* Posts by Christian Berger

4720 posts • joined 9 Mar 2007

Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019

Christian Berger Silver badge

Oh my god, hasn't someone seen the bigger problem?

I mean the hours of UTC only go up to 23, then once you get to 23:59:59 you will have a roll over!!!!! OMG if that is improperly handled all computers will have severely wrong times. And that's just a few hours away!!!!11111!!!!!eleven!!!!!!!

!!!PANIK!!!

Almost £5k for a deskslab: Microsoft's Surface Studio 2 hits UK

Christian Berger Silver badge

It needs to be expensive

That's part of the brand image. I mean they have looked at Apple and realized that "products that people can work with" has very narrow margins. Instead you position yourself as a company selling fashionable accessories. Allow people to distract from their lack of talent by giving them something they can believe it makes them a better person.

Being expensive both to buy and to maintain was a basic design goal not an accident.

OK, it's early 2019. Has Leeds Hospital finally managed to 'axe the fax'? Um, yes and no

Christian Berger Silver badge

But (group 3) fax is digital

Also it's a low risk environment with devices off the computer network with fairly smooth attack surfaces.

Besides there currently isn't any sane standard to replace it. Sure some faxes are able to send PDFs, but unless you standardise on a strict subset of the PDF standard, your viewers will be highly complex. Sending "Office software" files through e-mail is just a desaster waiting to happen. (or depending on your company a desaster that already has happened)

Before you can think about abolishing Fax machines, you should think about how to actually use computers in a sane way.

Intel to finally scatter remaining ashes of Itanium to the wind in 2021: Final call for doomed server CPU line

Christian Berger Silver badge

It actually was more of a hope back then

You see back then standard CPUs were easily fast enough to do all the "complicated" things where you have lots of branching and parsing and stuff. Speed was mostly needed at "simple" things like 3D graphics or video. Those things are fairly deterministic and probably could be done very quickly with VLIW architectures.

What Intel underestimated was that there's lots of legacy code out there which will never be touched and stay exactly the same binary, so that x86 emulation is way more important than they thought. Then that "complicated" code got slower and slower. Today we are at a point where a modern, but only mid-range machine actually barely can keep up with a decent typist, because the editor was implemented via a browser. That's just madness and what people underestimated back then.

Techie finds himself telling caller there is no safe depth of water for operating computers

Christian Berger Silver badge

People actually tend to overestimate the danger

I mean at 110 or 230/400 Volts, the main danger is actually caused by the hydrogen created by electrolysis. Since electricity will favour the shortest and easiest path, and power circuits will typically have all their conductors close to eachother. Therefore the flow of current will be localized. Additionally while your body conducts electricity about as well as water, your skin is somewhat more of an insulator.

What's actually more important is to check all connectors after such an event, as corrosion can be a real problem.

RIP 2019-2019: The first plant to grow on the Moon? Yeah, it's dead already, Chinese admit

Christian Berger Silver badge

Re: Puzzled

"If anyone has a gardening sized nuke, I may be interested."

You mean a Rasensprenger? (Rasen=lawn, Sprenger=blaster)

Those are widely available in German hardware stores.

References:

https://dict.leo.org/englisch-deutsch/lawn

https://dict.leo.org/englisch-deutsch/blaster

Christian Berger Silver badge

Re: Puzzled

"So their can is full of totally dead things by Lunar morning."

Honestly, what will be interresting is if there will be anything that actually survives this. We should continue watching this.

At 900k lines of code, ONOS is getting heavy. Can it go on a diet?

Christian Berger Silver badge

Well that's what you get when your concept doesn't fit on a beer coaster

I mean SDN could be simple. After all you just have a set of more or less standard components which need their settings.

Now the hard part is to connect that all into someting more powerfull and expose that power to an interface without it spiralling into millions of codelines. What would be needed is a simple overlying idea, kinda like the UNIX philosophy.

Adding complex message passing systems like Kafka certainly doesn't help in that regard, but it may aid in finding a way towards something good.

US Department of Defense to fling $1.76bn at Microsoft

Christian Berger Silver badge

That's actually quite insane

Imagine you have high payed developers which cost you 100k a year. That's actually 17600 years worth of developer time. To put that into perspective, the Windows 3.1 team had around 20 people working for a few year to develop it. The Cray 1 was developed by a team about the same size within a few years.

