* Posts by Christian Berger

3568 posts • joined 9 Mar 2007

Kaspersky launches its own OS on Russian routers

Christian Berger
Silver badge

Well routing is actually a very simple problem

Just receive a packet, look at its address, look in your address table where to forward it to and forward it.

The problems with modern router insecurity stem from the fact that routers today have so much more code. They have web interfaces, they are supposed to implement complex protocols, etc.

If you'd just build a router that routes and has a simple external management interface, it's probably downright trivial to make such a thing. As you'll end up with very little code, 4 years seem like a lot.

0
5

Systemd adds filesystem mount tool

Christian Berger
Silver badge

Actually the point of the UNIX philosophy

"Proprietary Unix is on its last legs and the BSDs are woefully lacking development resources."

Well one of the beautiful things about the UNIX philosophy is that it allows you to get lots of bang for the buck. While the BSD people might only have very little resources, they can simply spend it on their operating system.

I mean systemd is mostly about wasting programmers lives. Things like "binary log files" not only need code to generate those files, but also code to read and fix those files. On contrast, text based files can be simply written with basic programming language features, features you need anyhow. They can be read with any software that reads text. Having everything as text saves you from having to have lots and lots of specialized code. I know that, because in a previous job I have written a small unixoid operating system. It's amazing how far you can get with just a simple text editor, a file system and a simple shell.

3
0
Christian Berger
Silver badge

Dynamic hardware?

"Definitely not SysV which falls flat with dynamic hardware which is the norm these days on most systems."

I'm sorry, but systems with "dynamic hardware" are getting less and less common. Laptops rarely have PCMCIA or PCCard slots any more, and even if they have them, they are rarely used. Network cards used to be something you could unplug, today they are a standard part of your chipset, and even if you install additional ones, those are typical PCI-Express based by now.

I mean there used to be a time when your computer might have had 2 PCI network cards a non-PnP ISA one and one that was PnP and it actually dependent on the order in which the modules were loaded how those cards were named, however today you just have one network card, and if you have more that's all on the same bus, which will always be scanned the same way.

The same goes for "multi user" features, particularly "multi seated" features. Yes, that used to be a cool feature back in the early 2000s, but today you can literally buy a Raspberry Pi acting as an X-Server for less than a special multiseat graphics card would set you back.

1
0
Christian Berger
Silver badge

Solving problems that do not exist anymore

The people who are targeted by this have mostly moved on to Tablets and Smartphones using Android or IOS. The remaining people understand that you must mount and unmount drives or use cloud or network services. And even if they don't, just mounting it sync will get rid of file corruption for the rest.

Now this wouldn't be a problem if he'd simply write his own version of mount which would just replace any mount you'd want. The problem is that there are dependencies. You will probably no longer be able to use systemd without that new mount, and you will probably not be able to use that new mount without systemd. I mean that whole systemd thing wouldn't be a problem if Poetterling would have just started his own operating system and leave the rest of the Linux community.

37
4

Two-speed Android update risk: Mobes face months-long wait

Christian Berger
Silver badge

That problem would be easy to fix

Separate the hardware from the operating system. Mandate a single hardware platform which can be scaled and extended into the numbers of devices we have now, just like on the PC, and let people install any firmware they want.

Just like on the PC they would then take the hardware vendor out of the loop for operating system updates. It would also allow people to install other operating systems on their devices to gain special features or simply more security.

0
0

Windows Phone dives into irrelevant-like-BlackBerry territory

Christian Berger
Silver badge

Maybe there is a chance

I mean we now see "kickstarters" for devices close to what we're looking for. One example is the Pocket Chip. It's by no means perfect, but it's good enough to be able to try things out. It already comes with a keyboard and 2.4 GHz wireless LAN. I've got the Kickstarter version, but even the final one only costs $70.

0
0
Christian Berger
Silver badge

We live in a rather paradoxical situation

All the competitors are trying to bring out exactly the same product, however people are desperately screaming for an alternative.

There would be an alternative for a simple portable computer. Something like a blank pocket PC where you can install just about any operating system you want. A place where you can experiment with new ideas on how such devices should work. Or perhaps a simple device just booting your Linux kernel and dropping you into a framebuffer shell, with some shell scripts to activate your wireless connection or get the device into suspend.

However there's no space left for yet another "Facebook"-Machine. The swiping idiots market has been thoroughly grazed by Android and iOS.

