* Posts by Christian Berger

3143 posts • joined 9 Mar 2007

Amazon just wrote a TLS crypto library in only 6,000 lines of C code

Christian Berger
Silver badge

Re: At 1/10 the size of OpenSSL, it should be easier to spot bugs

Yes, though in my experience, people who can write small and readable code are usually experienced and therefore tend to write code with fewer errors.

0
0
Christian Berger
Silver badge

I hope this sets a trend

We sure could use a lot of simpler alternatives to many far to complex pieces of software.

9
0

Windows 7 and 8.1 market share surge, XP falls behind OS X

Christian Berger
Silver badge

Well as usually those statistics must be taken with a _lot_ of salt

They represents the market shares of those people who don't block Javascript from non-trustworthy sources. This makes it heavily skewed as people running the Windows they got with the machine are more likely to not have Noscript or something similar installed.

4
4

Rise of the Machines: ROBOT KILLS MAN at Volkswagen plant

Christian Berger
Silver badge

Re: who wouldn't like to see the footage of that

Actually there was a fictional murder by robot in the obscure movie "Peng! Du bist Tot".

Actually 2, one was by a service robot in what you would call "private Hackerspace" today, the other was in a factory.

1
0

Half of Windows Server 2003 fans will miss July's security cut-off

Christian Berger
Silver badge

But surely...

Microsoft is such an esteemed and trustworthy big partner which won't let their valued customer partners stand in the rain. They surely will bring out Windows Server 2003.2. Otherwise they'd just be like any other company and you could have chosen some SuSE Linux back then.

0
0

Uber execs charged, will stand trial in France

Christian Berger
Silver badge

wrong assumption

You seem to assume that Uber is about creating a sustainable business. Uber, like virtually all "Bubble 2.0" company strives to blow up a company as quickly as possible while cashing out wages and perhaps be bought by some big company for 23 phantastillions a bit later.

10
0

Giant FLYING SPACE ROCKS could KILL US ALL, warns Brian May

Christian Berger
Silver badge

It's not just the doomsday rocks

Look at the Chelyabinsk meteor that went down in Russia. If people knew about it an hour earlier, there could have been warnings. With contingency plans, lots of injuries and damage could have been prevented. Simply opening the windows probably could have prevented them bursting, and walking outside could have allowed thousands of people to watch the spectacle completely unharmed.

A good meteor watch system could turn a big problem into a harmless and fun event.

1
0

VPNs are so insecure you might as well wear a KICK ME sign

Christian Berger
Silver badge

VPNs are not designed for privacy

VPNs can be used for lots of things, but privacy is not one of them, particularly not with commercial VPN providers which have to answer to inquiries.

If you want privacy, there's TOR. It's been designed for privacy and even in the worst case is _much_ better than any VPN solution could be in the best case.

2
0

Boffins set networking record with marathon 12,000 km fiber data run

Christian Berger
Silver badge

Re: So....how was it really tested?

Fibres are extremely thin, so you can easily have that amount on simple spools. In the OTDR experiment we had at university we had several kilometres of fibre in a rather small case. So we are talking about a room or so, certainly not portable, but you can easily find some space for it in your lab.

2
0
Christian Berger
Silver badge

Re: I thought that was already solved...

"The Kerr effect, along with other effects such as Raman Scattering, Stimulated Brillouin Scattering, Phase Mixing, and probably a number of other effects, are what are referred to as non-linear effects and become worse as the launch power increases"

I do understand that, but I thought this would only be relevant in dispersion-less fibres as with dispersion the wave-front constantly changes, thus averaging out all non-linear effects.

0
0
Christian Berger
Silver badge

I thought that was already solved...

... by not using dispersion less fibres so the wave-fronts will change as it moves through the fibre and then compensating the dispersion by using a calculated length of negative dispersion fibre.

Or is this something different?

1
0

Q: What's black and white and read all over? A: E-reader displays

Christian Berger
Silver badge

Colour is the least of the problems

I have a Kobo mini which was back then at a great price point (40 Euros). The biggest issues with it are that it tries to force you into some services by the manufacturers and that the screen is not very large. Colour is one of those "nice to have" features you can do without. Actually if I had the choice, I'd rather have a laptop with a decent monochrome display than with a colour one. It would probably double the life time of the battery.

