Sunday, November 6, 2016

Some remarks about the 2016 US Presidential Election from the German point of View

There is one who wants to make America great again ... so what has ever been a different place ...

He also says that he wants his state to disappear behind a wall ... but we had already ...

And if you can be the leader of a great nation, if you are married to a naked model ... doubtless must be allowed!

Sunday, May 24, 2015

How to implement a default encryption for masses

Try to get the surveillance mania politically under control must be regarded as at least in the short term as a failure. It may be that at some point one or the other constitutional institution may correct some thing, but that is of little consequence, because that's then concerns only one country. In America for example the United States House of Representatives want to make clear, the NSA should let the Americans unobserved. So that helps us only times not at all. Citizens of other Country are not Protected. That's all very unpleasant, and recovery is not in sight.

Unfortunately, the governments also an enormous obstacle in eliminating the evil. Are but as governments their views from time to time deign to enforce with whatever designed, you are also of the opinion that the citizens could propel not free trade abroad with such technologies, because the potential adversaries may be of use. A completely new procedure that is directed against the government crime in relation to data protection therefore always runs the risk of a trade restriction to be occupied, so that it is no longer reasonably usable for the global community.

In Germany was a big initiative of large email providers to transfer the e-mails only with a transport encryption. But I know from personal experience that has drawn an enormous amount of support by this simple modification.

When it comes to eavesdrop just to the passive, there is the Diffi-Hellman key exchange is already the ideal method. If you include this in the TCP / IP stack by way of a TCP / IP option, then would all be based on simple listening activities at a stroke fell. Why is this process so then imposed in the shadows? This is because the basic task than did the science of cryptography to safely transport a very concrete message from Alice to Bob. The evil Mallory can but engage in the connection, then the procedure is null and void:
Source Wikipedia

Installation costs for encryption

What to consider when installing? Nothing! the new kernel can be imported as a security update. Solely the processing power for an application would rise. Since this is but also managed by operating system, it knew in which exceptions a shutdown of encryption is absolutely necessary. Embed this maintenance-free in the production is what I mean when I speak about mass-compatible encryption.

Is it possible to detect systematic interception?

Since there is no code widely used for this process here are my suggestion: The use of TLS. TLS solves nearly all known encryption problems. Also Snowden has no evidence supplied that all TLS method are infiltrated by the NSA. Especially as Chipher different countries are installed in the TLS. (USA, Russia, Japan, South Korea). TLS has a weak point. But this is common with al encryption algorithm ih relation to https. You can observe the size to the transferred Data files. This is enough in case of public Avail Documents. The sizes of the Files are Significant for the leaded page in nearly every case. But TLS has the distinct legal advantage that there everywhere public accessible algorithms and much SSL / TLS Internet transmissions are available.

The kernel generates at boot his self-signed certificate and private key can be protected with the MMU in a best possible way. No user space application somehow gained access to it. The key should be in the Ram and is gone forever after turning the computer off or every 24 hours when the System recreating one new certificate. So then all Chipher at least have delayed Perfect Forward Security. This is important if we want to prefer hardware encryption components. For inbound connections a data record with IP, destination port and fingerprint of the presented public key is stored in the system log file. If the TCP option is ignored and there is a normal connection was so a special fingerprint like 00:00:00 ... 00:00 is used in the logfile.

This data will be collected and sent by regular https securely encrypted at regular intervals to a group of central agencies, who evaluate the data statistically. Interceptions are characterized by seeing different Fingerprints from different locations, because an interceptor never catches every connection. If certain connections are Intercepted, for example, the port 80 by an anti-virus and cache firewall, then this instance diagnose such Firewall Cache, and generate understandable communiques. Sometimes one wants or do you also have a traffic control. This may also apply to entire nations, only the governments then have always made responsible in the future in public. And if highwaymen as the British still can sell cable capacity itself will show. The Provider will use such routes can not fail to configure a VPN tunnel.

