* Posts by Frank Gerlach #2

138 posts • joined 9 Jan 2014


Data-spewing Spectre chip flaws can't be killed by software alone, Google boffins conclude

Frank Gerlach #2


Just run OpenOffice instead of GooOffice. Upload files to your file server using SSH. Don't run macros in your office package. Very secure, no Spectre stuff feasible.

Frank Gerlach #2

Back in the Real World

...everybody was salivating about benchmark results, benchmark results and more benchmark results. That was how CPUs were (and often ARE) being compared.

One of several cases of Clockmania, a desease of the "developed" world.

Frank Gerlach #2

Cool Down

"We" as in "computer and software industry".

I'm just not sure the computer works here – the energy is all wrong

Frank Gerlach #2

Re: Mythbusters

"That was enough to create a radar jammer so strong"

I am sure some sort of witchcraft was involved in this world of yours.

Encryption? This time it'll be usable, Thunderbird promises

Frank Gerlach #2

Re: How To Do Encryption IN THE REAL WORLD

Yeah sure. Fasten your tinfoil hat.

Huawei CEO defiant on security claims, vows to be so good, 'no market can keep us away'

Frank Gerlach #2


"Thanks" for removing factual information.

Frank Gerlach #2

A full Huawei-Telecoms network will expose you to a "total telecoms shutdown" in case of serious tension. E2E Encryption won't help you against this threat.

Frank Gerlach #2

Re: “Will never be”...

All the "unfortunate bugs" (buffer overflows, invalid pointer accesses, bad parsers, hardware bugs) will be for all practical matters be indistinguishable to backdoors. They can be introduced by mistake or not by mistake. But of course they can be "explained" as "mistakes".

And the government folks who inspect Huwaei gear in Britain will most likely not find many of these "bugs", given their track record.

This post has been deleted by a moderator

EU politely asks if China could stop snaffling IP as precondition for doing business

Frank Gerlach #2


By means of the state-level trade policies and practices, Chinese companies enjoy many advantages over their EU and US competitors. It is by no means "free trade", but a one-sided affair which hugely benefits Chinese corporations.

The chicoms have been playing the "third world country" card to gain unfair advantages and they still exploit it, despite commanding entire markets such as telecoms equipment. Our corrupt elite allowed them to destroy Nortel and Alcatel-SEL.

This must stop or Europe will descend into some sort of third world area.

Frank Gerlach #2

Re: Dumb...

More a matter of: China wants "Joint ventures" for high speed trains. They demand technology transfer from each "partner" (read: victim).

A) Get the wheel and suspeńsion technology from Alstom

B) Demand the realtime control software from the Japanese

C) Require Siemens to share the motors and HV technology.

D) Combine A to C in order to build a Chinese version

E) Stop buying any train technology from the Japanese, French and German S4ckers.

Frank Gerlach #2

It appears that a tiny elite profits from shipping European and US jobs to China. Because they can then expand their IT empires a bit faster as compared to using US or EU hardware.

Google, FB, Apple - megalomanics who care only about themselves and have a strong lobby in Brussels and Washington.

Frank Gerlach #2

One-Sided Contracts, Chinese Steamroller

The Chinese (by means of Huawei and ZTE and the like) have already destroyed a major part of European and Canadian telecom equipment makers: Nortel, Alcatel-SEL. Nokia and Ericsson are in bad shape.

The Chinese can export whatever they want into the EU at small customs rate, but our companies must produce cars and the like in China, if they do not want to suffer punitive customs rates. Plus we need to hand over lots of IP in the process of "local production".

In other words: the incompetent elite of the EU has signed "one sided contracts" with China and the chicoms exploit it to the max. It is high time to stop this insanity, before we have more our our economy steamrolled. Plus, the Americans are right about the security and defense implications.


Google Translate will probably deliver a quite usable English version.

Windows slithers on to Arm, legless?

Frank Gerlach #2

Re: Suez?

Well, it looks more like that intelligent reasoning is frowned upon at MSFT.

