Privacy-over-IP does not exist

Did not exist.

Will never exist.

There was quite a lot of buzz about privacy with that new IPv6 thingy. Some say it is bad, as you will have a static address. Some say the privacy extensions will fix everything. I say: lemme rant ;)

First of all, that was the internet, when I started using it back in 1999:

 [© New Yorker Magazine, March 1993] On the Internet nobody knows that you are a dog'

[© New Yorker Magazine, March 1993] On the Internet nobody knows that you are a dog'

And that's the internet today: - How the hell does Facebook know I'm a dog?[©] How the hell does Facebook know I'm a dog?

Well, I'd say that's not correct. Even in 1999 facebook could know you are a dog (if you ignore the fact, that there was no facebook in 1999), it's just noone really cared about it. But let's start from the beginning :)

An IP-address is a 32-bit integer

An IP-address is technically a 32-bit integer, formatted into 4 8-bit parts (you can read more about IPv4 at Wikipedia), which makes a total of 4,294,967,296 possible IP-addresses. Your ISP has a range in this "address-space" it can give to its customers (you). My ISP (Unitymedia) "owns" about 300,000 IP-addresses (based on the RIPE database), which is about 0.007% of the whole address-space. If you look at the RIPE page, you see two common netname prefixes (DE-KNRW and DE-IESY-HFC) which match two regions of Germany where my ISP has its customers (Unitymedia is a merge of ish and iesy). What does that mean? It means one can map a Unitymedia customer into one of these regions, even if he would change his IP-address (Unitymedia uses DHCP with high lease-times, so this does not happen actually). It does not map the customer to a dog yet, but I bet real GeoIP databases can map them correctly to a city (I didn't try much, but this site suggests it works: - at least they map me correctly to Duesseldorf).

Dynamic IP-addresses do not improve privacy

Given the above facts, even if Unitymedia would give me a new IP-address every X hours (many DSL-providers have X=24), it is still possible to map me into a set of about 150,000 "users" (here user means customer, there still may be multiple computers connected via the same line). I would even go further and say the set is much smaller, as I think I am not able to get every "free" IP-address from DE-KNRW-*, as these should be bound to cities/regions (GeoIP databases exist, you rememember?) and I do not move with my line.

Routers and reverse DNS kill privacy

Currently, "my" IP-address is, which has a reverse DNS entry and does not say anything about me or my location, besides of the obvious "Unitymedia customer". But look at the traceroute:

4 (

5 (

6 (

7 (

8 (

Frankfurt is about 250km from here, Kerpen about 60, Neuss about 10 and Bilk is a part of the city I live in, about 4km away from my home. I guess you get the idea :)

Browsers kill privacy too

Do I have to say more than a link to My Chromium scores one in 1,400,000. How much IP-addresses did I have to hide in again?

We are at the dog level now, dogs use BoneOS with FireBark, not Linux with Chromium :)

IPv6 kills cute kittens

Oh, and privacy, because with IPv6, there are 2^128 IPv6-addresses out there, of which your provider will maybe own a /32 (2^96 addresses) and give you a /48 (2^80 addresses) or (more likely) /64 (2^64 addresses). Then you enable the great IPv6 privacy extensions (RFC4941) and happily hide in your own assigned subnet, still being a customer of your ISP, still living in the same city and using your old browser... It's just about mapping subnets instead of individual IP-addresses then. And we can't get lower as the dog level

People can annoy me

I did not write all this to teach you, you can do yourself with Wikipedia and RFCs. There is a person out there, who thinks using a random name, mail address and twitter account could fool me into thinking that's a new, yet unknown, person to me. Well, I am not stupid, sorry. When you comment on my blog, your IP-address is logged, when I approve the comment, I often look at the reverse DNS and the whois entry of that IP-address (sorry, I AM paranoid). I even might check my webserver logs (or Piwik) where did you come from (Google etc), writing "accidentally" in your comment does not help :) Also, if you are trying to fool me, don't use your own computer, running Windows 7 and Firefox which I installed. Oh, and probably do not use your home line which I used to login into my admin-area using my unique Chromium ;)

Sorry Hanna Lena, the chicken has just eaten her own eggs...

And yes, one can track down a single person on this big thing called internet, IPv6 will not change this (in any direction).

funny spam

yes, I do collect funny spam ;)

Today I will present you some spammy funny comments I got on my (wordpress-powered) blog in the last months.