Also important will be, the process is distinguished by the important fact that tools like wireshark can rebuild so that it continue to work with entanglement. The debug with conventional encryption is annoying because slightest error affect that nothing works. If you get no sensible error message - and anyone who has more to do with computers knows how bad they are often - then it is bad when the communication can no longer observed. I often need to hear from decision-makers in business, they don't wanted to have any cryptographic algorithms, because of - not without reason - fear about loss of production.

Extension 31.05: Unfortunate, i cant submit a respond to a comment on the comment system. No Idea why.

If you using DNS Key, the users must take some action to get encrypted connection. And if you must take actions, you can make some mistakes. As result from such mistakes, the connections are no longer possible. You have no Idea about the fear of Manager about production interruption of every kind. A basic encryption against mass spying must work with the same reliability of TCP/IP itself to get the necessary complaining. That this Procedure is an TCP/IP option will ensure, that there are no trouble with old unsupported operation system.

Every Operating system who swaps out to hard disk have also an options to disable the swap out of kernel code. If such an option is not present, the software can swap out hard disk load routine out to the hard disk. This condition will freeze the Operation because reloading will lock in an infinite loop. Load X -> (*) Need load code -> not present -> go back to (*)

Here i talking about avoid spying by copy of data. I am also Talking about detection of mass intercepting. You are right, a reboot will create an new key in my scenario. This looks like a interception of every connection to this computer. This is not a relevant scenario in relation of protection against Organisations like NSA. This technique not encryption to keep one message not disclosed. If you are government of a computer user, you can get gain control of this Computer. This gives you access to everything what happen on this Computer. But if you are away from an computer, interception will change the key only at a peace of the connection. This will detected by statistical analysis from every instance of the control monitors.

TLS ist very well, but it needs costly and critical service intervention. As result it fail against mass spying.

Wednesday, March 16, 2011

The systematic error in the licensing process of nuclear power plants or why the meltdown is more likely than promised

In the development and approval of nuclear power plants was and is the probability of a catastrophic accident at a key size. It is measured by the so-called residual risk that must be accepted by the population.

To make general statements about the reliability of a component, in nuclear power plants only techniques are used that have been used for a long time. A nuclear power plant is at its start a technology museum.

Is then determined which properties are necessary to ensure safety. This is quite simple. Primary is that the gaseous, liquid and solid reaction products are released not so long until their radioactivity has decayed so far is that they do not affect the biosphere. This results in secondary demands, such as the control of the fission chain reaction for the fuel may never get out of control or generated heat to be dissipated reliably. It is of special weight to the after shutdown of the reactor, thus stopping the chain reaction and thus the splitting of atoms, yet still 7% of the thermal power of the nuclear power plant released. This heat comes from the radioactivity of the fission products. After one day, this performance has decreased by about one order of magnitude. The waste is then more slowly until it merges into the long-term radiation of nuclear waste.

How to go now to the necessary safety equipment? Assume we have a component who fail more or less 3 Years, this are approximative 1000 days. Such a part would be alone is not useful for a nuclear plant. But if two independent parts only one is needed, one can apply a mathematical theorem. That theorem says that the probability that both parts are broken can calculated by multiplying the probabilities of fails of the two parts. It follows then that the combination of two parts that are individually defective in the middle every 1000 days is on average one million days defective. This mean, one problem every 3,000 years. That's not enough. But if an additional independent part is added, we get 1,000,000,000 days mean time between fails. This are round about 3,000,000 years. Then, in order to carry out maintenance work on the fly, add another part, which is one of four independent components.

Now you need not only a part of type A but also other of type B. Assume if A or B fails, we get a release. The the same calculation is used. Instead of the probability of failure the provability of working well is used. If function A fails in mean every 1,000,000,000 days and function B fails every 2,000,000,000 Years, so we get one fatal error every 666,666,666 days. These calculations are for a nuclear plant, of course, much more complex because it has a lot more parts than A and B.

Now where is the error, the release of radioactivity is more common, as promised. The secret is the word "Independent". If the parts are independent in the calculation, then the parts must designed truly independent, to be built independent and maintained independent. Why? Suppose we have a maintenance technician who maintains all emergency generators. This includes, in an internal combustion engine, for example, an oil change. If the man but now fills in an oil that is unsuitable, so the engine fails after an hour, the units in case of need would turn out one by one systematically. In that regard must be maintained for the different branches of the redundant system of different technicians. But that may also not come from the same company, because the boss could make a mistake, and maintain documentation wrong. This may take effect, that the independent mechanics make the same error.

