Download NetSOUND For Mac 1.1.1

  1. Download NetSOUND For Mac 1.1.1 Free
  2. Download NetSOUND For Mac 1.1.1 Torrent
  3. Download NetSOUND For Mac 1.1.1 App

Sononym is a sample browser that offers a fresh perspective on how sounds can be explored and organized. The software is available for Windows, Linux and Mac OS X. If playback doesn't begin shortly, try restarting your device. Videos you watch may be added to the TV's watch history and influence TV recommendations. Download the HandBrake Application or Source Code. HandBrake The open source video transcoder. News Features Downloads Forum Community Docs GitHub Downloads Current. is a partnership between Cloudflare and APNIC. Cloudflare runs one of the world’s largest, fastest networks. APNIC is a non-profit organization managing IP address allocation for the Asia Pacific and Oceania regions. Cloudflare had the network. APNIC had the IP address ( Set up - macOS. Follow these steps to configure IPv4. Go to System Preferences. You can find it by pressing Command + Space on your keyboard and typing System Preferences. Click on the Network icon Advanced. Select the DNS tab. Take note of any IP addresses you might have and save them in a safe place in case you need to use.

The Xiph.Org Foundation does not primarily create software for the end-user.Usually, we create specifications, reference implementations, libraries,and documentation for all of the above. We try to make it easy fordevelopers to include support for the Xiph family of codecs. The followingend-user download links are provided for convenience:

Also see the Third-Party Downloads below.

LibraryStable VersionDownload LinkSizeSHA-256 checksum
vorbis-tools1.4.2vorbis-tools-1.4.2.tar.gz 1.4M db7774ec2bf2c939b139452183669be84fda5774d6400fc57fde37f77624f0b0
liboggz1.0.2, 1.1.1liboggz-1.0.2.tar.gz
libfishsound1.0.0libfishsound-1.0.0.tar.gz 435K 2e0b57ce2fecc9375eef72938ed08ac8c8f6c5238e1cae24458f0b0e8dade7c7

You may also browsethe download directory if you are looking for another library orfor a specific version.

See the git repositoriesif you would like to access the source repositories.

DirectShow filters - play back ogg files in Media Player

If you are a Windows user who wants to be able to listen to .ogg files inWindows Media Player, then this is what you want. The DirectShowfilters support playing of files encoded with Vorbis, Speex, Theora, and/orFLAC.

Make sure to uninstall any previous versions (remove 'oggcodecs' fromAdd/Remove Programs), and make sure Windows Media Player (or any otherDirectShow application) is closed before installing.

  • Ogg Codecs for Windows, version 0.83.17220, 2010-05-16
  • project page - for other versions, source code, or more information

Xiph QuickTime components - play back ogg files in QuickTime

Xiph QuickTime Components (XiphQT) is, in short, the solution for Mac andWindows users who want to use Xiph formats in any QuickTime-based application,e.g. playing Ogg Vorbis in iTunes or producing Ogg Theora with iMovie.

oggdropXPd - easily create Ogg Vorbis files in Windows

If you are a Windows user looking to easily create your own Ogg Vorbis filesfrom a .WAV file or losslessly compressed file using an easy drag-and-dropGUI, rarewares' oggdrop is for you.

  • oggdropXPd, version 1.9.0 using libVorbis v1.2.0, 2008-03-16
  • rarewares : Ogg Vorbis project page - for source code, a version optimized for a particular processor family, or more information

VLC - play back multimedia files

'VLC (initially VideoLAN Client) is a highly portable multimedia playerfor various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3,Ogg Vorbis, ...) as well as DVDs, VCDs, and various streaming protocols. Itcan also be used as a server to stream in unicast or multicast in IPv4or IPv6 on a high-bandwidth network.'

  • VLC project page - download precompiled binaries for Windows, Mac OS X, and various Linux distros, or get source code or other information

Helix Player - play back streaming multimedia in Linux

Helix Player is a multimedia player designed for streaming audio and video,and available for Linux and cell phones running the Symbian OS.

  • Helix Player project page - download precompiled binaries for Linux, Solaris, or Symbian, or get source code or other information

The Son of the Return of Yet Another Posting about Programming Fonts

Click to enlarge

Like almost everybody doing stuff with computers, I playedaround with various monospaced fonts. Since the old days ofpixilated characters on green-glowing 25×80 terminalsa lot of effort has been put into usable fonts for programmers.

This went so far that hackers joined the ranks of font designers,for example Raph Levien with his Inconsolataand his other fonts, not toforget his library Spiro which isintegrated in the open source fontdesign toolfontforge.

(Another hacker who did impressive work on fonts — albeitnot for programming — is Ben Whitmore with his redesign of Bruce Roger's Centaur, the Coelacanth type family)

Over the years I used Inconsolata, Vera Sans Mono and evenMeier's Syntax forcoding.

Recently I stumbled over — and subsequently bought — Operator (Mono), a typewriter-inspired font by the famous type designers at Hoefler & Co.It's the only programmer's font with its owndocumentary AFAIK.

Thu, 06 May 2021
[/typography] permanent link

I've got a little list …

At 36C3, Erwin Ernst Steinhammer gave a Talk (in German)on lists of suspectssuspected of being gay that the German police collected well before the Nazis' rise to power.
The police claimed that they had those lists just to keep their eye on the milieu.

When the nazis came to power they almost immediatly used the lists to find and deport peopleto concentration camps where most of them were killed.

Ernst's point in the talk is that a benevolent government must take care not toaid a possible future extremist government by compiling lists of their prospectivevictims.

This reminded me of the Holocaust documentation center in Oslo. It has a fantasticpiece of art just beside the entrance: a gigantic Hollerith punchcard.
It is anart installation by Arnold Dreyblatt based on work by William Selzeron genocide and statistics.

What the Germans did after the occupation and installment of a puppet-regime under Quisling was to conduct a census of the Norwegian population. And theyused DeHoMAG, that is, IBM equipment.

(The Nazis did not need to search the census data to find, deport and kill Norwegian jews —jewish religious organisations provided the Nazis with membership lists.)

The punchcards from the census became interesting when the Germans were looking for young Norwegianmen to conscript into labour service or the army.
And this is where history gets (even more) exiting. The Norwegian resistance knew about the German plansand the punchcard technology. They tried to destroy the database i.e. the collection of punchcards,but failed. They then proceeded to sabotage all of theIBM 405 tabulating machines in Norway.

The story of this fight against the abuse of census data is told by Oslo university's Jon Bingin Protecting personal data in wartime: The destruction of the alphabetic tabulators in Oslo.

Dreyblatt's artwork has its own book Innocent Questions with texts by Willam Selzer on thedata gathering and subsequent analysis that typically preceeds genocides.

Thu, 12 Nov 2020
[/unsorted] permanent link

Grave Typography

WGS84: 49.74306, 11.12948This is a small detail from a war memorial in Weilersbach (49.74306° N 11.12948° E) erected closely following the second World War.The whole plaque lists more than one hundred names.As opposed to the revanchist, glorifying tone of other memorials, which were erected after the first World War,this shows an expressionist harshness.

The font looks extremely severe. Every shape is reduced to rectangular(except one little diagonal to distinguish D from O).All font features that could remind of a living hand using a pen are removed.Everything that would show the stonemason's art is avoided.The ascenders are short and unadorned as if ducking behind a wall,the primitive g's descender gives it the look of an open jaw.The ch ligature (twice in Urschlechter, once in Hübschmann)is remarkable in its simplicity. The whole design seems to state

Death is real. Life is bleak. Those men are lost.

Tue, 12 Nov 2019
[/typography] permanent link

Laser-Tatooing Laptops again

This time with an artificial motif. It's a parametrised functiondrawn with normal-distributed bubbles along the graph.

The code that does this for a reasonably large subset offunctions φ : I → R2is here.

Wed, 06 Nov 2019
[/projects] permanent link

PostScript to Schotter

A quick look at Georg Nees' computer-generated artwork Schotter made me code, a PostScript version of Schotter, which should look different every time it is rendered or printed (The picture below is an SVG of one possible rendering).

Wed, 25 Sep 2019
[/projects] permanent link

Resurrection of a

  • SUN Netra T5220: 64-threaded 8-core sun4v, 32Gb ECC RAM, four SAS Disk slots, two of them with 146Gb blank disks

  • Price in 2009: $22 000, got it for 100 Euros.

  • Nice.
    But the incompetent bungler who sold it forgot to mention that the security-mode was set to command, and he has got no password for it. So one cannot even change the boot device. Fortunately the default is disk net, so installation from net to disk was possible.

  • How to reset the security-mode?

    (The security-mode password is not the ALOM/ILOM password. Those are relatively easy to reset.)

    Install OpenBSD sparc64over the net and run eeprom(4)?

    OpenBSD's eepromcannot reset the security settings.

    Install FreeBSD sparc64 over the net, their eeprom does reset security settings?

    FreeBSD sparc64 does not support/run on sun4v.
    Install Solaris or OpenSolaris or Indiana or Illumos?
    • Solaris11 has a usb disk image,
      but OBP disk is a devalias to the first SAS disk, so USB is right out.

    • Take a Solaris disk image and write it to SAS disk on another machine.
      Turns out that all machines at work have HP SmartArray controllers that don't allow direct disk access, only RAID 0,1,6,10,..

    • Buy a RAID controller, put it in a PC, write image to SAS disk.
      But JBOD for an Adaptec ASR-5405 does not mean Just a Bunch Of Disks.
      It means Bunch of Disks the first blocks of which are polluted with metadata by the controller and so cannot be used to boot a system from a different controller. Idiots.

