Motorcycles were quite useful in Paris, besides busses they are a nice way to get around. Unfortunately, there are too many, today. Spending 5 days and 2500km in the French and Italian Alpes, or more, was always fun. There are boats, they move a little bit slower. Lots of canals in France and around.
Von dem Willen beseelt, als gleichberechtigtes Glied in einem vereinten Europa dem Frieden der Welt zu dienen, ja das ist was feines. Hiermit bestätigen wir, dass wir uns zur freiheitlichen demokratischen Grundordnung der Bundesrepublik Deutschland bekennen und keine Aktivitäten entfalten, die der freiheitlichen demokratischen Grundordnung widersprechen. Sicher ist sicher! Wohlmeinender Anarchist bleib ich also deshalb.
Ein Mensch unter Beobachtung ist niemals frei; und eine Gesellschaft unter ständiger Beobachtung ist keine Demokratie mehr. Deshalb müssen unsere demokratischen Grundrechte in der virtuellen Welt ebenso durchgesetzt werden wie in der realen. (Umberto Eco, Tom Stoppard, Paul Auster, Jonathan Littell, J. M. Coetzee, Elfriede Jelinek, T. C. Boyle, Peter Sloterdijk et al.)
The sections on this page contain an extract of my work, the text is organised in rough inverse chronological order. You might want to read this bottom up. In Google, sometimes this page disappeared.
EdelWeb, GCTech and ON-X since 1995 (EdelPhase) Ubi bene, ibi patria
After having worked in public research institutes, now living from commercial activities in another country and creating a company. The company was sold twice, and IBM liked our logo (, as do others).
In 1995, I spent an evening to add another dimension to the java sample
three-dimension wire-frame display applet to learn a bit of the new java hype. This was
20 years after having seen a film presented at one of the Annual Mathematical Conference in Bonn produced picture by picture to visualise four dimensions and functions from ℂ to itself like square roots, exponentiation or logarithm.
December 2013: Contributed a clone from to Jürgen Winkelmann's TK4- IBM MVS environment. Karel Babicky, former head of the SIMULA group Norsk Regnesentral, has contributed a newer version of the self reproducing test program (compatible with the language standard and working both in ascii and ebcdic).
Working on ISO20022 modeling for secure factoring services.
October 2013: "Hacked" ON-X BFA Services, our subsidiary for financial business as a A small HTML5 and CSS game.
March 2013: Delivered a WSDL security solution for OPTOAMC.
2011: Back to early roots: HTML5 hacking and avoiding <DIV>itis, as you might see in the source of this page or better for example here. Some debates for example about reset.ccs vs normalize.css or the meaning of <section> are like comparing cars.
The OpenSSL team integrated the EdelKey SRP-TLS implementation. Some followup cleanup to make the code RFC 5054 conformant was necessary, and some feature to enhance usability in non-blocking mode. Documentation is still missing.
Defining an architecture to update smart cards for a federation of French Complementary Health Insurance providers. If things are technically clear and feasable, some people don't like not being able anymore to hide their political agenda.
In 2010, a specification for a mass storage USB device with encryption using zero footprint on a host system to unlock the device, e.g., by using something like "echo '1234' >/media/pindev/the.pin" or even "cat /media/pindev/the.pin/1234" Well, some manufactuters are shadoks.
In 2009, I became a more active in the FedISA association, a reasonable follow up my research of secure archiving. As such, I actively participate in the CN171 of Afnor, the French branch of ISO to develop the new NF Z42-020 (leaving the LTAP work in standby).
10 years anniversary of my timestamping server. It has exponential growth (roughly doubles each year).
9/9/9 EdelWeb ceased to exist as a company, the name remains as a brand. Some colleagues still don't understand that.
Do one-way permutations exist?
Between 2008 end 2010, several activities around the company PKI for Société Générale: audit of software for the root CA structure ceremonies, development of the key ceremonies for the operational CAs, definition of an enrollment and card delivery process, specifications of usage guidelines for applications, CA policy statements. The work covered organisation, techniques, programming, and some politics.
Block IMSConnect's TCP stack with less than 100 TCP/IP connections.
Quite a little bit of source code auditing of C, Cobol, Assembler, Java, Pascal, ... Although it was for security, the reality is more about quality of code.
Specification of a profil for XML based signatures for the French DGME. This specification actually limits the whole Xades text for digital signature to a very small profile just by demanding the inclusion of a certificate reference into the signature.
