May 2007 Archives

2007-05-30 20:03:21

Germany becoming increasingly hostile

According to the german news paper Berliner Morgenpost, Germany is turning into an increasingly hostile place. The paper analyzed the movements of the german population since the year 2001 as well as tourism statistics and immigration.

The result can easily be summarized: Germany is losing a lot of citizens – mainly young citizens – to more attractive neighboring countries, such as Switzerland and Austria. At the same time, immigration is in a continuing decline.

The paper fails to come up with possible reasons for this trend. The most significant reason is probably the increasingly bad situation of average people in the country. During the last couple of years, the unemployment has risen significantly while at the same time the unemployment insurance returns have been cut drastically. Also, a lot of bullying has been introduced to further reduce the life quality of unemployed. The tax laws are horribly complicated, and the taxes hardly increase for people who earn more money. Also, the average income has been greatly reduced, causing neighboring countries to consider Germany a low-wage labor market.

Even worse, the quality of the educative system has dropped dramatically. This did not prevent the universities though from introducing studying fees that are well above even the average in Switzerland. At the same time, the number of professors is still not high enough to allow them to take care of students individually, contributing to the bad impression.

To summarize it, it appars to be pretty hard to find a reason not to leave Germany...

Posted by Tonnerre Lombard | Permanent link | File under: news

2007-05-30 19:36:52

Media reception of the hacker tools criminalization law in Germany

The english IT newspaper «The Register» covers the german anti hacking tools legislation. The article focuses mainly on the fact that the law is mostly ill-considered and will harm the IT security industry severely.

The german IT news site Heise is blowing into the same horn. However, in an older article, Heise even accuses the federal council of not listening to critics during the hearings.

The media which are less focused on IT tended to ignore the new law entirely. Also, the repressions accompaning the G8 summit in Germany mostly passed by below the radar and got lost in the uproar of the doping scandal. Apparently, it just happened to be the right time.

Posted by Tonnerre Lombard | Permanent link | File under: news, politics

2007-05-28 21:59:25

German IT security industry sentenced to death

The german IT security industry was sentenced to death on Friday, May 18th, at 22:30.

Originally, the session was scheduled for 02:00 in the morning of Saturday, but apparently this appeared to be a bit overkill. On half past ten in the evening, the german federal council declared that it accepted the modifications to the criminal law regarding informatics unaltered. These modifications forbid the possession and use of tools which are mainly used to intercept, alter or gain access to data.

However, the german IT security industry depends heavily on the possibility to create and possess such tools. IT security is mainly created by finding security problems (e.g. data which is passed unencrypted, buffer overflows, information leaks), writing an example exploit in order to help understand the problem, and hand that to the vendor in order to have him fix it.

On the other hand, security on the user side can only be created if all of the example exploits are used against the user's system in order to determine whether or not it needs to be patched against something. Also, additional broad exploitation techniques are used to find applications that suffer from common problems. This is of course vital to a good security test of a customer's environment, because some programs may only reveal flaws in certain setups.

The decision of the german government is mainly guided by the belief that all IT security threats to german companies come from inside the country. This is however untrue. Most of the attacks are automated and come from foreign IP ranges (asian, american, etc.). This means that this law does not stop the attacks, but it takes away all means of defending against them, because the tools which are required to conduct security tests have just been outlawed.

Also, this law doesn't just impose problems on the IT security industry but also on large parts of the entire IT industry. For example, network operators heavily depend on sniffing tools to figure out parameter problems in their network flows. Falsely set parameters can slow down a network or even stop all traffic. Also, firewall rules can only be tested and debugged that way. In order to figure out network problems, it is inevitable to use the same sniffing software that could possibly be used to sniff user's passwords.

There is only one true solution to the IT security problems in this world. It is an absolute necessity to encrypt all, or at least all authenticated, traffic. Username and password authentication should also be eradicated and replaced by cryptographic challenge-response protocols, as demonstrated on the CAcert web site.

