Stuff posted in this site by me.
https://thequietus.com/articles/28561-mp3-vinyl-napster-music-industry
I remember the first mp3 I ever downloaded off Napster! It is also where I learned how to interact with people online before I went on to IRC and Usenet.
Good times.
Not saying which song it was though Read More »
Source: Huawei Hacked My Laptop? « Sunburnt Technology
At the end of the post the author does say:
I’m giving Huawei the benefit of doubt on this one. As a commenter suggested, it is probably a hack to run the GUI as root.
But we still have a problem with hardware manufactures thinking “oh we can just use root for everything and it’ll turn out alright!”, because they’re not familiar with the platform.
This is one instance where Microsoft was able to impose order and open source desktop environments need to start thinking about doing so, too.
Huawei Hacked My Laptop? « Sunburnt Technology Read More »
In a previous post I mentioned one of the tools I use is Wiki.js. It was a great thing to learn how to set it up but… I was never entirely happy with it:
So that’s that. I’d been playing with vimwiki since it’s text-based. After a bit of playing I was able to make it work nicely on the gVim instance I run on the Windows 10 desktop and the Ubuntu instance I run in WSL.
The mobile side of things was immensely helped along by Epsilon Notes, which blows iA Writer completely out of the water. Along the way I tried using Joplin which at first glance seems awesome but then you run into this issue:
Yes, I get the logic of completely unique filenames but it also means that I’m locked into the app. This is something people have complained about as it defeats all efforts at interoperability. I mean, these are fucken markdown files. And this is an open source app!
Oh right, it also uses its own WebDAV connection to the Nexcloud instance, so slow your roll.
So back to Epsilon. It’s got a few goodies:
All right, so this is what I have right now
Assuming there’s already a working Windows gVim instance, a working WSL installation, and a working Nextcloud desktop client:
.vimrc file unnecesarily in WSL/ubuntu I symlinked ~/vimwiki to the appropriate directory in Windows; this way the _vimrc file in gVim could remain the same. Using either vim instance gets me to the same location.<Leader>ww, and save it. It should get picked up by Nextcloud.Using the web interface or the Android client, mark the vimwiki folder as a favorite so Nextcloud keeps it synced at all times. I don’t think there’s a way to do this in the desktop client yet.
Assuming there’s already a working Nextcloud app
/storage/emulated/0/Android/media/com.nextcloud.client/nextcloud/USER@HOST/vimwiki/. If you have multiple Nextcloud accounts on the same app you’ll see all of those listed with a USER@HOST folder each and you can just jump between folders.Another way of doing this is setting up custom folders but I think doing it this way makes for a simpler configuration. It’d probably be really useful you have multiple vimwikis or multiple Nextcloud accounts though.
I have a couple of boxes that run headless and I also wanted to have my notes available on there. There isn’t a terminal Nextcloud client but I found Rclone. I could have used cadaver but Rclone is designed specifically for cloud file storage:
These instructions worked under my Debian 10 install:
rclone and fuse3: sudo aptitude install rclone fuse3.rclone config. Documentation.rclone --vfs-cache-mode writes mount NEXTCLOUD:/vimwiki ~/vimwiki --daemon
Which assumes NEXTCLOUD is what you named the remote configuration, your vimwiki directory lives at $HOME, and you want the connection to remain alive until you decide to stop it manually. The --vfs-cache-mode writes flag will enable some amount of caching. Documentation.
4. At this point you can access your vimwiki as if they were on the local filesystem.
SO now we have wiki-like notes that can be edited on desktop, mobile, or server, using whichever editor you prefer. Another bonus: You’re not locked in to anything. I could edit notes on desktop with Notepad++, Sublime Text, or Atom. On mobile you can edit them with whatever text editor you end up with. On a server you can edit them natively with whatever you have at hand.
And in the sad event you don’t have anything you can still access them through the Nextcloud web interface. They even got a markdown editor but I’m not sure what dialect it uses.
The only thing I dont have anymore is a nice clean way to print these notes but this is where pandoc and a print.css file should be useful. If worst comes to worst I can always paste something into LibreOffice and just change the styling that way. Another thing I’ll have to change is how I search for things but since I do have access to the terminal I can always resort to grep if worst comes to worst.
I did have a few things that led me to try and avoid using web interfaces for this
I’m super excited about this. My notes en’t locked in anywhere and they’re all in plain-text, which is the only thing guaranteed to not change in the next 20 years,
Another attempt at a note-taking workflow Read More »
Cryptography engineers have been tearing their hair out over PGP’s deficiencies for (literally) decades. When other kinds of engineers get wind of this, they’re shocked. PGP is bad? Why do people keep telling me to use PGP? The answer is that they shouldn’t be telling you that, because PGP is bad and needs to go away.
Source: Latacora – The PGP Problem
I knew PGP was bad and had avoided it cos I knew of its eldritch complexity of integration but I didn’t know about the rest.
Figures that Thunderbird is planning on integrating it as a built-in function.
They should probably use something else, methinks.