    • Install Solaris over the net.
      Oracle and the copies of the ruins of OpenSolaris Webpages only offer their Autoinstaller/Jumpstart which requires an Oracle/SUN Install server.
      So: Set up a laptop with OpenSolaris as Install server.
      Installation fails because the networked bootloader requires additional parameters from OpenBootProm to select the image to be pulled by http/tftp in the next step. And the OpenBootProm is not accessible because of security-mode.
      But wait! The ALOM service processor allows to set a bootscript along with the logical domain selection to bootmode, perhaps one can put the parameters in the bootscript?
      No, they are 64 chars maximum, of which 30 already eaten up by setenv network-boot-arguments , and there are more required settings. Even if the install server gets IP and the path of the TFTP URL is just one letter, the 64 chars do not suffice.

    • OpenIndiana or Illumos?
      Are x64 only, sparc64 port was dropped from the builds.
      But there are at least two independent builds by sparc64 enthusiasts: v9os and Tribblix.
      But both supply ISO images only, and boot cdrom will not work, because security-mode.

  • What did work after many sleepless hours:

    1. Install OpenBSD, they support sun4v and logical domains .

    2. Learn how to setup logical domains (not entirely trivial).

    3. Setup a logical domain with an actual (empty) SAS disk's block device as first vdisk and a Solaris ISO image as the second vdisk, and no vnet.

    4. Boot into control domain, connect to console of guest, discover that the logical domain's openbootprom could not boot from the empty disk, but is permissive enough to accept boot disk1.

    5. Boot the installer, install onto the physical disk.

    6. Shutdown. Insert that disk in the first slot.

    7. Boot. Discover that Solaris 10 refuses to mount the root zfs because the installer put the physical location in the zpool metadata, and since the disk resides in a different slot now, the metadata is incorrect. This is a known problem .

    8. Booting from ALOM with bootmode bootscript='boot -F failsafe' results in a rootshell,
      zpool -f import rpool
      automatically resets the phys_path of the Zpool.

    9. After a reboot into a a fully functional though historical Solaris system, eeprom shows that the installation process had reset the security-mode to none. So the problem was solved after step 5 above...

Wed, 25 Sep 2019
[/projects] permanent link

Anonypub – publish a file in the darkweb :)

C-Keen used stem andFlask's sendfilefor a small skript that creates a hidden service URL for a givenfile and a flask instance to serve it.And it is self-hostinghere.

Tue, 09 Apr 2019
[/projects] permanent link


Celebrating ca. 120 years[citation provided, source later deleted] of grotesque accidents

Tue, 12 Mar 2019
[/typography] permanent link

Sparql, Smarql, Omsk and Tomsk

Task: Use Wikidata to find all Russian or Ukrainian or Belorussian towns/cities/... with names ending in 'sk'(old Tom Lehrer reference:
I have a friend in Minsk
who has a friend in Pinsk
whose friend in Omsk
has friend in Tomsk
with friend in Akmolinsk...

Turns out not to be so easy:
not every city (Q7930989) is a human settlement (Q486972), so take the UNION.

'Located in country' (P17) seemed the only reasonable relation of cities and countries, so iterate that over Russia (Q159), Belarussia (Q184) and Ukraina (Q212) but it turns out that at least Omsk (Q898) is not in the country of Russia (Q159) but instead is an 'instance of' (P31) an 'administrative territorial entity of Russia' (Q192287),so UNION over 'administrative territorial entities' of Russia and Ukrainia.

Download NetSOUND for Mac 1.1.1 download

Turns out that there is an 'administrative territorial entity of Crimea', so who knowswhat other non-orthogonal classifications people used to enter ex-Soviet cities into WikiData. Not exactly promising.

(Click to run the query)

UPDATE: Omsk (Q898) is infact 'in the country' (P17)of Russia (Q159), my oversight.
UPDATE: FILTER( LANG(?cityLabel)='en' ) is much wiser than to use the translation SERVICE.

Mon, 21 Jan 2019
[/unsorted] permanent link

From William Gaddis' J R

Since you're not here to learn anything,
but to be taught
so you can pass these tests,
knowledge has to be organized
so it can be taught,
and it has to be reduced to information
so it can be organized.
Do you follow that?
In other words
this leads you to assume that organization
is an inherent property of the knowledge itself,
and that disorder and chaos
are simply irrelevant forces
that threaten it from outside.
In fact it's exactly the opposite.
Order is simply a thin, perilous condition
we try to impose on the basic reality of chaos.

William Gaddis, J R

Wed, 16 Jan 2019
[/quotes] permanent link

Le Type et le Neánt

Is the absence of bananas the same as the absence of anchovis (up to isomorphism)?This and similar hole-istic questions drove me to this:

First, let's define lists and their length (in Coq):

It seems obvious that for any Type X the length of an empty listof Type X elements is zero. And indeed this is provable in Coq:

But without the quantified Type, Coq cannot check the length of an empty list:

Holey Schlamoney!

Two empty lists, one not containing natural numbers, the other not containing booleans,cannot be compared:

Coq can infer the Type of an empty list:

So by the transitivity axiom of equality one would expect that [] = []

But an untyped nothingness cannot be compared to itself:

It is no wonder that philosophers concern themselves with the concept of holes.

Wed, 31 Oct 2018
[/projects] permanent link

The Plan (9 and otherwise)

The Shœstringfoundation has a long term projectto provide a distributed (*bing*), fault-tolerant (*bing*) storage system withservers at several locations, accessible through IPv6 and TOR hidden services.Tahoe LAFS will be the storage layer, with a web frontend and SFTP for automated access and FUSE (where available).

A prototype is already running on servers in a unique local address networkspread over several locations, connected by VPN tunnels.

What is missing is a stable IPv6 prefix to make the service reachablefor the rest of the world.Experiences with SiXXs and german ISPs led me to the conclusion thata provider independent prefix is needed.The friendly folks at openfactory in Switzerlandoffered their help, for which i'm grateful.

Tue, 13 Feb 2018
[/v6] permanent link

Artificial Scarcity, version 6

Many german ISPs now “provision” their customers (i.e. practically everybody)with IPv6-connected middleboxes that translate a non-routable IPv4 net at one endto an address from a small pool of routable IPv4 addresses at the ISP. The IPv6 networkingis a side-effect.

Now everybody has IPv6 connectivity, it seems. But the german ISPs don't assign static v6 prefixes,they change them periodically as they did with v4 addresses in the heydays of forced DSL disconnects.

The ISP that supplies uplink at my home has a /32 prefix. They could subnet this in 212 waysto map their routing topology and still give out 220 static prefixes to their customers.When asked nicely, they responded that they do not even consider it.

Why not? Because everybody could then run servers at home without paying extra for it, becausethat's what End-to-End Internet was all about. And they make sure it is not going to happen, IPv6or not. (See also artificial scarcity)

So people run tunnels to SiXXs (of fond memory) and hurricane electric to get decent IPv6 prefixesthrough the already IPv6-enabled infrastructure of their providers.

Searching for ISPs around here that do hand out static prefixes was depressing. There arehigh-profile providers with technically excellent offers for commercial entities with a steady flow of earnings, but for a non-profit project theyare way too expensive (€ 250 and more per month).

Tue, 13 Feb 2018
[/v6] permanent link

DKIM entries in NSD zone files

Various Howtos about DKIM exist. After creation of a public/private keypair for signing, someof them advise to insert a TXT RR of the following kindinto the zone file containing the affected mail domain:

I tried this with the NSD DNS server.What i found the hard way:

  1. The semi-colon (;) is the start-of-comment in zone files. Typingthe quoted line verbatim cuts off everything after k=rsa.

  2. TXT records have a maximum length of 255 chars (because some lengthfield has only 8 bits), so even when the semi-colons above are masked with backslashes,nsd (version 4.1.10) will refuse to load the zone file, but will notexplain why the parser thinks it is erroneous.

To get the TXT entry in the zone, one has to

  1. surround the contents — beginning with k=rsa — with parens, and
  2. split them into chunks of at most 255 characters, and
  3. put these chunks into double-quotes, and
  4. separate these with spaces
The resulting line in the zone file for the example above would be

Mon, 06 Mar 2017
[/projects] permanent link

Why I like .onions

TOR's hidden services are an extremely cool feature.

Not because people can hide their illicit websites (the Warez communitymanaged to do that decades before), but for other reasons:

Firstly,.onion addresses name services, not host interfaces. Tying interfaceaddresses of hosts to names and re-using them in URLs to point at services is a misdesign which leadsto such kludges as the Server header in HTTP/1.1 where the applicationtransmits which name it was using when initally connecting to the service.So URLs map services to hostnames which map to IP addresses which have interfaces which have boundservices which get the unresolvednames again on the application layer to find out which service was actually addressed.This makes it very complicated to move a service without fiddeling with DNS.An .onion name does not have to ultimately resolve to a globally visible interface address.Instead it identifies the tunnel-entry for a service which can be moved from machine tomachine as long as the hidden_service configuration is carried along.

Secondly,.onion addresses deliver what https URLs failed to,namely mapping public keys to services uniquely.There are no multi-rooted hierachies of CAs behind the name-to-key bindings, no obscureASN.1 based certificate schemes. An .onion address uniquely and automaticallyidentifies the service with the public/secret key pair involved in the key exchange.There has been at least one attempt to build something similiar into IPv6 addresses(RFC 3972), but implementationsare either missing or hidden in the darknet.
And because connections insidethe tor network are always encrypted, one could even safely run a telnet daemon insidea hidden service.

As a result of Secondly, Thirdly, .onion addresses are a barrier-free global namespace, withoutabsurd fees charged for bits in config-files, trademark disputes and the like.

I run at least one hidden service on each relevant machine to provide a MITM-safe entry point to services.

Tue, 20 Dec 2016
[/unsorted] permanent link

Postscript Fibonacci Squares and Logarithmic Spiral

This relatively small piece of PostScriptcode draws Fibonacci Squares and a Logarithmic Spiral.

