tg

Finding serial interfaces for beginners

2015-01-04T04:02:38+01:00

What I'm describing here probably isn't news for a lot of people, but I think some might find it useful anyway. If you're tinkering with any embedded device and don't really know how to get started, it always makes sense to look for a UART interface where you might be able to get a console interface to the device.

But how to find it? Turns out this is usually really easy!

Needed:

Device
Multimeter with 2 probes

How?

Usually the UART interfaces are extremely simple and operate at 3.3 V. Basically you need only 3 contact points on the board for a full console.

TxD: This is where the board sends data
RxD: This is where it receives
GND: Just a grounded connection

Usually the boards have a connector or some pads with 4-8 connections, best look for a connector with 4 Pins first. Additionally this will include a VCC connection, this is a connection directly to the boards power. Usually this will be 3.3 V and you should find this pin, but not touch it (as we don't need it).

Set your multimeter to continuity testing (or if not available to low Ohm measurement)
Find the GND pin. To do so, just touch your probe to a known grounding point, which might be a pad on the board labeled GND, or if there is no marked one, use a metal shielding of some component or the metallic border of a drill hole.
Turn on your device.
Set your multimeter to single digit voltage scale (x.yz V).
Find the VCC pin. This one will have consistent 3.3 Volts - measure against GND.
Find the TxD pin. Here you will see changing voltage. It will change between 1.5 V and 3.3 V.
Find the RxD pin. It is probably next to the TxD pin and will show no voltage.

If the steps are successfull you very likely have found your UART interface!

Moving on

Now to find out if it really is an UART and to access the interface, you'll to connect via a serial console program. It's however not as easy as just attaching your RS232 adapter, because it operates at 5 Volts.
Instead you'll either need a level shifter, or easier, a integrated device that does this for you. I'm using a bus pirate, a inexpensive and really nifty device that is useful in a lot of other situations.

Just connect the TxD, RxD and GND pins to the devices appropriate connectors. Again, you won't need VCC, so don't connect it. To find out the baud rate, its easiest just to guess try. Fast devices will often use 115200 bauds, other than that 9600 and 38400 bauds are very common.

I've made a little sketch that shows you what this will look like on many devices. The black dot would be a GND point, below the 2 drill holes.

Blogofile -> Pelican

2014-03-02T01:44:11+01:00

After running blogofile for four years (who knew it was that long with the little posting i've done :) and getting less done with it than I hoped, I finally decided to move on again. The main reason is, that Blogofile is basically unmaintained and writing custom controllers was harder than it should be (and documentation clearly lacking).

So I looked around for alternatives and found surprisingly few that were interesting to me. The requirements were:

simple static blog compiler
solid templating engine
python
markdown support

The only one that fit well was Pelican so I decided to give it a go. Migrating was surprisingly straight forward and done in basically half a day (that includes understanding Pelican, porting the CSS, moving all posts over, and implementing every missing feature I used to have in Blogofile in the Pelican templates.

I'm not 100% happy, but so far Pelican seems nice enough, everything works (even better than before). A few of the problems I have:

the design seems unnecessarily complicated, compared to blogofile
the error handling is quite poor, it is basically impossible to get useful error messages
the documentation could be better (still much better than Blogofile though)
the performance is a bit poor (but acceptable)

However, there are also positive points:

development seems quite active
jinja2 is a nice templating engine
there are a lot of modules
powerful features
AGPL licensed

So all in all I'm happy with my choice, lets see if it stays that way. To get started, I wrote a tiny deployment tool (in zsh script), that might be useful for others - as everything on here, it is of course publicly available.

Custom modules are planned next.

By the way, in case you're wondering: yes, it looks pretty much exactly like the old site, the CSS was easy to port. Also, I finally fixed the mobile view, it is now as fully functional as the desktop site.

script to play a random series episode

2013-05-04T21:00:00+02:00

I love to watch TV shows, and often have them running at random in the background. Thus for some shows (like Futurama, Family Guy, Mitchel and Webb...), I don't really care about which specific episode is running.

Because picking one at random manually is a) stupid and b) boring, I used to use a simple, but really horrible, shell one-liner to pick one. Now I finally decided to replace it by a more flexible and much much nicer implementation, written as a simple zsh shellscript. It uses only zsh magic and no other tools.

