Tweakers uses cookies Tweakers is part of DPG Media. Our sites and apps use cookies, JavaScript and similar technology among other things to provide you with an optimal user experience. We can also record and analyze the behavior of visitors, and add this information to visitor profiles.
Cookies can be used to show advertisements on Tweakers and to recommend articles that match your interests. Third parties can also track your internet behavior, as is the case with embedded videos from YouTube.
Cookies can also be used to display relevant advertisements on third party sites. More information about this can be found at tweakers.net/cookies.
To view pages on Tweakers, you must accept the cookies by clicking on ‘Yes, I accept cookies’.
If decisive components for critical infrastructures (Kritis) are procured in Germany – for example for telecommunications networks – then certain producers can be excluded. However, that will only happen if the federal government unanimously resolves it. There is no provision for a single ministry to go it alone. This is based on the meanwhile third ministerial draft of the Federal Ministry of the Interior (BMI) for the reform of the IT security law.
Public interest and relevance to security policy According to the “Huawei clause” in the paper from Thursday published by the Kritis working group and the information lawyer Dennis-Kenji Kipker, Prohibit the use of a “critical component vis-à-vis the operator of the critical infrastructure” only within one month “in agreement with the relevant department” or issue relevant orders. The prerequisite for this is that such an exclusion is necessary due to overriding public interests and in particular security policy concerns of the Federal Republic of Germany. The operators have to await a corresponding decision.
The approval procedure outlined in Section 9b is complex. The use of critical components is initially subject to mandatory certification. The Federal Office for Information Security (BSI) is responsible here. The Federal Network Agency has already presented relevant provisions for critical telecommunications and data processing systems with a new draft of a security catalog.
Manufacturers must declare their trustworthiness In addition, a Kritis operator such as Deutsche Telekom, Vodafone or Telefónica must report the project to the BMI. The important technical components may only be used if manufacturers – in the case of 5G and other telecommunications networks, i.e. equipment suppliers such as Huawei, ZTE, Nokia or Ericsson – have made a declaration of their trustworthiness to the operator.
According to the plan, this guarantee statement extends to the entire supply chain of the manufacturer. It must show whether and how the producer “can adequately ensure that the critical component does not have any technical properties that are suitable” for improperly influencing “the security, integrity, availability or functionality of the critical infrastructure”. In particular, “sabotage, espionage or terrorism” should be ruled out. In plain language: there must be no back doors.
In order to adequately take account of such concerns, the guarantee declaration must, according to the reasoning, “also cover possible dangers and violations of certain duties that arise from the organizational structures “or possible other legal obligations of the manufacturer.
Right of participation of affected ministries The contents of the The Federal Ministry of the Interior should issue a declaration of trustworthiness by means of a general decree, since specific content is decisive for various Kritis sectors. In order to be able to take into account all relevant matters of the ministries, it will involve the ministries concerned at an early stage. Whoever has a say is based “on the critical infrastructure sector and the departmental responsibilities resulting from it”. For example, the Federal Ministry of Economics in the field of telecommunications is affected, and the Foreign Office when “public interests are affected due to foreign and security policy issues” “, which the Federal Chancellery joins the department head level. Such a structured exchange is necessary “in order to enable a comprehensive clarification of the facts” and preparation within the tight deadlines provided.
Operation of a component can be prohibited In addition, the “proactive” departments have a “suitable escalation mechanism” ready, according to the explanations. This is necessary for cases in which the working level cannot agree on a ban. Insofar as a dissent persists at ministerial level, “the Federal Government must promptly discuss the dispute with the aim of advancing an amicable decision”. If violations are found, it should also be possible “to prohibit the further operation of a component”.
In principle, the government and the coalition factions of the CDU / CSU and SPD now legally agreed to this after much dispute in the summer formulated procedure notified. The Huawei drops had been sucked, it was said at the time. The political trustworthiness test, which takes place in addition to a BSI certification, will be based on objective criteria. If none of the departments involved raise concerns, the approval has actually been granted. One does not want to bow to the pressure from the USA to exclude Huawei on a large scale and blanket.
Reservations against access by the manufacturer According to the draft, the Federal Ministry of the Interior considers the procedure to be indispensable, since “with the increasing IT complexity of the critical components used, a significant part of the controllability of the technology in the context of product maintenance (software updates, firmware updates, closing of Security gaps) remains with the manufacturer itself or with the further supply chain “. Neither component certification nor high technical security requirements adequately ensure “that the manufacturers do not implement any improper access to hardware and software”.
The comprehensive examination of remaining residual risks should be based on an objective, relevant assessment of the Manufacturer. According to the Federal Ministry of the Interior, the path taken will also serve to implement the recommendations of the EU’s “5G Toolbox”.
BSI will become Cyber as planned Authority Otherwise the plan remains to upgrade the BSI to a powerful cyber authority with hacker powers. With 799 new places – instead of 583 planned in the second draft from May – and around 42, 9 million euros in personnel costs Office will become a key player in the fight against botnets, neglected devices in the Internet of Things or the spread of malware. One focus is consumer protection, a “voluntary IT security label” is to come.
The authority can “log data” including personal user information such as IP addresses, which are used in online communication between citizens and Federal administrative institutions as well as parliamentarians are incurred, in the future 12 save and evaluate for months. The two earlier drafts spoke of a year and a half.
In addition, there is internal “logging data” from all authorities in the form of records on the type of use of IT. This is intended to make it easier to identify widespread Trojans such as Emotet and complex attacks, often originating from secret services.