0
0

BT and Nokia slink off together, muttering about 5G tech

Christian Berger
Silver badge

I wonder how a blank slate solution to the mobile data problem would look like?

I mean sure, LTE has thrown a lot of things overboard like isochronous connections, however it's still deeply rooted in a mindset that is based on the mobile telephony business model. For example the network always knows where you are in order to get packets to you while most client protocols today only make outgoing connections where this is largely irrelevant.

So how would a network look like that's just "there" paid by the people just like the road network? You wouldn't need to log into it. You could use techniques like "stateless autoconfiguration" to gather an IP-address from the cells near you. Gradually as you roam, you'll gather new addresses while the old ones drop away. With the right network protocols (e.g. mosh) that would give you seamless handover without a central piece of equipment having to track you constantly. Even web browsing would work fine as your connections are rather short lived.

0
0

Microsoft has open-sourced PowerShell for Linux, Macs. Repeat, Microsoft has open-sourced PowerShell

Christian Berger
Silver badge

Re: "On Linux we’re just another shell"

"If I had a Powershell script that needed to be ported to Linux, rather than learn Powershell to port it to bash I'd first try installing Powershell on Linux (when it is polished) to see if it provided an easier way."

The problem with that is that shells are designed to string together existing ecosystems. Without the ecosystem the whole thing is useless.

1
0
Christian Berger
Silver badge

They are targeting the ones who are taking over Linux

I mean things like systemd aren't inventions by Microsoft, they are inventions by people who have never experienced the elegance of a simplistic system, people who design their software for weird edge cases that never happen. It only makes sense to do everything to keep those people from learning about the UNIX philosophy. The potential goal is of course to turn the operating system market into something like the browser market, where you have a small oligopoly of vendors which can easily cooperate against the will of the user.

Then of course there's the even simpler explanation that software running on only one platform is kinda seen as irrelevant these days. I wonder how usable it is without the rest of the operating system. After all it does not just simply pipe around text as unixoid shells do.

13
1

Ad-blocking ‘plateaus’, claims hopeful ad industry

Christian Berger
Silver badge

Re: the production of decent content costs money

Make Ads well, and please no tracking or malware.

Seriously it's not like spying on your potential customers is a good base for a business relationship.

3
0

Kaminsky: The internet is germ-ridden and it's time to sterilize it

Christian Berger
Silver badge

Actually not really

" we're very good at teaching people how to make things secure."

We now have universities which have turned their Informatics courses into "Learn how to program in C#/Java/C++ or whatever language if fashionable today"-courses. Nobody teaches the basics any more which are vital for writing safe code. Instead C++-style OOP is being taught as if it was an essential feature, even though most programmers will never get near a project actually making use of the additional functionality they get from the added complexity.

Nobody teaches the most important element of security any more: Keeping it simple.

0
0
Christian Berger
Silver badge

Kaminsky used to be cool

Now unfortunately he seems to just drool some buzzwords around. It's sad to see a person go like this.

Virtualisation might bring some limited security benefit, however a virtual system with no pourous boundaries is useless as you need to get data in and out. Additionally problems like "Rowhammer" and cache timing attacks to virtual systems can render those benefits moot.

So while virtualisation can bring benefits, it's not a "slap on and you are done" solution. The far better solution, in my opinion, is to reduce complexity.

2
1

Google's brand new OS could replace Android

Christian Berger
Silver badge

That actually was the original idea behind Windows NT

It was meant to run everywhere (386, PPC, Alpha...) and support software written for many operating systems (WinAPI, OS/2, Posix, Mac). The problem with Microsoft was, that they never finished the things they were announcing.

In a way that seems to be a common theme with software written in "modern OOP"-languages like C++. Instead of focusing on small modular programs that do one thing right and only one thing, you end up with a hugely complex mess of binary APIs meant to do anything, but you replace them after a couple of years anyhow.

0
0
Christian Berger
Silver badge

Re: Lost my interest and lunch at C++

Let me fix that for you: "C++ will let you write code that looks completely innocent, but turns out to be a major security issue because the designers of C++ made some weird decisions in their early days".

The Problem with C++ is that it has grown far beyond the realms of human cognition. While it is possible to read C++ code, it's rather hard to read in real world projects. Only if you restrict yourself to a small subset of it, you might have a chance. The problem is, if you have a team, you may have non overlapping subsets of the language being used by individual members.

