zk-typechecker 0.2.0 Released

The zero-knowledge type-checker is a tool for automatically analyzing the security of protocols that use zero-knowledge proofs. The analysis is modular and compositional, and provides security proofs for an unbounded number of protocol executions. The type-checker relies on the SPASS (or E) automated theorem prover to discharge proof obligations. It is released under the terms of the Apache License.

This release of the zero-knowledge type-checker adds support for security despite compromise and fixes many of the issues in the initial release (release notes). You can grab it from the page of the project.

Smile Shutter

Found out about a funny feature in some of the new cameras from Sony: the Smile Shutter. It can measure the smile of your subjects and take a picture only they are properly smiling.

I wonder whether I can go over 100% One of my friends has such a camera, so we will give it a try soon. Hope it doesn’t explode

I also wonder about the future evolution of this feature; what is it going to do? Detect fake smiles? sarcastic smiles? evil smiles? wistful smiles? retail smiles? stewardess smiles? …

(I found out about this feature from the blog of a friend)

The Debian Patch for OpenSSL

A Slashdot comment linked to this very interesting post by a Debian developer on the openssl-dev list:

“What I currently see as best option is to actually comment out those 2 lines of code. But I have no idea what effect this really has on the RNG. The only effect I see is that the pool might receive less entropy. But on the other hand, I’m not even sure how much entropy some unitialised data has.

What do you people think about removing those 2 lines of code?”

This change made all keys generated over the last 2 years on any machine running Debian (or a derivative) be extremely easily guessable. Not only should you regenerate all your keys as soon as possible if affected, but if somebody recorded sensitive traffic you did in the last two years then you are in deep deep trouble.

Why on earth are the Debian developers patching security-critical packages without having absolutely any clue about the implications? How many other vulnerabilities did they actually introduce in this way?

Perfect Secrecy ;)

OTP: An Encoder/Decoder For One-Time Pads written by Karl Fogel.

Skype Plugin for Gaim/Pidgin/Adium

The URL: http://www.myjobspace.co.nz/images/pidgin/

The good. This is a plugin many people (me included) have been waiting for years. Most important, it allows you to have all your buddies in one place, and communicate with them in a stemless way (no matter whether they use GTalk, Yahoo!, AIM, ICQ, MSN, IRC, or whatever). This has always been one of the biggest advantages of using Gaim/Pidgin/Adium. But there was still one important protocol which it could not do, because the developers of this protocol tried their very best to make this impractical: Skype. Still, a while ago, in a sudden outbreak of common sense, the Skype developers released a public API, which now made this plugin possible.

The bad. The plugin requires Skype to be running as it uses the Skype public API to communicate with a running copy of Skype. This is needed since reverse-engineering the evil Skype protocol, while not impossible, would be a daunting task (see Silver Needle in the Skype for more details about this).

Many people are using Gaim/Pidgin/Adium because it is Free Software (GPL). It is also running in more or less the same way on any operating system. This is particularly interesting for people using proprietary instant messaging clients on non-Windows machines, because they had to stick with much older versions (while for Windows, Skype is at version 3.6, for Linux it is at 1.4 and for Mac at 2.6), this assuming there was some version for their operating system. These are problems that the current plugin can unfortunately not fix, since it relies on a running (proprietary and possible outdated) copy of Skype. Still, the plugin itself is GPL.

The uggly. No voice or video support, but this is a general problem with Gaim/Pidgin/Adium, which will only get solved if someone is willing to invest some time into it. The plugin itself worked fine for me so far with Adium, even though there are some Known Issues (see readme).

Related (good) news: GTalk now interoperates with AIM and ICQ.

Apple releases broken update

Updating Mac OS X to 10.4.10 also updates QuickTime to 7.2, which if your on an Intel Mac will very likely cause all your Rosseta applications to stop working. There is an official fix which is not only involved, but it sometimes does not work. You might get this error when running update_prebinding:

dyld: re-prebound: 0x90bee000 /usr/lib/libgcc_s.1.dylib
update_prebinding: error: dependent dylib is not prebound
update_prebinding: error 256 running update_prebinding_core

Then you need to follow the instructions here.