Sat, 03 Sep 2016
[/unsorted] permanent link

SSH sessions inside remote screens

I have screen(1) running contineously on servers. On someof them, the screen contains ssh-sessions to further machines. Becausei trust these servers less than my laptop, i don't store secret keysthere, i use AgentForwarding on the connection to the server and ssh-add -c $relevant_key on the laptop, so i must confirmeach use of the key through the forwarding.

On disconnecting/reconnectingto the server in question, the SSH_AUTH_SOCK variable changes, but remains unchanged inside the long-running screen. ssh frominside screen will prompt for passwords, because the ssh-agent does not respond on the old path.i found no clean solution to propagate the change to thescreen windows after re-attaching them.

So i put this in my .profileon the server

and this line into the .screenrc on the server

So all screen windows have SSH_AUTH_SOCK setto the same path always, and when i connect to the server,the shell soft-links that path tothe actual socket which is forwarded through ssh tothe ssh-agent on my laptop.

Mon, 16 May 2016
[/projects] permanent link

First version of famous Marx Slogan:

Mohnkuchen ist Opium fürs Volk!

Fri, 06 May 2016
[/famous_nonquotes] permanent link

Onionized Qemu

Requirements: a host with a running tor node, qemu, some diskspace for the emulated system, install media for an OS on the emulated system
Result: a host with an .onion address, connectivity restricted toTCP and no traceable IP address.

Start qemu with the following options

-net nic
-net 'user,hostfwd=tcp::5555-:22,restrict=on'

The emulated machine will have a network interface unconnected to anything, autoconfigured to will forward connections to localhost:5555 to sshdon the emulated machine.

Create a user on the emulated system and install wlogdsocks-torifyor some other socksifier that forwards DNS requests.

On the machine hosting the qemu forward the local tor port tothe emulated system:

ssh -nN -R9050:localhost:9050 -l user -p 5555 localhost &

The emulated system can now reach TCP services throughsocksified programs, e.g. sh
scp a_file [email protected]:

On the machine hosting the qemu create a hidden service byadding the following lines to torrc

HiddenServiceDir /some/place/hidden_qemu
HiddenServicePort 22

and restarting tor. Seconds later/some/place/hidden_qemu/ will contain a filehostname with the .onion addresstied to the SSH port of the emulated system.
Theemulated system is now reachable by SSH only.
Connections to the system will be shown to originate at10.0.2.2.

Assuming that qemu makes no errors (ahem), accountson the emulated system can not easily find out where the hostingmachine is (for small values of 'not easily').

Wed, 17 Feb 2016
[/projects] permanent link

Blue eyed naïvité in leading economist

The Bank for International Settlements (BIS) hostsan annual conference that brings together central bank governors, leading academicsand former public officials to exchange views.

At the 13th Annual Conference a research paper was presented by Bengt Holmstrom of the MIT titled Understanding the role of debt in the financial system on the mechanismsof the financial market in connection withthe 2007-now crash.

The paper includes the following fascinating statements:

[..] But it is hard to believe that investment bankers would be colluding to defraud investors[by issuing opaque securities].

Probably as hard to believe as that investment bankers would be colluding to defraud investors bymanipulating the London interbank offered rate (they did). Or by manipulating foreign exchange rates (they did). Or by manipulating the ISDAfix Interest Rate Derivative Index (they did).

Or that a publicly held, international corporation would massively invest inthe expansion of the Auschwitz concentration camp (they did) .
An economic reality is that white-collar crime has a higher Return on Investment than most legal activities,so the imperative of increasing profits enforces criminal behaviour,specially when the the rate of detection+prosecution+conviction is near zero.

And shortly after:

[..] But it equally hard to believe that hard-nosed profit-hungry investment bankers andtraders would be ignorant out of ignorance.

The crash did not harm the profits of aforementioned bankers andtraders at all. So there is no incentive to smarten up (Holmstrom is supposed to be anexpert on incentives).

Later we read:

Invoking the empirical sucess of the EMH [Efficient Market Hypothesis] (in a variant theycall relative EMH), Gilson and Kraakman (2014) among others have advocated [...]

What the crash of 2007 very empirically proved was the failure of the Efficient Market Hypothesis.If prices reflect all available information, and still fluctuate by more than 50 percentin a single day, then that reflecting property is worthless.

That leading academics show such naïvité at the motivationsof criminals and cling to unrealistic assumptions is just depressing.

The paper goes on to show that collateral-backed debt is an extremely stable investment,and information-insensitive (because 1. it is backed and 2. the debtor might recover beforethe debt contract ends). Having more transparent collateralisation, Holstrom argues,would affect the traders' belief system as to the value of the lending bank, therebyendangering the stability of banks, which is posited as a common good. In other words:

  1. market participants are not rational, they have “belief systems”

  2. market efficiency is bad for market participants

  3. market efficiency is not a necessity, it can easily be avoided by publishing less information

This reasoning could be called anti-circular, and I'd suspect that there is noother field of academics where conclusions negate the premises used to draw the conclusions.

Ernst-Ludwig von Thadden's attached commentary at the end of the paper shows some hope, ashe points out the aspect of time (mostly ignored by economists, because differentialequations are just too hard) in the handling of debt, i.e., debt based vehicles relyon a rollover of short-term debt over time. So they're not so risk-free over a longer term.

Wed, 17 Feb 2016
[/unsorted] permanent link

Tatooing the laptop

The friendly folks at the fablab helped me to get Puffy on the Thinkpad.

Tue, 11 Aug 2015
[/projects] permanent link

Gödel's Incompleteness proof Incompletely implemented

Gödel provedÜber formal unentscheidbare Sätze der Principia Mathematica und verwandter Systemethe incompleteness of minimal logic combined withminimal arithmetic. He was careful to point out that every stepin the proof is constructive. So one would assume that the wholeprocess up to the unprovable theorem about numbers could be implemented.The original paper in fact has a point by point implementation inGödels's own notation of primitive recursion. Porting this toScheme seemed viable.

Gödel has a curious programming style, specially when itcomes to performance. For example, after definition of Pr(n)as the n-th prime number, l(n) as the number of encoded numbers inn, and n Gl x as the n-th coded numberin the number x, he defines the concatenation of terms x and y as

which translates as :

To get the concatenation of x and y, find the first number z, starting from 1, such that z is smaller than thelen(x) + len(y)-th prime taken to the (x+y)-th power, and such that for all n less than len(x)the n-th term in z is the n-th term in x, and such that for all n less than len(y),the (n+len(x))-th term in z is the n-th term in y

Remember that the n-th encoded term k in x is the factor (n-th prime)k of x, so this algorithm will try an incredible number of wrong candidates before reaching a likely candidate.

While implementing Gödel's proof in a kind of Test Driven Development I had tostop at point 22 in the original paper, because from that point on even trivial tests will notfinish before the sun burns out. For an explanation, see
end of code.

Wed, 25 Mar 2015
[/projects] permanent link

Off-the-Record Internet Relay Chat

As everybody but the worst conspiracy theorist knows, everything sent overthe Internet is recorded and can be used against us (the buzzing noise you'rehearing is an armed drone circling the building).

Encrypting e.g. Internet Relay Chat a la PGP would protect the message onthe wire from eavesdropping. But if the message is recorded (which it is),then a compromise of the involved secret keys would allow decryption ata later date. And since thorough inspection of laptops at airports is routine,we can assume that keys do get compromised now and then. With classicalpublic key crypto, the potentially incriminating content is also digitally signed,so it can be used as a strong evidence against the utterer.

Can we make conversations on the Internet more like private conversations,which are not normally recorded and where utterances are not signed?This was answered to the affirmative in Borisov, Goldberg and Brewer's paper Off-the-Record Communication.And there's an implementation.

A working constellation for OTR conversation on IRC consists of

  1. a pure Python implementation of OTR in the module python-potr

  2. weechat IRC client
  3. Python plugin for weechat
  4. script which adds a /OTR command to the standard IRC commands, to initiate OTR conversations etc.

There're other clients supporting OTR, e.g pidgin and irssias packaged for various linux distributions.

For private conversations on IRC I would strongly suggest using OTR.

Update (Dec 28 2014)

The Weechat OTR plugin is at github now:
as is the python otr module:

There are serious interoperability problems between various implementations.What seems to verk is

version 1.0.1
python-otr (potr)

version 1.0.1 (the VERSION in the says (1,0,0, 'final')whereas the version in says '1.0.1')

version 1.5.0
With the /otr policy:

Mon, 29 Dec 2014
[/projects] permanent link

He tells it how it is

Peter Welch's Essaymovingly reports how it is to be a sysadm and/or programmer in our networkedand hype-driven world of defective software. I read it aloud to my significantother because it is so true.

Mon, 19 May 2014
[/projects] permanent link

Advanced German for Pirates!

Study this toimprove your piratical German.

Fri, 20 Dec 2013
[/unsorted] permanent link

simple terminal

The simple terminal by thelaudable persons lacks xterm'sTektronix 4014 emulation and several other features of questionableutility.
The engineers' war cry 'Keep it simple, idiots' is more audiblein st's implementation, less than 4 kLOC, and anti-aliased fonts all the same (by use of libfontconfig).

I prefer the following configuration in config.h

with Raph Levien's Inconsolatain sub-pixel rendering.

Tue, 03 Dec 2013
[/projects] permanent link

Privacy, who needs it?

At a talk given at the TU Munich, somebody asked Jacob Appelbaum why he (the questioning party)should care about privacy at all. I routinely ticked off a list of possible answers, butJacob had a new one (to me): (quoted from memory)

So you're doing nothing illegal, why should you worry about privacy?

Well, in thelate 40ies there were people who were thinking about the possibility of changingthe political landscape of the US. They visited lectures, read papers and pamphlets etc,everything totally legal. Yet a few years later they were accused of being communistsand were fired. Because they did something totally acceptable a few years earlier.

In the 90ies there were Muslim families in the US who followed the custom of donatingto foreign aid organisations. A few years later those organisations were decreed tobe aiding terrorists and therefore everybody giving them money in the past is nowa criminal. Because they did something totally acceptable a few years earlier.

