Posts by Christian Berger

Re: The sad thing is...

Yes, but why not just pass a law that would outlaw hardware without well documented interfaces?

I mean seriously this could be dressed up as a mayor security issue.

Imagine Broadcom puts some spyware into their blobs, they could take over very substancial amount of devices. They could potentially even take over laptops with governmental secrets on them.

It would be hard to find out as you can easily hide code in a binary blob compiled for an obscure processor architecture. After all the processors in the wireless chip probably aren't plain vanilla ARM.

"Truly testing an economic theory or model would be very expensive and time consuming."

Actually no, even though doing an experiment is hard, you can test models simply by observation. It's how astronomy or meteorology works.... and the testable statements those fields make typically have a very decent correlation to the true world. The weather report has a decent chance of predicting the weather for the next week.

Re: What are the odds

"Julian will be getting a new bunkmate?"

Even after all I've heard about the US, I don't think they get down to _that_ amount of torture.

Re: The position of the constitutional court of Germany is worthy of note

"The problem is, with millions or tens of millions of people voting, hand jobs are just not practical."

Uhm.... Germany has roughly as many voters as the US. I never had to wait for more than 10 minutes to vote, the voting booth close at 18:00, and the official results are announced before 20:00. Typically enough polling places have been counted by 18:30 to give a really good prediction.

Financial institutions represent a completely different problem than voting. With voting you need privacy particularly against the people running the election. With financial institutions you don't have that. Within the organisation there are lots of audit logs. Therefore you cannot move money from one account to another one without there being a "paper" trail. That wouldn't be acceptable with voting. If you don't understand why, look at how elections in the GDR worked.

Re: Yeah, it's great but...

"The thing is, you can host Lync servers yourself and keep control of all your data within your company intranet."

Actually you cannot, Lync is closed source so you can never say if it isn't sending out encrypted copies of the messages for selected few people. If you want to have IM there's _plenty_ of open solutions like XMPP.

Uhm, first of all 0.7 Watts would kill every wireless LAN in the building, and that's the concern, not some weird concern about radiation.

"2000 watts of energy" I'm sorry, but that phrase kinda disqualifies you. Plus you're not likely to see a lot on your spectrum analyzer as the frequency is rather low. You don't actually get a wave with a coil fed with 20-50 kHz. Without a secondary winding (i.e. a pot) the energy will just oscillate between the inductivity and the capacity.

Re: Plenty of old code out there

Actually if you look at systems like Maxima which is based on a 1982 version of Macsyma which is from 1968, we are getting close to 50 year old code still being in widespread active use.

Re: The only 'advertising' I see ...

"O don't get me started on WGA. I'm on my FOURTH (count em) Win7 right now, all because Microsoft seem to have an understanding gap in the way desktop PCs work."

That's why you typically install Windows in a virtual machine on top of some normal operating system. That's _much_ less hassle.

Re: The Cisco Security story goes from strength-to-strength

It always has been. Just look here:

http://media.ccc.de/search/?q=cisco

Re: Ewwwwww

Well first of all distributions have a certain degree of quality control. It may not be perfect, but it certainly is better than the non existant quality checking in App-Stores.

The App market currently is one of those "idiots markets". It's like the "web applications (in PHP)" market or the "windows GUI application" market i nthe 1990s. People make their first attempts at programming on those platforms, and since all of our first attempts were utter crap, those markets are filled with that.

The great thing about the UNIX philosophy is, that it makes most of those apps completely irrelevant. There's no need for them, as the same can be done with a command line.

"At least with PCs you have a chance of identifying nasties with freely available software."

Well actually with PCs you can get much further ahead. You can harden your systems by throwing out features you don't need. If you have moderately smart people in your IT, you can control it to a very fine degree while still not limiting productivity in any noticable ways.

Re: tablet sales will continue to decrease because of their longer-than-expected lifecycle.

I wouldn't say that the lifecycles are longer with tablets than they are with Laptops. I mean I'm writing this on a 2010 ThinkPad and I can still run the latest and greatest software. With a 2010 tablet I'd be stuck with whatever firmware image the vendor provides, which, even with better vendors, is probably from a few years back.

In a way the mobile market is a lot like the home computer market in the 1980s. You see lots of vendors essentially producing the same product, but essentally incompatible with the others. Just like CP/M we now have Android to smooth out the worst compatibilities. However upgrading such a device to the current version of Android, or another system all to gether is near impossible. The process would involve recreating proprietary binary blobs and porting it to every single model individually.