The Federal Ministry of the Interior has revised and expanded the regulations on fines. The maximum values range – graded according to the severity of violations in different categories – from 100. 000 up to 20 Million Euros. As a consequence of the end of the Doxxing incident 799, a further reporting obligation is to be introduced in the Telemedia Act. Providers would therefore have to inform the Federal Criminal Police Office and, for example, provide inventory data and, if necessary, passwords of injured parties or suspects if they are aware of a major data leak. The tightening of the criminal law still planned by the BMI 2019 not only in this area are off the table for the time being.
Information about the storage period at the BSI corrected after it was adjusted again in the most recent draft.
“The fight is over, our boys won.” Steven Levy quotes James Bidzos in his book on the “code rebels”. With these words the former manager of RSA Data Security, which specializes in encryption solutions, came on stage in the year 2000 at the opening of the RSA conference he founded in San Francisco. For Bidzos and Levy there was no doubt at the time: The “Cypherpunks” had been able to prevail against the US government in the first Crypto War and thus “save privacy”.
What is missing: In the rapid world of technology, there is often time to rearrange the many news and backgrounds. At the weekend we want to take it, follow the side paths away from the current, try out other perspectives and make nuances audible.
War over encryption not ended But the war for secure encryption in the digital age is far from over. It flares up again and again with new nuances, even if all the core arguments have long been exchanged. The main problem: There can be no “balanced” compromise in this dispute, as politicians are otherwise so keen to strive for. Because if you give up IT security and data protection in order to gain a little more public security, you will lose both in the end.
It is one of the recurring zombie disputes about fundamental rights as with data retention, in which constant dripping should hollow the stone. Currently, the public discussion in Europe has increased significantly in sharpness, as is shown by many exchanges of blows.
Prevent “unlawful access” No one in the EU Commission intends to ban encryption or weaken. No back doors should be built into cryptographically secured products. This was last confirmed by representatives of the Brussels government institution on Thursday during an online exchange on the “future of encryption in the EU” organized by the Internet Society (ISOC).
“The Commission is a strong advocate of strong encryption, “emphasized Cathrin Bauer-Bulst, Head of Unit at the General Directorate for Domestic Policy. The technology is important to prevent “unlawful access” to personal information. The big but inevitably followed, however: criminals also use encryption to carry out their deeds, the cybercrime expert pointed out. EU law enforcement officers have stated that 75 percent of their cases are affected.
Equivalent to the apartment search “in digital space” For Bauer-Bulst it is clear: A “lawful one.” Investigators must have access to the data they need. There needs to be an adequate equivalent in digital space to the ability of law enforcement officers to search an apartment with a court order. Metadata about the location of a user or about the device and browser used by them also provided important clues for law enforcement officers. However, the European Court of Justice (ECJ) has repeatedly made it clear that it can be used to create sensitive profiles and that similar protection applies to this field as to content data.
Paul Nemitz made a very similar statement, Chief Adviser to the Commission’s Directorate-General for Legal Affairs and Consumer Protection. According to him, the police always had the opportunity to read letters or listen to a telephone conversation “in real time” in the event of a case. Similar to data retention, where the ECJ has just put its previous line into perspective, it is therefore important to achieve a “practical concordance”.
The PC revolution started off life 35 years ago this week. Microsoft launched its first version of Windows on November 20th, 1985, to succeed MS-DOS. It was a huge milestone that paved the way for the modern versions of Windows we use today. While Windows 10 doesn’t look anything like Windows 1.0, it still has many of its original fundamentals like scroll bars, drop-down menus, icons, dialog boxes, and apps like Notepad and MS paint.
Windows 1.0 also set the stage for the mouse. If you used MS-DOS then you could only type in commands, but with Windows 1.0 you picked up a mouse and moved windows around by pointing and clicking. Alongside the original Macintosh, the mouse completely changed the way consumers interacted with computers. At the time, many complained that Windows 1.0 focused far too much on mouse interaction instead of keyboard commands. Microsoft’s first version of Windows might not have been well received, but it kick-started a battle between Apple, IBM, and Microsoft to provide computing to the masses.
Microsoft co-founder Bill Gates with a boxed copy of Windows.Carol Halebia
Back in 1985, Windows 1.0 required two floppy disks, 256 kilobytes of memory, and a graphics card. If you wanted to run multiple programs, then you needed a PC with a hard disk and 512 kilobytes of memory. You wouldn’t be able to run anything with just 256 kilobytes of memory with modern machines, but those basic specifications were just the beginning. While Apple had been ahead in producing mouse-driven GUIs at the time, it remained focused on the combination of hardware and software. Microsoft had already created its low-cost PC DOS operating system for IBM PCs, and was firmly positioned as a software company.
With Windows 1.0, Microsoft took the important step of focusing on apps and core software. IBM held onto the fundamentals of the PC architecture for a few years, but Microsoft made it easy for rivals and software developers to create apps, ensuring that Windows was relatively open and easy to reconfigure and tweak. PC manufacturers flocked to Windows, and the operating system attracted support from important software companies. This approach to providing software for hardware partners to sell their own machines created a huge platform for Microsoft. It’s a platform that allows you to upgrade through every version of Windows, as a classic YouTube clip demonstrates.
