* Posts by Christian Berger

4850 publicly visible posts • joined 9 Mar 2007

Gemini: Vulture gives PDA some Linux lovin'

Christian Berger

Re: Think it could be simpler

"more choice of phone etc."

Yes, but virtually no phone out there comes with any kind of normal operating system. Even the x86 phones are not PC-compabible so you cannot install $Operatingsystem of your choice.

Android is not what the people buying it, bought it for. It's a stopgap solution until the actual Linux is there... or until the Pyra ships.

Christian Berger

Re: Nokia communicator

Well the Nokia communicator was the ideal form factor, as it kinds removes the problem of needing a phone interface by giving you essentially a dedicated phone.

Christian Berger

Good question

"can you make/receive calls/SMS and use mobile data if you're running Linux?"

That's a good question, I haven't gotten the provided Linux image to do anything usefull. I'd say "probably yes", but maybe not comforably for the first couple of versions. Again firmware wise this is far from complete.

Christian Berger

Re: Linux: all the tools are Windows-based.

" just in case one Penguin's last copy of Windows was pre-NTFS."

Even with NTFS the default Windows ZIP archiver cannot deal with files larger than 4 Gigabytes. So I had to unpack it on Linux, shift it over via an NTFS disk and then copy it to the system disk.

Christian Berger

Re: It's still rather disappointing

Well I ordered German. However the keyboard support currently is less than stellar. Still miles above any kind of screen keyboard.

Christian Berger

It's still rather disappointing

I mean it will probably improve gradually. So far the keyboard only works with the English layout, which if you have the German version, means that many keys are labelled "wrong" and you need to guess punctuation (which is accessed via a special modifier key). Yes there is an updated keyboard app, but that's only available via a third party "Appstore" which I'd rather not use. Just offering the apk as a download would greatly improve both security and usability of the device.

On the plus side, the manufacturer offers a rooted image, so potentially it could be possible to get iptables on it so you can filter your outgoing traffic to prevent it from talking to untrusted 3rd parties. So far it works nicely as a mosh client.

Christian Berger

Re: Linux: all the tools are Windows-based.

Well they are essentially tools the chipset manufacturer provides. They do work, though bizarrely not all Windows software can deal with files larger than 4 Gigabytes.

No password? No worries! Two new standards aim to make logins an API experience

Christian Berger

Well it's probably about that data protection stuff in the EU

Essentially the EU wants to make it harder to track you. Unfortunately there's a loophole. If you have a user account they can still track you if you consented during login.

Christian Berger

WTF!!!! There are already several standards

HTTP has well working ways to authenticate a user, so does TLS. In fact TLS client certificates could even be simpler and more than secure than anything else, if only browser vendors would make them usable.

Want to terrify a city with an emergency broadcast? All you need is a laptop and $30

Christian Berger

Re: "... warning sirens...only truly reliable method..."

Well but natural disasters usually don't jam radio signals. (at least not continuously) However things like earthquakes can easily break cables.

Christian Berger

That wasn't a design goal

Seriously the design goal is that in case of an emergency there will be an alert. False alerts are not really a big problem, unless they actually happen rather often. So for example using TLS as part of your protocol, would be a problem as there is a chance it might fail because of expiring certificates or because there was some intermittent power outage causing the clock to be wrong.

Russian regulator asks courts to disconnect Telegram

Christian Berger

Re: Peer-to-peer voice text encryption

@Mike16: Well you are mixing up a lot of things.

First of all if your landline provider is using codecs like G.729 you should seriously be considering to swap them for someone who knows what they are doing. There is no reason to use that codec as the licensing costs are far higher than the bandwidth costs. Any sane telephony provider will give you G.711 (either a or µ depening on the continent) which is the same as used on ISDN.

Then there's really bad CPEs. One of the main problems with VoIP is that both the transmitter and the receiver need to run at precisely the same clock. That either requires you to have a precise crystal oscillator, or to estimate and compensate your clock error via NTP. For some reason many CPEs do neither of those. So you'll end up with your transmitter transmitting frames with 8001 Hz sampling rate, and your receiver playing them with 7999 Hz. After a short while the timing difference will have made up a frame, and a frame gets dropped... many modem standards don't like that at all.

