LaForge's home page (Chaos Computer Club)

Retronetworking / BBS-Revival setup at #36C3

Harald Welte — Sat, 04 Jan 2020 16:00:00 GMT

After many years of being involved in various projects at the annual Chaos Communication Congress (starting from the audio/vidoe recording team at 15C3), I've finally also departed the GSM team, i.e. the people who operate (Osmocom based) cellular networks at CCC events.

The CCC Camp in August 2019 was slightly different: Instead of helping an Osmocom based 2G/3G network, I decided to put up a nextepc-based LTE network and make that use the 2G/3G HLR (osmo-hlr) via a newly-written DIAMETER-to-GSUP proxy. After lots of hacking on that proxy and fixing various bugs in nextepc (see my laforge/cccamp2019 branch here) this was working rather fine.

For 36C3 in December 2019 I had something different in mind: It was supposed to be the first actual demo of the retronetworking / bbs-revival setup I've been working on during past months. This setup in turn is sort-of a continuation of my talk at 34C3 two years ago: BBSs and early Intenet access in the 1990ies.

Rather than just talking about it, I wanted to be able to show people the real thing: Actual client PCs running (mainly) DOS, dialling over analog modems and phone lines as well as ISDN-TAs and ISDN lines into BBSs, together with early Interent access using SLIP and PPP over the same dial-up lines.

The actual setup can be seen at the Dialup Network In A Box wiki page, together with the 36C3 specific wiki page.

What took most of the time was - interestingly - mainly two topics:

A 1U rack-mount system with four E1 ports. I had lots of old Sangoma Quad-E1 cards in PCI form-factor available, but wanted to use a PC with a more modern/faster CPU than those old first-generation Atom boxes that still had actual PCI slots. Those new mainboards don't have PCI but PCIe. There are plenty of PCIe to PCI bridges and associated products on the market, which worked fine with virtually any PCI card I could find, but not with the Sangoma AFT PCI cards I wanted to use. Seconds to minutes after boot, the PCI-PCIe bridges would always forget their secondary bus number. I suspected excessive power consumption or glitches, but couldn't find anything wrong when looking at the power rails with a scope. Adding additional capacitors on every rail also didn't change it. The !RESET line is also clean. It remains a mystery. I then finally decided to but a new (expensive) DAHDI 4-port E1 PCIe card to move ahead. What a waste of money if you have tons of other E1 cards around.
Various trouble with FreeSWITCH. All I wanted/needed was some simple emulation of a PSTN/ISDN switch, operating in NT mode towards both the Livingston Portmaster 3 RAS and the Auerswald PBX. I would have used lcr, but it supports neither DAHDI nor Sangoma, but only mISDN - and there are no mISDN cards with four E1 ports :( So I decided to go for FreeSWITCH, knowing it has had a long history of ISDN/PRI/E1 support. However, it was a big disappointment. First, there were some segfaults due to a classic pointer deref before NULL-check. Next, libpri and FreeSWITCH have a different idea how channel (timeslot) numbers are structured, rendering any call attempt to fail. Finally, FreeSWITCH decided to blindly overwrite any bearer capabilities IE with 'speech', even if an ISDN dialup call (unrestricted digital information) was being handled. The FreeSWITCH documentation contains tons of references on channel input/output variables related to that - but it turns out their libpri integration doesn't set any of those, nor use any of them on the outbound side.

Anyway, after a lot more time than expected the setup was operational, and we could establish modem calls as well as ISDN dialup calls between the clients and the Portmaster3. The PM3 in turn then was configured to forward the dialup sessions via telnet to a variety of BBSs around the internet. Some exist still (or again) on the public internet. Some others were explicitly (re)created by 36C3 participants for this very BBS-Revival setup.

My personal favorite was finding ACiD Underworld 2.0, one of the few BBSs out there today who support RIPscrip, a protocol used to render vector graphics, text and even mouse-clickable UI via modem connection to a DOS/EGA client program called RIPterm. So we had one RIPterm installation on Novell DOS7 that was just used for dialling into ACiD Underworld 2.0.

Among other things we also tested interoperability between the 1980ies CCC DIY accoustic coupler "Datenklo" and the Portmaster, and confirmed that Windows 2000 could establish multilink-PPP not only over two B-channels (128 kbps) but also over 3 B-Channels (192).

Running this setup for four days meant 36C3 was a quite different experience than many previous CCC congresses:

I was less stressed as I wasn't involved in operating a service that many people would want to use (GSM).
I got engaged with many more people with whom I would normally not have entered a conversation, as they were watching the exhibits/demos and we got to chat about the technology involved and the 'good old days'.