Windows has now dominated personal computing for 35 years, and no amount of Mac vs. PC campaigns have come close to changing that, but they’ve certainly been entertaining. Microsoft has continued to tweak Windows and create new uses for it across devices, in businesses, and now with the move to the cloud. It’s only now, with the popularity of modern smartphones and tablets, that Windows faces its toughest challenge yet. Microsoft may yet weather its mobile storm, but it will only do so by rekindling its roots as a true software company. In 2055, it’s unlikely that we’ll be celebrating another 35 years of Windows in quite the same fashion, so let’s look back at how Microsoft’s operating system has changed since its humble beginnings.
Where it all began: Windows 1.0 introduced a GUI, mouse support, and important apps. Bill Gates headed up development of the operating system, after spending years working on software for the Mac. Windows 1.0 shipped as Microsoft’s first graphical PC operating system with a 16-bit shell on top of MS-DOS.
Windows 1.0 (1985)
Windows 2.0 continued 16-bit computing with VGA graphics and early versions of Word and Excel. It allowed apps to sit on top of each other, and desktop icons made Windows feel easier to use at the time of the 2.0 release in December, 1987. Microsoft went on to release Windows 2.1 six months later, and it was the first version of Windows to require a hard disk drive.
Windows 2.0 (1987)
Windows 3.0 continued the legacy of a GUI on top of MS-DOS, but it included a better UI with new Program and File managers. Minesweeper, a puzzle game full of hidden mines,also arrived with the Windows 3.1 update.
Windows 3.0 (1990)
Windows NT 3.5 was the second release of NT, and it really marked Microsoft’s push into business computing with important security and file sharing features. It also included support for TCP/IP, the network communications protocol we all use to access the internet today.
Windows NT 3.5 (1994)
Windows 95 was where the modern era of Windows began. It was one of the most significant updates to Windows. Microsoft moved to a 32-bit architecture and introduced the Start menu. A new era of apps emerged, and Internet Explorer arrived in an update to Windows 95.
Windows 95 (1995)
Windows 98 built on the success of Windows 95 by improving hardware support and performance. Microsoft was also focused on the web at its launch, and bundled apps and features like Active Desktop, Outlook Express, Frontpage Express, Microsoft Chat, and NetMeeting.
Windows 98 (1998)
Windows ME focused on multimedia and home users, but it was unstable and buggy. Windows Movie Maker first appeared in ME, alongside improved versions of Windows Media Player and Internet Explorer.
Windows ME (2000)
Windows 2000 was designed for client and server computers within businesses. Based on Windows NT, it was designed to be secure with new file protection, a DLL cache, and hardware plug and play.
Windows 2000 (2000)
Windows XP really combined Microsoft’s home and business efforts. Windows XP was designed for client and server computers within businesses. Based on Windows NT, it was designed to be secure with new file protection, a DLL cache, and hardware plug and play.
Windows XP (2001)
Windows Vista was poorly received like ME. While Vista introduced a new Aero UI and improved security features, Microsoft took around six years to develop Windows Vista and it only worked well on new hardware. User account control was heavily criticized, and Windows Vista remains part of the bad cycle of Windows releases.
Windows Vista (2007)
Windows 7 arrived in 2009 to clean up the Vista mess. Microsoft did a good job of performance, while tweaking and improving the user interface and making user account control less annoying. Windows 7 is now one of the most popular versions of Windows.
Windows 7 (2009)
Windows 8 was a drastic redesign of the familiar Windows interface. Microsoft removed the Start menu and replace it with a fullscreen Start Screen. New “Metro-style” apps were designed to replace aging desktop apps, and Microsoft really focused on touch screens and tablet PCs. It was a little too drastic for most desktop users, and Microsoft had to rethink the future of Windows.
Windows 8 (2012)
Back to the Start: Windows 10 brings back the familiar Start menu, and introduces some new features like Cortana, Microsoft Edge, and the Xbox One streaming to PCs. It’s more thoughtfully designed for hybrid laptops and tablets, and Microsoft has switched to a Windows as a service model to keep it regularly updated in the future.
Windows 10 (2015)
Windows 10 hasn’t changed drastically over the past five years. Microsoft has been tweaking various parts of the operating system to refine it. More system settings have moved from the traditional Control Panel over to the new Settings app, and the Start menu has a less blocky look to it now. We’re still waiting to see what Windows 10X (originally designed for dual-screen devices) will bring, but Microsoft has also been improving the system icons for Windows 10. 2021 could bring an even bigger visual refresh to Windows 10.
Windows 10 (2020)
Editor’s note: This story was originally published in 2015 to mark the 30th anniversary of Windows. It has been updated and republished for 35 years of Windows.
If you want to buy a new television set, you will find a lot of offers. The large selection makes it cheaper, but not necessarily easier. You should therefore determine some basic decision-making criteria: What size and what equipment is the minimum, what is the price limit.
The question of resolution currently does not arise: Everything above 32 inch diagonal (80 centimeters) should be 4K resolution with 3840 × 2160 Have pixels. Even more pixels like those on 8K displays are currently of little use – the content is missing. You shouldn’t rely on the supposed future security: If you buy an 8K TV today, you will probably not be equipped for the next few years. Too much has changed for the video formats and interfaces.
Some people may not be looking for a television at all, but actually just a large display: A “stupid” TV, i.e. a smart TV without smart functions, can be accessed with a streaming client Getting ready for Netflix & Co. Such televisions do exist, but you will hardly find them on the store shelves of Saturn, Expert & Co. Instead, there are smart TVs that have built-in apps for streaming in addition to tuners.
Large displays without smart functions and without TV tuners are usually significantly more expensive than their smart colleagues. The reason: They are designed for 24 / 7 operation . There are a few “stupid” TVs with tuners but no internet connection. However, these have disadvantages compared to smart TVs: They typically lack special processors for image processing, such as moving image compensation, effective noise filters or sophisticated image presets. Smart TVs generally have much more to offer here.
