Leadership Antipatterns

Leadership Anti Patterns are a special variant of Antipatterns. They are dangerous, they kill productivity and they very often come together with Crocodile Management (Link is German), Mushroom or Bulldozer Management (a new manager comes in and guess what he does first?). You might also like to read about Leadership Behaviour patterns … but that’s Harvard Business School… or Antipatterns in Project Management.

Collaborative Editing? Not for Professionals…

Documentation is team work, yes – but can you do it collaboratively? Yes, but not in collaborative editing. Git is your friend, a good workflow needs to be chosen, and then everyone on your team may choose the editor he loves. Etherpad, Google Docs and such are tools for short texts, but not for professional editing. In this article for Linux Magazine Germany I explain how we work at SUSE.

Darknet demystified – The Limits of Anonymity.

The error is on OSI Layer 8, and even the best technology won’t help you if you use it wrong. In this article about the Darknet (Heise I’X, in German) I demystify many “given” assumptions. No NSA, no police, nobody needs to crack your cryptography if you do the same silly mistakes like so many others before you.

Darknet demystified

Update: Early in February I was interviewed by Radio Berlin Brandenburg about the my opinion on the darknet.

Wechselwahn – why it does not make sense to enforce recurrent password changes.

In this article for Heise I’X (in German) I present statistical and empirical evidence why it usually is a bad idea to force your users to change their password regularly. In fact, you’ll maybe push users to use patterns for their passwords that are cracked much easier than their password. What is a good password, and why you should only change it when you have reason for doubt. “You will need good reason to push your users into regularly changing their passwords – and only in few cases or insecure environments this may make sense at all…”

Factsheets and calculations about the right password length.

DIVSI – a matter of Trust ?

Welcome to the DIVSI, the “German Institute for Trust and Security on the Internet”. This is what the website looks like in my browser, with Javascript, Cookies and all Trackers turned off. Would you trust them? It’s a government project, but still: Would you trust such a website? For once, working with experts would be nice. #sigh. I know, I am using wordpress here, but at least I am not pretending. #plonck.

DIVSI

NetzDG – well, that didn’t quite work out, did it?!

Good intentions and their real life effects – that’s sometimes a whole other story.

In Germany NetzDG, a new law, passed the legislative process with best intentions: against cyber bullying, against hate speech, against fake news. Website owners and companies such as Twitter and Facebook are to be held responsible for what is published under their watch. At least, that was the idea.

Only three weeks into its existence the law, however, has had several severe impacts on free speech. Afraid of being punished social media platforms started to delete numerous postings and content..

More: https://netzpolitik.org/2018/csunet-netzdg-verstoesst-gegen-die-verfassung/

ePrivacy – Keynote at 34th Chaos Communication Congress

At the 34th CCC meeting – the legendary Chaos Communication Congress – Ingo Dachwitz held an interesting speech about a highly controversial topic: We all want our data to be safe. But what is really necessary for a well informed understanding of data security of individual users? Can we declutter ePrivacy?

Watch here: https://netzpolitik.org/2018/34c3-eprivacy-macht-der-datenschutz-das-internet-kaputt/

Best voice recognition? No, it’s not Apple, Google or Microsoft – the NSA does the best job.

A recent Intercept post once more shows great insight into history and state of NSA technologies. This time it’s about voice recognition and recognizing “who’s speaking” within very little time. Things have changed since the cold war, but I was not aware of secret services creating so-called voiceprints of all of us – including and focusing on non-US citizens. There’s an NSA program called Voice RT (link), but also China and Europe are involved:

In November, a major international speaker recognition effort funded by the European Union passed its final test, according to an Interpol press release. More than 100 intelligence analysts, researchers, and law enforcement agents from over 50 countries — among them, Interpol, the U.K.’s Metropolitan Police Service, and the Portuguese Polícia Judiciária — attended the demonstration, in which researchers proved that their program could identify “unknown speakers talking in different languages … through social media or lawfully intercepted audios.”

The Intercept

NSA documents reviewed by The Intercept outline the contours of a similarly expansive system — one that, in the years following 9/11, grew to allow “language analysts to sift through hundreds of hours of voice cuts in a matter of seconds and selects items of potential interest based on keywords or speaker voice recognition.”

Last week the US senate agreed on extending these surveillance measures, and the NSA’s goal is clear, not only since the 2010 conference where its directors clarified:

“It is all about locating, tracking, and maintaining continuity on individuals across space and time. It’s not just the traditional communications we’re after — It’s taking a ‘full arsenal’ approach.”

Agora – Hypatia of Alexandria

Agora DVD

Hypatia of Alexandria lived in th 4th century A.D., in hard times for a female philosopher and scientist. According to Wikipedia, she is “the first female mathematician whose life is reasonably well recorded.” The astronomer and university teacher Hypatia tried to conserve the (ancient-classical) knowledge that was endangered by religious turmoil in the wake of the fall of the Roman empire. 

Rachel Weisz plays a wonderful Hypatia in Amenábar’s movie “Agora“. In its end, she’s killed by religious fanatists (in this case Christian ones), who tear her skin off, mostly because she failed to comply with the religion’s rules and the position in society she was supposed to take.