So all in all, despite the last minute FreeSWITCH-patching, it was a much more relaxing and rewarding experience for me.

Special thanks to

Sylvain "tnt" Munaut for spending a lot of time with me at the retronetworking assembly. The fact that I had an E1 interface around was a good way for him to continue development on his ICE40 based bi-directional E1 wiretap. He also helped with setup and teardown.
miaoski and evanslify for reviving two of their old BBSs from Taiwan so we could use them at this event

The retronetworking setup is intended to operate at many other future events, whether CCC related, Vintage Computing or otherwise. It's relatively small and portable.

I'm very much looking forward to the next incarnations. Until then, I will hopefully have more software configured and operational, including a variety of local BBSs (running in VMs/containers), together with the respective networking (FTN, ZConnect, ...) and point software like CrossPoint.

If you are interested in helping out with this project: I'm very much looking for help. It doesn't matter if you're old and have had BBS experience back in the day, or if you're a younger person who wants to learn about communications history. Any help is appreciated. Please reach out to the bbs-revival@lists.osmocom.org mailing list, or directly to me via e-mail.

Some thoughts on 33C3

Harald Welte — Thu, 29 Dec 2016 17:00:00 GMT

I've just had the pleasure of attending all four days of 33C3 and have returned home with somewhat mixed feelings.

I've been a regular visitor and speaker at CCC events since 15C3 in 1998, which among other things means I'm an old man now. But I digress ;)

The event has come extremely far in those years. And to be honest, I struggle with the size. Back then, it was a meeting of like-minded hackers. You had the feeling that you know a significant portion of the attendees, and it was easy to connect to fellow hackers.

These days, both the number of attendees and the size of the event make you feel much rather that you're in general public, rather than at some meeting of fellow hackers. Yes, it is good to see that more people are interested in what the CCC (and the selected speakers) have to say, but somehow it comes at the price that I (and I suspect other old-timers) feel less at home. It feels too much like various other technology related events.

One aspect creating a certain feeling of estrangement is also the venue itself. There are an incredible number of rooms, with a labyrinth of hallways, stairs, lobbies, etc. The size of the venue simply makes it impossible to simply _accidentally_ running into all of your fellow hackers and friends. If I want to meet somebody, I have to make an explicit appointment. That is an option that exits most of the rest of the year, too.

While fefe is happy about the many small children attending the event, to me this seems somewhat alien and possibly inappropriate. I guess from teenage years onward it certainly makes sense, as they can follow the talks and participate in the workshop. But below that age?

The range of topics covered at the event also becomes wider, at least I feel that way. Topics like IT security, data protection, privacy, intelligence/espionage and learning about technology have always been present during all those years. But these days we have bloggers sitting on stage and talking about bottles of wine (seriously?).

Contrary to many, I also really don't get the excitement about shows like 'Methodisch Inkorrekt'. Seems to me like mainstream compatible entertainment in the spirit of the 1990ies Knoff Hoff Show without much potential to make the audience want to dig deeper into (information) technology.

29C3. The end of an era?

Harald Welte — Mon, 17 Dec 2012 19:00:00 GMT

When I first heard that the annual CCC congress was moved to Hamburg, my immediate reaction was: Fine, but I wouldn't want to be involved in it. For the last 15 years I've been attending the CCC congress every year, in most years as a speaker, and in many years in some (small) contributing role, first in the team doing the video recordings, and in the last couple of years setting up a GSM network. Contributing to an event is easy if your home/lab is within 20minutes, so if you need another strange cable/adapter/tool/whatever, you can just go and grab it. Doing that at an event that's multiple hours of driving away, in a new/unknown venue is an entirely different story. I have more than enough stress already with (paid) work and the various FOSS projects that I'm leading or involved in.

I have no interest in "just" attending the event. That never was a primary reason for me. In all those years, I've probably attended an average of one talk each year. The event for me was about being able to contribute something actively.

Now, months after those thoughts and my decision not to attend, there is a schedule for the 29C3 available. And to say the least, I am shocked. The entire event seems to have turned into a SIGINT, rather than an xxC3. Lots of talks on politics and society, and lots of German talks.

The debate on implications of technology on society, culture, politics, etc. is an important debate, there is no doubt. And so far I always had the feeling that the xxC3 had a pretty good balance between hard-core technical talks and those non-technical talks. But if I look at the schedule this year, it really looks like an incarnation of the SIGINT conference. With too many German talks you are scaring off the international community. And with focussing on non technical topics, you scare away the die-hard technical hackers. So why move to a larger venue, if you at the same time seem to limit the scope of the event?