And the second necessary step is what is described as «eternal vigiliance». There is no way of avoiding this. If you want your enterprise to be reasonably safe, have an independent or even inhouse expert conduct regular security tests. Adopt security updates within a 24-hour timeframe. Avoid technologies which come with their own security problems but are advertised as bug-free (such as PHP, Java or .NET). Also, keep backups. If you do this consequently, you should be reasonably safe from attackers.

The entire legal proposal can be found under The interesting parts are §§ 202b and c.

Posted by Tonnerre Lombard | Permanent link | File under: general, news, politics

2007-05-16 13:22:48

Microsoft finances a OOXML Wikipedia article editor

Microsoft has caused an edit war in the free encyclopedia Wikipedia by funding the standard activist Rich Jelliffe for contributing his knowledge to the articles about Open Standards, XML, OOXML and the OpenDocument Format.

Jelliffe claims in his user page, however, that his edits are unbiased by the fundings. Nevertheless, he has removed some Anti-Microsoft «biases» from some articles, and this caused a lot of irritation. Summing it up, it is not agreed upon to which degree Jelliffe's articles are biased.

Posted by Tonnerre Lombard | Permanent link | File under: general, standards

2007-05-16 12:20:29

Australian deported for breaking US IP in Australia

An australian citizen has been deported to the USA for infringing on US intellectual property - in Australia. The 44 year old man is being accused of pirating products of an american company.

Under normal circumstances, this would lead to a court proceeding against the man in his home country, Australia. Consequently, he would probably be convicted to fines, or even prison (In case he wouldn't pay the fines).

Instead, the australian, who has never before set a foot on US territory, has been deported to the USA in order to face 10 years in jail for piracy.

The whole story can be found on[...]/1178390140855.html.

Posted by Tonnerre Lombard | Permanent link | File under: news, politics

2007-05-16 12:06:47

US Supreme Court: Patent System got out of control

The US supreme court ruled what a lot of people kept repeating for years already: the worldwide patent system has got out of control. The market is flooded with trivial patents, which are only used to make money from litigation and slander. To make it even worse, the power to judge the patents is in the hands of the same organization which grants it. This means that it's in the USPTO's interest to grant as many patents as possible, in order to gain money from invalidating them.

The whole article can be found at[...]-000b5df10621.html.

Posted by Tonnerre Lombard | Permanent link | File under: news, politics

2007-05-16 11:32:37

Microsoft hit with patent suit over .Net

The patent litigation wave has again hit one of its strongest promoters. Vertical Computer Systems sued Microsoft for unlicensed use of its patent on a «Method for generating web sites» (US patent 6,826,744).

The patent covers the generation of dynamic websites using components which are abstracted by XML. So basically every web site which is created from XML could possibly infringe on the patent. DocBook created web sites come to mind.

The full article can be found at[...]/HNmsdotnetpatentsuit_1.html.

Posted by Tonnerre Lombard | Permanent link | File under: news, politics

2007-05-16 11:16:21

EPLA with the jimmy through Switzerland?

According to the swiss german news paper «Der Bund», the swiss patent law revision is also supposed to introduce EPLA-style law in Switzerland. Through this patent revision, the European Union shall be forced to adopt EPLA as well in order to remain compatible to the driving economic force Switzerland.

It is our duty now not to let ourselves get abused as a tool to get what the mega corporations want in Europe. A Patent Litigation agreement would legalize more 30'000 trivial software patents in Europe, which have been granted illegally. If this article is correct, then we need to stop this law, not only on behalf of all software developers in Switzerland, but also on behalf of all software developers in the European Union.

The original article can be found at The PDF version can be found at[...]/08208Wirtschaft20070410_1.pdf. More information on the EPLA can be found at

Posted by Tonnerre Lombard | Permanent link | File under: general, news, politics

2007-05-15 23:24:58

WinSock socket option SO_EXCLUSIVEADDRUSE?

Microsoft has introduced a new socket option in their Winsock framework, which is called SO_EXCLUSIVEADDRUSE. From the explanation, it doesn't get very clear what the advantage of this option is over binding to a specific IP and not using any options at all.

It appears that the only purpose of this option is to use Fear, Uncertainty and Doubt (the DoS story) to make people believe that they should use this option. This again makes their code incompatible with the POSIX API.