So modem transmissions do work, if you have a decent CPE and a decent voice provider. In fact on many voice providers you can even use ISDN transparent data transfers. Most protocols based on that can easily cope with the frame slips mentioned above, so that's even rather solid with cheap equipment.

However I'm talking about something else here: Imagine you have a mobile phone to mobile phone phone call. Both phones speak, lets say AMR as a codec. In the past this would have been transcoded to G.711, sent to the other carrier, and transcoded back to AMR. That is however expensive (proprietary voice codecs cost a _lot_ of money per channel) and decreases the quality of the call. Therefore phone companies try to avoid this more and more. Therefore they try to just send the data through verbatim.

Usually your codec turns voice into bits. Who says you need to actually encode voice? For the network bits are just bits. So if you bypass your voice codec and just send raw data, you will get those data on the other end. (provided there is no transcoding)

So essentially you'd start your call, and for the first second or so you transmit some bit pattern which would decode to some non-annoying noise. You can do that on both ends and detect a compatible peer. Then you know you have a bit transparent channel you can negotiate your encryption on. Once you are finished, you use a codec with a slightly lower bitrate and use the rest of the bits to work on renegotiating the next key while you encrypt your voice data.

The best thing about this is that your call will just look like any normal call. Your telephony provider has no idea its encrypted as the signaling is normal. This also would automatically work without any manual negotiation. If you happen to dial a compatible phone, it'll all happen automatically.

Christian Berger

Re: Peer-to-peer SMS text encryption

Well you can't send photos via SMS, only via MMS... which is probably the second most expensive way to send any kind of data.

What would be interresting, in theory, would be to send it as a voice call. Those are more and more likely to be bit transparent as inter carrier links get converted to VoIP which makes it easy to support all those wierd codecs like AMR.

Christian Berger

Re: Peer-to-peer SMS text encryption

Well the problem is that SMSes are fairly small so you won't be able to get propper encryption. However you could have a pre-shared key and use some symmetric encryption methode like AES for it.

You simply cannot send a 1024 bit key when you only have 1120 bits for your whole message.

IBM swings shrink ray from workforce to mainframes

Christian Berger

I'd like to have an honest non-marketing answer to the question...

... what's so special about those boxes?

I mean you can run Docker images on cheaper hardware, too.

Company insiders behind 1 in 4 data breaches – study

Christian Berger

Well of course...

if there is nobody inside the company who collects data, nobody outside can steal it.

It's not the leaks that are the problem, it's the collecting. If you business model is based on collecting data you normally shouldn't have, maybe your business model needs to be outlawed.

There's security – then there's barbed wire-laced pains in the arse

Christian Berger

Unfortunately

Many IT-departments choose to have neither of those:

For example ours forces us to use insecure systems (we have to use Acrobat Reader for PDF, as well as Office Products) it filters outgoing E-Mail for document types like .wav. It's probably spending a lot of money for "security solutions" which do nothing, and their e-mail solution can't handle mailboxes larger than 2 Gigabytes.

The optimal solution changes depending on what department you are talking about. For an office department you might be able to just lock down Windows installations, but for technical departments the easier and much more secure way is to use Linux or some BSD. Nobody in a technical department will care about compatibility bugs in evince or even consider sending HTML E-Mail.

Modern life is rubbish – so why not take a trip down memory lane with Windows File Manager?

Christian Berger

There used to be a time...

...when GUI designers actually cared about usability.

2018's Lenovo ThinkPad X1 Carbon laptop is a lovely lappie

Christian Berger

How rugged is it?

It seems to miss that border around the screen that usually protects it with most old Thinkpads? How hard is it to swap the battery in case it gets weak after a couple of years? Where's the Thinklight?

Why on earth did they waste so much space on the palmrest?

