* Posts by Christian Berger

4850 publicly visible posts • joined 9 Mar 2007

John McAfee declares war on Android

Christian Berger

We'd need to solve the problem at the root:

1. Ditch App-Stores and get proper distributions which have strict code control like Debian for example. Yes, this would kill commercial closed source apps, but point 3 will take care of those.

2. Mandate some common hardware platform or a BIOS so the operating system doesn't need to be ported to every device.

3. Design and implement a very simple protocol for "remote GUIs". Essentially this should replace web-apps with something simpler, more secure and faster to use over wireless connections. It would be something like "GUI-toolkit" commands via TLS over Websocket or something. There may be code to implement something like custom GUI elements, where the code can only access the properties of that element and draw in the area of the element as well as get touch information from that area. All the logic would run on the server, everything time critical would run on the client. This is of course trivial to charge for.

Netflix speed index shows further decline in Verizon quality

Christian Berger

Re: Overly aggressive throttling?

Well... ISPs aren't soup kitchens. I pay the ISP so they will continuously upgrade their network.

An ISP throttling is like a restaurant telling me, "We're sorry, but we are out of food, you'll only get half portions... however you still must pay the full price.".

James Dyson plans ROBOT ARMY to take over the world

Christian Berger

In the UK?!

I'm sorry, I wouldn't buy such a device designed in the UK. I wouldn't buy a device coming from someone who grew up in a country where people think it's healthy to have more surveillance cameras than people. This doesn't seem like a place where even the most basic privacy protection could come from.

However I applaud Dyson for trying to promote the idea of inspiring technology as this can cause good people to turn to engineering instead of money laundering. Though I believe this is rather futile in most western countries, I dearly hope I'm wrong.

Tuesday declared 'The Day we Fight Back' against NSA et al

Christian Berger

It's about breaking a narrative

Currently governments spread the narrative that nobody cares about surveillance. This is about breaking this narrative. People do care.

Friends don't do tech support for friends running Windows XP

Christian Berger

But a big trusted partner like Microsoft....

...wouldn't let their partners stand in the rain. They surely will bring out Windows XP 2.0. Otherwise they'd just act like any old commercial company putting profits in front of partnerships.

If you are a "gold partner" of Microsoft or any of those marketing things, pause and think about for a moment. You may currently develop your business critical applications in C#/.net, Silverlight or even VBA. You justify this by thinking that Microsoft would never pull the rug from under you and support your technology till infinity.

Now we are here, Microsoft pulls the rug from under Windows XP despite of it still being used on a third of Windows installations. Microsoft does not offer any kind of sensible upgrade plan, for example an XP 2.0. Vista and Windows 7 are no alternative for most companies.

If you are just using plain Win32 you actually have a small change you code might run on newer versions of Windows, but then Microsoft brought out Windows RT, a version of Windows incompatible with Win32.

Renault unveils mini-SUV equipped with a QUADCOPTER DRONE

Christian Berger

Or of course the tunnel :)

Inside Microsoft's Autopilot: Nadella's secret cloud weapon

Christian Berger

Rule of thumb

Whenever someone tries to sell you a new technology which is "complex", it either means that it doesn't work or that it will not work reliably.

Good technical solutions rarely are complex. The Internet is simpler than the X.25 networks it replaced. UNIX was simpler than MULTICS.

Time to pack in your job: Someone FINALLY needs a cat vids curator

Christian Berger

They should choose a German

The concept of cat videos was first widely known in Germany.

https://www.youtube.com/watch?v=qXmFDRwEpv0

How many keys can one keyboard have? Do I hear 200? 300? More?

Christian Berger

Or you could...

just buy any of those many programmable keyboard with inserts for the keys.

Microsoft to build 'transparency centres' for source code checks

Christian Berger

Even if the code would be free of any obvious backdoors...

There's still the "bugdoor", a plausible bug which leads, for example, to remote code execution, but simply isn't fixed. One prominent example is ActiveX. If you can fake a certificate, which the NSA surely can do, you can get code running with user permissions.

Boffins say D-Wave machine could be a classic*

Christian Berger

Re: Enough already

Actually looking at it, that may be a feasible thing to do. It seems to be a "normal" microchip which you can "easily" reverse-engineer.

http://en.wikipedia.org/wiki/File:DWave_128chip.jpg

Is modern life possible without a smartphone?

Christian Berger

Re: My quality of life has improved

"Smartphones can be used to involve yourself MORE with the outside world - if you don't spend all your time playing with Twitter, Facebook, Angry Birds, and your multiple Fart apps."

