Posts by Christian Berger

That's why we need free systems

We finally need to come to a point where systems are as transparent as possible. For example we could go the OpenFirmware approach and compile the firmware at boot-time.

Adding a complex system like EFI will just increase the chance of a backdoor slipping in undetected. It's much easier to hide something in 30 Megabytes of code than in 100k. And since EFI supports things like "secure" boot, you cannot even go the minimalists approach by run throwing out everything you don't want.

The fly was not trapped on the camera

The fly was on the screen it was filmed off. Back then getting from TV to film essentially meant filming off a TV screen.

The main problem is physical security

It doesn't matter how large your nuclear power plant is, you always need about the same number of security guards and about the same amount of walls and security gates to keep crooks away.

Storing large amounts of radioactive and possibly poisonous materials requires good safety precautions. You don't want them to get into the hands of a burglar. Even if making an atomic bomb is impossible, sprinkling it into the water supply will make a nifty terrorists attack with lots of juicy press coverage and fear. It doesn't matter if the water is still save, but just the headline "Drinking Water Radioactive" will have the desired effect.

So just because it's claimed that the nuclear processes are save, a claim quite often made, doesn't mean that the whole system is somehow much cheaper to operate.

Solving a problem that probably doesn't exist

I mean seriously, in many countries, particularly the US, you can buy gun parts, or you can make guns from easily available parts. As the article mentions the main problem is surviving the gas pressures. Guess what, there's probably plenty of metal pipes in any hardware store which probably can just do that. Add something to ignite the bullet and you have a gun.

Trying to add some sort of "DRM" by trying to detect guns certainly does not solve the problem. You can just patch out the check and people will probably do that because of false positive.

Just like the lightpen

It has one problem, you need to keep your arm stretched out in front of you for a long time. That's extremely unergonomic.

Additionally the interface doesn't appear to be very expressive. How much information can you get across per time. It just seems to much less efficient than a simple keyboard.

The problem is, once you have that infrastructure...

...it's extremely trivial to censor anything you want. Or even censor things "by accident".

Adapting to their users

The privacy concious people have switched to Linux a long time ago, while the rest of the population simply doesn't care. It's sad, but most people using Windows 8 probably don't care.

That's the problem with closed software and hardware bundling. It doesn't matter what _you_ want. What's relevant is what some CEO at some company thinks people want. That's why people use Free Software. With Free Software you have the right to change your software in any way you want.

If you don't like the rules of the "Proprietary Software" game, then stop playing it.

VERA

Here's a film of the aforemention VERA VTR from the BBC

https://www.youtube.com/watch?v=0f1GDQDB0Ss

Here's BTW a comparison between kinescope (filming of a screen, and early video tape)

https://www.youtube.com/watch?v=8VFUZhttfxA

The media industry needs to learn

DRM is the problem, not piracy. Some people will always pirate stuff, they often could not even afford "legal" copies. That's why they used to record music of the radio and movies of the TV, all perfectly legal in most countries. And they copied with friends. All perfectly normal. And if you want to buy a recording, just do so, it'll play on all your devices.

Now with DRM this has changed. Suddenly you cannot reliably play your media, so essentially you need to rip it for your personal use... which is illegal in most countries. The alternative is to get a pirated copy... which is also illegal, but cheaper and quicker.

DRM benefits nobody, yet it costs money. It costs money to implement and circumvent, money that could be used to actually solve problems. DRM probably costs the industry far more than piracy.

Wrong direction

The more sane solution would be to raise security awareness among the population. That way new systems might be designed with simplicity in mind. Most security homes in companies come from companies having to complex systems they cannot manage any more.

Imagine a company building where every office has it's own outside door, going through an elaborate labyrinth of hallways. That would be a nightmare to secure. How would you know which doors are open? How would you check them all? That's why office buildings typically have a small number of exits. Those keep the complexity of security down.

Yet people happily build security critical systems on operating systems to complex for them to understand. That's why even documented features can be used to break security barriers just because the designers didn't understand the security implications of, let's say a help dialogue or the "icon" feature of a link-file.

The BBC had probably one of the most amazing uses for delay-lines

They made a delay line based standards converter, so they could convert 59.94 Hz NTSC to 50 Hz PAL. It essentially involved delaying the video by a variable amount of time and dropping frames. This was done with a series of quartz delay lines and an additional smaller delay line consisting of inductivities and capacitive diodes.

You can often see the results in old issues of "Top of the Pops". It's not perfect, but _way_ better than anything that existed back then. The next best alternative was film as an intermediate.

Can't get worse

They don't even have BBCone on cable!

Privacy and the car of the future:

https://www.youtube.com/watch?v=ecT0iu9PqEc

I still think proper public transport would be _way_ cheaper particularly in heavily populated areas.

Fascinating

Fascinating how those "reviews" and "tests" always focus on features also commonly found in feature phones. However on a feature phone I can simply connect it to a PC and get my pictures out again that way. No special software required, no facebook account required.