You could easily use that money to develop a custom computing architecture from scratch. One that will avoid security problems by clients not having an elaborated attack surface, one that just does what it's supposed to do.

In fact you could even spend 10% of that an really boost academic security research, you'd probably reach a goal where you get a full operating system which can be proven to be free from a large number of bug classes by your compiler while it compiles.

Spending all of that money just to get a legacy operating system to somehow work seems like a total waste to me.

Cyber-insurance shock: Zurich refuses to foot NotPetya ransomware clean-up bill – and claims it's 'an act of war'

Christian Berger Silver badge

One would think that insurance companies would try to lower the risk

After all with $100Million you can easily design your own computing platform including operating system and hardware. That would, at worst, be a bit more secure because it would be simpler and would obscure the rest of the bugs as it's more obscure. At best this would be a fundamentally new step towards more secure systems.

Of course selling insurance and not paying is a much easier way to make money.

If I could turn back time, I'd tell you to keep that old Radarange at home

Christian Berger Silver badge

Re: Bah!

"Er ... are you saying that the best place for housing computers is a Portakabin?"

Well Portaloos are more for network equipment:

https://upload.wikimedia.org/wikipedia/commons/5/59/CCCamp_2007_Datenklo.jpg

Christian Berger Silver badge

"But then; if one mainframe is susceptible to radar frequency radiation, it stands to reason that others are too. So it's definitely possible that multiple variants of this situation actually happened."

That's why propper data centres typically have at least some amount of shielding. Even building your building out of cheap aluminium helps a lot with that.

Christian Berger Silver badge

Re: Pesky microwaves

Well tides can affect microwave links, particulary near the oceans. The BBC used to run a link for one of the more remote Brittish isles which was non line of sight so they could see problems caused by ships.

Christian Berger Silver badge

Re: Running backwards ?

Even if you affect your real time clock (RTC), virtually all operating systems (even MS-DOS) have a separate software timer which is used by the software and only synced on bootup.

I am not aware of any operating system that ever directly passed it's RTC values to application software.

If any outside interference would actually cause your OS to count backwards instead of forwards, the time would probably be your least problem.

So I call BS on this.

Begone, Demon Internet: Vodafone to shutter old-school pioneer ISP

Christian Berger Silver badge

Static IP addresses were standard with early ISPs, in fact there was a volunteer driven one in Germany which even allowed you to get your static IP no matter which dial-up number you were using.

There's a nice talk about that time:

https://media.ccc.de/v/34c3-9034-bbss_and_early_internet_access_in_the_1990ies

Wanted – have you seen this MAC address: f8:e0:79:af:57:eb? German cops appeal for logs in bomb probe

Christian Berger Silver badge

I'm astonished, this article actually shows more work than any other I've seen yet

It quotes the MAC address and even looks up the vendor. It even tells us where the MAC address is from. That's so completely unlike what I'm used from TheReg.

Who are you and what have you done to TheRegister?

Excuse me, sir. You can't store your things there. Those 7 gigabytes are reserved for Windows 10

Christian Berger Silver badge

That's insane

particularly since there hasn't been to much added functionality since the days of when your Windows system still required your system partition to be less than 2 Gigabytes.

Before dipping a toe in the new ThinkPad high-end, make sure your desk is compatible

Christian Berger Silver badge

The X1 line isn't the premium line

It's the "consumers who have more money than brains" line, because the X1 has all the features you don't want in a laptop, including hard to replace batteries and dangerously thin cases.

Seagate woos NASty folk and other flashy types at CES

Christian Berger Silver badge

Re: Why?

That is a valid point, though at todays flash prices one might be better off just buying the next door flat.

Christian Berger Silver badge

Why?

I mean SSDs have their advantages, but for typical home NAS uses those are largely irrelevant. I mean few home users have 10 GBit networks at home.

Low-power chips are secret sauce behind long-life wearables

Christian Berger Silver badge

You're missing the main feature

I mean of course you could make a watch that displays the time, but where's your revenue stream? Instead the vital feature is data collection. I mean how can you make money if not by selling private data of your product?

Encryption? This time it'll be usable, Thunderbird promises

Christian Berger Silver badge

Re: Enigmail was usable

Yes, but there were still many things that it could have done automatically, like sending your public key with every mail, and signing every outgoing mail by default.

It shouldn't be to hard to make GPG do the "sensible" things by default, yet enable you to drill into the details if you need to do so.