Instead of using the built-in streaming apps, you can upgrade the TV display with a streaming client like Google’s Chromecast.
Help with buying a TV: What you really need and what you can do without The appropriate display technology When searching for TV, you will find yourself using various technologies faced: LCD, QLED, LED, OLED or also micro-LED. The first three are televisions with liquid crystal screens, micro-LED also means LCD TV or describes a completely new display variant, OLED TVs use an organic display.
You don’t want to anymore as 364 Euro, the question arises whether LCD or OLED is currently hardly – OLED- TVs are generally more expensive. LCD TVs are recommended for very bright rooms because, thanks to their higher maximum luminance, they can also present images with sufficient contrast. Attention: With the cheapest liquid crystal screens the manufacturers save on the backlight, this does not apply to such devices.
OLED TVs are in principle very high-contrast because their pixels simply remain off at the points where the picture content is black. Color perception also benefits from the rich black. However, the maximum brightness of OLED TVs is lower and the black level increases due to reflections on the screen in a bright environment. Therefore, the display on the OLED TV fades in the light-flooded living room. OLED displays offer the greatest viewing angles, i.e. images with high contrast and color, even if you look at them from the side.
With displays with micro-LED technology, you have to differentiate between conventional LCDs, in the back many small diodes illuminate the LC layer, and displays in which the LEDs themselves serve as pixels. The latter are still a long way off. On the other hand, you can already buy LCD TVs with a direct LED backlight and local dimming (FALD): If the TV has a large number of LED zones, this ensures impressive contrasts, which is particularly beneficial for HDR content. The black level of the LCD pixels is not better as a result and the FALD backlight does not help against the viewing angle dependency of many LCD TVs either.
In the thermal image it becomes clear which television is a direct LED backlight uses (left) and who uses LED strips of the Edge LED (right).
High-contrast display Modern televisions can almost always reproduce high-contrast HDR content. However, the result depends heavily on the device and the TVs support different HDR formats depending on the manufacturer and model: HDR 10 and HLG dominate almost everyone, at HDR 10 + and Dolby Vision, however, are divided. With HDR 10 + and Dolby Vision, the video data are displayed dynamically adapted to the respective image content: Samsung relies on HDR 10 +, Sony and LG on Dolby Vision, manufacturers such as Panasonic and Philips bypass possible conflicts and simply support both.
If no HDR formats are played back, for example when watching TV, most TVs can still display them in HDR – prepare accordingly. The result is often brightly colored, overexposed images.
c’t 25 / 2020 In c’t 25 / 2020 the editors provide selection aids for TV purchases and a test of smart TVs. Lots of handouts and a test of current e-mail clients should help you to stay ahead of the daily flood of e-mails. The c’t editors have discovered a data leak at the navigation specialist TomTom and they are analyzing the surveillance pieces from Office 364. There are also many other tests and not to forget a whole bag full of nerdy gift tips for the upcoming Christmas party. c’t 25 / 2020 is now available in the Heise shop and at the well-stocked magazine kiosk.
With 472 billion passenger and 430 billion ton-kilometers for the Freight traffic on 216. 000 kilometers of active routes per year in Europe, the railway sector plays a large and rapidly growing role in transport. However, digitization poses major IT security challenges for the sector, the European cybersecurity authority Enisa has found.
The agency attests to this The rail transport sector, in a report just released, “an overall lack of cybersecurity awareness”. In addition, there would be problems due to the complex operating technology used. Even the simplest security measures on operational systems can often not be fully implemented. A change in awareness is therefore necessary in order to build up more specialist knowledge about IT security. Otherwise there would be nothing with the digital transformation in the area, which would reduce its competitiveness.
Cyber attacks on railway companies The authors point to incidents that have already bothered the sector. These include, for example, a 2015 denial-of-service attack in Ukraine and the WannaCry attack on Deutsche Bahn 2017. Among other things, display boards were damaged. In this year alone, a railway company in Great Britain with a huge data outflow of 146 million entries over around 10. 000 People struggled who would have used the free WiFi.
The Swiss rail vehicle manufacturer Stadler was hit by a malware attack in which the attackers stole internal documents and published them online Study. The Spanish infrastructure manager Adif was also affected by a ransom demand.
A wide range of IT functionalities and networked devices related to the Internet of Things are currently being introduced into railway systems, the authors state. However, those responsible often did not procure and manage the technology properly. This leads to weaknesses.
Outdated systems slow down cybersecurity With this report, Enisa assesses the implementation of the directive on network and information security (NIS) in the Member States. Over the years, the agency has worked closely with railway companies and infrastructure operators. In order to find out the state of affairs, the auditors carried out an online survey in the sector with 41 participants 21 Member states including Germany and Norway. 71 Percent of the participants were operators of “essential services”.
In general, the authors registered that among those questioned Companies have a large number of legacy systems as well as a large number of devices and networks to be secured. Many of them are based on the state of the art of yesteryear, are now out of date or outdated due to the long service life. This makes it difficult to bring them in line with current cybersecurity requirements. Furthermore, the systems are usually distributed over many train stations and tracks, which makes comprehensive control difficult.
The strong dependence on the supply chain does not make things any easier, the report says. With regard to system updates, patch and lifecycle management, the operators are dependent on their suppliers, external providers and other third parties. The cybersecurity awareness and the associated skills also varied among these.
