Archive for November, 2008

Lassen Sie uns Ihr Vermoegen hochheben

Friday, November 28th, 2008

… mit dem Titel habe ich heute eine Spam-Email bekommen — erinnert sehr an den englischen Begriff “Shoplifting” — oder an die alten Witze ala “Die Telekom will an die Börse — auch an Ihre” 🙂


Thursday, November 27th, 2008

Yesterday there was an interesting talk on e-voting @metalab by Goesta Smekal. In the discussion, the audience mostly agreed that e-voting shouldn’t be used because we can never be sure that a machine isn’t modified to do something different from correctly counting votes.

That there may be an incentive to win an election by cheating was pointed out by Bruce Schneier in “Stealing an election” in a 2004 Cryptogram newsletter. Now it’s an old hat that it is possible to hide rogue code that won’t be found by inspecting the source-code since in 1984 Ken Thompson published the computer science classic Reflections on Trusting Trust. Recently it has even been possible for researchers to build malicious hardware — with the budget of a university research lab. Open Source in this case is not an answer to the problem: We can’t be sure that the machine is running our software.

So the question is really: How can each voter be sure that the election is carried out correctly. For inspecting a voting machine — even if this would be theoretically possible and the papers cited above indicate that it’s probably not possible — we need an expert — who can be bribed. With paper ballots an untrained observer can convince himself that the election process is correct. Attacks on the system come at high costs and are detectable with a high probability. So let’s stick to the proven distributed algorithm of casting paper ballots.

Update on open money

Friday, November 21st, 2008

Some time ago at linuxwochenende I’ve outlined my current state of reading on alternative money projects and implementations. Slides (mostly english) are online and there is even a video of the talk (in german, see linuxwochenende link above for torrent or html download). The funny money in the title refers to a paper by Ted Lewis, “Why Funny Money Will Have the Last Laugh”, Computer, vol. 33, no. 5, pp. 112,110-111, May, 2000 (all citations on the web seem to disagree on the page numbers I’ll have to dig out my copy and see what the page numbers really are) which is probably not very exciting today but got me interested in the subject.

Now I’ve discovered some more interesting bits I want to document here.

I’ve recently discovered OpenCoin via the peer to peer foundations feed. OpenCoin seem to be among the first who tackle money with a scientific approach to money protocols *and* release their code as open source. They’ve started by formulating requirements which are referenced in two preliminary papers on existing crypto protocols:

In these papers they outline the cryptography to use for their implementation and check these against their requirements. These reports are very preliminary (still contain serious typos for example I’m missing a “not” in section “2.2 Anonymity” in the report on Chaum’s Architecture that distorts the meaning of the whole sentence).

More serious may be that the don’t consider newer approaches to money protocols — this may be due to patent and security considerations: Chaums work is older than 20 years. Protocols that have withstood some time of not being broken might have a higher chance of not developing a serious failure in practice… but it may also be an indication that the field is very wide.

And another sad fact: The web-page of the project is not very lively — the last entries on the wiki are from march this year. Seems that they applied for funding from LGA (London Development Agency) and received that (as indicated on the main page) but never published anything after that. Or maybe they anticipated to receive a funding which never came.

Another interesting project — which actually produced software that is used in practice is Cyclos by the Dutch Social Trade Organisation STRO (used to be called Strohalm).

This is a more traditional approach to a system where a trusted organisation manages a local currency like LETS or barter systems. Also microcredit systems are managed with this system according to their web site.

I’ve recently discussed about money alternatives with Clifford — one thing we couldn’t agree on was if one needs the state as the central authority for issuing money. I argued that there are already many projects (some of the mentioned in the linuxwochenende talk above) doing this today. Cliffords answer was that they’re all backed by the existing money system. I’m undecided on this issue but tend to believe that a local community can agree on a currency without a state. It may even be possible to do something like Terra (a good intro to Terra is on p2pfoundation ). At least we can start now that the existing money system still works (Sort of. Or not. Maybe.).

OpenMoko 2008.9

Monday, November 10th, 2008

I’ve now had some time to look more closely into my OpenMoko Neo. The first thing I did was upgrade the device to the new Firmware 2008.9

The needed dfu-util is a Debian lenny package, on my lenny-laptop just one apt-get away. The upgrade steps are well documented on the “Flashing the Neo” page.

I’ve also upgraded the bootloader because I wanted to try to install Debian (on the SD card) and the instructions say to upgrade the bootloader.

After booting into the new version I discovered that the “Settings” icon did nothing. The device would auto-suspend after about 30 seconds when not in use via the touch-screen. Fortunately I had experimented earlier how to get a SSH-connection to the device — I wouldn’t have found out in 30 seconds: The device would suspend and kill a running SSH-session.

The openmoko device comes up as network interface usb0 on the machine you connect the USB to. The IP is, you should configure your usb0 network interface to something like

I’m using the Debian package ipmasq on my laptop, so NAT to my internal network for the openmoko was working immediately, I could ping machines on my internal network.

So I held the touch-screen with the left-hand thumb and configured the network: The device comes up with an empty /etc/resolv.conf, you should insert a nameserver line with the IP of a reachable nameserver.

After having a running network (remember I’m still preventing the device from suspending and killing my ssh session with one finger on the display) I installed the package illume-config which adds a little toolbox-icon to the window-manager. With this I was able to finally disable the suspend via the config. After that I did an opkg upgrade of the device and the “Settings” program magically started working.

The first experiment with a phone-call failed, because the called party could not hear me. I had to install alsamixer and turn on the microphone and capture devices. Now calling and being called works fine.

I haven’t experimented too much until now — one of the major roadblocks is a broken input method. The on-screen keyboard is not really suitable for entering commands into an xterm. One of the next steps will be to install Debian on the device.