Posts by Christian Berger

Re: Bah!

"Er ... are you saying that the best place for housing computers is a Portakabin?"

Well Portaloos are more for network equipment:

https://upload.wikimedia.org/wikipedia/commons/5/59/CCCamp_2007_Datenklo.jpg

Static IP addresses were standard with early ISPs, in fact there was a volunteer driven one in Germany which even allowed you to get your static IP no matter which dial-up number you were using.

There's a nice talk about that time:

https://media.ccc.de/v/34c3-9034-bbss_and_early_internet_access_in_the_1990ies

Re: Why?

That is a valid point, though at todays flash prices one might be better off just buying the next door flat.

You're missing the main feature

I mean of course you could make a watch that displays the time, but where's your revenue stream? Instead the vital feature is data collection. I mean how can you make money if not by selling private data of your product?

Re: Enigmail was usable

Yes, but there were still many things that it could have done automatically, like sending your public key with every mail, and signing every outgoing mail by default.

It shouldn't be to hard to make GPG do the "sensible" things by default, yet enable you to drill into the details if you need to do so.

Fingerprint sensors are useless

I mean those devices have very smooth surfaces which you touch with the same finger you use to unlock them, so that's rather insecure.

Also obviously this is only the simplest step. The next step is using a photograph and using a pen to simulate blinking. Then there's putting 2 contact lenses (or other kind of bubble shaped piece of transparent plastic) onto the eyes. Eventually you'll reach the mask which will probably fool all of those devices.

Essentially biometry is broken for authentication. It doesn't matter if you add more obscurity to it, you cannot make it as secure as a password. However since many phone manufacturers refuse to let you have a propper keyboard, entering a password is near impossible on those devices.

Re: The problem with that is...

"What is UEFI for and why does it even exist?"

Well booting modern PCs is hard, as there was always a strong push for compatibility in areas where it was questionable. One example is the support for emulating AT-keyboards when you only have an USB keyboard. (that's used for running Windows, which took quite a while to support USB, to work with USB keyboards) For that you have things like "Service Mode" which contains highly privilidged code running on your CPU.

However today we can get rid of most of that stuff. Operating systems today either use BIOS functions or they have direct hardware drivers for current hardware. So in theory we could get rid of "Service Mode" and other bugs like it.

However allow me to introduce a conspiracy theory. Imagine you work for a secret service. You'll look around you and you notice something terrible happening. More and more people are encrypting their communications, less and less of that code comes from companies you can controll. It's simply not feasible to add a weak cypher to a crypto suite without people getting suspicious.

However you have one chance. If there are bugs in the implementations, you can find and use them. Now the crypto-primitives (AES, hashes, etc) themselves are rather secure. They have defined inputs and outputs, and if 2 implementations deviate at least one of them is simply broken. What is left is the protocolls. So what you do now is to support bugs. The easiest way to do so is to make the protocolls so complex, that nobody can implement them without making major bugs. Introduce certifications so people are afraid of cleaning up code. The more complex your protocol will be the fewer implementations you will have and the more bugs those implementations will have. If I worked at a secret service, I would love HTTP/2 as it greatly increases complexity at both the server and the client. I would love the modern web with it's numerous redundant features. UEFI would seem heaven sent, as it means that BIOS chips will be really large, and end user neither have any chance of knowing if it'll be bugged nor be able to use their own, minimalistic and safe, versions. It'll be like in the "good old days" where you could just tell Microsoft to include your key into the system.

Re: 1k qubits ?!?

"I wonder if quantum computing is the next fusion?"

Well it could be worse. We know that fusion works, the sun does it. However we do not know yet know if quantum computers or any significant size are possible. It could still be that there are fundamental limits which make this impossible. However however that goes, we'll still know a great deal more after having tried to build quantum computers.

Re: Bah. It's just the usual "Too good to be true" promise

"imaginary "MA2412""

But I learned about it from a VHS video tape I got directly from the ORF-Shop. Surely their standards of reporting wouldn't allow them to just lie on video tape. It would be like if Doctor Who would turn out to just have been made up.

Re: There are some technical bugs we can certainly fix

Well VNC is one way this could be done. Considering the terrible state of the web, I don't think VNC would actually require more data than the current web. After all most websites are now larger than screenshots of themselves.

However there are lots of other ways to do this. This is something I don't have a set answer for, but something I'd like to encourage experimentation.

Re: Any change to notepad is big news of course.

Well Notepad++ and Notepad are something completely different. Notepad has it's use for just being a "paste buffer" that can also strip format information from your data.

I've looked at Notepad++, and I see little reason to use it. It seems to lack a unifying vision. It just looks like a lot of non orthogonal features added to a simple word processor. It fullfills most prejudices people have about Windows software.

Re: Sending a photo via SMS

Sorry, I meant E-Mail.

Re: What I don't understand about a memory centric architecture

"The alternatives are 'file centric' architectures"

No, there's another obvious architecture, message passing. If you build your interconnection on asynchronous messages it can scale very well. It's the concept the Transputer used.

It's research

No actual applications are currently on the horizon, but it might be usefull some day.

However we now have the situation of people peddling homomorphic encryption as the solution for the cloud. To those people I can simply only say, if you don't want others to get to your data, store and process it on your own computers.

Re: Errr....

" I don't see a dust filter on any one of them!"

Yes, that's because through clever design those are integrated into the case. Essentially meshed surfaces are fairly decent dust filters. The idea is that they catch all the big particles while the rest will simply be blown out by the fans. I've first seen an eary concept of those in an expensive measurement device. There was a hive-like structure perhaps 2-4 cm deep just mounted on the air inlet. This structure cought all the relevant dust and kept the rest of the device virtually dust free.

Re: There's a non filler talk on that topic

"Not sure what a non-filler is"

Some sites have lots of articles without any useful content, those I call "filler articles". It seems like there are even whole conferences devoted to nothing but filler material designed to take up space and to make you look innovative even though it's extremely low on content.

Re: Win10 telemetry had one job. And it failed.

"But... wasn't that the whole point of telemetry??????"

Why do you asume that it's for quality control? Why would Microsoft care about quality at all? I mean they had a short time when they cared about quality and every developer had to fix bugs before writing new code. That happened in the early 2000s, just after Windows XP. Although it was most likely a coincidence (Vista) managers probably see that as the reason why sales slowed down afterwards, so they do a U-turn.

Because of Hype

"Why would any even partially competent sysadmin still do these things?"

There are lots of people out there who happen to come accross a few gigabytes of data. Then they find out that when they put it into an SQL table and don't think about what they are doing everything is slow. They decide that this must already be "big data" so they google "big data" and come accross all those tools designed for it. Since they previously have proven that they have no idea what they are doing, they will of course fail installing their fancy new toys.

People who both know what they are doing and have to use things like Hadoop to achieve their goals are rather rare. Therefore it's likely that any given installation was done by people who have no idea what they are doing.

Re: The obvious message here is...

Yeah, like many exploits this is hard. However that doesn't necessarily stop people from exploiting it.