29C3. The end of an era?

When I first heard that the annual CCC congress was moved to Hamburg, my immediate reaction was: Fine, but I wouldn't want to be involved in it. For the last 15 years I've been attending the CCC congress every year, in most years as a speaker, and in many years in some (small) contributing role, first in the team doing the video recordings, and in the last couple of years setting up a GSM network. Contributing to an event is easy if your home/lab is within 20minutes, so if you need another strange cable/adapter/tool/whatever, you can just go and grab it. Doing that at an event that's multiple hours of driving away, in a new/unknown venue is an entirely different story. I have more than enough stress already with (paid) work and the various FOSS projects that I'm leading or involved in.

I have no interest in "just" attending the event. That never was a primary reason for me. In all those years, I've probably attended an average of one talk each year. The event for me was about being able to contribute something actively.

Now, months after those thoughts and my decision not to attend, there is a schedule for the 29C3 available. And to say the least, I am shocked. The entire event seems to have turned into a SIGINT, rather than an xxC3. Lots of talks on politics and society, and lots of German talks.

The debate on implications of technology on society, culture, politics, etc. is an important debate, there is no doubt. And so far I always had the feeling that the xxC3 had a pretty good balance between hard-core technical talks and those non-technical talks. But if I look at the schedule this year, it really looks like an incarnation of the SIGINT conference. With too many German talks you are scaring off the international community. And with focussing on non technical topics, you scare away the die-hard technical hackers. So why move to a larger venue, if you at the same time seem to limit the scope of the event?

Meanwhile I have heard of a number of friends and colleagues who seem to share this view. A number of people who have attended in previous years are not interested in attending this year due to the issues mentioned above.

It's sad to see, but I somehow have the feeling that 29C3 might be the end of an era. The end of a highly successful series of events with exceptionally strong technical talks. To me, xxC3 has always been unique and special. No other event would ever compare to it. Who will fill the gap for the die-hard technical topics? I am feeling quite sad, up to the point that I want to start mourning about "the good old times".

I'm not writing this to put blame on anyone. It just reflects my personal and highly subjective view. Let's see what people will say after 29C3 has actually happened. Let's see how successful it is in terms of number of attendees, and in terms of feedback from participants. I'd like to explicitly thank the many organizers and volunteers (a lot of whom I know in person) for putting up their time and energy to make 29C3 happen.

Chaosradio Express 151: ARM CPU Architecture (German)

I'm a bit late with this: The Chaosradio Express #151 podcast on the ARM CPU architecture has been released a week ago. I had a most pleasant experience spending about 90 minutes getting interviewed by Tim Pritlove.

I'm sorry for all the non-German-speakers. But Chaosradio Express is a German medium, made by and for German hackers :)

German Constitutional Court hearing on data retention law

Today I've taken one day off work in order to attend the publich hearing of Germany's constitutional c ourt on several constitutional complaints against a German national law on data retention of telecommunications data. As the topic is likely only relevant to Germans, and due to the fact that I am not very confident with my English legalese outside of copyright law, I'll switch to German for this blog post - which I believe is unprecedented in this blog so far.

Tja, da war ich also heute einer der wenigen auserkorenen Besucher beim BVerfG. Immerhin haben mehr als 34.000 Leute Verfassungsbeschwerde eingelegt, auch wenn rein formal heute nur eine Hand voll exemplarische Beschwerden verhandelt wurden. Diesen Trick hat sich das BVerfG wohl ausgedacht, um nicht vor dem Problem zu stehen dass jeder Beschwerdefuehrer sicher ein Recht haette, persoenlich vor Gericht anwesend zu sein.