Microsoft Office 365 and Azure Active Directory go TITSUP*

Christian Berger

Re: How can we learn from this?

"...that generate large bonuses for them will not come back to bite them in the arse before they retire or move on to the next schmuck of a company that believes their interview bull."

I don't think it's that. I mean most bad IT decisions don't actually save any money, not even in the short run. In fact many even have short run negative consequences.

My hypothesis is that there are many IT departments which believe _anything_ a salesperson will tell them. That's why companies _still_ run antivirus software, even though it's benefits have long been disproven by both theory and practice. That's why companies still invest in "office productivity" software like Microsoft Office or Open Office, even though those mostly cause your employees to waste time on things they don't know how to do, like making a printed document look good.

Christian Berger

Re: How can we learn from this?

"why does persistent IT incompetence on this scale (and with no improvement in sight) seem not to matter to the people who pay the IT budgets?"

It is, perhaps, because people who know how computers work, generally don't work in computer administration any more, they move on to higher paying jobs like programmers.

There are few exceptions like that game company where the employee handbook leaked recently. They had a system where you had desks with wheels you could move around by yourself. As soon as you plugged it in on your new location the floor plans would automatically get updated.

Since most IT-departments are horribly bad at what they are doing, most people have never experienced a good IT-department, which means that they don't demand it to be actually usefull. Good IT is to rarely seen as an enabler of success and an effective motivator of your staff.

Christian Berger

Why???

I mean apparently people use this for e-mail and file servers. Both aren't particularly hard things to do. How can someone mess that up so badly?

Or to rephrase the question: How can we learn from this?

They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender

Christian Berger

It's a common problem with "Antivirus" software

Essentially since they process virtually any file they come into contact with, they expose a huge attack surface. Just imagine you had a bog standard Windows PC and someone sent you some .rar file. Since you don't have the software to unpack it, nothing would happen... unless you have turned on Windows Defender which would choke on it, allowing remote code execution.

This is by far not the first incident. Unpacking archives is something non trivial to do. If you need to write code to unpack dozens of obscure archive formats, you are likely to mess up at least some of them. Even if you want to test it, you're unlikely going to find a fuzzer for those obscure formats.

Spring is all about new beginnings, but it could already be lights out for Windows' Fluent Design

Christian Berger

Re: Where have we heard this before?

Microsoft continuously changes its GUI every couple of years. Remember toolbars with wallpapers? Or cons with a black border around them.

Now the problem today is that this happens at the same time as many stupid technical decisions in GUI designs, like rendering your GUI with a browser.

Christian Berger

I miss the times...

...when good UI design meant that it was fast and efficient to use, as well as easy to learn. Back then UI optimisations were done with focus groups which were watched while doing certain tasks.

Today it seems like all that matters is what some graphics designer thinks.

My PC makes ‘negative energy waves’, said user, then demanded fix

Christian Berger

"Sony Vaio laptop ... It failed a year later, just out of warranty, with zero support or driver availability."

Well Sony once offered a portable Digital Beta offline editor which essentially was a laptop docked to some specialized video equipment... they used a Thinkpad for that.

2001 set the standard for the next 50 years of hard (and some soft) sci-fi

Christian Berger

Rounded corners

According to this:

https://www.folklore.org/StoryView.py?story=Round_Rects_Are_Everywhere.txt

Apple included Round Rects in their graphics API because they were a common shape even back then.

For some reason, you lot love 'em. So here are the many ThinkPads of 2018

Christian Berger

Re: Keyboard?

"Then again, I come from an era when the correct place for a control key was to the immediate left of the 'A'"

That's still the correct place to put the control key.

Lenovo sends EMEA exec into metaphorical burning building

Christian Berger

They could have it so easy

Just continue the product lines from IBM. I have an aging X200 and I'm slowly looking for a replacement. Unfortunately there is none being offered from Lenovo. The new ones come with buggy UEFI and even ditch essential features like the Thinklight.

