Posts by Christian Berger 4850 publicly visible posts • joined 9 Mar 2007
particularly when fixing a known bug takes over 300 days!
Unfortunately Mozilla works hard on making it even harder to write a browser by supporting all of the bad ideas like HTTP 2 or binary Javascript. If Mozilla wanted to make the web a better place they should remove features, not add new non-orthogonal ones.
"C++11 and Java handle big apps well"
No, actually they give you the _illusion_ of handling big apps well, and that's where the problem starts. You end up writing huge applications with tens of thousands of lines, even though the core of your problem could be solved in a couple of hundred of lines. Even then you end up using huge libraries and frameworks which may have bugs or you might misunderstand.
The only way to deal with complexity is to avoid it, and that's something neither the C++ nor the Java crowds have managed. So far the only way to do this I've found is to train in Assembler. That way you learn that every control structure hurts, therefore you avoid it and tend to write better code in any language.
German car manufacturers are notoriously conservative (though they think they are incredibly innovative). A car computer running Android just seems innovative as they can get. Plus Volkswagen probably has to few good engineers left to realize that putting Android onto the your car computer is a terrible idea from a technical and security point of view.
...if you hire _good_ people, which are not necessarily expensive, and motivate them. You need a solution that's lower overhead for those people involved than the current pen and paper systems while still being at least as safe.
For that you'd need to have people designing it who are involved in the actual processes. You have to have people who know what a doctor or a nurse does and what forms they have to fill out.
Unfortunately the NHS will probably just give this to some commercial company which will completely mess it up, spend huge amounts of money on consultancy work and expensive products that aren't suitable for the job. Outsourcing core tasks of any organisation simply does not work, no matter if it's private or public.
I mean seriously, just giving a list of devices would just be as informative, and the readers are just going to complain that it's not in the slightest way a "review" or even a sensible selection of laptops you would buy a child for school.
Well the promise is not very ambitious, however it's rather ambiguous. It doesn't take into account how you get the net, so LTE probably counts even though it's currently far from being able to provide 50 Megs to more than a demo device on an otherwise empty cell.
What can be done is shown regularly by the CCC. At the last camp they provided 10 Gigabit to over 4500 people. The peak utilisation was about 7 Gigabit so the line was already a bit overbooked. You did get a nice 1 Gigabit line to your tent and some people even got 40 Gigabit into the local network.
The whole thing was done on a budget much smaller than what you'd usually spend for broadband access. You can cut a lot of corners when you don't have to do billing.
To succeed for any meaningful amount of time you need open standards and open systems. DLNA is one of those at least moderately well defined open standards. If you need things like "Apps" to access a service, because it doesn't conform to public, open and sufficiently simple standards, that service will become obsolete very quickly.
Well quantum computing wouldn't just be a buzzword. It _would_ be a major breakthrough much larger than anything we had before.
Essentially they sidestep the question whether they are a fraud or deserve a Nobel prize. This is a very important questions, since a commercial company having developed quantum computing would mean that the NSA has it for decades... however the scientific community at large would also have had it for a decade.
There are other router manufacturers apart from re skinners of chipset firmwares like Zyxxel, Belkin, D-Link, Linksys and so on. There are companies which actually make their own firmware and even allow you do use the auto-update funktion for which they provide at least 5 years of support. A good example is AVM. Their Fritz!Box series offers anything from a plain router/DSL-modem (unfortunately you cannot turn off the router functionality) to a device which not only includes dual band WIFI, but also DECT for your mobile phones.
Well the point is, for IoT systems you don't need the complexity of a full blown embedded Linux system. Linux is only used there because it's rather easy to use and gives you quick results.
However there's lots of competition in the "smaller than Linux" "market". FreeRTOS/OpenRTOS is just one example of such a system.
The real challenge we are facing right now is to prevent the Linux ecosystem from descending to ever higher levels of complexity. The kernel is already doing rather nicely in that regard, the problems are more in user space.
Well additional security boundaries are a good thing by themselves, but experience has shown that those boundaries either have holes in them, or are irrelevant.
One example is ChromeOS which tries really hard to prevent you from getting to the kernel... which is completely irrelevant as you are only running a browser. Crack the browser and you are exactly where you want to be.
Same goes for Android where Malware can just ask the user to have access to all valuable data.
The basic problem is that you cannot contain malware. Once you have malware on your system, your system is compromised. All you can do is reduce your attack surface and make it easier to clean your system.