Meanwhile I have heard of a number of friends and colleagues who seem to share this view. A number of people who have attended in previous years are not interested in attending this year due to the issues mentioned above.

It's sad to see, but I somehow have the feeling that 29C3 might be the end of an era. The end of a highly successful series of events with exceptionally strong technical talks. To me, xxC3 has always been unique and special. No other event would ever compare to it. Who will fill the gap for the die-hard technical topics? I am feeling quite sad, up to the point that I want to start mourning about "the good old times".

I'm not writing this to put blame on anyone. It just reflects my personal and highly subjective view. Let's see what people will say after 29C3 has actually happened. Let's see how successful it is in terms of number of attendees, and in terms of feedback from participants. I'd like to explicitly thank the many organizers and volunteers (a lot of whom I know in person) for putting up their time and energy to make 29C3 happen.

Chaosradio Express 151: ARM CPU Architecture (German)

Harald Welte — Tue, 27 Apr 2010 19:00:00 GMT

I'm a bit late with this: The Chaosradio Express #151 podcast on the ARM CPU architecture has been released a week ago. I had a most pleasant experience spending about 90 minutes getting interviewed by Tim Pritlove.

I'm sorry for all the non-German-speakers. But Chaosradio Express is a German medium, made by and for German hackers :)

German Constitutional Court hearing on data retention law

Harald Welte — Mon, 14 Dec 2009 19:00:00 GMT

Today I've taken one day off work in order to attend the publich hearing of Germany's constitutional c ourt on several constitutional complaints against a German national law on data retention of telecommunications data. As the topic is likely only relevant to Germans, and due to the fact that I am not very confident with my English legalese outside of copyright law, I'll switch to German for this blog post - which I believe is unprecedented in this blog so far.

Tja, da war ich also heute einer der wenigen auserkorenen Besucher beim BVerfG. Immerhin haben mehr als 34.000 Leute Verfassungsbeschwerde eingelegt, auch wenn rein formal heute nur eine Hand voll exemplarische Beschwerden verhandelt wurden. Diesen Trick hat sich das BVerfG wohl ausgedacht, um nicht vor dem Problem zu stehen dass jeder Beschwerdefuehrer sicher ein Recht haette, persoenlich vor Gericht anwesend zu sein.

Der Gerichtssaal des BVerfG ist sehr klein. So klein, dass bei besonders bedeutungsvollen Verfahren kaum mehr Platz fuer Besucher ist. Der eigentliche Gerichtssaal war schon durch die Beschwerdefuehrer, die zahlreichen Vertreter des Gesetzgebers und der Behoerden und Amstraeger (BKA, Polizeipraesidenten, Richter an diversen Gerichten, Bundes- und Landesdatenschutzbeauftragte, Mitglieder des Bundestags und nicht zuletzt die zahlreichen wissenschaftlichen Mitarbeiter des Bundesverfassungsgerichts selbst belegt. Hinten waren noch zwei Reihen fuer Besucher frei.

Diese beiden Reihen wurden durch Studentengruppen belegt - oder vielleicht koennte man fast sagen "verschwendet". Ein nicht unerheblicher Teil dieser Studenten (u.a. der TU Darmstadt) hatte tatsaechlich geschlafen. Was fuer eine Ungeheuerlichkeit, nicht nur ein Mangel an Respekt gegenueber dem hoechsten Gericht des Landes und dem Thema gegenueber - sondern auch eine unverschaemtheit gegenueber den vielen vmtl. hunderten von interessierten Buergern die gerne der Verhandlung beigewohnt haetten, aber einfach keinen Platz mehr bekommen haben. Freunde von mir haben am 2. Tag nach der Terminankuendigung versucht noch einen Platz zu bekommen - vergebens.

Da haben wir also die nahezu perverse Situation, dass das hoechste Gericht zwar faktisch von jedem Buerger angerufen werden kann, dies auch eine fuenfstellige Zahl an Buergern wahrnimmt - dann aber die eigentliche Verhandlung nur fuer eine kleine Elite zugaenglich ist, und Aufzeichnungen oder Uebertragungen nicht gestattet sind. Das erscheint mir doch irgendwie ungerecht.