Full frontal vulnerability: Photos can still trick, unlock Android mobes via facial recognition

Christian Berger Silver badge

Fingerprint sensors are useless

I mean those devices have very smooth surfaces which you touch with the same finger you use to unlock them, so that's rather insecure.

Also obviously this is only the simplest step. The next step is using a photograph and using a pen to simulate blinking. Then there's putting 2 contact lenses (or other kind of bubble shaped piece of transparent plastic) onto the eyes. Eventually you'll reach the mask which will probably fool all of those devices.

Essentially biometry is broken for authentication. It doesn't matter if you add more obscurity to it, you cannot make it as secure as a password. However since many phone manufacturers refuse to let you have a propper keyboard, entering a password is near impossible on those devices.

Detailed: How Russian government's Fancy Bear UEFI rootkit sneaks onto Windows PCs

Christian Berger Silver badge

Re: The problem with that is...

"What is UEFI for and why does it even exist?"

Well booting modern PCs is hard, as there was always a strong push for compatibility in areas where it was questionable. One example is the support for emulating AT-keyboards when you only have an USB keyboard. (that's used for running Windows, which took quite a while to support USB, to work with USB keyboards) For that you have things like "Service Mode" which contains highly privilidged code running on your CPU.

However today we can get rid of most of that stuff. Operating systems today either use BIOS functions or they have direct hardware drivers for current hardware. So in theory we could get rid of "Service Mode" and other bugs like it.

However allow me to introduce a conspiracy theory. Imagine you work for a secret service. You'll look around you and you notice something terrible happening. More and more people are encrypting their communications, less and less of that code comes from companies you can controll. It's simply not feasible to add a weak cypher to a crypto suite without people getting suspicious.

However you have one chance. If there are bugs in the implementations, you can find and use them. Now the crypto-primitives (AES, hashes, etc) themselves are rather secure. They have defined inputs and outputs, and if 2 implementations deviate at least one of them is simply broken. What is left is the protocolls. So what you do now is to support bugs. The easiest way to do so is to make the protocolls so complex, that nobody can implement them without making major bugs. Introduce certifications so people are afraid of cleaning up code. The more complex your protocol will be the fewer implementations you will have and the more bugs those implementations will have. If I worked at a secret service, I would love HTTP/2 as it greatly increases complexity at both the server and the client. I would love the modern web with it's numerous redundant features. UEFI would seem heaven sent, as it means that BIOS chips will be really large, and end user neither have any chance of knowing if it'll be bugged nor be able to use their own, minimalistic and safe, versions. It'll be like in the "good old days" where you could just tell Microsoft to include your key into the system.

Christian Berger Silver badge

I am not sure, I haven't looked at YouTube's infrastructure, but considering it's a fairly new service frm 2005 I doubt it would be large.

Christian Berger Silver badge

Well...

... on Windows a lot of business software requires you to run it as root. After all it needs to do things like access printers directly (for example for POS systems).

Windows, by default, does not display file extensions, making it extremely hard for an untrained person to spot a .doc.exe file. Since running applications with different permissions on a single login is hard, and partially useless, few people set that up.

The obvious practical solution is of course to use mainboards with their UEFI on a socketed DIP-chip and get a professional flash chip writer (about 200 Euros) and just regularly replace your flash chips with the newest version. Additionally you can just make a write enable yourself, by soldering the write enable pin to whatever level disables writing. One could even build little boards that go in between the mainboard and the chip to do that.

Christian Berger Silver badge

Re: Sprechen sie Deutch?

I never quite understood why people link to externally hosted versions of CCC talks. I mean they are only on services like "YouTube" to promote decentralization. However the popularity could easily overload their servers if a significant share of views would go to those. In contrast, the media.ccc.de servers are load balanced so they can easily handle even huge loads.

Christian Berger Silver badge

The problem with that is...

since UEFI is highly complex, it's likely that you'll experience serious bugs during the use of your device. Therefore you need to update it.

The obvious solution would of course be to get rid of UEFI completely and get something with minimal complexity, for example something based on the OpenFirmware standard. Having much less code is the simplest way to get rid of many bugs. Then you would have so few bugs that updates aren't necessary any more, and then you can disable writing your BIOS completely.

Boffins manage to keep graphene qubits 'quantum coherent' for all of 55... nanoseconds

Christian Berger Silver badge

Re: 1k qubits ?!?

"I wonder if quantum computing is the next fusion?"

