* Posts by Christian Berger

3781 posts • joined 9 Mar 2007

systemd-free Devuan Linux hits version 1.0.0

Christian Berger
Silver badge

It's not infighting

It's loosing the respect of large projects. The whole point of unixoid operating systems is that they avoid large projects. The largest single project in the GNU/Linux environment, for example is the Linux kernel, and that's heavily guarded. It has to be, because even innocent mistakes can easily corrupt the system. Other projects are usually small and compact with well defined scopes. (Though many GNU projects have broadened those scopes a lot in recent years.)

The idea is that the effort you need to put into software goes up exponentially when you add more lines of code. A 10k project is _much_more_ than 10 times as hard to write and maintain than a 1k project.

The problem we have now is that there is a surplus of people who want to work in "Open Source". Those people want to write code for projects to have something for their resume. Helping on an existing project is easier than starting your own, and huge projects, like systemd, need lots of work. That's why they attract lots of learners and integrate their code. Code written by people in their early years usually sucks. In the past, that code would have gotten into shareware software and would have been erased by the bit rot of the Internet. Now those bad lines of code and those bad design decisions end up in actual Open Source projects which are stored for all eternity on Github.

The result are bugs like this:

https://github.com/systemd/systemd/issues/5644

38
2

Graphite core? There are other ways to monitor your operation's heart

Christian Berger
Silver badge

Graphite core???!!!

What an unfortunate name, one of the reasons why Chernobyl happened was that the reactor core was made out of graphite.

0
0

DTMF replay phreaked out the Dallas tornado alarm, say researchers

Christian Berger
Silver badge

Actually it has nothing to do with phreaking...

... as there doesn't seem to be any telephone network involved.

There are still interresting things to phreak, for example some lift alarm systems are connected to the telephone network and can be called. If you call, they will pick up and put you through to the cabin. Via DTMF Tones you can even program them.

0
0
Christian Berger
Silver badge

Actually a spectrum analyser won't be ideal...

... since it sweeps the band. So you might only get the rough frequency, or you have to sweep slow enough so you might miss it.

The better alternative is a frequency counter. Those "lock onto" the strongest signal (you have to filter out mobile telephone transmitters first), and give you the frequency instantaneously, if you are close enough to the transmitter. (or if you have a directional antenna)

3
0

Android beats Windows as most popular OS for interwebz – by 0.02%

Christian Berger
Silver badge

Well it's just counting people who do not block junk

So it's questionable how much this reflects the real world where even computer novices are starting to filter what gets into their webbrowsers.

However in this case it might not make much of a difference, as both Android and Windows are overrepresented when it comes to ad servers, as both are used mainly by novices.

1
6

WikiLeaks exposes CIA anti-forensics tool that makes Uncle Sam seem fluent in enemy tongues

Christian Berger
Silver badge

Re: Attribution is a myth

Well you assume that. There is no actual need for evidence if your assumption is in line with politics. Just thinl about the first Gulf War which was started by something we now know was a lie.

If you believe that secret services somehow have superpowers that can defy logic, you would have to ask yourself why they didn't use them to afcually do something in the firsr place.

5
2
Christian Berger
Silver badge

Attribution is a myth

It simply doesn't work. Everybody can pose as everybody else. Secret services commonly make false flag operations.

So whenever someone claims that a certain piece of malware comes from country X, you should either laugh at them or punch them in the face. There is no way they could know that... unless they wrote it themselves.

12
4

Firefox Quantum: BIG browser project, huh? I share your concern

Christian Berger
Silver badge

Libvnc

https://libvnc.github.io/doc/html/examples.html

What's missing is a simple, but flexible toolkit for GUI applications. Perhaps modeled a bit after the one in Delphi (which apparently was copied by C#) with hooks to satisfy design constraints.

