Category Archives: Blogging

Why should I run my own services?

Even if you’re not a familiar with configuring complex computer systems, there are easy ways to get started. Go to your local Linux User Group or search the web for groups in your town that help others with technical problems. Start to read blogs and tutorials about running an email server or a jabber server.Ask people for their configurations and make a plan what want to do. Check with others if everything you plan is working and configured correctly for security reasons. Use encryption whenever you want to share private information about a network. Host your website on your own and grow your knowledge about how things work. This is important to all of us. We need alot of people who know how things work behind fancy a gui. The public internet was built by private persons and small companies at the beginning. Running your own services helps to make the internet decentralized as it should be.

What services can you provide?

  • Run your own email server for your domain.
  • Run you own jabber server.
  • Think about sharing some bandwidth for the Tor network by setting a bridge.
  • Get creative and run every service you need.

Security reviews became sexy nowadays, we need to make them happen

If you’re interested in software security you will have noticed that there where some bigger  security problems with widely used software the last year. The attention this problems get in common media raised the last two years. We had some big security problems in the past as well, just remember the problem with all the SSH keys on Debian systems which where generated with bad entropy. This critical security problem of one of the most used Linux distributions should have had as much attention as heartbeat had.

OpenSource is not the answer for everything but the only way

For me this hopefully kills a former adoption that open source is more secure by default. This is complete bullshit in most cases. If you have a look at these open source graveyards like SourceForge, GitHub or Google Code you will mostly find a lot of dead projects with poor quality. Why I am so sure about that? Because I am part of the problem. Most of us have committed or published to some of these projects with good intentions to share something and give it to those who maybe can use it. And maybe the quality at its time was good and everything worked fine but time changes.

If I think about this today we all should delete this old rubbish to prevent it form being used somewhere else. It would be nice if source code which no one is maintaining would delete itself some day, but as long this does not happen we have to take care of it ourself or setup a proper maintaining infrastructure for it. Just because some code is open source does not guarantee that it is reviewed. Only because the code is open and could be reviewed has brought us to where we are today. I never have meet this somebody who reviews code for fun and for free all day long. And even if we have someone like Andy Lutomirski who looks like he has incredible fun doing such a job for parts of the Linux kernel there are not enough Andys around for every Open Source project.

OpenSource needs more money

All the good intentions to share the source code to make it reviewed by more people and to make it more secure does not work in all projects. We need more money to pay people to read our critical software components. Nobody will do this for free, not frequently and motivated over a long time. And we need to do it again and again and again. It is not only Truecrypt, the Linux kernel or the most used web servers that need our attention.

To do this reviews we do not only need more people at the openssl foundation or a fork like libressl. This maybe can fix the problem for openssl but not for all the other libraries which can have a similar impact when they are screwed up. There is already an infrastructure we can use to spend the money which is needed to make our systems more secure. Security always was expensive and a community of volunteers can not handle it without our support over such a long time.

We should start to spend more money for open source. Security comes at its price. Don’t misunderstand this, I don’t want to make every open source project to take money for their source code, but we need to establish ways to secure someone does the job nobody wants to do.

And we should make it sexy for the companies we work for to spend money, too. Some of this companies build there complete business with this free and open tools and still relay on them. If you’re a grown established company, give back a piece of the cake to those who helped you to get where you are today.

What organization should we give our money

To those who support the developers doing such a great job for us. Some good candidates are:

They bring a lot of software to us we often or never recognized that we are using it every single day.

Migration in progress

This post is mostly about the blog itself. As you may noticed I am migrated the blog to full HTTPS the last week. This now should allow you to access the site without any certification warnings over HTTPS. All contents should be migrated. There should be a working redirection mechanism to redirect you to the HTTPS site as well. At this point I recommend the HTTPS Everywhere plugin which does automatic redirection on other sites: https://www.eff.org/https-everywhere

It is just a small step and don’t feel to secure only because you are accessing sites through HTTPS.

The next days I will update the server to support all state of the art HTTPS versions. So if you have trouble to access the site in future please check your device does not contain a broken implementation as I will not support known broken or vulnerable implementations.

Have fun and use cryptography.

Why Mozilla should make money with advertisment?

