What you say!

Sometimes, when the intarweb-connection (da tubez) is crippled, I just fire up some ssh-connection and use SOCKS over that ssh-connection tunneled through that ssh-connection. In that case I can tell all my local applications to use a SOCKS-proxy at 127.0.0.1:$some_port – nifty nifty!

However, one application on that Windows-laptop simply refuses to work today (although it used to work yesterday) so I fired up Wireshark to figure out what could be wrong.

Started, went to “Capture -> Interfaces” and gazed. Where’s the loopback-device? You know, 127.0.0.1. Gazed again. S’not there. Hu. Started to read the Wireshark documentation, then started to read the Winpcap FAQ where I found that:

Q-13: Does WinPcap support the loopback device?

A: No. Only physical interfaces are supported. This is a limitation of Windows and not of WinPcap.

WTF? Argh…

Schily, Schily, oy oy oy

My “favourite” politician, Mr. Wolfgang Schäuble, Home Secretary of Germany, was interviewed by the newspaper TAZ.

I almost spilled my coffee over my keyboard while reading the interview. I knew that he’s absolutely for Law and Order but I couldn’t imagine that he’s that ignorant about what the citizen think about his plans to introduce a governmental trojan horse, which should infiltrate terrorist’s computers. It’s about security, isn’t it? (And the children. And world peace. Are you against the children or what? Either your’re with us or the terrorist.)

Some examples:

TAZ: Mr. Schäuble, are you Germany’s highest ranked hacker?
Schäuble: No, I don’t get into any computer, and frankly I don’t really know how the police is doing that. I barely know what a trojan horse is.

TAZ: Are you afraid of those so called trojans, means e-spionage software?
Schäuble: No, in general I never open attachments in email, where I’m not sure about it’s origin. And also I’m a decent guy, the BKA [German Federal Police] doesn’t need to send trojans to me.

TAZ: 10,000 citizen are planning to file a constitutional complaint against the mandatory data retention. Don’t you get contemplative about that?
Schäuble: That doesn’t bother me any more.

Once again I’m totally convinced that the politicians don’t give a damn about the citizen’s opinion. They try to justify every surveillance measurement with the terrorism/child-porn/internet pirate argument.

To quote Kurfürst Friedrich Wilhelm v. Brandenburg:

“Es ist dem Untertanen untersagt, den Maßstab seiner beschränkten Einsicht an die Handlungen der Obrigkeit anzulegen.”
(Flaky translation: “It’s forbidden to the subject to apply the standard of his limited views to the acts of the authorities”)

Happy hacking.

Tech Tags: law privacy rants

The Linux Magazine, TOR and bigotry

Update: Just hours later i can access the website via TOR. Nice that they reacted that fast. Or maybe not all TOR exit-nodes suffer from this message?

Update 2 (Wednesday): Something doesn’t seem to be so right, more people are complaining about the same problem on various websites so that i started an analysis if there’s something wrong with the Tor-system itself.

Update 3 (Friday): I finished my analysis and I’m not so sure anymore what’s really going on: A formal excuse to the people of the Linux Magazine, ideas about how to proceed.

This morning a friend of mine sent me a link to an article at the Linux Magazine; i pasted the link into my Firefox’s URL-field, pressed on go… and i got redirected to a very strange URL, “http://www.linux-magazine.com/frame.aspx?\
u=http%3a%2f%2flanding.domainsponsor.com\
%3fa_id%3d1637%26domainname%3dlinux-magazine.com\
%26adultfilter%3doff%26popunder%3doff&r=\
SUSPECTED+UNDESIRABLE+BOT“. (backspaces mine)

(click to see full picture, stupid theme clips pictures at 480px)

That made me suspicious, maybe there’s a typo in the URL? Checked, asked my friend, she said “no, the URL is correct” – other people also said that they don’t have any problems. Then I remembered that i was using the TOR-network. I told Firefox not to use TOR, called up the same site, and…

(clicky-click)

I’d like to point out their article named “TOR and Privoxy: Protect your Privacy by covering your IP-address”. Obviously there seems to be a disagreement between the editor of the Linux Magazine and the webmaster of Linux New Media about what’s appropriate content and who’s considered to be a good client and who’s not. Good clients do not need to hide themselves! People who try to protect their privacy can only be evildoers! Obey!
The URL gives a hint: “SUSPECTED+UNDESIRABLE+BOT“. “Suspected” comes from “suspicious”. “Undesirable”. “Bot”? Not me.