0
0
Christian Berger
Silver badge

VNC

Well the problem with that is that it would make web-app development as simple as desktop development. You suddenly wouldn't have to worry about login procedures (built into VNC) or cookies. You wouldn't have to use framework over framework over framework.

That would demotivate the current web-developers who are working on or with frameworks, always on the edge of their capabilities. Those people would be relegated to writing code they actually are able to manage. They'd have to think about whole new ways to make things complex.

6
1

Inside OpenSSL's battle to change its license: Coders' rights, tech giants, patents and more

Christian Berger
Silver badge

Luckily...

... the OpenSSL team is known for their excellent and virtually bug free code, otherwise it would be silly to discuss licenses before actually doing what LibreSSL did and clean up their code.

1
3

Linux-using mates gone AWOL? Netflix just added Linux support

Christian Berger
Silver badge

Well they'd gain more Linux users if they dropped DRM

Seriously there is no reason why they have DRM on their own shows. And DRM is malware. DRM acts against my wishes and runs on high privilege levels. DRM systems also had security bugs (harming the user) in the past. Combine that with high privilege code and you get a disaster.

However one advantage is clear, it'll mean that you can run a modified Linux inside a virtual machine (or on separate hardware) which simply records the streams DRM-free so you can watch what you pay for even on hardware you still want to own.

1
1

Microsoft nicks one more Apple idea: An ad-supported OS

Christian Berger
Silver badge

There used to be a joke...

... that on Windows 97 error messages will have ads.

13
1

State surveillance boom sparked by fear-mongering political populists, says UN

Christian Berger
Silver badge

Well they are preparing for the future...

... because governments all over the world are overdoing it. Look at what is happening. Banks are failing and rescued with public money, that money is missing in schools or hospitals. Instead of getting back that money by taxing banks, the money is taken from where the consequences will only be seen in years.

People are slowly waking up to the fact that "neo conservatism" or "thatcherism" was not a solution for problem, but instead the cause of a whole new set of new problems.

Total surveillance can help detecting which people to squelch to prevent any kind of uprising. Depending on the model of population control you prefer, those people can simply be declared terrorist, child abuser, or get a lower population score which makes it harder to get a flat or visit a doctor.

1
0
Christian Berger
Silver badge

Mixing up 2 completely different things

"Populism" and "right-wing populism" have little in common. The first one aims for an enlightened society to govern itself, the later seeks for the 10-20% idiots in the world to give them power to act against those idiots as well as the rest of the population.

0
1

Look! Up in the sky! Is it a drone? Is it a car? It's both, crossed with Uber

Christian Berger
Silver badge

You're missing the point that...

A flying car needs _much_ more energy than a regular one, perhaps 10 times as much. So wherever that electricity comes from, using a "regular" electric car is always much more efficient, it'll always use _much_ less fossil fuels.

And I'm not even talking about flying cars needing lighter batteries like lithium-ion ones which are expensive and we don't have enough of that material on earth. For the same range you can build a regular car with lead acid batteries.

The problem why this vehicle works with electricity probably is either for marketing reasons or for reliability issues which are important for military applications.

6
2
Christian Berger
Silver badge

And if you think about it for more than 10 minutes...

a) It takes much more energy than a car as it needs to fly, so it's worse than a car.

b) Even if it manages to get around congestion, which is a typical argument for flying cars, experience has shown that this will just lead to even more (flying-)car traffic, eliminating all advantages.

c) This clearly has very little use for civilian purposes, however it's attractive for special uses like in the military.

Let me elaborate on c):

Since it becomes more and more obvious that the military isn't a very ethical place to work for, companies like Airbus probably have problems getting good people. The concept of a flying car is cool, there's no question about it. It doesn't make much sense on a mass scale, but it's cool. Therefore when an engineer has to choose between going to a car company designing the 100th version of a seat heater controller and going to a company making flying cars, they are much more likely to go to the flying car company. Plus since this poses as a civilian project, they can always fool themselves into not working on military projects.