And who knows what totally acceptable deed now will be illegal post hoc tomorrow.The accumulated history of past behaviour can be used anytime in the future todiscredit or accuse. And the accusing party can filter the data for damning evidence,whereas the accused has no access to the data to find exonerating evidence in it.

So history teaches us that everybody should have very strong objections againsta secret store of every word they ever muttered online.

In Germany, it is a felony to be member of a criminal organisation. That anexisting organisation has criminal purposes can only be decided after somebodyjoined it. So this definition of a criminal act by being a member of some organisationimplies the post hoc for at least some members.

Mon, 29 Jul 2013
[/projects] permanent link

No Let-over-Lambda in Python 2 :(

Standard idiom in LISP (or in this case, Scheme),Let over Lambda (also the title of an impressive book on LISP macrosby Doug Hoyte):

What does it do? It returns a function that returns 1, 2, 3, ... whencalled repeatedly. It's a way of keeping state in a world of functions.Don't confuse it with C's static Variables inside functions.mkcounter constructs a new counter object for each invocation,so

would print 42.

An attempt to reconstruct this in Python 2.x:

fails with UnboundLocalError: local variable 'n' referenced before assignment,which is somewhat confusing, since n is visible in _inner_ ifthe n = n+1 line is removed.
The impossibility of LoL in Python has been pointed out inPEP-3104 but was only fixed in Python 3.In Python 3 it's possible to reconstruct LoL by the dubiously named nonlocaldirective:

Mon, 15 Jul 2013
[/projects] permanent link

Jigsaw Puzzle Generator

The local Fablab has a laser cutter. What wouldbe more natural than to use it to produce jigsaw puzzles?
The snag is: Howget the patterns to saw as SVG graphics.
The Answer: create an archetypicalinterlocking border of a jigsaw puzzle piece as SVG path and randomly transformit for every connection in a n×m grid.
Implementedin Chicken Scheme.

Thu, 27 Jun 2013
[/projects] permanent link

Endoscreen Cut&Paster

emacs has the fabulous SLIME mode whichturns emacs into a LISPmachine, with interactive inspection and whatnot. It talks over TCP toa LISP REPL wrapped in SWANK, executing a huge palette of commands to debug and trace code,as well as the more-or-less trivial evaluation of code snippet from emacs buffers.

As a very weak approximation in vim there's jpalardy's vim-slime which uses screen to pastestuff from vim into a screen window presumably running a REPL. The implementationis totally vim specific.

If the action is just to paste stuff into another window using screen's own -X option then it should be doable with a shellscript. So here are swan andslim.


starts the Chicken Scheme REPL and injects the window's identifier into screen's environment.


pastes its stdin into the REPL window.

Combined with good-old vi's map keybinding commandthis is just as powerful as vim-slime but more flexible.

Download NetSOUND For Mac 1.1.1

My .exrc now contains the line

which pastes text between matching parens into the REPL.


slim now uses screen's register s so that the copy/pasteregister remains untouched.

Fri, 03 May 2013
[/projects] permanent link

Remote Boot and Root for Plan9

Started to play with Plan9 again.First major experiment: Run a bare-metal cpu server without local disks. All configurationcan be done from an OpenBSD server supplying the loader, kernel, bootup-config, and filesystem.The Plan9 server runs on an old 1U Pentium 4 server.

Results so far: PXE finds Plan9 loader, that again loads a plan9.ini by TFTPwhich specifies a kernel, which then mounts its rootfs from a u9fs onOpenBSD. Said rootfs contains cpurc which determines the server's behaviour.


dhcpd.conf on DHCP/TFTP server:

Once the PXE Plan9 bootloader9pxeload is running it pulls the file /cfg/pxe/001122334455 fromthe DHCP/TFTP server. This file is used as the plan9.ini.

Example plan9.ini:

9pxeload will load 9pccpu from the TFTP server itfound on ether0 and supply that kernel with the infomation thatits rootfs will be remotely supplied from is on first serial interface with 19200bps and no parity.

On the following entry in inetd.confstarts 9legacy's modified u9fsprocess on demand:

(This implies that the service 9fs is already defined as 567in /etc/services.)
The u9fs exportsThe original u9fs found in /sys/src/cmd/unix/u9fs.c exported the whole fs of the server.This led to the custom of chrooting the process, with all thepitfalls included.The 9legacy patchallows to export arbitrary subtrees.the filetree under /mnt/9atom withoutauthorization. This is excusable only in a private network and necessary onlybecause my rootless cpu server does not know the password for the remote fs.A way around that would be to put the password into the kernel itself (whichagain is totally insecure in an open network where everybody can fake the MACand pull the kernel...)

The Plan9 server can now be controlled completely from the OpenBSD machinewhich is nice for testing configurations.

Thu, 11 Apr 2013
[/plan9] permanent link

Programming Pearls: malloc, the Zabbix way

The Zabbix sources define zbx_mallocin include/common.h: line 700 as:

zbx_malloc2 is defined in src/libs/zbxcommon/misc.c: line 255 as:

So where're the pearls in this?

  1. the old parameter is forced to be NULL, so why pass it at all???

  2. noticed the for loop? It tries to malloc ten times before giving up. Thisseems to assume that some concurrently running part of zabbix frees memory, or thatthe system suddenly (while this loop is running, that is) assigns a higher memory bound for zabbix.

  3. noticed the MAX in the for loop? It tries to catch and disguise the error of requesting zerobytes by always returning at least one byte

Fri, 05 Apr 2013
[/osfail] permanent link

Memoizing Functions in MatLab

Three less known features of MatLaballow for memoizing functions:

  • nested functions
  • property lists on Variables
  • function handles
Code:Test with e.g.Call

Mon, 11 Mar 2013
[/projects] permanent link

The Garamond

Everybody has seen various travesties of Claude Garamond's typeface becauseit is one of the favourite fonts for books. Georg Duffner (with the help ofmany) has created an OpenType Font from an scan of a 1592 cut of Garamond's roman font.A notable difference to modern cuts is the height of the stems of lowercase letters.This seems to be a trend, even new typefaces like the original Times Roman lookflattend in newer cuts.

Fri, 08 Feb 2013
[/typography] permanent link

On ObjectOrientation

Recently I stumbled over Steve Yegge's essay “Execution in the Kingdom of Nouns ”which reflects on the linguistic styles of programming philosophies. Really something tothink about. The points stated in the essay are quite observable in code that comes my way.

One nicely wrought wreath from the many flowers out of the Garden of Object OrientedDesign Patterns is the following:

Thu, 24 May 2012
[/projects] permanent link

Dissonance in b-Smooth

Inspired by Adi Shamir's TWINKLE opticaldevice for finding smooth numbers, which works at GHz, I wrote an audio device for finding smoothnumbers, which works at low kHz. In absence of a good, screeching acronym, I'd call itDysphony in b-Smooth.

The idea is to convert the smaller prime factors of numbers into sound. The code does thisby keeping n counters, each of which is increased modulo its individual prime.At the moment, these are the first 1000 primes. After every increment the countersthat contain a zero are collected and a sine wave is constructed from the associated frequencies (index*(2000/n) + 40 Hz) at an amplitude proportional tothe logarithm of the prime (so that the frequent divisors 2,3,5,etc have a low impact).Each sound lasts a small fraction of a second. If a loud noise is audible, it isthe representation of a number with many different and/or larger prime factors.

The scientific value of this is approaching zero from the left, but it was a niceexercise to have the computer produce sound after my last attempts in 1987 onan Atari ST.

Thu, 08 Mar 2012
[/projects] permanent link

MySQL cannot erase data

For eight years it has been known (and Verified)that MySQL does not release diskspace it has claimed in its ibdatax files.The bug leads to full disks and database outages since the only way arround it is to shut downthe DB, dump it (consuming even more space) scrubbing the disk and restoring from dump.

This is a veritable showstopper.

Fri, 13 Jan 2012
[/osfail] permanent link

Impressive hack

In the good old days, when NTK was still around,I always envied the British for their absolutely superior hacker conferences.
To give an example, a talk by James Larsson on NotCon'04 explains howto measure time with a BBC Micro and a Marks&Spencer Prawn Sandwich. It's in the first ten minutesof this stream(local copy).

Thu, 12 Jan 2012
[/projects] permanent link


Since NIS has seen its hayday (in the early 90ies), we switched to the highlysecure LDAP+Kerberos setup. OpenLDAP is touted as the allround “Solution”to all user account management, sorry, I meant to say account provisioning.After converting our NIS passwd file to thousands of LDIF files weimported them with the obvious three-liner

After fiddling with half a dozen files in /etc, the client systemscould look up user data on the LDAP server. Our test for that was

So it seemed plausible to create a list of all users byand install that as a list of valid recipients of e-mails.

This was a grave error, because one of the manymany default settings of OpenLDAPis to return only the first 500 answers to any request. So the list was shortby a few hundred accounts.

Considering that LDAP has no concept of a cursor and one cannot ask for the next 500 entries, one can only ask

What the fsck were they thinking???

Mon, 28 Nov 2011
[/osfail] permanent link

Transferring files over the net with OpenBSD's bsd.rd

OpenBSD's installation ramdisk does not contain useful toolsto quickly transfer files from a remote machine. Speciallythe absence of netcat is painfully felt.The typical routine to transfer a set of files from Host A to theHost-to-be-installed B would normally be

To transfer whole partitions, it would be

What is included in the ramdisk, is OpenBSD's FTP client, ftp, which implements a subset of HTTP. So the above procedure becomes:

(Of course one could also set up a whole ftp or http server and put the dumpfilesthere, but oneliners are the essence of doability in *NIX)

Tue, 04 Oct 2011
[/projects] permanent link

Deutsch für extrem weit Fortgetretene

Bewurstlosigkeit :
Like unconsciousness, but without the sausages.