The far bigger problem is that there is currently no good market for ebooks. That's because the publishers insist on DRM which means that the market is rather centralized with Adobe and Amazon being nearly the only players. Luckily, particularly for technical books, there's a large DRM-free market where you pay once and get multiple formats.

0
0

Why OH WHY did Blighty privatise EVERYTHING?

Christian Berger
Silver badge

"The German government isn't all that good at running Deutsche Bahn"...

You do realize that "Deutsche Bahn" just like "Deutsche Telekom" both are only in part owned by the government and that both companies. Plus since they have been privatised service quality has gone down steadily. Germany used to have one of the most advanced telecommunication networks before the privatisation, now we are trailing behind most eastern European countries.

In Germany both companies are seen as a poster child for privatisation having gone wrong.

Oh and with most German public companies, the only way they still stay competitive is that their competition has declined much more rapidly.

8
0

Who wants a classic ThinkPad with whizzy new hardware? Lenovo would just love to know

Christian Berger
Silver badge

They should build more used ones

Since the Thinkpad market mostly consists of used devices, they should probably build more used ones, as they are much cheaper at the same level of functionality.

5
1
Christian Berger
Silver badge

Re: vga

a) It's perfectly functional for resolutions greater than what single-link DVI can do (i.e. 1080p60) Except of course when you are using really bad equipment.

b) You wouldn't be able to use that laptop in 99% of all lecture halls or meeting rooms as those are VGA only.

c) There is no disadvantage to having such a connector. It doesn't take up much space

3
0
Christian Berger
Silver badge

Appart from what's beeing said

You should also still have a portable series. IBM has shown how to build small yet very good laptops. They had the first laptop which was smaller than the keyboard. 15" and bigger is fine for some uses, but under many circumstances 13" is already rather large.

And nobody f*cking cares about thickness.

6
0

Samsung vows to stop knackering Windows Update on your laptops

Christian Berger
Silver badge

That's why we need to split up the market into hard- and software

One group must provide the hardware, including full documentation, and another group must provide the software.

As long as hardware vendors are allowed to put their own software onto those devices, we will always have such problems. And the problem _will_ increase with overcomplex systems like UEFI.

1
5

Layoff-happy Capita charges staff to use cutlery in canteens

Christian Berger
Silver badge

Hmm, the logical consequence is...

... that the first people to do will be the people who are the first to get a job elsewhere... which usually are the people who actually know what to do.

So essentially what Capita is doing is to start a program to lower the quality of their services. This may sound bad, but effectively is what outsourcing is all about anyhow.

BTW we are talking about the sort of call-centre job that can be outsourced. Those typically are just data entry jobs. If web developers would be a bit smarter, there would be simple and secure ways to just make the internal interfaces available to the user so there wouldn't be a need for such people.

2
0

10 things you need to avoid SNAFUs in your data centre

Christian Berger
Silver badge

At vocational school...

...we had to cable one of the computer rooms at the school (which was rather questionable). Well we pulled in the cable and labelled them in 2 teams, both armed with duct tape. One took a cable and made rings around it. One ring for the first cable they got, two for the second and so on. The other team also took some cables and made little flags on them. One flag for the first cable they got, two for the second and so on.... So you had both ends labelled... just not in a consistent way.

0
0

CIA-funded spy data safe Palantir doubles in value in 18 months

Christian Berger
Silver badge

Luckily they have problems getting people to work there

Apparently they have to pay even apprentices $7000 per month to work there.

http://www.silicon.de/41595889/us-praktikanten-verdienen-7000-dollar-im-monat/?PageSpeed=noscript

It kinda seems like the company people would spit at you on the bus for working at.

0
1

Vodafone splashes €2 BEEELLLION to kick German TV sideways

Christian Berger
Silver badge

DVB-T is essentially dead in Germany anyhow

You only get a hand full of channels, not even all major public ones. Since you don't get any channels people don't set up their DVB-T equipment... which means that nobody will provide more channels.

0
0

This whopping 16-bit computer processor is being built by hand, transistor by transistor

Christian Berger
Silver badge

Cool project, but if you want to have it easy...

As a German engineer, and therefore a rather lazy person, I have to point out that there's a way to make such a computer with _much_ less parts at the expense of speed.

The idea is that you build a bit serial computer. This means that lots of parts will suddenly become a lot simpler. You can still have 16 bit words, but your ALU, for example will just process one bit a time. Your registers become shift registers with a one bit input and a one bit output. All your buses will also have one bit and clock in their values serially.