Doch nun zur Sache:

Der 1. Senat unter dem Vorsitzenden Richter Papier hat die Anhoerung im Allgemeinen sehr souveraen geleitet. Es gab ein paar amuesante Momente, als z.B. die Vertreterin des Justizministeriums das Wort an den Prozessbevollmaechtigten der Bundesregierung uebergeben hat, obwohl doch das Gericht normalerweise das Wort erteilt, und nicht andersherum ;)

Wie auch schon bei der letzten Verhandlung: Die Beitraege der geladenen Sachverstaendigen waren bisweilen der interessanteste Teil, vor allem eben die diversen Fragen des Gerichts. Diese Fragen erlauben einerseits einen Blick hinter die Ueberlegungen der Richter - andererseits aber auch in wie weit die technischen Zusammenhaenge und deren Folgen vom Gericht bereits verstanden werden. Das jetzt bitte nicht falsch verstehen: Ich habe tiefsten Respekt vor dem Gericht, und es ist i.d.R. sehr erstaunlich wie weit sich die Richter in das jeweilige Fachgebiet einarbeiten. Wie auch schon bei der Verhandlung zu den Wahlcomputern lassen die Vertreter der Regierung bzw. der untergeordneten Behoerden da oft deutlich weniger umfassende Kenntnisse durchblicken.

Die ganze Debatte zur VDS (Vorratsdatenspeicherung) ist verzwickt. Wir haben da historisch einen Bundestag, der keine VDS will, einen Rat der EU-Innenminister der das dann einfach als EU-Richtlinie beschliesst, und einen Bundestag, der in Folge die exzellente Ausrede hat, dass er die Richtline ja umsetzen muesse, um von der EU kein Verfahren angehaengt bekommt.

Die EU-Richtline heisst nun eben auch, dass das BVerfG nun nicht nur in der Sache zur VDS entscheiden kann, sondern sich eben noch mit der Frage beschaeftigen muss, was denn passiert wenn eine EU-Richtline mit dem Deutschen Grundgesetz in Konflikt steht.

Ein paar voellig ungeordnete aber fuer mich bemerkenswerte Punkte der Verhandlung heute:

Es gibt keine empirisch/wissenschaftliche Grundlage die belegt, dass die VDS zur bekaempfung von Terroristischen Anschlaegen geeignet ist (das war ja nach Dem 11.9. sowie den Anschlaegen von Madrid und London die Begruendung).
Der Chef der Bundesnetzagentur hat mehrfach ganz unuebersehbar nicht auf eine wiederholte Frage des BVerfG geantwortet: Gibt es Unternehmen, die gesetzlich zur VDS verpflichtet sind, aber andererseits keinerlei Verpflichtung zur erstellung oder Abgabe eines Sicherheitskonzepts zur Sicherheit dieser Daten haben? (Meine Auffassung: Ja, die gibt es!)
Die Bundesnetzagentur macht, wie sie selbst sagt, im wesentlichen Pruefungen der Sicherheitskonzepte am Schreibtisch. Das muss ja mit der Realitaet in den Unternehmen nicht viel zu tun haben.
Einer der Beschwerdefuehrer, Minister A.D. Dr. Burkhard Hirsch hat wohl die lebhaftesten und unverbluemtesten Redebeitraege gehalten; sehr erfrischend.
Der Polizeipraesident von Muenchen wurde gebeten, konkret zu begruenden, wie die VDS der polizeilichen Ermittlungsarbeit in Muenchen hilft. Fast alle seiner Beispiele waren ungeeignet, da sie auch ohne VDS aber z.B. mittels einer telefonischen Fangschaltung oder einer Verbindungsdatenspeicherung nach expliziter Aufforderung durch die Polizei (und nicht auf Vorrat) moeglich gewesen weaeren. Zwei seiner Beispiele haben sich zudem generell als falscher Alarm herausgestellt (Journalist macht einn Testanruf; gelangweilter Schueler kuendigt aus Spass Amoklauf an). Das klang alles eher nach Stammtischgeschichten als nach fundierter Ermittlungsarbeit in wichtiger Sache.
Die Sicherheitsanforderungen an die Speicherung der VDS-Daten ist derzeit offensichtlich nicht hoeher als an alle anderen Daten innerhalb des Fernmeldegeheimnisses insgesamt. Also der gleiche Sicherheitslevel, der uns zu den Datenschutzskandalen wie z.B. bei der Telekom gefuehrt hat. Das ist ja mal echt vertrauenerweckend.
Der Chef der Bundesnetzagentur spricht gerne vom "bill shock", was laut ihm eine ueberhoehte Telefonrechnung nach unabsichtlicher Nutzung der teuren Auslandsroaming-Tarife im Mobilfunk ist.
Ein kleiner Schmunzler am Rande war dann noch Burkhard Hirsch's "Blueberry", als er den Blackberry meinte ;) Ja, klar, jeder weiss was er meint und niemand nimmt es ihm uebel - aber es zeigt einfach, wie unsicher die "alte Garde" mit den Begrifflichkeiten der heutigen Alltagswelt umgeht.
Die qualitaet der Richterlichen Anordnungen laesst offensichtlich sehr zu wuenschen uebrig. Es ist aufgabe des jeweiligen Richters, einzuschraenken genau welche Daten denn vom TK-Dienstleister uebergeben werden sollen. Laut dem Vertreter des Verbands der Internetwirtschaft (eco e.V.) kommen hier anscheinend recht allgemeine Anordnungen im Stil von "geben Sie uns mal alles was Sie haben" vor. Das geht so natuerlich nicht!
Es kam zur Sprache, dass deutlich mehr Leute jetzt ihre eigenen e-mail Server betreiben wollen (privat und bei Firmen), weil man sich damit der e-mail VDS entziehen kann. Ist ja schoen, dass es den Trend gibt, und gut dass das auch mal auf dieser Ebene zur Sprache kommt. (Fuer mich kaeme etwas anderes niemals in Frage. Meine Daten gehoeren mir. Ich wuerde weder die Speicherung meiner Mails noch jeglicher anderer Daten jemals einer anderen Person anvertrauen, weder einem Privatunternehmen noch einer staatlichen Stelle). Das ist genau einer der vielen Tricks, mit denen die "digitale Elite" (und garantiert auch die vermeintlich zu bekaempfende organisierte Kriminalitaet oder der Terrorismus) arbeitet. Letztlich trifft man dann nur den Otto-Normalverbraucher, und benutzt die Daten dann fuer harmlose Beleidungsdelikte oder Urheberrechtsverletzungen im privaten Bereich.

