Posts by Christian Berger

Well we knew that their use was rather limited

However, at least in Germany they actually have turned into a beacon of hope, but not in the way one would expect.

The German tracing app CWA (Corona Warn App), not only followed the minimal standards you would expect, like having public source code for the app, no they have public source code for all components including public documentation on the rationale behind the scheme they used.

And the design was very decent trying to keep the advantages without compromising privacy. Essentially it was done in a way you only had to expose yourself when you got tested positive.

Now the main point of criticism was that it was hugely expensive... until the Luca App came along which claimed to do the same thing, but was developed a lot less competently yet charged a similar amount. While the CWA people actively engaged with the security community, for example by giving talks at hacker conferences, the Luca people only complained that people were complaining about basic defects of it.

Pasives are not semiconductors

Particularly not resistors, inductors and capacitors.

Passives are more or less defined by not being semiconductors. (there are of course exceptions and gray areas)

Nobody expects that kind of software to do anything other than...

...waste CPU cycles. After all the only remotely sensible feature (scanning for known bad strings of octets) is only semi-useful so vendors try to proof maths wrong by trying to find out if code is "good" or "bad" by just looking at it.

Well why bother with it at all?

I mean after all those are devices where actual security is more important than any kind of security snakeoil. Just build them in a sturdy and locked case and have decent hardware interlocks to prevent bad things from happening.

If bad things can happen from errors in the software, secure boot will not help you much, as in order to change the boot process, you already need very high privileges. On the other hand, the charge process, which can cause harm if interfered with, has to have interfaces so the outside world.

Well the requirements of loading data overlap with the requirements for audio

Essentially audio tape formats in the home computer era work by storing pulses on the tape. This was done in order to keep the hardware simple and to be able to deal with extremely horrible tape decks running at the wrong speed.

If you manage to keep a pulse vaguely coherent, you will be able to get the data through. This is also called a linear phase response, or a constant group delay. This isn't as important for general audio, so back in the analogue days people didn't take the effort of doing so.

Now since everything is digital, it's easy to have filters with linear phase response.

Also any general purpose audio codec has very little reason to mess with the phase, so the data will likely go through given sufficiently high bit rates.

BTW back in the analogue days there was a variety of ways to deal with non-linear phase responses which you could have when the audio was transmitted via television or the radio. The WDR Computer Club (West Germany) had a device which would cup off the overtones of the tape signal. That way they didn't need to care as much about what the overtones contributed to the signal. In (communist) East Germany, the solution was to broadcast the signal in stereo, loud on one channel and with 10dB attenuation on the other one.

Some time ago I listened to a talk from one of the Kubernetes proponents

It was a talk about security issues, and when it came to the issue of over boarding complexity often caused by Kubernetes he said that there is a difference between "what people want" and "what people need".

Seriously if you want complexity maybe you shouldn't work in IT, and area where complexity is the main problem.

I wonder where the myths about IPv6 came from

I mean IPv6 is not inherently more complex than IPv4, in fact it's much easier in many regards (like stateless auto configuration for networks without DHCP).

My guess is that it's because of the "hype" people which crammed more and more "experimental and optional" (read unused) features into it like "IP Mobility" or "NAT64" or "NAT46". However nobody really uses that. In reality IPv6 is not much different to IPv4. It's a separate network sharing some infrastructure, it codifies some nifty ideas you have in IPv4 in a cleaner way (e.g. your local nameserver should always listen to a fixed local anycast address so you don't need to configure it). Nobody uses those advanced features except for experiments.

There are 2 main underlying problems here:

1. Mozilla doesn't care about its users. They fail to understand what they exist for and instead work against the user.

2. Web standards are so utterly complex, that it's impossible to write a truly free browser. The code of browsers is to complex for a single person or small group to make meaningful changes. The code is, in a way, unfree, but not because of license, but because of complexity.

Well at least they were cheap...

Mac books are cheap, aren't they?

Well yeah...

yet another reason not to execute code from untrusted sources like advertisement companies. We really should be working on getting rid of executable code on webpages.

It is perfectly adequate technology for this

After all that is just a sign that can display text. Serial lines are more than adequate to get the data there. This probably uses something like RS-485 which works much better for long lines, but is otherwise nearly identical to "normal" serial lines. Also it works over normal twisted pair and doesn't need higher grade cable you would use for Ethernet. BTW you can run such a system in a unidirectional mode so an attacker on the bus can eavesdrop and modify the data, but not access the master.

I mean this makes a lot more sense than what a German railway company did, using Windows PCs to directly drive their station signage... with the obvious result that eventually they were hit by ransomware.

BTW they use a somewhat different logo in Germany

https://www.nasa.de/

It doesn't protect the screen

So whenever it is dropped there is a serious chance of cracking the screen. Why on earth did they copy that design flaw from Apple?

Wait Microsoft has E-Mail?

I thought they'd only have Outlook and Exchange.

Banking isn't really a highly computational process

For example on average there are only around 1300 credit card transactions per second in the US. While this may sound like a lot, it's probably less computation than playing an MP3 file takes.

Of course there is _way_ more database activity, but we live in an age where storing your database in RAM or on fast flash memory is feasible.

To put this into context, every fixed line call in Germany has to go through a complete lookup of the portability database. That's a database listing every number that has ever been ported. That's millions of datasets. The lookup works with a simple barely optimized program which rarely takes more than a millisecond to look up a dataset, even on a very modest computer.

It's an insane idea

First of all, it's extremely easy to do something and pin the blame on someone else. Want the Russians to be the culprit, buy a Russian PC to develop your code on and leave Russian language clues. Attribution is basically impossible, unless you are dealing with stupid people.

Then there's the whole area of side effects of doing this. If you want to make attribution easier you have to make sure that things like anonymous communication disappear. This endangers large groups of the population, from whistleblowers to homosexuals. Probably even people like security analysts.

Third it doesn't fix anything. The security holes are still there. If they are not used by criminals they probably are used by "Lawfull" organisations.

In short it's an insane idea, not well thought out and based on assumptions which have been proven wrong many times.

Actually Galileo has reached its most important goal

Since the planing of Galileo both Russia and China have created their own satellite-based navigation system. Most mobile phones today support all 3 fully operational systems now, and they are all operated by different entities meaning that even if one decides that Europe is evil, there are still 2 other systems.

Now if they'd only have any semi decent search

For example the search function in Outlook can only search for whole words. So if you have a composite nown (as common in Germany) "Ticket" won't match "Carrierticket". Of course in the age of multi megabyte RAM in PCs doing a full text search of the subject still seems something hard for Microsoft.

What do you expect?

Sonos always was more of a lifestyle product aimed at people with more money than brains. I mean it was always obvious that those things were bound to happen as everything relied on proprietary and closed standards.

Normal audio equipment, on the other hand, is designed to rely on open and simple standards. The analogue line in virtually every device has will still work in 50 years just like it did 50 years ago. Bluetooth and HDMI, while probably not around in 50 years, are widely supported from many different manufacturers.

Usually reports of shortages have one purpose...

and that's to boost sales, as shortages mean that it will become harder to source something. Considering this, it also makes sense to lower the prices, this also boosts sales.

To me it looks as if Intel wants to reduce its stockpiles of older processors.

I don't think it's against "Copyleft"

It's just that more and more little toy projects get shared on github. There the idea is that someone wrote some code which isn't worth thinking about copyright, so they simply slap on some BSD license as they don't care what is being done with that code.

It's more a sign of a rise of casual code sharing on github than a fight against copyleft.