7
1

FBI boss: 'Memories are not absolutely private in America'

Christian Berger
Silver badge

People with integrity?

Well that's going to be touch, as such people surely won't work for the FBI. It's like asking for glass of water that's both empty and full of water.

5
0

Shock report: 92 per cent of US government websites totally suck

Christian Berger
Silver badge

92% of _all_ websites totally suck

They used to suck because of Frontpage or the HTML-Export of Word, they used to suck because of Flash, now they suck because of Javascript abuse and "responsive design".

2
0

Redmond's on fire, your 365 is terrified: Microsoft email outage en masse

Christian Berger
Silver badge

It only shows that you cannot improve reliability...

...by greatly increasing complexity. Every little bit of complexity is something that can break. Of course you can use redundancy to increase reliability, however if that means adding much more code, the net result can be a far less reliable system.

Redundancy only works when you only add little extra code to achieve it. A prime example is RAID 1. It's rather simple to implement, and allows you to survive disk breakdown without any noticeable disruption.

1
0

Sir Tim Berners-Lee refuses to be King Canute, approves DRM as Web standard

Christian Berger
Silver badge

Re: The Web ist lost, and the W3C did nothing to prevent this

Tickers and updated stats work fine via RFB, just as well as "web applications" where you need to send back forms.

You can trivially extend RFB to have an encoding "h.264" or "vp9" or whatever, or you can embed video into your "PDF-like" static document format.

0
0
Christian Berger
Silver badge

The Web ist lost, and the W3C did nothing to prevent this

Every new feature has, so far, been utterly abused by site operators. We have cookies which were supposed to help with state in web applications, they are now abused for tracking users. We have Javascript, which was meant for local validations of form values, which is now abused for tracking and annoying users. Now we get DRM which will undoubtedly be used to turn the life of the users into hell again.

Maybe we should just acknowledge that the web has failed. Institutions like the W3C apparently don't even see that we actually have 2 different things. One provides (quasi) static pages of mostly text, the other one provides access to some sort of application. Trying to do both with the same set of tools leads into disaster.

Maybe we should just use text files or some sort of PDF subset for static pages and use something like RFB (the protocol behind VNC) for dynamic things. After all despite of the overhead both protocols provide, they are still _way_ more efficient to the bloated versions of our protocols that are currently in use.

1
4

Japan's Venus probe power plight panacea: Turn it off and on again ...and again and again...

Christian Berger
Silver badge

Different approach to it

Apparently the Japanese are using the approach of sending out more cheaper probes than fewer more expensive ones. So they may have some failed ones, but that's not as big of an issue.

It's of course noteworthy that such power glitches are nothing uncommon. Stray charged particles are common up there and can cause parasitic thyristors to fire, leading to a short circuit. Electronics for space is designed to detect that, remove the power for a bit, and turn it on again.

2
0

We found a hidden backdoor in Chinese Internet of Things devices – researchers

Christian Berger
Silver badge

Re: FFS since when is a GSM to VOIP gateway...

In deed! In fact such a device typically would be next to your PBX behind NAT and probably with no Internet access at all. For example we have a setup with another GSM to VoIP gateway which is on a separate network with one server and an ISDN to VoIP gateway... all with no Internet access.

4
0

Silicon Valley tech bro's solution for homeless: Getting himself in the news. Again.

Christian Berger
Silver badge

I think SV shows one perversion of our current economy rather nicely

I mean you may think that homeless people do not contribute to society... but then again you have lots of companies there which have negative contributions. This starts with start-ups burning investor money and ends with companies making attack weapons or DRM to actively hurt the world.

I would go so far as to say that a large percentage of people in the high and absurdly high wage ranges actually have negative contributions to the world as a whole.

6
0

CloudPets' woes worsen: Webpages can turn kids' stuffed toys into creepy audio bugs

Christian Berger
Silver badge

No, PR people are easier to hire

It's not like you can't get decent developers for what PR people cost.