Maybe someone else finds it useful, for details see the short description in the script, it's really trivial and works very well.

You can get it here: https://github.com/tg--/scripts/blob/master/rsplay.zsh

Using a google account as OpenID

2012-05-25T18:40:00+02:00

You might have a Google account, and encountered various websites and services who allow you to log in with for example a Facebook account, a Google account or an OpenID account.

As usual, Facebook wants (or rather forces) you to use their services exclusively, so if a Facebook login is the only possibility, you're screwed.

Google however tends to use open systems, and they do this for logins, too. Even if a website requires you to log in using your Google account, it is using Googles OpenID services. Unfortunately you're still screwed: if the site supports the Google account excuisively, it will have the Google OpenID URI hardcoded.

Now for the good news: if a site offers OpenID login directly, you cannot only use any OpenID provider you'd like, you can also use your Google account. Unfortunately, it is (imho) less than obvious - Google doesn't provide a short, practical URI for this purpose. The Google OpenID URI is https://www.google.com/accounts/o8/id.

Not terrible, yet inconvenient, because you'll have to type it in if there is no huge "Google Login" button.

To make it easier, I first tried various link-shorteners, but this usually doesn't work, because redirections are usually not possible at OpenID logins. Also, while Google allows you to use your "Google Profile" for HTML redirections, this requires you to have a Google+ account, which you might not want to have.

However, there is a solid possibility, using your own domain: Just do a hard rewrite.

In nginx this could be done like this:

server { listen [::]:80; server_name id.example.tld; rewrite ^ https://www.google.com/accounts/o8/id permanent; }

Now just type id.example.tld in your OpenID login field, an Google will log you in. For other webservers it should work in a similar fashion.

A Change of Seasons

2011-10-28T22:00:00+02:00

I haven't really had any spare time I felt would be best spent writing something here lately, so I think it is at least time for a short update.

The title is not only one of my favorite Dream Theater songs (if you can call 23 minutes a song) - here it also means that my favorite time of the year is coming. And yes, apparently you can go skiing in October. :)

2300m:

3200m:

Now, off to Sweden.

Trust issues (and the web), 03 - Convergence

2011-09-23T01:00:00+02:00

In a previous post I promised that I would check out some of the solutions that promise a safer and thus better web.

This is part two, Convergence.

How does it work?

Convergence replaces the certificate authorities (CA) used traditionally in SSL by an independent distributed authorities, called notaries.

It totally ignores the CA that issued a sites certificate and instead checks the certificate over all activated notaries. These can be added, removed or disabled on personal preference; so you don't have to trust a bunch of faceless corporations which are each a SPOF in the whole concept(!), but can instead trust a number of notaries working together.

This can be one of your own servers in your LAN (providing no MITM security towards the internet), another one of your servers reachable over the internet, and the server of people or organizations you may or may not trust all over the world.

Than you can decide if it is enough for you if only one notary validates the requested certificate - bad idea, perhaps even a little worse than the CA system. However, the default is to gain a majority validation. This means every active notary will be checked and if most of them (to be exact, the simple majority) validate, convergence accepts the certificate. The last option is to only accept absolute concensus of all notaries, what makes authentication fail if one notary either gets the wrong certificate or is not reachable.

Upsides

totally bypasses the CA system with all its issues
makes self-signed certificates fun!
totally user-configurable
usually fast

Downsides

addon needed (could change if browser vendors adopt the concept)
first-time-configuration needed (add notaries - could change if browser and os vendors included a basic few)
can cause slight delays if one of the notaries is slow

Conclusion

I think convergence is a great idea.

The concept is well-thought, the implementation is solid and a pleasure to use. Even usually painful self-signed certificates work like a charm because convergence doesn't care about CA's. You are always in control, which of course means you have to make sure you have a number of notaries that can be trusted.

Of course everything is open source and so far the addon as well as the notary-server are constantly under (very active) development. It is easy and reasonable to run your own notary, for yourself or for others. It is largely written in python, and light on (very reasonable) dependencies, so if you feel like participating, I don't see any reason why not.