Unfortunately modern "Smartphones" (since about the Apple iPhone) are just designed to be Facebook/Angry Birds machines. That's the market all manufacturers are currently chasing.

I have tried different "smartphones". I've started with Android, but that didn't have an escape key. (WTF!). I'm currently using an old Nokia Communicator. It kinda works, but is software-wise a long way to go.

If I were to build a smartphone I'd make it like this: Use a clamshell design. Put a feature phone into the lid behind the display, then have an independent PC which can run arbitrary operating systems accessing the keyboard and large display. If you hold it, make the PC suspend to RAM. In a way just what Nokia did with their Communicators, but updated.

Cameron: UK public is fine with domestic spying

Christian Berger

Same strategy as in Germany

Just claim that nobody cares and many people will believe it's not a big deal. This is also tried in Germany.

In reality many people care. More and more "everyday" people wonder how they can use encryption. That's why crypto-parties are s popular.

Language-mangling Germans fling open Handygate to selfie-snapping whistleblowers

Christian Berger

It was some marketing accident

Multiple vendors sold the same hand held analogue mobile phone.

So there was the SEM340:

http://www.oebl.de/C-Netz/Geraete/SEL/SEM340/SEM340.html

The Pocktel

http://www.oebl.de/C-Netz/Geraete/SEL/SEM340/SEM340BDH.JPG

The Post, which also ran the network, called it the "Pocky".

So for Bosch there was only one name left, "Handy C9":

http://www.oebl.de/C-Netz/Geraete/Bosch/C9/Bosch_C9.html

The name later was used for all hand-held mobile phones.

FCC says US telcos can start moving to IP-based calling, but in baby steps

Christian Berger

The big question is how it's done

If you have well made networks with lots of spare capacity, as it should be, there should be no problem. However ISPs are now looking at saving every penny which includes capacity.

If you want to do VoIP over a network with congestion you will need to have to do QoS and that can only save you to a certain degree.

ARM lays down law to end Wild West of chip design: New standard for server SoCs touted

Christian Berger

Finally!

Now get that on mobile phones, too... and make one in a Nokia Communicator form factor, and I'll finally be able to get a decent mobile device.

AMD tries to kickstart ARM-for-servers ecosystem

Christian Berger

They'd first need to sort out the common platform problem

They need to find ways to make all hardware look similar enough for the operating system to be able to boot across multiple vendors without having to port it.

A BBC-by-subscription 'would be richer', MPs told

Christian Berger

Re: Quality

Well there are plenty of examples where maximizing revenue has lead to lower quality.

The market doesn't care about quality, it only cares about marketing. It doesn't matter if your product is better for the same price all that matters is how it's sold. Look at Apple, their products are mediocre at best at top prices. Selling things costs a lot of money and virtually every consumer electronics company spends way more on marketing than actual technical product development.

Christian Berger

I'd pay, however...

I don't want to pay for the conditional access system which, in case of the BBC, would probably cost a decent part of those 11 pounds. Such systems are expensive.

Furthermore I see television as a public medium. I pay so everyone can see it. Even and particularly those who cannot or will not afford it. The BBC somehow managed to stay this wonderful micro-cosmos of good programming by far superior to German public TV for example. (Unless you like Sports of which German TV is full off)

Facebook debunks Princeton's STUDY OF DOOM in epic comeback

Christian Berger

Not the only metric

I mean sure extrapolating a trend isn't always going to work, but ask Wolfram Alpha for the number of Facebook members per world population.

http://www.wolframalpha.com/input/?i=facebook+members+per+world+population

If Facebook continues like this and we don't have a plague that kills mostly non-Facebook users, their growth will be consider to be considerably smaller than the growth of the population. Cutting down on fake accounts doesn't seem to help eithere.

Valve showers Debian Linux devs with FREE Steam games

Christian Berger

Re: Damn...

"I don't get why people are surprised by this. It's a sensible move by a sensible company."

We are not used to companies making sensible decisions!

Google, Netflix ready next weapon in net neutrality battle: The fury of millions

Christian Berger

Well yes, but what should it change?

Imagine you are an ISP in the US. You are likely a local monopoly, so people have to get their Internet from you. If you get more complaints, you just staff up your support department and raise the prices. Or you cancel the contracts of the people who complain the most.

The internet is 'a gift from God' says Pope Francis

Christian Berger

Well first you have to know that Alan Turing is not as widely known in places outside of the UK as he is inside. If you'd ask a random person in Germany for example, they'd have no idea.