deDECTed.org receives massive number of hits

Harald Welte — Tue, 20 Jan 2009 19:00:00 GMT

One of the projects that I'm hosting (and which I've helped to initiate) on gnumonks.org is the deDECTed.org project about security research and analysis of the DECT protocols.

Like I've pointed out in many of my presentations and here in this blog, there are many communication systems in use today which don't even remotely receive as much scrutiny as TCP/IP, the Internet and the PC world. RFID is one of them, which is why I helped to get OpenPCD, OpenPICC, librfid and other projects started. My recent work on GSM protocol analysis as well as OpenBSC are of similar nature. And deDECTEd.org is doing the long-neccessarry scrutiny to evaluate practical DECT cordless telephone security.

As it seems, the news about the insecurity of most cordless phones has made its way into mainstream news, and the website is now getting thrashed quite a bit, despite running on a dual-core Opteron with quite a bit of RAM and fast SCA disks. Which is good. This means that people are indeed caring about the confidentiality of their cordless phones. It's a pity that the industry missed that fact and is shipping outdated technology way beyond todays state-of-the-art in IT security. Proprietary symmetric ciphers, weak RNGs, no user indication if the protocol falls back to no encryption, etc.

I've changed one of my e-mail signatures a couple of years back to a quote from the ETSI DECT spec: "Privacy in residential applications is a desirable marketing option". A Marketing option. Not something anyone would have to give much thought about. I hope the hardware vendors will now get sufficient public pressure to get their act together...

It's also great to see Patrick McHardy of netfilter.org fame now work on implementing a DECT protocol stack for the Linux kernel. Very exciting work.

The only sad thing is that all I can do is sit back and watch. I so much wanted to work on this project, but never got a chance. There are too many high-priority things going on, and I'm basically spending all my time in exciting (but unpaid) GSM protocol related work right now.

If you're at the 25C3: Don't miss the DECT talk

Harald Welte — Sat, 27 Dec 2008 19:00:00 GMT

If you're at the 25C3, I strongly recommend visiting the DECT security talk. Trusty me, you won't be disappointed.

It's one of the most exciting thigs that I've been seeing happening recently. Finally, some more people transcending beyond boring Internet security and moving into other areas of communications security that are desperately needing more research.

Blinkenlights is back (stereoscope)

Harald Welte — Fri, 03 Oct 2008 19:00:00 GMT

Some of you might remember the famous blinkenlights installations of the CCC in Berlin at Alexanderplatz some years back. Basically they used a matrix of windows on a building for a low-resolution display to play pong and display all kinds of animations and text.

After a long break, they're back, even bigger with blinkenlights stereoscope, a massive installation spanning 960 windows of Toronto City Hall. The entire backend technology has been re-implemented based on OpenBeacon , specifically the WMCU and the WDIM units.

Chaosradio on Software Defined Radio

Harald Welte — Fri, 16 May 2008 19:00:00 GMT

I've had the pleasure of being invited to Chaosradio Express maker Tim Pritlove to talk about Software Defined Radio in general, and gnuradio plus USRP specifically. You can listen to the resulting 2+ hours of podcast (in German).