The EdelKey Project, this was presented at the 2005 EFPE conference and an section is published in the proceedings of the 12th DFN-CERT Workshop Sicherheit in vernetzten Systemen. It took 2 years to convince the OpenSSL and Apache high-priests to get the amuse-guelle part, i.e., the TLS server name extension support, included into the products, IPV4 shortage helped here a bit. And 7 years for TLS-SRP, free competition seems useful.
Technical management of the EU IST project OpenEvidence (There were two motorcycle tours involved to Prague, Vienna and Ljubljana, and the other
to the 2004 EPFE conference in Poland. (2002-2004). The demo software is a followup of the Clepsydre project. The is also a free PKI service.
Studies, installation, and administration of application security infrastructures (certification authorities, secure message handling, time stamping). a little goodie was to provide an OpenSSL version directly usable with VB, i.e., with _stdcall calling conventions.
Design and implementation of the French La Poste Clepsydre pilot service (2000). We threw away most of the proposed design,
i.e., a service based on RFC 3161 and some proprietary user management. We choosed to use RFC 3029 - DVCS and X.509 certificates for clients which made the solution elegant and small, and it is a free X.509 certification authority.
EdelSafe architect and development, a server based solution for signature and certificate validation using RFC 3029 - DVCS. (1999-2001).
The architecture received an authorisation for use of cryptographic tools from the French authorities, since it allowed to centrally manage encryption certificates for gateways and authorities.
Project manager of the French part of the EU project EuroTrust (1996-1997). During this work, I participated in the French GTFA (Groupe de Travail de Fournisseurs d'Administration) which worked on the French contribution to the EU directive on Electronic Signatures. We also programmed a little OCSP server using a bit of reverse engineering of the Unicert ORACLE data base.
Autumn 1997: Recovery of EdelWeb, a new work place at a north-west corner in the Montparnasse Tower. IBM helped us, they liked our logo.
Design and development of a MIXER-RFC 2156 gateway (X.400/88-MIME) with E3X. (1995)
Integration of electronic micropayment systems into web servers. You could buy Le Monde in 1997 (five french francs) using the GlobeID/Klebox virtual wallet. Together with Patrick Teti, we hacked a html forms based webservice to connect the GlobeId merchant kit to the InterShop Mall software, kind of SOAP with html forms encoding.
Summer 1995: EdelWeb was sold to GCTech.
Tools for remote administration of web and mail servers.
INRIA convinced me that it would good for me to spend some time in Rocquencourt near Paris
allowing them to benefit a bit of my previous work, and for me to learn something new.
I jumped into the Unix world and became a member of the COMISO group at INRIA.
We developed automatisation tools for the message handling operation and supervision, thus, after a short time, we all had lots of time for research.
The Y-Net X.400 and Internet gateway project of the European Commision, and the RENATER Internet/X.400 gateway project, that was what we were payed for.
Participation in RARE working groups for message handling and directories,
Development of some applications using mofe/wafe, like the HiLarité MabouLe HTML editor,
X.400/Internet MIXER gateway prototyping, work with students from Ecole de Mines, St.Etienne.
EARN Office France 1991 (Phase IBM/VM) Quid sit futurum cras, fuge quaerere
GMD had started shutting down all mainframe activities, and, in particular, their IBM MVS facilities. Networking was well on road in Germany. I decided to take a break and took a sabbatical year (from GMD) to worked at the EARN Office near Paris as technical staff member (Paris is in France which is in Europe on Earth, Solar System, Milkyway, The Universe, Et Dieu créa lemonde.fr).
Maintenance and development of network configuration management tools, i.e., GENROUTS and UPDNODES, actually not UPDNODES because it was just working fine, so I had time for other things.
Evaluation of the X.25 networks REUNIR and IXI, NJE/OSI interoperability with VAX/VMS systems. The Joiner people were very nice partners.
Training of new EARN sites, e.g. SUEARN operated at the Institute of Organic Chemics at Moscow, today www.free.net.
Design, implementation and operation of gateway between IBM's internal network and EARN, in cooperation with IBM France and CIRCE Orsay. This gateway actually uses two gateways converting from the proprietary architectures towards X.400 in back to back mode. One was the standard offer from IBM for interfacing their network.
GMD 1981-1990 (Phase 2 IBM MVS) Ne discere cessa
After I graduated at the University of Bonn in 1981, I worked with Volker Blasius at the IBM center of GMD. Volker explains the history of GMD quite well. GMD does no longer exist, the institutes have been integrated into the Fraunhofer Gesellschaft.
IBM MVS system programmer, design, development, maintenance of OS extensions, and all that jazz, too (JES2) and very exiting.
