* Posts by Wilhelm Schickhardt

66 posts • joined 6 Jan 2021

Page:

The hour grows late, the enemy are at the gates... but could Intel's exiled heir apparent ride to the rescue?

Wilhelm Schickhardt

Re: Intel's new CEO check list

If that were the case, server programs would not be written with Java, PHP and monstrous frameworks. Java needs 2x the memory of an equivalent ObjectPascal program.

Wilhelm Schickhardt

Re: Intel's new CEO check list

The big monies are in the server room and the gaming bedroom. Power consumption does not matter there. So don't hold your breath for Intel to ever make something power efficient.

Wilhelm Schickhardt

Really Small, Really Economic

That would be the RPI 2. Good enough to

+ store your office files

+ store your code

+ run your personal web server

+ run an efficient discussion board (not PHPBB !)

+ run tinyproxy to filter out the tracker stuff

+ run an XMPP server for your self-controlled messenger

+ run the sn USENET server for your self-controlled discussion board

+ compile code using tinycc

It consumes 3Watts and costs less than 30 Euros once. Use ddnss as a dynDNS proxy service.

Wilhelm Schickhardt

Re: They should rebrand themselves as Penelope...

Or maybe we simply stop listening to the progressive political madness. Thats another option.

Euro cloud slingers fight for niches on their own doorstep as AWS, Microsoft and Google inhale market share

Wilhelm Schickhardt

Even Worse

Merkel and her ilk likes to talk of "Europe together", but when Alcatel, Nokia or Siemens are in trouble due to state-financed foreign competition, she does exactly nothing. Because the auto guys warned her not to offend their biggest customer, the Chinese.

The Chinese have by now established one-sided contracts, under which the Chinese have all the advantages and European companies are hamstrung. We have limited access to China and must transfer technology, but the Chinese can directly import their electronics from Shenzen to every little town in the EU.

Similarly, the Americans ignore GDPR and write up reams of legalese to enable this. European companies are fined by data protection officers if they attempt just 1/10th of the American data collection efforts.

The Russians by now have a stronger IT industry than the entire EU: Yandex, mail.ru, ELBRUS.

Wilhelm Schickhardt

Ren Zhengfei is the financier-entrepreneur behind Huawei. The man who got the state money to create the company.

Wilhelm Schickhardt

For a long time, the UK nurtured the excellent ICL VME mainframe computers (now part of Fujitsu). As industrial policy has now become totally uncool, this very secure approach is left to die, it seems.

Now, what if an "IT Airbus" were set up to compete with the industrial policy of America (DARPA, DoD) and China (Huawei and all the other megacorps) ?

We have some great brands such as Nixdorf, Bull, ICL and Olivetti which could be rejuvenated. There are plenty of great technologies and alternative approaches to be pursued. Oberon, Occam, Transputers, Eiffel, CompCert, SeL4 and quite a few more.

The Chinese managed to stand up a group of financiers-entrepreneurs (such as Jack Ma and Zu Rengfei) out of a population of dirt-poor peasants, workers, soldiers and apparatchiks in a matter of 30 years. Europe could do the same, if we only woke up to the challenge...

Wilhelm Schickhardt

Re: What's the definition of a cloud provider?

https://www.qwant.com/?q=list%20of%20european%20cloud%20companies&t=web

https://www.channele2e.com/channel-partners/csps/top-10-european-cloud-services-providers-csps-for-iaas-list/

Wilhelm Schickhardt

Re: What's the definition of a cloud provider?

Hetzner qualifies, I agree.

Seems 1und1 offers billing per hour, too: https://www.ionos.de/cloud/cloud-server

Wilhelm Schickhardt

Bingo

Europe is too much focused on regulation and not enough on CREATION. Most big companies in Europe date to the late 1800s, when there was a boom in the stock exchanges and when many new public stock companies were created.

Modern day euro politicians only know how to slice the cake and none of them knows how to bake a new one. They seem to not realize that innovation does not come from 100 year old corporations or by direct government action.