More can be found on

Posted by Tonnerre Lombard | Permanent link | File under: programming, standards

2007-05-15 22:15:23

ETH Zurich in "concurrence" with EPFL?

The ETH Zurich is still looking for a new President. So far they have refused every single candidate. The council of the ETH is now being critizised. Not because people fear a vacuum of innovation – but because they fear losing ground in the competition with the EPFL. Some even claim that the President of the EPFL, Patrick Aebischer, is building his EPFL on the expense of the ETH Zurich.

The question remains what a cruel world we're living in when two of the best technical universities on the continent are pestering each other in trying to compete with each other. The main purposes of these universities ought to be to educate students.

Also, the EPFL is a swiss french university, where all lessons are held either in french or in english. It is very unlikely for someone to pass the EPFL if he or she is not capable of speaking french. The ETH Zurich, on the other hand, is a swiss german university. It would therefor be a likely assumption that there is only a small fraction of the swiss population who would actually be equally well off on both universities.

But it appears that the people of the ETH Zurich want their university to be the only true swiss polytechnical university. It's the same sad story of swiss german cultural imperialism that can be observed in most areas of daily life. Hopefully, at some point, we can agree to just live next to each other without any attempts to conquer each other. But it appears that this situation has become more unlikely in the past.

Until a couple of decades ago, it was a normal proceeding for every swiss german adolescent to spend a couple of years in the french-speaking part of Switzerland. It was a necessary step to get one's education degree, and to become an adult. Equally, every swiss french adolescent had to spend a couple of years of his education in the german speaking part of Switzerland. But it seems that this tradition is extinct nowadays. This and a lot of other things serve to make the Rösti rift deeper than ever.

The whole story can be found at

Posted by Tonnerre Lombard | Permanent link | File under: general, politics

2007-05-13 20:17:40

Vergeltung: coming soon

After a couple of first tests, it appeared that was running pretty well already. However, as it seems, there still have to be some tests with the GPIO functionality. The cable which was attached to the reset button may cause major problems when power is switched on via gpioctl. This can be solved by the use of a resistant.

The purpose of is to create a remote reset and console solution for the server, which was meanwhile upgraded to Debian Etch. The proceeding is about the following:

If something goes wrong on vic, it should be possible to ssh into vergeltung and get a serial console. Using this console, it should also be possible to modify BIOS settings et al. However, there is still a lack of a remote reset solution.

This solution is provided by GPIO. GPIO provides a simple interface to short-circuit a jumper on demand, exactly like a reset button. Thus, one can ssh into vergeltung and do a quick

% gpioctl 1 1; sleep 1; gpioctl 1 0

This will have the effect of pushing the reset button: will be rebooted. At the same time, the booting problem will also be resolved: didn't boot with the old kernel unless the serial port FIFO was filled from the terminal side. Thus, one always had to type ahead in order to get through the kernel boot.

Posted by Tonnerre Lombard | Permanent link | File under: chaos

2007-05-13 20:12:47

DRM - to be renamed?

During a lecture on Digital Restrictions Management and its timely appearance (CD protection by dead blocks, the DVD CSS algorithm and the broken 128-bit HD-DVD key), it was mentioned that apparently the wording «Digital Restrictions Management» was already sufficiently tainted so the makers of these policies are now going for something more ambiguous: DCE.

DCE is supposed to mean «Digital Customer Enablement», or even «Digital Consumer Enslavement» for those who like the pun.

The problem with this abbreviation is that those of us who work in telcos and networking know DCE as «Data Carrier Equipment». It is indeed a good question whether this ambiguity was chosen in order to confuse the term even more?

Posted by Tonnerre Lombard | Permanent link | File under: chaos, network

2007-05-13 20:02:50

Hints for dead-end conversations on surveillance

If you talk to the average people on the street about video/phone/internet surveillance, you end up in a never-ending round of the same arguments pretty quickly. Here is a way I came up with during the ChaosDocks to get out of some of these situations:

I have nothing to hide!

If someone comes up with this argument, ask him to follow you to a non-public room (a waiting room will do, it just needs to be off the street in order to eliminate legality arguments). In that room, take out a camera and ask the person to get naked so you can take some pictures.