In 1990, the EARN association contracted us to rewrite GENROUTS which because GRIBM and another version GRANSI based on the same source but just the few IBM non ANSI extensions removed.
I worked with several students in order to develop prototypes for network services.
For example, we developed two different gateways for the IBM SNA/NJE protocol, one written by Volker Sand in PLI/1 communicating directly with the X.25 mapped SNA LUs in the communication controller, and another, together with a student of the University of Heidelberg, written in assembler on top of OTSS/OSNS. A interoperable implementation was later made for VAX/VMS by Joiner as part of the Digital support initiative for EARN. (Yes, the company, the other dinosaur). NJE/OSI is NJE over a little bit above session layer. It actually doesn't use anything of the session layer, and flow control was not doable in the IBM stacks. Actually IBM's NJE over TCP had and still has an end to end flow control problem, NJE is a multi-channel application. Connecting two sites that had both a local NJE name UCLAMAIL created a little problem with the JES2 path management.
Development of UCLA/Mail400 in 1987, an X.400 extension of the previous including a RFC 987 gateway, sponsored by DFN. X.400 P2 data structures and RFC 822 are basicallly the same thing (as can be seen from the gateway specifications. MVS was not yet a fully dead dinosaur and UCLA/Mail together with its user interfaces was a powerful system by thousands of people, thus came the idea to add an X.400 communication module to it. This was done in cooperation with Softlab. What followed in 1988 was 16000km tour between Canada and Mexico to show my motocycle to the friends at UCLA. UCLA/Mail400 was presented during an EARN network conference in Izmir, Turkey, which led to a new customer in Strassbourg. Installing the software in hot-plug mode on a central computer of Volkswagen was done smoothly, although the Adrenalin level was raised.
IBM cooperation for Network Information Center Environments, a project to create user client software to interface EARN services like the user directory, Or a NETSERV/LISTSERV file server cache. In 1984, the EARN network fileserver NETSERV by Berthold Pasch was a beast to which you talked like 'GET filename' or 'PUT filename' like in the first HTTP, earlier servers in BITNET and then also Eric Thomas' revised LISTSERV also used this protocol, Eric worked for some time at a well-known place in Geneva in these days. ... Montpellier->Bonn, 10 hours, 13 July 1990, and a presentation of German network activities to French scientists at Strassbourg University. The light show at the cathedrale was impressive on this 13th july evening. My French was "fair". I invented words like "expecter" or "bombastique".
In 1983, the major work of restructuring system modifications was finished. Later maintenance or installing new versions of MVS, JES2 or RACF became very simple. At that time, GMD joined the European Academic and Research Network EARN and BITNET and also the Deutsches Forschungsnetz DFN. I soon participated in the German EARN technical support group together with the staff at GSI Darmstadt and IBM Heidelberg to bring in our MVS skills into this VM dominated network world. Besides my growing interest in electronic mail, working in a world wide NJE network with at its highest time 4000 network nodes operated by several hundreds of independant institutions needed some thinking and tools developement network management, routing tables, etc. I wrote UPDNODES (and its documentation), for example, kind of LDIF for the BITEARN NODES database. Berthold Pasch's checksum routine was very useful as a defense in depth method (in modern jargon). To finish one of the management meetings: 800km on a motorcycle on the island of Crete during a weekend after an EARN technical meeting.
Some hacking in UCLA/Mail, an electronic mail environment for MVS to be used in BITNET, EARN and the early Internet, working with colleagues in Los Angeles and Tel-Aviv, sometimes in two shifts, exchanging the code via mail.
A full screen TSO logon procedure. About 5 years later, IBM started providing something similar with still less features. When I had some work to do on a Z/OS after 25 years, I noticed that IBM is catching up. Pretty boaring, in the end.
My first assignment was a complete replacement of all existing system modifications by using defined exit points of MVS and JES2 and a migration of the GMD developed accounting and user management system (10 cm of assembler listing) by RACF features. When I compiled the stuff once, the generated code was a few instructions longer. I discovered a bug in IBM enqueue macro: asking for exclusive access to one resource together with shared to another resulted in a shared request for both resources. The assembler macro set mentioned below got integrated into the System Programmer's Tool Set (SPTS). One result was a kind of directory system implemented using RACF user data (with a 1cm listing), and accessible through a high level user mode API, i.e. no need for low level assembler programming or APF authorized programs. Today one might call this "kernel enhancing middle-ware". Klaus Strelau had developed the famous SVC 255 with its logic to call some routines in SYS1.SVCLIB, quite useful, no IPL for maintenance.