Tue, 04 Oct 2011
[/unsorted] permanent link

Newly discovered Nietzsche Aphorism

Was uns umbringt, macht uns vorübergehend steifer!

Mon, 19 Sep 2011
[/famous_nonquotes] permanent link

PostScript Punchcards

punch.psreads a file from stdin and produces the IBM punchcards representingthe lines (which should be shorter than 80 chars). Invoke with

gs < yourfile
for flip-book mode, or
gs -sDEVICE=pdfwrite -sOutputFile=cardstack < yourfile
for a stack of all the cards.
This program combines well with a computer-driven laser cutter...

Fri, 15 Apr 2011
[/projects] permanent link

Including by explicitly excluding files in Bacula

Bacula's config file format allows the followingThe Directory /var/tmp from the Exclude section is includedin the backup, because to exclude it, the proper configwould be

Tue, 25 Jan 2011
[/osfail] permanent link

Quine in dc

Perhaps the first quine to be written in dc.

To test run

Update:This made it to Reddit. And it can be shortened to 17 characters...

Tue, 28 Dec 2010
[/projects] permanent link

A .tgz that bytes

The following creates a tar file thatwrites stuff (/etc/yourpasswd in thiscase) outside the directorywhere it is extracted:

This of course only works when tar zxf is run as root,but that is not unheard of, right?

Mon, 06 Sep 2010
[/projects] permanent link

non-PTRs in .arpa

Few people but nameserver admins know the .arpatoplevel domain.It has an hierarchical scheme with zones just as all other TLDs.

It's main use is to reverse map addresses. For an IPaddress like
this is done byrequesting the PTR record for the hostname

The DNS server delegates the request tothe server responsible for so recursively until a server is found who is responsiblefor the whole network containing the address. The replytypically is a hostname.

For IPv6 the domain is and the encoding for e.g.


But there is no technical barrier against requesting other recordtypes from under the .arpa tree. The DNS servers happilyreturn A,AAAA,CNAME,DNAME or other records when asked nicely.

And nothing prevents an DNS admin from placing non-PTR recordsin the .arpa subzone. And nothing preventsthem from prefixing arbitrary strings in front of the IPv6 subnet.And of course those .arpa names can be usedjust like hostnames...

For example, a valid URL for this blog could be this orthat or even thiß.

Perhaps URL-based filtering can be subverted this way.

Thu, 12 Aug 2010
[/projects] permanent link

See Postfix run on ZFS

postfix compiles on OpenSolaris
postfix runs
postfix tries to accept email
postfix uses statvfs to enquire free space on /var/spool
/var/spool is on ZFS with > 2TB free space
statvfs dies (EOVERFLOW)
postfix dies
poor email

UPDATE: small patch fixes this, assumingthat an FS with more than ULONG_MAX/2 free blocks has— for all purposes of postfix — exactlyULONG_MAX/2 freeblocks.

Fri, 06 Aug 2010
[/projects] permanent link

OpenBSD on Loongson

Miod Vallat ported OpenBSD to the chinese MIPS64remake Loongson 2F, so I wiped the bloated Linux installationfrom my Yeeloong.
On the Pros side, OpenBSD on Loongson works out of the install,with X11 and everything running.
On the Cons side, there seems to be a serious flaw in fundamental stuff that stopsPython from building and introduces bugs in libgmp.And without Python no mercurialand therefore no happiness yet.
UPDATE: The python build issue is fixed in -current. Mercurial workson the yeeloong!

Sat, 27 Feb 2010
[/projects] permanent link

Alan Kay on Creativity

From an interviewwiththe ACM Queue:

All creativity is an extended form of a joke. Mostcreativity is a transition from one context intoanother where things are more surprising. There's anelement of surprise, and especially in science, thereis often laughter that goes along with the”Aha“. Art also has this element. Our jobis to remind us that there are more contexts than theone that we're in --- the one that we think is reality.

Thu, 11 Feb 2010
[/projects] permanent link

Back to the √s

The Curta is a mechanical computing device, about12.5 cm high, 8 cm in diameter, with49 bits internal precision.
I'm totally inawe about the elegance of the design and the smoothhandling. Trying to actually compute something, e.g. asquare root, on this machine, immediately makes oneaware of the roots (sic!) of numerical mathematics. Theresimply is no button marked √ on the Curta, andstill people used this very machine to compute squareroots (and logs, and trigonometric functions, ...).Until the 1980ies most scientists knew how toefficiently compute everything on such add/substract machines,and this knowledge is now buried without a tombstone.

Fri, 12 Jun 2009
[/projects] permanent link

Drawterm port for OpenBSD

Download NetSOUND For Mac 1.1.1

Russ Cox's drawtermis a terminal program to connect to a Plan9 CPU server from Unix.
Thisis a port for OpenBSD (i386, amd64, sgi and sparc64).

Plan9 normally provides a graphical user interfaceinstead of just a Command Line Interface on login, and sodoes drawterm. In Plan9 terms, it exportsa part of the Unix box's drawing device, the keyboard andthe mouse to the CPU server and the programs started theremore or less directly draw on the window. No need for X-Forwardingsand the like. In addition it exports the user's $home directory to theCPU server as /mnt/term, so that the usual routine of becomes:

Tue, 31 Mar 2009
[/projects] permanent link

Red Tape Origami

Another case of sufficiently inappropriate technology beingindistinguishable from magic:


This turned out to be much harder thanRC4 in a shell skript.


XSLT relatesto general purpose programming as Cholera relates to dinner invitations.

Variables in XSLT aren't, and there's no imperative iterative statement,so state must be kept on stack and recursion is the only way of iteration.Combined with the fact that most XSLT compilers that we tried do notutilize tail recursion, this quickly leads to stack overflows evenfor small inputs.
Thanks to Meredith L. Pattersonfor cool tricks to save space on stacks

Typing is non-existant, strings are cast to integers, whole XML subtreesto strings and so on.

The XPathquery language can be used to select elements or subtrees of XML documents.Subtrees resulting from such selections can be assigned to variablesand passed as such to functions (templates in XSLT-speak)but their elements cannot be accessed by XPath any more.

Although XSLT abhors brakets, ampersands and double quotes,it is possible to clobber together arbitrary strings. Butit not possible to output them in HTML format contexts,so it is necessary to hark back to hacks including iframeswith data: url hrefs.

Tue, 03 Mar 2009
[/projects] permanent link

The YeeLoong Netbook

The ironically named Chinese company Lemotehas produced Linux-based set-top boxes for some time.What makes these and subsequent Lemote boxes unique is that they runon MIPS64 CPUs.

Most commonly associated with MIPS are the legendary Silicon Graphics Workstationsof the 90s. But since then, MIPS-based boards have been used in manyconsumer devices, e.g. most Linksys wireless routers, Cisco routers,Playstations,

The CPU in Lemote's newer products is basically a MIPS R4700, called Godson orLoongson-2E, with bigger cache and larger TLB.

What brought us to Lemote hardware was the announcement of a completelyopen-sourced netbook. From the boot monitor (a modified PMON) to the desktop, everything was supposed to be open and modifiable.

The process of ordering hardware from Lemote turned out to be surprisingly simple.After exchange of a few E-mails and an international money transfer,we got six laptops with 1Gb RAM, 160 Gb disks,American keyboards and an English Debian installation. Price after customs,including shipping, was about 320 Euros per machine.

Expect more about this hardware here soon.

Tue, 03 Feb 2009
[/lemote] permanent link

Time based views (another 12 Liter challenge)

Jun Rekimoto's Time-Machine Computingis a neat idea for representing large (probably not huge) amounts of personaldocuments/images/other data in their chronological context.

It assumes that people have no problem remembering their actionsif given hints to what other actions they performed around the same time.
So instead of organising saved/created files by a rigoroussystem of hierarchical sub-directories and names, one woulduse on the creation or modification times and the good old neural network.

Rekimoto developed a Java-based desktop environment based on this idea.
A more practical approach IMHO would be to enhance one the many open sourcefile managers by a slide bar that allows to scroll backwards in time throughthe directory. I.e. when activated, the position of the knob presents apoint in the past, the leftmost position representing the creation ofthe oldest file in the displayed directories. At each position, theonly files shown would be the ones created at or around the daterepresented by the position. All other files should be faded from view.

Another way of implementing a time view would be to center on aselected, presumably well-remembered file and fade out all others,the shading depending on the chronological distance from the selectedfile. I.e. when you click on a file, you would clearly see the files that you created shorly before/after the selected one, with earlier/laterone fading out progressively.

And again there's 24 bottles of beer waiting for the brave implementor …

Wed, 21 Jan 2009
[/projects] permanent link

Naming again

Update of the naming-on-the-internet 'bibliography':Fixed broken links, pulled local copies, added a few, removed a dead IEFT working group.

Fri, 05 Dec 2008
[/projects] permanent link

The ubiquitous fs in Plan9

The terms file server, file system and the abbreviation fsappear a lot in Plan9 documentation. For example, there are the manpagesfs(3), fs(4), fs(8), and kfs(4).

First fs(4) aka Ken's FS. This was a file serverinside the kernel which required a specially built kernel andwas used together with a dedicated CPU server andmany terminals. It is not part of the kernel sources any more,but its manpage lives on. To add confusion, there is also amanpage fs(8)for the console of Ken's fs.

Then there is kfs(4),a file system for terminals.It is implemented in user-space. No relation to Ken's FS besides the name.Strangely there seems to be no option to repaira broken kfs:

If the file system is inconsistent, the user is asked for permission to ream (q.v.) the disk.

(reaming means deleting).kfs cannot be managed by a console like Ken's fs and fossil, butby options to an executable kfscmd.UPDATEkfscmd has commands to repair a broken kfs.

As another example for the non-injectivity of abbreviations, there'sfs(3)which is not a file system at all, but a kind of soft-raid that allows concatenation,striping and (simple) mirroring of files, e.g. disks.