Some people in the Apple QA team should get a kick in the balls for this.

muCommander is Now Free Software

… under the GPL version 3.

Time to Update

The Latest Mac Bug Bugging Me

[Added 14:45 2007-03-26] Fixed by removing the ~/Library/Fonts/ directory and then clearing the font cache using Font Finagler. It appears that there were more versions of the same font installed in different places. So this was not just an user interface bug, but really a misconfiguration problem. The culprits were probably the Microsoft Web Fonts I installed using FontBook, but I don’t want to reproduce it again to test this theory.

Read the rest of this entry »

XWiki Plugins: Tips & Tricks

The ever growing XWiki documentation already explains how to write very simple plugins, so I won’t duplicate any of the information there. Instead I will focus on more advanced aspects, in particular on interfacing with XWiki itself, and using some of the not-very-obvious extension points.

Read the rest of this entry »

uml2svg-0.18 Released

After 10 months of silence we are pleased to announce that uml2svg 0.18 was just released. As promised, it is just focused on fixing some annoying bugs. We also updated the documentation and the website, and we fixed the online transformation service — we found another place to host it so that it works once again. However, because of an unexpected and unacceptably long downtime of the Sourceforge.org shell server we are unable to update our website accordingly.

( 2007-02-16 12:34:12 – Project Shell Service ) 2007-02-12: The shell server was taken offline for unscheduled maintenance. Due to a need to replace the old hardware and some unforeseen problems in getting the new hardware setup, we estimate that the shell service may not return until the 21st of February. We apologize for the inconvenience.

[Updated 2007-02-23] The problems on Sourceforge.org were fixed and we could update everything. Enjoy!

[Updated 2007-03-01] Thanks to Stephane Galland we now have Debian/Ubuntu packages of uml2svg 0.18 available for download on Arakhnê.org

Crash Different

Less Bugs

This article entitled They Write the Right Stuff explains how to write software for grown-ups. Worth reading!

Some Things About IBM

Only after my visit to Stuttgart I realize how little I knew about IBM. Only on the night before my trip I shortly looked at their Wikipedia entry. So what did I know before:

• IBM stood for Identical Blue Men, so I was expecting all their employees to wear suits.
• Their involvement with open source software: Linux, Eclipse, Derby, Geronimo, Harmony etc.
• Their hardware, especially the mainframes, which I always associated with maintaining very old programs written in languages like COBOL and Fortran.
• Their scary patents. Scary because of the extremely bad reputation software patents have among developers.
• The fact that they have a highly regarded research lab in Zurich.

Here are some things I hardly knew anything about:

• IBM is a business services company. More than half of their revenues comes from services, not from software or hardware as many would expect. However, they are so big that they are still the largest hardware company in the world, and the second largest software company after Microsoft. Approximatively 330,000 employees in 170 countries, 91 billion dollars in revenues, and almost 10 billions in profit per year – quite amazing numbers.
• Their five most important software projects are: WebSphere, DB2, Lotus, Rational and Tivoli. Even if I heard about them before, these names might not tell you anything. This is all corporate software, so you won’t find any of it selling at Metro. Also their focus is on solutions for the problems or their clients, and not so much on product branding.
• What gives IBM the edge over their competitors is innovation. During the years IBM employees have earned five Nobel Prizes and four Turing Awards. And even if I don’t quite like this measure of innovation: they are by far the company with the most patents in the world.
• Their corporate culture is very much based on “employee growth”. IBM offers career opportunities for managers, but also for technical-oriented employees.
• Not everybody wears a suit at IBM. Actually, seems like only managers and the people who have contact with the clients wear suits. Technical people wear jeans and casual clothes.

Java Free as in Freedom

The news that made my day yesterday was that Sun is releasing Java (my favorite programming language) under the GPL. This holds for the (Open) JDK and the mobile Java platform, but also for their Glassfish enterprise application server (which was already available under the CDDL open source license). More information on Sun open sourcing Java in this FAQ and all over the web.

There are even speculations that OpenSolaris might follow the same license change from CDDL to GPL. This would also be awesome. Think of a GNU/Solaris enterprise operating system and the possible cross-pollination between Solaris and Linux.