* Posts by Christian Berger

4850 publicly visible posts • joined 9 Mar 2007

Schneier spanks AV industry over Flame failures

Christian Berger

Re: That still goes on is amazing to me

Well I'd put that more general, "Get a platform with a good security track record.". Macs unfortunately are perhaps more secure than some boxes, but less than proper unixoid boxes.

I don't expect the Windows to understand this. After all they are in a different area.

http://www.youtube.com/watch?v=e6dp1Ib5mGE

Tech boffins: Spend gov money on catching cyber crooks, not on AV

Christian Berger

Re: How about

Seriously if you extend that list a bit to include PHP and C(++) and fire everyone suggesting to switch to ASP and C# we'd be in a much better position. Most of the problems would be solved then.

Christian Berger

Economics of Information Security????

WTF????

I'm sorry, but good code isn't more expensive than bad code, and even if it was, programmers are dirt cheap. Why don't they just simply try to avoid the largest pitfalls. For example if a company avoids using PHP and C(++) a lot of the security problems they would otherwise have simply disappear. At no extra cost.

Security, at least up to a point, doesn't cost anything. And even beyond that it's so little that the cost of those people travelling to Berlin could have made a serious difference. Security research is not like cancer research. You don't need expensive lab equipment and mass tests, all you need is some scientists a room and a computer.

Christian Berger

Re: Perhaps

Actually depending on the insecurity of the system. I'd personally opt for 5 years for the programmer. It's a crime that there is still new code being written you can inject SQL code into.

We need to stop using code written by complete idiots. That's the problem.

Christian Berger

Not really

At the moment many systems are so badly designed they break by accident. If people would move forward and ditch the worst systems, criminals would have to be a lot smarter than they can possibly be.

Eventually opening a bank will be simpler than writing a banking trojan.

You don't need to outrun the wolfs, you only need to outrun your peers.

Christian Berger

Get minimal security standards

Just like cars need to have seatbelts and buildings need to be structurally safe, we should have minimal standards for computer security. Companies with a bad security track record should for example be banned from getting public orders.

Or we could try to enforce that certain aspects are proven in the code. For example that array boundaries are checked. This is trivial in many programming languages, but solves a lot of the current security problems.

Today we let every idiot program security critical software. If we had security standards which are easy to fulfill unless you are an idiot, we'd finally have a "not made by total idiots" stamp for software.

German KIT v Fighting Seawolves in student cluster deathmatch

Christian Berger

Re: Units

Yes and it also depends on whether those are "average" 13 amps, "directed average" 13 amps or RMS 13 amps, or whether a sinoidal form of the current is required.

It seems like you could get quite a bit more power out of a socket if you only were to consume power in non-standard and bad for the power network ways.

Honeynet looks to trap USB malware

Christian Berger

So... if that should become popular

The first routine in new malware will be to detect that piece of software, and to stop infecting that, probably easily detectable, USB device.

But it won't become popular as it'll interfere with thousands of badly written auto-backup features which just wait for an USB-stick to be plugged into the PC and then back up data.

Is it time for enterprise PC outfits to carry Apple Macs?

Christian Berger

Re: Cheesy article...or should I say Fruity article?

Uhm, I have this study here:

http://www.channelregister.co.uk/2009/11/18/laptop_reliable/

According to it their failure rates are average, which is bad considering Apple is mostly in the consumer market where laptops don't get much mechanical stress. Consumers are typically more careful as they need to shell out for a new device when the old one breaks.

Christian Berger

Re: Cheesy article...or should I say Fruity article?

Wow, where have you been over the last 10 years. This used to be true, but now we know better.

It's rare for a Mac to even last 5 years these days, let alone be useful. The build quality has deteriorated a great deal since the 1990s. Apple is probably the only company getting worse in that respect.

Yes, there is a Unix layer, but it's very old and barely usable. In fact its so old it had many very old security bugs in it which have been re-discovered in the last decade.