"No one who works here at Sony uses Sony computers."
There's also a nice portable "offline editor" from Sony out there from the time before you could do this with plain vanilla PCs. It was a home-VCR sized box with a laptop docked on top... that laptop was, of course, an IBM thinkpad.
Seriously, Vaio seems like a deliberate train wreck. They seem to deliberately obscure their hardware so you always need vendor drivers for them. So what you get, essentially, is a device you cannot even use with the next version of the operating system it came with, let alone other operating systems.
There is one crucial difference between Windows 98 and today's mobile phones. You could harden your Windows 98. I know from today's perspective that sounds silly, but you could actually remove functionality you didn't want.
That's much harder on mobile devices as you usually boot a signed image. Only your hardware vendor can sign that image.
Also there is no pressure to get things fixed. For Windows there was the pressure of alternative operating systems. Before Microsoft got its act together and simply fixed every bug they could find, there was a strong movement to go to Linux just because Microsoft didn't seem to care about fixing security critical bugs.
There is no way to install an alternative OS on most mobile devices, you are usually stuck with what the manufacturer chose for you.
Well it probably will take up less desk space than my current 2x23 inch setup... but you get _twice_ the screen space!
Unfortunately display makers will probably make UHD computer monitors in 23 inch and smaller. Pretty much the only use for that is when you want to make vector fonts look passable on a screen.
HTC phone owners don't seem to think they are morally advanced beings, unlike at least some large part of the Apple followers.
Ideally we would of course have some proper devices made locally and easy to repair. Unfortunately the market currently follows the unwashed masses, and those care more about touch screens and apps than they do about durability, security or not being sold to the manufacturer and 3rd parties.
Currently our best hope for the future seems to be the Pyra:
http://www.pyra-handheld.com/
Not perfect by a long shot, but good enough to be criticised.
...it was already clear that Windows was a dead end. Now people actually see this. If you are lucky your software written for Windows XP will run on Windows 7... but even then there is no alternative for the end of Windows 7 in sight. Windows 8 and 10 seem to be disliked even by Windows fans.
It's worth noting that companies running AS/400 systems still have no problems upgrading to new hardware... the same goes for traditional UNIX systems which can just switch to Linux or some BSD. Even MS-DOS software can easily be run with dosemu or as a Virtualbox image.
Actually cat videos on TV have always been popular.
For example the most popular programme of German public TV station "Hessischer Rundfunk" is this cat interval signal from the 1970s:
https://www.youtube.com/watch?v=H1QEHE5fl3U
They were stray cats and found a new home through that clip. That spanned a whole new genre of TV shows called "Tiere suchen ein Zuhause" in which stray animals from shelters were shown on TV in the hope of finding new homes.
"DRM is bad, but so is freeloading. Content creators do have a right to be paid for their work."
Yes, but those are separate topics. DRM does not cause less to be "stolen", but more. DRM essentially removes the legal difference between pirating an buying since both are illegal.
In the end, we must deal with people getting paid with just another drop in the cost of reproducing works. Yes, that's a challenge, but we have done rather well so far... or how many journalists do you see complaining about the fact, that newspaper companies can print their stories for fractions of a cent a piece?
Seriously, a German computer magazine recently published an account of their reader. He had a Xerox printer and bought some original toner of Xerox. Turns out the toner was region coded for eastern Europe, and his printer was region coded for western Europe. Xerox didn't want to help him, so eventually he bought some counterfit chips of Alibaba to put them onto the cartridges.
We must stop the insanity of DRM now.
those garage door openers have been around for decades now, and they always had very short keys. I think I've seen people just attaching a binary counter to one of the remotes and making it try out all the keys in that way.
So it's not exactly new. In fact with a simple SDR you can just record that signal, clean it up and re broadcast it.
You can often get them from rubbish heaps usually with a half full toner which will still last for thousands of black pages. New toner is extremely cheap, and since it speaks PCL it's trivial to get running on any operating system, including Windows.
They might need a bit of sandpaper treatment on some rubber wheels, but otherwise those are near indestructible.
The same goes for most 1990s non-GDI printers. They all support PCL at a decent version, some even postscript, and you can often even upgrade the RAM with cheap PS/2 modules. The GDI printers have, predictably, all turned into expensive toxic waste as nobody maintained the drivers. (I'm looking at you, Brother)
"Probably there are more complications to it than I am imagining."