If you want to improve products you must first understand what people like about them, then, and only then, you can actually make improvements.

Indian comms satellite gives boffins back home the silent treatment

Christian Berger

It's actually mostly only shrug-worthy for the operator

Satellites typically are fairly well insured against such things, and you typically build at the very least 2 satellites which are identical (one that goes up, one to use as an engineering model) so it should be fairly quick to get a new one to send up. The insurance company pays for that satellite and its new launch.

Failed satellite launches are a normal thing in the satellite industry.

SUSE bakes a Raspberry Pi-powered GNU/Linux Enterprise Server

Christian Berger

They do

It's called the "computer module".

How a QR code can fool iOS 11's Camera app into opening evil.com rather than nice.co.uk

Christian Berger

Re: QR codes were never cool

Actually the problem is that web standards are now so broken, that just going to a web site can damage the integrity of your computer. It shouldn't be that way just like it shouldn't be a problem to open a pure text file.

Christian Berger

Well QR-codes would have some potential...

... if the apps would display the full URL. I've seen some very sensible ways to use them to transmit some authentication token, for example.

More ad-versarial tech: Mozilla to pop limited ad blocker into Firefox

Christian Berger

Re: You'd expect a FOSS browser to be on the forefront of this

"Bit the $64M question; how do you keep it running?"

You shouldn't need a million dollar company just to implement one of the most basic standards of the Internet. Browsers should be something a single person could do within a reasonable amount of time. It should be something someone can do as a master thesis.

Christian Berger

You'd expect a FOSS browser to be on the forefront of this

Unfortunately Mozilla has long turned into a commercial company just like the others.

Since Mozilla also constantly works on making browsers more and more complex, and therefore harder and harder to implement, we won't get any actually "free" (as in speech) browser any time soon.

Maybe it's time to ditch the web for something more simpler.

We sent a vulture to find the relaunched Atari box – and all he got was this lousy baseball cap

Christian Berger

Welcome to actual capitalism

Where even the simplest of tasks (putting some small mainboard into a custom case) can take magnitudes longer than doing it yourself.

Bitcoin's blockchain: Potentially a hazardous waste dump of child abuse, malware, etc

Christian Berger

Re: Data vs Code

Yes, but that's irrelevant as malware will always be in the un-proovable region.

Christian Berger

Data vs Code

There is a good reason why Bitcoin doesn't use Smart Contracts. It's simply to not have code in the blockchain. So all you have on Bitcoin is data. Sure that data may break some really badly written software that works on it, but then you need to fix that software. Essentially you can do that by having a problem that checks the data to conform to the syntax you are looking for and ignores messages it cannot proof to be correct. After all, Parsing is a well established science.

However with Smart Contracts you have Turning complete code in your blockchain, which is, in principle, impossible to proof correct.

Samsung’s DeX dock clicks the second time around

Christian Berger

"The N900 could run full fat linux but you needed to overclock the CPU to make it run at a reasonable speed. That was over ten years ago."

The Raspberry Pi has proven that mobile CPUs are now fast enough for "big fat" OSes like Linux. The Gemini will (hopefully soon) also run a full Linux, but thanks to the keyboard, it might actually be usable.

Christian Berger

The problem still is the operating system

Yes, there is termux, which kinda gives you a minimalistic unixoid system on Android, so if you don't need graphics stuff, you can kinda work with Android. However it's a far cry from an actual Debian or Gentoo.

However with termux you can also just use a desktop with, for example, a Raspberry PI, connect it to your mobile via Wifi and just ssh into it.

BTW here's a talk from a Swiss guy using termux as his primary operating system https://media.ccc.de/v/zeteco-59-termux_als_betriebssystem

FYI: AI tools can unmask anonymous coders from their binary executables

Christian Berger

So how is this different to other kinds of stylometry...

... which you can easily get around by just write code in another style. Having stylometry even allows you to modify your code gradually so it'll look like code from someone else.