In addition, according to the study, there are conflicts between different forms of security thinking. For example, with any update to introduce cybersecurity provisions, those responsible would have to ensure that mechanisms for the general protection of passengers remain intact. This requires additional time and money. In addition, those responsible are usually not trained in the area of IT security.
Between security and competitiveness The authors emphasize the need to strike the right balance between cybersecurity, competitiveness and operational efficiency. There is a lot of cost pressure here, as customers otherwise resort to alternative means of transport such as the car or plane. Railways also required nationwide investment. If the security of IT systems is increased, data flows and the availability of the systems could be severely impaired.
53 Percent of the essential service providers surveyed have implemented at least basic cybersecurity measures such as access control or system separation, according to the results. Procedures that required a higher level of technical expertise, such as encryption or the inclusion of industrial control systems, would, however, be implemented to a lesser extent. Only 38 percent would have at least partially defined safety indicators and set up a test procedure for them. 41 Percent said they had examined their ecosystem, only 31 Percentage but also the relationships with third parties.
Your systems also only configured 45 Percentage of the important operators appropriate, the auditors found. Only 24 percent used cryptographic solutions. The participants also did not do well in the categories of defense and resilience. Better-positioned railway organizations, however, carried out emergency exercises to simulate cyber attacks.
Enisa also sees room for improvement in the ERTMS European rail traffic control system for controlling signals and driving speed. It includes the ETCS security and control system, GSM-R radio data transmission and operating regulations. Some precautions for IT security are already included, but a detailed analysis of potential threats, attack vectors and the measures to be derived from them are still pending. Here too, software updates are “complex, expensive and time-consuming”. A few years ago, hackers had already identified attack surfaces around networked train control systems.
The Federal Government wants to quickly settle the long dispute with the EU Parliament over the planned regulation against terrorist propaganda on the Internet in view of the recent attacks in Vienna and Nice, for example. In her role at the head of the EU Council of Ministers, she sent an extended compromise paper to the other member states last week. She writes: More than two years after the original initiative of the EU Commission, it is “high time” to pass the law.
Two-stage procedure When the biggest stumbling block of the cross-border deletion orders to service providers from another member state, the government brings a two-stage procedure into play: The controversial content must be “temporarily” within one Hour to be deleted. The country in which the host provider is based should check foreign deletion requests for their legality and confirm or reject them within 24 hours. In the latter case, the operator would only have to provide the enumerated content in the country that made the request.
The procedure should be seen in connection with other corrections with which the protection of fundamental rights should be strengthened, it is said in the classified as confidential paper, which the civil rights organization Statewatch has published. Article 9a now expressly provides for an effective remedy against a deletion order and increased requirements for the competent authorities. Europol is also obliged to submit an annual report on all relevant requests.
If the authorized authority issues a request for deletion for the first time, it should, as a rule, provide the provider with information on the procedure and applicable deadlines at least twelve hours in advance . Contrary to the insistence of Parliament, however, the member states themselves could designate the competent administrative, law enforcement and judicial authorities. However, they should be listed in an easily accessible online register in order to be able to quickly check the authenticity of their arrangements.
“Automated tools” According to the Council Presidency, operators of social networks, for example, no longer have to use any “proactive” measures to keep terrorist content out. “Specific” resources are now required. This could include operational activities such as the use of human resources or technical instruments, according to a recital. “Automated tools” should also be used, emphasizes the federal government, thus alluding to the highly competitive upload filters. However, these would not be compulsory.
Germany has not built in a clause stating that “content that is distributed for educational, artistic, press or research purposes or for the purpose of raising awareness of terrorist activities” does not exist should be deleted. The “expression of polemical or controversial views in the context of a public debate” must also remain possible. Journalistic standards should be taken into account in such an assessment.
According to the type of house In order to further accommodate the MPs, the top of the council also deleted an article according to which service providers should voluntarily check official references to terrorist content. Those affected would not judge such reports according to the law, but according to their own, often vague and far-reaching house standards, parliamentarians had feared. The Federal Government now approves of this instrument in a recital as a tried and tested “effective and rapid means”. So it should ultimately be retained.
In addition, there is the documented reference that the EU countries “can choose from a wide range of different penalties”. The presidency wants to strengthen proportionality and reduce the burden and penalties for small and medium-sized companies. Minor disregard should go unpunished the first time and otherwise only be subject to a warning. Serious and systematic violations, on the other hand, could be followed by fines of up to four percent of a provider’s worldwide turnover.
Remove unpleasant things Despite the concessions, Hungary’s Prime Minister Orbán could “order the deletion of Internet publications in Germany”, said MEP Patrick Breyer from the Pirate Party, who was dissatisfied with the new version. Small providers could not reliably meet the deletion period of one hour. Even private website operators would have to be available around the clock in order to react to deletion orders within an hour.
It is unacceptable that the Hungarian or Polish government, for example, “declares unpleasant organizations to be terrorist and have their website deleted in another EU member state, “emphasized the Left Bundestag member Andrej Hunko. In any case, there is no need for a statutory provision, since the providers are already willing to delete. The next and probably final round of talks between the EU bodies should take place next week or at the beginning of December.
Attackers could slip malware into Firefox and Thunderbird and thus execute their own commands on systems. Overall, the risk from the security vulnerabilities is considered ” high “.
Mozilla not only closed loopholes, but also built in a function to increase security when surfing with Firefox – which, however, is not active in the standard setting. The versions Firefox 83 , Firefox ESR 78. 5 and Thunderbird 78. 5 for all systems.
