TrueCrypt is pretty dead. We need some options here, and as far as I can see, there are only two three: * CipherShed. Currently a vanilla fork of TrueCrypt. * VeraCrypt. A fork of TrueCrypt with some fixes and improvements. * Keep using TrueCrypt. Neither of the two alternatives has had an official source code audit or anything. They are both open source. I will give a quick summary of the facts on both forks, concluding that I have no clue and will probably flip a coin roll a D3. Whether these facts are pro or con is up to your discretion.

CipherShed Facts

  • They are on github.
  • They seem dedicated. Meaning, the information on their homepage sounds like they thought this through.
  • Not much has happened yet, they only forked TrueCrypt.
  • There is only a pre-alpha version available, which I won't touch.
  • They do not have any licensing information at all.
  • Longterm Plans are a bit fuzzy, according to their wiki they want to
    • Secure the code through audits, simplification, and a secure architecture.
    • Migrate towards a OSI-approved licensed codebase
    • Work closely with existing efforts such as OpenCryptoAuditProject, LUKS, GELI, and tc-play.

VeraCrypt Facts

  • According to the author in this thread, VeraCrypt was first published on June 22nd 2013, so it has already aged a bit.
  • In fixing some of the security flaws in TC, they break backwards-compatibility. There is a conversion tool available.
  • They are on CodePlex and the software is under Microsoft Public License.
  • Binaries are available for download, cross-platform.
  • Most relevant longterm plan is the ability to encrypt Windows system partitions/drives on UEFI-based computers (GPT).

So. If you have additional information, let me know in comments or by eMail. I am rattled beyond my usual level of confusion as to what I should do. Currently, I will probably give the VeraCrypt binaries a test ride on some machine.



I was promised (and am paying for) a certain bandwidth $X$. But sites like http://www.speedtest.net/ indicated a bandwidth $Y$ (much smaller than $X$). To gather more empirical data over time and to make sure, that I am not hallucinating, I installed a Zabbix server on a Raspberry Pi ((https://www.zabbix.org/wiki/Zabbix_on_the_Raspberry_Pi_%28OS_Raspbian%29)) and set up a monitoring for my Fritz!Box ((http://znil.net/index.php?title=FritzBox_mit_Zabbix_%C3%BCberwachen_HowTo_mit_Template)). The data for the item "Fritz!Box DSL-Downstream" clearly indicated that $Y$ was around 6 Mbps. So I called my ISP and they ultimately sent the tech-guy to the rescue: He was at my home around 8:30 in the morning and measured the bandwidth with a small magical device. First at the basement where the cable enters the house and then at my office on the first floor. To my surprise, both measurements indicated a much bigger number $Y'$ (which was bigger than $Y$ and looks much more like $X$). He also left me under the impression, that everything was fine with my internet connection the whole time, which I might have believed. But: netcologne-zabbix-bandwidth Note the time, when something changed! I rest my case. He doesn't have magic hands. He cheated!


Sitting on the ICE to Munich, I'm using my Nexus 5 to open a WiFi Hotspot for my laptop. However, I'd like to use USB tethering instead; my mobile is plugged in to charge anyway, and it would also allow me to buy Telekom WiFi for my phone for a day and use it for my laptop, too. Sadly, it didn't work so easily, and I had to write a small patch for my kernel. (more…)


My good friend and colleague Christian Ikenmeyer and I wrote this cute preprint about polynomials and how they can be written as the determinant of a matrix with entries equal to zero, one and indeterminantes. Go ahead and read it if you know even just a little math, it's quite straightforward. The algorithm described in section 3 has been implemented and you can download the code from my website at the TU Berlin. Compilation instructions are in ptest.c, but you will need to get nauty to perform the entire computerized proof.