That's actually not the point why you'd want to have x86

The power of x86 lies within the IBM PC, a fairly open and standardized platform with common hardware(-abstraction) and good ways to boot any operating system you want. (unless you have EFI "Secure" boot)

That's the power of it. Suddenly you can create, for example, a secure cryptophone, just by taking a minimal Debian, and adding OpenVPN and VoIP to it. And it would run on many phones without modification.... in a way just like people are doing now with PCs. You can easily turn your PC into a video disk recorder, just install the proper Linux distro. And no, it doesn't need to be ported like Cyanogenmod, it'll just run on your hardware even though the developer may never have seen it.

There's one thing I need to applaud Microsoft for

They somehow manage to make people believe "Office" "productivity" software is still relevant in a world of e-mail and Etherpad Lite.

Little tip to people who want to commercialice cloud services

Do the following:

1. Offer the cloud service (for pay if you wish)

2. Offer a simple solution the customer can install themselves for a "local" service, make sure it's easy to install and comes with source code, charge for the initial license and support/updates

The main problems why businesses don't want to pay for cloud services is that once the provider goes titsup their data will be gone, plus in the age of PRISM it's very likely that your competitor might have a copy of your trade secrets.

Companies?

I'm sorry, but I cannot see how investment to create companies can be a good thing. All the companies I've seen were just a waste of money. They had a huge overhead with just a small fraction of the company working productively.

If those 3rd world countries want to have success they need to find out ways to work without companies, the resulting reduction in overhead will quickly propel them in productivity.

I'm fairly sure he didn't mean to educate people

Educated people tend to be much harder to govern. They are more likely to criticize you for your mistakes. And they are likely to find out that things like DRM are complete bullshit and can never protect the content, but only harm the consumer.

Security nightmare

A smartcard is a fairly secure device. It's simple enough to be understood from a security perspective and it only talks to the ATM and only when you want it to talk to it.

Now a smart phone is a device which has absolutely no security. (except when it's about the business model of the manufacturer/mobile operator) With NFC it can talk to just about anybody getting close enough to it, with GSM, Blutooth and WLAN even with other people. It's just a nightmare to get that secure.

If only 5% of the masts carry most of the traffic?

Why don't they just upgrade those masts? I mean there are lots of technologies from directional antennas to adaptive beam forming. Of course those are expensive, but you only need that for 5% of your network.

And again: Biometry is not suitable for Authorization

A common requirement for secure systems is to change your login credentials regularly, and to never ever use the same for 2 services. How are you going to do that with biometry? Are you going to have multiple faces?

Further more you should keep your login credentials secret... so I suppose you are supposed to wear a face shackle or something.

Seriously, how hard is it to have a display displaying the required facial expression?

So... what's the advantage over a simple Asterisk setup?

I mean with Asterisk I can use any sip provider, I can hook up normal ISDN (or whatever) telephone lines and even connect normal ISDN or VoIP telephones to it any way I want.

And of course, it can just send voicemail to e-mail... that's a trivial feature.

Never ever ever trust in centralized systems

That's why you shouldn't use such "cloud" systems at all. So run your own mail server, it's trivial unless you want Exchange. Run your own XMPP server... which is even simpler.

Fascinating, they left out the only decent all-in-one that came out recently

The HP Z1 http://www.theregister.co.uk/2012/06/08/review_hp_z1_workstation/ It'll be grand on the used market.

They found a correlation, not a causality

And that's a problem which will become more important. People act solely on correlations they have found. Correlations were the reason for austerity politics. The paper praising it saw a correlation between failing states and a high deficit... and also turned out to be based on bad data and have an error in the spreadsheet.

This example may still make a bit more sense, however the causality is different. If a movie is well known it is both more often seen and more often searched for.

That's actually much better than expected

Since TVs today usually have a decent operating system kernel, we are now at that level. It's much worse for SCADA systems which sometimes just behave erratically when you portscan then.

So of course DNS spoofing works, it works for everything, and I'd expect it to work as a feature not a bug. In fact the far bigger problem with those sets is that they don't seem to be decently configurable. Can you, for example, add your own playlist with video streams to it?

Seems like the original idea behind HTML

The website transmits the pieces of content along with a bit of semantic information on what they mean, and the browser formats it according to the wishes of the user. That's why early Netscape had a font selection menu and such.

But then came "web designers".

Wait a minute, there was a female doctor

https://www.youtube.com/watch?feature=player_detailpage&v=ONVjFZdeH00#t=446s

Very good, now it needs to be fair to the users

meaning that you have some open and easily copyable interface to the hardware. Kinda like a BIOS so this phone can start a new common platform where we can share firmware images.

In a way partly caused by the slow adoption of IPv6

To run your own server, you primarily need your own public IP address. While you usually can still get one from your ISP in the west, the situation in Asia is much different. Your ISP might have a /24 network to share among millions of users. While it's comparatively easy to run your own server here in your bedroom, it's near impossible in Asia.

If you have IPv6 running your own server is as trivial as plugging in a small device.