  1. 2010/09/24 at 03:08 I cant believe, Facebook is currently down with a DNS failure. I guess Facebook having some issues. Businesses are reporting a near impossible 480% increase in productivity
  2. 2010/10/25 at 11:07 Not quite on topic BUT really important: Please guys, donate something for Haiti! I just came back from a trip down there and I have to say the situation is really terrible! It´s soon christmas time, so please be so kind and do something good! Thanks
  3. 2010/10/27 at 11:07 Hey, I can’t view your site properly within Opera, I actually hope you look into fixing this.
  4. 2010/11/18 at 12:26 Are you watch Sarah Palin’s TV show? I saw the trailer & wtf? -__- She’s like, “This is so much better than being in politics.” It’s like she’s doing this just because she is losser. o.O What do you think? Do you believe she can be the next american presiden? ..
  5. 2010/11/30 at 15:40 Wende im Prozeß gegen Jörg Kachelmann. Die des Publikumslieblings haben ihr Mandat niederlegt. Der Prozeß in Mannheim soll dennoch planmäßig fortgesetzt werden. Es werde keinen Antrag auf Aussetzung des Prozesses geben, fügte Rechtsanwalt Ralf Hoecker hinzu. Der neue Strafverteidiger Johann Schwenn (Hamburg) und die seit Verfahrensbeginn anwesende Pflichtverteidigerin Andrea Combé werden top vorbereitet sein, sagte er weiter.
  6. 2010/12/09 at 17:31 How I can download documents from WikiLeaks? Thanks
  7. 2010/12/10 at 10:09 Hi, you should check out It’s sort of like a crowdsourced collection of arguments against Wikileaks. Considering you’re a blogger, i think you’d find it to be an interesting read
  8. 2010/12/16 at 18:38 It appears as though Julian Assange will at least be out on bail any minute but what about Bradley Manning? Solitary confinement for seven months so far without being convicted of anything, without a trial, even. That’s bad!
  9. 2010/12/24 at 09:03 Gibt es ein Jailbreakme für Nerdomaten? Genügend Bugs sollte es im IE6 geben :D
  10. 2010/12/29 at 13:22 Der hammer bei den dingern ist aber eigentlich, dass sie nicht mit win7 laufen – sondern mit: XP!!!!!!! Das ist doch der Hammer oder? hab auch ein Beweisvideo vom Hochfahren des Teils…
  11. 2010/12/30 at 05:03 Widespread criticism of RealVNC vulnerability is fixed… A security report claimed that RealVNC software virtual network a high-risk vulnerability could allow a malicious attacker does not need a password to login to a remote system…
  12. 2011/01/05 at 18:10 is it true that it is not possible to use that sky thing with verizon?

Sorry, some are in German ;)

What's so funny about them you ask? Well, the do contain actual content (even if not always matching to the posts they were attached to), they look relevant to the time they were posted and still are spam: the links in the "homepage" field of the comment led to spamsites. Numbers 9 and 10 even funnier: they are exact copies of already present comments to the same post.

And oh, I think WikiLeaks should leak a cable about downloading stuff from WikiLeaks ;)

Project 52? I'm in!

So David Watson and Michal Čihař are doing Project 52 this year? Well, lemme in ;)

Actually, me and some friends were doing so the last year already and we will to continue this year too. We're calling it "wir knipsen!" which translates into English as "we snap!".

This week my contributions look like this:

Yepp, these are three images as these are our rules: three pictures every week :)

Hope you enjoy them and don't forget to have a look at the other pictures at

Das unmögliche Foto

Ihr habt bestimmt alle die neue "50 Jahre Saturn" Werbung an Haltestellen gesehen, oder? Aber habt ihr auch genau hingeguckt?

Immer noch nicht? Achtet mal auf die linke Hand/linken Arm von dem Typen. Der Zeigefinger ist super scharf, der Ring aufm Ringfinger nicht mehr und ab der Schulter wieder. Und ich dachte immer man kann immer nur auf einen Punkt fokusieren und nicht auf zwei die locker n halben Meter von einander entfernt sind...

Aber vielleicht funktionieren Linsen aufm Saturn ja anders oder die sind kaputt seit sie mal den Bill und den Alice fuer die Fernsehwerbung aufnehmen mussten ;)

Is Delicious loosing their data?

I use Delicious from time to time to save bookmarks and search for stuff I can't remember where I found it. It was sad to read rumors that Yahoo! will shut it down, but that's not the point here now.

In the last months I noticed some strange behavior with their site: when surfing a page of a bookmark, you see the total number of people who have bookmarked that particular link and that number started to jump from view to view. First loaded you see a total of 183 bookmarks, 10 minutes later it's 265 bookmarks, and then 183 again. What's going on there? I guess that is some inconsistency between their datacentres or something, but I'm not sure (and I am sure that this should not happen!).

Today I noticed another funny thing: bookmarks without an owner:

Again, not sure what is happening here. Did the user delete his account? Delicious says all bookmarks will be gone when deleting, so this should be something different, but again, I have no clue.