#Meltdown-#Spectre: I Guess the NSA knew about it since 1995…

The Intel 80x86 Platform should never be used in environments that need security... Here is a study from 1995 which was paid for by the NSA (I guess that is what “under the auspices” means?) and that comes to very frightening findings. Well, at least if you’re in security and IT:

“An in-depth analysis of the 80×86 processor families identifes architectural properties that may have unexpected, and undesirable, results in secure com-

puter systems. In addition, reported implementation errors in some processor versions render them undesirable for secure systems because of potential security and reliability problems.”

“This analysis is being performed under the auspices of the National Security Agency’s Trusted Product Evaluation Program (TPEP).”

I think this study sheds a strange light on the following quote from the Washington post:

“Rob Joyce, White House cybersecurity coordinator, said, “NSA did not know about the flaw, has not exploited it and certainly the U.S. government would

never put a major company like Intel in a position of risk like this to try to hold open a vulnerability.”

Oh really? A #Meltdown?

meltdownMedia is going crazy about #Meltdown and #Spectre. Should you panic, too?

Here are some of my thoughts on that recent security desaster:

  1. Don’t worry. Your systems have been damaged for twenty years, probably. A hardware vendor (probably more, maybe all of them) sold buggy chips, and they have been broken since 1995 or so.
  2. It became known during the summer of 2017. At least, but surely not only since then a realistic chance of exploits was around, which became imminent some weeks ago and led Google/Intel to withdrawing from deadline and going public.
  3. Yes, your systems are most likely affected. If you were not asked recently (i.e. since last Wednesday) to upgrade your kernel, then you have a problem. You are not affected if you are running hardware older than 1995 or some ARM stuff. Your kernel should now be 4.14.11 or newer – or contain backported code if it is an older version.
  4. The patches deployed by all major OS vendors last week will make your systems significantly slower. However they will fix most of the problems, but not the ones that are so deep into hardware that no software can fix. Yes there are. But if you are only gaming, sending mails, writing office documents and browsing the web, you won’t even notice. However, if you are a database admin or running DNS servers or Enterprise Clouds – anything with many “context switches” between userland and kernel space, then you’re likely to suffer from performance loss.. 
  5. The whole story may even become an #intelgate, because rumors have it that Intel had prior knowledge and some strange things going on with testing. Rumors, nothing more, except for a CEO selling most of his Intel stock in November and a flaw that makes systems 30-50% faster, but for what a price?

Justmy2cents.

Western Digital MyCloud – The Internet of insecure Things (IoiT), part 157

I like it when your gut feeling proves to be right. Hackernews just published this https://thehackernews.com/2018/01/western-digital-mycloud.html

..”

I have one of these devices, and after a first glance I deactivated the software as fast as I could – obviously my intuition was right.

 

 

Really Safer? Or just a feeling?

security theater meets bike

What people feel and what is actually true – that’s often not quite the same. Expecially when it comes to security, merely feeling safe sometimes seems to be more important than reality. As the blog “Erich sieht” shows that is true cycling as well. The British National Health Service NHS puts it in a very short sentence:

“Official figures taken from the NTS suggest that the general risk of injury from cycling in the UK is just 1 injury per 19,230 hours of cycling.”

“Erich sieht” does the math for you: A typical bycicle courier would need to work for ten years, 40 hours per week to suffer his first injury – statistically.

https://erichsieht.wordpress.com/2018/01/04/so-ungefahrlich-ist-radfahren/

Hedy Lamarr – Acting and Frequency Hopping

Hedy Lamarr 1944 (Wikipedia)
Hedy Lamarr 1944 (Wikipedia)

 

Hedy Lamarr (Hedwig Eva Maria Kiesler). The famous Austrian-American actress invented frequency hopping and was a well-known Hollywood actor, including the first ever portrayed female orgasm in a movie. 2014 she became a member of the National Inventors Hall of Fame.

Videomitschnitt »Twittwoch Spezial Datenschutz« in München (2013)

Having a fine debate – it’s just the best thing to do on a wednesday, right?!

In 2013 I was invited to “Twittwoch” (literally a combination of “twitter” and “Mittwoch”, meaning wednesday in German) talking about data security in Munich. On the panel such interesting fellas as Jerzy Montag, then member of German parliament, Daniel Duda, an expert on cyber security, Tanja Gabler from Internet World Business, Stefan Gröner and Dr. Guido Brinkel (1&1 Internet AG, Expert Government Relations).

Watch to the interesting discussion presented by our host the amazing blogger Thomas Pfeiffer.

 

http://www.twittwoch.de/videomitschnitt-twittwoch-spezial-datenschutz-in-muenchen/

(In German only.)

 

 

Frances Spence – another unhonored ENIAC developer

Frances Spence

One more from the core female developers of ENIAC. As other women, she mostly went unhonored – because female contributions didn’t match societies’ expectations:

Photos of these women working on the computer often went without credit in newspapers at the time, and when the ENIAC was completed and unveiled to the public on February 15, 1946, the US Army failed to mention the names of the female programmers who had programmed the machine to run such sophisticated calculations. This further contributed to the perceived disconnect between women and computing.

(Read more on Wikipedia)