If the person refuses to get naked, which he or she most likely will, ask the person, «Do you still think you have nothing to hide?»

If the person does get naked, he or she is either hitting on you or beyond good and evil. In the latter case, no debate is possible, in the former, none may be required. In fact, this hitting on you might even be something the person might be willing to hide from his or her significant other. Otherwise you at least get some interesting photos.

Amendment: Also, I found this:

Nothing to hide

Posted by Tonnerre Lombard | Permanent link | File under: general, chaos

2007-05-13 19:42:52

Netfilter clusterip: reinventing the wheel

One of the lectures at the 2007 edition of ChaosDocks was about the Netfilter extension «clusterip». This extension aims at providing an interface to Netfilter which allows for router redundancy.

Router reduncancy per se involves two major tasks. The first task is, of course, to listen to a common IP. Under OpenBSD, the protocol carp (Common Address Redundancy Protocol) is used for this. It is a versatile protocol which allows connections to be established and related to multiple hosts which share the same IP. The IETF standard protocol VRRP, a standardized variant of the Cisco protocol HSRP (Hot Standby Router Protocol), also specifies this functionality via a master/slave system inside its protocol.

The solution of the Netfilter people however was not to port the Carp protocol to Linux, but instead they reinvented address reduncancy in a rather uncommon way. First of all, all of the routers need an alias interface to the physical interface which will be connected to the corresponding network. This is to ensure that they all receive the entire traffic. It is thereby the duty of the network administrator to ensure that the packets arrive at both hosts.

For this purpose, Netfilter clusterip defines a new multicast protocol which is used to negociate between the nodes who is supposed to take which connections. This protocol then hashes the source and target IPs to assure that the connection sticks to the same router.

The other task is to ensure that the rules and state tables are equal on all redundant routers. In VRRP, the master controller regularly copies his rules and state tables to all of the slave nodes. OpenBSD defines a second primitive protocol to solve this task separately. This protocol is called pfsync.

pfsync itself is a cryptographically authenticated protocol. Only nodes which can authenticate themselves in a challenge-response protocol are allowed to push rules and states. While the carp protocol assures that only one router processes the arriving packets, the pfsync protocol takes care of the connection states (for e.g. NAT) so the packets don't get rejected in case the connection ends up on a router it has not been initiated on.

Thus, pfsync permits full load balancing and redundancy as well as error recovery in case one of the routers goes offline. It does not have any dependency on a special master server, and is cryptographically secure (to our current knowledge).

Nevertheless, the Netfilter architects chose to create an addition to clusterip which takes care of the states. It is part of clusterip even though its purpose is not related to address redundancy in any way. Also, it is incompatible with any of the three preexisting protocols, HSRP, VRRP and CARP/pfsync.

Inquired about his reasons to create his own protocol rather than to port existing protocols to Linux, the clusterip author responded that it would probably involve the same effort. Challenged about the interoperability of his solution, he answered that he didn't look at the existing solutions but had the feeling beforehand that they would not suit his requirements.

He wasn't sure about it though.

Posted by Tonnerre Lombard | Permanent link | File under: chaos, standards

2007-05-09 10:48:22

Media reception of Ubuntu Mobile and Embedded

The swiss newspaper «20min» reports about the new partnership between Intel, Dell and Ubuntu. The aim of the partnership is to sell mobile phones that run on the Ubuntu distribution.

Apparently, the market of Linux based mobile phones is slowly beginning to demarginalize.

(Unfortunately, the article is not available in the web version but only in the print release.)

Posted by Tonnerre Lombard | Permanent link | File under: chaos, news

2007-05-09 10:42:00

Even more passengers for the CFF

The Swiss Railways CFF (Chemin de fer Fédéraux Suisse) have managed to attract a new record number of passengers. In 2006, the swiss railways transported 285 million different people.

This means that the swiss railways have to increase the number of trains and cars per train again after only a couple of years. Also, the schedules are being reworked in order to allow passengers to be transported to main destinations with smaller delays. New tunnels are also being planned.

