4
submitted 1 day ago* (last edited 1 hour ago) by evenwicht@lemmy.sdf.org to c/tex_typesetting@lemmy.sdf.org

Suppose I have a fingerprint to a public key like this:

b1946ac92492d2347c6235b4d2611184

If I just drop that verbatim in a doc, it’s obviously an ergonomic struggle for someone who has to verify those numbers against what they see in an app. So it should be presented as something like this:

b194 6ac9 2492 d234 7c62 35b4 d261 1184

But if we manually add a space every 4 chars, that’s embarrassing manual labor for a nerd. Self-respecting nerds make the tool do the work for us.

This code does the job:

\newcommand{\mkergo}[2][$\cdot$]{% The mandatory arg is a fingerprint; the optional arg is the delimiter between 4-char groups
  \StrLen{#2}[\fplen]
  \newcounter{ilpos} % internal left position
  \newcounter{irpos} % internal right position
  \setcounter{irpos}{4}

  \whiledo{\not\value{irpos}>\fplen}{%
    \setcounter{ilpos}{\value{irpos}-4}
    \wlog{lpos::rpos is [\arabic{ilpos}..\arabic{irpos}]}
    \StrLeft{#2}{\value{irpos}}[\left]
    \wlog{left is \left}
    \StrGobbleLeft{\left}{\value{ilpos}}[\segment]
    \wlog{segment → \segment}
    \noindent\hspace{-32pt}\segment\ifthenelse{\value{irpos}=\fplen}{}{#1}% WTF, why do we need neg hspace?!
    \addtocounter{irpos}{4}
    }
}

calling it looks like this:

\mkergo[\,]{b1946ac92492d2347c6235b4d2611184}

or

\newcommand{\fingerprint}{b1946ac92492d2347c6235b4d2611184}
\mkergo[\,]{\fingerprint}

It works but it’s still not something to be proud of because if the readable version of the fingerprint is needed in multiple places, that loop must run everywhere it is needed. It’s also really ugly that I had to add \hspace{-32pt} -- what the fuck for? Why is there a huge space between segments?

How can that code be improved? I tried creating a \prettyfp (short for pretty fingerprint) command and then having the loop extend that, so the \prettyfp can be used without rerunning the loop. But it’s got a logical error.. the last 4 chars just gets repeated over and over. This is the code:

\makeatletter
\newcommand{\spaceout}[2][$\cdot$]{% The mandatory arg is a fingerprint; the optional arg is the delimiter between 4-char groups
  \StrLen{#2}[\fplen]
  \newcounter{lpos} % internal left position
  \newcounter{rpos} % internal right position
  \setcounter{rpos}{4}

  \whiledo{\not\value{rpos}>\fplen}{%
    \setcounter{lpos}{\value{rpos}-4}
    \wlog{S/O lpos::rpos is [\arabic{lpos}..\arabic{rpos}]}
    \StrLeft{#2}{\value{rpos}}[\left]
    \wlog{S/O left is \left}
    \StrGobbleLeft{\left}{\value{lpos}}[\segment]
    \wlog{S/O segment → \segment}
    \g@addto@macro\prettyfp{\segment\ifthenelse{\value{irpos}=\fplen}{}{#1}}
    \addtocounter{rpos}{4}
    }
}
\makeatother

That was inspired by the 1st answer on this page.

What’s my problem?

How can this be improved?

[-] evenwicht@lemmy.sdf.org 2 points 1 day ago

GHG per passenger does not matter. It’s the net GHG that matters. If the plane is mostly empty, they will cancel the flight and shift people onto another flight.

4

cross-posted from: https://lemmy.sdf.org/post/51259064

Shopping for airfare is clearly a game full of shenanigans. You find a cheap ticket, get a (likely fake) indicator warning how few seats are available with a countdown timer, rush through a lengthy process of being forced to make a shit-ton of decisions like whether you want to buy an neck wrap, selfie stick, a bad travel insurance deal, .. lots of shit to get through to slow you down. You finally get to the last screen and it says “price has increased since we first quoted you”. Motherfuckers.

Considering aircraft are quite shitty for climate, why not make the airlines shenanigans backfire against them? We have bots arbitrarily hit the air travel sites, enter bogus orders but never submit the last page. Just give the airlines a false indicator of demand. This games their dynamic pricing to quote prices higher than optimum. Any deviation from optimum prices translates into lower profit, likely a consequence of lower sales.

Perhaps an org like Greenpeace would be interested in this tactic.

1

Shopping for airfare is clearly a game full of shenanigans. You find a cheap ticket, get a (likely fake) indicator warning how few seats are available with a countdown timer, rush through a lengthy process of being forced to make a shit-ton of decisions like whether you want to buy an neck wrap, selfie stick, a bad travel insurance deal, .. lots of shit to get through to slow you down. You finally get to the last screen and it says “price has increased since we first quoted you”. Motherfuckers.