Long story short: great concept, great implementation: get it!

Flashrom support for AMD SP5100?

2011-09-13T23:30:00+02:00

I recently bought a very neat little Supermicro mainboard, with AMD's Socket C32 and a SP5100 chipset.

I did so because it is neat hardware, I needed to replace my home-server - and mainly because it is supported by Coreboot. Unfortunately, it turns out that there is no version with a socketed BIOS chip out there (and resoldering a SOIC16 socket isn't easy) despite some pictures showing it. Even more unfortunate was that it turned out that flashrom didn't support flashing the board either.

The reason for this is, that AMD's Soutbridge 700 series makes noise on the SPI bus with its IMC (Integrated Microcontroller), so you can't safely flash because data gets corrupted.

Luckily AMD has recently released a new version of the SB700/SP5100 register datasheet that documents how to turn the IMC off, and Frederic Temporelli has already added support which is waiting for inclusion in flashroms inbox: 1/2 and 2/2.

I haven't tried it out yet, but I'll do so in the next couple of days.

Trust issues (and the web), 02 - Web Of Trust

2011-09-11T18:00:00+02:00

In my last post I promised that I would check out some of the solutions that promise a safer and thus better web.

Let's start with Web Of Trust (WOT).

In contrast to some of the other things I plan to take a closer look at, WOT is not related to transport security or any cryptographic methods to ensure site integrity.

It actually works like Mandatory Access Controls (MAC) with a user centric (as apposed to a system centric) approach.

How does it work?

WOT is a combination of client side software, usually a brower plugin (who would have guessed :P), and a central database that contains per-domain based ratings, provided by users as well as "trusted sources". The latter are (well-known) security sources, such as blacklists from security vendors, and similar material.

The browser plugin, which exists at least for Firefox and Chrome, is available under GPLv3. It checks every domain, that is either querried or linked to, against the WOT central database and aquires a rating based on the previously mentioned sources.

Feedback is given to the user via an easily visible graphical indicator (green = good, yellow = so-so, red = bad, grey = no rating yet), as well as an warning dialog (per default) that shows up on untrusted sites.

It can also be set to block access to unwanted sources, e.g. as a porn-filter.

The ratings are based on an algorithm, partially comparable to mechanisms such as Google's pagerank: It doesn't only count and divide the ratings to generate an average; instead different sources have different weight, and if there are only a few ratings and maybe not the most credible ones, no general rating is given at all.

Upsides

users can easily decide if a site might be trouble
very little performance impact
very practical and easily usable
good protection against malicious-by-design sites

Downsides

does not prevent any serious attacks (MITM and Co.)
does not confirm the authenticity of sites
does not detect compromised sites
serious privacy impact: every domain is transmitted to the WOT servers

Conclusion

All in all, I'd say WOT can be very helpful.

However, you really should consider if the service is worth the loss of privacy, as every domain is transmitted to WOT servers along with your IP which makes you relatively identifiable. This usually happens only once per domain, as it is cached afterwards; also, only the domain, not the URL is transmitted. You should take into account, that your IP and all domains you access are logged on the route multiple times anyway, at your ISP at first, but at several routing points as well - so this is clearly a cost--benefit equation you have to do for yourself.

I would however recommend this service to each and every user that has trouble detecting which sites are bad, that includes subscription traps (largely a German problem I guess, here called "Abofalle"), and Freeware download sites. I think here clearly the downsides are neglegible so I would - and will - recommend this to people like my mother.

Lastly, the company behind WOT is in legal trouble with some US companies which claim, that the algorithm behind the WOT rating, is flawed. This is, in my opinion, the proof, that the algorithm works pretty well. If hosters of dubious sites use the courts, it generally means they haven't found an easy way to manipulate their ratings. And as the "crowd" ratings get the higher weight, no source credible enough to improve ones rating can be bought.

Trust issues (and the web)

2011-09-05T18:30:00+02:00

The last couple of days, a company named DigiNotar was in the news for issueing fake SSL certificates. I don't need and want to go into details, but what was clear before, has now officially been proven big time: The whole trust concept of SSL certificates and with it a corner stone of http security does not work and thus is completely worthless. The sad thing is, that this is the only http/web security system supported on a large scale to this day.