Der Gerichtssaal des BVerfG ist sehr klein. So klein, dass bei besonders bedeutungsvollen Verfahren kaum mehr Platz fuer Besucher ist. Der eigentliche Gerichtssaal war schon durch die Beschwerdefuehrer, die zahlreichen Vertreter des Gesetzgebers und der Behoerden und Amstraeger (BKA, Polizeipraesidenten, Richter an diversen Gerichten, Bundes- und Landesdatenschutzbeauftragte, Mitglieder des Bundestags und nicht zuletzt die zahlreichen wissenschaftlichen Mitarbeiter des Bundesverfassungsgerichts selbst belegt. Hinten waren noch zwei Reihen fuer Besucher frei.

Diese beiden Reihen wurden durch Studentengruppen belegt - oder vielleicht koennte man fast sagen "verschwendet". Ein nicht unerheblicher Teil dieser Studenten (u.a. der TU Darmstadt) hatte tatsaechlich geschlafen. Was fuer eine Ungeheuerlichkeit, nicht nur ein Mangel an Respekt gegenueber dem hoechsten Gericht des Landes und dem Thema gegenueber - sondern auch eine unverschaemtheit gegenueber den vielen vmtl. hunderten von interessierten Buergern die gerne der Verhandlung beigewohnt haetten, aber einfach keinen Platz mehr bekommen haben. Freunde von mir haben am 2. Tag nach der Terminankuendigung versucht noch einen Platz zu bekommen - vergebens.

Da haben wir also die nahezu perverse Situation, dass das hoechste Gericht zwar faktisch von jedem Buerger angerufen werden kann, dies auch eine fuenfstellige Zahl an Buergern wahrnimmt - dann aber die eigentliche Verhandlung nur fuer eine kleine Elite zugaenglich ist, und Aufzeichnungen oder Uebertragungen nicht gestattet sind. Das erscheint mir doch irgendwie ungerecht.

Doch nun zur Sache:

Der 1. Senat unter dem Vorsitzenden Richter Papier hat die Anhoerung im Allgemeinen sehr souveraen geleitet. Es gab ein paar amuesante Momente, als z.B. die Vertreterin des Justizministeriums das Wort an den Prozessbevollmaechtigten der Bundesregierung uebergeben hat, obwohl doch das Gericht normalerweise das Wort erteilt, und nicht andersherum ;)

Wie auch schon bei der letzten Verhandlung: Die Beitraege der geladenen Sachverstaendigen waren bisweilen der interessanteste Teil, vor allem eben die diversen Fragen des Gerichts. Diese Fragen erlauben einerseits einen Blick hinter die Ueberlegungen der Richter - andererseits aber auch in wie weit die technischen Zusammenhaenge und deren Folgen vom Gericht bereits verstanden werden. Das jetzt bitte nicht falsch verstehen: Ich habe tiefsten Respekt vor dem Gericht, und es ist i.d.R. sehr erstaunlich wie weit sich die Richter in das jeweilige Fachgebiet einarbeiten. Wie auch schon bei der Verhandlung zu den Wahlcomputern lassen die Vertreter der Regierung bzw. der untergeordneten Behoerden da oft deutlich weniger umfassende Kenntnisse durchblicken.

Die ganze Debatte zur VDS (Vorratsdatenspeicherung) ist verzwickt. Wir haben da historisch einen Bundestag, der keine VDS will, einen Rat der EU-Innenminister der das dann einfach als EU-Richtlinie beschliesst, und einen Bundestag, der in Folge die exzellente Ausrede hat, dass er die Richtline ja umsetzen muesse, um von der EU kein Verfahren angehaengt bekommt.

Die EU-Richtline heisst nun eben auch, dass das BVerfG nun nicht nur in der Sache zur VDS entscheiden kann, sondern sich eben noch mit der Frage beschaeftigen muss, was denn passiert wenn eine EU-Richtline mit dem Deutschen Grundgesetz in Konflikt steht.

