there's no reason for that. Although it's not a standard – yet? - this proposal is completely sane and makes sense).
Just recently, Firefox added support, all major other browser already did that before (Opera, Chrome), so we finally have a solution to protect against clickjacking (konqueror does not support it yet and I found no plans for it, which may be a sign for the sad state of konqueror development regarding security features - they're also the only browser not supporting SNI). It's now up to web application developers to use that header. For most of them – if they're not using frames at all - it's probably quite easy, as they can just set the header to DENY all the time. If an app uses frames, it requires a bit more thoughts where to set DENY and where to use SAMEORIGIN.
It would also be nice to have some "official" IETF or W3C standard for it, but as all major browsers agree on that, it's okay to start using it now.
But the main reason I wrote this long introduction: I've set up a little test page where you can check if your browser supports the new header. If it doesn't, you should look for an update.

For a while, I wanted to read the book "The Spirit Level" by Richard Wilkinson and Kate Pickett. But this blog entry is not about this book (I haven't read it yet). Since a while, I have such a nice ebook-reader (well, it's not that nice, read my older blogpost about it, but that's not my point here). I really hate it to carry around kilos of books and I also hate it to decide which books to take with me, so for the first time I tried to actually buy an ebook.
I found that penguin has this book. The price is 9,99 £ - interesting enough, the price for the paper variant is 7,99 £. Bits must be really expensive these days. Anyway, I thought 9,99 £ is still a price I was willing to pay, so I clicked on buying, created an account and so on. I was a bit confused when they asked me for the delivery adress, but hey, I don't mind. At the end, they told me that this book is not available for customers outside the UK.
I mean... it's hard for me to comment on that. How stupid is that? I really don't want to know the strange reason that might have be (I'm pretty sure it has something to do with international copyright law and collecting societies that are unable to arrive in the time of the internet, but I FUCKING DON'T CARE, I JUST WANT TO BUY A BOOK).
So I tried it further. Amazon has the book, but only for it's own ebook reader, the Kindle. All german bookstores I found only have the book on paper.
So - I still don't have the book. I could buy it on paper - but seriously, I don't want that. I bought an ebook-reader recently because I thought this gives me the freedom to read alternately in several books without carrying them around. I thought the time has come for that.
Maybe it's just that simple: The book publishing industry will have to die - just like the music industry, which sadly still refuses to do that finally.

(sidenote: I found that someone experienced nearly the same story - with the same book - and I even know that person. That happened purely by chance.)

Yesterday I read via twitter that the HP researcher Vinay Deolalikar claimed to have proofen P!=NP. If you never heared about it, the question whether P=PN or not is probably the biggest unsolved problem in computer science and one of the biggest ones in mathematics. It's one of the seven millenium problems that the Clay Mathematics Institute announced in 2000. Only one of them has been solved yet (Poincaré conjecture) and everyone who solves one gets one million dollar for it.

The P/NP-problem is one of the candidates where many have thought that it may never be solved at all and if this result is true, it's a serious sensation. Obviously, that someone claimed to have solved it does not mean that it is solved. Dozends of pages with complex math need to be peer reviewed by other researchers. Even if it's correct, it will take some time until it'll be widely accepted. I'm far away from understanding the math used there, so I cannot comment on it, but it seems Vinay Deolalikar is a serious researcher and has published in the area before, so it's at least promising. As I'm currently working on "provable" cryptography and this has quite some relation to it, I'll try to explain it a bit in simple words and will give some outlook what this may mean for the security of your bank accounts and encrypted emails in the future.

P and NP are problem classes that say how hard it is to solve a problem. Generally speaking, P problems are ones that can be solved rather fast - more exactly, their running time can be expressed as a polynom. NP problems on the other hand are problems where a simple method exists to verify if they are correct but it's still hard to solve them. To give a real-world example: If you have a number of objects and want to put them into a box. Though you don't know if they fit into the box. There's a vast number of possibilitys how to order the objects so they fit into the box, so it may be really hard to find out if it's possible at all. But if you have a solution (all objects are in the box), you can close the lit and easily see that the solution works (I'm not entirely sure on that but I think this is a variant of KNAPSACK). There's another important class of problems and that are NP complete problems. Those are like the "kings" of NP problems, their meaning is that if you have an efficient algorithm for one NP complete problem, you would be able to use that to solve all other NP problems.

NP problems are the basis of cryptography. The most popular public key algorithm, RSA, is based on the factoring problem. Factoring means that you divide a non-prime into a number of primes, for example factoring 6 results in 2*3. It is hard to do factoring on a large number, but if you have two factors, it's easy to check that they are indeed factors of the large number by multiplying them. One big problem with RSA (and pretty much all other cryptographic methods) is that it's possible that a trick exists that nobody has found yet which makes it easy to factorize a large number. Such a trick would undermine the basis of most cryptography used in the internet today, for example https/ssl.

What one would want to see is cryptography that is provable secure. This would mean that one can proove that it's really hard (where "really hard" could be something like "this is not possible with normal computers using the amount of mass in the earth in the lifetime of a human") to break it. With todays math, such proofs are nearly impossible. In math terms, this would be a lower bound for the complexity of a problem.

And that's where the P!=NP proof get's interesting. If it's true that P!=NP then this would mean NP problems are definitely more complex than P problems. So this might be the first breakthrough in defining lower bounds of complexity. I said above that I'm currently working on "proovable" security (with the example of RSA-PSS), but provable in this context means that you have core algorithms that you believe are secure and design your provable cryptographic system around it. Knowing that P!=NP could be the first step in having really "provable secure" algorithms at the heart of cryptography.