I fear I will have to search a new home for my bookmarks. Any (open-source) social bookmarking service out there worth a try?

because people asked: my irssi advanced windowlist setup

As XTaran and uschebit asked yesterday at the 27C3 about my "nice" windowlist in irssi, here is what I use: Download it, put it into you ~/.irssi/scripts and load it with /script load adv_windowlist. Now you have a list with all those window names in them, but it's still a bit ugly ;)

First of all, get rid of the default Act list of irssi: /statusbar window remove act

Now let's customize awl a bit:

  • Shorten window names to 10 chars, so we can get more windows in one row: /set awl_block = 10 /set awl_sbar_maxlength = ON
  • Display a maximum of 5 rows of windows so irssi is still usable on my Milestone with the 122x30 char screen: /set awl_maxlines = 5
  • Shorten the windowname layout a bit, strip the shortcut display, remove the braces around the window number: /set awl_display_key = $N$H$C$S /set awl_display_nokey = $N$H$C$S

Done! Your irssi should look like this now:

NerdOMat, oder wohl eher FailOMat

Seit einiger Zeit steht bei uns in der Uni (bzw im Foyer der Mensa) ein NerdOMat. Jetzt fragt ihr euch sicher was das sein soll. Es ist ein Geraet mit einem Bildschirm, Bluetooth und einem Ausgabefach, wo man coole Sachen rausziehen kann. Warum? Weil der nette Softwarehersteller aus Redmond (ja, Microsoft) meint Werbung fuer das neue Windows 7 machen zu muessen und dies mit Hilfe von Gewinncodes (gabs vor einiger Zeit auf Papier von netten Damen und jetzt via Bluetooth direkt am NerdOMat) fuer komisches Zeug erreichen wollen.

Naja, irgendwie ist das aber ein ziemlicher Reinfall.

Zunaechst die nette Dame. Ihr Argument fuer Windows7 war, dass man jetzt Fenster gegen den Bildschirmrand hauen kann und somit 2 Fenster nebeneinander anordnen um die enthaltenen Dokumente zu vergleichen - dass ich dafuer eher wdiff auf meine .tex Files anwende hab ich dann lieber verschwiegen. Genauso war sie erstaunt, dass ihr Angebot Win7 fuer wenig Geld zu kaufen ignoriert worden ist, weil wir Win7 via MSDNAA ja kostenlos kriegen ;)

Aber eigentlich wollte ich ueber den NerdOMat schreiben. Das Ding sieht so aus:

Wie gesagt, das Ding soll Werbung fuer Windows 7 machen. Leider habe ich noch an keinem Tag an dem ich in der Mensa war das Teil in funktionierend gesehen. Die erste Woche war die ganze Zeit irgend eine Microsoft.Nerdomat.Bluetooth Exception auf dem Bildschirm, die sofort wiederkam, wenn man sie wegklickte. Danach hat das Teil nur noch ein weissen Bildschirm mit einem Exit Knopf angezeigt. Jetzt sieht man eine Meldung, dass der SOAP Server auf localhost keine oder eine falsche Antwort geschickt hat. Das tolle an dieser Meldung ist, dass die App irgendwie den Fullscreen Modus verlassen hat, und man so via Touchscreen an das Startmenue und die Bildschirmtastatur kommt. Eigentlich wollte ich dann Goatse aufmachen, hab mich dann aber doch nicht getraut. Aber der Wikipedia Artikel ueber Linux war dann ok :)

Und ja, das ist wirklich ein Windows XP auf einer Maschine die fuer Windows 7 werben soll...

Das Bild ist uebrigens von Montag, heute hat da jemand aufgemacht :)

OpenRheinRuhr - 13/14 November 2010

openrheinruhr logo

On the 13/14 November 2010 there is a nice event in the so called "Ruhrpott": OpenRheinRuhr. And I'd like to invite YOU :)

What should you expect from heading to the RIM in Oberhausen and paying 5€ entry-fee? You get a nice program full of great talks (like mine about bley ;), mikas about OpenSource management, tokkees about Git and XTarans about cli-helpers and unknown tools), a bunch of nice people showing you their distro, software, etc (Debian is there too), a social event, a keysigning party and a lot of hacking and fun. So if you are somewhere nearby, join us and enjoy the event!

German version (sorry planet debian readers ;)):

Am 13/14 November findet im "Pott" die OpenRheinRuhr statt, zu der ich euch alle herzlichst einladen moechte.