Ein paar voellig ungeordnete aber fuer mich bemerkenswerte Punkte der Verhandlung heute:

• Es gibt keine empirisch/wissenschaftliche Grundlage die belegt, dass die VDS zur bekaempfung von Terroristischen Anschlaegen geeignet ist (das war ja nach Dem 11.9. sowie den Anschlaegen von Madrid und London die Begruendung).
• Der Chef der Bundesnetzagentur hat mehrfach ganz unuebersehbar nicht auf eine wiederholte Frage des BVerfG geantwortet: Gibt es Unternehmen, die gesetzlich zur VDS verpflichtet sind, aber andererseits keinerlei Verpflichtung zur erstellung oder Abgabe eines Sicherheitskonzepts zur Sicherheit dieser Daten haben? (Meine Auffassung: Ja, die gibt es!)
• Die Bundesnetzagentur macht, wie sie selbst sagt, im wesentlichen Pruefungen der Sicherheitskonzepte am Schreibtisch. Das muss ja mit der Realitaet in den Unternehmen nicht viel zu tun haben.
• Einer der Beschwerdefuehrer, Minister A.D. Dr. Burkhard Hirsch hat wohl die lebhaftesten und unverbluemtesten Redebeitraege gehalten; sehr erfrischend.
• Der Polizeipraesident von Muenchen wurde gebeten, konkret zu begruenden, wie die VDS der polizeilichen Ermittlungsarbeit in Muenchen hilft. Fast alle seiner Beispiele waren ungeeignet, da sie auch ohne VDS aber z.B. mittels einer telefonischen Fangschaltung oder einer Verbindungsdatenspeicherung nach expliziter Aufforderung durch die Polizei (und nicht auf Vorrat) moeglich gewesen weaeren. Zwei seiner Beispiele haben sich zudem generell als falscher Alarm herausgestellt (Journalist macht einn Testanruf; gelangweilter Schueler kuendigt aus Spass Amoklauf an). Das klang alles eher nach Stammtischgeschichten als nach fundierter Ermittlungsarbeit in wichtiger Sache.
• Die Sicherheitsanforderungen an die Speicherung der VDS-Daten ist derzeit offensichtlich nicht hoeher als an alle anderen Daten innerhalb des Fernmeldegeheimnisses insgesamt. Also der gleiche Sicherheitslevel, der uns zu den Datenschutzskandalen wie z.B. bei der Telekom gefuehrt hat. Das ist ja mal echt vertrauenerweckend.
• Der Chef der Bundesnetzagentur spricht gerne vom "bill shock", was laut ihm eine ueberhoehte Telefonrechnung nach unabsichtlicher Nutzung der teuren Auslandsroaming-Tarife im Mobilfunk ist.
• Ein kleiner Schmunzler am Rande war dann noch Burkhard Hirsch's "Blueberry", als er den Blackberry meinte ;) Ja, klar, jeder weiss was er meint und niemand nimmt es ihm uebel - aber es zeigt einfach, wie unsicher die "alte Garde" mit den Begrifflichkeiten der heutigen Alltagswelt umgeht.
• Die qualitaet der Richterlichen Anordnungen laesst offensichtlich sehr zu wuenschen uebrig. Es ist aufgabe des jeweiligen Richters, einzuschraenken genau welche Daten denn vom TK-Dienstleister uebergeben werden sollen. Laut dem Vertreter des Verbands der Internetwirtschaft (eco e.V.) kommen hier anscheinend recht allgemeine Anordnungen im Stil von "geben Sie uns mal alles was Sie haben" vor. Das geht so natuerlich nicht!
• Es kam zur Sprache, dass deutlich mehr Leute jetzt ihre eigenen e-mail Server betreiben wollen (privat und bei Firmen), weil man sich damit der e-mail VDS entziehen kann. Ist ja schoen, dass es den Trend gibt, und gut dass das auch mal auf dieser Ebene zur Sprache kommt. (Fuer mich kaeme etwas anderes niemals in Frage. Meine Daten gehoeren mir. Ich wuerde weder die Speicherung meiner Mails noch jeglicher anderer Daten jemals einer anderen Person anvertrauen, weder einem Privatunternehmen noch einer staatlichen Stelle). Das ist genau einer der vielen Tricks, mit denen die "digitale Elite" (und garantiert auch die vermeintlich zu bekaempfende organisierte Kriminalitaet oder der Terrorismus) arbeitet. Letztlich trifft man dann nur den Otto-Normalverbraucher, und benutzt die Daten dann fuer harmlose Beleidungsdelikte oder Urheberrechtsverletzungen im privaten Bereich.