Overall the concept of trusting a hand full of companies out of good will is just stupid. Each and every one of them is very susceptible to single hackers or small groups of hackers, not to mention foreign agencies and more importantly local agencies with proper funding or even a "legal" way to mess with certificates.

So, what is a solution that works? Learn from filesharing. To this day a lot of filesharing networks have been put down due to the SPOF nature they share with the CA companies. A single target which can compromise the whole network and system. What followed was decentralization - and with so many other systems (from network architecture over source code management and storage systems) that prove how good this works, this clearly is the way to go.

So what's out there to accomplish this? Sadly: nothing that works out-of-the-box and/or everywhere. But there are some concepts:

Web Of Trust, closely related to GPG/PGP
Convergence, a firefox plugin to allow a completely decentralized web of trust

Sadly, all of those come with some effort and are not available for every browser, let alone on every machine. I will evaluate these and probably other solutions in the next time, and report back.

Update: I forgot to mention this before: the whole situation is actuall that bad, that google decided to hard-code certificates (or probably their fingerprints) in Chrome, something Noscript apparently does, too. This is a horrible concept, but it seems the only way to make the CA system work as it is.

Of course, in the long run, it would mean, that every single certificate would have to be hard-coded in every single browser(engine) and every CA would have to be distrused. Certainly no system that is desirable.

server fail and more

2011-08-28T14:30:00+02:00

While I was on vacation, my old vServer provider decided to inform me via a 2-liner that my vServer has been nuked. At first it was supposed to be only a short power outage, but a day later a mail came in, that all data is gone. This certainly wasn't the first time I doubted the ability of the provider to maintain his machines, so it finally pushed me to move on.

Anyway, while it might be overkill for me, I'm finally on real hardware (and OVH is ridiculously cheap) and while it isn't failsafe in any way, I'm much more comfortable by being able to maintain it myself completely.

As you can see, my old blog is also gone. I could have restored the backup, but I wanted to move from blogofile 0.7 to 0.8 for a while and never had the time and motivation to do so - so I decided to just restore my few posts and set up blogofile 0.8 with the simple-blog profile from scratch. I'm currently working on the templates and the CSS to make it look decent again, but this may take some time, as I plan to finally learn more cool CSS stuff (one of which I already started to implement, thanks to a hint from josch). It's really amazing what you can do with CSS nowadays, finally there is no more reason to do any design in html.

Thoughts on the new Firefox release strategy

2011-06-27T23:30:00+02:00

As everybody should know by now, Mozilla did a huge change in the their Firefox release policy. It is highly controversial, so I felt sharing my thoughts might help.

Until very recently Firefox had a very "old-school" versioning scheme: Major.Minor.Bugfix Bugfix-releases happened rather often, usually about once a month. Minor releases happened every few months, Major every few years. I don't need to explain what bugfix releases were for. Minor releases usually introduced minor new features like support for new web standards, minor UI changes, and bigger improvements on existing features. Major releases happened very rarely and usually introduced big UI overhauls, major feature additions and support of a bigger range of web-standards.

So what did this mean for support of actual websites and web-applications? I will tell you: Nothing. Besides adding support for new stuff, there hardly ever were any deprecations and regressions. If your website worked in 1.x, it probably worked just as well in 4.x because the standard didn't change. Maybe it looked a little worse because the standard changed a little, or the implementation behaved a little different.

Let's come to the new and current system, that's meant to stay, at least for a while: The new scheme is: Major.Bugfix It's generally more of a rolling-release cycle. Every new feature, no matter how small or big, is implemented in a new major version. These are released on a regular, scheduled, basis that targets on getting a defined set of features in and get it released in time. Bugfixes are applied between releases to keep the current release secure. Any new release will automatically deprecate the last one. There won't be bugfix-releases for old majors like there used to. So what did this mean for support of actual websites and web-applications? I will tell you: Nothing. What worked in the last Major, will work in the new Major - but not necessarily vice versa. If it doesn't, it's a bug. Web applications and websites may not be browser specific. We used to have that in the corporate world and everyone knows: it sucks, and it is wrong.