I recently lamented about switching two keys on my new Lenovo Yoga. Big problem: In my office, I attach that notebook to a docking station and to that docking station I attach a keyboard. On that keyboard, all keys are precisely the way I want them to be. Therefore, I do not want to switch the Insert and End keys when I am docked. I ended up writing a little batch script based on this nice google code wiki entry for the registry update and this stackexchange answer to elevate the batch script:
@ECHO OFF
NET FILE 1>NUL 2>NUL
if '%ERRORLEVEL%' == '0' goto run 
powershell "saps -filepath %0 -verb runas" >nul 2>&1
goto eof
:run
REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout" ^
 /v "Scancode Map" >nul 2>&1 
IF '%ERRORLEVEL%' == '0' goto remove
<nul set /p ="> adding scancode map "
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout" ^
 /v "Scancode Map" /t REG_BINARY /f ^
 /d 00000000000000000300000052E04FE04FE052E000000000 >nul 2>&1 
IF '%ERRORLEVEL%' == '0' goto success
goto fail 
:remove
<nul set /p ="> removing scancode map "
REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout" ^
 /v "Scancode Map" /f >nul 2>&1 
IF '%ERRORLEVEL%' == '0' goto success
goto fail
:fail 
echo failed.
pause
goto eof
:success
echo succeeded.
pause
Sadly, it always requires a reboot for the changes to take effect.


I recently implemented an algorithm that has to perform checks on all subsets of some large set. A subset of an $n$-sized set can be understood as a binary string of length $n$ where bit $i$ is set if and only if the $i$-th element is in the subset. During my search for code to enumerate such bitstrings, I found the greatest page in the entire internet. If anyone can explain to me how computing the next bit permutation (the last version) works, please do.


The university supplied me with this really cool yoga 2 pro notebook and even though I have grown to like it, it does have some serious design flaws. I will not go into detail on all of those, but one problem is that they decided to put the End and the Insert key onto the same button, and to press End you have to simultaneously hold the function key, which is on the opposite side of the keyboard ((I am talking about the German Keyboard layout by the way. I realize now that I am quite possibly the only person on the planet with this problem.)). I personally need to press End quite frequently while typing text or code, while Insert is only required occasionally. To make a rather boring story short at the very least, I got myself SharpKeys, an open source tool which alters a registry key that is able to re-map keys as you see fit. It's quite awesome. Apparently, some people use it to turn off the capslock key. WHY THE HELL WOULD I WANT TO DO THAT?


I need to update this wordpress install every once in a while. There are lots of bash scripts on the internet that perform this task, and they are complicated beyond reason. This is what I use:
function cfg {  
    grep $2 $1/wp-config.php | awk 'BEGIN {FS="[, )\x27]*"}; {print $3;}'
}

echo "> backing up database."
mysqldump --user=$(cfg $1 DB_USER) \
          --password=$(cfg $1 DB_PASSWORD)  \
          --host=$(cfg $1 DB_HOST)          \
          $(cfg $1 DB_NAME) > backup.database.sql

echo "> backing up website."
tar -cjf backup.files.bz2 $1
    
echo "> retrieving latest wordpress."
wget -q https://wordpress.org/latest.zip
unzip -qq latest.zip

echo "> updating wordpress."
rm -r $1/wp-includes $1/wp-admin
cp -r wordpress/* $1/

echo "> cleaning up."
rm -r wordpress
rm latest.zip
It takes a single argument, which is the name of your wordpress root directory. It backups your database to the file backup.database.sql and backups the files to backup.files.bz2, then it simply proceeds as described in the wordpress codex for updating manual. I do not see what all the fuzz is about.


When you have a Laptop with Windows 8.1 preinstalled, then you will find yourself having a hard time installing a clean copy of Windows 8 on said Laptop. That, however, might be desirable for various reasons and so I am telling you how it's done. In my case, I am doing it with the firm intention to encrypt the system partition with TrueCrypt Setup 7.1a, which requires me to have an MBR rather than a GPT. There are probably ways to change this in-place, but there's really no point because I want a clean install of Windows anyway. (more…)


