Posts by Christian Berger 4850 publicly visible posts • joined 9 Mar 2007
Surely people will use those bits to base their secret keys on. I mean considering that there are incredibly cheap sources of random noise in virtually every computer (particularly in embedded devices which typically have good true random generators) only complete idiots would choose to get some "random" data everybody else can see, too.
... as, thanks to overly complex browser standards, an average computer needs gigabytes of RAM. SRAM is a lot more expensive than any form of DRAM, particulary at those sizes.
In short, unless we get out of our browser mess, we're doomed. If we get out of our browser mess, we need so little memory we can use DRAM.
Also browsers are the main problem here. It's the only place where you have to run untrustable code from untrusted sources.
We as geeks can simply maintain our blocking lists for NoScript, and when a site wants to execute Javascript from dozens of external domains, we leave that site.
I think the long term goal must be to abolish client side execution of Turing complete code. Clients must not behave in unpredictable ways. One way of doing this is to switch applications to some sort of "Terminal standard". This could, for example, be done by using Websocket in some well defined way to edit the document tree. Alternatively one might approach the issue from the Videotex side and start from text terminals.
"A great factor in what's happening may well be because the browser of today is dealing with stuff that wasn't even considered possible when hypertext was devised. Google Docs, for instance, a full GUI word processor in a browser."
Yeah, but we end up getting semi-decent things we had been doing for decades before, but now it works "in a browser". You spend so much effort to squeeze in applications into a document centric format just so they can run it somehow in a browser.
If we go down that route, we'll end up with worse and worse products that take more and more effort to create. We'll have new monopolies as there is a decent chance Mozilla will stop develop their browser engine. (after all to them that's just an irrelevant workload, taking away valuable developer time from their important features)
In Videotex the Unit Separator is followed by one or 2 characters. If the first character is in the Range of A..., it's used as a row indicator and the second character is the column indicator, so it's a "Goto XY" command. If the first character is below "A", it indicates what layer you want to talk to.
Defined layers include a colour palette definition, the definition of user defined characters or vector graphics. Standardisation of audio doesn't seem be be complete, but there are fragments in the standards.
> But what happens when the thing you have to do is "EVERYTHING"?
Yes, that's called "not understanding your problem". This is one of the cases where you need to step back a few steps and find a simpler way.
If you look at the web, you'll find that it was originally about hypertext. You have hypertext documents which are essentially static with loose links in between. Now documents have the problem that for any change you need to transmit the whole document. Therefore people came up with local scripts which were supposed to edit your document tree locally. Document trees also can have an arbitrary size and complexity. Combining documents with turing complete scripts brought us into the mess we have today.
Now why do we want to change documents? It's because we want to deliver applications. Essentially your browser is supposed to act as a "smart terminal", sharing some of the work load. So why don't we simply have an actual established terminal standard? Well we do have ANSI terminals which is now even supported by Microsoft. It's not great, but it solves some of the problems. It too has a "document", but its complexity is limited by the number of attributes and characters it displays. Instead of loading whole "document trees" or editing them by some script language, there are fairly short commands for changing the state of your "document".
The problem is, however, that ANSI doesn't support graphics. For that we could look at other standards. Videotex, for example, is an ITU terminal standard which was meant to be extended to vector graphics and photographic bitmap graphics as well as audio and video from the start. It does this by splitting up the image into layers. The text is on the top layer, while lower layers are provided by vector graphics and bitmap graphics. Layers have a transparent colour so lower layers can be seen through holes in upper layers. Those layers act as separate terminals. The Unit Separator (US $1f) character changes between the terminals.
Surely Videotex isn't suitable for todays world, however we can learn from it in order to dream up a successor for the current Web.
Yes, those terms have been mixed up a lot, but there's a big difference between Free Software and Open Source Software.
The difference is in how it's intended to be used. Free Software is intended to be modified by the more tech savy fringe of their users. Surely only a few people will ever modify it, but those are welcomed to do so. Free Software is powered by individuals and tries to make the barrier of entry to any changes as low as possible.
Open Source on the other hand is rather different. You are not supposed to build your own version of Firefox. You are supposed to be the consumer while Mozilla hires the developers. Even building a plain vanila Firefox is incredibly hard as it depends on many out of date components in precise versions. It's not just ./configure && make && make install as with most Free Software packages.