If there are, it's the fault of the software designer designing that "BIOS". A "BIOS" should be simple enough you should virtually never experience any software bugs, and therefore never have any need to update your firmware.
Unfortunately UEFI is just a huge mess, providing the same use as OpenFirmware with _way_ more code.
"The ergonomics of Digital Radio, unlike Digital TV is inherently unfixable."
Well you could easily build a decent to use digital radio. Just replace the "demo firmware from the module company" with something decent. Add a numeric keypad so you can punch in frequencies or channel numbers just like on any half decent FM-radio. Also replace that 2 line display with something moderately tolerable and don't try to scroll on those.
Well there are cheap DVB-t modulators as hardware devices, they cost around 400 Euros. They have a video input typically VGA, CVBS or HDMI and the output should be broadcast ready, after a bit of filtering you need to do anyhow.
Then here's of course GNU Radio and more professional solutions.
It's now all possible within reasonable budgets, even if you don't like to put cable ties around Raspberry PIes.
Here are some projects from the Chaos Communications Camp this year in Germany.
https://events.ccc.de/camp/2015/wiki/Projects:DVB-T
https://events.ccc.de/camp/2015/wiki/Projects:DAB%2B_Digital_Radio
If Google looses there would be a precedence for copyrightable APIs which means that making things compatible would be a copyright violation.
The other thing is that it was totally avoidable. If Google wouldn't have used something Java-ish for Android the whole problem wouldn't exist.
The problem is that the future of PCs is most likely not with Windows. Microsoft has to care about their bottom line and that means chasing the money. They see that there's probably a _billion_ more Android than Windows devices, so they want to be like Android.
Those people will also use cloud services to store their data.
The people who actually care about their data as well as their freedom have long switched over to some sort of FOSS. They probably now have their Linux and will move to *BSD.
Well communication depends on redundancy. Imagine you were an alien scholar and you'd have some idea on what those weird symbols mean. If you have only the minimum of distances, you end up with the "Dutch Bikecycle"-Problem. You can make up anything with some numbers.
If, however you have a hypothesis on that image, and it fits more than the minimum amount of data, you have an actual theory. That's also why the information on how to read the images contains one of the test images, a circle. It helps to give redundancy as confirmation.
For example many companies _still_ have Acrobat Reader installed instead of just about any other PDF reader out there. Why? Nobody knows. Companies still have e-mail clients displaying HTML-Mail. Why? Nobody knows.
You need to give your users a chance to act in a secure manner before you try to educate them to do things they cannot do. How do they know if an e-mail is from a trustworthy source if you don't even have GnuPG installed? Shouldn't they be able to open any e-mail without being worried of it using security bugs in their e-mail software?
...at least when it comes to security. The problem is the companies who implement IoT, the people working there, as well as the most stupid customers.
Imagine customers were moderately smart. You could simple offer an ssh-based interface to your device. The password would be printed on the serial number label or a throw away password would be displayed on the display. You'd log in and set the password you'd want to have. That's rather secure I mean that's how something like 99% of all servers on the Internet are controlled.
However you couldn't easily access it from outside... of course the solution is simple, a VPN or port forwarding, or just ssh-ing into your server and going into your fridge from there. Since it's all command line based and/or has a nice ncurses interface, it's all easy to integrate and secure.
However devices are not designed for people who know what they are doing, and they need to be cheap. Therefore you may not have a display and buttons to enter, for example, a WPA key. And of course since people don't use ssh, there needs to be an "app". And since app development is where the current bottom of the barrel developers seem to gather, that means you'll have some sort of insecure app. If you are lucky, those talk via TLS, if you are less lucky they talk via some home grown encryption system which uses standard cyphers... in a typical course you don't get crypto at all.
Ohh and of course people will want to use the functionality from outside, but they don't know how to set up a VPN... well let's write a web service... which of course then is written by a group of people also known to regularly come from the bottom of the barrel, Java web developers.
What we need is a simple system without the attack surface of some hugely overcomplex pseudo object orientated system. Essentially something close to what the "suckless" people make, a simple way to switch between virtual framebuffer terminals. A system designed not by some clueless user experience designer, but by someone who actually uses it.
There are billions of mobile phones out there, surely there's a market for phones which don't cater to the lowest intellectual denominator. Let's build mobile devices for people who don't need an app to tell them when to drink.