My guess is that Google is experiencing the same "brain drain" many companies have. They just cannot get/keep top notch people the way they used to. Adding to that, there's an emerging group of programmers who grew up with Windows from the time it kinda worked. Those people believe that it's economically possible to write a working operating system on C++, because they have seen Microsoft doing that. They never experienced how small and simple an operating system can be, if you base it on the UNIX philosophy. For them C/C++ is the "state of the art".

3
2

White hat pops Windows User Account Control with log viewer data

Christian Berger
Silver badge

Wait? Windows merges registry branches?

I mean that whole problem seems to exist only because Microsoft decided to merge one registry branch with another one the unprivileged user can change.Why would you do such a thing? I mean the idea of a registry is bad enough already, but somebody must have noticed that merging branches is a logic nightmare at best, and likely a security problem at worst

0
0

Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

Christian Berger
Silver badge

Actually it doesn't make much difference security wise on a laptop

If you have physical access to a laptop, you can just use a PCI Express card to access the RAM of it to bypass everything Secure Boot could ever protect. If the laptop doesn't have PCI Express, you can use Firewire, or Thunderbolt or if you have a zeroday in the Windows USB stack, USB.

Or you can install malevolent hardware, e.g. an LTE card which will compromise the system once the user unlocked the harddisk. All of those paths can be packaged into nice easy to use solutions.

In short Secure Boot is not about improving physical security. It can only secure business models.

If you'd want an actual "more secure than your average Linux box" mobile device, make a very slim terminal with all the complicated bits (GSM connectivity, WIFI, etc) outsourced to extra modules connected via simple serial interfaces, and make the terminal itself so trivial and simple that its code will be secure and bug free. Obviously that means having something trivial that only talks to your servers and uses shared keys or some simple key exchange. Then you seal your hardware in non transparent resin, wrap a sense wire around so it'll destroy all of its keys when its broken, seal that in resin, too, and wrap that in a transparent resin with glitter in it, to make it tamper evident.

If you want a lot more security than you could ever gain from Secure Boot, but are on a budget and still want a "propper PC", just get some nail polish with glitter and paint it over all critical ports (USB, Thunderbolt...) and screws. Then make a photograph. This will make any attacks SecureBoot claims to protect you against visible... at a fraction of the complexity and without giving up ownership of your own computer.

5
2

BlackBerry: Forget phones, Lawsuits In Motion is back – and it's firing off patent claims

Christian Berger
Silver badge

Well they lost their chance

I mean they started with great hardware with crisp monochrome screens, keyboards and a decent battery life. However they didn't open their protocols which was their failing. They could have said, "Here's our Backend Server, but if you don't want to use it, here's the protocol specification and a little demo server for you to expand on."

If they had done that, their devices would have moved on from "mobile e-mail" clients to mobile smart terminals. Lots of companies would have made bridges from their applications to Blackberry terminals. Since the Blackberry would at most store an authentication token to the server, compromising it would only give you temporary access until that token would have been invalidated at the server. They would have had an actual edge on security.

2
0

BlackBerry DTEK 50: How badly do you want a secure Android?

Christian Berger
Silver badge

Re: I see no actual progress on security here

Well, as I mentioned you can uncap the chip and read out the encryption key. Or whatever that chip does, you can read out its secret and simply emulate the chip and simply reset your virtual chip once it committed suicide. Again, this was done by rivaling Pay-TV companies in the past.

Blackberry has, on multiple occasions, worked together with governments to bypass the security. They have had severe bugs in image libraries they failed to update. They have sent login credentials for 3rd party servers to their own servers.

In short, appart from their marketing, Blackberry has done nothing to proof they are more trustworthy or better at actual security than the rest. If they wanted to be that, they'd offer a simple "terminal" using a secure and open standard so you could run your own server and you could make sure the mobile device talk to nobody else than your server.

About sharing memory a quick search reveales that Qualcomm uses shared memory, though it's not clear from my 30 second research if that means that the baseband can access the memory of the CPU. It's certainly something that's not uncommon:

http://www.replicant.us/freedom-privacy-security-issues.php

1
0
Christian Berger
Silver badge

I see no actual progress on security here

It's still an overcomplex system where it's likely that you get owned either via a browser bug, or via radio as the "GSM" baseband will still have access to your full RAM.

