Thomas Koch

Dubio Sapientiae Initium.

Thursday, December 8. 2011

On distributing binaries

Many software developers don't care about security. A typical Java developer downloads the Eclipse binary from eclipse.org, a website that doesn't even support https. He then continues to install binary eclipse plugins from several different web sites. Once development starts, maven continues to pull in hundreds of plugins and dependencies without checking their origin.
How do you still want to trust this machine with your private passwords or gpg key? I don't. Therefor I do java development at least in a chroot'ed environment. To make this point a bit less theoretic I've collected examples of compromised downloads or servers in recent months.
Continue reading "On distributing binaries"

Tuesday, October 11. 2011

Gemeinsam für globalen Wandel

english abstract: call to assembly on October 15th in Constance (Germany).

ATTAC Konstanz und www.echte-demokratie-jetzt.de laden ein zur Versammlung "Gemeinsam für globalen Wandel" am 15. Oktober 2011 um 15:10 Uhr auf die Marktstätte (in Bankennähe)

  • United for global change
  • Wir sind die 99%!
  • Wir zahlen nicht für Eure Krise!
  • Echte Demokratie jetzt!

Weltweit gehen an diesem Tag Menschen auf die Straße, um darüber ins Gespräch zu kommen, in welcher Gesellschaft sie leben wollen. Mit ihnen gemeinsam empören wir uns darüber, dass heute die Interessen von Banken und Konzernen vielfach über die Interessen der Menschen gestellt werden, und die Kluft zwischen Arm und Reich immer größer wird. Wir sehen uns durch Politik und Wirtschaft nicht mehr repräsentiert und wollen selbst für grundlegende Veränderungen eintreten. Wir engagieren uns für neue Wege aus der Krise, jenseits von Parteien, Gewerkschaften und anderen Gruppeninteressen.

Darüber wollen wir auch in Konstanz auf der Marktstätte miteinander reden. Zur Information, wie sich Menschen in anderen Ländern für ihre Anliegen einsetzen, wird es einen Informationsstand über die Protestbewegungen in Spanien, Griechenland, Israel, Chile und den USA geben.

Weitere Informationen:

Sunday, May 29. 2011

Is it really that hard?

It's 2011. Computers are here for a couple of decades now, but they still don't help me with the most simple problems. I've been asked once again about a recommendation for a GroupWare and still don't know what to say. This are the simple requirements:

Manage my Mails, Calendar, Contacts, Files, Knowledge (Wiki) and ToDos (including IssueTracker). Let me synchronize these informations with mobile devices and for offline work. Allow collaboration and sharing.

I started professional programming in 2006 with the eGroupWare project, which provides the above functionality more or less, but I still can't recommend it. Neither could I recommend any other system I know of (Tine 2.0, OpenGroupWare, OpenExchange, Horde, Kolab, ...?) since they violate one or more of my secondary requirements:

  • a maintainable code base (this rules out PHP IMHO)
  • free software (there's certainly enough to earn with support/service for such a system!)
  • no relational database! they're just not made for this kind of data or why do you think system X allows only for N numbers of mails/addresses/phone numbers per contact?
  • reusable components / libraries
  • no dependency on antique technology (yes, I mean Kolab depending on Cyrus)
  • and as the cream: easy installation at least for test setups


This kind of software is on the top position on my Things-To-Do-When-I-Have-Time. But on the other hand I know that many have already started such projects and either they did not deliver sufficient functionality or there code base is a PITA.

Yes, I'm ranting once again. But please show me a decent GroupWare and I'll praise you on any occassion!

Or should I make this my project for my bachelor thesis: A Contacts+Mail server/web frontend in Scala using CouchDB, Dovecot? What do you think?

Sunday, May 29. 2011

Keysigning @ Berlin Buzzwords

Whenever you download some software from the Apache Software Foundation, there is a small .asc file besides every software release. This tiny file is a cryptographic signature to protect you from accidentally downloading and running malware.
Put your key signing fingerprints in your badge!
Put your key signing fingerprints in your badge!

However this signature is only as good as the web-of-trust between you and the Release Manager of the Software project.
At BerlinBuzzWords many developers and users will gather at one place. This is a unique occasion to strengthen the web-of-trust. Therefor we want to encourage and remind you to use the occassion for keysigning! For lack of time there won't be an official keysigning party, but you have occassion during lunch, coffee break or the barbecue to do quick one-to-one keysignings.
You should bring print-outs of your key fingerprints and identification documents. If you put the fingerprints in your batch (see picture) everyone can easily see
them and ask you for a quick trust exchange. We may also mark a "keysigning corner" somewhere where people can go and meet others for key signing.

Hints:
  • under Debian (and Ubuntu) you can get a PDF to print out your fingerprints many times via:
    CODE:
    sudo aptitude install signing-party ghostscript gpg-key2ps KEYID | ps2pdf - fingerprints.pdf
  • the signing-party package also contains the tool "caff" to batch process the signing of keys after the event
  • please only use keys with at least 2024 bits!
  • please make sure that you've uploaded your key to a public keyserver
  • I'm happy to answer all remaining questions at the BarCamp on Sunday or during the event

Wednesday, April 6. 2011

Debconf and other travel plans

If you're going to Debconf and would like to take a train, please have a look at the Arrivals page in the debconf wiki! These are my travel plans for the next months:

mai: BarCamp Kirche 2.0, Linuxtag, Fernuni

june: Kirchentag, Ruhrgebiet

  • we, june 1st, Dresden for Kirchentag
  • su, june 5th, to Berlin for BerlinBuzzwords (talking about ZooKeeper)
  • we, june 8th to Düsseldorf for university and meeting on "church - situation, outlook"
  • mo, june 13th backo home to Constance/Kreuzlingen

juli: Fernuni, Debconf (Bosnia)

  • juli 13 - 19: Hagen (Ruhrgebiet) for university stuff
  • fr, juli 22th Zurich 20:40 to Novska or Okucani
  • su, juli 31th Novska or Nova Gradiska 15:51 to Zürich
outlook: Froscon in Bonn, august 20th, Linuxtag Oberhausen november 12th
« previous page   (Page 3 of 29, totaling 145 entries)   next page »
Frontpage

Links


Impressum

Archives

categories


All categories