All you need is people who know their limits. Since most of this is utterly trivial stuff, you just need the people who solve this in the most primitive way.

0
0

Tuesday's AWS S3-izure exposes Amazon-sized internet bottleneck

Christian Berger
Silver badge

With your own infrastructure...

... you can at least fix stuff when it's broken. With a cloud solution you have to hope that the cloud provider knows what its doing.

5
0

Up close with the 'New Psion' Gemini: Specs, pics, and genesis of this QWERTY pocketbook

Christian Berger
Silver badge

It's not just the hardware keyboard...

... it's also that you can probably run an actual operating system and don't have to resort to impossible to secure systems like Android, IOS and the likes.

You can just strip down the operating system to whatever you need and even use that device as a terminal. In fact since you have a decent keyboard, you can even enter secure keys for flash encryption.

0
0

The most l33t phone of MWC: DarkMatter's Katim

Christian Berger
Silver badge

Does it have separation between baseband and application processors?

Otherwise any security hole in the baseband processor (rarely checked for, but very likely to exist) would compromise the whole machine.

Other than that, if it has a browser, it likely has security problems. Even if you sandbox the browser, the browser can exploit itself which is bad enough for most people.

Then there'S the problem of how tamper proof the device actually is. It likely has a wire wrapped around its insides, or perhaps some flexboard fullfilling the same purpose. If that's not done properly, it's possible to circumvent that, for example by short circuiting part of it.

0
0

81's 99 in 17: Still a lotta love for the TI‑99/4A – TI's forgotten classic

Christian Berger
Silver badge

In the early 1990s I got it along a ZX80

The TI was essentially useless with the stock BASIC, it barely allowed you to do primitive text mode graphics. I also compared the speed to my ZX80 and it was many times slower.

Infact if you displayed the whole character set and redefinied characters, you could see the BASIC interpreter moving its data away from the space used by unused user defined characters.It had something like 128 words of RAM accessible to the processor, while its 16 kilobytes were all dedicated to the graphics chip... so every access had to go through the graphics chip. To make it even slower, the BASIC interpreter was itself interpreted.

Some accessories removed some of the problems. For example you could give the CPU some actual RAM apparently, but those things were completely unobtainable back then.

4
1

Artificial intelligence 'will save wearables'!

Christian Berger
Silver badge

You'd need a generation of early adopters first...

... unfortunately the wearables market kinda has skipped the "early adopters" phase, so nobody has a clue what to do with such devices. Instead they jumped from "unobtainable" to "big budget mass market" devices which are all alike.

What would have been needed was a phase of experimentation. A phase where it's easy to program and perhaps to add new hardware to it. Have a simple product like this out for a couple of years so a community can form around it... just like with home computers in the 1980s. Don't aim for the mass market yet.

1
0

NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

Christian Berger
Silver badge

"Unique nature" of the job?

The problem is, that one one side, they need people who are smart enough to understand how computers work, on the other hand they must be dumb enough to believe in the story that the NSA is a "good guy".

There is no justification for offensive "cyber weapons" as defense would be _much_ simpler.

IT security is like having a party. Yes, it may cost a bit of money, but lack of money usually isn't a problem. It's all just a question of mindsets.

11
3

Deutsche Telekom hack suspect arrested at London airport

Christian Berger
Silver badge

It's like rattling on a door to break in...

... and have the whole house collapse.

Of course nobody blames Deutsche Telekom for having their TR-069 open to all the world instead of limiting it to the IP-range of their ACS servers.

3
0

Ah, the Raspberry Pi 3. So much love. So much power ... So turn it into a Windows thin client

Christian Berger
Silver badge

During my time as a trainee...

... back in the late 1990s my coleagues have tried actual remote RDP, essentially running multiple "office" RDP sessions over an ISDN line. This worked decently well, but was to expensive in the time before flatrates and VPNs.