Airbus worked out quite nicely and it could work also for the world of computers, software and communication. If we only had politicians like Strauss, who could oversee the creation of something competitive and useful.

https://de.wikipedia.org/wiki/Franz_Josef_Strau%C3%9F

There would be plenty of opportunities in modern day computing, such as unhackable computers, privacy-respecting software/systems, sovereign computing and so on. But alas, modern day euro politicians are only strong on ego and otherwise mostly incompetent.

Defence ministers who never soldiered, health ministers who were bankers, teachers, lawyers.

Wilhelm Schickhardt

Re: Litte Guy Data Sovereignty

You must have heavy workloads if you need more than one RPI 2 for your personal needs. If that is the case, run up to 10 RPI 3s in parallel behind your DSL Modem.

Just never run inefficient stuff such as phpbb or gcc on the RPI, that is not fun.

Wilhelm Schickhardt

Re: Litte Guy Data Sovereignty

+ bittorrent for video sharing

+ IRC as a realtime discussion system

Wilhelm Schickhardt

Litte Guy Data Sovereignty

+ Teres Laptop running Linux from OLIMEX out of Bulgaria. Made by Yourself.

+ RPI 2 as a small, energy efficient server for secure worldwide file serving, XMPP server, source code storage, personal web server, firewall and much more

+ NextCloud, OnlyOffice run in your own/your neighborhoods data center

+ LibreOffice running on an RPI 2 instead of resource burning MS Office

+ XMPP/Jabber chat system. No police ID for innocents and no telephone list sharing required. Telephone numbers HAVE NOTHING TO DO with chat systems ! (except if you are in bed with snoopers international)

+ USENET/sn as a NNTP server for your community's discussion needs

Remember: the internet existed well before the corporations and their trillions of dollars invaded it. It continues to exist quite nicely without them and their government being in control !

Wilhelm Schickhardt

Data Is Power, Power Is Money

The kneejerk "free market economist" reaction is to browse for the cheapest cloud vendor, sign up and upload decades of valuable data to an American-controlled data center. Three days later, the Americans will download the data (in total secrecy and with the justification of "terror Inspection") and then hand it over to your American competitor.

I have to admit though, that the Americans are even more wicked than the Greeks - they make the Trojans pay for the horse !

JavaScript survey: React everywhere, Jest, Webpack on the up... if only it had static typing, sigh developers

Wilhelm Schickhardt

Security ?

In many if not most cases an insecure browser JS program will not create security issues, as one must trust the server side anyway.

But if you run JS on the servers side, you better have solid defensive measures or you will be hacked sooner or later. Strong typing is one proven security measure.

You can also run Rust on both śerver and client.

Another Rust-y OS: Theseus joins Redox in pursuit of safer, more resilient systems

Wilhelm Schickhardt

JavaScript, TypeScript, Rust in the Browser

With JS, the lack of strong typing is a big reliability and potential security issue, too. TypeScript is one attempt to fix this.

Another option is to program for the browser in Rust and use LLVM to compile it into asm.js

Wilhelm Schickhardt

Wrong

The lack of variable and function parameter type checking is the main reason for the insecurity of real world PHP programs. The idea that programmers can be extremely lazy and do not even have to think about the type of variables has been proven insecure by PHP.

The fact that they have other hairraising stuff such as "all HTTP GET parameters become global PHP variables" does introduce further exploit opportunities.

Then they interpret any string as you "might" want to really have this done then and now. One more mad idea.

So - PHP is not type safe and its memory safety is superficial as they have no proper type system to speak of. Their other crazy ideas make matters worse, that is true.

Wilhelm Schickhardt

Re: Rust is the future

The Linux kernel is now in the order of 10s of millions of lines of code. A single bug in this code will typically hand the attacker full control of the computer/embedded system.

This practice should be stopped and memory safe code should be used in the kernel as much as possible. Or the kernel should be as minimal as possible and also compartmentalized, like SeL4.

