Nerds in the wild: What The Hack!

As some you might know, I have been pretty involved in organizing a couple of events in the last years, most notably the annual Chaos Communication Congress and the Chaos Communication Camp. The latter is a quadrennial event with insane organizational dimensions but unlimited fun. That makes it worthwhile.

The idea of placing hackers into the landscape and have an outdoor conference accompanied by a fat pipe to the Internet was not invented here, however. The tradition stems from the dutch hackers that first went on the field in 1993 with an event called „Hacking at the End of the Universe (HEU)“. Next was „Hacking In Progress (HIP)“ in 1997. We then slipped into the middle of this schedule with our first Camp in 1999. Then the ball turned over to the Netherlands again with „Hackers At Large (HAL)“ in 2001. The fifth and – so far – last event of that kind was our second Camp in the summer of 2003.

Two years are over now so it’s time for the next episode called What The Hack. This time the Chaos Computer Club is going to be more closely involved. We’re going to set up the Chaos Village in a central location and will contribute to other areas as well.

WTH runs for four days from July 28th to July 31th, 2005 on Landgoed Velder located between Eindhoven and ’s-Hertogenbosch. It’s a gorgeous location with lots of space surrounded by trees. Really nice.

If you decide early, you can save a few bucks. Early birds are awarded a discount (you pay only EUR 120), late-comers have to pay up to 150 EUR. Since might sound a lot but I tell you it’s going to be worth it. WTH will have a top-class line-up of speakers, lots of cool hackers around and is going to be big fun. It’s an investment you won’t regret.

Among other things, the CCC will contribute the phone system which you might already know from our events. This means you can use a DECT phone everywhere on the ground and have free phone calls to every other participant. Go and register your personal phone extension now! If you don’t have a DECT phone don’t worry. DECT handsets are cheap and I am sure you will be able to buy some in the nearby cities. My phone number will be 4235.

The CCC Cologne is readying its radio project for WTH. They are looking for people to help. If you are familiar with doing radio or just motvated enough contact and offer your help. They might be especially interested in english native speakers to improve the program. So this is the opportunity for your own radio show at WTH. The radio will be available on the local network via MP3 and via FM braodcast. So bring your radio as well!

Last but not least, there is an organised train travel if you are coming from Germany. Go and check out the HackTrain web site for more information.

(UPDATE: Wrong date given. It’s correct now. Thanks, Aldert)

My favourite web things: World Electric Guide

This is the first of my favourite web things: the World Electric Guide. The guide has been an invaluable resource when doing travelling so many times but is also my first address whenever new Blinkenlights ideas come up. The guide is very complete and comes with a lot of illustrations explaining which power system and type of plugs to expect where.

The overview page Electricity Around the World is a very detailed description of the systems and plugs in each country of the planet. It’s not only helpful but also quite telling as it shows relationships of countries based on colonial history or other influences.

AOL: You waive any right to privacy!

Quite a few people have already expressed their discontent with AOL’s recent update to their AIM Terms Of Service (see Ralph, see Slashdot) and they are right. The good thing is that AOL is pretty outspoken on how they deal with this.

Let’s have a look inside the new terms to demonstrate what I mean:

Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium.

That means: whenever you post something you own, it gets 0wn3d by AOL. If you privately talk about your work, you give it to AOL. If you pass along confidential information, you allow AOL to post it on their website. And not only AOL, but to almost anybody („affiliates“, „licensees“ etc.). In other words: Fuck Yeah!

But that’s not all. Listen:

You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses.

This couldn’t be clearer: go away and eat shit. We not only don’t care about your privacy we are actively going to re-use it to make money from it and we’re not going to give anything back to you. Fuck Yeah!