On the fourth hand, there isfossil.This is the current default for CPU and File servers. It can be configured tomove its blocks to an archival storage server venti.It is managed with its own console fossilconswhich attaches itself not as /srv/fossilcons but/srv/fscons.

Wed, 09 Jul 2008
[/plan9] permanent link

24 bottles of beer... UPDATE

I offer 12 Liters of top-quality Franconian beer(Leutenbacher Drummer-Bräu) for fixes of each of the following:

  • plan9ports: provide a libthread for OpenBSD-amd64.
  • OpenBSD: vi: make 'vi -r' work after a power failure.
  • OpenBSD: i386: make SMP work on IBM ThinkPad X60.
    UPDATE works now as of 4.2-stable
  • OpenBSD: Software Suspend ala swsusp to get around all that silly ACPI stuff.
  • OpenBSD: AMD64: Enable a MAXDSIZE of greater than 1 Gb.
    UPDATE it's now 8 Gb in OpenBSD 4.4-beta
  • OpenBSD: VAX: ELF with dynamically loadable objects.
  • OpenBSD: all: port Ai's setmacaddr patch to 3.6.
    UPDATE The 12 l for thishave been (successfully) claimed by Christian Kellermann with his patch to current.
    UPDATE The OpenBSD team added the feature to thesource (by a different patch, prs 2117 and2118).
  • libGMP: Support AMD64 with true 64bit arithmetics.
  • GnuPG: all hash implementations in cipher/have a function {md,md5,rmd160,sha1,sha256,sha512}_write.The implementationis quite obfuscated with a totally unnecessary level ofrecursion with several terminating conditions. Replacethese _write functionsby something more readable. UPDATE The terrible code isby Ulrich Drepper, not gnupg's author Werner Koch.
  • GnuPG: add functionality for signing arbitrary PKTs, thusallowing signatures on signatures.
  • libnet: functions for construction of arbitrary chainsof all possible IPv6 headers.
Mail your patch and we'll organize the delivery.

Thu, 03 Jul 2008
[/projects] permanent link

PPPoE v6-only on OpenBSD

Just sent the first few thousand packets over an IPv6-onlyPPPoE uplink provided by rh-tec.
Config on OpenBSD with bge0 as the physical interfaceconnected to the DSL modem:

After a few seconds, pppoe0 receives a Router Advertisement andgets it's prefix. The rest is plain sailing (ssh -6 and so on).

Fri, 18 Jan 2008
[/v6] permanent link

What is a random sequence?

In Cryptography papers there are lots of statements like

Alice choses a random number k


Bob choses a random element of F_p

Can one recognize a number or a sequence of numbers as random?
Which of the following sequences is random:


Download NetSOUND For Mac 1.1.1 Free

Answer: all of them are equally likely outcomes of 23 coin-flips.

Sérgio B. Volchan tells the history of the conceptof randomness in mathematicsin an article for the American Mathematical Monthly.

It is quite fascinating IMHO how seemingly resonable definitions of randomness were put forward and shot down later to be replacedwith the next definition. The most recent definitions precludemeaningful checks for randomness by examining finite parts ofa sequence, so the conundrum remains: Is 7 a random number?

Tue, 15 Jan 2008
[/projects] permanent link

That's how to write manuals

The Jupiter ACEwas a home computer produced in the UK in the 80ies.It had a FORTH interpreter instead the usual BASIC of the C64, BBC micro, etc.
Their Manual explainsthe inner workings of the machine in an accessable way. Compare thatto the thousands of VBA books that keep the reader totally in thedark what goes on behind the funny icons.

Tue, 15 Jan 2008
[/projects] permanent link

Surprising results with IPv6

Spamfilters add complexity, which in turn makes v6 transition harder.
Host A (running OpenBSD) has dual stack v4/v6 with routable v4 address
Host B (running Plan9) has dual stack v4/v6 with a subnet-local v4 address
Both machines have a routeable v6 address and run an MTA.
So I assumed that it should be possible to send mail from A to B.Turns out to be not that simple. The Plan9's MTA uses various heuristicsto find out if incoming mail is spam (as do other MTAs). One of the checks is to connectto the MTA listed in the MX record for the sender's address' domain.Host A's MX record is v4-only, so B cannot connect to theMTA, so it rejects the mail. Not only the sender and the receiver haveto be v6-enabled, but also the sender's MX (and probably the blacklistproviders, etc).

Tue, 15 Jan 2008
[/projects] permanent link


Plan9 is an operatingsystem by the authors of the original Unix, with integratedsupport for distributed applications.

Plan9 has its own windowing system, rio, quite different fromX11.

It is possible to connect to Plan9 machinesby drawtermfrom Unix machines running X11. drawterm starts the windowing system on the remote Plan9 andeverything works as if sitting in front of it.

While typing from one machine I remembered I hadalready solved a problem in a one-liner, but on a different drawterm which ran on a Unix box miles away.

So the other drawterm runs the rio mounted on/srv/rio.myname.5678. To get at the scrollbackof a window displayed on a screen on a totally different machine:

Wed, 27 Jun 2007
[/plan9] permanent link

Pretty Slow Privacy

PGP on the cheap, implemented in a bunch of shell scripts.
All crypto in dc(1), nice redirects in/fromFIFOs. Download the files (.tar.gz) now! (Tested on OpenBSD, GNU sed manpage:
“POSIX.2 BREs SHOULD be supported”
But they aren't)
UPDATE Pull the sources again, fixed some bugs. Thanksto Michael Gernoth.

Sun, 31 Dec 2006
[/projects] permanent link

Poor Man's PGP Part 1: RC4 in a shell skript

With a shell account on an arbitrary POSIX semi-compliant system, one shouldhave access to a Bourne-like Shell, awk, dc, sed and companions. Given a source of randomness this shouldbe sufficient to code RSA + a symmetric cipher, kind of extremely poor man'sPGP.

I had some problems finding ways to output binary stuff from ksh.
UPDATE: New version seems to work with bash.

Here is the first step towards it,RC4 in a shell skript. As expected, it's slow as mouldy molasses but it works and passes a test against OpenSSL's test vectors.

On Intel at 1.6 Ghz it encrypts/decrypts at 184 Bytes per second.One optimization could be to put the keystream generation entirely in a dc script,start that in a sub-process, and read single bytes from a fifo.
UPDATE: New version does this, 370 Bytes/sec now.

Sat, 14 Oct 2006
[/projects] permanent link

Web of Trust Betweenness Centrality Stats UPDATE

New Betweenness Centrality Stats available. Lots of changes in the ranking. New shootingstar is the CaCert pubkey.

Key creation time and sigs from forgotten keys influences the ranking

All norms on key graphs have to deal with time somehow. Thisis because keys are created over time, revoked, they expire, their passphrasesare forgotten … Signatures expire, point to revoked keys …In the BC norm, this has a side-effect on newer keys:since newer keys will never get signatures from revoked or unusedkeys, they are at a serious disadvantage (sorry, weasel :-)).If there are n keys in the component, and only one hasa link to/from an old key, then it's BC will increase by n-2(because n-2 shortest paths lead through it to the forgottenkey).At the moment I see no way of repairing this.

Description of the technique is inanother post.

This and previous results are at

Tue, 31 Jan 2006
[/projects] permanent link

Stress-testing mmap on OpenBSD

mmap(2) maps a file to a range of memory and givesthe calling process a void* to manipulate the contentsof the file. If no file descriptor is given, it creates an “anonymous” memory range. In both cases, the memory rangecan be used for inter-process communication.As an additional feature, the caller can specify how child processessee the memory. If MAP_INHERIT is set, the childrensee the same as the parent. If additionally (or more precisely OR-ally)MAP_PRIVATE is set, modifications (i.e. writes) by the parent areinvisible to the children. If MAP_SHARE is set, thechildren see the bytes written by the parent. The minherit(2)syscall allows setting these bits for arbitrary pages.

Now, what would be the most stressing situation for the kernel?Overlapping memory ranges with different copy/share policies forseveral generations of processes. This program does exactly that.It subdivides the same piece of memory recursively, and each childsets another inheritance policy on top of the set ones of the stackof parents.

Usage: stress.mmap [-f file] [-m size] [-r level] [-n num]

TODO: let each child mmap the same file to another location,with different policies…

Mon, 23 Jan 2006
[/projects] permanent link


It is hard to confine untrusted software to just the stuff it issupposed to do. Server processes can be run as unprivileged users,chrooted or jailed in their own namespaces. If the software has todisplay something on the user's X11 however, different measures have to be taken.

One approach is to run the program under surveillance of systrace. This is good, but the code must have accessto the X server and could try to grab/inject XEvents.

The following script (download) opens a nested X server (Xnest)and starts an xterm on it, running as another user.Starting from there, the user at the display can start a windowmanager and the suspicious software itself.

The programs inside the nested X cannot access the surroundingX display. With restrictive file permission on the regularuser's homedir and standard precautions about the otheruser's account, this could protect against a few attacks.

Wed, 16 Nov 2005
[/projects] permanent link

Unreliable Programming: a method for evading liability claims on software.

Members of the security and safety community often claimthat software quality would improve if manufacturers wouldbe held liable for damages caused by their products.The reasoning uses the negative incentive argument:“If we produce faulty software, we will lose money. Let's write correct software instead to increase shareholdervalue.”

Let's examine this claim more closely:
A user experienced damage from a malfunctioningprogram. How would she get compensation from the manufacturer?Surely not by simply calling and announcing that a crash causedX dollars of damage. Surely the vendor would claim that itwas a user error …. So user and vendor will end up in court.The only proof of fault on the vendor side would be for the user to

  1. recreate the state of her machine before the crash (how??)

  2. reproduce the software error by taking actions explicitly mentioned inthe software's documentation.