Besides you are comparing it to Windows, again 10 years ago that would have been a valid comparison, but today people who care, have moved to Linux.

Christian Berger

Re: Are we going to get this story every month?

Yes, but the situation has changed now. With that new MacBook Pro or whatever it's called, Apple has shown once more that they want to get out of the business market. Just think about it, the battery is glued in, the display cannot be repaired, the whole thing is so slim it'll probably break after a couple of month of use.

Apple doesn't care about business users any more. It's an irrelevant market for them. In the business market they compete with cheaper Linux boxes. If you spend the same amount of money you'll get a really nice Linux box which will be of service for the next decade.

Microsoft plots entry into tablet trade

Christian Berger

I'm all for it

If Microsoft makes its own hardware it will scare away other hardware vendors from their platform. That would be a good way to prevent much of the harm coming from Windows 8.

Christian Berger

Re: Bingo

Actually there are nearly no alternatives when it comes to mobile devices. Nearly all of them have locked boot loaders.

FCC: Let's kill analogue early, fob diehards off with converter boxes

Christian Berger

If only you knew

If only you knew how much more effort it was to get the analogue signal up and running. In most countries the switch to digital cut transmission powers by a factor of 10 or more. (I think the UK is the exception) You now also need just a fraction of the spectrum as you can have SFNs.

Digital simply is cheaper in the long run.

Christian Berger

Lower signal levels

I wonder if that "lower signal level" this is the truth. Every well designed system now approaches the limits set by Shannon quite closely. So the difference probably is far less than a dB depending on how you set up the multiplex. This is more than compensated for by the ability to have SFNs.

Christian Berger

Re: They are finally changing

Uhm, I don't think it's possible to get insight into the digital transition in the US by using reason.

Essentially they are using vestigial sideband modulation. That's essentially a bizarre idea. Unlike DVB-T multi-path reception is a serious problem.

If the FCC wanted to make a rational decision, they would have either chosen DVB or ISDB. Then they could have bought receivers on the international market which are cheap as chips.

Christian Berger

Completely impossible in Germany

Because of shared stupidity among commercial TV stations and cable operators, German cable will probably stay mostly analogue for years to come.

Essentially the commercial TV stations want extra money for digital viewers. And since cable operators don't want to pay a flat fee they encrypt all commercial channels, even the ones which are carried analog for free.

Therefore you need to jump through a lot of DRM hoops meaning you need a special licensed receiver (to even get the smartcard) you need to mess around with CAMs which should work, but nobody gives you a guarantee, plus you need to pay a hefty extra fee (3 euros per month), per card.

So while only a tiny fraction still had analogue satellite when it was turned off in may, cable is still mostly analogue. In fact since the encrypted signals used to come via rented satellite transponders and have been moved to fibre, some headends even turned off digital television completely.

Cable is brain-dead in Germany anyhow, you don't even get BBC1. (You can receive the BBC in most of Germany via satellite)

Office 365: This cloud isn't going to put any admins out of a job

Christian Berger

Other software

That's actually a big problem. The software market on Windows is heavily fragmented. You'll have dozens of commercial vendors selling the same kind of software. Each one with its own problems.

Hey, but why don't you start with Praxident:

http://www.praxident.de/index.html

I had to install the client on 2 identical PCs (both new and freshly installed). It worked perfectly on one, it consistently crashed on the other. It uses just about every "technology of the future" of Windows since the 1990s. So of course there are parts using Active X and other parts using .net. You'll need to install both. It also depends on Microsoft SQL server which it uses in the unmaintainable version without management interface. They actually moved to M$SQL at a time when MySQL was already popular.

Christian Berger

Ohh on Windows...

On Windows you can be lucky and your customer knows that he has no idea and leaves the setup alone. Then it might break every few months. Maybe it'll last for a year without breaking.

If you are unlucky it thinks it knows about Windows and messes with it. Of course it will deny having done so. Then it breaks every few weeks or more.