Closed security holes in Thunderbird 78. 5 Closed vulnerabilities in Firefox ESR 78. 5 Closed vulnerabilities in Firefox 83 Only surf encrypted In Firefox 83 is now available in an HTTPS-only mode. If this mode is active, the web browser always establishes an encrypted connection via HTTPS to websites. This happens automatically, for example, if you enter a URL starting with HTTP or click on an HTTP link.
If a website does not support HTTPS, Firefox displays a warning that third parties may visit such sites of users entering credit card information. Anyone who is aware of the risk can still visit such sites. HTTPS-only is then temporarily deactivated for the page. In some cases, websites reload resources via HTTP (mixed content). In such cases, there may be display errors on Internet pages.
Activate HTTPS-only To use the HTTPS-only mode, you have to activate it in the Firefox settings under “Data protection & security” at the bottom. If desired, the mode can be used in all windows or only in private windows. If HTTPS-only causes problems on a page, you can deactivate it by clicking on the lock symbol in the address bar.
IT security expert Peiter Zatko, also known by his hacker pseudonym “Mudge”, started a new job on Monday as head of security at Twitter. According to a report from Reuters news agency, Zatko reports directly to Twitter CEO Jack Dorsey. Following a 45 – to 60 – day review phase should the 49 – responsibility for central Take over the security functions of the social media platform.
Unconventional security approaches Compared to Reuters, Zatko specified his future field of work: Among other things, he was responsible for the information and physical security of the social media platform as well as for its further development from a security perspective.
He highlighted an important area of responsibility also the integrity of the platform in terms of abuse and manipulation. In particular, he wants to work on improving public discussions on Twitter: He welcomes current tests of a function that should encourage users to read an article before they retweet it (en masse). The next step could be to “force” people to understand longer Twitter discussions before they can participate.
Furthermore, the IT security expert emphasized that he was Twitter’s openness for unconventional security approaches – for example for his suggestion to confuse tweeting villains by showing them manipulated information about the interactions of other users with their posts. His new employer is (in a positive sense) “willing to take some risks”.
Impressive history “Mudge” Zatko has already demonstrated a knack for creative and pioneering solutions in the past. 1995 he published one of the first whitepapers on the phenomenon of buffer overflows and the resulting security risks. He was part of the hacker think tank “L0pht” and the hacker organization and do-it-yourself community Cult of the Dead Cow. In addition to the “L0phtCrack” tool, Mudge also wrote the “AntiSniff” and “L0pht-Watch” tools. 1998 he impressed the US Senate by claiming that he could use the internet in 30 Paralyze minutes.
Mudge’s explanations on a denial-of-service attack on the Internet (from 15: 24 in the video, back then with a slightly different hairstyle) are a classic today.
From 1998 the hacker worked for the official research – Defense Advanced Research Projects Agency (DARPA) development division. 2013 Mudge switched to Google; Most recently he worked for the online payment service Stripe. 2016 he received an award for his (previous) life’s work as part of the “Pwnie Awards” at the Black Hat USA security conference. Now new challenges are waiting for him.
With a debate on necessary reforms of the Internet Governance Forum (IGF) of the United Nations on Tuesday is the 15. IGF annual meeting has come to an end. The conference, which was held purely virtually for the first time due to the coronavirus pandemic, counted around 6000 participants. “The Internet moves every second. We cannot chase after that with an annual conference,” said Fabrizio Hochschild, special envoy to UN Secretary-General António Guterres and a candidate for the role of “UN Tech Envoy” established by Guterres.
Guterres warned that universal access to the network and to education were becoming increasingly important in view of the pandemic. Thus 11 millions of girls worldwide ran the risk of not going back to school after the school closings due to the pandemic. Such types of digital divisions are hardly noticed in the western world.
Networks are not always the problem The network coverage is not always the problem, explained the chairman of the network operator association GSMA. Of the four billion people who have not yet had internet access, only around 700 lived. 000 actually in areas with no network coverage, said Mats Granryd. For over three billion people, the barriers to using existing networks are too high, for example because of the costs, a lack of knowledge, but above all a lack of offers in their own language.
For the first time, all participants in the 250 Ask the IGF to discuss the question of voluntary commitments for the coming year – also an attempt to make practical progress. Some referred to existing initiatives such as Brad Smith, who highlighted Microsoft’s zero emissions initiative. The group wants to be CO2-neutral by 2030 and by 2050 too have offset the emissions caused since the company was founded.
Out of conference mode Swiss President Simonetta Sommaruga announced a Initiative to create a “Political Network Technology and Climate Change”. She welcomed the fact that the topic of sustainability had been at the top of the IGF’s agenda for the first time. Voluntary commitments by government representatives and business, such as the project of the Swiss Federal Council, primarily aim to get the work of the IGF out of the conference mode, as Sommaruga emphasized the UN Secretary General said at the end of the forum. Recently there had been repeated complaints that the IGF was being used primarily by non-governmental organizations as a platform, but that governments and business were holding back. Guterres wants to improve this with his digital timetable, but his suggestions did not go unchallenged. Numerous non-governmental organizations demanded a transparent procedure from the UN when filling the position of the future “Tech Envoy”.
Preserved grassroots character The parliamentary forum created by the federal government last year must meet more often than once a year, advised the chairwoman of the IGF program committee, Anriette Esterhuysen, and at the same time warned that the grassroots character of the IGF must be preserved. Because the concept of multi-stakeholder cooperation does not simply serve to create political legitimacy. Rather, the involvement of those affected and business also ensures “that we really make progress, that networks are built and cables are laid, that Internet nodes are created and know-how is built up”.