Considering aircraft are quite shitty for climate, why not make the airlines shenanigans backfire against them? We have bots arbitrarily hit the air travel sites, enter bogus orders but never submit the last page. Just give the airlines a false indicator of demand. This games their dynamic pricing to quote prices higher than optimum. Any deviation from optimum prices translates into lower profit, likely a consequence of lower sales.

Perhaps an org like Greenpeace would be interested in this tactic.

[-] evenwicht@lemmy.sdf.org 1 points 4 days ago* (last edited 4 days ago)

I don’t consider successors to necessarily obsolete their predecessor. People still use and appreciate vinyl records despite having several successors (including magnetic tape which eventually lost ground to vinyl in the end, amid digital successors).

1
submitted 4 days ago* (last edited 4 days ago) by evenwicht@lemmy.sdf.org to c/debian@lemmy.sdf.org

Apparently IPFS is having a slow adoption problem -- despite being an important solution to the enshitified gated centralised web.

Debian stands as the most popular among the well-supported distros. Debian has some degree of quality standards that (although not spectacular) relatively far surpass most distros. A package making it into the official Debian repos generally demonstrates that an app is up to scratch -- ready for prime time.

If I have not overstated things, it must be at least somewhat embarrassing for both the IPFS project and Debian that IPFS has no client in the official Debian repos. IPFS should have targetting Debian as a goal to get respect and adoption.. to get on the radar. It’s just a tarball now.

And from Debian’s standpoint, it’s not great that an important protocol to succeed HTTP is missing from official support.

46
submitted 1 week ago* (last edited 1 week ago) by evenwicht@lemmy.sdf.org to c/law_us@lemmy.sdf.org

(ignore the above massive preview text if you are using the shitty stock Lemmy client)

The bombshell is that Elon exfiltrated the social security records of all Americans and shared it with Cloudflare, DOGE, and an outside advocacy group seeking to overturn election results.

The fuckup is not just SSNs (slave surveillance numbers), it’s the whole 9 yards:

“DOGE team members were given access to databases containing:

  • Social Security numbers
  • medical and mental health records
  • bank and credit card information
  • tax details
  • work histories
  • and home addresses for millions of Americans.”

I suppose getting a new SSN is futile, even if permitted, because all this data is aggregated into the data breach. So change your name, move your residence, new SSN, switch banks... fuck, just leave the country perhaps.

(edit) I accidentally updated an older version of my post and lost a paragraph where I conjectured that the databreach was legal since it only violates the 4th Amendment, which the US tends to brush aside as we know from the Snowden revelations. Hence the correction from @ReptilianCleric@lemmy.zip below. Sorry! No version control on Lemmy.

5
submitted 1 week ago* (last edited 1 week ago) by evenwicht@lemmy.sdf.org to c/isitdown@infosec.pub

Lemmy is running but all pages present an error message. The site is wholly unusable.

Considering this community is hosted by infosec.pub, it will be interesting to see who sees this post. I suspect only sdf.org folks will see this.

1

cross-posted from: https://lemmy.sdf.org/post/50981571

2fa.directory catalogs services that use multifactor authentication. Of course the idea is to inform consumers of which services satisfy a basic standard of security. Services that are centralised on Cloudflare appear with a green checkmark, as if there is nothing wrong with sharing all your login details with a privacy abusing fiefdom in a country without privacy safeguards through a MitM arrangement.

If one of the auth factors has a MitM, that’s effectively 1 factor less. 2fa becomes like 1fa.

It’s a gross oversight and the bug tracker is limited to MS Github users. A Github user should raise an issue to point this out.

1
submitted 1 week ago* (last edited 1 week ago) by evenwicht@lemmy.sdf.org to c/bugs_in_services@sopuli.xyz

2fa.directory catalogs services that use multifactor authentication. Of course the idea is to inform consumers of which services satisfy a basic standard of security. Services that are centralised on Cloudflare appear with a green checkmark, as if there is nothing wrong with sharing all your login details with a privacy abusing fiefdom in a country without privacy safeguards through a MitM arrangement.

If one of the auth factors has a MitM, that’s effectively 1 factor less. 2fa becomes like 1fa.

It’s a gross oversight and the bug tracker is limited to MS Github users. A Github user should raise an issue to point this out.

[-] evenwicht@lemmy.sdf.org 7 points 1 week ago

In those days, DOS was the OS. Windows and DESQview were just window manager apps that ran other apps.