When something breaks many sysadmins will find that they often don't actually have ways to fix them. Windows does a good job at hiding the cause of problems and the way to fix them. So instead of the straight forward approach of determining the error and correcting it, you often spend hours wiggling with controls until one time it mysteriously works.

Christian Berger

Re: Warning Unix fanboys ahead

Well Powershell seems to have 2 gigantic flaws:

1. It doesn't seem to be as well designed as normal Unix shells are. It's still to complex.

2. It came about 20 years to late, so there is next to no support in 3rd party applications. What's the use of having a powerful shell if it can only connect very few parts of your system. Since there is little use, 3rd party vendors won't implement it. People who want decent command lines have moved to something unixoid years ago so there neither is pressure from your customers.

Christian Berger

Re: can't justify purchasing ... servers

If a company has "Workstations", what keeps them from installing a mailserver on one of those? The difference between a server and a workstation mostly is how its used. The base hardware is identical as the servers we have today were heavily influenced by the workstations of the past. (Of course workstations tend to have better graphics cards, etc.)

Unless of course by "Workstation" you mean some Windows 7 Home box with hardware which crashes every time someone thinks about entering the room, then you are probably an idiot.

Christian Berger

Re: Sendmail?

I've seen my colleagues. Outlook sucks as an e-mail client. It's the first one I've seen in years which cannot do normal quoting.

Christian Berger

Sendmail?

I thought the world has moved on to Postfix.

Exchange probably is the only non-"Internet" E-mail system in widespread use. I wonder if its still possible to use over NETBUI or whatever that was called. This somehow makes it a truly complex and fragile product. There are rumours that a single broken file can take down a whole server.

Anyhow, don't paint yourself into another corner. Try to find solutions which are sustainable. Running your own e-mail server can still be done even when your vendor closes down, at least when you have a normal, open source, package.

Retina Display detachment

Christian Berger

Maybe it's a test balloon

I mean Apple probably rightfully expects that people don't care about the actual product. Risking a niche product fail to find out how far they can go might be a good idea. Should they go to far, only a minor product failed, not a major one.

Christian Berger

When the iMac came out

Diskettes already were a thing of the past. Back then people were simply moving files to their FTP-servers, or they were using LANs. Some strange people were even using CDRWs or ZIP-drives, but diskettes were pretty much dead except for some special uses.

PFY vs Bearded 80s Netscape Bore: BOFH

Christian Berger

I always thought

Outlook was that "crap bit of software" management wants sysadmins to install without even knowing what its good for.

£CHING: ICANN bags $357m from 1,930 dot-word domains

Christian Berger

Re: Free money.

Well in a nutshell DNS is all about getting different entities to talk together. The only reason why company X can send E-mail to company Y is because there's DNS. The alternative would be lots of negotiations by lawyers... DNS is comparatively cheap. It's the lesser evil.

Christian Berger

Re: BBC

Well I know that is a lot of money and its completely insane, but to keep things in perspective, that's just one good HDTV studio camera with lens.

But still, throwing the equivalent value of a camera which would have otherwise been in service for 20 years out of the window simply is stupid.

Stephen Fry's Pushnote goes titsup

Christian Berger

Re: He's not "IT-literate"

No it's not, even if you don't know every detail of your car, you can still use it as a car. You steer it yourself. That's the essence of a car.

However in IT there are people who actually want a train buy cars and the car industry builds cars without steering wheels.

BTW there are many IT illiterate people who put together their own PCs from components. That has little to do with it. It's like saying, you built your own instrument, therefore you are a musician. It doesn't work that way. In fact you will find IT literate people often having some old beat down Thinkpad simply because it works reliably. Many of them don't care for speed or anything.

Christian Berger

I'm not criticizing him for investing BTW

I mean such a system, if properly done, could be beneficial. And after all, there are worse projects than keeping a few people of the unemployment lines. Furthermore he has enough money to gamble with it.

Christian Berger

Re: He's not "IT-literate"

"You can be IT-literate and not understand how to program or how the internet works."