There's a book describing such a system. I think it's called "Elektronische Rechenmaschinen". I think it describes a 20 bit machine working bit serially. Back in the early days of building computers, reducing the complexity was essential for many teams building a computer. Trading a factor of n in speed for a factor n of complexity seemed a _really_ good idea back then. Particularly since back then as now, computers rarely were fully utilized.

3
0

Windows Phone is like religion – it gets people when they are down

Christian Berger
Silver badge

It's an overlapping market

The sort of company that runs an Exchange server kinda was the prime target for Blackberry. And now that Microsoft builds cheaper devices, and Blackberry looking like it's in its last years, people might think that they work just as well or even better for e-mail with Exchange. Not an unreasonable statement to make.

1
0

Chrome, Debian Linux, and the secret binary blob download riddle

Christian Berger
Silver badge

Re: We need another rule for free software

Actually we are far from hitting minimum levels. Software even gets bigger without adding important features. A good example for this is SystemD which replaces a series of shell scripts with a complex system of interdependent modules. Last time I've checked, just the SystemD parts alone were 250k lines of code. There are whole unixoid systems which have far less lines than that.

The other problem is that standards become more and more complex. Think of Webassembly which is a binary layer for Javascript code. It doesn't provide any new features, but solely exists to make the standards more complicated. HTTP/2 is yet another example. It's hugely complex and performs even worse on the sort of connection which actually needs good performance.

1
0
Christian Berger
Silver badge

We need another rule for free software

Software cannot be truly free if it's to complex. In order to participate in its development, software needs to be as simple as possible.

2
1
Christian Berger
Silver badge

"Unless you're reading every line of code how is this any safer than downloading binaries from repositories?"

It's much harder to deliver malware in sourcecode than it is in binary form, as with the source you are much more likely it'll be found.

Of course complexity is the main culprit here. Web standards, and therefore browsers, are just _way_ to complex these days. That means you need way to much code to implement them, making it hard to make truly free software in a sense of software you can participate in easily.

9
0

MOUNTAIN of unsold retail PCs piling up in Blighty: Situation 'serious'

Christian Berger
Silver badge

Re: @AC

@Hans 1

"Yet curiously a three year-old second-hand MacBook will easily sell for at least 66% of list price. Fixed that."

Yes, but seriously only a small percentage of MacBooks will live to its 3rd year. The ones which do are probably the ones which were made by Foxcon on a good day.

1
0

Don't assume public trusts you, MI5. 'Make a case' for surveillance – Former security chief

Christian Berger
Silver badge

The problem with that obviously is...

... that with all we've learned over the past decades, making a case for surveillance is near impossible without lying.

Look at the UK, it's gotten by far the highest density of surveillance cameras of any industrial nation. Does that reduce crime in any significant way?

If you want security you need to think about it rationally. You'd need to find the measures which work and then implement those. Surveillance has proven to not be effective at this.

If you go down the rational security road you'll probably end up dismantling most of your secret services and put the money you save in education, health and social services. They probably do _way_ more for security than any secret service will ever do.

Besides, it's not the job of secret services to provide security of fight crime. The purpose of secret services is, obviously, secret and usually involves things like checking on the political situation in other countries and perhaps meddling with it in various ways.

0
0

Farewell then, Mr Elop: It wasn't actually your fault

Christian Berger
Silver badge

"If Meego had been as slick as it was in the N9 but two or three year earlier, then I'd agree. By 2011 nobody else wanted Meego and Nokia didn't think it could build an ecosystem on its own. The board agreed."

Actually Maemo had _no_ adversisement and even the N9, which was probably one of the worst Maemo/Meego handsets (no keyboard!) outsold all of their Windows handsets at that time.

Sure there's the iPhone/Android/WindowsPhone crowd who just want some "slick" device to display ads on, Maemo cannot complete with that but why should it? There are people who want to actually _do_ something with a mobile device. People who don't want some cut down "smart"-phone, but a mobile computer which in principle can do everything their laptop of desktop can do. Even the N810 was closer to that than all Android/iOS/WindowsPhone devices you can buy today.

8
1

JavaScript creator Eich's latest project: KILL JAVASCRIPT

Christian Berger
Silver badge

Probably one of the worst things that could happen to the web

Suddenly you wouldn't be able to simply patch buggy Javascript any more, you'd have to mess around with some opaque binary files.

