Posts by Christian Berger 4851 publicly visible posts • joined 9 Mar 2007
I don't trust the router of my ISP and my ISP, so what I have is a tunnel to a rented server in a data centre. The NAT happens there an I connect to it via an OpenVPN tunnel. Of course DHCP and similar services still run locally.
However trusting your ISP in doing that is just foolish. ISPs have shown over and over again that they are not trust worthy. Just think of the BT incident where they replaced advertisements and tracked you. I think it was called Phorm.
Seriously the BBC is great when compared to the rest of Europe. Even ITV is.
For example the BBC dares to bring shows like "Stargazing Live" at prime time. A show which is not aimed at the lowest common denominator. The BBC even experiments with things like "Hairdresser of the Year".
And ITV even has people with character, just think of Harry Hill. You may not like him, but at least he's not bland down like German show hosts are today.
I mean sure, "smart"-watches had and will have displays, and in the future devices sold as "smart"-watches will have pixel based displays. However they are rather small, so it's hard to display any significant amount of information. What's even worse is that touch interfaces make it really hard to interact with them in any meaning full way. So I'm not sure how important this will be.
What might be more important would be voice recognition. Currently it's the only way to give semi-complex commands to a mobile phone. Maybe we will one day whisper to our watches - Michael Knight style. :)
Browsers are just so complex, they have such huge code bases nobody can properly understand them any more. Maybe we should go on, and split up a successor to HTML into 2 separate standards. One for "documents" and the other one for applications. Both would need to have to be as simple as possible to get rid of legacy bad design decisions like being able to execute code from other webservers than the one you load your HTML from.
Maybe we could then write a client for that new protocol in a browser, so there would be a trivial way to transition over to it.
They don't do peering, so if you want to connect to them, they'll charge you as if you were their only upstream ISP, and they charge about double of what the competition does. Therefore, as far as I know, they aren't connected to Google or any of the large Internet exchanges.
However local hosting providers typically are connected to them as well as to the nearest Internet Exchange. So routing through your server at such a hosting company can make your Youtube work considerably better.
And since ElReg doen't go into the details, I think it's fair to give an overview.
The traditional way is to have a second, but considerably stronger uplink. You'd need to be at least about 10 times stronger, which is hard to do. In the olden days of analogue feeds to the uplink, you could even do this to the feed, which is much easier.
Then today many uplinks are fed via the Internet. RTMP can probably be spoofed with some effort.
The most plausible way might be an attack against the Playout Centre. TV-stations today, particularly small satellite ones, don't have people starting tape cassettes or reading continuity announcements any more. Instead it's all just files on disks which are automatically played and put on the air. There are commercial Playout Centres for doing this. Much content will still be shipped to it on tape, but commercials and similar fast changing material is simply uploaded via FTP. Now if you get access to that FTP server, it's trivial to swap out files. If you get the correct length, it'll play seamlessly just as if it was intended that way. If you don't, you might get some hickups.
Getting the FTP password might be done via malware or via an intern at the station.
Well, there are patent lawyers. And they just continue to nag the patent clerks until the patent goes through and the lawyer goes away.
For a patent conforming to your rules, you don't actually need a lawyer, it just goes through after the patent clerk kindly pointed out the errors you have been making.
"Downvotes? What terrorist dislikes the "Art of UNIX Programming"?"
In my experience there is a violent branch of the C++/Java/C# fans that completely hates that book. Unfortunately some of them are now found in what is called the "Freedesktop" movement.
...since there the encrypted channel is based on public certificates. Though you can get something similar to certificate pinning with self-signed certificates, this can easily be subverted by using normal certificates.
What we finally need to do is to get GPG to be more usable and shipped by default with e-mail software.
I mean your typical component stereo system is not only much cheaper (when you use used components like speakers), but is also rather future proof. Analogue audio is like the text files of electronics, it just works and every device can speak it. Even SPDIF is widely used and understood by many vendors. Contrast that to some wireless solutions which depend on complex, sometimes even proprietary, protocols.