Then it has the usual incredible statements like that it's somehow magically able to securely encrypt your data with just your short PIN.

0
5
Christian Berger
Silver badge

Re: Fingerprint Snesor ? WTF!!!!

It doesn't matter where its stored as it'll also be stored on the device itself. You can read finger prints from the screen once you have the device.

Also unlike a password, it's _very_ hard to keep your fingerprints a secret as you literally leave them on everything you touch.

2
0

Two first-gen flaws carried over to HTTP/2, warn security bods

Christian Berger
Silver badge

Well...

this all still looks like a "missuse" of features. So the workarounds probably break the standard in a sane, but still strictly speaking illegal way.

0
0
Christian Berger
Silver badge

Well isn't that the whole point about HTTP/2?

I mean it's not faster on decently designed websites and real world connections or anything. The whole point about HTTP/2 is to greatly increase the complexity so the number of browser and webserver (library) vendors decreases rapidly, creating more bugs and making the found bugs applicable to more machines. After all if you only have 2 implementation, a bug is likely to be found in a huge number of machines.

It's time to admit that HTTP/2 is a bad idea.

0
2

Intel's smartwatches are so hot right now – too hot: Basis Peak recalled for skin burns, blistering

Christian Berger
Silver badge

Where are watch manufacturers in all of this?

I mean I have a Casio solar powered radio controlled watch. It clearly has a microprocessor running software inside because it actually has a software bug.

Why don't they simply add little "hook" functions where you can run code every time the display gets refreshed or when the timer goes off. It seems trivial to extend the hardware by adding a little 512 byte SRAM and the software with some hooks or a simple interpreter. Perhaps change the display to some alphanumeric one and there you go.

1
1

Australian spooks' email guide banishes MS Word macros, JavaScript

Christian Berger
Silver badge

Well... but marketing wants them

And when there's a conflict between the wants of marketing and the needs of security... well marketing always wins.

1
0
Christian Berger
Silver badge

Yes, but...

Yes, converting the attachments is obviously very dangerous, as that means that every attachment will be opened.

Running an up to date version of Word will first of all not protect you from any "zero day" bugs that still lurk in there. I don't know how much of the security community is working on Word particularly since it's not really a product you cannot avoid easily in sane situations. Also have you used the latest versions of Office with those "Ribbons"? They are virtually unusable.

We need "Think before you Office" campaigns alerting people that using Office software (no matter what vendor) means overly complex files where something can go wrong should only be used when _absolutely_ necessary. Perhaps after some time you could quarantine office files to make it hard to use them. Then ban HTML E-Mail, there really is no sane reason why you should send E-Mail in such a complex format and waste space and bandwidth with images you send with every mail.

Seriously I've been to several jobs now. And the only reason I had to use office software was company policy. To a normal office worker it doesn't matter if they fill out a Word template or a TeX one.

5
1

Chinese Android smartphone firm: It packs a dedicated crypto chip

Christian Berger
Silver badge

Same problem as with all the others

You either unlock your key stored in that chip with your pin, or you combine your pin and the key on the chip to create the key to access your data. In both cases you can trivially get around any security by just uncapping the chip, something that rivalling Pay-TV operators have done for years. Sure that'll cost you a couple of thousand Euros, but that's nothing for a larger criminal investigation. You simply cannot protect data from physical access, at least not for that kind of budget and with the comfort of not loosing it when your device thinks its manipulated. (or the battery is dead)

Plus of course for us in the west it doesn't matter if that device sends all its data to China. China has no juristiction over me. China cannot send me to prison easily, China simply cannot use this kind of information against me. Since western governments are skeptical of China, they won't cooperate with them to harm me personally. In contrast my government actively helps the US government to spy on everyone in my country.

3
0

Don't use a VPN in United Arab Emirates – unless you wanna risk jail and a $545,000 fine

Christian Berger
Silver badge

Re: Dubai ... beginning to look like Blighty

Well obviously even with a satphone those rules would apply to you. And as far as I know at least some Iridium satphones send their GPS-Position data in clear when they establish a phone call.

0
0
Christian Berger
Silver badge

The point is not to ban VPNs...

... the point is to be able to label a large part of your population as criminals at will. If you don't like someone, claim they used some sort of VPN that falls under that rule... and you will have destroyed their life.