Ahora con eso que el mugre peje no quiere confrontación de cualquier clase con los carteles, que pueden hacer las empresas?
Si los empleados hacen algo mal, los matan. Si la empresa hace algo mal, la balean o secuestran. Mientras tanto los costos de energía siguen y siguen.
Mal asunto de cualquier forma que se mire.
The Linux Community: A Corporate controlled committee of people who don’t use Linux and dislike ideas.
Source: Linux Sucks 2020 – YouTube
It’s funny because it’s true.
It en’t better for Win or Mac or BSD either Read More »
Let’s build and configure a minimal SSH bastion host (jump box) from scratch, using Ubuntu 20.04 LTS.
Source: DIY SSH Bastion Host
This is all well and good except for the bit where the author is clearly invested in using the cloud (i.e. other people’s computers) to run your own infrastructure.
What happens when google locks you out? Or when amazon decides to do the same. Same concern goes for Azure, or any other cloud provider.
Good luck fixing any of that without having to tear down a lot of your own work just to be able to be useful again. I get it, from a developer point of view setting it like this means it’s easy to plug into projects, but from a sysadmin point of view it means you’re going to shoot yourself in the foot sooner rather than later, specially if you missed a little onfiguration detail that lets your server wide open for takeover.
Locked out? Good luck Read More »
It’s been a long while since that last post I did and my setup has changed a lot:
There are some single-purpose utilities I’ve discovered in the interim that are extremely useful for working in Windows 10.
There are some things that underpin all of these applications but I think I’ll leave it as-is. It’s pretty fun to see how my workflow changes over time.
Thinking Tools: July 2020 Read More »
The suburbs run on federal subsidies. Without them, America’s suburbs would have to become more financially productive. They would need to get greater returns per foot on public infrastructure investment. That would mean repealing repressive zoning regulations, allowing the market to respond to supply and demand signals for housing. It would also mean allowing the “little downtowns” Kurtz fears to form where demand for them exists. Isn’t that what is supposed to happen with self-government and local control?
Source: It’s Time to Abolish Single-Family Zoning | The American Conservative
To have a conservative person say this is quite strange. Few suburbs in all of the US actively try to compete with the cities they’re attached to, mostly because they only want to attract wealthier millennials who can afford the down payment on a house by way of the parents paying for it.
Cognitive Dissonance 30 minutes out of downtown Read More »
Are we ready to revisit some of the ideas of the early web again? There are trends that suggest we might just have come full circle – and I like it.
Source: The Return of the 90s Web | Max Böck
The only sites that won’t have an RSS feed are those of corporate entities that explicitly depend on keeping people on their sites, like fb.
Hopefully some enterprising engineer at google has found the Google Reader source code and are bringing it back to life…
And a special version of Flash for games only? Read More »
Over and over again, I’ve seen people fix some wireless-related problem and go “wow, I had no idea how much better this could be!” • Wireless protocols often silently operate in an extremely degraded state that makes them substantially worse than wired equivalents.
Source: Wireless is a trap | benkuhn.net
I live in an apartment building that is located within the city core of my city. When I scan for WiFi networks I can see at least 25 from my main workstation. On my laptop, standing in the middle of the front courtyard, you can see at least 40 networks. Mind you, this is only WiFi networks; I’m not including everything else that might be using the 2.4 GHz spectrum, like Bluetooth or other kinds of wireless devices.
I switched to wired devices a long, long time ago precisely of unreliable connections, network lag, and the fact that WiFi optimization is more of an art than any sort of science, and that’s before you bring in newer WiFi versions. I just recently rewired my apartment to have Ethernet all over and be able to throw around 4K media with abandon.
Now if only the USB Implementers Forum would get its shit together, that’d be awesome
Tie yourself together Read More »
Source: ‘CVS: cvs.openbsd.org: src’ – MARC
Wireguard goes into OpenBSD, gawdam
The log doesn’t lie Read More »
There is a post on reddit was written by someone who claims they reverse-engineered the app that is, they set about deconstructing the app to see how its internal components function and interact with each other, with the rest of the phone, and with the servers that conform the service itself.
These are the main points made by analysis of the app itself.
The app will try to learn everything it can about the phone hardware itself, going from the big things like if it’s running on a phone or a tablet, who the manufacturer is, make and model; to the small, like how many megapixels the front camera is.
What you can do about it: Nothing. This is a function done by the app on its own.
The app will check what else is installed on the device regardless whether it’s a competing social media app or not. This also applies to the clipboard (the function to copy and paste), as TikTok was caught red-handed accessing its contents. As users we use this function to copy/paste everything, from emojis to phone numbers to credit card numbers to social security numbers.
What you can do about it: Nothing. This is a function done by the app on its own.
The app will log:
Taken all together, TikTok will find out what kind of network the device lives in, what other devices are on it, how it moves within the LAN. This also means the WAN IP address revealed, allowing them to use GeoIP databases to try and determine the geographical location of a device.