Rust-based kernels (which will of course include some unsafe sections) look like a very promising approach.

Wilhelm Schickhardt

SeL4

You might have a look at this microkernel. It is actively developed and in use for security critical applications. Hensoldt (ex Airbus Germany Systems) continues development and provides commercial support.

In the last 10 years, the Americans (General Dynamics, DARPA and others) developed several projects based on SeL4.

https://hensoldt-cyber.com/wp-content/uploads/2020/05/seL4-whitepaper.pdf

SeL4 is proven to be memory safe, which was a big effort as it is coded in C. For example, a bug in the tcp stack does not open the entire system, but just the tcp stack. With Linux, Unix or Windows, a single kernel bug hands the crown jewels to the attacker.

Hensoldt now also uses Rust for application development.

Wilhelm Schickhardt

Re: Security is a word

1.) Supply chain attacks happen then and now. But at probably 1000th the frequency of exploitable programming errors being discovered.

2.) Just because supply chain attacks (in this case the compiler) are possible, does NOT mean we can lay back and ignore the security problems that come from human programming errors.

3.) As your organizations systems-fortress should have multiple layers of defence; the firewall log analyzer/the security team should detect improper traffic which exfiltrates data.

Memory safe programs are one layer of security and arguably one of the most important ones.

Wilhelm Schickhardt

Re: Security is a word

This is the point of the Rust language:

+ no undetected buffer index errors (underflows or overflows)

+ no use after free

+ no double free

+ no multithreaded data races

The rust compiler and the generated code will ensure this. C does NOTHING of the like. Man-coded programs typically have these bugs, even if the software engineer is a seasoned expert. That includes the Linux kernel and exploits in gethostbyname() and similar. HPUX ping of death and a plethora of C based exploits in the Windows kernel.

Regarding efficiency of Rust

+ stack allocation

+ destructors, RAII

+ value arrays

+soft realtime capable heap memory using refcounting

Java and C# are somewhat memory safe, but not as efficient and realtime capable as Rust.

Wilhelm Schickhardt

Other Measures

To achieve cyber security, software engineers certainly need to apply other state of the art techniques such as properly defined interfaces (using EBNF) and semantic checks. All information flowing into a system from the outside must be thoroughly checked for syntax, grammar and semantic correctness. Any failure must lead to a rejection of the message. KISS should be used.

Other powerful approaches such as firewall traffic logging/monitoring, Sandboxing will still be useful and required.

Strong typing is one very powerful measure, but it must work in concert with other proven measures such as LL(1) parser construction.

Wilhelm Schickhardt

Static Analysis, Strong Typing, Robust Software Engineering / Algol, Pascal, Modula, Ada, Rust

There is a long line of programming languages which were designed with robustness in mind. It started with the ALGOL versions, created by some of the greatest minds of computer science: Hoare, Wirth, Dijkstra, Bauer and people of similar caliber.

Several successful mainframe computer product lines were using Algol as a systems and as an application programming language. ICL VME, Burroughs large, MCST.

As Algol68 turned out to be too complex, Wirth started to create smaller languages in the same spirit: Pascal, Modula, Oberon. Rust has found the spirit of these robust languages again and expanded strong typing to mulltithreading.

On the commercial side, the hamburger of programming languages, C, took over the world, as Unix was given away for free. Software Engineers and System admins now have to pray every day their brittle Unix or Windows systems (all coded in C) are not destroyed by some cyber Mafia or hostile Army.

C's lack of memory safety had catastrophic consequences (e.g. Maersk, Sony) and the language should therefore be retired as much as possible. Regardless whether some C developers have to learn a new language or whether corporations need to spend money on retraining. Cyber insecurity is much more expensive in many ways.

Wilhelm Schickhardt

Re: look at the daisy cutters

Read this for the consequences of Windows insecurity:

https://www.qwant.com/?q=Maersk%20cyber%20attack&t=web

https://www.qwant.com/?q=Sony%20cyber%20attack&t=web

Entire corporations had their entire intranets wiped out by powerful malware.