Disappointing. Maybe someone just tried out a new blacklist-feature and didn’t really bother about the implications. Considering that TOR is one of the very few alternatives for certain people living in oppressive countries to access the interweb freely, the Linux Magazines gives a very bad example for the rest of the web.

Filed under rants. I’m disappointed.

Tech Tags: TOR Privacy rants

I hate my mobile-phone

I have a Sony-Ericsson K600i phone. I hate it. If 3G is enabled, it runs out of juice in less than three days if I’m not really using it. And now what that little bastard does to tell me that it’s almost out of energy? It blinks, it vibrates and makes a lot of noise. Thank you, Sony-Ericsson! You are soooooooo clever!

And the keys suck too. They’re just so damn small, you can barely press them with your fingers, you need to use the fingernails.

Although i have to admit that the rest of the phone is quite OK, i’ve had worse phones than this one. But the blinky-vibrating-no-energy-alert is stupid.

Tech Tags: rants

BOINC: Why you should care about the credit-system

The probably heaviest request from users during the last BOINC user-survey was definitively “Introduce a more fair credit-system”. It’s still kind of frustrating that some projects hand out lots of credits per CPU-hour where others are more close-fisted with their credits. And there’s also the issue that we have “calibrating” BOINC-clients which sail around the known credit-issues and manipulate the claimed credits for a work-unit.

Some people consider this cheating, others claim that this is self-defence – their argument is “why should we get less credit in total even if we crunch more data per day?”

Both have a point, so some projects finally decided to go away from the naïve BOINC credit-scheme (which is based on the internal benchmarking algorithm) and create their own, CPU-hour based scheme.

For instance, Einstein@home recently “tuned” their credit-calibration (1) again to be more fair – silently – which caused an outcry from some people because they’ll issue less credits in general now. Rosetta@Home introduced a new credit-mechanism as well, but is more transparent (transparency is the major pro for Rosetta@Home anyway).

Why would someone who’s into science care about the credit-system anyway? There’re several reasons: Motivation and individual success is the absolute base for public voluntary distributed computing, something which some people out there didn’t understand yet. If you want to build up and maintain a large user base you need to give them incentives. Credits, public blessings, and – important – constant reports about the project’s success which show more than just how many percent of the project is already done like RC5 does. (OK, i have to admit, there isn’t much to report in the RC5-project, but you get my point, don’t you?)

And that’s the reason why you have to care about how many credits you issue and how you discuss the credit-issue in public – never underestimate the so-dubbed “credit-whores” – they’re your user-base and might wander of to projects which hand you more credits. If you’ve lost a user you’ll never get him back – most probably.

Be opportunistic and go for the high-performers even if they’re just after the credits. Be nice to your users and give them real reports every couple of weeks. Participate in the fori and give your users feedback. If possible, organize parties to meet your users (no one ever said anything about that you should pay). Optimize your science-application and be as fair as possible with the credits. Take rants and criticism serious. If people start optimizing your science-application: Embrace the changes and let them take part in the validation-process.

Remember: Even if tuning your science-application to be as efficient as possible takes a lot of effort, remember: Your users will thank you because they can crunch more data and you push your project onto a new level.

Corrections:

(1)

Bernd Machenschalk from the Einstein@Home-project correctly pointed out that they did not change the credit-system but only the calibration of the system they’ve introduced with the S5-run.

Tech Tags: distributed computing BOINC rants

Movie Plot Security: On the implausibility of the explosives plot

I’m still completly out-of-service because of that spider-bite (it apparently was one). Wireless network is working currently so i got lot’s of time to surf the net:)

A friend from IRC posted me an interesting article (thanks roam, good read!) by someone who’s really into chemistry and security and he completly dismantled the plausibility of the recent terrorist-plot. What he basically says is that the explosive which should’ve been used are impossible to synthesize on board of a plane.