Frank Gerlach #2

@AC / Efficient Languages

Indeed, if you want good usability and soft-realtime response of an application, you cannot use fully automatic garbage collection. The GC run will come at the worst possible moment from the user's perspective.

For example, you want to accept a call on the phone, but the UI freezes with a 3 second GC run. That will confuse the user and drop the call.

That is why Apple uses Objective C and Swift.

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

Frank Gerlach #2


Intel already has Itanium. So they might already have a "fix" in production. Tried and tested...

(yes, I know, HP/Multiflow did the heavy lifting and then sold/gave it to Intel for breadcrumbs)

Frank Gerlach #2

Re: Now CPU manufacturers must find GPU security bugs as well...

Yeah, slay the messenger !

Frank Gerlach #2

Fix D: EPIC / Itanium

As far as I understand it, Itanium does not use speculative execution. Maybe the huge investment into this type of CPUs was more useful than we thought up to now ?

Any expert opinions on this technological option ?

Frank Gerlach #2

Re: Oportunity for anti-malware?

Up to now only Windows needs Anti-Malware programs ("virus scanners"). It would be nice to keep it this way.

Frank Gerlach #2


For all practical purposes, data has Redundancy. From redundancy, you can figure out which data record you are looking at. The attacking program would search for file headers, magic strings and the like to find the target data structure it is looking for.

For an attack against cipher keys it would also be highly useful to simply have a full dump of the target process image. Then simply use every 16/32 octet sequence in the image as a key candidate. This reduces an "impossible" (key space search) problem to a "20 minute problem".

Frank Gerlach #2


Your CPU works quite nicely as long as you do not run untrusted code from www.shadyAdFlinger.com and the like. It is as fast as a supercomputer was in the early 1990s, but you pay only $1000 for it.

Frank Gerlach #2

Fix C: Disable JavaScript

Disable JS for random sites and enable only when required for work purpose, banking, mail etc.

Frank Gerlach #2

Fix B: Don't share Cloud CPUs

Sharing "cloud" CPUs is obvouisly a risky thing. Rent one CPU to one customer at a time.

Frank Gerlach #2

Fix A: Transputers

Give each program its own transputer to do its respective work. We have more than enough silicon to do that. Connect transputers via fast transmission-line-type message links (not just TTL lines as in the original transputers).

Then $EvilJavaScript cannot snoop on your Excel sheets.

Apple's top-secret iBoot firmware source code spills onto GitHub for some insane reason

Frank Gerlach #2


Why buy a Mercedes if a FIAT drives, too ?

Insurance companies now telling you what tech to buy with um-missable price signals

Frank Gerlach #2

Really ?

In my world, MSFT and Adobe dominate markets while not getting security right. Not sure about Cisco, but Apple has indeed a record of serious measures towards security.

For example they encourage (force ?) developers to sandbox their apps, which is much better than what MSFT does: google "Apple App Sandbox in Depth"

Of course they also have issues, but at least they appear to work on systemic fixes instead of just more band-aids.

NASA's zombie IMAGE satellite is powered up and working quite nicely

Frank Gerlach #2


It looks like Elon Musk is indeed much more efficient at building useful space launch rockets than NASA. Looks like NASA should focus on the sensors/satellites and let specialists like SpaceX do the hauling.

Frank Gerlach #2

You are a satelligynist and I will report you to Guardian.co.uk !

Frank Gerlach #2


You would assume they create a library about 2000 lines of code which encrypts+authenticates commands and protects from modification and replay attacks.

Something like I wrote in a few days: https://github.com/DiplIngFrankGerlach/MST

Having said that, NASA has a history of very weak network security. So maybe I am wrong :-(

Firefox 57's been quietly delaying tracking scripts

Frank Gerlach #2

Safari Supercookies

I am just looking into


and found lots of funny stuff, including a database of SVG snippets...

Frank Gerlach #2

SuperCookies ?

FF has a shortcut for deleting "ordinary" cookies and the history, but still no way to delete the Super Cookies which reside in a SQLite file.

When will this be cleaned up ?