I want to stress that it's only a "first step". Up until today, nobody was able to design a useful public key cryptography system around an NP hard problem. Factoring is NP, but (at least as far as we know) it's not NP hard. I haven't covered the whole topic of quantum computers at all, which opens up a whole lot of other questions (for the curious, it's unknown if NP hard problems can be solved with quantum computers).

As a final conclusion, if the upper result is true, this will lead to a whole new aera of cryptographic research - and some of it will very likely end up in your webbrowser within some years.

I got selected for this years Google Summer of Code with a project for the implementation of RSA-PSS in the nss library. RSA-PSS will also be the topic of my diploma thesis, so I thought I'd write some lines about it.

RSA is, as you may probably know, the most widely used public key cryptography algorithm. It can be used for signing and encryption, RSA-PSS is about signing (something similar, RSA-OAEP, exists for encryption, but that's not my main topic).

The formula for the RSA-algorithm is S = M^k mod N (S is the signature, M the input, k the private key and N the product of two big prime numbers). One important thing is that M is not the Message itself, but some encoding of the message. A simple way of doing this encoding is using a hash-function, for example SHA256. This is basically how old standards (like PKCS #1 1.5) worked. While no attacks exist against this scheme, it's believed that this can be improved. One reason is that while the RSA-function accepts an input of size N (which is the same length as the keysize, for example 2048/4096 bit), hash-functions usually produce much smaller inputs (something like 160/256 bit).

An improved scheme for that is the Probabilistic Signature Scheme (PSS), (Bellare/Rogaway 1996/1998). PSS is "provable secure". It does not mean that the outcoming algorithm is "provable secure" (that's impossible with today's math), but that the outcome is as secure as the input algorithm RSA and the used hash function (so-called "random oracle model"). A standard for PSS-encryption is PKCS #1 2.1 (republished as RFC 3447) So PSS in general is a good idea as a security measure, but as there is no real pressure to implement it, it's still not used very much. Just an example, the new DNSSEC ressource records just published last year still use the old PKCS #1 1.5 standard.

For SSL/TLS, standards to use PSS exist (RFC 4055, RFC 5756), but implementation is widely lacking. Just recently, openssl got support for PSS verification. The only implementation of signature creation I'm aware of is the java-library bouncycastle (yes, this forced me to write some lines of java code).

The nss library is used by the Mozilla products (Firefox, Thunderbird), so an implementation there is crucial for a more widespread use of PSS.

Gerade gibt es ja eine ganz spannende Debatte über die Zukunft des gebührenfinanzierten Fernsehens und die GEZ.

Bislang ist es ja so, dass man Gebühren zahlen muss, wenn man ein Gerät besitzt, welches zum Emfang geeignet ist. Ob man es auch nutzt, um öffentlich-rechtliche Sender zu empfangen, ist dabei egal. Nun wird argumentiert, das sei so, weil die Sender einen Bildungsauftrag hätten, deshalb müssen auch die zahlen, die das Angebot garnicht nutzen.
Dabei gibt es zwei große Probleme: Es ist erstmal total unlogisch, wieso ausgerechnet der Besitz eines geeigneten Geräts kriterium sein soll. Wenn die Sender der Allgemeinheit dienen, wäre es nur logisch, wenn alle zahlen. Zweitens ist natürlich die GEZ geradezu berüchtigt für ihr rücksichtsloses Vorgehen und aus Sicht des Datenschutzes eine riesige Katastrophe.

Nun wird vorgeschlagen, das ganze, was eigentlich nur logisch ist, auf eine Haushaltsabgabe umzustellen. Jeder muss zahlen, die GEZ wird faktisch abgeschafft (zumindest deren fragwürdige Schnüffelabteilungen). Interessanterweise finden das scheinbar gerade alle von den Sendern über alle Parteien hinweg gut. Womit ich ein bißchen Bauchschmerzen habe ist allerdings die Tatsache, dass die Gesamthöhe der Gebühren gleich bleiben soll.

Die Begründung, warum es einen öffentlich-rechtlichen Rundfunk geben soll, Bildungsauftrag, Programm für Minderheiten, Gegenstimme zum Privatfernsehen etc., kann ich alle gut nachvollziehen. Das muss aber auch im einzelnen begründbar sein und Sinn ergeben. Keinen Sinn ergibt es für mich aber, wenn ARD/ZDF regelmäßig hohe Beträge für Fußballübertragungen oder Boxkämpfe ausgeben. Rein interessehalber wollte ich mal feststellen, was das denn so ausmacht und bin auf einen Artikel von 2005 im Handelsblatt über die WM-Übertragungsrechte für 2010 gestoßen: Die Kosten für die Übertragungsrechte sind ein Betriebsgeheimnis! Geschätzt werden sie etwa auf 180 Millionen Euro bei 90 Millionen Euro Werbeeinnahmen (zum Vergleich: Der Gesamthaushalt der ÖRs liegt bei etwa 7 Milliarden).

Hier hört für mich jedes Verständnis auf. Wenn die Öffentlich-Rechtlichen für sich in Anspruch nehmen, im Interesse der Allgemeinheit zu handeln, dann muss dieses Handeln zuallererst mal transparent sein. Weiterhin wünschenswert wäre, wenn es sowieso zu einer Reform kommt, eine Debatte: Was ist wirklich im Interesse der Allgemeinheit und was könnte man sich ebensogut sparen - und die Gebühren entsprechend senken.