deDECTed.org receives massive number of hits

One of the projects that I'm hosting (and which I've helped to initiate) on gnumonks.org is the deDECTed.org project about security research and analysis of the DECT protocols.

Like I've pointed out in many of my presentations and here in this blog, there are many communication systems in use today which don't even remotely receive as much scrutiny as TCP/IP, the Internet and the PC world. RFID is one of them, which is why I helped to get OpenPCD, OpenPICC, librfid and other projects started. My recent work on GSM protocol analysis as well as OpenBSC are of similar nature. And deDECTEd.org is doing the long-neccessarry scrutiny to evaluate practical DECT cordless telephone security.

As it seems, the news about the insecurity of most cordless phones has made its way into mainstream news, and the website is now getting thrashed quite a bit, despite running on a dual-core Opteron with quite a bit of RAM and fast SCA disks. Which is good. This means that people are indeed caring about the confidentiality of their cordless phones. It's a pity that the industry missed that fact and is shipping outdated technology way beyond todays state-of-the-art in IT security. Proprietary symmetric ciphers, weak RNGs, no user indication if the protocol falls back to no encryption, etc.

I've changed one of my e-mail signatures a couple of years back to a quote from the ETSI DECT spec: "Privacy in residential applications is a desirable marketing option". A Marketing option. Not something anyone would have to give much thought about. I hope the hardware vendors will now get sufficient public pressure to get their act together...

It's also great to see Patrick McHardy of netfilter.org fame now work on implementing a DECT protocol stack for the Linux kernel. Very exciting work.

The only sad thing is that all I can do is sit back and watch. I so much wanted to work on this project, but never got a chance. There are too many high-priority things going on, and I'm basically spending all my time in exciting (but unpaid) GSM protocol related work right now.

If you're at the 25C3: Don't miss the DECT talk

If you're at the 25C3, I strongly recommend visiting the DECT security talk. Trusty me, you won't be disappointed.

It's one of the most exciting thigs that I've been seeing happening recently. Finally, some more people transcending beyond boring Internet security and moving into other areas of communications security that are desperately needing more research.

Blinkenlights is back (stereoscope)

Some of you might remember the famous blinkenlights installations of the CCC in Berlin at Alexanderplatz some years back. Basically they used a matrix of windows on a building for a low-resolution display to play pong and display all kinds of animations and text.

After a long break, they're back, even bigger with blinkenlights stereoscope, a massive installation spanning 960 windows of Toronto City Hall. The entire backend technology has been re-implemented based on OpenBeacon , specifically the WMCU and the WDIM units.

Chaosradio on Software Defined Radio

I've had the pleasure of being invited to Chaosradio Express maker Tim Pritlove to talk about Software Defined Radio in general, and gnuradio plus USRP specifically. You can listen to the resulting 2+ hours of podcast (in German).

It's been a great experience, and I have a good feeling that it was possible for us to explain this fairly detailed subject to our already at least moderately technical audience.

SDR is really hard since it combines aspects of traditional radio, i.e. physics of electric waves, electrical engineering both analog and digital, digital signal processing and software. The biggest part is really advanced mathematics, and at least from all the subjects that I've seen, it's probably the most direct and close-to-theory incarnation of applied math.