Enough with the explaining, let's go take the criticism on the model and describe why it is invalid:

Websites/apps break with new Major releases
No they don't. If anything, they were broken before
Updating is more difficult
No it isn't. Updating works the same way for new major releases as it did for old minor or major releases
Addons break
That's partially true: addons contain a version mask to indicate with what versions they were tested and should work. Until now addon developers usually set a wildcard like 4.* This kept addons working even after new minor releases. What you didn't know: minor releases could break the addon api, and make addons not work properly! Setting the wildcard makes it run on untested versions, so why not do it now, too? If it breaks it has to be fixed, that's how it used to be, that's how it will be. Also, there is a new addon-api for simple addons (named jetpack), which will remain more stable and keep a lot of the updating trouble away.
Users will do fewer updates and not receive security updates
Not true. Updating has been as intrusive as it is now, and there are always people who are not willing to update. Nothing's changed.
Distributions will have a hard time updating
No they won't. Every minor release had to be tested as intensive as every major has to, now. With big applications like Firefox, there has to be some trust in upstream, because it is impossible to do a full review and a full function test for new releases - major or minor - anyway.
Companies will have a hard time keeping up
Not true. As I already explained, web applications cannot be browser dependent. If they are, they are broken. Most of those company web applications are not actually web applications but horrible mutants only used internally. They never did actually run on Firefox and on any non-stoneage Microsoft browser. If they worked in Firefox, they will likely continue to do so. As with distributions, it is impossible to do a full review on any new major or minor version, so there is no impact at all.
Companies won't be able to roll out a new release with the short cycle
Not true. The reason it took companies ages to roll out new releases is because ancient versions were still in the support cycle. Companies are lazy, because lazy means less costs, so they won't change anything until forced to do so. The reason the web is partially in a really bad shape is, because IE6 is still supported, and 90% of companies have not yet moved on. And they won't as long it is supported. Rolling out new software is easy. There are people responsible for every web-application and they can easily test it to the necessary extent within the 6 week release cycle. It is trivial to make the software available via remote desktops, and there are builds in the beta and aurora channels available to make it really easy. Companies need to learn that they have to keep up, even though this breaks a very old (not to say ancient) habit.

Conclusion: It's time people, and companys, are getting real. The way and the pace the web develops today, there is no room for legacy. Chrome introduced the rolling-release strategy to the browser world, and apparently it works. With this (well, and a lot of marketing), it pulled a huge share of the Firefox market share (to remind you: IE users don't switch to Chrome, FF users do.), so apparently their strategy is valid. Until today firefox had trouble getting new standards supported. Not because the developers are too lazy or slow, solely due to their release politics with a over-a-year release cycle for new feature releases. It was time to act and they did. The reason why people don't adapt to new web standards and great things like WEBM isn't because Microsoft doesn't support it. For years and years nobody cared about Microsoft when it came to new cool things, because they are slow and don't support them anyways. Companies that use Firefox use it because it's not ancient, has cool features and people like it. They might still use IE for their broken apps, but their users hate it. While IE9 is very recent because even Microsoft moved to a new release strategy it's already pretty much outdated and will remain so, because Microsoft now does the old Mozilla strategy. New features come in new versions, but they make the horrible mistake to keep ancient-to-be versions, i.e. IE9 supported. By claiming to support IE9 for the next 8 years, the encourage companies to roll out broken web applications. They don't have to be standard compliant, but to work in IE9 (not in 6,7,8, not in 10, not in any other browser), and that's exactly what they will do. An interesting side effect is that tech companies will have to use 2 browsers again, because their customers expect nice standard compliant websites that work in their browser, and IE9 it won't be. So employes will have to use IE9 for intranet stuff and FF for their companys official websites/applications. And it will be FF, no matter if they release every 6 weeks or not - not IE10, or 11, because they need to keep it at 9.

So people, get real yourself. Be happy they did the change, be happy they don't support old versions and force you to use old websites and non-standards (like Flash), and be happy they force your distributor and your company to keep up, because you get a shiny, recent browser and a better web for it.

Blackburn Flea Review

2011-04-03T19:00:00+02:00

I usually don't like to do product reviews, but I find the following deserves one because of the misconceptions it is facing.

