Encryptie: politie wilt nu ook op uw computer

keylogger: subtlety is my middle name (found on a WoW-forum)In de strijd voor onze zielerust wilt de politie nu een wettelijk kader om privé-computers te mogen hacken. Zou het kunnen zijn dat ze, in navolging van de FBI, ook keyloggers willen kunnen installeren? Omdat men, zoals Henk hier in de commentaren zette, verdachten niet kan verplichten om een bestand, bericht of harde schijf te decrypteren?
Niet dat er geen oplossingen zijn om (hard- en software) keyloggers te omzeilen (boot in een live-cd en gebruik daarin het onscreen-keyboard bv), maar willen we onze privacy echt zomaar uit handen geven, in naam van de strijd tegen terrorisme en kinderporno? De Liga voor de Rechten van de Mens gaat het druk krijgen, ik moet toch maar lid worden!

New: cross-document messaging

With new versions of our trusted browsers coming out, web developers who like living on the edge can start  using some of the new features that are becoming available. One such goody is cross-document messaging, which is part of the HTML5 draft spec.
Cross-document messaging allows children of a window (think iframes, popups, …) to communicate using JavaScript, even if they originate from a different domain. This means that Instead of just iframing an external application, without being able to integrate further, your page can send and receive messages to/ from it. PostMessage could even be used to do cross-domain XHR (a hidden iframe on the same domain as a a remote datasource can be used as a proxy to perform XmlHttpRequests on that remote domain) untill the real thing hits the streets as well.
The two additions that allow you to perform such messaging, are window.postMessage and an eventlistener for events of the “message” type to handle the message. A pretty straightforward example of this can be found on JQuery’s John Resig’s site (see also his lastest blog entry about postMessage). As cross-domain javascript can be a potential big security risk, taking into account some precautions is really really really really really necessary. Really!
On the downside (as if security is not a problem); this brand new feature is only available in Firefox 3 for now. My own little test (a copy of John Resig’s example with some minor tweaks) worked in Opera 9.2x (and 9.5b) as well, but postMessage seems to have been dropped from the final Opera 9.5, as the tests on Opera Labs don’t seem to work any more either. Support for postMessage is also available in Webkit (Safari‘s backbone) nightly builds and in Microsoft’s IE 8 BETA (with the event being ‘onmessage’ instead of ‘message’ and some other quirks but hey, this is beta, no?).
So expect postMessage to be available in all major browsers by the end of the year. But why wait if you know that Facebook is already using postMessage in their chat application. I wonder what they fall back to if it is not available though …

Het gebruik van versleuteling is …

secours rouge logoZoals ik eerder schreef pakte het parket, na de arrestatie van 4 leden van de Secours Rouge omwille van contacten met een Italiaanse extreem-linkse terreur-organisatie, uit met het feit dat

“de vier beschikten over een decoderingssyteem voor hun e-mails en software om alle data op harde schijven grondig te wissen”

Mag dat dan nog wel, encrypteren? Moeten we PGP (of GPG), Truecrypt, SSH, openSSL, … deïnstalleren om te vermijden als terrorist opgepakt te worden? Ik belde daarover onder andere met de Liga voor de Rechten van de Mens. privacy-vriendelijke toepassing van de Europese databewaringsrichtlijn (tekenen en linken die petitie!), was alleszins ook bijzonder verbaasd over encryptie als vermeende grond voor arrestatie.
Op basis van wat ik als niet-jurist kon opmaken uit een diagonale lezing van de wet op terroristische misdrijven, de wet op de bijzondere opsporingsmethodes en een bespreking van de afluisterwet (pdf), waren er in die teksten alleszins geen beperkingen op het gebruik van encryptie terug te vinden. Op een pagina van Prof.dr. Bert-Jaap Koops, Professor aan de rechtsfaculteit van de Universiteit van Tilburg, vond ik wel relevante informatie, die verder bevestigd en verduidelijkd werd door Geert Somers, advocaat bij timelex.eu en gespecialiseerd in IT en recht. Samengevat; het gebruik van versleuteling is volgens de wet betreffende de hervorming van sommige economische overheidsbedrijven (en meer bepaald volgens de wijziging van 19/12/1997 die artikel 109terF toevoegde) vrij, maar een onderzoeksrechter kan je volgens de wet op informatica-criminaliteit van 28/11/2008 wel verplichten die informatie te decoderen. Het gebruik van encryptie-software die “plausible deniability” toelaat, is dan ook een aanrader!
Of de feiten waarop de arrestatie van de extreem-linkse activisten gebaseerd zijn, zwaar genoeg wegen, moeten we afwachten. Misschien weigerden Sassoye en co om te decrypteren, misschien is het parket aan het bluffen. Maar dat ze opgepakt zijn omwille het gebruik van encryptie op zich, is op basis van bovenstaande alleszins onjuist.

