English - 21

Xiaoyun Wang, chinese cryptographer and well known for her analysis of the SHA1 function, was not allowed to travel to the US to attend the Crypto conference starting today (via Bruce Schneier).

Too bad, because she discovered some new results on the attacks on SHA1, which reduce it to a complexity of 2^63 to generate a collission. Adi Shamir, well known cryptographer and one of the RSA-inventors, presented these results.
These news are important, because 2^63 is a complexity that can be broken with todays hardware if you invest enough money and time. This would be an interesting project for distributed computing, although I don't know if the attack can be implemented on common hardware (maybe someone with cryptographic experiences wants to comment if this is possible).

Too bad that most software devs have not noticed the recent results on hash-functions. Most of them still use MD5 (which has been broken about a year ago), SHA-1 is widely used. The GNU Coreutils don't have any tools for modern hash-functions, same goes with most programming languages (PHP, Python), while they implement some sort of md5sum or sha1sum, no sha256sum or whirlpoolsum at all.

I recently installed privoxy and tor and Lars asked me to write some words about it. So here it goes:

Privoxy is an ad-blocking proxy, which means it filters out banners, pop-ups and other annoying stuff. It's highly configurable, but I use it in the basic configuration, which should be enough for most needs. The advantage is that privoxy, unlike for example the firefox ad-block extensions, can be used within any browser. It's the successor of junkbuster.
tor is a project by the Electronic Frontier Foundation, an internet anonymizing system. It's internals are complex, but the basic funktion is that you connect encrypted to a tor-node, it forwards your request through several other tor-nodes and then it get's answered. It doesn't provide full anonymity, you have to trust the tor-node you connect to. But it's definitely better than nothing.

Both integrate well, if you are a Gentoo user, just emerge tor pricoxy, add forward-socks4a / localhost:9050 . to your /etc/privoxy/config, copy the torrc.sample to torrc (in /etc/tor), add both to your runlevels (rc-update add tor default, rc-update add privoxy default) and you are done.
Now set your Browser to use Proxy localhost and Port 8118.
For other Linux-Distributions, it's probably similar. I have no idea if and how tor and privoxy work on other OSes (especially the evil one with the W), so don't ask me, you'll have to find out yourself.

This will save you some privacy and you'll get rid from a lot of internet ads.

Note: tor had some security-issues recently, so take care that you use the latest version available (0.1.0.14).

Stefan Esser, who writes a blog about php security that is really worth reading, discovered several vulnerabilities in the PEAR XMLRPC lib. Various PHP applications use this, especially all major blog-systems, including wordpress and serendipity. So please update your blog-software.

As I often wrote about free films in the past, this might be of interest:
Project Orange, an effort to create an animated Movie, based on the free software Blender and all content released under a Creative Commons license. Looks promising, surely worth to keep an eye on it.

Finally I managed to upload some pictures. Last day on "What the Hack" and I'm pretty tired. I decided to go back home today, although I originally planned to travel to some other outdoor-camp, but after these rainy days, I'm no longer motivated for this.
This morning I was watching a talk by John Gilmore about Digital Rights Management and the DMCA. He's a member of the EFF. It was interesting to hear from someone involved in those issues in the USA.

I watched two other talks today. The first was from Richard Lawrence about the energy problems of an oil-based civilisation and had a proposal for creating a computer model about the energy reserves of the world in the tradition of the "Limits to growth" and "Beyond Oil". Was very interesting, while I think that his view was a bit limited to certain aspects.

The second was a very interesting talk from Andreas Bogk about todays operating systems and their problems, especially the use of C, which suffers from Buffer Overflows and other security issues that could be faded out by the programming language. He suggests rewriting a whole operationg system from scratch using the Dylan programming language.

Okay, the weather here is really terrible, it's switching between raining and very hot sun weather. So yesterday I wasn't motivated to watch many talks.
In the evening there was a very interesting talk from John Gilmore about drugs and medical research. He is working on a project to find out if MDMA (Ecstasy) and other illegal drugs could be used as a legal medicament for certain issues. He's a very impressing person. At the end, the discussion turned from the medical view to drug politics in general.
This morning I was watching a talk about hashing functions, which again stated that it's no good idea to use SHA-1 and MD5 any more.

Okay, just arrived at What the Hack, after a more-than-12-hour-trip.
I managed to hitchhike till a place near Duisburg when I gave up and switched to the train.

