I’ve come to like the Android after my early heavy frustrations (there’s a post coming up on what’s fundamentally right (read: compared to iOS)), but I can’t shut up on some very fundamental, conceptual issues that will (for now) make some people less happy than they should be with their Androids: Customers have to specifically [...]

I’m under the impression that everybody who reviewed the Samsung Galaxy S I9000 and gave it big praise (even as an iPhone contender) has not really used the device for more than two minutes. There are so many annoyances and glitches that must not happen to well-designed user-friendly devices. The Samsung mail client Samsung has [...]

Update: Downgrading from the unofficial Froyo (2.2) release to an unofficial 2.1 release (2.1-update1, from the JM5 release which can be found on the internet) seems to improve things greatly: The “Active Applications” widget now shows 7 to 9 apps running without any significant slowdowns. “Force close”s are gone, lag is way down, battery seems [...]

Since I own a Samsung Galaxy S I9000 Android device now and am not entirely happy with it, I decided to share my whining with you. The coming days, I’ll try to explain what’s wrong with the phone, Android and the apps. I don’t have months of experience with the device yet, but I’ve started [...]

Man kann unterstellen, dass Googles “Do no evil”-Doktrin eigentlich eine “Do much good and drown everybody in it”-Doktrin ist, die Google einsetzt, um offensiv Diskussionen über die Probleme, die mit dem Geschäftsmodell von Google einhergehen (bei allen Beteuerungen zum Trotz, Picasas Namens-Tags lassen jede Überwachungskamera alt aussehen), zu vermeiden. In diesem Licht hat jedenfalls die [...]

This blog is running WordPress, one of the most popular web-logging applications. Recently, another flaw in WordPress surfaced and caused some stir and panic. The issue was (in the end) missing type-checking on user-provided input, a well-known and well-understood flaw. This must not happen to a project of WordPress’ popularity and professionalism. I looked at [...]

Ich bin gestern über die neue Gesichtserkennungs und Tagging-Funktion in Googles Picasa gestolpert. Ich fasziniert, gleichzeitig ist mir unheimlich. Für diejenigen, die das noch nicht kennen: Googles Online-Foto-Album kann alle eigenen, online gestellten Bilder nach Gesichtern durchsuchen. Die kann man dann mit Namen und Mail-Adresse (Google-Mail-Adressbuch) verknüpfen. Dabei werden ähnliche Gesichter automatisch gruppiert, man kann [...]

The Computer Security department of TU Berlin kindly agreed to host a presentation about my diploma thesis on Tuesday, Dec 18th. I was able to talk to a very technically versed audience about my (not so) new technical approach to XSS and SQLIA (“let the framework take care of it”). Thanks a lot, guys! Despite [...]

Ausdrucksschwache Sprache Ein Business-Model definiert man üblicherweise in einer Sprache, die ausdrucksfähig genug dazu ist. Wieso bildet die ActiveRecord Implementation bei Ruby on Rails dann ausgerechnet einfach das Datenbankschema ab? In SQL99 gibt es zwei numerische Typen, drei Datumstypen und Strings. Wie bitte schön kann ich ausdrücken, dass ein Attribut eine E-Mail Adresse ist? Oder [...]

I’m in the process of writing my Diploma Thesis about how to prevent injection-related (XSS and SQLIA) vulnerabilities at the Software Engineering working group of the computer science department at Freie Universität Berlin. For now, there’s not much to see here. Please have a look at the wiki page about my thesis and a concept [...]