Pushing forward Debian on mobile devices
#debian #debianmobile #mobian
New blog post! It's a quick overview over the different keys involved in #matrix 's new cross signing. https://jcg.re/blog/quick-overview-matrix-cross-signing/
More and more websites doing port scans against users... now including Ebay https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/
You may be surprised that websites you visit can access localhost+port on your computer. "Local only" daemons often aren't. That's because "your browser is a very confused deputy" https://www.youtube.com/watch?v=Yfsmc0b8o78&vl=en
I helped uncover a confused deputy attack against Guile's live REPL that allowed for arbitrary code execution along these lines: https://lists.gnu.org/archive/html/guile-user/2016-10/msg00007.html
Perimeter security is eggshell security.
Alright, Spotify, I don't know what sick game you're playing, but garbage and daft punk don't belong in the same playlist. Help, I'm being oppressed by machine learning.
huh, this seems bad
"macOS 10.15: Slow by Design"
> Apple has introduced notarization, setting aside the inconvenience this brings to us developers, it also results in a degraded user experience, as the first time a user runs a new executable, Apple delays execution while waiting for a reply from their server. This check for me takes close to a second.
First real bummer with Weasyprint is that it doesn't support footnotes like princexml does.
The clear winner, which definitively works on OpenBSD as well is weasyprint. I actually can't see the difference between the princexml and weasyprint PDF output. Impressed.
weasyprint is a Python package which can be installed via pip.
pip3.7 install weasyprint
When it comes to the conversion speed, I can't tell the difference on that either (takes a couple of seconds).
Great to have a stable cross-platform PDF compiler.
Every time I reset Spotify it starts out well with good recommendations, and from there on out it's downhill. I always end up with not so good lists. Either this is feedback on my bad taste in music, or algorithms should one again be replaced with curated music.
Brief hack report:
- wkhtmltopdf is a no-go. Rendering turned out to be more or less like on-screen
- weasyprint is surprisingly good (Python)
The current things that broke, from the Princexml template were:
- content: flow(
- column-break-after: always
Impressed that it rendered this well without adaption. Seems to be some issues with the CSS in the header.
I use princexml to generate reports for printing, due to their visual parity with Latex.
I wasn't interested in running conversion from markdown, to latex and then PDF (Pandoc), so a couple of years ago I went for princexml and switched the Latex-part for HTML.
princexml was great on other systems for my report generator program. However, they are proprietary, and their build process have turned unreliable for me between OpenBSD versions. Now looking for alternatives and already have wkhtmltopdf on my list.
#openbsd #html #conversion #pdf
doas is a big improvement over sudo. The minimal utility is just much simpler to understand and use, which made my life way easier when setting up automatic provisioning with drist on my OpenBSD servers. The opposite happened when I got to Debian of course.
#openbsd #drist #sudo #notty #ssh #doas
@solene That worked out well. Elegant. Thanks.
Just setup drist to configure users, deploying SSH authorized keys and doas.conf, installing my default packages, applying updates and rebooting servers. This is a nice breather from Ansible which I seem to always forget the structure of between each time I use it.
Being a die hard PGP card user, this creates a bit of delay and issues with parallelization. But that's something I can live with.
Testing microg on GrapheneOS, the result is that I know I won't use microg-dependent apps on GrapheneOS.
#grapheneos #android #microg #push
Only thing that sucks with this is that the X395 only has one USB-C port, and that is used for charging as well. In other words the USB-A will be my primary driver for PGP on this one.
One thing that doesn't work well in OpenBSD 6.7 is screen backlight controls on my X395. It actually adjusts from max backlight to about 90% and then it seems to think it is at 0%. Despite that it is nice see the backlight buttons actually work partially. Some progress after all.
Some interesting Matrix numbers in the latest Techcrunch article on the Automattic investment into New Vector/Matrix :
Hodgson says New Vector is able to contemplate the prospect of profitability ahead, with ~16.8 million users and 45,000 deployments at this point (up from 11M and 40k back in October).
Perhaps just as important:
The e2e encryption Matrix uses is based on algorithms popularized by the Signal protocol. It was audited by NCC Group in 2016 but plans for the new funding include a full stack audit
Either way you see the Matrix protocol and its implementation, this is a win to open source, privacy, encryption and decentralization over the established tech giants which still maintain control over a major part of daily life.
OpenBSD 6.7 is such an experience. I got the thing with U2F and SSH in the upgrade, but suddenly my Yubikey USB-C PGP-card works as well!
@solene any recommendations for drist and connecting to a host running on a non-standard SSH-port?
I almost can't wait to get rid of Chrome. This will be well overdue.
#OpenBSD x11/qt5/qtwebengine ... coming soon.
Sometimes people say things like "Doing X is pointless because you're still doing Y." (For example, I saw a discussion of free software where someone went off about how having a fully free OS was pointless because you're just going to use it to access Facebook, etc. anyway.)
1. A lot of positive change happens incrementally. Don't disparage that just because "it's not instantly perfect, so you should give up."
2. Who says I'm doing Y?