I noticed that while I was on a lot of computer-events in the past, I never was on an event like this. The mood is very nice, lot's of colored lights around, deep in a forest and tents all over. You can see a first impression here, more will follow.

Tomorrow I'll travel to the Netherlands for the What the Hack, I'll try to get there by hitchhiking. As always, you can expect live-reports from the event in my blog.
What the Hack is a international conference in the tradition of HIP, HAL and others. I sadly never managed to be there in the past years.

About two weeks ago, I had some problems with my wrist, probably due to PC usage. Although the pain in my wrist disappeared a few days later, I decided that I need to improve the epgonomics at my workspace. I bought a seperate keyboard, a gel pad for my wrist and a wacom graphics tablet.

I'm now starting to learn Dvorak. Dvorak is an optimized keyboard layout, because the default querty/quertz layout was created for technical reasons in the age of typewriters. There are a couple of german dvorak layouts out there, but no standard at all, drivers are usually not available for different systems and thus useless, so I'm using english dvorak with the Umlauts mapped on AltGr-combinations (like Pylon also did).
I changed the keys to comply dvorak as good as possible to learn it. I added two icons to my Kicker to be able to switch if I need to write something fast. I'll try to use this rarely.

This was my first blog entry completely written with dvorak.

Tomorrow there will be the (probably) last discussion about the EU directive on the patentability of computer-implemented inventions in the EU parliament in Straßbourg, the decision will be on wednesday. This is a very important decision for the future of the free software movement and software development at all.

I'll be at the protest actions in front of the parliament on both days. If you live nearby Straßbourg, consider to join us as well at 8h on both days.

noepatents.eu.org
Weblog of attac

Update: There is also a web-demo for webmasters to replace their frontpage.

Another Update: Pictures from the demo in my gallery.

Yesterday I forgot to take my laptop-powerplug from linuxtag with me and as my battery was quite empty, I couldn't blog yesterday. So here are some more impressions from Linuxtag.

Luminocity - Eyecandy for X

After I saw it at the X.org-booth on Linuxtag, I had to try out the nifty features the xorg-devs are working on. One really nice thing is luminocity. You have waving windows, which looks really cool. I found a HOWTO in the Gentoo Forum, which worked right away. I was really impressed by the performance of waving, half transparent windows. I also made a small video of it (it's ogg theora).

While many people may think this is just playing around, imho eyecandy is quite important. That's one of the reasons why MacOS X is so successful. I'm really looking forward when those features will be available on usual desktops.

Reverse engineering Microsoft cubes

At the Microsoft-booth on Linuxtag, you could get some nice white cubes with colored lights in it. Sadly, they had no open interface for it, so we tried to reverse engineer them. We weren't able to install Gentoo on them yet.

Geekish art

A project at the Linuxtag was creative geeks, a group of people creating creative commons licensed art with linux stuff (e. g. tux-pictures).
Another very nice thing were the konqi-videos from kde, they are made with blender. I didn't know that blender is that good (though I'll probably never learn how to use it).

Today, the Linuxtag in Karlsruhe started. I'm present at the gentoo booth.
Impressions from the first day: According to the Linuxtag blog, Ute Vogt from the german government helt a speech and spoke against software patents, which is opposed to the politics of the german ministry of justice.

As I already told yesterday, a couple of software patent lobbyists are present, especially Sun, HP, Intel, IBM and Nokia. I asked at the Sun booth for an opinion and the answer was basically that nobody is there who can give a statement. I plan to ask the others as well, it might be a good idea if others would do this as well.
I also plan to ask other companies about there opinion and if they are opposed to software patents, if they would support the economic majority campaign.

Mirabile of MirOS asked me to create an ebuild for mksh, which I did, and he promised to spend me a beer for it ;-)
I'm currently at the AKK, but didn't see him to get it.

Pictures are here

I've written a longer article about free software and the demoscene, I hope it'll be published in the hugi discmag.

Update: Changed some parts of the article by the feedback of Adok/Hugi.

This picture looks really nice, and it's getting better every day. You can also add your picture to it and join the online demonstration against the EU software patent directive.
The software patent decision is really important for the future of free software. While I doubt that free software can be stopped by competition products for the long term, legal threats are and will be a real problem for all of us foss-developers.
Join the online demonstration here.