It was claimed that the terrorists wanted to use hydrogen peroxide (H₂O₂) and sulfuric acid (H₂SO₄) to create an oxidizer known as “piranha bath” – one of the most evil substances you can imagine – and mix it with acetone (aka “nail polish remover”) to create acetone peroxide, which is a nasty explosive.

The whole problem with this plot is that it’s almost impossible to mix those substances on a plane, the terrorist would kill himself – and probably only himself – while mixing the ingredients. No explosion? No fame for those pesky terrorist!

David also compiled a list of other substances which should’ve been banned in the first place because they are intended to kill people:

baby powder

replace with potassium cyanide + dry carboxylic acid – add water from the toilet – voilá! – hydrogen cyanide gas (aka the stuff some american states use in their gas-chambers)

elderly gentleman’s cane

Made of aluminum and iron oxide – aka termit! Burn a hole in the plane. Yay!

Laptop computers and mobile phones

Those wonderful lithium-ione batteries – crack open, mod a bit, instant hellfire

Liquor bottles

Molotov cocktails

Books, magazines, pants and shirts

nitrate it, make Nitrocellulose

The people’s colons and chests

Place to hide bombs

David’s conclusion:

“about as many people die in the US every month in highway accidents than have died in all our domestic terrorist incidents in the last 50 years. Untold numbers of people in the US are eating themselves to death and dying of heart disease, diabetes, etc.”

Happy terrorist hunting!

Edit: Added the “replace with” ’cause people were asking “wow, didn’t know that baby powder is that dangerous“.

Tech Tags: security

The facts: Sipgate not reachable any more

OK, Sipgate‘s support was quite helpful, although a bit confusing.

After my first email where i asked if it’s correct that Sipgate subscribers aren’t reachable from other networks than their own, they said:

“Sie sind, nach wie vor, aus allen Netzen wie bisher erreichbar. Sie sind lediglich nur von unseren Partnernetzen aus gebührenfrei zu erreichen.”
(“You’re still reachable from all networks. Just that only calls originating from our and partner-network are chargefree only”)

This was a badass sentence; i read it as “you’re reachable – nothing changed.”

But it actually meant: “You’re reachable via SIP from our and partner-networks – from other networks you need you be called by the PSTN-number.” – which is not free of charge.

They wrote:

Hallo Herr Janssen,

Verbindungen über Ihre SIP-URI sind nicht mehr möglich. Verbindungen von anderen Providern die kein Partnernetz sind, müssen die
Verbindung über das normale Telefonnetz abwickeln. Dem Anrufer wird dafür ein normales Gespräch berechnet. Anrufer aus unseren
Partnernetzen erreichen Sie weiterhin kostenlos.

Intern im sipgatenetz sind Sie weiterhin über Ihre Rufnummer und Ihre SIP-ID erreichbar.

(“Connections via your SIP-URI aren’t possible any more. Connections from other Providers who are not our partner have to use the fixed network. The caller has to pay a regular fee for a normal phone-call. Calls from partner-networks are still free of charge.

Inside the Sipgate-network you’re still reachabl via your phone-number and SIP-ID.”)

Allright, they changed their business completly. They want to make profit of inbound calls like normal fixed-network carriers or mobile phone providers do. That’s apparently quite a big business and Sipgate wants it’s piece of cake.

Sipgate has a list of partner-networks on their homepage from which Sipgate-subscribers are reachable.

Sipgate-subscribers are not reachable from any other network via SIP.

Sipgate-subscribers won’t be reachable by kphone, gnomemeeting or any other application which can establish direct SIP-calls if you do not use a registry which is Sipgate’s partner.
A pity, a real shame. I still got a handful of Euros on my prepaid-account, i guess i’ll get rid of these.

What i find really disturbing is that Sipgate didn’t inform their customers. Why do i have to learn this from 3^rd party services? Why didn’t they write an email? Why did i have to spend two hours of my spare-time to figure out what’s going on? Thankfully i have a choice of a bunch of other registries which still offer SIP-service as you want it: Not necessarily free, but reachable by everyone who follows the SIP-protocol.