Well it could be worse. We know that fusion works, the sun does it. However we do not know yet know if quantum computers or any significant size are possible. It could still be that there are fundamental limits which make this impossible. However however that goes, we'll still know a great deal more after having tried to build quantum computers.

Ready for Glasto-net? Cheap, local low-power networks up for grabs in the UK

Christian Berger Silver badge

The guardband is now regularly used for GSM in Germany

It used to be unused. In Germany you can get any patch of unassigned spectrum for "test purposes". In reality that meant that operators like Eventphone (the only German reputable telephony provider) teamed up with Osmocom to run a public test network. Unfortunately since that guard band has been auctioned off, they now have to beg at non reputable mobile telephony providers for temporary spectrum use.

The Palm Palm: The Derringer of smartphones

Christian Berger Silver badge

Looks like the Unihertz Jelly

And that's a cheap and cheerful little device. I mostly use it as an LTE WLAN router and a telephone. Works fairly well.

Vitamin Water gets massive publicity for new flavor: Utter BS

Christian Berger Silver badge

Re: Bah. It's just the usual "Too good to be true" promise

"imaginary "MA2412""

But I learned about it from a VHS video tape I got directly from the ORF-Shop. Surely their standards of reporting wouldn't allow them to just lie on video tape. It would be like if Doctor Who would turn out to just have been made up.

Christian Berger Silver badge

Re: Bah. It's just the usual "Too good to be true" promise

Of course he exists. He usually works in a governmental office in Vienna. There's been a documentary about it:

https://www.youtube.com/watch?v=5VKlXOtaFYQ

The eulogising of The Mother Of All Demos at 50 is Silicon Valley going goo-goo for gurus again

Christian Berger Silver badge

What was actually more impressive back then

was GRAIL. https://www.youtube.com/watch?v=QQhVQ1UG6aM

It was a pen only system you could program rather efficiently by only using a pen and a screen.

The internet is going to hell and its creators want your help fixing it

Christian Berger Silver badge

Re: There are some technical bugs we can certainly fix

Well VNC is one way this could be done. Considering the terrible state of the web, I don't think VNC would actually require more data than the current web. After all most websites are now larger than screenshots of themselves.

However there are lots of other ways to do this. This is something I don't have a set answer for, but something I'd like to encourage experimentation.

Christian Berger Silver badge

Re: It's fascinating to see how people are so much behind the times

"There only four things that schools need to teach:"

Well those things are absolutely important, however we also need to show children the world around them. Even if you are a great learner, knowing what to learn, what might be interesting to you is hard. School needs to show you the world at least how it is now and how it was before.

Christian Berger Silver badge

There are some technical bugs we can certainly fix

For example the Web has the problem that it's possible to have 3rd party elements on a page. This used to be used for webcounters, but now is mostly abused by advertisers and Facebook.

Same goes for Javascript. It used to be an interresting idea which is now mostly abused. To add injury to insult we now have CPU bugs we cannot fix which can be exploited (in principle) via Javascript. In any case cyber currency miners are a problem.

Imagine a different protocol, one that is more like a terminal protocol. You have your "screen" which in case of traditional protocols is composed out of a grid of character cells, and in a new standard might be more like the browser DOM tree. This "screen" can be manipulated via a single persistent TCP/IP connection. If you just want to display a quasi static document, the DOM tree includes some sort of URL for links and you send that URL when connecting. After the whole "screen" has been transmitted, the connection is dropped or put into an "idle" state from which you can request a new page from the same server if you wish.

If you want to use an application however, the connection stays open and elements of the "screen" can send events to the server. This allows for much simpler "Web Apps" as they can now work synchronously and don't have to string together disjoined HTTP-requests into some sort of session.

The beauty of this is that it's compatible with what we already have. SSH can easily carry such a stream and you can outsource your authentication and encryption to it. One could even create it in a backwards compatible way to ANSI terminals so you can instantly use it as a drop-in replacement for your terminal.

Christian Berger Silver badge

Re: Look to SciFi for inspiration

Well we can still prepare for it, for example by making future alternatives to the web work with lower bandwidth and complexity requirements. This would allow us to have lower bandwidth devices.

I personally don't think the Internet itself is broken, IP(v6) is to simple to be broken. What is broken ist the protocolls on top of it, particularly the new ones big coorporations try to force upon us. So maybe just like when we kickstarted the popular Internet from the telephone network, we could kickstart new ways of communications on top of IP(v6).