Re: He who laughs last, laughs best.

Exactly, that's why I prefer _real world_ statistics. Don't look at shady organisations or teenagers in their basements playing computer games, go out into the the world. Get a tent and look at what the people around you use.

From my experience that's around 90% Linux on Thinkpads, around 10% Macs, usually paid for by the company and some very few Dells, some with Windows on.

Re: Would The Reg please stop

> Do they realise how much FOSS gets used in commercial software these days? Or have they written their own in-house replacement for zlib? Try grepping, (oops, grep must be banned), searching for the BSD copyright strings in some of the windows executables like ftp.exe.

BSD code is kinda OK. No they don't use grep, they use a commercial tool called "Black Duck" which is hugely expensive.

> Oh dear, not that easy to escape, is it?

Yes, but they are trying hard. Instead of Windows, they have a special cut down version of it called "New Office". The top point on the feature list of a release I've seen was "Disable IPv6 support". We could only use IE and with special permission "Google Chrome".

The situation was so bad, departments routinely got themselves a "shadow IT" where they used some of their budget to buy laptops without the IT department knowing about. Our department even managed to get Internet access.

Re: Needs better information on faxing

"But yes, as technology gets better we can expect traditional fax to disappear, something that the adoption of X.400 messaging (instead of SMTP) all those years back would probably have assisted..."

I doubt that with X.400 any of us could even afford E-Mail. I mean SMTP is so simple early servers even had a "HELP" command to explain the protocol to you. Now compare that to X.400 where you have a binary protocol based on ASN.1. The parser alone needs more code than a simple SMTP server.

Re: It was dail-up in more senses than the link....

Well you'd obviously modulate the dial pulses into beeps which wouldn't interfere with the downlink. The great advantage would be that you wouldn't need a microcomputer on the client side... which back in the 1970s was a very good point.

Well... but we are talking about Cisco... this is the company which at least until recently, had all processes on their equipment run in the same address space.

This is also the company which installs cheap router grade software on expensive storage appliances, or the same company which sells VoIP telephones you can ssh into, but they have an authorized_keys file.... which they get via TFTP.

With Cisco there just isn't any indication that they care about security.

Re: The problem is still the lack of a decent common hardware plattform

"Something like this? http://www.theregister.co.uk/2014/01/29/arm_standardization_sbsa/"

Yes exactly. Though nobody knows if they will succeed.

"Seriously, when is a project going to be formed to write a new browser and rendering engine from the ground up with security in mind?"

We have gone past that point. The problem browsers need to solve is far to complex to re-implement them with a reasonable amount of effort. Plus even keeping up with web standards now takes a fairly large development team.

What we would need now is to define 2 successor standards to our web. One for static pages, and another one for "web applications". The later one could, for example, be some sort of "remote framebuffer" standard.

Re: This wouldn't be (much of) a problem...

" A jumper is definitely something a maid or border official could handle within a minute or so. "

Yes, but seriously protecting against physical attackers is another problem all together. You cannot protect your computer from physical attackers easily. The whole "secure boot" crowd claims that they can, but in reality they only make the problem worse by keeping you from installing a simpler BIOS.

Keep in mind that physical access to a laptop can also mean that the attacker buys the same model you have, then installs a password prompt looking exactly like yours, and then swapping it with yours at a conference. While you enter your password into the fake password prompt, the attacker mirrors the harddisk. And when you notice the mistake he comes back with your laptop, apologizing for the mistake.

Re: Nice job you got there

Actually there aren't many jobs in German Intel, it's all out sourced to the US. Germany sends their raw data over there and gets the results.

"Humans will embed themselves with chips (et al) and take over regular humans, likely before anyone has sex on Mars at all. What will the military do? Who will stop them?"

This is already happening. In Germany alone, hundreds of people have already bought personal computers they use as an extension to their brains. Currently the interface is a typewriter-like keyboard and a TV-like screen. This can be rather efficient if you bother learning it.

It's also exactly why the German constitutional court has derived a right of "integrity and confidentiality of computational systems".

And it's also a thought we are all accustomed to from science fiction. Just look at 1980s sci-fi series "The Tripods" where "Beanpole" has a special device to make him able to see more refined.