Heavy fines for things that are not wrong in the public view are one way to suppress your population. China plans to use another system, they create a scoring value for every person in their country. If you are good you get a better value, if you have been at some demonstration or posted something critical on a social network you get a worse value. Those values are then taken to determine if you can get a flat or if you can get a place at the kindergarten for your children.

1
0

Cats, dogs starve as web-connected chow chute PetNet plays dead

Christian Berger
Silver badge

Well its purpose depends on its connection

I mean you are just confusing the purpose of the device. It's not there to feed your pet. It's there to generate some data which, given the current hype, might become valuable when combined with other data. Big Data for the win.

It's a closed source device, you are the product not the customer, no matter how much you paid.

7
3

Did the Russians really hack the DNC or is this another Sony Pictures moment? You decide

Christian Berger
Silver badge

Malware doesn't wear a uniform

Unless you are dealing with someone incredibly stupid, there is no way to tell what country an attack came from. Considering the low levels of security in most organisations, it's also problematic to assume nation states. Also individuals are most likely to be suffering from Clinton winning over Sanders. The parts of the normal public that know how to use a computer might have the best motivation.

7
2

No, the VCR is not about to die. It died years ago. Now it's VHS/DVD combo boxes' turn

Christian Berger
Silver badge

Outside the UK

Well outside the UK there is virtually no DVB-T, so DVB-S(2) is the way to go. And yes you can get cards with 4 tuners allowing you to record 4 transponders simultaneously. There's an advantage of recording "everything": You can just get any programme from the past. For example recently there was a German comedian sued by Erdogan. There was lots of discussion about what he said, but nobody published the video of his show. If you recorded it yourself, you could form your own opinion on what exactly he said. You would also find out that most of the people talking about it obviously have never seen it.

1
0
Christian Berger
Silver badge

Actually VCRs still exist

In the professional realm VCRs still exist, particularly as an archival and programme exchange format.

VHS, which originally stood for "Victor Helical Scan", was just one of the low cost consumer formats in the 1970s. Apparently the big point why it existed for so long is that the licensing was rather open and the build quality was OK.

The obvious successor to the VTR in home use is something I like to call "computerized television". Essentially you have a computer with an array of DVB-S2 cards. You enter search words into that computer and whenever a show which matches one of those words, it'll record it and present you with a video file of the recording. You can then do anything you want with that file.

4
0

Wavering about Apple's latest security fix? Don't, says Talos

Christian Berger
Silver badge

Re: What we need to acknownledge is...

a) You can map everything to text. If your data structures are complex even though your problem is not, you have a serious design problem. There are very few problems that need complex data structures.

b) You can always to input/output validation at the edges where you get your input or you interpret it in a problem specific way.

Real life problems aren't complex. They are things like making a database table editable. Such things used to be done with a handful of commands in dBase, or a couple of clicks in Delphi. It shouldn't take some actual work in newer systems.

0
0
Christian Berger
Silver badge

Re: What we need to acknownledge is...

Actually DOS was a step towards more complexity. Since it didn't come with a host of standard tools (in part because Microsoft was lazy, in part because that concept doesn't work on diskettes) every program had to implement it's own functionality. For example every program had to have its own printer drivers.

As for "needed" features there's always the idea of having small maintainable programs with well defined functionality. You can then just add whatever functionality you want. That's how we got editors like ex and vi. That's how we got sed. Those are all just minor modifications to get a whole different kind of functionality. Often you will find that it's much easier to have a fork for a particular usecase than to try to cram certain functionality into some software.

Also today we have immense amounts of useless complexity.

Here's an example for Android: https://www.youtube.com/watch?v=NgifNa7qD5s

Another category are systems where someone tried to solve a problem, then found out that their solution creates 2 new problems, then tries to solve those 2 problems only to create new problems and so on... eventually you will end up with feature upon feature that you wouldn't have needed before. Typical examples for this category are systemd and HTTP/2.

0
0
Christian Berger
Silver badge

What we need to acknownledge is...

... that such huge code bases are simply not maintainable. We need to go for smaller code bases. We need to eliminate unnecessary features.

Unfortunately there are some people now who don't understand that and try to shove unnecessary complexity into every aspect of computing. One typical example is HTTP/2.

3
2

Really Scary Telecoms Stuff? Nah – telephony's just an app

Christian Berger
Silver badge

There's actually another very real danger if you host your PBX outside of your network

If you have a local PBX on your LAN, it doesn't matter how secure your internal credentials are, unless you're very stupid, nobody will be able to pose as an internal phone.