Christian Berger Silver badge

It's fascinating to see how people are so much behind the times

I mean there already is a set of guidelines for the "Digital World" (whatever that is supposed to be) and that's the "Hacker ethic". Additionally what is needed is to educate people about computers, in order to give them some idea of how they work. In kindergarten we have learned how printing works by building our own sets of movable type from potatoes. Today computers represent a technical achievement just as important as printing was.

If you do not give people the tools they need to understand the world around them you are sure to enter a dark age in which only an elite can control the population. Democracy needs good education and we have failed to provide computer education for to long now.

Microsoft, you shouldn't have: Festive Windows 10 Insiders build about as exciting as new socks

Christian Berger Silver badge

Re: Any change to notepad is big news of course.

Well Notepad++ and Notepad are something completely different. Notepad has it's use for just being a "paste buffer" that can also strip format information from your data.

I've looked at Notepad++, and I see little reason to use it. It seems to lack a unifying vision. It just looks like a lot of non orthogonal features added to a simple word processor. It fullfills most prejudices people have about Windows software.

For fax sake: NHS to be banned from buying archaic copy-flingers

Christian Berger Silver badge

Re: Sending a photo via SMS

Sorry, I meant E-Mail.

Christian Berger Silver badge

Sending a photo via SMS

I mean yes, there were standards to send images via SMS... however I doubt there is much use in sending a 32x32 monochrome pictures theese days.

Of course the sensible thing to do would be to define a standard format for document "facsimiles" which includes a simple high resolution bitmap of the page along with an UTF-8 export of its contents.

If you ban fax machines, people are going to send office documents through mail... which is _much_ worse security wise.

Christian Berger Silver badge

Re: Ban a system that works and is malware free*...

Well that "mostly" is if you don't have a colour fax. Since colour fax machines are about as common as ice-cream cone unicorns, that's not really a serious concern.

Boffins build blazing battery bonfire

Christian Berger Silver badge

Yeah but Lithium Ion Batteries are among the most expensive

A fairer comparision would compare it to cheap batteries like lead acid.

Early to embed and early to rise? Western Digital drops veil on SweRVy RISC-V based designs

Christian Berger Silver badge

Re: What I don't understand about a memory centric architecture

"The alternatives are 'file centric' architectures"

No, there's another obvious architecture, message passing. If you build your interconnection on asynchronous messages it can scale very well. It's the concept the Transputer used.

Christian Berger Silver badge

What I don't understand about a memory centric architecture

Memory is today one of the slower parts of computing. Whenever your CPU actually has to access it it takes a long time. Caching solves a bit of the problem, but it quickly gets very difficult.

Wouldn't it make more sense to not have one of the slowest part of your computer be your bottleneck?

SEAL up your data just like Microsoft: Redmond open-sources 'simple' homomorphic encryption blueprints

Christian Berger Silver badge

It's research

No actual applications are currently on the horizon, but it might be usefull some day.

However we now have the situation of people peddling homomorphic encryption as the solution for the cloud. To those people I can simply only say, if you don't want others to get to your data, store and process it on your own computers.

It's nearly 2019, and your network can get pwned through an oscilloscope

Christian Berger Silver badge

It's actually not that relevant

Those LAN ports are barely ever used at all, and if they are used they are used with a second network card. After all the LAN port is just a cheaper way of running GPIB to a PC.

And seriously, if a single device on your network can own the whole network, you have seriously messed up.

Apple in another dust-up with its fans: iMacs, MacBooks lack filters, choke on grime – lawsuit

Christian Berger Silver badge

Re: Errr....

" I don't see a dust filter on any one of them!"

Yes, that's because through clever design those are integrated into the case. Essentially meshed surfaces are fairly decent dust filters. The idea is that they catch all the big particles while the rest will simply be blown out by the fans. I've first seen an eary concept of those in an expensive measurement device. There was a hive-like structure perhaps 2-4 cm deep just mounted on the air inlet. This structure cought all the relevant dust and kept the rest of the device virtually dust free.

Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence

Christian Berger Silver badge

Re: There's a non filler talk on that topic

"Not sure what a non-filler is"

Some sites have lots of articles without any useful content, those I call "filler articles". It seems like there are even whole conferences devoted to nothing but filler material designed to take up space and to make you look innovative even though it's extremely low on content.

Biting the hand that feeds IT © 1998–2019