What is computer literacy then? The ability to turn on a computer? The ability to buy one? The ability to put together a system from pre-fabricated parts?

Christian Berger

He's not "IT-literate"

Stephen Fry is a lot of things, but he isn't, and probably never will be "IT-literate".

However there are lots of people who think they are. Those people believe that it's enough to use pre-made software. That is like saying, "I can use a phonebook, therefore I'm book literate".

Literacy has many parts. It's not only the ability to consume works, but also the ability to create them. With tools there probably is also a literacy of use. You need to know what makes a tool special. Using a computer only for pre-defined tasks is like using a book to balance a table by putting a book under its short leg. Of course that's _one_ possible use of a book, but people doing so generally miss the point of what makes books books.

I admire Stephen Fry for many things but he also sets a very bad precedent of being ignorant about your own weaknesses. This is his biggest flaw. Unfortunately he is not alone with this.

Apple silences mute kids' speech app in patent blowup

Christian Berger

You need to see this from the other perspective

All those people who used the app apparently were criminals. They were using it to defraud the original manufacturer. Apple only helped them on their right way by disabling the app for them.

If you disagree, why the hell have you bought a device with that feature? If people would only stop and think before buying a computer, the world would be a happier place.

Kogan 'taxes' IE7 users

Christian Berger

Ignoring the reality

As long as Microsoft doesn't bring out their newer browsers for their older operating systems people will not be able to upgrade. The alternative route would be to finally bring out a successor of Windows 2000 for a reasonable price. (I know the Windows Server line is a worthy successor, but that sells for astronomic prices)

http://en.wikipedia.org/wiki/Internet_Explorer#OS_compatibility

Effectively for most users the alternatives are:

Switch to Linux/*BSD

Switch to Firefox (if you don't need ActiveX)

Newbie German team 3-to-1 fave in cluster building compo

Christian Berger

Seriously, nobody gets that joke

Fawlty Towers is nearly unknown in Germany.

AMD to plunk ARM core onto Fusion, Opteron chips

Christian Berger

There would be ways to achieve real security

For example you could have an enhanced type systems where every variable can contain complex types. Types like "this is an integer containing a prime number", or "this is a block of data which must not leave the scope of this function". With such features you could comfortably write and proof the correctness of your code automatically. Research in that area is on its way. If we'd spend as much effort researching this as we spend managing virus scanner licenses, we could make substantial progress.

You could go further and have tagged memory, where variables contain their type in memory and the hardware can check for illegal operations like multiplying a string and an integer, or sending a data-block which has a "must not leave system" flag to the network card.

The proposed system probably won't bring any security. People who know about security will be able to make secure systems without it. It's little use storing your key on a separate little system, if the attacker simply calls the same function as your insecure PHP webshop does.

It's also little use allowing only signed code to boot as it's extremely unlikely someone will sneak into the secure data center and covertly replace the boot sector.

Maybe a tiny little example of how a strongly typed system can prevent errors:

FUNCTION inttostr5(x:word):string;

VAR s:string;

n:integer;

BEGIN

s:=inttostr(x);

WHILE length(s)<5 DO s:='0'+s;

inttostr5:=s;

END.

Now if x could be negative, you'd get a string like 000-3. However the type "word" implies that this is an unsigned and always positive integer. If you try to call the function with a negative value, you will either get a compiler error or an exception. Now contrast that with C where types are just syntactical sugar and not enforced. What happens if you do a malloc(20+x) and x is -30? How can you keep an attacker from giving you unsuitable input without having to resort to manually checking everything? If you could just say, x is an integer between 2 and 500, your compiler could put in the necessary code for you at the best possible position. And as a side effect it can even optimize the code better.

Windows 8: Not even Microsoft thinks businesses will use it

Christian Berger

If I was Microsoft

... I'd get rid of that silly policy of charging that much more for the server version of their operating systems. And I'd get rid of the idiotic idea of charging for each remote desktop client access license.

