Vodafone iPhone: 499€
AT&T iPhone: 199$ = 127€ (126,285062€ according to google calculator)

With the vodafone model you don't have any extra service you'd have to pay for, just a barebone iPhone, a sim and 5€ of phone traffic. So, at least, to compare both of them you'll have to jailbreak the AT&T iPhone, add 0$ (or 0€ if you prefer, the change is in our favor) to the total price of the AT&T model.

499€ or 127€? I can't really choose which one to buy...

Ok, I'm kidding: to buy an AT&T iPhone you'd have to fly over to the US but, seriously, do you really want to buy an iPhone here at that prices?!?

the comic is here: http://xkcd.com/442/
and the reference: http://www.youtube.com/watch?v=V5BxymuiAxQ

I love cryptography!

We are proud to announce that Slackintosh 12.1 has been released!

Slackintosh 12.1 includes Linux 2.6.24.5, glibc 2.7, X11 7.3.0 and much more!

Download:
======================================

ISO IMAGES
----------
BitTorrent: http://slackintosh.workaround.ch/pub/rsync/.releases/12.1-torrent/
HTTP : http://slackintosh.workaround.ch/pub/rsync/.releases/12.1-iso/
BT-Magnet : DVD-Torrent: magnet:?xt=urn:btih:7AFOXLOF4VXKWTMA4OV77VOGYRU3D5PR
CD-Torrent : magnet:?xt=urn:btih:P7ECTQG7K4NJOJ3QKID5IHE5A4DUN3DP

PACKAGES
--------
HTTP (CH) : http://slackintosh.workaround.ch/pub/rsync/.releases/12.1/
HTTP (CA) : http://gulus.usherbrooke.ca/pub/distro/slackintosh/12.1/


Note to people who still run Slackintosh 11.0:
We will not provide any security patches for 11.0 anymore, so please
upgrade to 12.0 or 12.1 ASAP.


Best regards,
The Slackintosh-Team (Adrian & Marco)

From real life:

• Me and Cecilia celebrated the third year together :D I love you sweetie


• Me, Cecilia and Oliver went to the annual greyhound adopters meeting, it was hellish hot and funny, I hope to link some pictures soon


• I'm growing older :p as tomorrow is my 27th birthday

And from the internet:

• Slackintosh reaches the 12.1rc1 milestone, we're slowly catching up the mainstream


• I did the unthinkable: I installed a Debian testing on my eeePC :p the reason is simple as Debian testing and Fedora 9 are the only distro out there with a really working eeePC support out of the box (no, the Mandriva 2008.1 is not yet ready for it) and I master apt a little better than yum


• As you noticed, I don't update this journal often. I'm not going to drop it (yet) but if you want more frequent babbling, tune in to my soup

This should be the infamous diff:
--- openssl-0.9.8c.orig/crypto/rand/md_rand.c
+++ openssl-0.9.8c/crypto/rand/md_rand.c
@@ -271,7 +271,10 @@

...

+/*
+ * Don't add uninitialised data.
MD_Update(&m,buf,j);
+*/

...

+#if 0 /* Don't add uninitialised data. */
MD_Update(&m,buf,j); /* purify complains */
#endif
+#endif

And our comments:
(11:46:34 PM) bonzo: non so se mettermi a ridere o a piangere dai commenti
(11:47:01 PM) bonzo: perchè quel "Don't add uninitialised data." significa che:
(11:47:13 PM) bonzo: 1) il sec team non ha capito una mazza
(11:47:38 PM) bonzo: 2) i dati erano effettivamente randomizzati proprio bene da venir scambiati per roba non inizializzata :)
(11:47:49 PM) Gandalf: LOL

According to a Corriere della Sera article, it is possible to see on the government tax agency site all of the tax entries declared by Italians in 2005 (the site is currently offline). And you don't need any 1337 mad hax0rz skillz: no session mangling, no SQL injections, nothing! Just start browsing by region, city and citizens...

And now, for something completely different, the politicians carousel taken straight from the above article:

• Vincenzo Visco, economy minister of previous government, said it's all ok: "it's a matter of transparency, of democracy, I don't see any problems: it's used in all over the world, just take a look at any American TV series"


• Government own privacy organ said: "This Tax Agency initiative has never been submitted to our attention"


• The Tax Agency replied: "You said it's ok with official acts from 17th Jan 2001 and 2nd Jul 2003"