It will make the web even less free and less reliable and it'll introduce whole new classes of vulnerabilities. Suddenly web apps will have buffer overruns, so one part of a web app will be able to overwrite code from another one by accident. Combine that with the typical idiocy of your mediocre web developer and you've got a recipe for disaster.

Web apps already have Javascript which is way fast enough for everything you should do with it. For the rest you have video tags and other cool stuff.

12
0

BOOM! Stephen Elop shuffled out of Microsoft door

Christian Berger
Silver badge

"There's s theory his job was just to stop Nokia launching an Android phone, thus making things easier for Microsoft to launch a mobile OS of their own."

Actually Nokia had 2 operating systems which, compared to Windows Mobile, were perfectly competitive.

One was Symbian, which was held up by its momentum, but clearly at the end of its life.

The other one was Maemo which even today is a serious competitor for people who actually want do _do_ stuff with their mobile devices.

8
0

Silicon Valley season closer: Would you like fried servers with that?

Christian Berger
Silver badge

Re: Had to point two big plot mistakes

Well 2 can be explained away. They may have gotten an e-mail which went into the spam folder, or may otherwise have been ignored when they were partying. The episode showed that happening previously.

0
0
Christian Berger
Silver badge

Re: Apart from technical errors in episode 8, season 2 was great

Well as we now know those errors had to be in there, otherwise "deleting your own code" wouldn't have been plausible.

Other than that I find it less plausible for someone just to have one laptop. Laptops are so cheap these days everybody in the IT business should be able to afford an emergency one, or keep their old one when they buy a new one.

0
0

Duqu 2.0‬ malware buried into Windows PCs using 'stolen Foxconn certs'

Christian Berger
Silver badge

Re: Again, code signing is not a security feature

"Anyway Windows doesn't force you to sign executables."

Well UEFI "Secure" Boot might force you into getting a signed boot loader eventually. The requirement to be able to turn off "Secure" Boot was removed by Microsoft recently.

And on mobile devices it's even worse. That's the main reason why you don't have a healthy culture of alternative operating systems on those.

0
1
Christian Berger
Silver badge

Again, code signing is not a security feature

At best it's a way of protecting a business model. There should be laws against mandatory code signing.

2
2

The NHS pays up to NINE TIMES over trade price for commodity kit

Christian Berger
Silver badge

Same things happen in commercial companies...

... but you simply don't hear about it since that's not in the news. Wasting customer money apparently isn't as bad as wasting tax money.

Anyhow I've seen companies getting extremely bad and overpriced (IP-)PBXes which then simply don't work. In many cases those companies then have centralised IT which means that the supporting company often has a 9 hour drive to get there. I've recently even had an example where a company got their firewall and PBX administered from Russia.

0
1

BlackBerry on Android? It makes perfect sense

Christian Berger
Silver badge

Re: I'm planning to buy a new washing machine...

As stupid as it may sound at first, but the choice of operating system on a washing machine tells you a lot about the mindset of the company making it. However keep in mind that even Android is a beacon in the night compared to many embedded operating systems.

Consider of the actual complexity of the "washing machine control" problem and then consider the number of lines the logic would actually need, and then consider how the selected operating system fits into this.

1
0

Cortana threatens to blow away ESC key

Christian Berger
Silver badge

Well Toshiba firmly establishes itself in the consumer section...

...where laptops are just fashion toys and people gladly give away one of the most important keys on the keyboard for a gimmick they will tire of within a week.

I mean even if you live in the Microsoft bubble the Escape key is important. It's what gets you into the menu of Word and Works.

15
0

Facebook: Your code sucks, and we don't even have to run it to tell

Christian Berger
Silver badge

There would be a very simple metric

Just count the number of lines/characters/syntax elements between matching ends of a "block". This block can be defined by matching brackets, or implicit brackets.

So something like if (k==0) {dosomething();}; would lead to something like 3 syntax elements for the first brackets and one syntax element for the second set. (alternatively you could count characters which is less precise but way simpler)

This way the more local your code is, the lower the numbers which correlates nicely with readability.

Of course this makes no statement about actual bugs in the code. However bugs are much easier to find in readable code than they are in unreadable code. Plus this is so simple that editors could include it to evaluate your code as you type.