Luckily, a fairly high-level understanding of the algorithms and principles involved are already sufficient to do a lot, since most of the deep-down mathematical details of many algorithms have already been implemented as building blocks for gnuradio. Still, I assume the number of developers who are actually able to use gnuradio is far too low. If you're looking for an interesting field of software right now, I suggest going for digital signal processing. It's in every area of communications, ranging from analog modems over ISDN, DSL, WiFi, USB2, Bluetooth, GSM, UMTS, DECT, ZigBee, Ethernet, VoIP and probably any other communication technology that we use today.

My personal favourite from 24C3: Xbox 360 hacking

I've seen quite a number of presentations live at 24C3 as well as recorded ones in the days following the event. While many of them cover important subjects, there is one lecture that is outstanding: "Deconstructing Xbox 360 Security".

The level of technicality of this presentation was just right. Finally something that went deep down into the technical details. Explaining what kind of flaws they found in the disassembled power PC object code.

I definitely want to see more lectures/presentations like this. Don't be afraid to overload the audience with technical details. Just go ahead with it :)

Also, this presentation has shown how far advanced the game console hacking is compared to mobile phone hacking (at least from what I've seen in the ETC (Ada-developers) and and Motorola hacker communities). The problems are similar: Completely undocumented hardware, cryptographic authentication of code by the boot loader (sometimes down to mask ROM), ...

So I hope that the mobile phone hacker community will grow and more people with this skillet, attitude and time will join. Free your phones!

Personal reflection on the 24th annual Chaos Communication Congress

It's great to be at 24C3, the 24th incarnation of the Chaos Computer Clubs annual congress in Berlin.

In fact, this is my 10th anniversary at this congress, i.e. the first one I visited was 15C3. I ended up at 15C3 as somewhat of a coincidence by just following a fellow Linux hacker from the Linux User Group Nuernberg to whom I've since lost all contact.

What's actually worth mentioning is that this is the first CCC congress that I visit as a pure guest. I have no lecture, and I am not actively involved with any of the things I have been involved before, such as the video recording/streaming team or the Sputnik RFID location system.

Interestingly, I felt the first day much more tiring than usually, despite having slept more than in any of the previous years. Apparently the lack of constant adrenaline caused by last-minute-problem-solving has its impact..

The congress is a lot of fun, I've been talking to many old friends, colleagues and fellow hackers from all over the world, involved in all of the projects and/or companies that I've remotely had any contact throughout that ten year time period.

It's a very nice feeling. I doubt there is any other event or occasion where I would feel more at home than at this annual congress. This is my culture. This is where I belong. Here are people who understand, or rather: understood.

Looking forward to the Chaos Camp 2007

In about 24 hours I'll be on my flight 'back' to Germany. In fact it's not really a flight back to Germany, but more like a temporary break of my extended stay in Taipei for the sake of OpenMoko.

The main reason for this trip is to attend the Chaos Camp 2007 of the CCC. I've so far dropped every conference or other technical event this year to concentrate on my work for OpenMoko, but I'm not able to compromise on the camp.

On the one hand, I'm looking forward to finally not having any official function at a CCC event. More than one year after vacating my task as leader of the video documentation effort, and after my somewhat minor involvement with the sputnik RFID tracking project at the congress last December, this is not really the first CCC event which I'll visit as a pure visitor. I haven't even submitted any paper.

So the camp will be holiday. Time to relax, talk with fellow hackers. Sure, lots of the German OpenMoko guys (roh, stefan, alphaone, and our newcomer gismo) will be there. So there will definitely be some kind of productive outcome for the OpenMoko project, too. But in a very different setting. Doing thighs that are fun, rather than all the things that have to be done :)

Chaos Communication Camp 2007

The date and location for the 2007 Chaos Communication Camp have been announced, which is really good news.

First two days of 23C3

I'm currently at the 23rd annual Chaos Communication Congress in my home town Berlin, Germany.

After having dropped out of my usual volunteer work in the Audio/Video recording team, I thought that this year would be slightly more relaxing. Then came the Sputnik system, which suddenly started to eat some of my time weeks and months before the congress, as well as the last couple days before the congress, during the build-up. In fact, given my many other projects, I was close to going crazy and thus dropped out of the project and disappeared completely from the congress for about one day. Sorry about that, but I just needed to relax and calm down.