The CFF are even considering special boni for people who travel at hours which are outside the typical congested times in order to cool down the working hour «traffic jams».

Posted by Tonnerre Lombard | Permanent link | File under: general, news

2007-05-09 10:35:02

Keeping the youth out of government buildings - with ultra sound

The government of Geneva had a new idea how to keep the youth out of the government buildings. A new installation of speakers emits sounds in the range of 20kHz. These sounds cause headaches to younger people, but can no longer be heard by average citizens after a certain age.

However, this installation is highly based on the concept of the average citizen. There are people who are still able to hear sounds far beyond the 20kHz boundary, while some young people have already damaged their capability of hearing in discos and using walkmans well before they reach the «critical age».

Also, the question remains whether there is any sense in making such a discrimination. What exactly is the point of keeping the youth out of the Palais Eynard?

Posted by Tonnerre Lombard | Permanent link | File under: general, news

2007-05-08 17:49:32

Wolfowitz held guilty of nepotism

The ethical committee of the world bank has held Wolfowitz guilty of nepotism. This probably means the end of the Wolfowitz era in the world bank, and might cause a lot of additional pressure on Bush, who has put him into this position.

After all the stories about how the world bank practially supports the first-world countries and pulls more money out of the pockets of the so-called third world, this appears to be at least some beam of light on the horizon, indicating that not all is lost with regard to this institution.

Nevertheless, it is highly unlikely that the strategy of the world bank is going to change in the future.

The full article can be found at[...]55250172194810300.xml.

Posted by Tonnerre Lombard | Permanent link | File under: news, politics

2007-05-08 17:17:59

Reception of Sarkozy's presidency

France has a new president - and the conservative swiss media try to play it down. In the newspaper «20min», only a small column hints to the fact that France has a new president. The report says that the superior Sarkozy sent Royal off to the second rank. Some people don't like the decision.

The story sounds entirely different in the Liberté. Not only is the newspaper fair to the socialist party's female concurrent, it also mentions the 730 cars that have been burned in Paris. Also, the Liberté has reserved a significant amount of space to the article.

Posted by Tonnerre Lombard | Permanent link | File under: news, politics

2007-05-08 08:05:50

Broken Standards: FAT

A broken de-facto standard in the area of embedded computing is the use of the File Allocation Table Filesystem (fatfs) for embedded devices with flash chips.

The use of this standard falsely assumes the common notion to be true which claims that fatfs was the perfect file system for embedded devices, due to its simplicity. However, this assumption is not true. In fact, writing to a fatfs requires the same blocks to be written over and over again. Now, a flash only has a limited number of write cycles, meaning that the same sector (unit of usually 1kB) can only be written a certain number of times. For example, usual flash chips only have 10'000 to 50'000 write cycles.

This means that on a plain flash, the FAT file system will cause a write cycle exhaustion after only 10'000 file modifications, due to the fact that one of the rather important blocks containing the file to cluster mappings will be written to every time a file is modified. This means that you can throw away your flash device.

Modern file systems for embedded devices circumvent this by their very structure. The 4.4BSD log structured file system (LFS) for example doesn't ever write to the same blocks again unless it has passed and written to the entire flash at least once. Even if you make modifications to a file, LFS appends the file with a new version to the end of your current file system. At some point, LFS arrives at the end of the flash, which makes it wrap over to 0 and look for a freed block there. At this point, it will for example overwrite old versions of files. In addition to saving rewrite cycles, this even makes write access to the flash a lot faster.

However, flash producers have also found a solution to the fatfs problem. Current flashes carry additional per-block counters which take notes of how many times a certain flash cell has been written to. They also feature a block map which is used to remap flash blocks to other places, allowing blocks that have been written to more often than others to be remapped to less frequently used blocks. This is additional logic which makes the flash itself horribly complicated and expensive, but artificially saves write cycles when used with the fatfs.

An additional problem when it comes to fatfs and embedded devices is licensing. Microsoft has sued an enormous amount of producers of embedded devices in the past over infringement of patents on the fatfs. Under these circumstances, one really has to wonder why so many companies still sell fatfs based devices.