Last week I read some posts about Mozillas thoughts to sell space for advertisement in their Firefox Browser. Of course I don’t like advertisements in the web. And of course I don’t like apps with a lot of advertisement and much more I don’t like to be tracked on every webpage I go to but Mozilla is offering a service and a product I never paid something for.

And even if I am not the oldest Internet guru around I can remember times where Browsers where not included in every computer for free! The last thing I want to develop is a Browsers in this days. Sorry but you would have to pay me for that, too. All this standards and made up standards in the web-javascript-html-css-world would be like a torture for me. Beside  this Mozilla is one of these organizations which made it form a non-profit-dont-do-anything organizations to a great player in the Open Source business world. They spent money on developments and they are working on real world products. Even if they never will fight the iPhone back with there operation system for mobile devices they are someone who I would trust in building a good alternative based on open standards and software.

There are not many companies left who fight for open solutions and systems. And more a shame is that those who are doing it, are often blamed for making money. Please stop this give me everything for free mentality only because you can look into the source code!

Mozilla makes a good job and the organization needs a lot of money. Beside this it is not healthy to get the biggest amount of money from Google. Oh and Google makes most of their money out of their advertisement  business.

Boxer a dos emulator for Mac OS X

These days I stumbled over a nice DOS emulator for Mac OS X to play some retro games called boxer.

It’s free and most of the games you know from the 90’s are free downloadable from the internet now.

For example I found the shareware battleship I knew from my childhood:

battleship dos game screenshot

battleship screenshot in boxer

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Maybe you will have some fun, too! There are a lot of classic games available for free now.

How to publish an open source software?

There are millions of free and open source software available at the internet. Most are done by private persons in their spare time. Some bigger are supported by companies or organizations like the Apache foundation.

This blog post is about how and where you can publish your software source code. The last few years there where a lot of platforms created who make it easy to share your code in a repository. This makes it even easier for you to collaborate with other developers who maybe fix a bug or made an improvement to your software.

Step 1: Choose a license

This is a nasty task you have to do. What is the best license for your software? Nobody can help you here. You have to read them and decide wise for future use of your software. GPL is very popular but in my opinion not the best license. MIT, BSD or the Apache License a worth a review, too. Just have a look at the open source license Wikipedia page here or review them here by category.

Don’t invent a new license. There are many well documented and accepted licenses you can use, don’t try to create a new one if you don’t need to. If you have a problem with someone who doesn’t respect your license you maybe will not have the ability to fight him. If you’re using one of the well known licenses and it’s forced by someone you have the possibility to talk to the Free software foundation and ask for help in your case.

Step 2: Publish your code

If you are using a VCS or DVCS like Subversion, CVS, Mercurial or GIT there are some real nice cloud services which make it easy and cheap for you to publish your code and create the basic community functions for your project.

For example GitHub or SourceForge are very famous platforms for open source projects today. You should find a platform which is well known and used by many other developers to make it easy for them to review and join your project. GitHub for example is very famous for all Git fans and users. Since Git became one of the most used DVCS systems it growth very fast and still provides a good service and tool set for you as user and developer.

SourceForge is one of the oldest platforms in the market. They allow you to choose different versioning systems and you are able to add a lot of extra tools to your project. For example LimeSurvey or forums , etc.

If you’re using Mercurial there is for example bitbucket as a service provider.

You see there are alot of services available you just have to pick the right for you.

Maybe review this discussion on Stackoverflow what others think: http://stackoverflow.com/questions/6883638/how-to-publish-code-as-open-source

Step 3: Keep being active and create a community

This step is the most difficult one. A good open source project lives with its activity. You need to keep your used libraries up to date, react on new needs or keep doing fixes for your users. It’s very important to not see an open source project as a grave yard for unmaintained source code. This will not help you and not help others if you commit not working or just bad code.

Nobody wants to improve your bad programmed application for you. As a main maintainer or founder of a successful open source project you need to keep active and open for new ideas and other people. If you do so others will join and help you and improve your code.

Another important task is to keep talking about your project. Write some blog posts, twitter and answer some forum posts. You need to write documentation what you project does and who can have a benefit from it. This makes your work more visible and more people with the same pain will find you and help and use your software.