This would put Windows on par with Linux. You could suddenly have your applications on one computer while you have the freedom to choose what you use as a terminal. This would greatly extend the life of the Win32 platform and enable Microsoft to play with newer platforms for other uses.

How to put "Stuxnet author" on your CV

Christian Berger

Re: Stuxnet author will look good on my CV...

That's a very good point, if you want to have a job that's a plus, put it in. There are a lot of jobs in the war industry, and they have to take just about everybody. But don't complain to be stuck in a job where people around you have a higher than justified self esteem.

Christian Berger

Tags?

Why is this tagged "Joibs"?

Christian Berger

Seriously, isn't that something you try to weed out when doing background checks?

I mean if you have someone who is delusional enough to violate basic human rights just because some government tells him so, that's probably not someone you might want to have in your company.

Unless it's a very unethical company that is.

Telefonica grabs Jasper cloud to hook up British vending machines

Christian Berger

Re: I'd like to teach the world to think, in perfect harmony

Companies generally don't like or don't understand efficiency. If it was like that, many companies, particularly in the financial sector would have only a tenth of their employees, but would expect those to be able to use (=program) computers.

Christian Berger

GSM modules are also fairly cheap

You can get them for less than 20 Euros now. And that does include a full TCP/IP stack

Given a beardie nerd the kiss of life? There's a medal for that

Christian Berger
Meh

Where is the point?

For most people working in the usual Dunning-Kruger infected jobs, death is the only salvation we can have. What's the use spending more years in hell when you could simply just stop it all.

Techies beg world to join the 1% on IPv6 launch day

Christian Berger

Re: I'm surpised the cell companies haven't jumped

2 Reasons:

1. Direct non-NATed network access generally involves a bit of "background noise" traffic. Since they charge by traffic or at least they need to transfer it, they don't like that.

2. IPv6 would enable the customer to have actual Internet. They could abandon otherwise expensive provider based VPN solutions.

Christian Berger

Re: Or, perhaps ...

Actually the even bigger problem is that NATed computers cannot be reached from the outside. If you only have NAT on your router, that's not to bad as you can use port forwarding. Once your router doesn't get a public IP address you won't be able to do that.

In effect that means that many essential services on the Internet will break. For example you won't be able to receive e-mail as the sending mail server won't be able to reach your computer in order to deliver their e-mail.

Of course that's no problem for post-privacy advocates who gladly post every bit of information on public servers they don't control.

NAT breaks the end to end structure of the Internet. Instead of just dialing IP addresses in VoIP applications you need to install complex servers or resort to closed solutions like Skype.

Christian Berger

Re: Come on theregister,...

Yes, either get IPv6 or build a box I can dial in via modem and terminal. If you choose to stay in the 1990s at least do it right. :)

Christian Berger

Re: Great, but...

I'm sorry, but there is no real reason why tunnels need to be significantly slower than native connections. For me, the difference in latency is 10 ms. Don't tell me you can notice that.

It's rarely more, unless you select a POP which is in another country.

Christian Berger

Actually AVM...

AVM is supporting IPv6 for routers roughly 5 years back. Every new router by them supports it by default. They also support Sixxs.net tunnels.

The main problem is finger-pointing. Everybody claims that another party is acting to slowly instead of acting themselves. Everybody complains, nobody acts.

Big Data is now TOO BIG - and we're drowning in toxic information

Christian Berger

Re: Meh

It's called the Kruger-Dunning effect. The less you know about a particular subject, the more you believe you are right. Apparently Taleb is a "victim" of it. There are, unfortunately, whole companies of such people. The problem there is that for every little bit of knowledge you get there you get a lot of pain as you suddenly see what absolute junk you and your colleagues have produced.

Christian Berger

Re: Something of a point

Actually log files are very useful since you can track your users. If you have enough of them you can make all kinds of statistics. You can not only find out which parts of your site are popular, but also how influential those parts are. Like how much is reading a single article going to change your browsing behavior.