Was kann man erwarten, wenn man den Weg ins RIM in Oberhausen gefunden hat und die 5€ Eintritt bezahlt hat? Euch erwartet ein Programm voller Talks (zB meiner ueber bley ;), mikas ueber OpenSource Managementtokkees ueber Git und XTarans ueber Helfer auf der Kommandozeile and anderere unbekannte Tools), viele Aussteller, die die eigene Distro, Software oder was auch immer anpreisen (Debian ist natuerlich auch da), ein Social Event, eine Keysigning Party und natuerlich viel Rumgehacke und Spass. Also, jeder der grad irgendwie in der Naehe ist oder in die Naehe kommen kann: ab nach Oberhausen und geniesst ein "freies" Wochenende! :)

What to flattr? 2010/10

Another month ending and you still have some clicks left on How about these then?

  • newsbeuter - the mutt of RSS feedreaders Newsbeuter is an open-source RSS/Atom feed reader for text terminals. It runs on Linux, FreeBSD, Mac OS X and other Unix-like operating systems. Newsbeuter's great configurability and vast number of features make it a perfect choice for people that need a slick and fast feed reader that can be completely controlled via keyboard. I'm using newsbeuter as my main rss reader on the PC (but I have to admit, I read more feeds on my Android while traveling and not working at the PC).
  • SparkleShare - Sharing work made easy SparkleShare shines by its absence. Unlike other syncing tools it's designed to get out of your way, to make sharing documents and collaboration easier, and to make peers aware of what you are doing. Haven't used it myself yet, but it looks like a superb replacement for Dropbox in the future.
  • Gajim Gajim is a full featured and easy to use Jabber client. It is available under Linux and Window. Some features it supports: chat, groupchat, bookmarks, file transfer, link-local connection, metacontacts, secure connection, audio / video chat, ... Yes, I use screen+irssi+BitlBee much, but Gajim still deserves love as it is open the whole day too (don't ask me why).
  • Mixxx 1.8.1 Mixxx is free, open source software for performing live DJ mixes. Developed by a diverse community of DJs, Mixxx is a complete replacement for a conventional "turntables and mixer" DJ setup, and is available for Windows, Mac OS X, and Linux. Mixxx 1.8.0 includes a year's worth of contributions from over 30 developers and artists, and is our most exciting release to date. This release includes much anticipated features such as looping, hot cues, support for multiple MIDI devices, and a brand new database-powered library. Check out the full list of changes on our blog: Money collected through this Flattr account goes to directly support Mixxx development. Show some love! Awesome DJing software for the OpenDJs out there (I'm still learning).
  • - Helps you get your packages into Debian Only approved members of the Debian project - so-called Debian Developers - are granted the permission to upload software packages into the Debian distribution. Still a large number of packages is maintained by non-official developers. helps them to find a sponsor to get their packages into Debian. Yeah, I am DD, but many others are not and mentors.d.n helps them to get their stuff checked and uploaded. Thanks for the time before my key got almighty ;)

Again, all non-italics text is stolen directly from flattr, and please forgive me if I recommend some thing that hasn't been officialy announced yet :)

RC bugs 2010/42

gregoa writes he squashed only 5 bugs in two weeks, and I think he still deserves a huge kudos too, as he squashes them for a long time now :)

And while at it, kudos to everyone who does not post their stats to planet, actually find those bugs, etc etc. Thanks that we have such a community!

Now to the usual list of (pseudo) squashed bugs:

  • #600782 - pyca is NOT compatible with the default python version 2.6 actually pyca IS compatible with python2.6, it just throws some DeprecationWarnings after discussion with maintainer, upstream and submitter, bug downgraded to wishlist, as pyca should be ported to the new libraries to be compatible with later python versions (2.7 is still fine according to upstream, though)
  • #600670 - libhpmud0 installs /usr/lib/ /usr/lib/ but sane needs /usr/lib/ that is in libhpmud-dev, not needed to scan shipping the .so in libhpmud0 instead of libhpmud-dev seems wrong, patch sent to make the sane backend look for AND, submitter confirms patch works as expected. NMU not uploaded yet.
  • #600530 - madplay needs rebuild, currently uninstallable due to dependency madplay installs just fine in sid, as it depends libesd-alsa0|libesd0, closed as invalid by the submitter after short discussion
  • #601070 - python-django: FTBFS in squeeze: test_correct_url_value_passes failed some tests need network connection → patch that disables these sent
  • #599523 - update-manager-gnome: wants to downgrade packages without any notice this one is old, got updates from the submitter, reproduced the bug in a VM. This is an old known bug in apt :(
  • #601186 - horde3: only shows php deprecations and a warning - no actual operational parts why does php again pollute the output with useless warnings? my approach to disable the warnings wasn't succesfull, but a patch created by sed was. However I'm not confident with it (OpenSSL anyone?) and want some more eyes to look over it.