There is a lot of information around:

Step 4: “Software is free people are not”

This statement was made by one of the founders of the free open source ERP Adempiere where I worked some hours of my spare time in the past. If people ask you to build in functionality in an urgent way and you need to do you living from programming and projects, ask them for money. Even an open source programmer needs some money. If they are not willing to pay the code is free and open for them to do it faster by themselves.

This is not arrogant it’s just life. Don’t ask for money for every feature, that’s not what I want to tell you. But you will have some requests which will not be communicated in an adequate way so answer them in a nice but clear way.

Sigint12

This year I made it to the Sigint in Cologne/Germany. It is the third Sigint organized by the well known CCC (Chaos Computer Club). Since the congress at the end of the year in Berlin (28C3) became really big I am not so interested in it anymore. But Sigint is much smaller and the talks are really nice and some times an earlier version like at the end of the year. It is nice to see the Geek-sphere is so active and well organized in Germany. That’s what for we Germans are known. Even when the organizing Club has chaos in its name and it’s mostly done in the spare time of its members, the congress has a professional geeky image.

A lot of LED and light art is shown and there is a lot of space to sit down and do some writing or hacking.  The first Image I shot in the early morning while making some walk around the area shows the rocket which is related to the goal to create private hacker space projects over the next years. There is also a lot of work with autonomous quadcopter done by people who are sharing there knowledge and experiences with others.

This shows how many potential the hacker scene has. The sceptic behavior against governmental organizations and the trust in the own open way of doing things makes this community one of the most powerful think tank of human race this centuries. The spirit of sharing knowledge and developing technologic solutions based on open hard and software has become a place of doing things in a different way.

It’s amazing to the people spending hours and hours on projects with often no other direct profit than fun with the technology. Since a few years the German governmental institutions sending some questions to the CCC to ask them for there opinion for example how data should be handled by companies like Facebook or Google which make money out of analyzing private data.

Since the last 1-2 years this community is starting to grow faster but healthy. More people are interested in the tools affecting there lives in such a big way. Searching for a restaurant, planing a trip or connecting with friends has become normal in the internet. Even very private data is shared by the youngest generation of users. For a lot of interested people this is a motivation to have a look behind the HTML/CSS sites or nice looking user interfaces  to see how things are working. And hopefully they start to do it a better or different way and share there information about there improvements.

This generation are the new Fords, Benzes, Edisons or even Einsteins. Don’t believe that things don’t work in a totally different way. Don’t believe in companies who tell you this is not productive or you never will make money out of a solution. Just remind that Google makes it’s money by finding things. Yes they do it in a clever way and with a lot of improvements over the last 10 years. But at the end of the day they started there business with searching databases and crawling the web for you.

Let’s make the world a better place and start getting active. Start working on a project, make your work public and maybe if it’s what you want to make for living start a business, found a company or just have fun with hacking.

Within the next few days I will make some additional posts and share some links to the following topics:

* How and where do I publish my project?
* Why should I make my code, plans or ideas open source?

This information maybe helps you to find your way in getting things done the new way.

Another explanation of Flattr

Here again I found a wonderful video explanation about Flattr:

Would be nice if you join this nice idea and leave some bugs on each thing you enjoy on the internet. This micropayment system is a good thing to give something back to the people who helped you out with a problem or created some nice content you liked to watch.

Tor hosting project

Today I thought maybe some of you want to help the Tor project to work more efficient by running a bridge or a relay but you maybe don’t have the resources or internet connection.

I would like to start a little survey if there is a need to do a hosting of a tor bridge or tor server for you. If enough people come together I would setup one in a computer center and run it as long as we find people who join the project and pay a little amount of the costs for hosting and bandwidth.

This project will be setup as a non-profit project. Only the costs for hosting and traffic should be paid.

The money can be paid via Flattr or Paypal and I would setup a site where you can see how the status of sponsoring is.

Leave me a comment if you would participate on such a project or if you have some resources to support this idea.

Update:

There is a project doing exactly this: torservers.net

If you want to support the tor project you can give some bugs to them and they will run exit nodes and bridges from your money. This is very important for the project and all people who are using tor around the world. Free, uncensored and secure access to information should be a right for everybody everywhere.

You even can sponsor a complete exit node and get named as sponsor by them. Ask your friends, family, your politicians and your boss if free information and free access to the internet is worth 50€/month for hundreds of people you can help.