It's been a great experience, and I have a good feeling that it was possible for us to explain this fairly detailed subject to our already at least moderately technical audience.

SDR is really hard since it combines aspects of traditional radio, i.e. physics of electric waves, electrical engineering both analog and digital, digital signal processing and software. The biggest part is really advanced mathematics, and at least from all the subjects that I've seen, it's probably the most direct and close-to-theory incarnation of applied math.

Luckily, a fairly high-level understanding of the algorithms and principles involved are already sufficient to do a lot, since most of the deep-down mathematical details of many algorithms have already been implemented as building blocks for gnuradio. Still, I assume the number of developers who are actually able to use gnuradio is far too low. If you're looking for an interesting field of software right now, I suggest going for digital signal processing. It's in every area of communications, ranging from analog modems over ISDN, DSL, WiFi, USB2, Bluetooth, GSM, UMTS, DECT, ZigBee, Ethernet, VoIP and probably any other communication technology that we use today.

My personal favourite from 24C3: Xbox 360 hacking

Harald Welte — Mon, 31 Dec 2007 19:00:00 GMT

I've seen quite a number of presentations live at 24C3 as well as recorded ones in the days following the event. While many of them cover important subjects, there is one lecture that is outstanding: "Deconstructing Xbox 360 Security".

The level of technicality of this presentation was just right. Finally something that went deep down into the technical details. Explaining what kind of flaws they found in the disassembled power PC object code.

I definitely want to see more lectures/presentations like this. Don't be afraid to overload the audience with technical details. Just go ahead with it :)

Also, this presentation has shown how far advanced the game console hacking is compared to mobile phone hacking (at least from what I've seen in the ETC (Ada-developers) and and Motorola hacker communities). The problems are similar: Completely undocumented hardware, cryptographic authentication of code by the boot loader (sometimes down to mask ROM), ...

So I hope that the mobile phone hacker community will grow and more people with this skillet, attitude and time will join. Free your phones!

Personal reflection on the 24th annual Chaos Communication Congress

Harald Welte — Fri, 28 Dec 2007 19:00:00 GMT

It's great to be at 24C3, the 24th incarnation of the Chaos Computer Clubs annual congress in Berlin.

In fact, this is my 10th anniversary at this congress, i.e. the first one I visited was 15C3. I ended up at 15C3 as somewhat of a coincidence by just following a fellow Linux hacker from the Linux User Group Nuernberg to whom I've since lost all contact.

What's actually worth mentioning is that this is the first CCC congress that I visit as a pure guest. I have no lecture, and I am not actively involved with any of the things I have been involved before, such as the video recording/streaming team or the Sputnik RFID location system.

Interestingly, I felt the first day much more tiring than usually, despite having slept more than in any of the previous years. Apparently the lack of constant adrenaline caused by last-minute-problem-solving has its impact..

The congress is a lot of fun, I've been talking to many old friends, colleagues and fellow hackers from all over the world, involved in all of the projects and/or companies that I've remotely had any contact throughout that ten year time period.

It's a very nice feeling. I doubt there is any other event or occasion where I would feel more at home than at this annual congress. This is my culture. This is where I belong. Here are people who understand, or rather: understood.

Looking forward to the Chaos Camp 2007

Harald Welte — Fri, 03 Aug 2007 19:00:00 GMT

In about 24 hours I'll be on my flight 'back' to Germany. In fact it's not really a flight back to Germany, but more like a temporary break of my extended stay in Taipei for the sake of OpenMoko.

The main reason for this trip is to attend the Chaos Camp 2007 of the CCC. I've so far dropped every conference or other technical event this year to concentrate on my work for OpenMoko, but I'm not able to compromise on the camp.

On the one hand, I'm looking forward to finally not having any official function at a CCC event. More than one year after vacating my task as leader of the video documentation effort, and after my somewhat minor involvement with the sputnik RFID tracking project at the congress last December, this is not really the first CCC event which I'll visit as a pure visitor. I haven't even submitted any paper.

So the camp will be holiday. Time to relax, talk with fellow hackers. Sure, lots of the German OpenMoko guys (roh, stefan, alphaone, and our newcomer gismo) will be there. So there will definitely be some kind of productive outcome for the OpenMoko project, too. But in a very different setting. Doing thighs that are fun, rather than all the things that have to be done :)

Chaos Communication Camp 2007

Harald Welte — Thu, 25 Jan 2007 19:00:00 GMT

The date and location for the 2007 Chaos Communication Camp have been announced, which is really good news.

First two days of 23C3

Harald Welte — Wed, 27 Dec 2006 19:00:00 GMT

I'm currently at the 23rd annual Chaos Communication Congress in my home town Berlin, Germany.