So the way those wireless multi-room systems are built today they are just suitable to extract money from hipsters.
...is to stop yourself from increasing your cost of life. It should be clear to everybody that such a job is only possible in a tech bubble where everyone pretending to be able to code can get a high paying job.
It makes sense to use that bubble to collect money for your future education, but be aware that the bubble will collapse eventually. Nobody knows if it'll be in 10 weeks or 10 years, but it will collapse. If you are prepared, you can then start studying and you will emerge wiser and without debt.
I mean it's probably no problem at all to purchase 470 double-decker buses for a photo-op when it's about such a large ship. The cost of that is just negligible. While it's much harder to buy such buses normally.
So if you buy 470 double-decker buses out of the military PR budget, make that photograph, and then sell them to local communities for a symbolic price, you will have made a serious improvement to the public transport infrastructure.
As someone who actually did record the phase of the grid for extended periods I can say that it's plausible for certain situations.
First of tall the averaged frequency of all points in the grid is the same, however there may be some minor phase shifts. Those are however probably completely useless for this.
The harmonics also are much less useful as they might seem since those depend on your very local conditions, particularly when talking about the sound aspect of it. The type of "Loudspeaker" would probably completely dominate this.
It is rather trivial to fake this anyhow. Just record the hum of a the place and time you want, and filter out the original hum, then paste in the fake one. Alternatively you can just use notch filters at 50, 100 and 150 Hz and fill up the space with narrow band noise.
So yes, if I was the NSA I would do it, particularly since it's cheap to do (our setup at work was essentially some cheap Foxconn PC and a tiny bit of homegrown hardware to connect the mains and the output of our clock to the soundcard) and it might be helpful in rare cases.
> I consider software anything that directly accesses the CPU and has instructions for that CPU. Note that a script or other interpreted code is useless without the interpreter, which falls under the purview of a program.
That's what Google tries to do with the Chromebook. It's no use since then you'll just use security bugs in the browser. It just keeps people from actually running local software outside of the browser.
> Operating systems shouldn't be able to run unsigned software - ever.
We already have signed malware. This will only prevent you from installing your own self-compiled software or software from a trustworthy source. Few trustworthy sources will pay the money for a signature.
> ... proper, trusted certificate chain - no self-signed rubbish
Do you know how much a proper certificate costs? Also today we know that at least one attacker can control the root, and we have seen several CAs being taken over by non governments, as well as customers of CAs being issued certificates far wider than what they should have gotten. The CA world is a terrible mess.
> Certificate revocation lists should be enforced as strictly as is practicable.
Even Google now knows that revocation lists are bogus and possibly even harmful:
https://www.imperialviolet.org/2014/04/19/revchecking.html
> Sandboxing should be made to work properly, stricly enforced, ... as long as they've been given explicit permission by the end users
Look at the mobile world. People will enable _every_ permission they are presented with. As long as you cannot patch out the features in the source code.
It seems like you've never seen the discussions in the late 1990s where "Trusted Computing" came along which tried to do all of this.
The thing that actually did bring security since then was "Free and Open Source Software". FOSS scared Microsoft into (partially) cleaning up their mess they called Windows. Today when software crashes because of invalid input it's considered to be not just an unimportant bug, but a security problem which needs to be addressed immediately.
Well the point is, with electron computers it's trivial to make very hard to detect widespread manipulation, while pen and paper voting is hard to manipulate and easy to detect manipulation.
BTW, counting pen and paper votes is also rather quick and can be done in a very few hours. Most elections in Germany, for example, are counted within a single hour.
And that has nothing to do with crypto.
The problems are much more basic. For example if you vote at home, someone can look over your shoulder so they will know what you voted for... effectively making it easy for them to buy your vote.
An even more substancial problem is trust and democratic verification. You can verify a pen and paper based system without any special knownledge. Everyone can understand it within a few minutes. So instead of having to have knowledge and capabilities in several fields (mathematics, electronics, programming, microelectronics) you can simply look at the process.