The Internet Engineering Task Force (IETF) is looking for a new chairman to direct the work of the standards organization 2021. Surprisingly, two representatives of the Chinese research company Futurewei are now applying for the spot – Futurewei is a subsidiary of the network supplier Huawei.
That is already spicy because Huawei is promoting a completely new Internet architecture at the same time as the International Telecommunication Union (ITU), which the IETF doesn’t like at all. But the application by the Futurewei employees mainly attracts attention because of the US government’s ban on the parent company Huawei.
The Futurewei employees are Alvaro Retana and Barry Leiba. Retana, formerly a Cisco engineer, is now Vice President Strategy for Future Networks and is jointly responsible for work on “New IP”, a collection of drafts to replace the Internet standard TCP / IP. Leiba belonged to IBM for many years and has been working for Huawei since 2009.
Controversial New IP development According to Huawei and Futurewei, New IP is needed because TCP / IP is not powerful enough for demanding new applications. At the edge of the current IETF 109, Huawei New IP is serving the IETF developers for the fourth time. So far, IETF participants had given the concept, which is now called Future Vertical Communications Networks (FCVN), the cold shoulder.
As a long-time IETF participant and as the author of numerous RFC specifications in the e-mail The US-American Leiba is well connected in the IETF. It will be exciting to see whether the nomination committee will forgive him for his sponsor’s New IP plans.
Many candidates The nomination committee could stay away from political waters by choosing one of the other applicants. The list of candidates includes two IETF veterans: the Brit Adrian Farrel, author of many MPLS-relevant specifications, and Fred Baker, a former Cisco engineer. Baker even presided over from 1996 to 2002 the IETF.
Perhaps there is also the first German-born IETF chief. Because among the somewhat younger candidates is Rich Salz from Akamai and AT&T routing expert Deborah Brungard, as well as Lars Eggert. Eggert, a networking expert at NetApp, can claim that he headed the IETF’s research sister, the Internet Research Task Force, for several years. In addition, the electoral fin is working on the TCP alternative Quic. The decision for the next chair is made at the beginning 2021.
As planned, the Tails developers released a new version of their live operating system yesterday, Tuesday. Tails 4. 12 does not include any fundamentally new features, but rather focuses on minor corrections and additions to the existing ones Features. Above all, however, it contains important security updates that, among other things, secure the Tor Browser used by default against a critical vulnerability. The developers therefore advise to carry out an update as soon as possible.
The Linux distribution Tails (“The Amnesic Incognito Live System”) should Help users to navigate the Internet anonymously (as possible), bypass state censorship and not leave any traces on computers used. She also brings tools with her to protect sensitive files and digital communication from unauthorized access.
Software updated and secured The Tails update raises the included Tor Browser to the version that was also released yesterday, Tuesday 10. 0.5. The browser is based on Firefox ESR 78. 5, the bug fixes of which we discussed in a separate message:
More importantly, the jump from Tor Browser 10. 02 (Tails 4. 12) on 10.05 in the same step also a critical remote code execution gap (CVE – 2020 – 26950) deleted from Firefox ESR 78. 4.1 and Tor Browser 10. 04 had been removed. So now this fix has also reached Tails.
The Thunderbird e-mail client was 68.12 on 78. 4.2 updated and therefore also against CVE – 2020 – 26950. Instead, the new Thunderbird version offers built-in OpenPGP support to users who have previously used the Enigmail plug-in for encrypted email communication. A separate Tails support article helps with migration and reconfiguration.
Small additions and bug fixes Others The release notes for Tails 4 12 do not mention security-relevant updates – but a few corrections to the surface and under.
(Image: gitlab.tails.boum.org)
Among other things, newly added buttons should facilitate the restart after creating a persistent memory area. In future, only the root user will be allowed to access the root directory in the persistent memory. Problems with the available language variants have also been eliminated. The release notes provide an overview of all changes.
Tails 4. 13: Update and installation If you already use Tails from a USB stick, you can ab Version 4.2 upwards perform an automatic upgrade. How to perform a manual upgrade is explained in a post on the Tails website. Tails developers provide instructions for reinstallation for Linux, macOS and Windows. Caution: According to the release notes, existing persistent storage (and thus also the data stored there) will be lost if you perform a new installation instead of an upgrade.
Tails 4. 14 should be on 15 . December 2020 appear. If you are curious, see the roadmap for future Tails versions for information about planned innovations. (ovw)
The Sixpack-like BL6 console is made in just one piece and is being auctioned as part of a charity campaign.
Every now and then, interesting, unusual computer concepts are encountered on the Internet. This time it has come from a perhaps unexpected direction: Anheuser-Busch, a brewer known from Bud Light.
The Bud Light-themed BL6 is a console, according to the company, but features traditional PC iron inside. The can-sixpack configuration has an Intel Core i7 1065 G7 processor and 17 gigabyte of memory, but or there is no information about the storage mode. Embedded in the end of the Sixpack is an Asus DLP projector capable of 720 p-resolution 500 with lumen brightness.
The design of the BL6 is also functional. The two middle cans hide the console’s game controllers, and the two stern slots are peltier-cooled can coolers. The console has six built-in games: Tekken 7, SoulCalibur VI, RBI Baseball 20, Brofoce and the exclusive games Bud Light Six Puck Air Hockey, and Flashlight: Freeze Tag. The BL6’s battery can spin the joy of gaming for two hours. In console marketing, “The X” and “The Five” are challenged with humorous feature comparisons.