Sorry for the lack of updates: I'm overwhelmed with work, Slackintosh porting (Adrian is enjoying some vacation over in japan and I'm slowly integrating stuff all alone as you can see from the changelogs) and the rest of the real life.
Anyway, here's the good new: I'll be at e-privacy 2008 talking (again!) about Tor on behalf of LUG Piacenza, all this olympic stuff just comes down at the right moment for the talk :-P
And here's the bad one: I'm deadly late for the slides deadline =_=
I've also started taking lessons for contract bridge at one of our bridge circles, I can say I'm really enjoying this game so far (no serious game too, however) and yesterday I finished 10th at the Shadowmoor Magic prerelease tournament, just at the end of the prize zone. Cards are flipping out nicely lately :D

And last, but not least, my girlfriend just gave me a Mozilla Thunderbird pin: I'm the geekiest Mozilla fanboy out there now, thanks Ce! <3

From Max Barry's blog: "In 2002, I whacked the United Nations into my game, complete with copyrighted emblem, not so much in parody as to say, “Hey, look, this is just like the real UN.” I can’t remember ever thinking about the legal consequences; I probably assumed that even if the UN noticed, they’d have plenty of blood-thirsty dictators and international war crimes to prosecute before me. But what with Saddam behind bars and all that world peace you’ve been hearing so much about, I guess they worked their way down to me."
Seriously, sending copyright cease & desist letters doesn't make UN looks smart :-/ but, as written by Barry himself, he's totally on the wrong side so let's welcome The World Assembly.
And while you're at it: why don't you join Nation States? Maybe just to say hello to my nation :)

From HTTP over X.509 - Office 2007:
"Proof of Concept:

A signed Word 2007 document that triggers an HTTP request is available at
http://www.klink.name/security/HTTP_over_Office_2007_PoC.docx
The document contains a link which shows the last 10 HTTP requests
triggered by this document. By verifying whether you are on the
list, you can verify if you are affected by this vulnerability."

Sometimes I wonder why a text editor should be allowed to open tcp connections :-/
Next time, guys, go with GnuPG.

http://www.mindwire-v5.com/home.html
why?

Prodigy!
I bought "The fat of the land" musiccassette when cd were not yet main stream and I was younger :-p
Man, I can ever remember that live in moscow as I seen it on tv.

From the man behind linux.it (and GNU whois)
last block:
> Any ideas?
Don't care about IDS, they bring only troubles

Choose your game: http://nintendo8.com/all/

Bought yesterday evening, I've just had some time to test most of its functionalities (stll have to test wireless and the webcam a little more), so here's some considerations:
+ it's small
+ it's damn small
+ keyboard is pretty ok, even with fatty fingers like mine
- return key is a bit too small, I often press the ù key which is just above it
+ sound is crispy
+ microphone looks ok
+ lcd is quite bright
+ touchpad pad is really ok
- touchpad buttons suck, it's a one-plastic-piece-two-buttons thing, pretty difficult to click for me, fortunately the pad has good support through synaptic xorg driver
+ skype 2beta looks ok, I had a test call with one of my friend and was ok. he said to have some echo, I think it's due to the fact that I was using the internal microphone and no earplug (he was on external microphone and earplug)
- 512MB of ram are quite poor but usable
+ switching between applications is snappy
- applications take a little to start
+ the tab window manager has big, colorful icons, easily readable even with little lcd brightness
- the tab window manager sucks, I want full control ;-)

Overall, it's a really nice piece of hardware. I'll still try it out for a while with the default install, then I'll go for Slackware :D

OSI 1-3 attack on Tor. Yeah, right.
The "limits" section of the italian wikipedia page is just a bubbling of buzzwords. Tor is surely not a silver bullet for your privacy and anonymity and that's what I always stress at my Tor related talks but it's really a good program and you can't just think that it can be faked by such a poor mitm (unless you're the one which change the stored fingerprint of sshd servers when your ssh client prints out that big ugly warning...)

Those weeks were quite interesting for our government: Veltroni, actual Rome major, made a law during Marini temporary government to allow italian major to run for elections. You know, Rome is such a small city that it can really run on its legs and it's really sad you can't both take money from being a major and from running elections at the same time. Ad-personam laws. Deja-vu.
On the other side Berlusconi proposed the roadmap of the first 100 days of his government. Deja-vu, again.
Have you noticed that there's really no difference between left and right any more? During elections, they just talk about big interesting things they'll surely do during their government. Just for sitting in parliament once elected to grab as much money as they can.
Oh, by the way, we entered "par-condicio" elections period so fuck you, all.

I hope this week will not be busy as last one, anyway here's a small recap of what happened some days ago :)
On Tuesday I attended Infosecurity2008, really nice fair, where I had the opportunity to talk about tor and anonymizing networks once again on behalf of sikurezza.org, I also get to know some smart guys from that mailing list. Then on Wednesday night there was the mailing list party: lots of infosec hackers, lots of pizza and lots of beer too. It was absolutely funny.