I think it was 2005 when the RoboCup was in Germany. A German public TV station had several hours of live coverage of it.
I have to say it's much more humane than human football. You see a player trying to score a goal with the goalkeeper in it. It looks at the ball, then the goal, then the ball then the goal again, before repositioning itself and repeating the process.
Then it carefully lifts its leg, raising its arms to balance before putting it down again and repeating the process. Then it pulls back it's leg and kicks. It falls over backwards, but somehow was able to give the ball a gentle nudge making it roll slowly towards the goal.
The goal keeper watches the ball and promptly reacts by spreading its legs watching the ball as it rolls in between the legs.
No superhuman athletes, but performances we all can can identify with. That's humane football.
After all while it won't have many consequences now, hordes of cars being taken over could finally beat some sense into automotive (and industrial) developers.
Unfortunately since the car industry has a mighty lobby the pendulum might swing the other way and the Internet will be abolished.
People in the (car) industry don't have much clue about security, in fact they don't even understand basic concepts of what they are doing. I have seen people doing things, every book on embedded software design warns you against and gives alternatives, yet they do it like this anyhow.
Somehow it seems like, even if you have trivial problems, software developers (and their surroundings) seem to want to "blow it up" into something big, by adding needless complexity.
This is, in a way like this Czech(oslowakian) animated series:
https://www.youtube.com/watch?v=OJsFj9exAlc
Essentially it's a form of DRM, and DRM has the logical cryptographic problem of making Bob receive Alice's messages without Bob receiving Alice's messages. So part of Bob has to receive the messages while another part of Bob must not receive them.
The "solution" Pay-TV providers choose to use is to enforce not the Common Interface, but CI+ which requires Bob's receiver into acting against the will of Bob, turning off all the advantages of digital television.
Also if you look at the world, subscription TV services have failed nearly everywhere, however the more you force people into them, the better they work. Murdoch forced satellite viewers in the UK to subscribe to his services by scrambling nearly all channels in the 1990s. Sky UK now can actually do creative fictional programs. Sky Germany always had just one of many channels, so people didn't bother. The result is that they essentially play a wild mixture of movies and sports, but no original programs outside of sports.
In the US where cable companies force you into getting Pay-Channels for decades now, they even mildly work, producing well watched programmes like "The Daily Show".
They should have had a "single OS-image" policy from the start. Where you have one Android image which can run on any device, just like you have with most PCs. This would also have made alternative images a lot easier.
Hardware manufacturers would have had to agree to well defined interfaces, eliminating the need for binary only drivers and making hardware discoverable.
Unlike previous attempts like Microsoft's MSX, we now can have rather flexible hardware with features added in compatible ways. Your SoCs would, for example, all have the same framebuffer mode, acceleration features however, could be different on each one of those.
I mean DNS, tell very recently, could only do latin characters. So people would not only have to remember the domain name, but also it's latin transliteration.
Just imagine having to type Korean transliterations of your favourite websites. Remembering numbers seems easier than that.
"However one of my requirements for a desktop system is to enable me to place files etc on the desktop just where I want them."
Yes, but that's actually not simplicity, that's just the usual UX-designer idiocy. In fact not having that ability creates more complexity. Suddenly the desktop behaves differently to directory windows which both takes more code and makes everything less consistent to be used.
"Ah, much like systemd then?"
Perhaps yes, but there are so many other examples. A great example are "modern" desktop systems like Gnome or KDE which try to solve trivial problems, but are huge. That's why there are other developments like "suckless" which aims to create simple yet powerful tools.
Systemd is probably not the worst in that range, but it's the most problematic as both groups need to boot their systems. Therefore it's a point of conflict. It's possible to live without a GUI, but it's incredibly hard to live without your OS booting up.
For example I'd expect my browser to protect me from sites like Facebook and Google as well as other tracking sites. I'd also expect all that a browser would remove all that cruft that modern "web designers" but into their sites.
I mean if a browser would enforce a "single origin" policy for Javascript, the web would already be a much nicer place. Pages would load _much_ faster because there wouldn't be so many needless DNS lookups.
The time when content was still in tight control of the stations and movie companies is over. Since the change of the century television doesn't work that way any more. Since then it simply became possible to just get your receiver to record everything you could have an interest in in a DRM free format so you can do whatever you want with it.
Those products are trying to use DRM to turn back the clock to the 1990s when making copies was hard and lossy.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
