AK's weblog

Hacker Jeopardy was great fun this year, first time in English, and Fefe, last year's winner, has won again. The first prize: an OpenBSD rain coat. And the first one to congratulate was Wim Vandeputte of OpenBSD/Humppa/Beerdrinking fame.

Fefe and Wim (from left to right)

Here you can find the slides of my presentation, Military intelligence for terrorists: 22c3.pdf
Have fun!

Today I was at my aunt, who is famous (within the family) for the good food and the originality of the presents we all get. I have to say this is always the most exciting thing about my birthday and christmas, what I get from her as a present. Well, this year I got the best present ever. It is called "Consul, The Educated Monkey", and is a funny slide-rule-like tool solely for multiplying the (natural) numbers from 1 to 12 with each other by moving the two feet of the monkey to the two numbers you want to multiply. The monkey then points at the correct result with his fingers. See the picture for how "Consul" looks like. Very entertaining.

I'm going to travel to Berlin on the 26th, to 22C3, so here's some basic information for the people who are interested in it. I'm going to take a train from Linz to Vienna at 13:50, arrive in Vienna at 15:35. From there, I will take the bus to the airport, and departure from there at 17:50. The plane will arrive at Berlin Tegel at 19:15, and presumably Nico will pick me up from there. Due to the usual christmas stuff, it is very likely that I will not be able to read my email until getting some connection in Berlin, so for important things it is better to contact me via cell phone. The number is +43 699 1777 8107. See you in Berlin!

This is probably already well-known to some of you, but nevertheless, I played a little bit with C++ templates, and wrote a piece of C++ template code that lets the compiler computer a number's factorial for you.Not very useful, but nevertheless fun. You use it the following way:

Today, after work, I went to the next barber and got a new haircut. These reason for it? I will have to go to the Austrian Army in January, and I would like to get used to short hair (which is mandatory in the Army). Of course, losing all that nice long hair hurts a little bit, as it took me over 3 years to grow it long.

On the picture of the right I look totally stupid, but I didn't get it better. Oh, and you still see bits of the parting that I had when I still wore my long hair. That's also the reason why I have to use styling gel, otherwise it would look even crappier. Anyway, no more "3117 h4xx0r" look, as Nion said, so I will look like a more or less nice boy at the next 22C3.

So many quotes, just awful, and so absolutely un-intuitive.

As slashdot.org features an article about what a programmer's bookshelf should contain, I couldn't resist and show off photos of my bookshelf.

And how does your bookshelf look like?

This year's Chaos Communication Congress in Berlin lasts one day longer than the years before, it now goes from December 27th to December 30th. As I would like to be at the event for all 4 events, I decided it would be quite a lot of stress to travel back to Austria on 31st, I would be tired, and New Year's eve celebrations probably would be too much for me. So thanks to Nico, I can stay at his place and thus will celebrate New Year's eve in Berlin, and return on January 2nd. I'm already looking forward to it, as Berlin, with its unique charm, is probably my favorite city.

A nice side note to this is that I will (as usual) travel by plane, as it is (mostly) stress-free, and quite affordable. I don't even mind spending a few extra euros on having a nicer journey than by train from Linz to Berlin. And the question is whether flying really costs more than going by train. I don't know, the last time I went by train to Berlin was in late 2002 (19C3), and that was a group of 6 persons or so, and it was before the big reform of the german railway pricing system, and I still had to pay about EUR 120,-.

Anyway, when I was searching for the right flight, my first choice was Air Berlin, as I used them several times before (Chaos Communication Camp 2003, 20C3, 21C3) to get to Berlin, and remember them to be reasonably priced. Well, not this time. That is probably because I got my holiday relatively late (my fault), making it impossible to get a cheap seat. Well, next airline. HLX. They fly Salzburg - Berlin and return, so that would have been a good option. If they only were a bit cheaper. Well, last resort, let's check those airlines that are not among the well-known no-frills airlines like Ryanair, Air Berlin, HLX, EasyJet, and so on. Well, a quick check at Austrian Airlines, a well-reputated airline that also well-reputated for its usually high prices. Well, not this time. EUR 148 from Vienna to Berlin and back. Very nice. And the first time that I will fly with something other than the usual Boeing 737, namely a Fokker 70. Berlin, I'm coming!

Diesen sperrigen Titel trägt der Film, den ich mir heute im Kino angesehen habe. Ein völlig ungewöhnlicher Film, da er nichts anderes ist als eine Zusammenstellung von historischen Filmdokumenten aus ca. den Jahren 1926 bis 1980, wobei das Hauptaugenmerk auf die Zeit zwischen 1930 und 1950 gelegt wurde. Gezeigt wurde alles mögliche, von der Zeitrafferaufnahme des Austausches der Donaubrücke nach Steyregg durch eine neue Konstruktion (inkl. Hinweis "Die folgende Aufnahme ist in 30facher Geschwindigkeit, weswegen die Bewegungen der beteiligten Personen unnatürlich wirken"), über die Feierlichkeiten des katholischen Heimatverbandes, den Einzug von Adolf Hitler in Linz 1938, austrofaschistische Berichterstattung über den Februaraufstand 1934 bis hin zur Einweihung des neuen Hochofens der VÖEST und dem Besuch von Chruschtschow bei eben dieser Firma. Auf jeden Fall eine geschichtlich hochinteressante Dokumentation des Lebens zur damaligen Zeit, sehr objektiv gehalten, das die gesellschaftlichen Umstände in filmischer Art und Weise anschaulich darstellt.