It's very likely he has never heard of Alan Turing, so he probably has no opinion on that case as of yet.

Christian Berger

A different worldview

I think he's referring to the motivation they had. The Internet as we know it today was not invented for the money. It's foundation was invented to provide communications even during war, most of its services were invented in universities to promote the sharing of information and knowledge.

The Internet, unlike other networks, was made in a spirit of openness and sharing. In Roman Catholics this is called the "holy spirit". They consider the feeling you get when you write some software and you suddenly realize that it's used around the world by thousands or millions of people a religious experience.

The fundamental question why people act that way is because god set it up so they would be like that, at least according to Catholics.

Nokia waves goodbye to device biz as phone sales continue to spiral

Christian Berger

Re: I hope

Hmm, it was a bit different, Elop was obviously planted as a mole by Microsoft.

He might have done the same at Macromedia.

Christian Berger

Re: How the mighty have fallen

Well as for Siemens it's fairly simple to understand. It's an urge to go penny pinching beyond the point where you cannot maintain a decent product.

Siemens once had mobile phones which rang via the same speaker you also held to your ear. The obvious problem with that is that people miss the "pick up" button and hold the phone to their ear and it's ringing again rather loudly. Nobody likes that, but it won't show up in polls since everybody assumes it's done correctly.

Another aspect I've seen with Siemens (I currently work at a Siemens daughter) is that most of the people there are rather closed minded. They, at best, know about their little niche, but have no overview or vision. The resulting approaches are "... a je to!"-esque.

http://www.youtube.com/watch?v=sebkjBe-Hu4

Since the 1990s Siemens has a bad reputation for engineering.

Christian Berger

Re: Sitting On Their Hands

Well running in ten different directions is still better than running directly towards the cliff.

What Nokia should have done was to harvest the good ideas that strategy created. I mean Maemo/Meego still is the only smartphone OS for professional users there is.

There is nothing wrong with going different directions and having different platforms. Just imagine Nokia would have given users the choice of operating systems on their hardware. Just imagine being able to get a Nokia Communicator with either Symbian, Maemo/Meego or Android.

Chin up, BlackBerry. We know who still loves you: The cuddly Pentagon

Christian Berger

I wouldn't be so sure about that

Sure they put in a lot of effort to make it appear like a secure system. However your mail still needs to go through a backend server running with high privileges. It did have security critical bugs in the past, and since it needs to decode all e-mail it's likely it will have them again in the future.

Blackberry's chance would be to open up their protocols so others could also write backend servers, and ideally to provide a greatly simplified open source version of their operating system. The Pentagon might in fact have both internally.

So currently I wouldn't trust Blackberry from a security standpoint, particularly since they had an issue with sending IMAP and POP3 passwords to a server in Canada.

Look out, Earth! Here comes China Operating System (aka Linux)

Christian Berger

Re: New Linux based mobile OS.

Actually Meego/Maemo was at least _years_ ahead of Android. You had native applications and a sensible software distribution model. If they had licensed it for other manufacturers, you'd have had a great product for the professional market. You would have had what's essentially a hand-held laptop. Now put that into the case of a Nokia Communicator.

Christian Berger

So from what I've seen so far

They seem to be replicating the IOS-"Problem". There will only be one central "App-Store".

Christian Berger

As we learn from Android

The kernel isn't very important. What's more important is whether there is a common hardware platform to enable easy vendor-independent updates. Another important issue is the software distribution model. Will there be a healthy model like the one most Linux distributions use, or an App-Store?

Just saying "It's based on Linux" is more or less a null-statement. It's the default kernel for new projects. Few are insane enough to build something new on VxWorks or Nucleus.

EU eyes UHF spectrum: What do you think, biz bods... broadband?

Christian Berger

Whenever I hear of UK terrestrial broadcasting I start to break out in tears

4/5th of your population can get more and better channels than even the luckiest people in Germany.

In Germany you are lucky to have any DVB-T reception at all, and even if you have it you'll likely be stuck with a bad selection of public TV which is about at the level of ITV. If you live in an area with more multiplexes you may get a few commercial stations. Something like BBC1 or BBC2 is unimaginable here.

What most people use here is satellite (which is forbidden in many apartment buildings) and cable (which is not much better than terrestrial TV).

Almost everyone read the Verizon v FCC net neutrality verdict WRONG

Christian Berger

Actually there is only one reason to have any kind of QoS...

...and that's if your pipes are to narrow to deal with your traffic.