Ugh, of course Germany trounces Blighty for cyber security salaries

Christian Berger

Well you'd need to compare available income

Costs of living are high in Germany, for example I have to pay about 400 Euros a month (including heating and water) for my little 75m² (+basement and attic) flat. That's a bit more than 350 pounds a month. Healthcare is also organized differently so you have to pay about 20% of your income for that.

18.04 beta is as good a time as any to see which Ubuntu flavour tickles your Budgie, MATE

Christian Berger

OpenBSD seems to have a decent management

Their innovations include changing the time type to 64 Bits on 32 Bit machines, or having a memory allocator which deliberately tries to put unmapped pages of memory in between your allocations so out of bounds accesses will likely trigger a protection fault.

Christian Berger

Re: Watch out for Netplan!

"eth0 *is* the unpredictable name"

Supporters of the new scheme claim that. They think that something like "enp5s0" is much better than just eth0 for the one and only wired network interface that's found in 99.999% of all computers.

Ohh and in the FreeDesktop anouncement they even give some examples for what your eth0 could be now:

Firmware/BIOS provided index numbers for on-board devices (example: eno1)

Firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)

physical/geographical location of the connector of the hardware (example: enp2s0)

MAC address (example: enx78e7d1ea46da)

Classic, unpredictable kernel-native ethX naming (example: eth0)

All of those weird people who previously would have written bad software for Windows are now invading the Linux userspace.

Fermi famously asked: 'Where is everybody?' Probably dead, says renewed Drake equation

Christian Berger

Well it could be done

We'd only need to make concerted efforts to reach other cultures.

Christian Berger

Re: Who said they are using EM in the first place?

Well actually there's stil much more life left in EM. After all we can (theoretically) go up to light frequencies and use "antenna" arrays on both ends so we essentially have lots of high bandwidth (multi-terabit) point to point connections.

The more pressing issue is that high power transmissions are dying out. Our troposcatter transmissions are being phased out as better options (i.e. fiberoptics) become more and more prevalent.

Most transmissions are now in the sub 10kW EIRP range, and they are digital so they will look like noise to any observer and perhaps even blend with the noise.

The times when TV stations blasted away with hundreds of kilowatts are gone.

Developers dread Visual Basic 6, IBM Db2, SharePoint - survey

Christian Berger

Re: "Because this is the year of Linux on the desktop? ;p"

Windows and Visual Studio usually are what you get form your employer, not necessarily what you actually want to work with.

It's a compromise, if it was for IT departments all developers would have to use VBA so they can have a consistent image for all clients.

Airbus ditches Microsoft, flies off to Google

Christian Berger

Re: "and switching to plain text"

Well one should note that for 99% of cases, any program written for plain ASCII will just work for UTF-8. After all, when do you really want to find out the length of a string in characters instead of octets? Usually the most one does with strings is compare them to other strings and/or chop them appart at certain places.

At the company I'm currently at, we handle the "routing table" of the German telephone network. It's a nearly 20 Gigabyte text file in which we need to do a daily update. The previous version, which ran on an SQL-Server was unable to keep up with the daily updates, the new version does the daily batch job in around 20 minutes.

There are examples where binary data is more efficient at a moderate cost of extra complexity. However most systems today really benefit more from having an easy to read, understand and fix format, than speeding up a process that happens every few seconds from 2 ms to 0.1 ms.

BTW, Office products are probably the area where it doesn't matter if your files are binary or not. They still are basically impossible to work with.

Christian Berger

I wonder how much productivity one could gain...

... by kicking out all of that office software and switching to plain text, plus some department which can layout printed documents for you if you need them.

I mean today we essentially live in a world where all the data of a company is stored on computers, but in formats which are hard to read for computers. Also people who don't know anything about typography try to do their own desktop publishing which could be done by specialists in a fraction of the time.

The Great China Tech Panic is just posh xenophobia

Christian Berger

Well they are trying hard to come up with new markets

That's why over there hackerspaces get quite a lot of blessings from the government. They see that this bottom-up style of innovation can work, as it did with the home-computer revolution of the 1970s.