Heute hab ich mir im Neuen Rathaus in Linz Günther Paal aka Gunkl aka "der Experte für eigentlich eh alles" mit seinem Programm "vom Leben". Meine Vermutung ist ja: er gibt sich nur als Kabarretist aus, um mehr Geld mit pointiert vorgetragener Philosophie verdienen zu können. Auf jeden Fall höchst empfehlenswert, regt zum Nachdenken an, und kritisiert gekonnt das "Schmetterling & Wirbelsturm"-Chaostheorie-Beispiel. Großartige Unterhaltung.

Ich hab gerade ein wirklich deprimierendes Interview mit Benita Ferrero-Waldner im ARD Morgenmagazin. Sie wurde zu den CIA-Flügen befragt, und alles, was sie dazu sagen konnte, war, dass es sehr wichtig ist, dass Condoleezza Rice gesagt hat, dass es keine Flüge gab, und dass Folterungen von Seiten der USA nicht geduldet werden. Das ist einfach nur deprimierend, wenn den USA diese doch sehr offensichtliche Lüge ohne Kritik abgekauft wird, noch dazu von einer EU-Kommisarin. Das ist nicht die starke, emanzipierte EU, auf die ich immer gehofft habe, statt dessen, wie es scheint, auch wieder nur eine speichelleckende, arschkriechende, USA-hörige Ja-Sager-Partie. Vielleicht liegt es aber auch einfach nur daran, dass Frau Ferrero-Waldner eine Vollblutdiplomatin ist, und es nicht schafft zu sagen, dass die USA mit dem Lügen aufhören sollen, alles zu den CIA-Flügen veröffentlichen sollen, und sämtliche Folterungen bzw. outgesourcete Folterungen einstellen soll. Meiner Meinung nach ist das alles hinreichend bewiesen, sogar Manfred Nowak, seines Zeichens Sonderberichterstatter der UNO-Menschenrechtskommission in Sachen Folter, hat gestern in einem Interview in der ZIB2 gesagt, dass es einige sehr dringende Hinweise gibt, dass die USA foltern bzw. foltern lassen, und zwar in Ländern wie Afghanistan oder Jordanien sowie auf Schiffen. Weiters erklärte Nowak, dass sich die USA mittlerweile bedrohlich einem autoritären Staat nähern, anders kann er den Versuch, Folter gesetzlich abzusichern, nicht erklären. Na, wenn das sogar ein UNO-Mann sagt...

Time for some BSD bashing.

A few days ago, I got a bug report for akpop3d, the POP3 server that I wrote a few years ago. The author of that mail told me that akpop3d on FreeBSD only binds to a tcp6 socket, and thus is not usable from IPv4 networks. Well, that sounded very strange to me, but I did some research on that topic, and that's the reason for this strange behaviour:

In akpop3d, I implemented a mechanism for getting a server socket that tries out all available socket types, and uses the first one that binds successfully. Why? First of all, because Unix Network Programming, IMHO the reference on network-related programming on Unix-like operating systems, says so. The reason stated in this book for why the code is how it is is that this is the way to be as independent from the available socket types as possible, or short: with that code, the program both works with IPv6 (if available) and IPv4.

So, as a consequence, when IPv6 is available as socket type, akpop3d tries to bind to it. Now, one cool IPv6 feature comes into play, and that is "IPv4-mapped IPv6 addresses", which according to RFC 2553 is there to provide interoperability between IPv4 and IPv6. Yes, that's right, interoperability. This means that when you bind to an IPv6 socket, programs and other hosts that don't speak IPv6 yet are able to connect to that IPv6 service, with the operating system working as a mediator. For the server it's always IPv6, for the client IPv4, and both sides are happy.

Now, this all sounds pretty good, so what's the reason behind the bug report that I mentioned before? Well, a few years ago, itojun, OpenBSD's KAME hacker, wrote a paper with the title "IPv4-mapped address considered harmful", where he claimed that IPv4-mapped addresses would bear a security risk, and so OpenBSD decided to disable the IP6_V6ONLY socket option by default (normally, it's enabled, also enabling that interoperability thing). What I found especially interesting about those security risk claims was that nobody really challenged this, except for Felix von Leitner, who wrotes in his remarks on some BSD scalability tests:

That's what itojun has said for ages. When I challenged him to point to even one case that demonstrated anyone was ever negatively impacted by the normal behaviour, he posted a message to bugtraq asking for people to step forward. Nobody did.

The executive summary of this whole "IPv4-mapped addresses insecure"-hype is that somebody could send you an IPv6 packet with an IPv4-mapped source address, creating an ambiguity (::ffff:127.0.0.1 could be interpreted as coming from localhost) and thus a security hole, and so the way OpenBSD chose to deal with this problem was to disable IPv4-mapped addresses altogether. Hello?! That mechanism is useful even if you don't use IPv6 networking, simply because of interoperability.

So I did some further research, and found out that not only OpenBSD, but also FreeBSD and NetBSD had switched their behaviour, although it seems that on FreeBSD and NetBSD, the default behaviour is still configurable.

To make my point: this just sucks. I'm not willing to do any workarounds for operating systems that deliberately chose to be broken, and only create additional work with no new real outcome.