12 minuten dansen met Laurent Garnier

Laurent Garnier - Back to my RootsIk hoorde de nieuwe van Laurent Garnier enkele weken geleden al bij Gilles Peterson. Nu -het is immers vrijdag- bent U aan de beurt; hieronder in een mp3-speler een fikse portie “Back to my rootsen daarna “Panoramix” (het b-kantje). Op de website van het Duitse Innervisions-label kun je de EP of de 12 minuten durende mp3 (of WAV) overigens ook direct kopen.
[audio:http://www.innercityvisions.com/content/tracks/82/BACKTOMYROOTSWebseite.mp3]

Encryption: go to jail?

Vorige week werden ex-CCC‘ers Pierre Carette en Bertrand Sassoye (samen met enkele andere verdachten) opgepakt. De eerste berichten maakten melding van schendingen van de voorwaarden tot voorwaardelijke invrijheidsstelling. Later stelde het parket dat er contacten waren tussen de verdachten (met uitzondering van Pierre Carette), die lid zijn van steunorganisatie “Secours Rouge“, en de “Partito Comunista Politico-Militare“. Deze Italiaanse extreem-linkse groepering had plannen om aanslagen te plegen en werd in februari 2007 opgedoekt door de Italiaanse politie.
Soit, een beetje vaag allemaal misschien, we zien hoe stevig de bewijzen van het parket zijn. Maar maandag verscheen volgende opmerkelijke informatie nog in de kranten:

De vier linkse militanten die donderdag werden opgepakt in het kader van een terrorismeonderzoek […] zijn aangehouden op basis van twee feiten […] Het tweede feit is dat de vier beschikten over een decoderingssyteem voor hun e-mails en software om alle data op harde schijven grondig te wissen.

Een decoderingssysteem voor hun e-mails? Software om data op harde schijven grondig te wissen? Serieus? Betekent dit dat het gebruik van bv. GPG of Truecrypt of dban verboden zijn? Of dat, als we toch bezig zijn, SSH en -al helemaal van de pot gerukt- het alomtegenwoordige SSL U de gevangenis in kunnen tunnelen? Ik ben bijzonder benieuwd wat hier nog van gaat komen …
Wie meer weet over het wettelijke kader van het gebruik van encryptie en andere data-beveiligings-tools; het comment-formulier behoort U toe!

Radiohead Nude remix op Sinclair ZX Spectrum

Op de Radiohead blog een link naar een wel heel bijzondere remix van “Nude” gevonden, hieronder embedded te zien en horen.

De uitleg van maker James Houston;

Radiohead held an online contest to remix “Nude” from their album – “In Rainbows” This was quite a difficult task for all the electronic musicians that entered, as Nude is in 6/8 timing, and 63bpm. Most music that’s played in clubs is around 120bpm and usually 4/4 timing. It’s near impossible to mix a waltz beat into a DJ set.
This resulted in lots of generic entries consisting of a typical 4/4 beat, but with arbitrary clips from “Nude” thrown in so that they qualified for the contest.
Thom Yorke joked at the ridiculousness of it in an interview for NPR radio, hinting that they set the competition “for a laugh” and to find out what would come out of such an impossible task.
I decided to take the piss a bit, as the contest seemed to be in that spirit.
Based on the lyric (and alternate title) “Big Ideas: Don’t get any” I grouped together a collection of old redundant hardware, and placed them in a situation where they’re trying their best to do something that they’re not exactly designed to do, and not quite getting there.
It doesn’t sound great, as it’s not supposed to.
Sinclair ZX Spectrum – Guitars (rhythm & lead)
Epson LX-81 Dot Matrix Printer – Drums
HP Scanjet 3c – Bass Guitar
Hard Drive array – Act as a collection of bad speakers – Vocals & FX