Unfortunately Web standards are now so complex, only a few companies can implement them. In order to keep up with them you need lots of people working together. Today Web browsers are far more complicated than operating system kernels.
We need to cut back on complexity and look beyond the current Web mess. How can we make better and simpler standards which can, at least for some usecases, do the same thing but simpler.
...like Pocket or Sync, and instead just fixed their bugs, people would donate more and development would cost less.
This is why it's highly problematic to have standards so complex that only a few large corporations are able to implement them. Corporations typically don't care about users, but their own survival.
After all the word "Labs" made it sound as if they had anything to do with science.
After all their basic premise, that you can somehow magically determine whether a piece of software is "good" or "evil" has been proven to be utterly impossible in 1931 and 1937. https://en.wikipedia.org/wiki/Halting_problem#Timeline
Virus scanner companies are about as unscientific as you can get. They are even worse than flat-earthers as flat-earthers still have the tiny benefit of doubt that we all could be somehow flawed in our perceptions of the world. I mean the earth is not round(ish) because of some purely logical idea, but because it can be observed as round and we observe rules of nature which as a consequence mean that planets will always be round(ish).
If Huawei was smart, they'd now sponsor alternative firmwares for their devices and unlock their bootloaders so people can run actually free firmware on those, then they'd also move from ARM to RISC-V.
In the long term this could be good for all of us... probably bad for the US, but few of us live there.
Challenge UK, one of the few UK channels you can get in Europe, currently airs a Doctor Who spin-off, following the life of Graham O'Brien way back into the 1990s when he earned his money by telling people to spin a wheel with numbers on. It's called "Wheel of Fortune" and like the early Doctor Who Episodes it was done pseudo-live on Video. I don't know if it's considered cannonical.
"700 MHz is supposedly the optimal frequency band for penetration of urban infrastructure."
Yes, but then your cells will get rather large. Large cells mean lower capacity, as the capacity of every cell is limited.
That's why it's also available in double digit Gigahertz range... which is great for places like stadiums. (where WLAN would be the far better option anyhow)
"Never, ever, never-ever "sell" spectrum."
Well at least in Germany that's what's being meant by "selling" it. Essentially they sell a license which is valid for x years (e.g. 10 years). After that there will be a new auction.
In civilized societies any such license (even the one you get for "free") is limited in time. For example in Germany you can get a license to an otherwise unoccupied piece of spectrum for a technical fee of around $200 which lasts a year, but can be extended for something like $20 a year. The costs basically cover the actual costs as someone needs to check if that frequency is really free.
It probably has been re-implemented several times. I mean The Windows 9x-Paint was already a lot different from normal Paint which was essentially identical to the Paint on MacOS. There has to be a reason why Windows 10 Paint is now over 6 Megabytes in size, larger than a small installation of Windows 3.1
I mean the big advantage of lithium ion batteries is their high energy density. Essentially you can get lots of what hours per kilogram. However that's not really an advantage in a data centre, as those usually aren't restricted by weight.
Additionally lead acid batteries don't mind being stored at full capacity as much as lithium ion batteries. Those degrade quickly when held at a full charge constantly. (optimum storage charge is around 60-70%)
In fact the high energy density might even be a problem in case of emergencies. Imagine a fire breaking out. While this is no pleasant situation in any battery room, having your batteries made out of a material that heavily reacts with water might be an additional problem.
However there might be other uses, like buying cheap electricity and using it when it's more expensive. That might be an advantage in the data centre. However that's not what we currently use batteries for in the data centre.
Windows has no API for "second screens", and even if it had your signage software would have to support it. BTW ad companies allow their customers to send their ads in Adobe Flash so you need to have something that's compatible with the console.
On the other hand those LED displays are not (fully) custom designed and in order to be usefull for a large number of uses. Therefore they have standard SDI/HDMI/etc inputs in their controllers.
So yes, it makes sense for those to run of the standard video console, but no, except for some instances (ads delivered to you in Adobe Flash) you'd be better off with something like InfoBeamer.
I mean seriously, to be hit with Ransomware and to have that an effect on your production systems you must have been violating "best practices" a _LOT_.