Member variables in python are horrible. They are not visible in the layout of the class which is instantiated, but instead the __init__ function of a class creates certain member variables for the instance. I have never liked this about python, to be honest. For a recent project, I devised the following solution. Assume you would want this behaviour:
>>> class test(Base):
...     # Variables
...     number = 4
...     string = "hodor"
...     # Functions
...     def stringmult(self):
...         return self.number * self.string
...
>>> test().stringmult()
'hodorhodorhodorhodor'
>>> test(number=2).stringmult()
'hodorhodor'
>>> test(string="Na",number=8).stringmult() + " - Batman!"
'NaNaNaNaNaNaNaNa - Batman!'
>>> 
>>> test(end="Batman!")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ctypes.ArgumentError
>>>
In other words, any class that inherits from Base can be constructed with keyword arguments who must match exactly the correct class variables which you specify. This one does it:
from ctypes import ArgumentError
class Base(object):
    def __init__(self, **kwargs):
        # "given" is the list of keyword arguments passed to the constructor
        # of this object, "needed" is the list of class variables which belong to  
        # the base class of the object which is being created, which do not end 
        # with two underscores and which are not a function. Trust me, we do not 
        # want to meddle with those.
        given = list(kwargs.keys())
        needed = [attr for attr in dir(self.__class__) if attr[-2:] != '__' \
             and type(self.__class__.__dict__[attr])!=type(lambda:0) ]

        # Check if keyword arguments have been provided which are not among the
        # required arguments and throw an exception if so. Remove this check for
        # a less restrictive base class. I wouldn't recommend it.
        if not set(given) <= set(needed):
            raise ArgumentError()

        # First, initialize the attribute dictionary of the object being created
        # with a list of default values, indicated by the values of the class 
        # variables. Then, update the attribute dictionary again with the values
        # provided to this constructor.
        self.__dict__.update({k: self.__class__.__dict__[k] for k in needed})
        self.__dict__.update(kwargs)
I personally like this approach a lot and hereby dare you to tell me even a single reason not to do this, in the comments.


It causes me unspeakable agony to see that my post about why sudoku is boring is one of the most frequented posts in this blog, mostly because most of my readers clearly disagree with the title. I recently received an email titled "why sudoku is not all that boring" by an old friend, and he taunted me that the sudoku
S = [
  0, 0, 0, 0, 6, 0, 0, 8, 0,
  0, 2, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 1, 0, 0, 0, 0, 0, 0,
  0, 7, 0, 0, 0, 0, 1, 0, 2,
  5, 0, 0, 0, 3, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 4, 0, 0,
  0, 0, 4, 2, 0, 1, 0, 0, 0,
  3, 0, 0, 7, 0, 0, 6, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 5, 0 ]
would take my 5-minute hack of a backtracking algorithm
real    51m3.656s
user    50m32.260s
sys     0m2.084s
to solve. So, it seems like some sudokus are really hard, even for a computer, right? Wrong wrong wrong wrong wrong. Read how to implement backtracking properly.


Since everyone now uses TextSecure (no, really, you should switch too!), everything close to a TextSecure desktop client is not finished enough and I want to type messages from my computer (in the old SMS ages, I did this with MyPhoneExplorer), I decided to remote control my Android device. The setup is straight forward (if you already have root privileges on your device): * Install a VNC-Client for Windows (for example RealVNC) * Install a VNC-Server for Android (for example droid VNC server) * Go through the settings of the VNC-Server For some reason I cannot connect from my Computer to the Phone, but "Reverse Connection" works like a charm (don't forget to start the VNC Viewer in listening mode ... as ... some friend of mine did). Edit: And after a restart of my phone, the normal direction also works.


It used to be a problem to get good route planning on your smartphone when you are outside the country, because the roaming fees could plunge any McKinsey employee into bankrupcy when using Google Maps, which is only able to cache small map sections and basically has no way of telling you what is cached and what isn't. Rejoice! The OSMAND project provides an open maps and route planning solution which allows you to download all kinds of maps for offline use. I personally like the Android App even better than Google Maps: It's clearly for power users, there is much more to configure and you have more control. There is always an obvious argument for choosing another option over the kraken, but the option to download maps for offline use has to be the main reason why this is awesome. The entire Open Street Map project (see also the German version) seems to be a cool project which is worth contributing to, even if it's just pointing out a house number here and there.