After having dropped out of my usual volunteer work in the Audio/Video recording team, I thought that this year would be slightly more relaxing. Then came the Sputnik system, which suddenly started to eat some of my time weeks and months before the congress, as well as the last couple days before the congress, during the build-up. In fact, given my many other projects, I was close to going crazy and thus dropped out of the project and disappeared completely from the congress for about one day. Sorry about that, but I just needed to relax and calm down.

After a very stressful 26th of December, the team actually managed to set the whole back-end and middleware system up on the first day of the event, and the 3D visualization was running by 4am of the second day.

Now I'm back to normal mode, present at the event almost all day, which I intend to do for the next two days, too.

CCC Berlin now proud owner of USRP

Harald Welte — Wed, 02 Aug 2006 19:00:00 GMT

Finally the Berlin Section of the CCC has managed to obtain some donations (courtesy of ) for the purchase of a USRP with all major front-ends (BasicRX, BasicTX, RFX2400, RFX1800, RFX900, DBSRX, ..).

I sincerely hope that this device will be able to fuel even more interest in RF communications and research of security aspects of popular RF systems such as DECT. At least a bunch of interested hackers now have all the tools they need :)

Chaosradio 114: Software project management

Harald Welte — Sun, 25 Jun 2006 19:00:00 GMT

Tomorrow I'll again be participating in Chaosradio. This months Chaosradio 114 issue is about software project management, both in the proprietary and FOSS world.

Upcoming Chaosradio show on encryption

Harald Welte — Tue, 21 Mar 2006 19:00:00 GMT

After quite some time of absence, I'm finally going to participate in Chaosradio again. The subject of the upcoming show is encryption for personal use, mostly focusing on hard disk and email encryption.

22C3 is over

Harald Welte — Sun, 01 Jan 2006 19:00:00 GMT

Two days ago, 22C3 was closed. This years incarnation of Europe's largest hacker conference can be seen as a full success. Some 3000 attendees, about 180 lectures, a 10Gigabit Internet Uplink and our own /16.

The video recordings have turned out fine. We've had working WMV live streams, and somewhat intermittently working MPEG2 and MPEG4 live streams, as well as working OGG and MP3 audio streams of all four lecture tracks.

For archival, we have MPEG2Video (5Mbit) as well as the original DV tapes, and a FLAC audio recocrding.

Looking at the tremendous amount of work that went into the A/V recordings, and the fact that I'm involved with the A/V team since seven years, I'm actually thinking about looking for some other area where I can get involved next year.

My two lectures (on OpenEZX and librfid/libmrtd) went fine, even though they both had very little preparation ;)

In the next couple of days I'll be cutting the fourth day of the video recording, and then slowly getting back into netfilter and OpenEZX related development. Oh yes, and I'll also promise more blog updates.

For some strange reason, my git tree seems to have become corrupted over the last two weeks, so I first need to sort this out before getting any reasonable work done.

22C3 preparations

Harald Welte — Wed, 21 Dec 2005 19:00:00 GMT

The main reason why this blog has been so quite since my return from Bangalore: I'm spending every free minute in preparations for 22C3, the annual Chaos Communication Congress. As usual, my job is to take care of the audio and video recording and streaming.

So for the last days I've been hunting numerous bugs related to this, mainly in ffmpeg, but also radeonfb, vlc, Debian ffmpeg / x264 packages, etc.

I'll be back on track after 22C3 is over. More blog updates then, I promise.

Lecture on privacy and data protection issues at Potsdam University

Harald Welte — Tue, 08 Nov 2005 19:00:00 GMT

Today I had the honour of holding a guest lecture at the Institute of European Media Studies of the University of Applied Sciences in Potsdam. The lecture was entitled "Privacy, Data Protection and Surveillance - Risks and side effects of modern communication technology".

To my big surprise, the lecture was very well received, and members of the institute have suggested that they are interested in some follow-up lectures on other topics such as copyright / software patent / GPL issues.

Big Brother Awards 2005

Harald Welte — Thu, 27 Oct 2005 19:00:00 GMT

Today, the sixth "Oscar awards for data leeches" will be awarded. The BBA is a "negative award" or "anti award" for persons, organizations, companies, government agencies that disrespect civil liberties, data protection and privacy.

I've always been a big fan of those awards (which are now even awarded in a number of countries outside of Germany, too). They provide an excellent opportunity to publicly point at (and rant about) those who further restrict the [digital] freedom of individuals.

This year I'm going to be present at the ceremony for the first time.