I recently bought Flea bike lights by Blackburn. In fact, I bought a set a while ago already, but I lost one of the lights. This is easier than I thought because those things are damn tiny, and I'm not even sure if I lost it on the bike or somewhere else.

As I was pretty happy with the devices, I decided to replace the missing one and got myself a new set; this time the 2011 edition in contrary to the 2009 I had before.

General

There are two main differences introduced in 2010 and 2011: The USB-Charger was introduced in 2010 and replaces the included battery-charger so you can recharge the lights on any 5V DC power supply over an USB port. New in 2011 is an additional led under the lights buttons that shows the charging state.

Here's a picture showing the new USB-Charger on the left and the old battery charger (that can be attached by magnets to any standard battery) on the right:

The chargers attach to the devices by 2 magnetic pins that are quite strong, so you can safely put it in any USB port without fearing it might fall off, and you can attach any battery without having to care if the contacts are attached right. What's really amazing however is, that the charging electronics is inside the lights housings so you can use any DC source from about 1 to 5 V without any additional electronics. It even allows to attach a solar panel with USB connector (Blackburn themselves offer one, but there's a ton of other similar devices on the market). With the 2011 edition the new colored LEDs indicate the battery status and also when charging is complete.

Attachment

Here's the complete set including straps and USB Charger:

As you can see on the pictures, the back-light has a clip that is not only used to attach it to one of the straps, you can also clip it to a belt or backpack which I find useful (great if you have a big backpack that might hide a light attached to the saddle, or if you're hiking without a bike at all). If you pull the strap tight enough, it works well and you can attach the light safely, and it stays in place.

The front light has no clip, only a rail for the strap. Here too, it has to pulled tight so the light keeps in place. It doesn't hold nearly as well as a proper hard mount, but due to the low center of gravity and the light weight it usually stays in place well enough.

Light

Every light has a couple of modes:

For the front light, it is normal, high, flashing, off, toggled through repeated pressing of the button. The back light has normal, flashing, chase and off.

The normal mode is usually good to be seen and to light the road if it's not totally dark. In the high setting it is surprisingly bright and well enough to see in total darkness. Of course it doesn't compare at all to 20 times as big, 40 times as heavy and 5 times as expensive lights with multi-Watt LEDs and so on, but it a) doesn't claim so and b) isn't made for that. I've seen a number of reviews and opinions that state that the Flea sucks, because it isn't as bright as their 200 EUR lamp with a 1 kg heavy battery pack - if you expect that, move along and get real. If you drive in darkness for several kilometers every day and don't want to charge twice a week, these lights aren't for you. If you bike for fun and need a pair of good, light and practical lights, or just a backup light, try the Flea.

I've made some photos in total darkness, no artificial light (besides the Flea) around, no moon and clouded sky without stars, to give you an impression how bright the lights are. The pictures are slightly overexposed, so they seem a little brighter than they actually are, but it still is close to how you actually would see it:

Conclusion

I guess people like pro/con lists (at least I do), so here it comes:

Pro

Tiny
Light
Bright (for the size)
Long battery life (for the size)
Innovative charging concept

Con

Not allowed as only lights (in Germany)
No hard mount available
A little bit on the pricey side

As usual, more pictures in my gallery.

Here comes the Panda

2011-03-10T19:00:00+01:00

Some days ago my Pandaboard finally arrived!

Currently Digikey is still the only reseller for it and it seems they are permanently out-of-stock since the Pandaboard is for sale. Anyway, over a month ago I decided to just order it, even though I don't really had enough time for it, because it seemed it could take some months.

Anyway, now it is here, as usually deliveded by FedEx in the blink of an eye. They did not even charge the usual import fees (EUSt) - it probably did not actually go through customs as a development kit.

As everyone seems to do unpacking pictures, videos and so on, I don't bother, but there are some nice pictures of the device in my gallery.

Anyway, it comes in a box and is very lonely because there is nothing else in it (what is good!).

You just need a 5V powersupply to get it running - according to the wiki it should even be possible to get power over the mini-USB port, though I haven't tried that yet.