University Bonn and GMD 1973-1981 (Phase IBM MVT and MVS)Nam quod in iuventus non discitur, in matura aetate nescitur. Gaudeamus igitur iuvenes dum sumus.
I studied Mathematics at the University of Bonn, and graduated in 1981 with a work on Über die Anzahl geschlossener Geodätischer kompakter Mannigfaltigkeiten negativer Krümmung. (The number of closed geodesics on compact manifolds with negative curbature). A zero curbature compact manifold is a torus, think about the straight circles you can have there. Since 1975 I also worked on an internship at GMD.
While writing the COMEDY I enhanced GMD's assembler macro set for structured programming. This macro set was also used by Klaus Birkenbihl et al. in the port the B.I.T.S system (initially developed for 360 MFT) to the MVS/TSO/ISPF environment, and later, by me, in many MVS system programs, exits, etc. The macro set became part of our the (System Programmer's Tool Set SPTS. Others added a pseudo code processor, and an assembler listing beautifier, both essentially targetted to work nicely with the macros (treating them as instructions) and unfolding of inline functions.
TheComputer Output on Microfilm sYstem aka COMEDY, processed by a modified CALCOMP microfilm printer controller whose 48x reduction lens problems were much worse than the ones of the Hubble telescope.
An important internal use of the Comedy was done by Volker to print PTF cover letters allowing to use effectively the huge sets of IBM microfiches. By accident, I didn't manage to keep the source code of the COMEDY, I just have a microfiche and a binary. It seems that I started to be interested in long term archiving of electronic material near that time, must have something to do with family history.
A companion programm was a hacked version of the IBM MVS External Writer to transfer the results properly separated by tape labels. During that time I got another idea about IBM's claims to be able to produce quality code and their resistence to make changes in order to remain compatible, well, at least not when they program in basic assembler. Not only MVS, when I saw some VM server code later (e.g. RSCS V1), well... Things got better with PL/S.
A TEΧ output driver for Calcomp on 35mm film, we had no laser printer at that time. The lessons in typography and page layout became very useful later. An off-by-one error gave nice characters. No caligraphic studies though.
During summer 1978, since I the meaning of BAL, I spent three months in the US doing some IAESTEpractical training at the Swiss Colony Computation Center in Monroe, Wisconsin, and 13.000 kilometers in a Greyhound bus. Back to card punching and assembler for DOS. They had some very nice house in th city, and the burgers at the depot were delicious.
C.H.A. (Kees) Koster gave some programming courses at GMD; from one about CDL2 which later becameCDL3, you may see some impact in my C programs (e.g. in OpenSSL contributions) and others.
In 1975, GMD opened its own IBM facility with an IBM /158 running under MVS. The TSO system equiped with SPF was a real difference compared to card punching.
I started at GMD as a student to work on a CALCOMP computer graphics and microfiche systems, doing software development, maintenance and operation. Programming these machines with their 8K nonets (9 bits) of memory makes you modest. The CALCOMP mainframe software was an huge piece of FORTRAN code. The 900 controler assembler was written in FORTRAN.
GMD also had a Telefunken computer TR 86, which had at that an interactive vector graphic user interface GRAFSY with pull down menus, and track balls, a mouse input device, etc, well, only 64K of words of 24 bits, and you could compile and run some FORTRAN programs. The vector graphics displays were often used for airplane traffic control at that time. One might see these in Hollywood films of that time. Once on a Sunday, smoke in hall while powering up a printer. I was lucky, the sprinklers didn't react.
In 1973, when I began my university studies at Bonn, P.P. Spies just had the great idea to introduce SIMULA 67, not only in a small 3 weeks course but during one year in order to learn the language, to program, and how the virtual machine works.
Besides that, for programming there was the never ending waiting line at the card reader and the noisy printers, but sometimes it was also possible to use TSO on IBM MVT, the machine was an IBM /168.
In other words, we could use the machine almost like a PC today, but share it among several users and all then batch processing. The machine was 100% busy, 24/24, 7/7 as they say in France.
Once upon a time ... Fiat lux
Coming to the initial singularity:
Ach ja, alles wahr. Das Sexualleben der Borstenschweine ist bisher nicht ausreichend untersucht
worden. Die Konsequenzen dieser Ignoranz für die Weiterentwicklung der Menschheit sind
unüberschaubar. Allerdings müssen wir vorher noch wichtige andere Angelegenheit erledigen.
My first attempts of computer programming was on an Olivetti Programma 101 in 1971 (if one can call this a computer). I still want to remake an emulation of the machine and to remember my award winning prime number program.