So this may have it's applications, e-voting certainly isn't one of those.
"A currency that can be transferred untraceably"
That's completely wrong. Bitcoin is based on the idea that everybody can see all the transfers. So you can trace them all. In fact if you take part in Bitcoin you have all the transactions stored on your harddisk. What Bitcoin Miners do is to certify those transaction.
Bitcoin is in no way even hard to trace. The only thing is that bitcoin wallets don't have names directly pinned on them. By that standard you could also register a company and open a bank account for it.
Again, Bitcoin is not anonymous, it's pseudonymous at best.
If you've got some old 1980s software running on some sort of Unix of VMS or something, it's trivial to get it "into the cloud". You simply put an SSH-terminalserver in front of it and people will be able to use it even over very slow connections... and on just about any device you can get an SSH-client for, which includes all real smartphones.
Also if your software survived from the 1980s till today, chances are it's fairly well designed.
Actually with US cable companies there is an interesting aspect. Apparently they pay fees to the broadcaster and in return get the right to swap some of the commercials for their own. So in the US you get different commercials depending on how you get your signal.
I personally believe that we must create laws which enable us to get any broadcast we want. The current situation is just ridiculous. I mean we are talking about an united Europe and the progress we make towards it. Yet in the 1990s I could watch a fair share of UK television with exactly the same equipment I got German television. An Europe united in television. You pressed 1 and got Sat1, you pressed 21 and you got The Children's Channel. Today however channels are allowed to use encryption and spot beams to lock out the rest of Europe.
"The question, then, is what the hell Facebook decided was worth $2Bn"
That's actually rather simple. Imagine you have money invested in Facebook. Imagine it's 20% of the Facebook stock since you are a big bank. Obviously you know that the bubble is going to burst eventually, so it makes sense to sell at least some of your stock while it's high. Buying low and selling high is a typical strategy.
If you simply sell your stocks, everyone will assume you don't believe in it any more and the bubble might burst prematurely. It's a rist you don't want to take.
Now let's look at how such a sale usually happens. Facebook gets the company in exchange for money and Facebook stocks, but a large part of the payment is actual money.
So if you own stocks in some smaller company as well as Facebook, you have a double advantage. First of all you will exchange some of your shares for actual money, second you don't poke the bubble and the rest of your shares even might gain value.
At least with Instagram and Whatsapp there was at least one investment company in such a situation. It's "SEQUOIA Capital".
I mean I can understand some of the decisions. Nobody cares if the battery or the electronics works, thanks to "Secure Boot" it's bricked by default anyhow.
What's worrisome is they apparently made it lighter, making it less suitable at its primary use as a paperweight.
I think you are taking the wrong approach to this. Microsoft has learned one thing in the early 2000s and that is that as soon they bring out a product that's usable, nobody will buy the following product. That's why so many people still use XP.
The success of Microsoft lies within their 1990s strategy of bringing out semi-usable products and making you hope that the next version will be any better. You sell your current product, but talk about the future.
Yes, but CompuServe had a "business vibe" to it. In fact there were lots of commercial "online services" out there. Today AOL is the most famous of them, however there were also other walled gardens like T-Online and many small commercial and non-commercial BBS systems.
One idea there was to overcome the problem of being a walled garden by allowing to bypass technological limitations of that time. For example you could connect an online shop to a CD-Rom. the CD-Rom would contain pictures and videos, referred to by the online service. Or for most BBSes you wouldn't have to install software but just dial in with your terminal emulator.
Over time those became ISPs or perished as people realized that walled gardens are an idiotic idea. At least in Europe this was at the same time Murdoch tried to turn television into such a walled garden, with national stations being encrypted so you couldn't watch Sky One in Germany for example.
While in the 1990s smart phones still were like little computers you had some control over, today they are more and more becoming consumption devices. This device is just an example of this race to the bottom. A device which is only made to allow you buying things.
Particularly in the US there is no reason why this shouldn't continue. People rent their handsets from their operators and operators are all for such devices since billing means they can have a share.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