Next-gen telco protocol Diameter has last-gen security – researchers

Frank Gerlach #2

The Only Secure Mobile Phone

Is a mobile phone switched off.

Telecom technology is by now wholly insecure from the backbone to the end user devices.

Whoever likes to hack it can have a go. Not just your local state snoopers.

It's a decade since DevOps became a 'thing' – and people still don't know what it means

Frank Gerlach #2

What I liked Most

"you should come up with some sort of beancounting ("metrics") "

It seems beancounting is a hard wired human activity.

UK border at risk of exposure post Brexit, warn MPs

Frank Gerlach #2

Re: Plus: Euro Currency

Before we had the € currency, Germany was doing quite well. So do Switzerland, Norway the Czech and many others.

The € is sold by politicians and mainstream media as a "peace project". But the Greek have never been more mad at Germany since 1945.

€ is good for Goldmann-Sachs and the likely. Everybody else would be better off without it.

Frank Gerlach #2

Re: Plus: Euro Currency

Here you can see the debt inflation:


Frank Gerlach #2

Plus: Euro Currency

Helmut Kohl and Jaques Chirac had a brilliant idea how to force the "United States of Europe" into place: Make all member states adopt a single currency and thereby kill a serious amount of their sovereignty. Like the DDR was killed by means of D-Mark adoption. Quite literally, if you look at their businesses.

Now Greece, Italy, Spain, Portugal and even France are dependent on perpetual credit (increase!) in the hundreds of billions per year from the ECB. All while their real economies are destroyed and unemployment goes through the roof.

Again: Rational decision to quit this club of madness.

Frank Gerlach #2


The most important EU state has decided to allow unchecked, unlimited immigration from hundreds of millions of poor Africans and Arabs. No need for documents, just walk over the border and say "Asyl".

Absolutely rational to quit this club of madness.

Looking through walls, now easier than ever

Frank Gerlach #2


What is going to happen is that politicians will get their jammers while the plebeians will have them outlawed. Just in in the unlikely case they turn out to be terrorists, you know.

Frank Gerlach #2


Any system based on RF waves can be reduced in effectiveness or even completely defeated using Jammers.

There are some questions regarding the legality, for example phone jammers are said to be illegal.

Once again, UK doesn't rule out buying F-35A fighter jets

Frank Gerlach #2

F35 Turkey Bomber

"Can't run, can't turn, can't climb".

Not my words:


Frank Gerlach #2

Typhoon vs F22 Safety

For a long time, the Jäger 90/Typhoon had no fatal accidents whatsoever, while the F22 had very serious issues in its flight control software right from the start.

Also, the F22 fleet is quite small as compared to the Jäger 90.

F22: Five Full Losses: https://de.wikipedia.org/wiki/Lockheed_Martin_F-22#Zwischenf%C3%A4lle

Jäger 90; Six Losses, one of it probably in combat in Yemen. https://de.wikipedia.org/wiki/Eurofighter_Typhoon#Zwischenf%C3%A4lle

F22 fleet: 180

Jäger 90 fleet: 515

That means the Jäger 90 has about twice better safety statistics, if you normalize by fleet numbers.

Frank Gerlach #2


Just buying from the french. They have a working carrier plus working aircraft. And it will not be such an asymmetric relationship as with the Americans.

Former US State Department cyber man: We didn’t see the Russian threat coming

Frank Gerlach #2

Poor America

Now their very own Cyber War Domain bites them !

Or so Clinton claims. Most of it probably is just her desire to blame something external for her own wickedness. For example, nobody still discusses how she fixed the primary election, to the disadvantage of Sanders.ROOOSKIES !

Intel Management Engine pwned by buffer overflow

Frank Gerlach #2

Back In 1997

I talked to an engineer from one of the Big network management companies. He told me that Intel had the idea that the CPU itself could run some sort of antivirus protection.

Back then I found it a rather strange idea and even today I find it even stranger.

We now find out what kind of contraption they have created. An entire OS without an update strategy and of course coded in the portable assembly language "C".

Frank Gerlach #2


Yeah. Let's deflect.



Biting the hand that feeds IT © 1998–2020