It's not like such a thing or the cheap mitigations against it are new. Simply splitting your network and limiting what your clients have access to can bring a lot of additional security while only costing a few Euros per department.
If I was in the IT department of that company, I'd quickly try my best to fake notes I sent upstream to warn about this.
The problem is that every SoC is completely different. Therefore you cannot have one image for (nearly) all ARM-servers. To contrast this on the PC-platform everything is standardized well enough so you can just install any OS on (nearly) any server and it'll run.
HTTP/2 is a highly complex protocol so it's very unlikely we'll see a fully correct implementation within the next few decades. On the other hand, laboratory tests only show about 30% performance improvement compared to unoptimized normal HTTP.
If I was a secret service I'd do my best to promote HTTP/2 as it'll mean lots of bugs and therefore many exploitable security issues. Any kind of complexity increase helps those who want to exploit it.
I mean the web is getting increasingly complex technology wise, resulting in less and less browser engines (we're down to two!) and fewer websites. There is a growing discontent with the web as it is currently. You can see that by more and more people using browser extensions to disable Javascript selectively, or to disable trackers and ads.
There are more advanced terminal standards out there. The Videotex standards (you might know from Teletext, Minitel and Prestel) allow fancy graphics and even sound. In theory you could have something like Youtube on such a system if you extended the standard a bit. (there's official room for extension in the standard!)
https://github.com/bildschirmtext includes some software including a server and the old xcept code.
Today we have blazingly fast networks, we can afford doing all the hard stuff on the server.
Write some little speech synthesis software which can "morph" in between different sentences. Then you start off by making it say some un common phrase like "Alexa, buy a pine". When it answers correctly you change it slightly towards something more usual like "Alexa, what's the time". When it answers incorrectly you go back a bit.
Done with a bit more finesse and ideally more devices, it should be possible to train it to miss-hear more and more phrases, probably even for other users, as it'll try to track the change in pronounciation.
I mean the hours of UTC only go up to 23, then once you get to 23:59:59 you will have a roll over!!!!! OMG if that is improperly handled all computers will have severely wrong times. And that's just a few hours away!!!!11111!!!!!eleven!!!!!!!
!!!PANIK!!!
That's part of the brand image. I mean they have looked at Apple and realized that "products that people can work with" has very narrow margins. Instead you position yourself as a company selling fashionable accessories. Allow people to distract from their lack of talent by giving them something they can believe it makes them a better person.
Being expensive both to buy and to maintain was a basic design goal not an accident.
Also it's a low risk environment with devices off the computer network with fairly smooth attack surfaces.
Besides there currently isn't any sane standard to replace it. Sure some faxes are able to send PDFs, but unless you standardise on a strict subset of the PDF standard, your viewers will be highly complex. Sending "Office software" files through e-mail is just a desaster waiting to happen. (or depending on your company a desaster that already has happened)
Before you can think about abolishing Fax machines, you should think about how to actually use computers in a sane way.
You see back then standard CPUs were easily fast enough to do all the "complicated" things where you have lots of branching and parsing and stuff. Speed was mostly needed at "simple" things like 3D graphics or video. Those things are fairly deterministic and probably could be done very quickly with VLIW architectures.
What Intel underestimated was that there's lots of legacy code out there which will never be touched and stay exactly the same binary, so that x86 emulation is way more important than they thought. Then that "complicated" code got slower and slower. Today we are at a point where a modern, but only mid-range machine actually barely can keep up with a decent typist, because the editor was implemented via a browser. That's just madness and what people underestimated back then.
I mean at 110 or 230/400 Volts, the main danger is actually caused by the hydrogen created by electrolysis. Since electricity will favour the shortest and easiest path, and power circuits will typically have all their conductors close to eachother. Therefore the flow of current will be localized. Additionally while your body conducts electricity about as well as water, your skin is somewhat more of an insulator.
What's actually more important is to check all connectors after such an event, as corrosion can be a real problem.
I mean SDN could be simple. After all you just have a set of more or less standard components which need their settings.
Now the hard part is to connect that all into someting more powerfull and expose that power to an interface without it spiralling into millions of codelines. What would be needed is a simple overlying idea, kinda like the UNIX philosophy.
Adding complex message passing systems like Kafka certainly doesn't help in that regard, but it may aid in finding a way towards something good.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