After a very stressful 26th of December, the team actually managed to set the whole back-end and middleware system up on the first day of the event, and the 3D visualization was running by 4am of the second day.

Now I'm back to normal mode, present at the event almost all day, which I intend to do for the next two days, too.

CCC Berlin now proud owner of USRP

Finally the Berlin Section of the CCC has managed to obtain some donations (courtesy of ) for the purchase of a USRP with all major front-ends (BasicRX, BasicTX, RFX2400, RFX1800, RFX900, DBSRX, ..).

I sincerely hope that this device will be able to fuel even more interest in RF communications and research of security aspects of popular RF systems such as DECT. At least a bunch of interested hackers now have all the tools they need :)

Chaosradio 114: Software project management

Tomorrow I'll again be participating in Chaosradio. This months Chaosradio 114 issue is about software project management, both in the proprietary and FOSS world.

Upcoming Chaosradio show on encryption

After quite some time of absence, I'm finally going to participate in Chaosradio again. The subject of the upcoming show is encryption for personal use, mostly focusing on hard disk and email encryption.

22C3 is over

Two days ago, 22C3 was closed. This years incarnation of Europe's largest hacker conference can be seen as a full success. Some 3000 attendees, about 180 lectures, a 10Gigabit Internet Uplink and our own /16.

The video recordings have turned out fine. We've had working WMV live streams, and somewhat intermittently working MPEG2 and MPEG4 live streams, as well as working OGG and MP3 audio streams of all four lecture tracks.

For archival, we have MPEG2Video (5Mbit) as well as the original DV tapes, and a FLAC audio recocrding.

Looking at the tremendous amount of work that went into the A/V recordings, and the fact that I'm involved with the A/V team since seven years, I'm actually thinking about looking for some other area where I can get involved next year.

My two lectures (on OpenEZX and librfid/libmrtd) went fine, even though they both had very little preparation ;)

In the next couple of days I'll be cutting the fourth day of the video recording, and then slowly getting back into netfilter and OpenEZX related development. Oh yes, and I'll also promise more blog updates.

For some strange reason, my git tree seems to have become corrupted over the last two weeks, so I first need to sort this out before getting any reasonable work done.

22C3 preparations

The main reason why this blog has been so quite since my return from Bangalore: I'm spending every free minute in preparations for 22C3, the annual Chaos Communication Congress. As usual, my job is to take care of the audio and video recording and streaming.

So for the last days I've been hunting numerous bugs related to this, mainly in ffmpeg, but also radeonfb, vlc, Debian ffmpeg / x264 packages, etc.

I'll be back on track after 22C3 is over. More blog updates then, I promise.

Lecture on privacy and data protection issues at Potsdam University

Today I had the honour of holding a guest lecture at the Institute of European Media Studies of the University of Applied Sciences in Potsdam. The lecture was entitled "Privacy, Data Protection and Surveillance - Risks and side effects of modern communication technology".

To my big surprise, the lecture was very well received, and members of the institute have suggested that they are interested in some follow-up lectures on other topics such as copyright / software patent / GPL issues.

Big Brother Awards 2005

Today, the sixth "Oscar awards for data leeches" will be awarded. The BBA is a "negative award" or "anti award" for persons, organizations, companies, government agencies that disrespect civil liberties, data protection and privacy.

I've always been a big fan of those awards (which are now even awarded in a number of countries outside of Germany, too). They provide an excellent opportunity to publicly point at (and rant about) those who further restrict the [digital] freedom of individuals.

This year I'm going to be present at the ceremony for the first time.

Chaosradio on ePassport and Biometrics

Due to the importance of the subject, we will do the second Chaosradio show this year dedicated to electronic passports and biometric identification.

