Oh really? A #Meltdown?

meltdownMedia is going crazy about #Meltdown and #Spectre. Should you panic, too?

Here are some of my thoughts on that recent security desaster:

  1. Don’t worry. Your systems have been damaged for twenty years, probably. A hardware vendor (probably more, maybe all of them) sold buggy chips, and they have been broken since 1995 or so.
  2. It became known during the summer of 2017. At least, but surely not only since then a realistic chance of exploits was around, which became imminent some weeks ago and led Google/Intel to withdrawing from deadline and going public.
  3. Yes, your systems are most likely affected. If you were not asked recently (i.e. since last Wednesday) to upgrade your kernel, then you have a problem. You are not affected if you are running hardware older than 1995 or some ARM stuff. Your kernel should now be 4.14.11 or newer – or contain backported code if it is an older version.
  4. The patches deployed by all major OS vendors last week will make your systems significantly slower. However they will fix most of the problems, but not the ones that are so deep into hardware that no software can fix. Yes there are. But if you are only gaming, sending mails, writing office documents and browsing the web, you won’t even notice. However, if you are a database admin or running DNS servers or Enterprise Clouds – anything with many “context switches” between userland and kernel space, then you’re likely to suffer from performance loss.. 
  5. The whole story may even become an #intelgate, because rumors have it that Intel had prior knowledge and some strange things going on with testing. Rumors, nothing more, except for a CEO selling most of his Intel stock in November and a flaw that makes systems 30-50% faster, but for what a price?

Justmy2cents.

Western Digital MyCloud – The Internet of insecure Things (IoiT), part 157

I like it when your gut feeling proves to be right. Hackernews just published this https://thehackernews.com/2018/01/western-digital-mycloud.html

..”

I have one of these devices, and after a first glance I deactivated the software as fast as I could – obviously my intuition was right.

 

 

Really Safer? Or just a feeling?

security theater meets bike

What people feel and what is actually true – that’s often not quite the same. Expecially when it comes to security, merely feeling safe sometimes seems to be more important than reality. As the blog “Erich sieht” shows that is true cycling as well. The British National Health Service NHS puts it in a very short sentence:

“Official figures taken from the NTS suggest that the general risk of injury from cycling in the UK is just 1 injury per 19,230 hours of cycling.”

“Erich sieht” does the math for you: A typical bycicle courier would need to work for ten years, 40 hours per week to suffer his first injury – statistically.

https://erichsieht.wordpress.com/2018/01/04/so-ungefahrlich-ist-radfahren/

Videomitschnitt »Twittwoch Spezial Datenschutz« in München (2013)

Having a fine debate – it’s just the best thing to do on a wednesday, right?!

In 2013 I was invited to “Twittwoch” (literally a combination of “twitter” and “Mittwoch”, meaning wednesday in German) talking about data security in Munich. On the panel such interesting fellas as Jerzy Montag, then member of German parliament, Daniel Duda, an expert on cyber security, Tanja Gabler from Internet World Business, Stefan Gröner and Dr. Guido Brinkel (1&1 Internet AG, Expert Government Relations).

Watch to the interesting discussion presented by our host the amazing blogger Thomas Pfeiffer.

 

http://www.twittwoch.de/videomitschnitt-twittwoch-spezial-datenschutz-in-muenchen/

(In German only.)

 

 

Frances Spence – another unhonored ENIAC developer

Frances Spence

One more from the core female developers of ENIAC. As other women, she mostly went unhonored – because female contributions didn’t match societies’ expectations:

Photos of these women working on the computer often went without credit in newspapers at the time, and when the ENIAC was completed and unveiled to the public on February 15, 1946, the US Army failed to mention the names of the female programmers who had programmed the machine to run such sophisticated calculations. This further contributed to the perceived disconnect between women and computing.

(Read more on Wikipedia)

The Twitter-Controversy: Titanic and Beatrix von Storch

Freedom of speechIt’s abut freedom of speech, so the stakes are rather high.

It may sound a little overwhelming, but the tide is high in the controversy about the newest data (security) and privacy laws in Germany and Twitter. Because of the new legislation, mainly done by Heiko Maas (social democrats), that was supposed to stop digital harrasment and racism, kicked fully in: but not in the way it seemed designed for. The satirical magazine “Titanic” got shut down on Twitter (by Twitter) for its parody on altright politician Beatrix von Storch.

Read more here: http://www.titanic-magazin.de/news/twitter-sperrt-titanic-wegen-beatrix-von-storch-parodie-9376/

ENIAC: Betty Jean Jennings Bartik

The ENIAC's main control panel with Bartnik on the left.

Bartik was one of the leading developers of the ENIAC trajectory computer, and she was quite proud of its first public presentation in 1946:

“The day ENIAC was introduced to the world was one of the most exciting days of my life. The demonstration was fabulous. ENIAC calculated the trajectory faster than it took the bullet to travel. We handed out copies of the calculations as they were run. ENIAC was 1,000 times faster than any machine that existed prior to that time. With its flashing lights, it also was an impressive machine illustrating graphically how fast it was actually computing.”

(more at Wikipedia)

Hosting Open! 2016 Blockchain panel

Transparent geblockt

Just found these pictures from hosting a panel on Blockchain at the Open Source Business Alliance’s 2016 Open IT! Konferenz,  moderating the OSBAR Award ceremony and the corresponding article on blockchain in enterprise (written for the OSBA/MFG) called “transparently blocked”, unfortunately only available in German: Transparent geblockt :

Am 7. Dezember [2016] treffen sich Experten aus Industrie, Wissenschaft und IT, um bei der OPEN! 2016 zu (er)klären, ob die Blockchain Hype oder ein echter Game-Changer ist, welche Rolle Verschlüsselung und Peer-to-Peer-Netzwerke dabei spielen und warum immer mehr Branchen der Meinung sind, die Kette aus verschlüsselten Informations-Blöcken lasse sich für neue und alte Geschäftsmodelle gewinnbringend einsetzen.

More Pictures from the conference can be found here.

OPEN! 2015 – Hosting the Panel “Open Source”

In 2015 Markus was permitted to moderate the panel “Open Source” at the OSBA and MFG’s Open! 2015. I was happy to welcome Malte Spitz and other prominent experts. Well, here’s my report (sorry, German only!). Interesting fact: We were among the first to demand “Public money, public code!”, and I love Malte Spitz’s quotes: “There’s no provable security without open source.” “Data protection is like the environmental protection of the future.”

OPEN! 2015 – Bericht aus den Panels – YouTube

Visiting the LPI board of directors

 

Getting up Saturday morning at 5 o’clock isn’t funny, but sometimes it’s worth it.
Today I traveled 400 miles across the country to meet with the board of the Linux Professional Institute, Central Europe Master Affiliate. Those four guys have been running the board throughout the last years… (from left to right) Dimitrios Bogiatzoules, Chairman Klaus Behrla, Oliver Michel and second chairman Reiner Brandt.