Well, you might argue that the AIM service is free. But it’s a danger to your freedom. Right, that’s true. Free as in beer. But that’s it. Now is the time to think about alternatives. There are basically two ways to proceed:

  1. Encrypt your IM conversation
  2. There are two options for encryption. The obvious one is to use OpenPGP-compatible encryption as it is (more or less) widely in use in e-mail these days. However, almost no IM client supports PGP encryption for AIM today. The only solution (on the Mac) I know of is getting the latest PGP Desktop product which is able to plug into iChat or AOL’s IM client. But the chance of forcing somebody else to have the same set-up is low.

    Option two is to use Off-The-Record encryption (OTR). It’s quite new, but I think it’s going to make its way into most clients soon as it is apparently easy to integrate and takes care of more than just the basic service of authentication and encryption. It also adds forward secrecy which means that no past conversation can be uncovered by losing private keys (which is not the case with PGP!) and deniability which ensures that you can revoke any statements you made in a conversation as it could have been forged (in theory) by your conversation partner. It’s obvious that eavesdropped IM conversation will be a huge problem in the near future so OTR just comes on time.

    gaim supports OTR today via a plug-in. For early adopters on the Mac, I recommend Adium. The next version 0.8 will show native support for OTR (on all protocols) and it’s the best tool for IM power users anyway. Version 0.8 is already in private beta is about to be released soon. So do hold your breath ;).

  3. Choose another IM network
  4. Moving away from AIM is a good idea for many other reasons. For instance, AIM does not allow to control who’s got you on his/her buddy list. There is also no way to be „invisible“ (being online without showing up on others buddy lists) on the IM network. Furthermore, you always have to use AOL’s central IM server which you can’t trust anyway (does it show correct states for other buddies? Who else is listening?)

    The only viable option is of course Jabber which is the Internet standard in the form of XMPP anyway. The next version of iChat is going to support Jabber so there’s no need to stay on AOL when that’s you primary chat client.

    Also of importance is that Jabber allows you to run your own private chat server. That way you can be in control of your operational and security settings. This is even more important for companies. If you don’t want or can’t run your own server, you can select from a variety of publicly available servers, like jabber.ccc.de for instance.

My favorite web things

The blogosphere is so much about things that are „great“, „cool“, „awesome“ and the like. News about refined machinery, exploited tech, hacked stuff and other insanely great inventions spreads like locust. But what about the rest?

I have long been thinking about blogging about my dearest friends on the net: the helpful tools, the really useful pages, sites you find yourself visiting over and over again, which are always there for you, that you can turn to when you are in desperate needs for reliable information, that you integrate in your software. The stuff, that makes the net useful.

So that’s what I am going to do. One by one. Stay tuned.

Sri Lanka, Dubai, Copenhagen

I am going to have a break and this blog might have one as well – depending on the availability of Internet at my upcoming destinations. Next week, I am about to leave for Sri Lanka for a two-week timeout from Berlin’s nasty weather and low temperatures. I am going to miss Easterhegg in Hamburg which is a pity but this has to happen.

I am going to visit south-west Sri Lanka which has been hit really hard by the Tsunami recently. I have no defined expectations on how much of that Chaos has already been cleaned up so this is going to be the adventurous part of the trip.

Next stop will be Dubai City (just for a day) and in the end I am going to have an extended weekend in Copenhagen.

If you have any recommendations on what to see or who to meet at these places, let me know.

Hack In The Box Security Conference 2004 recordings

Hack In The Box is an annual, community oriented security conference that takes place in Kuala Lumpur, Malaysia. Recordings of last year‘ event are currently being spread via BitTorrent.

Fukami has put together the necessary links and a list of featured speakers. Only had a first glimpse but the material is of reasonable quality and the talks are interesting.

XS4ALL sues The Netherlands

The dutch ISP XS4ALL once evolved out of the dutch hacker scene and has a track record of being an active defender of people’s digital rights. There have been various cases where XS4ALL has been actively supporting the fight against modern plagues like censorship and Scientology.

Now XS4ALL sues the Netherlands for costs that have been imposed on the ISP for installing machinery to allow the government to snoop into people’s communication. Hope they succeed in forcing the government to pay for spying into their citizens privacy.