Of course this was when a computer with 128 Megabytes of RAM was nearly unimaginable, and a developer had something like an AMD K6-II with 300 megahertz.

So of course a raspberry pi has way than more power to run an RDP terminal.

0
1

Netflix treats security ills with Stethoscope: Open-source self-probing tool

Christian Berger
Silver badge

Of course for Netflix..

... that probably mostly means to check if the DRM is still intact.

3
0

Florida Man jailed for 4 years after raking in a million bucks from spam

Christian Berger
Silver badge

What I wonder is...

I mean sending e-mail legitimately is fairly simple, you don't need a special company for it, if you're not sending spam...

...so why didn't the companies send it themselves? Did they intend to send spam? I mean spam is often hidden under euphemisms like "E-Mail marketing" and there are some big players like Adobe in that field. Shouldn't we start going after them too, as they make spam appear more legitimate to businesses?

0
0

BlackBerry sued by hundreds of staffers 'fooled' into quitting

Christian Berger
Silver badge

They must be very desperate...

...because that's normally like suing IBM for patent infringement. Nokia probably has lots of patents Blackberry infringes... unless in the recent acquisition by Microsoft, Microsoft got all the patents. That's actually a likely thing as they threw away everything else.

Anyhow it's sad to see a company like Blackberry committing suicide like that. In business terms it would be an ideal candidate for a takeover. Axe all the upper management and replace it with sane people and you'll have a profitable business.

0
0

Huge if true: iPhone 8 will feature 3D selfies, rodent defibrillator

Christian Berger
Silver badge

You don't have a headphone socket anyway

Why not remove all sound features from it. Sound is just so sold fashioned. And while you are at it, remove the display, those only crack and limit your runtime anyway. After a couple of itterations you could have the ideal smartphone, an extremely stylish piece made completely from something as bendy as rubber, but as smooth as acryl or glass, but with no electronics inside... well perhaps you could have some on chip oscillators so you can claim that it's an octacore running at x GHz.

2
0

Global IPv4 address drought: Seriously, we're done now. We're done

Christian Berger
Silver badge

Re: Y U NO IPV6 BRO

Well the Reg isn't much about technology. Otherwise they'd move from http(s) and HTML to something saner... like ssh.

Yes, I've bought something from an ssh-based online shop. You first send them your ssh public key via a web form... then you can log in.

1
0
Christian Berger
Silver badge

Re: IPv6 is fundamentally broken

a) IPv6 can do NAT just the way IPv4 could... nobody uses it, but I think it's even in the Linux kernel.

b) For browsers and stuff you can use a proxy server

c) If you are using a browser you cannot hide anyway, because your browser and OS will have a fingerprint.

Nobody does tracking via IP addresses as it can change at any moment (particularly with IPv6). What trackers do is to use cookies or your font list and screen resolution. It's a layer 5 problem, not a layer 3 one.

7
3

Talk of tech innovation is bullsh*t. Shut up and get the work done – says Linus Torvalds

Christian Berger
Silver badge

Well if we look into the past...

...many great improvements in computing came from people who were just doing something properly. Just think of UNIX. You have a bunch of people who were trying to put in a semi-minimal amount of work. Only features that had most "bang for the buck" were implemented, and the whole thing has a "can't somebody else do it" attitude. (having small programs for everything)

Today many people see innovation as doing trivial things more and more complex. Android, systemd or much of the Freedesktop projects are prime examples for this. I think this is because we have an excess of bad programmers who all want to do something... without understanding how to do it in a minimal way. That way they create lots of code that doesn't do anything productive.

18
2

'We need a new Geneva Convention to protect all citizens from snoops'

Christian Berger
Silver badge

Yes, but wouldn't the US ignore this...

...just like the current Geneva Convention?