How if you have a cloud PBX all you need is your credentials to pose as an internal phone... and if you use an app, that means that you store your credentials on a highly insecure device.

This is a real danger as calling someone involves money. Perhaps not when you call someone locally, but there are providers like wpremiums.com which offer your premium rate numbers all over the world. Just get one of those numbers and call them over your snitched PBX login.

0
0
Christian Berger
Silver badge

That's actually not the topic

VoIP can provide reliability advances as you can just switch your IP uplink. What the article is talking about is to use "hosted" PBXes where you have little control over your PBX any more as it's just on some virtual system hosted by some company.

Such an idea may have made limited sense in the TDM world where PBXes were expensive, but today running your own PBX can be done at next to no cost.

0
0
Christian Berger
Silver badge

Re: @Ragarth

"Absolutely correct. But the same applies to on-prem kit too: If the PSU in your PABX goes bang, you're stuffed until a replacement/fix arrives."

Actually not: First of all you can have a whole second PBX as a compete spare sitting around... which isn't particularly expensive. Then most PBXes use standard ATX power supplies you can find everywhere. They also use common PC components and since most of the appliances run Linux, you can simply swap the mainboard and it'll just boot.

Second: Most appliance PBXes are also available as "Software Only" solutions where you get some ISO-image and just boot it up. Since they don't require any special hardware, you can simply install them on any virtual host you want.

And again, your problem probably won't be that your system will be fully down. Your problem in such situation will be, that occasionally the voice quality will be bad. Or that your uplink will be saturated by internal calls (not every hosted PBX leaves the voice streams locally as in a world of NAT, that's actually a hard problem).

So essentially it is a stupid idea to use a hosted PBX. There's way more things that can and will fail, and far less things you can fix or even diagnose.

0
0
Christian Berger
Silver badge

That's pure insanity

I mean with a hosted solution you will have a lot more parties to shift the blame... and also a _lot_ more things to go wrong. Remember VoIP requires pristine connections with low latency, low yitter and next to no packet loss.

Typically you are much better off with a small PBX, for example a "Starface" or something else based on Asterisk. There are certain vendors like Mitel or 3CX which tend to offer you solutions that are just plain broken.

Telco stuff isn't scary if you are prepared to learn a bit and not choose the worst solutions. Unfortunately there are people who refuse to learn things and reliably choose a solution in the lower 90%. Unfortunately many of those believe they know how to install/run some PBX.

0
0

Guilt by ASN: Compiler's bad memory bug could sting mobes, cell towers

Christian Berger
Silver badge

Re: This wouldn't be much of an issue...

Yes, but seriously in many situations you just hand craft your code for the few messages you need to decode. Unless of course you are in a area where you can afford to license such a compiler and need to parse many of those messages.

0
0
Christian Berger
Silver badge

This wouldn't be much of an issue...

if "smartphone" vendors wouldn't allow the GSM baseband access to the RAM of the application processor. Or if GSM cards for PCs wouldn't be connected via PCI or USB.

(Yes I know, this doesn't affect GSM as such, but I'm using GSM as a general name for mobile communications networks. GSM doesn't use ASN.1)

0
0

Intel's SGX tiptoes towards Linux

Christian Berger
Silver badge

This will just provide the illusion of security

Thanks to heavy optimisation and caches this is incredibly hard to get right. And then there's still Rowhammer and other problems. The only area where this might be usefull is DRM, and that's malware by definition.

If you want security, make sure you're running a minimal amount of software and you control that software.

2
0

Ban ISPs from 'speeding up' the internet: Ex-Obama tech guru

Christian Berger
Silver badge

The problem is actually rather simple

Any kind of QoS only makes sense when your network is overloaded as QoS on Ethernet can do little more than decide what packets to throw away. That's actually even a rather expensive feature on a router and many routers will have severe limitations once you turn on QoS. QoS means looking at more than one packet at a time, that's not what routers are made for.

The solution is to make sure your network never is overloaded. No that doesn't mean that you have to add up the bandwidth you advertise to your customers. What it means is that you look at your utilisation and make sure that on a typical month you are never above 50%. That way you'll always have spare bandwidth, even if one of your redundant links breaks.