So where does the notion of fatfs as the ideal file system for embedded devices come from? You guess it: Microsoft's marketing department. And the claim is simple: fatfs is easy to implement (Well, LFS is even easier, but you can see where Marketing wants you to go). The easiness of implementation is thereby padded up with the fact that Windows comes with no implementation of any file systems other than fatfs and ntfs. And since ntfs is horribly complicated and its file system driver is probably already larger than most flash devices, fatfs is the only solution with workable interoperability with the Windows operating system out of the box. So if your embedded operating system runs on fatfs, you can just take out the SD card, plug it into your laptop's SD card reader, and use it under Windows.

This is another example of how Windows penetrated the world of standards, while it is only making life harder for the manufacturers. So if you ever want to make an embedded device, it is recommendable to refrain from using the de-facto standard fatfs.

Posted by Tonnerre Lombard | Permanent link | File under: programming, standards

2007-05-08 08:03:26

Auguste Piccard

Auguste Piccard was the creator of the highest-flying baloon with a passenger capsule which kept its pressure, allowing the passengers to rise to higher places than if they had to sustain the normal pressures. Using this capsule, he has managed to transport passangers in a height of 23 kilometers above sea level.

Professeur Tournesol (Professor Bienlein) from Tim and Struppi was drafted after Auguste Piccard, and the Mésoscaphe PX-8 was called after him. Also, Captain Jean-Luc Picard from Star Trek TNG was drafted to be a grandson of Auguste Piccard.

Born 1884 in Basel, he died in 1962 in Lausanne.

Posted by Tonnerre Lombard | Permanent link | File under: suisses

2007-05-07 21:29:10

The conservative wave hits France

After France was preserved from conservativism during the last election, it decided this time to join the new wave for conservative protectionism and anti-terror fileism.

Rather than electing the progressive, female candidate Ségolène Royal, the french people decided to continue the wave of conservativism and to elect Nicolas Sarkozy as president.

It is a good question what the french actually expect from Sarkozy. Because what they are likely going to get is:

  • EPLA. France might play a major role in the establishment of the European Patent Litigation Agreement, which Sarkozy promised to put forward.
  • More anti-terror actionism. Conservative parties tend to put a lot of effort into putting the constitution out of business, overruling it with new legislations and limiting civil rights for the sake of fighting terrorism

Especially the first part is rather worrysome. Sarkozy has a rather rough idea of patents which is mainly backing big business. This moves the balance of patent critcs vs. patent positivists to the negative side in the European Union, which could lead to adoption of the litigation agreement. This would then mean more patent litigation. In the heat of the debate, I highly doubt that this is what Europe needs...

More information can be found all over the web.

Posted by Tonnerre Lombard | Permanent link | File under: news, politics

2007-05-07 13:45:37

Lobbyism for nerds

There is now a lobbyism howto for nerds. I personally think that lobbyism is a very important matter, and since there is no lobby for nerds, it is our «duty» to form it ourselves. However, I'm going to describe this in more detail later.

The howto is at

Posted by Tonnerre Lombard | Permanent link | File under: chaos, politics

2007-05-05 13:21:21

Reception of "Managed Diversity"

Apparently, my lecture about «Managed Diversity» wasn't all unheard. There is a nice, large mail on, which discusses the subjects that I debated further. The author looked a lot into my thesis and drew some interesting conclusions, which weren't 100% congruent with mine, but pretty close.

The insightful article excuses for the fact that he doesn't always spell my name correctly.

Apparently, there is an article associated with it.

Posted by Tonnerre Lombard | Permanent link | File under: general, chaos

2007-05-05 13:02:34

Tonight: Hacker Radio on Radio Lora

Tonight, on Saturday, the 5th of May 2007, the Chaos Computer Club Zurich will broadcast their first radio show on Radio Lora. It is called Hackerfunk, and the first session is basically about introducing the people and the CCC.

The further sessions are going to be somewhat like older sessions of Chaosradio from the CCC Berlin or C-RaDar from Chaos Darmstadt.

The session will be broadcast from 19:00 to 20:00 and will also be available as a live stream.

More information can be found on the Radio Lora site and the CCC Zurich site.