The WordPress-on-an-intranet nightmare

[UPDATE june 2009: this is solved in WordPress 2.8]
wp for dummies book coverHaving a fair amount of experience with WordPress installations and configuration, I wanted to install trusty old WP 2.5.1 on an idle desktop (winXP+xampp) at work to do some blogging on our intranet. The installation itself went smoothly (how hard can unpacking a zip-file be) but after some time the damn thing stopped working, producing nasty timeout-errors caused by a.o. wp-includes/update.php and wp-admin/includes/update.php.
The problem is that WordPress tries to open an internet-connection (using fsockopen) to see if updates are available. Great, except when you’re trying to run WordPress on an intranet behind a proxy without a (direct) connection to the internet. After some unsuccessful fiddling in multiple WordPress php-files, I ended up disabling fsockopen in php.ini (disable_functions)!

Disabling! Fsockopen! In php.ini! Just to have a working WP?

I mean, come on guys, why doesn’t WordPress provide configuration options where you can specify if and how (what type of proxy, what address to find it on, …) it should try to connect to the internet? I even made this truly amazing UI mock-up which you guys can just like copy/paste straight into your code;

_______________________________________________________________________________
How should WordPress connect to the internet to check for updates?
(*) Direct connection to the internet (default)
( ) Use a proxy:
    Proxy type:     (*) http ( ) socks
    Proxy URL:      ___________________________________________
    Proxy User:     ___________________________________________ (optional)
    Proxy Password: ___________________________________________ (optional)
( ) No internet connection available (WordPress won't be able
    to warn you about updates!)
________________________________________________________________________________

_
😉
Pretty please?

Live from WebScene 2008

webscene logoI’ll be at WebScene 2008 today and if all goes well, I’ll be bringing you live updates of the event (as I did last year). So watch this space if you’re interested!
Being the commuter I am I took the train to Asse and rode my bike from Asse to Affligem (passing Asbeek and Edingen, very nice!) to arrive here at 9h00. So I’m at the conference center, scored Wifi-access and I’m ready to watch and learn.
Bart Van Herreweghe (blog) kicked off with a talk about the new Belgium.be. The Kanselarij van de Eerste Minister worked together with Fedict for the production of the new portal, which was build by a multitude of companies such as IBM, Amplexor, Panoptic, Netway and Internet Architects. Because of the large amount of information that is published on the portal, Internet Architects and Netway played a very important role in information and user-centric interface design, introducing the idea of “doormat”-navigation which could be compared to a (part of a) sitemap being displayed on a (theme-)homepage. Technology-wise, belgium.be uses Tridion as WCMS with templates that contain validated XHTML, with a strong focus on accessibility which aims at Anysurfer plus compliance. The search-module, which will spider a great number of federal websites, is based on Lucene and developed by Panoptic (Cronos) with LBi.
Panoptic’s Ines Vanlangendonck (blog) talked about the importance of usable web content management. Choosing a good foundation (WCM product) and customizing it to the (backend) users’ needs (e.g. adding or removing DAM-functionality, rich text editor functionality, online translation, …) should help get your users (content-owners, editors, …) on board. Looking at the poor adoption rate of the web content management tool chosen at a certain telco company a few years ago, she couldn’t be more spot-on.
Ex-colleague Philip Achten from The Reference presented the implementation of the new Thomas Cook-website. This travel website is an e-commerce business platform first and foremost, with on average 15000 unique visitors/day in 2007 and an estimated growth of 50% in 2008. One of the main goals of the new website was to allow the content team (15 people) and the travelling reporters to manage web-content decentralized. The Reference implemented Sitecore 5.3 for this purpose, a powerfull Microsoft ASP.NET-based WCM-solution, deployed on a loadbalanced environment (2 webservers with IIS and 1 MS SQL databasesserver). Next to the pure content management, a number of applications have been build like the destination search, newsletter, user registration and personalisation and off course the crucial booking application (connection to backend booking engine). In a next phase, building on the user authentication application, user generated content functionality will be added allowing regsitered visitors to add text, pictures and video.
Ektron‘s Norman Graves held a talk titled “Key Technologies and how they impact some real world examples”. He talked about taxonomy and how it’s used in search, geomapping, personalisation in Ektron CMS 400.NET.
Lunchtime has come and gone, time for the afternoon tracks. I started with the presentation about Arte+7, the Arte mediaportal. The website and presentation were done by CoreMedia, who also provided the CMS and DRM-infrastructure. Video’s are published in FLV and WMV-formats, with geolocalisation to limit the countries from which one can watch the content. The same technology is also used in the Arte VOD-site, for which Arte+7 is a teaser. Kinda nice, but lots of javascript and flash in that site, not really accessible.
For the 2nd session I moved to track 5, where U-sentric‘s Tara Schrimpton-Smith talked about “Guerilla Usability Tests? User testing on a shoestring”. Her advise: use friends of friends, somewhere between 2 and 5 users (with 2 testers you should be able to find 50% of usabiltiy issues, with 5 users 85%) and limit the amount of tasks you’ll be testing. She concluded the session with a live example, someone shouted the name of her website, someone else volunteered and the task was ‘what is the address of the headquarters’. Judging the time it took the testperson to find this information, there are some usability issues on barry-callebaut.com. A fun session!
Next up; Robin Wauters (blog) about “Social media is not an option”. Not much stuff to learn here (Robiin talked about technorati, attentio, involve ‘influential bloggers’, blog to showcase knowledge, “dell hell”, buzz, virals, …), but it’s nice to be able to put a face on the guy behind plugg and edentity.
And we’ll finish off with AGConsult‘s Karl Gilis with “9 tips to help users find what they’re looking for on your website”. So let’s create an ordered list for that purpose:

  1. ensure the accessibility of your site (should work on all common browsers/os’es, don’t misuse technology, make sure Google can crawl your site)
  2. speed up page load times, the user decides in half a second if (s)he’ll stay or not
  3. make navigation easy to use (structure, terminology, placement)
  4. provide clear overview pages (example; belgium.be and it’s doormats)
  5. your search should be as good as google (depends on technology and content!)
  6. use an intuitive page lay-out
  7. make your text legible (Verdana 10pt, Arial if you’re adventurous)
  8. write for the web
  9. make sure the info is there (do user needs analysis)

A fun session as well, those usability-guys and girls know how to entertain!
My conclusion: this was not an uninteresting day, but the focus was clearly less technical then previous year’s edition. Content Management -around which much of this event was focused- is slowly but surely becoming a commodity and vendors are having a hard time differentiating themselves from their competitors. It is my feeling that the bigger changes and challenges with regards to “the web” are more on the application-front, where backend-integration (SOA, webservices, …) and RIA’s (using ajax, GWT, flex, …) are today’s hot topics. The fact that webscene2008 did not explore these new frontiers (and their implications with regards to business, marketing, usability, accesability) is a missed opportunity really. Let’s hope they reconnect with the webtech-trends next year! And maybe I’ll be there to let you know?

Clay Bennett; Obstacles on the road to the White House

Clay Bennett is een vermaard Amerikaanse politiek cartoonist, die in 2002 een Pulitzer-prijs ontving voor zijn werk voor de Christian Science Monitor. Zijn portfolio daar werd al een tijdje niet meer aangevuld en hij blijkt dan ook verkast te zijn naar een regionale publicatie, de Chattanooga Times Free Press. Chattanooga is de vierde stad van Tennessee, ge kent die stad misschien dankzij Glenn Miller’s Chattanooga Choo Choo. Maar terug naar Bennett; zijn nieuwer werk is dikwijls meer regionaal geïnspireerd, maar hij blijft met scherp potlood over (inter-)nationale onderwerpen tekenen, zoals hieronder:

Clay Bennett; Obstacles on the road to the White House