Germany will issue them starting with November this year... so now is about the last possible time to apply for a brand new, shiny, glossy, cheap "old-style" passport that doesn't contain any biometric information.

Chaosradio 105: Embedded Systems

This month's Chaosradio show (held today) will be looking into the plethora of embedded devices that are present in todays world.

CCC "residents" will be Tim Pritlove and myself.

The main focus will be on consumer embedded systems, especially those running free operating systems and those with good "hack value".

Chaosradio on Electronic Health Card

Today I'll be moderating this months' episode of Chaosradio on the upcoming German Gesundheitskarte (Electronic Health Card, EHC).

This is the latest incarnation of the ever-increasing number of large-scale IT projects in public atministration. Following-up infamous examples such as TollCollect, the ALG2 software, INPOL-NEU, ELSTER, and last but not least the RFID enabled electronic Passport. And it will affect the data privacy and data protection of even more German citizens than any of the beforementioned systems!

I'm very pleased to announce Thomas Maus (ThoMaus), one (if not the) most prominent critical experts on the EHC as a live guest in the radio studio.

This subject is actually one that I think fits best into the idea of Chaosradio: Technical, but with vast implications on society. Even more than my last "favourite" data retention, but less than the upcoming Chaosradio show on "voting machines".

From my point of view there are too many issues currently at this border between technology, politics and society that need to be adressed. Too many to just talk about geeky technological stuff that is certainly also happening and woth covering it in Chaosradio.

Chaosradio 100: Energy consumption of the IT industry

Today we again had our monthly chaosradio live show. The subject that we picked from the list of suggested topics, and it definitely was worth doing a 3 hour show on it.

Computers always get faster. The downside of this is that they always consume more energy. From 1W of a 80386 to 15W of a Pentium I, we've now arrived at more than 100W for the latest PC CPU generations. The PowerPC architecture was quite promising for some time, but at least since the G5, power consumption is almost equal with the Intel world. About the only promising figures come from ARM based CPU designs at the moment - something that you will find in PDA's and embedded devices, but not in desktop machines.

Apart from the power consumption we're also talking a bit about the ecology in general, like the amount of energy and raw materials required to build a new PC. It is quite considerable, especially taking into account that most PC's are not used for more than two to three years.

In case you're now interested (and understand German): A recording of the live is available for download.

CCCeBIT negative award for Bundesdruckerei

The CCC has presented it's 2005 CCCeBIT negative award to the Bundesdruckerei, the formerly state-owned now-privatized company in charge of printing passports in Germany.

They are one of the strong forces in Germany behind the announced introduction of biometric information in passports. To understand this, you have to know that the law still requires passports being produced by Bundesdruckerei, even though they're now a private company.

Our Agilest 54622D mixed signal oscilloscope arrived

Due to the generous donation of TomTom, we were finally able to purchase a second hand digital oscilloscope.

The 54622D has two analog channels with 100MHz bandwidth (200Ms/s) and 16 digital channels with 200/400MS/s. The really nice features include stuff like CAN-, I2C-, USB- and SPI trigger modes :)

Let's see how this new toy is getting used to explore yet more technology...

Allnet donates network switches to CCC Berlin

In very short amount of time, two 19" rack-mountable Ethernet switches went dead at the Berlin Chaos Communication Club.

The chairman of the friendly company Allnet was immediately willing to donate two replacements. Very kind of him :)

Chaosradio 99 - Telekommunikationsueberwachungsverorndung

After about four months, the first Chaosradio radio show that I was participating in. Subject of the show was the telecommunications surveillance act (TKUeV) and the corresponding technical directive. Starting from 1st January 2005, any "provider of telecommunication services" has to provide lawful interception interfaces for government and police authorities.

The big issue is that it isn't only about providers, but about anybody who runs more than 1000 mailboxes on an email server, even if it is non-for-profit.

If you're interested in the full show, you can download it from the usual location on ftp.ccc.de.