0
0

Microsoft picks up shotgun, walks 'Modern apps' behind the shed

Christian Berger
Silver badge

Re: Windows 8 interface

Well I don't even think that's the fault of the touch interface, but the business model set by Apple where the owner of the phone gets a cut of all app purchases. The owner of the phone mostly cares about them as that's where the money is. It doesn't matter what the user thinks as users usually don't own their phones.

0
0

Germany drops probe into NSA's Merkel phone-hacking

Christian Berger
Silver badge

Small missunderstanding

They didn't look into the NSA phone hacking, they looked into the NASA:

https://www.youtube.com/watch?v=vySPJKiSzPQ

The NSA doing mass surveillance in Germany would obviously be absurd that's why that part of the story was dismissed immediately. If the NSA did such things they would surely say so in the questioners we sent them. ;)

1
0

Hey kids, who wants to pwn a million BIOSes?

Christian Berger
Silver badge

In a nutshell...

it all boils down to the simple rule, "you cannot contain malware on a computer".

If you can run malware it is likely do be able to do anything. Our safeguards are just additional boundaries to make the job a bit harder, which is a good idea, but we shouldn't rely on it.

Unfortunately, recent developments have increased the problem. Systems have gone even more complex than they used to be, greatly increasing the chance of some remote code execution bug which might introduce malware into your system. Javascript may be comparatively easy to sandbox, however it's getting more and more common and browsers do not even enforce a single domain policy.

Plus there are some stupid ideas like UEFI creating hugely complex systems which are easy to be corrupted by malware, but hard to be replaced with something simple by the user.

2
0
Christian Berger
Silver badge

Re: Hard TPM

Well with TPM the problem is that the likely attacker already is inside the TPM. After all it's extremely likely that governments will demand back doors, and current TPMs actually allow you to have a "second key" to access your encrypted harddisk.

0
1

It's 2015 and Microsoft has figured out anything can break Windows

Christian Berger
Silver badge

So all it does...

...is to scan the memory for certain byte patterns... that means you need a list of those patterns... which essentially turns it into a virus scanner for memory.

That sounds like a disaster. Not only will it not help against targeted attacks or attacks from governments/DRM companies, it will open a whole new set of security vulnerabilities. You will have software trying to parse even more data.

5
9

Super Stuxnet's SCADA slaves: security is atrocious

Christian Berger
Silver badge

Re: As long as we don't get minimal security standards..

"Should you even succeed in rendering them outlaw, the grey and black markets will accommodate them."

By that logic you couldn't have any safety or security standards.

0
0
Christian Berger
Silver badge

As long as we don't get minimal security standards..

...and simply outlaw certain products and protocols nothing will change here.

I mean you cannot design a secure product based on OPC (OLE for Process Control) as it requires insecure components to work with. And even its successor "OPC UA" is a hugely complex mess which probably _never_ will be implemented correctly.

2
0

But... I... like... the... PAIN! Our secret addiction to 'free' APIs

Christian Berger
Silver badge

It's the same with most hype technology

I mean look at "Windows for Pen Computing", an addition for Windows 3.1 and 95 to allow specially modified software to have hand writing recognition.

0
0

Has marketing grabbed the IT reins at your company?

Christian Berger
Silver badge

I haven't seen an IT department...

...that wasn't mostly controlled by marketing departments of vendors for decades. I mean the people inside of IT departments often do not know what they are doing, so they rely on marketing material to evaluate different products.

0
1

Undetectable NSA-linked hybrid malware hits Intel Security radar

Christian Berger
Silver badge

No of course not

The NSA would just force the company into signing their firmware or giving them the secret key to sign it. Signed firmware just outsources trust to another party, it doesn't provide trust or security.

1
0

Industrial Wi-Fi kit has hard-coded credentials

Christian Berger
Silver badge

It's a difficult crowd

I have considered working at a company doing a lot of industrial control... however I decided against it.

The problem is that the people working there are still stuck in their 1990s mindsets and technologies. Even if they wanted to change, they can't because they are stuck with brain dead 1990s technologies like OPC (OLE for Process Control).

Those people haven't learned about Unix so they think OOP is the only way to go. They even actively work on things like "SCADA in the Cloud".

http://www.waterworld.com/articles/print/volume-28/issue-10/editorial-features/cloud-based-scada-alternatives-traditional-systems.html

Such a work environment probably is completely unbearable to anybody with the slightest knowledge about security. That's why those people aren't found there.

6
0

Forums