Surely there can be temporary bottlenecks in your infrastructure, things can go wrong and then you might be left with a fraction of your capacity. However this should never be the norm. There shouldn't be a daily bottleneck which occurs every day for several weeks.

I am paying my ISP to route packets and to keep its network up to date. It is very hard for me to check on my ISP, and near impossible to do for the layperson. How do you know what throttles a download? How do you know if Youtube has a problem or your ISP thinks you should use its services instead?

Since the consumer is absolutely helpless against the ISP, there is a need for a strong watchdog.

Audiophiles: These Wi-Fi speakers have a stereo drift of less than 25μs – good enough for you?

Christian Berger

Stereo sound

If you have Stereo sound it's important that the sound arrives on time. Just think of your own ears, they direct sound by the time differences between the signals. So a millisecond delay difference would already be rather noticable. (=> roughly 30cm at the speed of sound) I don't know if 25us (roughly 7.5 mm) is relevant, but it's likely that if you employ any kind of technology which gives you sub ms accuracy, 25us is a low hanging fruit.

Then there's another problem. What if you have people putting multiple speakers on top of each other? In this case you will get your original signal added with the delayed signal. You will get something called a Finite Response Filter. In this case it most likely acts as a low pass filter, and the delay specifies it's cut-off frequency. (actually it's a comb filter with evenly spaced nulls in it's frequency response, and the delay gives you the spacing. higher delay => lower spacing, you want to make sure that no spacing is within your audible range) 25us is 40 kHz, considering that you want 15 kHz still to be transmitted perfectly and the filter probably isn't to steep, it's not unreasonably to go that far.

Run for the tills! Malware infected Target registers, slurped 40m bank cards

Christian Berger

Many barcode scanners allow arbitrary keypresses

In fact that's a common freature. So unless you turn it off, you can exploit a cash register via barcodes.

BTW many barcode scanners are configured via barcodes, so you can turn on that feature via barcode.

FCC honcho: Shifting our crusty phone network to IP packets starts now

Christian Berger

Re: In an all-IP network, a packet is a packet is a packet.

Well one also has to consider that congestion on the "real Internet" is extremely rare. The only points where you have congestion is close to the user.

So it's entirely conceivable to put VoIP over the public Internet, at least as a backup solution. However since fibreoptic cables between datacentres are not very expensive, it makes sense to just run your own fibre when you are already peering voice.

Christian Berger

Re: why not?

You do realize that your phone company will still happily provide you either with a normal "analogue" phone line or with some CPE to get you a "analogue" phone line in your home.

And they will also happily make it compatible with pulse dialing so they can charge you extra for enabling DTMF.

Nobody forces you to throw away anything.

Christian Berger

Re: Well, it'll certainly make the job easier for the US NSA!

Actually not really. It's not like they use Wireshark. They need specialized equipment anyhow.

The big game changer is of course encryption. VoIP allows you to turn on meaningful encryption. While this may not be immediately possible, you can set it up between friends if you want to.

Christian Berger

Re: what 48V?

Well that's not much of a change from normal ISDN. There most of your phones were powered from your PBX, and when that fails only very few phones would work, if any at all.

Christian Berger

It kinda does

Actually it kinda does. Particularly since even a small 8 Euro virtual hosting server instance is enough to provide a VoIP switch for dozens of users, you can set up more sophisticated things.

For example you can get together with some friends to rent VoIP services in different countries. That way you will always pay the rate of that provider. So imagine you call a lot to Germany, you can simply use a VoIP provider in Germany. With a bit more effort the whole thing can even be transparent so you just need to dial your number and the system will automatically route your call to wherever its cheapest.

Top Microsoft bod: ARM servers right now smell like Intel's (doomed) Itanic

Christian Berger

Re: The problem is the business model

Well the point is that every x86 SoC will probably be very much PC-like. So they will boot in a standard way, And you will probably a PCI-bus which gives you a neat list of all the hardware you have.

So x86 has a great head start for the server area since the IBM-PC came around.

Christian Berger

The problem is the business model

If you compare x86 and ARM, you will notice that there was a fairly different business model. Intel sold chips, while ARM sells cores to be integrated onto chips.

On both you can connect arbitrary hardware, if you are a large company at least. You could buy x86 cores on a chip, and use some TTL or CMOS logic chips to build the rest of your system around it. On ARM that's different. Your "peripheral" hardware is already integrated on chip. So while there can be a diversity, that diversity is controlled by the SoC manufacturers.