Posted by Tonnerre Lombard | Permanent link | File under: general, chaos

2007-05-04 23:28:14

SCO on the way to its grounding

The SCO Group, mostly known for suing IBM over the use of the Linux operating system, has recently been caught in violating the intellectual property rights of a different big company: Microsoft.

SCO Unixware 7.1.4 features the Open Source package mplayer. This player again used to feature support for playback of Windows Media files (WMV9) using Microsoft's proprietary codecs from Windows in an emulation layer. Thus, the win32codecs package, which belonged to mplayer, always came with the notice that one must be in possession of a genuine Windows license in order to be allowed to use them for playback.

On the other hand, the business isn't going very well for SCO. There are basically no profitable businesses, and there appears to be significant evidence that the claims that SCO announced against IBM, are mostly hot air. Novell researched deeper into their documents, discovering that the copyright to the Linux source code had never been sold to SCO, but was intentionally kept back for the case of a bankruptcy on behalf of SCO.

Which seems like an intellegible move in the light of the current development of SCO's shares. Never since March 13th has the SCO share fulfilled the criterium of being listed in the NASDAQ technology index, which is to be traded for more than US$ 1.-. If the company doesn't recover within 180 days, it will no longer be a NASDAQ company.

This doesn't come as a surprise. McBride has tried to make SCO some kind of Non-Producing Entity (NPE), which makes its money from intellectual property litigation. However, SCO is in a horribly bad shape for this kind of business, for several reasons:

  1. They don't really possess intellectual property assets
  2. They focus on copyright, not patents (which narrows their claims)
  3. They have written code themselves, which makes them susceptible to counter attacks

So all in all, we have to wonder how long McReed in Wonderland is still going to be in business?

More details:,

Posted by Tonnerre Lombard | Permanent link | File under: general, news

2007-05-01 21:56:55

Microsoft wins one of the biggest victories for OSS lobbyists

Microsoft has fought one of the biggest battles for OSS lobbyists today. In a case they won, the US Suppreme Court has overturned its decision from the AT&T case with a 7:1 majority.

The actual case was whether or not software in its source form is patentable. The US suppreme court has ruled that source code itself is like the blue print for a device: it is pure information and cannot be considered patentable.

This basically means that Microsoft has won this one special case, where they infringed on a patent held by AT&T itself, which covered speech synthetization in software. Nevertheless, this court ruling will be a big problem to Microsoft in most of their business strategy, since they just successfully invalidated software patents on source code, a vast majority of their anti-Linux strategy is jeopardized.

More information is on[...]_Overturned/1177944397

Posted by Tonnerre Lombard | Permanent link | File under: news, politics

2007-05-01 12:28:36

Month of PHP Bugs: Please refrain from reporting them!

PHP is buggy

The PHP security consortium recently held the «Month of PHP Bugs». During this phase, everyone was called to submit bug reports to the PHP team.

However, Ed Finkler from the PHP security team had officially announced earlier that there were no security bugs in PHP. Of course, the announcement was padded up with the typical anti-Esser propaganda (See also «Bye Bye, Esser» on «PHP is broken»).

However, Esser himself had previously written notices of about 20 unfixed PHP vulnerabilities to Finkler. When looking at it from this angle, it appears that the entire statement itself was a big lie.

Thus, Esser submitted 45 serious PHP security bugs to the PHP month of security bugs. He got toasted immediately for disrespecting the rules of «responsible disclosure». However, the majority of these bugs had already been known in advance by the PHP security consortium, rendering the claim somewhat absurd.

Responsible disclosure is only possible if the maintainer of the affected product also keeps a responsible time to reaction. This is why it is impossible to play the game of responsible disclosure with a lot of bigger companies, namely Microsoft, Apple, Cisco Systems and Oracle. (Actually, cooperation with Cisco Systems does work ok as long as you're a Cisco customer. However, lots of people who discover security problem in Cisco IOS actually aren't.)

And all that remains is this truthful logo...

Read the full story on[...]-PHP-Bugs.html.

Posted by Tonnerre Lombard | Permanent link | File under: programming, news