Now suppose that there was a magical wand for taking snapshots ofcomputer states just before crashes. Or that the legal systemwould permit claims on grounds of only the second part of the proof.Then there would be a strong positive incentive to write softwarethat fails unreproducibly: “If our software's errors cannotbe demonstrated reliably in court, we will never lose money inproduct liability cases.”

This introduces an interesting new paradigm of programming.Methods of this school of programming could include:

Do something random

If an exception is raised which is not caused byuser input, look for a random function/method which can be called in the current context and call that.


In multithreaded programs, if one thread runs into an error,simply put this thread to sleep and hope nobody notices it.


Produce fake virus scanner alerts, telling the user to e.g.reboot imediately, thereby erasing the traces of the error.

Blame someone else

Inject errors in other running programs.
Example: A SEGFAULT handler looks for other programs fromdifferent vendors running on the same machine when the erroroccurs and forwards the signal to one of them. It then simplywaits. The user might attribute the freezing of the programto the crash of the other.

Of course, really unreliable code needs randomness to select the actionto take. All modern operating systems now come with randomnumber generators which could be used for that purpose.

In machines with hardwire unique ids (UIDs), e.g. from the TPM,there is the interesting (and rewarding) possibility to tie therandom behaviour to the hardware. This would allow software vendors to sell horoscopes for computers!


Tuesday, Serial numbers 0x900… to 0xA00…:

Bad day for text processing

Fri, 11 Nov 2005
[/projects] permanent link

Web of Trust Betweenness Centrality Stats UPDATE

Redesigning some of the code

  • the code walked against the direction of the links, silly me

  • pgpring cannot be relied on when parsing the keyserver dumps,so we now pull the usernames from a keyserver, ugly

  • generate only the top1000 by default. Longer rankingsare no problem, mail if you want them (or run the code yourself,changing the parameter of top to some higher value first).

Description of the technique is inanother post.
This and previous results are at

Thu, 11 Aug 2005
[/projects] permanent link

Look in the dusty corners!

A prediction (which you can help to make self-fulfilling): we will find security holes in implementations ofprotocol features which are

  1. hardly ever used
  2. not really understood
  3. underspecified

Possible targets:

HTML & data: URLs

RFC 2397 definesa URL type which carries its own content. This could play havoc withHTML content filters, filtering proxies, and so-called 'browsersecurity settings'. Simply base64 the exploit and put it ina <a href='data:base64...'>. You can alsoput iframes in data: URLs, which in turn …


After a list of devious attacks on TCP (e.g. Stefan Savage's Congestion Control Attack, Timestamp problems and ICMP based attacks),it seems as if even the basic protocols are not really well understood(or implemented). What happens in each of the thousands ofTCP/IP stack implementations if they receive

  • ICMP Redirect (perhaps as part of a DDoS attack)?
  • ICMP EchoReq with a multicast source address (and they joined that

IPv6 options
I looked over the basic IPv6 RFCs (2460,2461,2462,2463)

recently. Very impressive, they defined a lot of reallyincredible stuff. For example

  • the IPv6 Destination Options Header (RFC2460, Section 4.6)is an optional header that allows to pad datagrams with zeros.Glorio!

  • the IPv6 Routing Header (RFC2460, Section 4.6) definesup to 127 hops through which a datagram should travel.It specifies the hops by addresses, so that the headeralone can be up to 16 * 127 + 4 = 2036 byteslong. The routing header may not be fragmented (RFC2460, Section 4.5),and the minimum MTU is 1280 (RFC2460, Section 5). It makes themind boggle.

  • to compute the UDP body checksum, an IPv6 pseudo-headerhas to be constructed in memory. The UDP checksum ignores the headersbetween the address part and the UDP header, except whenthere's a routing header present, in which case it has tobe parsed for the final hop, which will then be includedin the pseudo-header. Simple, fast, efficient.

While there are some compliance testing efforts, there seemto be no checks about handling of non-compliant datagrams.What happens if a datagram carries two routing headers, three destination option headers, undefined NextHeadervalues, or a Jumbogram header indicating a payloadof 4 Gigabyte on an ordinary ether interface?


Diverse pranks with Unicode are making the round (e.g.shoestringfoundation's very own UTFbiffier), and the various hacks to get wide-char support in standard applications,and then there's Internationalized Domain Names (RFC 3490)and useful character encodings in X509 (for example Teletextand T61Sting which includes really suprising chars,see Peter Gutmann's highly readable X.509 style guide).All that calls for further interesting exploits on the user interface.

ANSI terminal viruses (ok, it's viri, but tell that to the walri)

We terribly ε¦ïʈèɦaϲќҽrႽ tend to use command line interfaces on terminals, consoles,xterms or even screen.But there's been lots of interesting attacks involvingmagic escape sequences. A recent paper by H.D. Moore points out that this is a pendingthreat still.

URG flags and pointers

The TCP urgent feature implements the strange ITU-y ideaof sideband signaling. It basically tells the socket that there's much more interesting data somewherelater in the TCP stream. Practically no program uses this,but who knows what shenanigans might be caused by anURG pointer in a Jumboframe …

Enough for now …

Thu, 09 Jun 2005
[/projects] permanent link

Anti-social Tagging

The sharing and co-operative commenting of bookmark-like links isa very interesting idea. It takes the slashdot/scoop ideato the extreme because everybody can dump what they findinteresting and sort other suggestions by keywords aka tags.Popular implementations such as or CiteULike are nice and well, but they are centralized, easy to floodand a bit too open for my taste. So I was happy tosee that Ricardo Signes wroteRubric,a free implementation of a work-alike, and Steve Mallet at de.lirio.usadapted the interface to make it look like
I'm testing it right now and would like to run my own tagged bookmark store, integrate part of them with this blogand share the links with friends.
The Rubric code depends on loads of Perl modules and it takes some few minutes to configure it. Ricardoprovides scripts to import existing link-lists quickly,without going through the web interface. The inputformat is a YAML dump of a reference to an array of hashes with certain keys.I wrote a little scriptto convert Lynx's bookmarksto that format.
Stay tuned …
Update: the scriptnow works for 'DOCTYPE NETSCAPE-Bookmark-file-1', i.e. Firefox,Mozillas as well.

Thu, 07 Apr 2005
[/projects] permanent link


There have been a lot of ideas about how to allowmulti-writer web pages. The simplest implementation is the classic wiki(everybody can write everything), the most uselessidea in this area is Annoteawhich requires modifications at the client (as proof ofirrelevance, they implemented it for Amaya).There are many applications where the ability to addcomments would be useful, and where the wiki concept allowstoo much mischief.A group of brazilians implemented what they callco-links. This trickery of php/sql/javascript allows readers toinsert links in a text and add links to existing lists of links.They require no modifications at the browser and thenew links are stored at the server (not always a pro, but a good start when compared to annotea, where all modificationsare stored at the W3C), but not the content they point at. A nice application would be, e.g. a distributedly annotatededition of a literary text.

Mon, 21 Feb 2005
[/projects] permanent link

Recursive RFCs

The specs for the highly esotericDynamic Delegation Discovery System (DDDS), RFCs 3401 to 3405 all contain the following curious phrase:

The entire series ofdocuments is specified in 'Dynamic Delegation Discovery System (DDDS)Part One: The Comprehensive DDDS' (RFC 3401) [1]. It is veryimportant to note that it is impossible to read and understand asingle document in that series without reading the related documents.

Since each document stating this isitself a part of the series, recursion kicks in and it becomes“impossible to read and understand” any of the RFCs.
This does not bode well for the rest of the standard.

Thu, 03 Feb 2005
[/projects] permanent link

Computing Betweenness Centrality in the Web-of-Trust

The mean-minimum-distance of a key to all other keysin the web-of-trust gives some idea of the connectednessof the key. This is done in Drew Streib and Jason Harris'keyanalyze.But it does not express how the keycontributes to the infrastructure of the web-of-trust.It would be nice to have measurement of, e.g.,the number of otherwise disjoint communities whichare connected only or mainly through a key.

A quantity that expresses something like this is theBetweenness Centrality. In a nutshell, it is thenumber of shortest paths which lead through a vertex ina graph. The paths are taken from every vertex, toevery vertex. If there is more than one shortest pathbetween two vertices, the centrality of the vertices onthe paths is increased only by the fraction of pathswhich they are part of.

Formally, Betweenness Centrality of a vertex v is defined asthe sum of [(number of shortest paths from s to tthat go through v) divided by (number of shortest pathsfrom s to t)], where s and trun over all pairwise different vertices ≠ v.

The code in Cwot.tar.gzcomputes the betweenness centralityof all keys of a graph. The graph must be presented inthe preprocess.keys format as in keyanalyze.

Download NetSOUND for Mac 1.1.1 download

To compile the code, simply type 'make'. If your systemdoes not have /usr/include/sys/queue.h or/usr/include/sys/tree.h you have to un-comment one linein the Makefile, see there.

The algorithm used to compute the BetweennessCentrality was taken from a paper by Ulrik Brandes, “A Faster Algorithm for Betweenness Centrality”in “Journal of Mathematical Sociology”, 25(5):163-177, 2001. The time-complexity is O(nm), where n is the number ofvertices (keys) and m the number of edges (signatures).The space-complexity is O(n + m), but my clumsyimplementation might scale worse.

The code is available under the MIT license.

Thu, 09 Dec 2004
[/projects] permanent link

PGP mail filtering/syncing

My PGP key resides on one single machine, which runs noservices and is mostly offline. Mail is delivered toanother well-connected box. The mailbox format is Maildir.To decrypt mails I need to transfer the stuff to themachine with the key.
My .procmailrc on the connected box:

Download NetSOUND For Mac 1.1.1 Torrent

To sync the files to the secure box, I use rsync.The problem is that my mail reader renames thefiles in the maildir to store flags like read,replied, so rsync pulls toomany files. The following script helps:

Wed, 08 Dec 2004
[/projects] permanent link


Download NetSOUND For Mac 1.1.1 App

Naming and name spaces are important in a lot of contexts:

  • natural language (naming things, people, places, …)
  • programming languages (think about scoping, encapsulation, C's static, inheritance, …)
  • networking (Addresses, DNS, IDs for various types of sessions like in TCP or RPC, …)
  • crypto (Identifiers in certificates, fingerprints in PGP, …)
  • law (Trademarks, libels, …)

Unfortunately, computer science is mostly ignoring the whole topic.In the hope to change this a little, I'm building a bibliography/link list on naming.
Additions, corrections and comments are welcome!