It may also not identical units are used, because a design problem would result in a specific reason for a simultaneous failure of all components. This is what happened in Chernobyl, now Cronobyl. There was a design problem in the control rods. From a control rod is expected that the retraction means less energy release and retraction means an increase in energy release. Due to the circumstances of a failed experiment in the reactor was an unusually high reactivity nuclear status. The control rods were moved out abnormally. It has reached an area where further out of the control rods pull back has a braking effect. This was caused by a cap of graphite at the tips of the control rods, which has an energy-releasing effect. Then, when the reactor had to be throttled back, was in fact given more energy-release. So much that is changing the reactor is not only good-natured his performance. The reactor was prompt critical. In terms of popular science, it is the working in the mode of an A-bomb.

Going Nuclear Harrisburg there was the same hose connections for water and compressed air. As result from an Operator error there was water in the pneumatic power network. There was a big number number of pneumatic components who are not working properly. Forsberg in Sweden, there was again a warning because the emergency treatment after an electrical problem was not even been switched on. Again the same problem. Components who are identical act in the same evil kind. In this respect designer must be take that redundant devices don't contain the same identical subcomponents.

The Japanese, it has now caught more evil. There you have six pieces of apparently identical reactors built on the same beach. These reactors have identical emergency generators.The tsunami has now put all these units out of action. The earthquake had destroyed before the regular power supply. Thus, it now looks like we in Japan, a further increase of the Chernobyl accident, the multiple super meltdown. The youngest of Germans nuclear power plants, the so called convoy plants, are identical. Fortunately, at least not in one place - but would the above-illustrated problem with the oil and the maintenance technicians could also draw on all sites, which then would be worshiping, then when a blackout happened in the electricity grid.

What does this mean for the nuclear power plants around the world are the calculations for reliability in compliance with the requirements of independence. Check it If components are not independent, so must the reliability calculations needs to be corrected. As far as I know my way around on the construction of nuclear power plants, there is extreme need for correction, for example because the control rods in nuclear power plants are usually all identical in construction. The same goes for feed water pumps and emergency generators. I have no doubt that such inspection will result in the revocation without compensation of all permits for nuclear power plants!

Wednesday, April 7, 2010

How can we prevent Film and Music Managers from dropping citizen rights and punisch customers

Today in Great Britain the Digital Economy Bill was discussed in the House of Commons. Only 20 People are present in this technical important Case of Law creation.

A small Number of chiefs of the Film and Music Industry is unable to create new, working Business Models. This guys are claim call constantly new rights. Completely without regard to the protection of civil rights. Not even the rights of their own customers will be respected by these people. None of the now legal protected systems of digital rights management guarantees ownership of the customers. It can always happen that the honest customers their property has been withheld.

Commercial interests will always try to increase the profit by using lobby sensitive politicians. Citizen rights are ony secure, if these guys are recognize, that citizens and customers are not accept these intention. How can we tell them out opinion? There are some study in relation to file sharing:

Unbelievable what's it all. Meanwhile, you can automate even at Twitter retweet. So if you want to pass everything to # VoteByBuy automatically from me, then you can do with Trend Setters.




This shows that the above-mentioned industries has thus Preferably, the systematic criminalization of their own customers. But how do you do a bunch of unimaginative old men something so clear that they have to take it despite the prejudice barrier to knowledge?

This can happen only on money, the only language that is understood. Such a signal must be clearly and be comprehensible to everyone. The media industry lives of hype, and at this celebration to, they have created like German Media Control, which produce weekly sales figures to an appropriate ranking. These have decades of tradition, and therefore can not be easily removed to cover-up purposes again.