Wilhelm Schickhardt

Lack Of Chefs

Means we should continue to only eat at McDonalds and Burger King, correct ?

We should ignore all the nasty effects of C memory bugs and continue to write easily exploitable software ?

Wilhelm Schickhardt

Re: Success

You can already run high security applications on Redox OS. E.g. a database of users and passwords. A proper software engineer will be able to implement this without a complicated and bugprone RDBMS server written in the unsafe/insecure C language.

Wilhelm Schickhardt

Re: Security is a word

Memory safety will neuter 70% of the CVE database exploits. You are mistaken.

Wilhelm Schickhardt

Re: Security is a word

UNIX was "given away for free" in order to squeeze out of the market the much more robust and secure ALGOL Mainframes of ICL, Unisys and MCST.

See this, if you want more insight into the Algol machines:

https://www.infoq.com/presentations/Null-References-The-Billion-Dollar-Mistake-Tony-Hoare/

https://www.bloorresearch.com/2020/08/when-is-a-mainframe-not-a-mainframe/

Wilhelm Schickhardt

Rationality

...suggests we all should be happy to seriously reduce the number of errors and their severity. About 70% of exploitable Bugs are related to C memory unsafety effects. Buffer oberflow, use after free, double free etc.See the CVE database.

Your suggestion of "all or nothing" is counterproductive.

Dell CTO shares his hottest trends for 2021: Four interesting technologies, one of which is still borderline sci-fi for now

Wilhelm Schickhardt

Re: Put the "Personal" back

Why dont you shop with specialized Linux PC vendors in the first place ? Dell is probably subsidized by MSFT when they sell their machines. Dell cares about the 90% of the market, which is office PCs for businesspeople.

Here is a list of specalized Linux vendors:

https://www.qwant.com/?q=linux%20pc%20vendors&t=web

Deloitte's Autonomy auditor 'lost objectivity' when looking at Brit software firm's disputed books, says regulator

Wilhelm Schickhardt

Re: HP == Big Time Incompetence

Thanks for the link. Obviously the CEO lied to the court when he said that "his HP people" assured him that all was fine.

He had fired his own CFO, because she thought Autonomy was only worth 3bn.

Apother should be fined for lying in front of a court of law.

Wilhelm Schickhardt

Re: How?

The short answer is: a German manager with big ego and little competence got his way. Like Helmut and the €.

Wilhelm Schickhardt

It was a single guy who forced this to happen, despite the warnings of his own CFO. Dont blame it on the finance people here.

HP should go after this man instead of anybody else.

Wilhelm Schickhardt

Re: Beans counters

See the comment+link about the HP CFO above. She seems to have been the sane one. Also see the other link about the affair and then draw your conclusions.

JetBrains' build automation software eyed as possible enabler of SolarWinds hack

Wilhelm Schickhardt

Re: The good news is...

Like "Cisco gear improved by NSA", eh ?

https://www.engadget.com/2016-08-21-nsa-technique-for-cisco-spying.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cucXdhbnQuY29tLz9xPWNpc2NvJTIwbnNhJnQ9d2Vi&guce_referrer_sig=AQAAAIRMLhvPZKtrW2x13_H0L_pNY71On0TObKaILNRDFUxQgRlTUHLM3ZX9xG6xoyDx0dTshg_fckirNDxJoW-lFm6gCmNwWM2Xx_85XbRRk2081lDdXe6DM0fkGxQCpHIZYGk2GB8_TQMz750urZMiK4irRx0dsUAlTQS1PUHMR-X9

Wilhelm Schickhardt

Re: The good news is...

You have ANY proof JetBrains enabled this ? Or is it just "guilt by association with an unproven claim" ?

Old hand at NewCo: IBM re-hires former CFO to run soon-to-be-spun-out Global Tech Services division

Wilhelm Schickhardt

Nah

Schroeter will sell the entire ship to Wipro or Tata. The Indians will then claim that they lost the PIN to their internet banking app and cannot pay anyone in Europe or the US. As an emergency measure, all work will be moved to India. Then they will wait until all resources move somewhere else.

