Posts by Christian Berger

Few systems propperly account for this

I mean next to no system accounts for leap seconds. In fact it's even impossible to predict when the next leap second will be introduced.

Perhaps the best way would be to leave computers running at a continuous timescale. Something based on "Atom Time" and use something like timezone files to correct for the "propper" wall clock time. This way you would have to update your timezone files anualy, but if you don't, the time your computer displays will be off by a second while the internal time will still be consistent with what the other computers think.

This could probably be retrofited to most computers as they already use pre-made C library functions to convert from "Unix epoch" to local time. Few people do this with their own code, since it's quite a bit of work.

Those things are important

They give people hope. They give people a vision for the future, even if it's far off, it both shows a long term goal (setting on far away planets) as well as immediate steps to take towards that direction (finding exoplanets).

Unfortunately finding exoplanets is unlikely to find new ways to kill "the enemy" or spy on people or make a new "smart"-phone. That's why it is so badly funded.

Even if it came from a "North Korean" computer

There's plenty of ways to get to one of those. One is to apply for a job as a professor.

In the Q&A session here, Weill Scott explained how he got that job.

http://media.ccc.de/browse/congress/2014/31c3_-_6253_-_en_-_saal_2_-_201412292115_-_computer_science_in_the_dprk_-_will_scott.html#video

Other than that, attribution is hard, and there's more than enough "plausible deniability" to make sure any facts can be missinterpreted in any way you want.

The question is, how wrotten is your infrastructure?

Those specifications only work when you have a very decent cable infrastructure. Unlike the backbone where an upgrade usually just means swapping equipment located conveniently in data centres, cable network infrastructure is, at best, located in boxes at the side of the road, at worst in the ground below the house of someone who built it later.

The point about DOCSIS is to use that legacy infrastructure as long as possible, just like with ADSL or VDSL. What we would have to do right now is to get dedicated fibres into every household. Otherwise we'll now be left with expensive incremental updates which become obsolete after a couple of years.

Just do a Nokia Communicator with updated software

Essentially a telephone strapped onto a palmtop. Even if that mini-computer just runs DOS with some GUI strapped on it's still miles ahead of what we have now.

Unfortunately it's a good idea to not have any data on your laptop when you pass an airport

A clean install of your operating system should be the best state for your laptop to be in... which is BTW also not a bad idea when you go to such a hacker conference. Though hackers are the most friendly and nice group of people I've met, there always is the chance of someone accidentally running an exploit against your machine.

Now if they would solve those little software problems

e.g. that you cannot suspend your device while you are in a Java App, those would _really_ be useful.

And of course there's Klaus Wunderlich

With music so controversial and strange many people still wonder if this actually was music. Hack radio shows in Germany often play Klaus Wunderlich just to remind people there's still something besides mainstream music like "Welle Erdball".

Welle Erdball: https://www.youtube.com/watch?v=s7j9P-Go14s

https://www.youtube.com/watch?v=RPgm6XCokNw

Klaus Wunderlich: https://www.youtube.com/watch?v=8unxg0Il1lA

More info about the pre-cellular mobile networks in Germany...

...can be found here:

http://www.oebl.de/Netze/index.html

It also has nice pictures, like the reason why we call mobile phone "Handy" http://www.oebl.de/C-Netz/Geraete/Bosch/C9/Bosch_C9.html (Although this one was for the analog cellular network C)

Or the sideburns you needed to run the previous non-cellular B-Netz:

http://www.oebl.de/B-Netz/Technik/Technik.html

Video here

Of course it has German live interpretation for people not speaking German.

http://media.ccc.de/browse/congress/2014/31c3_-_6450_-_de_-_saal_1_-_201412272030_-_ich_sehe_also_bin_ich_du_-_starbug.html#download

Truning a crisis into an opportunity

This is a masterpiece of dealing with a crisis. Sony had a bad movie and horribly bad security on their hands, so they got massively hacked by some guys probably not from North Korea (but nobody actually knows). You find one of the many complaints about that movie and spin that into a narrative for pulling it from the cinema.

Nobody checks to see if movies with actual shootings get pulled (hint: they don't) so it seems plausible.

Not showing a movie for such reasons creates a huge demand which builds up, then at the peak of that hype you release the movie.

So now you have used a bad situation (being hacked) to change a movie from a projected major loss to an actual win. Plus they shifted away the attention from their bad security.

It's nice to see some TV made by people who put effort in it

I mean surely, Doctor Who may have had it's downs lately, but you can still see the effort. You can still see people trying to bring the story to life as good as they can.

Compare that to German TV where you have "science shows" where they make fun of people not knowing that compasses work... because the North Pole has lots of iron in it...

"Unify and enhance Sony’s global information security architecture"

From all I hear one of the problem was that Sony had a very uniform computing architecture. How else could some malware infect nearly all of their systems. If systems were different in every department, the chance of a worm spreading in between them would be a lot slimmer.

It doesn't matter if they actually found a technical attack against Tor

The intention obviously is to scare away people from using Tor for obvious reasons.

Defence Defence Defence!

From the little bits of information we get it would have been trivial to prevent or at least contain that infection to a small part of the company.

Just use the usual best practices for clients. Harden your operating systems, use application servers whenever possible, do not have persistent OS partitions between boots, etc. Notice that secure boot would have not helped in this situation at all.

The sensible thing to do would be to invest in actual security. Let's do code reviews, let's make our software simpler. Let us teach assembler before C in universities so people learn how to avoid buffer overruns.

Unfortunately the industry has little interest in secure systems. They want to continue to sell closed source software, they want to continue to use DRM, which means that they will always want to have ways to distribute binary code software which opens the gates to malware.

We live in a sad world...

...when even QNX looks decent compared to what marketing wants people to have.

Could be a new business model...

... just limit the support to 2 years, then bring out a new version of your operating system that's utterly undesirable for your customers to upgrade, i.e. because it's incompatible or requires new hardware, then charge through the nose for support.

I bet this would work. Microsoft has a vendor lock in. If I don't like systemd, and I cannot find a Linux distribution without it, I can simply switch to some BSD. Why, because all my programs are written for POSIX and don't really care if they are running under Linux or some other *IX.

Actually this could make some things easier

For example studio cameras today have a somewhat larger dynamic range than the TV signal. They typically squash their dynamic range into the smaller one available for television. This can lead to strange results. For example if you watch a white (light grey) wall where a bright blue LED light is shining on, the camera has a conflict between preserving the brightness or preserving the colour. Many television cameras now opt for the colour giving you a dark spot when you watch it on a monochrome TV. In extreme cases you can see the blue spot fading into darkness before suddenly becoming light grey again.