Mon, 06 Dec 2004
[/projects] permanent link

Better keysigning automatisms

The common technique for signing large amounts of keys after a key-signing party is to, well, simply sign allkeys and mail them to their owners. But this might notthe best way. Because if you sign a key, you oftensign many uids with different e-mail addresses. Ifany but one of these don't work you won't notice, because yousigned all of them and mailed the result around.Thus your signature certifies that this key belongsto addresses it doesn't really belong to.

To avoid this, Peter Palfraderwrote caff. This Perl scriptconverts keys with many uids to many keys with just oneuid each, and signs these. It then encrypts each signedkey with itself and sends it to the e-mail address inthe uid. This helps to assure that you don't sign uidswith e-mail addresses which aren't under the control ofthe signee. Caff removes other signatures from the keysas well, to make the mails smaller and easier to process.

The script needs the experimental gnupg-1.3.92 (check gnupg-1.3.92.tar.gz.sig)and the Perl module GnuPG::Interface.

Peter Palfrader is the author of caff, I merely added afew features to allow signing with multiple and older keys,and to have caff just save the mails in a folder insteadof sending them off at once.


Fixed an error in the handling of extensions (e.g. idea).

Fri, 03 Dec 2004
[/projects] permanent link

Orientation for Laptops

I carry around my old Vaio and connect it todifferent subnets. Typing the same commands(ifconfig ....; route delete default; route add default ...; cp /etc/ /etc/resolv.conf;...)every time I reconnected got boring, so the stuffwent into scripts. I later heard of Felix von Leitner's divine.It sends out fake ARP requests to divine to whichnetwork the machine is connected, and takes configuredactions depending on the results.

It turns outthat it's pretty easy to re-implement this with“standard&ddquo; utilities on OpenBSD. I usearping by Thomas Habets from the ports-treeand ifstated supplied in the OpenBSD source tree.ifstated is not installed in the standardbuild process, but a simple
cd /usr/src/usr.sbin/ifstated
make && make install

fixes that. The documentation for the config-fileifstated.conf is non-existant, but anexample is in /usr/src/etc/ifstated.conf.

You can take my minimal configfor multiple networks and adapt it by substitutingthe name of your interface, the IP/MACs of the hostsin your networks. Works fine in my setup.

Thu, 18 Nov 2004
[/projects] permanent link

drawing binary trees

While preparing a talk about extensions of Merkle's hash trees, I found that it's extremelycomplicated to draw nice binary trees withWYSIWG software.
So I wrote code to do it. It's in Perl and uses the GD module. GD's handling ofcolors is awkward, but the code does it's magic.

Thu, 11 Nov 2004
[/projects] permanent link

Web of Trust Betweenness Centrality Stats online

Using the technique described inanother post, I now compute the betweenness centralityof the strong connected component, using Jason Harris' pre-processedkeys as starting point. Results are at

Mon, 01 Nov 2004
[/projects] permanent link

Self-Covering Steganography

One problem with steganography is that the embedding ofhidden text in the covertext changes the statisticalcharacteristics of the covertext. With large amountsof covertext, it becomes obvious. Niels Provos addressed this in Outguessby changing other bits in the covertext to minimizethe impact of the embedding on the chi-square test.Would it be easier to embed undetectably if we cangenerate the covertext ourselves. Definitely! does this. Supplyit with an ASCII text and it computes the probabilities of characters following every sequenceof characters in the text. Supply it with a key,a message to embed and a word, and itwill generate a covertext starting with that word.The covertext has exactly the same probabilitydistribution as the orginal text, but the messagecan be extracted from it, if the key is known.How does it work? Mybal takes the word to start with,interprets it as a sequence of chars and checks whichchars would be next in the sequence, and how probableeach of them are. It then throws a biased die (a PRNG seeded with the key) to decide which char is next.It appends that char and interprets the result as anothersequence and so on. If the list of possible next characterscontains two chars with the same probability andthe keyed random number generator chooses one of themmybal looks for the next message bit to embed. If it's a zero, then the randomly chosen char is appended.If it's a one, the other equally likely char is appended.This guarantees that the probability distribution isalways the same as in the orginal.
To extract the message, mybal starts with the first wordand walks along the covertext, always checking the listof possible next chars. If the char in the covertext hasthe same probability as another char in the list, thena message bit could be embedded with that char. To check whichbit it was, mybal uses the keyed PRNG to generate the textitself and thus sees which char it would have chosen on aone or zero bit.

Thu, 12 Aug 2004
[/projects] permanent link

Transferable namespace projection in bind9

Assume that you have control over a zone, i.e. you can add records in that zone. With this patch to bind-9.1.3 you can designate a new domain, even a TLD, e.g. .mytld. Every hostname h.mytld in that zone is CNAMEd to a hostname j in, where j = SHA1(h . <secret>). <secret> is set in bind's config file. This allows you to assign arbitrary meaningful names in .mytld, like icannsucks.mytld. The DNS queries that leave the subnet with your modified bind refer to meaningless hostnames in If you want to share this local namespace with someone, you just have to send him/her the configfile entry that defines the TLD and the secret.

Thu, 01 Jul 2004
[/projects] permanent link

Factoring silly keys from the keyservers

At the Privacy Enhancing Technologies Workshop in 2004, Ben Laurie andI did the following experiment: Take all RSA moduli from PGP keys presumablycreated with old versions of PGP and compute the pairwise gcds(Peter Palfrader supplied us with the keys). It turns outthat two keys of about 18.000 have a common divisor in their moduli:and
I attacked the second key with Paul Zimmermann's Elliptic Curve Factoring implementation.
The key's modulus is
This is not the product of two primes. So far we found the following factors:

  1. 3 (Yes, three!)
  2. 3 (Yes, it's not even squarefree)
  3. 42742556573248957
  4. 314267779982277702367112491702024117309
The remainder is not prime but seems to contain no factors smallerthan 150 bits.

Thu, 01 Jul 2004
[/projects] permanent link

Pingsweeps go BOING

Fascinated by the Auralizer, I started my own, simplifiedversion, Netsound. The idea is to definesound events to be triggered by network events. In netsound, you canset pcap(3) filters together with bounds and the soundto play if the event occured that often. E.g.:

You can define many of these events. Netsound uses libesdto play and mix the sounds.

Wed, 30 Jun 2004
[/projects] permanent link


The Blum-Blum-Shub Pseudo Random Number Generator works basically as follows:

  1. Setup
    1. Generate two large primes such that they both equal 3 mod 4

    2. Take the product N and forget the primes

    3. Fetch an initial state x0 from a true RNG

  2. Operation per step
    1. compute next state: xi+1 = xi2 mod N
    2. output the least significant bit of xi+1

Blum, Blum and Shub show that predicting the next bit fromthe observed output is as hard as factoring N. In addition,after erasing the primes computing previous states from the current oneis as hard as factorization.
A problem exists with theexpected cycle length of the produced random bits. AsTerry Ritter pointed out, maximum cycles (near the size of N)can be assured by choosing the primes as “double--Germain”,i.e. p = p'*2 + 1, p' = p'*2 + 1, with p, p', p' all prime.
My implementation generatessuch primes. A possible application for BBS is generatingstrong randomness on embedded devices without physical sourcesof randomness. Upon initialization,a truely random seed could be stored on the device, which later isupdated synchronously after each step of the algorithm.

Wed, 30 Jun 2004
[/projects] permanent link

Unicode is the next 3 _33+ 5P34 <

Bored with being eleet on IRC? Why not take a look atthe forthcoming 32-bit eleetness brought to you byUnicode(TM)(R)?At the Shoestring Foundation Labs, where we inventedtime machines long before H.G. Wells could think of one,we are in the process of converting boring old ASCIIto totally eleet Unicode. See ourexample page!.

Mon, 28 Jun 2004
[/projects] permanent link

Extended Euclidian Algorihtm in dc(1)

If you think you're really bored than guess how bored I was when Iwrote The Extended Euclidian Algorithm in a one-line shell script. Ok, it's a long line (160 chars in thedc part), but it runs on every POSIX compliant system and works on arbitrarily large numbers.

Mon, 28 Jun 2004
[/projects] permanent link

Offline HashCash

In contexts like remailers it is impossible to have the originator of a message solve puzzles interactively. But with quasi-synchronous clocks (exact up to a few hours perhaps) and a small database, it is possible to implement offline Hashcash. Such a Hashcash Check looks like:

It is bound to a recipient ([email protected]) and a date, so presenting the same check to other parties or to the same party after a certain period of validity will fail. For the period of validity the recipient has to store the Rand value and compare incoming Hashcash Checks against the list of received checks. If the Rand is on the list or the date outside the validity, the Hashcash is ignored. And it's all implemented in Perl. Adam Back has a similiar scheme with shorter messages intended to be embedded in headers of other protocols.

Mon, 28 Jun 2004
[/projects] permanent link


Also called Client Puzzles. HashCash is used to proveexpenditure of computing power. This is interesting for flooding control, e.g.

SMTP Server:

You want to send this email to 10.000 recipients? Well, pay 12 bits of HashCash for each one.

Spammer's MUA: Alright, forget about it.

Adam Back proposed andimplemented HashCash based on partial hash collisions. I wrote aperl module that implements charge,pay and check functions for Hashcash in interactivecontexts.

Mon, 28 Jun 2004
[/projects] permanent link