Wilhelm Schickhardt

Tech Companies Run By Beancounters

What could possibly go wrong ?

After all, Kindergardens can be run by plumbers, cant they ?

Open-source contributors say they'll pull out of Qt as LTS release goes commercial-only

Wilhelm Schickhardt

Re: Nokia didn't seem to be that nice a place to work at...

I once worked for an Ex Nokia manager as a developer. The guy did not really have a clue about the complexity of the work packages he built.

So experienced people woild be assigned trivial tasks while inexperienced engineers got tasks which should have been split in ten subtasks.

He would start a discussion about some issue and then basically tell you to shut up, because he did not like what he heard.

So, Nokia seems to be one of these places of Euro incompetence.

Wilhelm Schickhardt

Re: Bait And Switch ?

I heard Elon runs an entire Chrome browser in the middle console graphical controller. Fitting for a silicon valley car, I guess.

Two English councils sign up to Azure for six years in £35m reseller deal as ERP project faces delays, ballooning costs

Wilhelm Schickhardt

GDPR Compliant Alternatives

OnlyOffice out of Riga.

NextCloud out of Stuttgart.

Run the server in a British Data Centre, not in a US controlled one.

Create British jobs and support your European friends.

If you're a WhatsApp user, you'll have to share your personal data with Facebook's empire from next month – or stop using the chat app

Wilhelm Schickhardt

Re: I made an app but put conditions on how you can use it

Try Jami, they dont want your Polis ID.

Wilhelm Schickhardt

Re: TinyProxy

vim will run very nicely on the RPI, even over narrowband wireless links.

Wilhelm Schickhardt

Re: TinyProxy

When your RPI is running, you can use it also to store+share files (ssh-scp does this very securely), serve web pages, run an XMPP chat server and many more things.

The internet was meant to be a large set of servers and NOT another mainframe under the control of a few greedy corporations with political agendas.

Google docs will simply delete your files if their political correctness/porn checker deems them offensive. No illegal content required whatsoever. Ergo: run your own server and help your friends to do so, too.

Wilhelm Schickhardt

Alternatives

https://www.qwant.com/?q=list%20of%20open%20source%20messaging%20apps&t=web

https://www.gnu.org/software/messenger/

https://jami.net/ (very much feature complete, but no police ID required, unlike many others)

Wilhelm Schickhardt

TinyProxy

1.) get an RPI

2.) block all devices except the RPI at your DSL router

3.) install tinyproxy on the RPI

4.) blacklist all the tracker domains at tinyproxy (requires log reading in order to build a good list)

5.) configure all your devices to use SOCKS via tinyproxy

6.) Try to use non-google and non-FB services as much as possible. There are great search engines such as qwant (out of Paris) around.

Wilhelm Schickhardt

Wrong

There are plenty of *truly* GDPR compliant FOSS systems out there. Like LibreOffice - they dont want to force your data on American servers like MSFT, Google and AAPL do.

Wilhelm Schickhardt

Re: But hey, $2bn, I get it. That buys you a lot of morals, apparently.

Too much money leads most people down the cocaine path. So, maybe it is a blessing you did not get that much money.

Wilhelm Schickhardt

Re: Really ?

Google still collects way more data than they need to. So does Facebook and quite a few more. They write a huge legalese letter in order to justify that.

You cannot remove the Google data collectors from your smartphone.

You cannot remove the shady keylogger/activity tracker (or whatever it is) from Windows 10.

In my book, GDPR only applies to those who dont have a large army of lawyers.

Storage on AWS: What's new, is it too complicated? Can it help defend against ransomware?

Wilhelm Schickhardt

Re: WORM - Write Once Read Maybe?

That only helps if your backup program has not been infected by malware. If infected, all your optical backups will be encrypted, too.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022