Now, if all the people who see your civil rights at risk or who feel inappropriately criminalized, make sure they buy only on odd weeks media products, or pay rent, thus creating a visible signal for all. The action could run indefinitely, and so slowly rocking and worldwide distribution, and would be documented by Media Control & Co open to the public clearly and objectively. At some point would have if the scientists are right, the amplitude be Huge, which the valley bottoms to be so deep that you alone would have been the managers do the cold sweat on the forehead.

The following should refrain from consumers with even number of weeks in the calendar:


  1. Media Buy, which are not updated daily

  2. Press articles download fee

  3. Press articles to pay

  4. Borrow CD's (yes this one can borrow just about the entire week)

  5. Buy CD's

  6. Music download fee

  7. Concerts visit

  8. Borrow DVD's (you can even borrow it just for the entire week)

  9. Buy DVD's

  10. Borrow Blue Rays (you can even borrow it just for the entire week)

  11. Buy Blue Rays

  12. Movies download fee

  13. Pay TV is paying (mostly on account or prepaid card)

  14. Cinema visit

  15. Buy computer games

  16. Computer games rentals

  17. Computer games download for a fee



The action can be continued until suitable Commitments have been made. In the discussion and promotion of this action with Twitter should Hashtag #VoteByBuy be used. In blogs the keyword VoteByBuy should be used, according to Google it does not exist within the web. It is important that Saturday and Sunday are in one Week. This is not the case within the English Week counting. To ensure this and international homo genius performance, i suggest to use the German week codes:




Amendment 10 Apr.: Unbelievable! Meanwhile, you can automate retweet on Twitter. So if you want automatically to pass everything about #VoteByBuy from me, then you can do this with the help of Trend Setters.

Thursday, June 25, 2009

How to protect iran protesters from identetification by web publications?

To open a server as often as possible, is a bad idea, because this will also occupy a huge amount of traffic on the Internet. Its important to download as slow as possible to avoid badwith wasting.

In operating system there are limitation how much transaction can be done at one time. If this limit is reached, all other connects must be wait, until one transfer is ready.

I suggest to use linux to download the the entire web page to your hard disk. You install for example kunbuntu on your computer. Log in, and open a terminal window. You get:

yourname@yourcomputer:~>

now type

yourname@yourcomputer:~> mkdir websites

yourname@yourcomputer:~> cd websites

yourname@yourcomputer:~> wget -k -K -E -R wmv --limit-rate 1 -U "Mozilla/5.0 (en-US; rv:1.9.0.11) Firefox/3.0.11" -r http://www.gerdab.ir/home.php

This will download the entire(!) web page to your computer with the famous speed of one byte per second. This command will run until next regular elections in Iran. If the limit of concurrent users are reaches, the entire side is dead without any malfunction every were else. Nobody says, that you must download some content fast!

To make it harder to defend the server, you may change the application identification to something else you know as valid browser.

How Webmaster can wipe out censorship from the face of the earth!

It is actually quite simple, to eliminate the scourge of censorship from the face of the earth. Only enough important Webmaster with useful or essential services must Participate. I think about search engines, banks, auction houses, dealers, ...


  • Provide your web site at https, if that was not the case.

  • Build your website in such a way, that important functions are running on the https. This means, when someone blocked the port 443 it has no longer make sense to work. This can be for example the login like in Ebay, the query function like in Google or the search and purchase like in Amazon.

  • Set up a TOR client.

  • Configure your https server so that is https://www.yourbuisness.com/http://www.sometarget.com the content of http://www.sometarget.com from the Tor network.



From the point of view of a dictator this is no longer distinguishable from one access to the website https://www.yourbuisness.com. Because of the usage of the TOR network any attempt to punish access of prohibited websites is impossible. Only if something is prohibited in any country where TOR servers are on the track, you can follow the trace of the user. Correlation analysis can not work! The Dictator only has the choice to block access to https://www.yourbuisness.com. or to endure the hole. If enough big Websites do this by her own decision or president Obama creates a law to do this on big websites, and censorship will wipe out in Iran, China and everywhere where Internet exists!

The only remaining method of censorship would be the type of Dictators Pol Pot and Kim Jong-Ils. Only the economic disadvantages are so huge that on a permanent basis will not work, because in the future, the support for each product will come over the Internet.