Chaosradio on ePassport and Biometrics

Harald Welte — Tue, 27 Sep 2005 19:00:00 GMT

Due to the importance of the subject, we will do the second Chaosradio show this year dedicated to electronic passports and biometric identification.

Germany will issue them starting with November this year... so now is about the last possible time to apply for a brand new, shiny, glossy, cheap "old-style" passport that doesn't contain any biometric information.

Chaosradio 105: Embedded Systems

Harald Welte — Tue, 30 Aug 2005 19:00:00 GMT

This month's Chaosradio show (held today) will be looking into the plethora of embedded devices that are present in todays world.

CCC "residents" will be Tim Pritlove and myself.

The main focus will be on consumer embedded systems, especially those running free operating systems and those with good "hack value".

Chaosradio on Electronic Health Card

Harald Welte — Mon, 25 Jul 2005 19:00:00 GMT

Today I'll be moderating this months' episode of Chaosradio on the upcoming German Gesundheitskarte (Electronic Health Card, EHC).

This is the latest incarnation of the ever-increasing number of large-scale IT projects in public atministration. Following-up infamous examples such as TollCollect, the ALG2 software, INPOL-NEU, ELSTER, and last but not least the RFID enabled electronic Passport. And it will affect the data privacy and data protection of even more German citizens than any of the beforementioned systems!

I'm very pleased to announce Thomas Maus (ThoMaus), one (if not the) most prominent critical experts on the EHC as a live guest in the radio studio.

This subject is actually one that I think fits best into the idea of Chaosradio: Technical, but with vast implications on society. Even more than my last "favourite" data retention, but less than the upcoming Chaosradio show on "voting machines".

From my point of view there are too many issues currently at this border between technology, politics and society that need to be adressed. Too many to just talk about geeky technological stuff that is certainly also happening and woth covering it in Chaosradio.

Chaosradio 100: Energy consumption of the IT industry

Harald Welte — Tue, 29 Mar 2005 19:00:00 GMT

Today we again had our monthly chaosradio live show. The subject that we picked from the list of suggested topics, and it definitely was worth doing a 3 hour show on it.

Computers always get faster. The downside of this is that they always consume more energy. From 1W of a 80386 to 15W of a Pentium I, we've now arrived at more than 100W for the latest PC CPU generations. The PowerPC architecture was quite promising for some time, but at least since the G5, power consumption is almost equal with the Intel world. About the only promising figures come from ARM based CPU designs at the moment - something that you will find in PDA's and embedded devices, but not in desktop machines.

Apart from the power consumption we're also talking a bit about the ecology in general, like the amount of energy and raw materials required to build a new PC. It is quite considerable, especially taking into account that most PC's are not used for more than two to three years.

In case you're now interested (and understand German): A recording of the live is available for download.

CCCeBIT negative award for Bundesdruckerei

Harald Welte — Mon, 14 Mar 2005 19:00:00 GMT

The CCC has presented it's 2005 CCCeBIT negative award to the Bundesdruckerei, the formerly state-owned now-privatized company in charge of printing passports in Germany.

They are one of the strong forces in Germany behind the announced introduction of biometric information in passports. To understand this, you have to know that the law still requires passports being produced by Bundesdruckerei, even though they're now a private company.

Our Agilest 54622D mixed signal oscilloscope arrived

Harald Welte — Tue, 01 Mar 2005 19:00:00 GMT

Due to the generous donation of TomTom, we were finally able to purchase a second hand digital oscilloscope.

The 54622D has two analog channels with 100MHz bandwidth (200Ms/s) and 16 digital channels with 200/400MS/s. The really nice features include stuff like CAN-, I2C-, USB- and SPI trigger modes :)

Let's see how this new toy is getting used to explore yet more technology...

Allnet donates network switches to CCC Berlin

Harald Welte — Fri, 21 Jan 2005 19:00:00 GMT

In very short amount of time, two 19" rack-mountable Ethernet switches went dead at the Berlin Chaos Communication Club.

The chairman of the friendly company Allnet was immediately willing to donate two replacements. Very kind of him :)

Chaosradio 99 - Telekommunikationsueberwachungsverorndung

Harald Welte — Fri, 21 Jan 2005 19:00:00 GMT

After about four months, the first Chaosradio radio show that I was participating in. Subject of the show was the telecommunications surveillance act (TKUeV) and the corresponding technical directive. Starting from 1st January 2005, any "provider of telecommunication services" has to provide lawful interception interfaces for government and police authorities.

The big issue is that it isn't only about providers, but about anybody who runs more than 1000 mailboxes on an email server, even if it is non-for-profit.

If you're interested in the full show, you can download it from the usual location on ftp.ccc.de.