What you can do about it: Nothing. This is a function done by the app on its own. You could limit the app’s network access but this requires deep expertise in networking and the operating system being used at the time.
Jailbreaking refers to “breaking out” of the limitations placed by Apple on iPhones and iPads to enable additional functions that were not available in either the hardware or the software. The same action in Android is referred to as [rooting](https://en.wikipedia.org/wiki/Rooting_(Android). Either one means you can do anything on the device and is a common goal of spyware/malware so they can operate with unfettered access and without the user knowing.
A common example in the past it was used to enable tethering when it was disabled by cellular carriers trying to force you to pay an extra charge to enable the function.
What you can do about it: You could limit what the app sees if you’re jailbroken/rooted, but requires deep expertise in the operating system.
As most smartphones and tables now have GPS, TikTok will check for the current GPS data as often as it can, enabling them to follow a device as it moves through a geographical area. Coupling this with the network data, they can determine with lots of accuracy where a device is. Both Google and Apple have this information but keep in mind they are the entities making the operating systems themselves. TikTok is just an app.
What you can do about it: Both Google and Apple let you limit if an app has access to GPS. Be aware TikTok will limit its own functionality if it cannot access GPS, though.
TikTok sets up a special kind of server to help with converting videos from one format to another (transcoding) with a minimum of configuration on the part of the app developers or the users. The problem is that it doesn’t check whether anything connecting to that server is actually allowed to both connect and use the server (i.e. it doesn’t ask for a username or a password); this means other apps could potentially connect to that server and use or abuse its resources.
What you can do about it: Nothing. This is very much one of the core functions of the app itself since most device manufacturers have their own ways of saving video on a device and the app needs to be able to deal with all of them.
The scariest part of all of this is that much of the logging they’re doing is remotely configurable
Every time the app downloads an update they can change what information is logged, how often, where to send it, etc, and you as an user have no way to stop it.
What you can do about it: Nothing. This is a function done by the app on its own.
and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function.
TikTok developers are purposely hiding how the app itself operates. You can determine this if you have the know-how and the experience to do it but you will not like the experience of it.
What you can do about it: Nothing.
They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you’re trying to figure out what they’re doing.
TikTok will monitor the device and if it detects any attempt to analyze any of its internal functions and configuration it will try to change its own behavior to prevent that. Failing that it will try to present behavior that is deemed more acceptable to the person doing this work.
This is how the Volkswagen emissions scandal came to be:
TikTok is doing essentially the same but it’s all in software.
What you can do about it: Nothing. This is a function done by the app on its own.
There’s also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.
TikTok can download a file, extract its contents, then run its contents without needing user interaction or without having to be updated from the App Store or the Play Store. Both Apple and Google forbid this kind of functionality in any app.
What you can do about it: Nothing. This is a function done by the app on its own.
On top of all of the above, they weren’t even using HTTPS for the longest time. They leaked users’ email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don’t forget about users’ real names and birthdays, too. It was allllll publicly viewable a few months ago if you MITM’d the application.
This is something that has been reported about TikTok in the past:
Basically, the TikTok devs won’t implement basic security standards to protect the user, the account, or any of the media the app stores and transmits. This allows intelligence agencies, corporations, anyone who cares to look, to surveil and hack users of the service.
What you can do about it: Nothing.
All of the previous points point to the one overarching theme of the app: it sucks up as much information as possible, then sends it to the servers that actually run the service (aka “the backend”). There are a of of shady practices on that side of things and the only people who know what’s going on are the people working for TikTok itself. Here are but a few examples:
The company is performing data collection on a level that far surpasses what Facebook, Twitter, Instagram, Snapchat, or most other social media companies have done so far. Only the Big Four (Microsoft, Apple, Google, Amazon) could obtain so much information but that’s because they control both the platforms their operating systems work with; if governments even thought they were doing what TikTok is doing they would face major fines, lawsuits, and antitrust enforcement.
When you add what the app does (again, suck up as much information about the user and their devices) with what the company is doing (actively avoiding answering questions of its practices) it all means one thing:
TikTok is combination spyware/malware with the backing of a corporation valued in billions of US dollars.
Most entities that write malware and spyware are:
Having a corporation create this kind of software and for users to willingly install that software is something new. I am also leaving out all the advertising practices of the company, as that is how TikTok entices companies to buy into the platform.
It amounts to
TikTok Security: An Opinionated Explainer Read More »
These terms distinguish operating systems by the problems they solve for the user. However, a disturbing trend is emerging in which the user is not the party whose problems are being solved, and perhaps this calls for a new term. I propose “vendor-purpose operating system”.
Source: General-purpose OS, special-purpose OS, and now: vendor-purpose OS | Drew DeVault’s Blog
In this instance, you’re not even the vendor’s _user_, that title goes to whomever the vendor is selling to, i.e. the client who is using the OS at scale.
You’re now a byproduct. You’re just something for the vendor to brag about on quarterly meetings with Wall Street.
You’re a Graph Point Read More »
Pretty sure this is the longest I’ve been able to keep a server alive without having to reboot for whatever reason.