What are they going to do next: Will QSC stop receiving emails from T-Online because net-neutrality is for commies?

Tech Tags: sipgate e164.org voip rants

Still WTF: Sipgate to *charge* for inbound SIP-calls

Note: This article is not correct; further support-requests revealed something else, see http://itnomad.wordpress.com/2006/08/10/the-facts-sipgate-not-reachable-any-more/ for details. –alex.

OK, all hell broke lose: Sipgate Germany is going to charge for inbound SIP-calls if the inbound call does not originate from a “partner network”.

My questions and their answers in german:

Hallo Herr Janssen,

> “bedeuetet dies, das eingehende SIP-Gespraeche ueber Internet von anderen
> Registraren, wie meinentwegen dus.net oder telio.no – so fern dies keine
> Partnernetze sind – auch ueber IP kostenpflichtig werden?”

Das ist richtig.

> “Was, wenn mich meine Frau von meiner Asterisk-Anlage auf meinem Laptop mit
> meinem Sipgate-VOIP Client erreichen will?”

Wenn Ihre Frau einen Sipgate Account dazu benutzt, bleibt das
Gespräch gebührenfrei.

I think they need serious consultancy, they apparently didn’t understand the concept of Voice over IP – or they just have some really unclever marketing which tries out new “business models”.

They are doooooooooooomed!

Alex.

WTF: Sipgate to ban inbound internet SIP-calls??

I just got this email from e164.org, a service which maps my SIP-address on my assigned phone-number in DNS:

We were notified this week that SipGate no longer allows calls to
their users by anyone else on the internet. While this is their
prerogative we have a few suggestions so you are still able to
receive calls in future.

An option would be to sign up with http://www.VoXaLoT.com. One of
their primary features allows you to register with multiple
providers similar to having your own asterisk setup.

Alternatively you are also able to point a DynDNS.com host name at
your handset and by-pass upstream proxy server limitations.

Please note that all enum entries containing SipGate will be removed,
you will not need to re-verify your phone numbers, you will just
need to add new SIP URIs.

e164.org Support
support@e164.org

What the hell? This sounds pretty much like suicide to me! I don’t think that Sipgate is that stupid to piss of their customers?

Does anyone have more news on this?

Tech Tags: sipgate e164.org voip rants

Microsoft: What’s that CCS hype? Gna!

I don’t know what’s wrong with all the people. Microsoft recently released their Windows Computer Cluster Server 2003 (CCS) and everybody is acting like they’ve just found the holy grail – everybody is praising MS for bringing peace and prosperity to us unworthy mortals.

Like with this article at Supercomputing Online today. This article is full of buzzwords and absolute nonsense. Like the sentence “High-performance computing [...] is about to become as readily available to auto designers and engineers as laptop programs.”

Oh yeah, those lucky car-designers! So what does this sentence mean? They go on further:

“With the introduction of Microsoft Windows Compute Cluster Server 2003, HPC will help the automotive industry implement brand-new methods to help achieve the following goals:

– Predict and prevent defects
– Improve collaboration
– Automate previously complex and arcane systems
– Gather real-time information from vehicles on the road”

So this is new with Windows’s approach to HPC? What new approaches?

“In a white paper released today [...] experts [...] offered predictions regarding the way HPC will be used with the availability of compute clusters — a collection of small servers that can be accessed from desktop or laptop computers.”

How could we ever live without Windows CCS 2003 I ask?

One of my favourite sentences:

“Until now, the expense and complexity of using HPC during design phases often has prohibited engineers from finding faults with components or systems until vehicles are on the road.”

So MS Windows CCS 2003 corrects errors in the design-model?

This article is absolute nonsense. Supercomputing Online should mark their articles as “advertisement” and stop hiding ads in supposed “serious” articles. I’m really disappointed.

It is about time to remind the people that Microsoft Windows CCS 2003 is nothing more than Microsoft’s implementation of MPI with a nice package and some pretty good management tools – but they didn’t invent the technology or reinvented the business or had a major breakthrough in cluster-technology. Please stop talking funny. Please calm down.

The quoted whitepaper wasn’t referenced.

Tech Tags: microsoft hpc rants