However, acquiring BL6 for your own collections can be challenging, as only one of them is produced. The individual is on auction on ShopBeerGear and at the time of writing, the leading bid is 5150 dollars. According to the counter on the website, the auction would end 24. November at 17 00 Finnish time. The proceeds of the auction will go to charity and Bud Light will also donate the amount of the winning bid on its own behalf.
The Internet Archive — the non-profit digital library known for the Wayback Machine — announced that it will now preserve Flash animations and games, ahead of Adobe’s planned demise for the defunct web software at the end of 2020. The Archive will emulate the content so it plays as it used to, preserving critical elements of early internet culture for browsers that can no longer run them.
The Internet Archive says you can already browse over 1,000 games and animations that it’s saved, including classics like “Peanut Butter Jelly Time” and “All your base are belong to us”. The organization says emulation is made possible by an in-development Flash emulator called Ruffle that it’s incorporated into its system. While Ruffle’s developers say it isn’t currently compatible with a majority of Flash projects made after 2013, having any amount of access to the culture that defined many people’s adolescence and young adulthood is a win for preservation.
“All your base are belong to us” is a classic Flash video based on the infamous English translation of the game Zero Wing.Image: Bad_CRC
Flash was critical to creativity on the early web, turning drab pages of text and images into absolute nightmares of movement, but as The Internet Archive notes, Flash was really important because it was relatively easy to use:
Software allowed a beginner or novice to make surprisingly complicated and flexible graphic and sound shows that ran beautifully on web browsers without requiring deep knowledge of individual operating systems and programming languages.
Flash has been past its expiration date since 2017 when Adobe announced it was ending support, but the writing has been on the wall for even longer, starting with Apple’s announcement that it wouldn’t allow Flash on iOS in 2010. In the years following, Adobe decided to end support for Flash on mobile. Not long after, Chrome, Edge, and Safari chose to default to HTML5 whenever possible, leaving the old standby to rot.
With this new emulation tool in its tool belt, The Internet Archive should be equipped to serve as an ark for many endangered Flash creations. And it’s not alone: game publisher Kongregate also plans to continue to host Flash games on its site for the foreseeable future.
The Federal Ministry of Transport and Infrastructure (BMVI) rejects the network operator associations’ criticism of the planned funding of so-called “gray spots”. The ministry believes that the fear that the expansion of the funding criteria will lead to a “run” on funding and scarce resources that are already scarce is excessive. The federal government only supports where the industry is not expanding, said a spokesman. “Only there are state subsidies used at all.”
The federal government has the goal of a nationwide expansion by the year 2025 to accomplish with gigabit networks. For this, the federal government wants to promote fiber optics in “gray spots” that already have fast Internet. Funding is also to be extended to regions in which bandwidths of up to 100 Mbit / s are available (“gray spots”). From 2023 areas should also be eligible for funding in which 200 Mbit / s are already available .
Green light from Brussels The EU Commission has already given the green light for given the gray spots. “After long negotiations, our gray spots funding has been approved by the EU Commission,” said Federal Infrastructure Minister Andreas Scheuer (CSU) happily. The project is now in the departmental vote in the cabinet. The affected network industry has already announced a need for discussion.
The four large associations Anga, Bitkom, Breko and VATM have sharply criticized the project in a fire letter to the federal and state governments. The expansion of the funding criteria planned for 2023 to 200 Mbit / s would see the companies with ” great concern “. This means that around 14 million households and business locations would be eligible for funding “in one fell swoop”: “The result would be an uncontrolled ‘run’ by municipalities and districts on the funding “which is likely to further reduce scarce resources anyway.
Industry can fix it itself The ministry does not want that apply. In any case, the support only applies where the network operators themselves do not expand for economic reasons, emphasized a spokesman for heise online. “The industry is free to serve the entire market,” the spokesman said. “Because every serious investment intention of a telecommunications company immediately leads to a subsidy exclusion.” The ministry wants to set the pace: In view of the ambitious goal of up to 2025 “there is only a small temporal target corridor that must be addressed immediately.”
The Federal Association of Glass Fiber (Buglas) did not sign the letter to the federal government, but always criticized the bandwidth-oriented funding criteria. The Buglas considers their elimination 2023 to be correct. “Today’s black spots – that is, with broadband coverage – will be tomorrow’s white spots,” says Heer. “The more or less arbitrarily set thresholds have to be regularly adjusted. That costs money and resources unnecessarily and is usually not understood by the public.” An infrastructure goal is better: “Everything that does not have a direct fiber optic connection is therefore eligible.”
The Buglas considers the concerns about flooding the market with subsidies to be fundamentally justified. “But that can be brought under control through the specific design of the funding,” says Buglas boss Wolfgang Heer. “Criteria such as bandwidth availability, population density and the consideration of commercial expansion projects can prevent further overheating, particularly of the civil engineering market and the feared displacement.”
“Intelligent control logic” The Federal Association of Broadband Communication (Breko) would like the federal government to proceed with moderation when it comes to funding. “When transferring the requirements of the EU Commission into practice, the federal government should provide a graduated and time-staggered system in the sense of intelligent control logic,” suggests Breko boss Stephan Albers. This means that funding activities could initially be concentrated on the regions that are particularly poorly supplied and the flow of money controlled. “In this way it can be avoided that a huge number of funded projects are initiated at the same time.”
(vbr)
We use cookies on our website to give you the most relevant experience. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
