Es liest sich fast zu schön, um wahr zu sein: Netzpolitik schreibt, in berufung auf BoingBoing, dass ein englischer Provider namens Playlouder MSP eine DSL-Flatrate inklusive der Möglichkeit, legal Musik von verschiedenen Labels, darunter Sony-BMG (und damit einer der Großen), in Filesharing-Börsen zu tauschen.

In der original-BoingBoing-Meldung liest sich das ganze so, dass die User in beliebiger Form, beliebigen Formaten und über jede verfügbare Filesharingtechnologie Dateien tauschen dürfen. Eine Meldung auf Digital Music News schreibt jedoch völlig anderes: So soll der Austausch nur in DRM-geschützten WMA-Dateien erlaubt sein, um zu verhindern, dass die Dateien an nicht-Kunden weitergegeben werden.
Das lässt die Sache, die sich so toll anhörte, leider in einem völlig anderen Licht erscheinen. Denn das ist meiner Ansicht nach die zentrale Frage für alle Modelle zukünftiger Musikdistribution: Digital Rights Management (und damit gezwungenermaßen ein restriktives Kontrollsystem sowie den Ausschluß von Open Source-Lösungen) oder nicht.

As the article some days ago about SHA1 got a lot of interest, I thought I'll write some more background info about this, especially for people thinking that collisions aren't a big problem.

Cryptographic hash functions are functions where you can put a string of any length and get a fixed-size result. E. g. with SHA1, you get 160 bit, with MD5 128 bit. The hash-function has to fulfill some requirements:
- It should be hard to get two strings with the same hash (collision-resistant).
- It should be hard to get a string to a given hash (one-way-function).
To be more precise: In an optimal case, hard means that it shouldn't be possible with all hardware on earth in the timeframe that your cryptography needs to be secure. Some examples where cryptographic hashes are used are shadown-passwords, digital signatures or verification of file downloads.

I found this a while ago and thought it's worth mentioning. Secret Maryo Chronicles is a Mario-Clone and seems to be one of the better ones. It's in a quite early stage, but with some talented level designers it could evolve to something really nice.
The gameplay is a bit different from the original games, it doesn't have a speedup-button. It's features are comparable to Super Mario Bros, while it's graphics are more like Super Mario World.
It's free software and it's available for Windows and Linux.

Xiaoyun Wang, chinese cryptographer and well known for her analysis of the SHA1 function, was not allowed to travel to the US to attend the Crypto conference starting today (via Bruce Schneier).

Too bad, because she discovered some new results on the attacks on SHA1, which reduce it to a complexity of 2^63 to generate a collission. Adi Shamir, well known cryptographer and one of the RSA-inventors, presented these results.
These news are important, because 2^63 is a complexity that can be broken with todays hardware if you invest enough money and time. This would be an interesting project for distributed computing, although I don't know if the attack can be implemented on common hardware (maybe someone with cryptographic experiences wants to comment if this is possible).

Too bad that most software devs have not noticed the recent results on hash-functions. Most of them still use MD5 (which has been broken about a year ago), SHA-1 is widely used. The GNU Coreutils don't have any tools for modern hash-functions, same goes with most programming languages (PHP, Python), while they implement some sort of md5sum or sha1sum, no sha256sum or whirlpoolsum at all.

Ich hatte heute die Ehre, sehr kurzfristig mich an einer Radiosendung von Radio Chaotica zum Thema Softwarepatente zu beteiligen.
Zu hören war das heute im Querfunk, 104,8 MHz, ich hab bisher selber noch keinen Mitschnitt gehört (weiss also auch noch nicht so richtig, wie schlecht ich war). Mittwoch 0:30 Uhr wird das ganze wiederholt (für Leute im Querfunk-Sendegebiet), eine Download-Version (<buzzword> Podcasting </buzzword>) gibt's die nächsten Tage irgendwann.

Update: Neingeist hat den Stream schon veröffentlicht (direkt zur MP3).

I recently installed privoxy and tor and Lars asked me to write some words about it. So here it goes:

Privoxy is an ad-blocking proxy, which means it filters out banners, pop-ups and other annoying stuff. It's highly configurable, but I use it in the basic configuration, which should be enough for most needs. The advantage is that privoxy, unlike for example the firefox ad-block extensions, can be used within any browser. It's the successor of junkbuster.
tor is a project by the Electronic Frontier Foundation, an internet anonymizing system. It's internals are complex, but the basic funktion is that you connect encrypted to a tor-node, it forwards your request through several other tor-nodes and then it get's answered. It doesn't provide full anonymity, you have to trust the tor-node you connect to. But it's definitely better than nothing.

Both integrate well, if you are a Gentoo user, just emerge tor pricoxy, add forward-socks4a / localhost:9050 . to your /etc/privoxy/config, copy the torrc.sample to torrc (in /etc/tor), add both to your runlevels (rc-update add tor default, rc-update add privoxy default) and you are done.
Now set your Browser to use Proxy localhost and Port 8118.
For other Linux-Distributions, it's probably similar. I have no idea if and how tor and privoxy work on other OSes (especially the evil one with the W), so don't ask me, you'll have to find out yourself.

This will save you some privacy and you'll get rid from a lot of internet ads.

Note: tor had some security-issues recently, so take care that you use the latest version available (0.1.0.14).

Stefan Esser, who writes a blog about php security that is really worth reading, discovered several vulnerabilities in the PEAR XMLRPC lib. Various PHP applications use this, especially all major blog-systems, including wordpress and serendipity. So please update your blog-software.

As I often wrote about free films in the past, this might be of interest:
Project Orange, an effort to create an animated Movie, based on the free software Blender and all content released under a Creative Commons license. Looks promising, surely worth to keep an eye on it.