SoC manufacturers compete with each other. One of their biggest worries is that they become second sources, so a customer could simply switch to another manufacturer without any effort. That's why ARM SoCs are very incompatible to each other. For example there are lots of different serial port designs, sometimes even different ones on a single SoC. This ranges from standard 16550 compatible ones to primitive ones which are just a shift register. Everything is different just to make it impossible to switch your SoC withoug mayor porting.

Now while it may be acceptable for a mobile phone company to port an OS from one SoC to another, this certainly isn't possible in the data centre. There you want to have one install image which installs on thousands of different models.

So what would it take to make ARM succeed on this market? You need to make a flexible, but well defined interface to the hardware. One solution might be virtualisation, but the far better one would be to first add a way for an operating system to discover its hardware (e.g. a little ROM listing where peripherals are and how they are used). The next way would be to design royalty free IP blocks to put onto SoCs and to promote them. That way we could have an "IBM-PC" of the ARM world.

Cicada 3301: The web's toughest and most creepy crypto-puzzle is BACK

Christian Berger

Re: Why?

Maybe it's just a way to learn about interesting people. Kinda like a fun public game you play to get in touch with other people with similar interests.

As you mention, it does have educational side-effects.

Christian Berger

I sure hope it's a prank

It would be a shame to waste people who can decode such things on intelligence agency work.

Is your IT department too tough on users?

Christian Berger

The problem usually is different, at least with technical users

Usually IT knows the least about what users need, and often they will find the worst solutions for the users.

This is particularly frustrating with technical users, since there you will find people who strongly think they know better than IT, but are not, as well as those who actually _do_ know better than IT.

I guess one way around this might be to enforce security in ways which can cope with compromised systems. For example make different VLANs or VPNs on your network depending on the access rights you need, and only give people access to the networks they actually need for that machine. For example, while it is bonkers to allow a tablet or Windows box to access your accounting network, it may be acceptable for a tablet to have a connection to one of the client workstations. This way you could access your workstation via VNC (or something) in a limited and comfortable way.

Those decisions need to be made on an individual basis and you need intelligent and creative people to find solutions fitting your situation. Unfortunately this often gets simplified into "more or less control" which is totally idiotic. Just look into large companies and you will find lots of systems which are completely insecure yet completely unusable.

China ALSO building encryption-cracking quantum computer

Christian Berger

Re: At least they might publish some of the results

True, however we can now look at those encryption schemes and see what we can do.

Besides, over a billion GSM phones rely on shared keys. :)

Christian Berger

At least they might publish some of the results

Since they will undoubtedly benefit most from commercial quantum computers.

However we must not forget that quantum computers, even if they are possible, don't mean the end to all encryption. Symmetrical encryption schemes like AES are apparently not at risk. It's only certain asymmetrical encryption schemes which can be broken this way.

So why are they researching it? They have huge amounts of money and it seems like something interesting to do with it.

Always keep in mind that one of the strategies of secret services is to make you believe they can crack encryption anyhow, and that therefore it's no use encrypting.

Low power WON'T bag ARM the server crown. So here's how to upset Intel

Christian Berger

Actually the flexibility is a main problem here

Since flexibility on ARM means that every single ARM computer model is completely different operating system wise.

Today you have hundreds of different x86 server models out there in a data centre of a hosting company. They can easily offer you a handful of operating systems for each of them, since on x86 the hardware is similar enough so you just need to worry a handful of installation images.

On ARM don't have portable install images yet. If you take 2 ARM SoCs and connect a CD-Rom drive to both of them, you won't be able to make a disk which boots on both and installs an operating system.

The problem is simply that ARM does not have a BIOS. On x86 (PC) you have such a set of routines allowing you to access graphics, keyboard, disk and hardware enumeration in a consistent way across all computers. You can, and I've tried this myself, write a little boot sector which can display graphics on the screen without knowing what sort of graphics card you have. On ARM this simply is impossible.

BlackBerry CEO John Chen: Y'know what, we'll go back to enterprise stuff

Christian Berger

Re: Oops

How can something processing sensitive data through closed sourced applications running with System rights be even less secure?

Justice Ministry to spaff £70k finding out how prisoners like to use ILLEGAL mobes

Christian Berger

Re: Mobile detectors

Actually for UMTS or other CDMA networks it's far from trivial to build one since they have very low transmit powers which additionally don't change regularly. GSM is simple to detect, you just look at the output power of a simple detector and once you find a set of repeating bursts at a certain burst frequency you know you have GSM.