Skip to content

Category: Neuland

Handling Wannacrypt – a few words about technical debt

So Microsoft had a bug in their systems. Many of their sytems. For many years. That happens. People write code. These people write bugs

Microsoft over the years has become decently good with fixing bugs and rolling out upgrades, quickly. That’s apparently important, because we all are not good enough at not writing bugs. So if we cannot prevent them, we need to be able to fix them and then bring these fixes to the people. All of them.

The NSA found a bug. They called it ETERNALBLUE and they have been using it for many years to compromise systems.

In order to be able to continue doing that they kept the bug secret. That did not work. The bug is now MS17-010 or a whole list of CVE-entries.

The NSA told MS about the bug when they learned that it had leaked, but not before. Microsoft patched the bug in March 2017, even for systems as old as Windows XP (which lost all support in 2014), but many people did not install the patch.

The result is “the largest cyberattack in the world”.

7 Comments

One Cookie Popup? We demand Hundreds of them!

You can’t read any website anywhere in Europe without getting a completely useless “We too are using Cookies” overlay. This has been such a unmitigated success that there exists a separate “Kill all Cookie banners” category in every Adblocker available.

But, says the Article 29 group of European Privacy Commissioners, is by far not annoying enough, we can do worse. Consent cannot be given in general, you need to make this more specific.

That is, they demand hundreds of these overlays on each site (PDF).

Page 17 of that PDF:

The end-user must be able to give separate consent per  website or app for tracking for different purposes (such as social media sharing or advertising). […]

For both browsers and data controllers this means it would be invalid if they would only offer an option ‘to accept all cookies’, since this would not enable users to provide the required granular consent.

Right. How is this even practical.

8 Comments

Strong weak ties

A long time ago, I wrote a text on the German Blog and on Carta: Wieso wir uns veröffentlichen (Why we publish ourselves). In the middle of a discussion about privacy I was explaining why people publish themselves, why they publicly reveal (sometimes intimate) facts about themselves.

They are doing this, I wrote, to find other like-minded people, to become searchable and to become approachable, to build trust.

Trust is a wonderful thing. It is the powerful assumption that most people most of the time want to help you and that falsely trying out to trust people is a recoverable mistake. Having trust and being in a trustworthy environment keeps transactional costs low and makes cooperation possible. And that’s rewarding and awesome.

How does this work in practice?

Leave a Comment

“Breitband für alle” nominated for Bertelsmann Award

Breitband für alle provides FTTH in North Friesland, bluer is better

Because FTTH is a problem in Neuland, especially if you are dependent on German Telekom, a lot of people are taking it into their own hands, bypassing German Telekom.

One Organisation doing this is the Inititative “Breitband für alle” in North Friesland, which has been nominated (german) for the “Mein Gutes Beispiel” (My good example) by Bertelsmann. The awards are being passed out on March, 30. Let’s hope they make it (Bertelsmann Page in German)

Leave a Comment

Fake News Fact Checker “Focus Online” – seriously?

In the campaign against “Fake News”, Facebook is looking for fact checking partners. Der Spiegel reports (article in German) that besides Correctiv.org so far no other proposed partners have been willing, so they are now further down the list, talking to… Focus Online.

How far down the list is Focus Online? Well, check yourself: Anti-Euro Article from 6-Feb-2017 by Bernd Lucke.

Next in line are probably the Kopp-Verlag and the independent action group for more media truth about the KKK.

1 Comment

FOSDEM: The coming Radio Lockdown

The European Radio Equipment Directive requires all devices that are able to send and receive radio signals to be locked down. Without further specification of exceptions, which has not yet been done, this will affect all devices, including pure receivers such as GPS receivers and car radios, but also mobile phones and amateur radio operators and of course almost all Internet of Trash (IoT) devices.

Hardware manufacturers are required to “install technical measurements to protect the devices from being flashed with ‘non-compliant software'”.

The talk by Max Mehl is available on the FOSDEM site.

2 Comments