We should also note, that unlike the telephone network where individual lines could break (or at least individual 2MBit trunks), we now live in a time where your connection may simply consist of 2 redundant links, each one able of holding the complete traffic. There is no "emergency situation" where capacity is severely limited to 10% or something. Things either work, or they don't. Also in real life emergencies there is no increased amount of bandwidth. People don't watch Netflix en masse when their house is being flooded. They might use their telephone, but even on IP telephony that bandwidth is next to nothing.

0
1

Thermostat biz Nest warms to home security, touts cam with cloud storage subscription

Christian Berger
Silver badge

So it's a twofold business model

Sell the data off to the best bidder _AND_ ransom some money from the people buying it so it'll keep working. Smart idea!

I know this is primarily marketed to dumb people, but this affects us all. Those cameras will be installed in public places and their data will be stored on servers belonging to companies who are good at extracting information from data like this. So in the end, we'll end up with a dataset containing the movements of many people, even the ones who don't carry around a mobile phone with them.

3
0

Microsoft silently kills dev backdoor that boots Linux on locked-down Windows RT slabs

Christian Berger
Silver badge

Again, "Secure Boot" is not a security feature...

... the only thing it can secure is business models.

It keeps you from running a minimalistic simple operating system which would be more secure than Windows RT, where you are supposed to run untrustable software from some "App Store" and install updates you cannot control.

32
2

5G: Mother of all pipes, or actually useful?

Christian Berger
Silver badge

5G is currently more or less just a buzzword

Such standards usually have a clear idea what people are going to achieve with them from a technical standpoint. And standards always take about 10 years from finalizing what operators want to the products getting onto the market.

1980s: GSM was about digital telephony and low bitrate circuit switched data.

1990s: UMTS/WCDMA was about "high" bitrate circuit switched data and soft handover.

2000s: LTE was about packet data, ditching all that circuit switched data, as well as scalability and interoperability on oddly shaped spectra

Essentially all the hype about 5G can already be done on "LTE Advanced". You can have special "low bandwidth, low power" nodes. After all LTE already stands for "Long Term Evolution". Maybe there won't even be a 5G for the forseable future.In any case, whatever will be decided now will result in products 10 years down the line.

2
0

Florida U boffins think they've defeated all ransomware

Christian Berger
Silver badge

Like with all those classification problems there is a blurry line

I mean sure, current ransomware is easy to defeat that way. After all it tries to encrypt all files as fast as it can.

Now imagine it encrypts one file an hour, or even less. Of course with some randomness, and with transparent decryption for userspace applications. Even if your software would detect that, it couldn't distinguish it from normal behaviour.

The obvious solution is to lower your attack surface. Make it hard for the user to install software from random sources, make sure you always use a minimal amount of code so you minimize the chance of getting compromised via a bug... and so on. You know, normal best practices security.

0
0

The Reg Coding competition – 10 times as hard as the last one!

Christian Berger
Silver badge

Re: Managed C++/CLI

Actually what I've seen with many people who claim to be good at C++ is that they usually are extremely closed minded and try to stuff everything into what they know.

Also all programming environments have their strengths and weaknesses. For example PHP is good for teaching about SQL-Injections. C++ is good for writing books about and giving lessons.

In practice you must choose the tools that make sense for the problem you are trying to attack. Limiting yourself to some currently "fashionable" language, like this contest does, is a bad idea.

0
0
Christian Berger
Silver badge

The provided tools are non-suitable for the task

I mean after all those are all "fancy" OOP languages where people spend 90% of their time learning the new feature that doesn't quite solve the problem they think they have.

The obvious solution on any modern unixoid system is to write a little program, lets say in awk to calculate the scores and write them to a temporary file. If you encounter a #, you close that file, run "sort" over it and format the output. Then you reopen that temporary file and on you go.

Since processing one "dataset" surely takes _much_ less than 5 seconds, it's unlikely your resulting file will ever touch the disk.

If the number of lines per "dataset" is small and bounded, you can also store them in RAM, for example in a statically allocated array of structs, with a smaller array containing the order in which it'll be after sorting.

We live in a world where such problems can be attacked with extremely simple means. For example such a sporting competition might have 2000 contestants with 24 contests. That's 48000 results. Having a 2 dimensional array containing the points is trivial. Even with 128 bit numbers, we are still well below a megabyte. There is no need for a database, you can just write a file and replace it every time a new result comes in.

0
0

Forums