6
0

Russia and China bombard Blighty with 188 cyberattacks in 3 months

Christian Berger
Silver badge

Attribution is (virtually) impossible

IP-Addresses say nothing, code styles can easily be faked or you can just buy exploits on markets, foreign characters in filenames or paths can easily be faked as can dates and times.

We live in a world, where it's likely that the actions of some little kid are seen as a state sponsored attack, no matter how primitive they were. Also we live in a world where false flag operations are nothing uncommon.

If those organizations mentioned in the article would actually care about security, they would provide guidelines for actual security. They would advise against office software, they would advise against complex file formats, particularly proprietary ones. They would warn against closed source software, particularly when there's an auto update mechanism.

6
3

Samsung's Chromebook Pro: Overpriced vanilla PC with a stylus. 'Wow'

Christian Berger
Silver badge

Well the problem with TPM is...

... that it claims to be able to do lots of things, like protecting your system from physical access or someone becoming root in order to modify your boot process. Obviously that's bollocks, since if your system has already been compromised that way, it makes very little sense to achieve persistence via the boot process. There are lots of other, much simper ways to do so.

That by itself wouldn't be a problem, but then there's the obvious problem of hardware vendors not allowing you to add new keys yourself... or making that particularly difficult to do. Microsoft already dropped the requirement to turn off the TPM, on ARM they even require it to not be possible to be turned off. Essentially we are now seeing the things people warned us about 20 years ago. Most smartphones already have locked bootloaders and if we are not careful, laptops and desktop computers might follow soon.

1
2

Chrome 56 quietly added Bluetooth snitch API

Christian Berger
Silver badge

It's a general trend in the browser community

Instead of doing things that would improve security (limiting Javascript from external servers, turning off APIs, simple client certificates) they do everything to solidify their oligopoly.

Every new API makes it harder for a new competitors to enter the browser engine "market", which gives the browser vendors more power. Just imagine there would be a truely free browser that does everything you want, like blocking external Javascript or selectively blocking Flash, instead of constantly making the UI less usefull. Mozilla would be broke in months.

6
1

Who do you want to be Who? VOTE for the BBC's next Time Lord

Christian Berger
Silver badge

Maybe someone from the cast of "Selling Hitler"

It already has Tom Baker and Peter Capaldi in it. Maybe we could retroactively make that series the one with the most "Doctors". :)

1
0

For $deity's sake, smile! It's Friday! Sad coders write bad code – official

Christian Berger
Silver badge

Yes motivation is important, but it doesn't work that way

If you want to motivate your coders, give them interresting things to do. Allow them to express themselves and to make mistakes. Allow them to try to reinvent things. Hire competent people. If everybody thinks they can learn from their peers, it creates a very pleasurable athmosphere of constant learning and discovery.

Decarbonated sparkling water and such is just the way clueless HR drones try to solve the problem. That way you get the same boring list of employee benefits at every company.

0
0

WTF is your problem, Netgear? Another hijack hole found in its routers

Christian Berger
Silver badge

Re: Recomended SoHo router

If you want a "setup and forget" solution, look at a Fritz!Box. Those have auto update.

2
0
Christian Berger
Silver badge

The problem is rather simple

Netgear probably doesn't write the code running on their routers, they get the code from the chipset vendors and then reskin it. So they decide on a chipset, and while the hardware is being developed, they re-skin the firmware of the vendor. Any updates coming out since then will simply be ignored.

3
0

IPv6 vulnerable to fragmentation attacks that threaten core internet routers

Christian Berger
Silver badge

I thought they were dropping fragmentation with IPv6

I mean there's verry little use for fragmentation. It's actually something people disable in IPv4 already as, even there, it's more pain than gain.

0
0

Oh, the things Vim could teach Silicon Valley's code slingers

Christian Berger
Silver badge

It highlights one of the aspects of truely free software...

... and that it has a defined scope and therefore can be "done". This allows for completely new freedoms like the "freedom to re-implement".

0
0

Forums

Biting the hand that feeds IT © 1998–2017