27c3

2010-12-31T14:25:00+01:00

I'm currently sitting in the train from Berlin to Nuremberg, so I got some time to catch up here.

The reason I was in Berlin was, as every year, the Chaos Communication Congress. Unfortunately I couldn't go by car, as I normally do, so I decided to travel by train, to spare me the pains of security checks at the airport (especially because I had quite some electronics and so on with me). But thinking back, this would have spared me quite some waiting time and other annoyances. On the way to Berlin my train came about 30 minutes late, not to my surprise, so I could live with it. But when it came in, I had to notice, that the train was only half the length, missing some wagons, including the one I had a reservation in. Luckily I could still get a seat, so no complaints. Anyway, because of the cold weather, the train had to come to a stop only a few kilometers before arriving in Berlin, and even had to turn and take another route to arrive there. In the end, I had over 2 hours delay.

Now, on the way back, my train, including reservation of course, was cancelled, so I had to take the next one over an hour later. Now over the distance it gathered another 15-20 minutes delay, so let's see when - or if - I will arrive in nuremberg. Well, at least I should get a 50% return for the hassles.

But let's come to the nice part of the journey: the congress iteslf.

After finally arriving, far later than expected, I had a drink (or two) with a mate who couldn't make it to the C3, glad that it worked out, because I'm clearly not often enough in berlin. On the next day the congress started, as usual we set up our stuff at hour table in the hackcenter, the always basement where you can never tell which time it is. :)

But let's come to the talks first. If you want to see all the talks, just check out the Fahrplan, you can also watch the recordings. I on the other hand will only tell you about the talk's I've seen and found interesting.

Day 1

-- The first highly interesting talk was titled SMS-o-Death. It covered vulnerabilities in the implementations of the GSM short text message feature, mainly in so-called featurephones. I won't tell you more, because if you're at all interested in the topic, you should really watch the recording.

The next talk I watched was Netzneutralität und QoS - ein Widerspruch?. It's in german, so no point in watching if you don't understand it. It basically was a podium discussion between a few people (and later the audience participation) how the technical advantages of QoS can be used without making net neutrality impossiple. Anyway, even though this was moderated and transmitted by one of the bigger and better information radiostations in Germany, the DLF, I didn't find it particularily interesting nor very helpful and I doubt that it brought the results that all involved parties hoped for.

Even though I didn't intend to at first, it was brought to my attention that the talk Desktop on the Linux... (yeah, odd title) turned out to be interesting after all. The concept of the talk was a guy ranting about current and coming desktop technologies on Linux, from consolekit to gdm, but what he probably didn't expect: Lennart Poettering, a RedHat employee, was in the audience and decided to jump into the rant as the oppsite pole. If you don't know Lennart: he's a major engineer of many current technologies on Linux and other unix-alike systems, being responsible for backends from systemd to pulseaudio. Even though the -- let's call him "ranter" :), datenwolf, had some points, and I agreed more often than not, he had no chance against Lennart rhetorically, so it probably didn't go as he expected, too. Anyway. if you find that interesting and always wanted to know what $(random-string)-kit is for, watch the - rant? discussion? Whatever. :)

The last talk on this day was the most surprising. It doesn't happen all to often, that Microsoft sends a speaker to CCC events. And you certainly wouldn't expect that the audience would be that positive. Anyway, Stuxnet is a very interesting topic, and Microsoft s Bruce Dang does not only seem to know well what he's doing, he's also a great speaker. So all in all it was one of the best talks at the congress and there is just no reason you shouldn't watch it. If you're still not hooked: Bruce had to admitt, that he uses Linux (well, at least from time to time) :P

That was it for Day 1, I will talk about the other talks and other cool things the next days.

Hello World

2010-10-25T06:25:17+02:00

I have tested a lot of different blog software. But just like with mail-clients: every single one sucks. :)

Some month ago I finally found one that sucks considerably less than anything else I tested: blogofile. Unfortunately I really didn't want to spend any time making a proper template to get started, so I let it rot on my webserver. Now I finally had some time and muse to finally get it done, and there it is.

The layout is probably unfinished and will receive changes, but it's good enough to get started.

I will try to get stuff to my projects and everything else posted here from now on.