32
2
submitted 1 week ago by evenwicht@lemmy.sdf.org to c/bugs@sopuli.xyz

cross-posted from: https://lemmy.sdf.org/post/50840810

Page 8 of the dot2texi manual gives this example:

\documentclass{article}
\usepackage{tikz}
\usetikzlibrary{arrows,shapes}
\usepackage{dot2texi}
\begin{document}
% Define layers
\pgfdeclarelayer{background}
\pgfdeclarelayer{foreground}
\pgfsetlayers{background,main,foreground}
% The scale option is useful for adjusting spacing between nodes.
% Note that this works best when straight lines are used to connect
% the nodes.
\begin{tikzpicture}[>=latex’,scale=0.8]
% set node style
\tikzstyle{n} = [draw,shape=circle,minimum size=2em,
inner sep=0pt,fill=red!20]
\begin{dot2tex}[dot,tikz,codeonly,styleonly,options=-s -tmath]
digraph G {
node [style="n"];
A_1 -> B_1; A_1 -> B_2; A_1 -> B_3;
B_1 -> C_1; B_1 -> C_2;
B_2 -> C_2; B_2 -> C_3;
B_3 -> C_3; B_3 -> C_4;
}
\end{dot2tex}
% annotations
\node[left=1em] at (C_1.west) (l3) {Level 3};
\node at (l3 |- B_1) (l2){Level 2};
\node at (l3 |- A_1) (l1) {Level 1};
% Draw lines to separate the levels. First we need to calculate
% where the middle is.
\path (l3) -- coordinate (l32) (l2) -- coordinate (l21) (l1);
\draw[dashed] (C_1 |- l32) -- (l32 -| C_4);
\draw[dashed] (C_1 |- l21) -- (l21 -| C_4);
\draw[<->,red] (A_1) to[out=-120,in=90] (C_2);
% Highlight the A_1 -> B_1 -> C_2 path. Use layers to draw
% behind everything.
\begin{pgfonlayer}{background}
\draw[rounded corners=2em,line width=3em,blue!20,cap=round]
(A_1.center) -- (B_1.west) -- (C_2.center);
\end{pgfonlayer}
\end{tikzpicture}
\end{document}

It’s a broken example. gives:

ERROR: Package pgf Error: No shape named `C_1' is known.

An example in a manual should just work. What’s the problem?

Seems like a dead project. These two locations are mentioned in the manual and non-existent:

https://www.ctan.org/tex-archive/help/Catalogue/entries/dot2tex.html
http://www.fauskes.net/code/dot2tex/

(edit) CTAN location apparently moved here, but it may be out of maintenance:

https://www.ctan.org/pkg/dot2texi

All similare graphviz pkgs were last modified in 2018.

2
submitted 1 week ago* (last edited 1 week ago) by evenwicht@lemmy.sdf.org to c/tex_typesetting@lemmy.sdf.org

Page 8 of the dot2texi manual gives this example:

\documentclass{article}
\usepackage{tikz}
\usetikzlibrary{arrows,shapes}
\usepackage{dot2texi}
\begin{document}
% Define layers
\pgfdeclarelayer{background}
\pgfdeclarelayer{foreground}
\pgfsetlayers{background,main,foreground}
% The scale option is useful for adjusting spacing between nodes.
% Note that this works best when straight lines are used to connect
% the nodes.
\begin{tikzpicture}[>=latex’,scale=0.8]
% set node style
\tikzstyle{n} = [draw,shape=circle,minimum size=2em,
inner sep=0pt,fill=red!20]
\begin{dot2tex}[dot,tikz,codeonly,styleonly,options=-s -tmath]
digraph G {
node [style="n"];
A_1 -> B_1; A_1 -> B_2; A_1 -> B_3;
B_1 -> C_1; B_1 -> C_2;
B_2 -> C_2; B_2 -> C_3;
B_3 -> C_3; B_3 -> C_4;
}
\end{dot2tex}
% annotations
\node[left=1em] at (C_1.west) (l3) {Level 3};
\node at (l3 |- B_1) (l2){Level 2};
\node at (l3 |- A_1) (l1) {Level 1};
% Draw lines to separate the levels. First we need to calculate
% where the middle is.
\path (l3) -- coordinate (l32) (l2) -- coordinate (l21) (l1);
\draw[dashed] (C_1 |- l32) -- (l32 -| C_4);
\draw[dashed] (C_1 |- l21) -- (l21 -| C_4);
\draw[<->,red] (A_1) to[out=-120,in=90] (C_2);
% Highlight the A_1 -> B_1 -> C_2 path. Use layers to draw
% behind everything.
\begin{pgfonlayer}{background}
\draw[rounded corners=2em,line width=3em,blue!20,cap=round]
(A_1.center) -- (B_1.west) -- (C_2.center);
\end{pgfonlayer}
\end{tikzpicture}
\end{document}

It’s a broken example. gives:

ERROR: Package pgf Error: No shape named `C_1' is known.

An example in a manual should just work. What’s the problem?

Seems like a dead project. These two locations are mentioned in the manual and non-existent:

https://www.ctan.org/tex-archive/help/Catalogue/entries/dot2tex.html
http://www.fauskes.net/code/dot2tex/

(edit) CTAN location apparently moved here, but it may be out of maintenance:

https://www.ctan.org/pkg/dot2texi

All similare graphviz pkgs were last modified in 2018.

25
submitted 1 week ago* (last edited 1 week ago) by evenwicht@lemmy.sdf.org to c/retrocomputing@lemmy.sdf.org

TL;DR: .. hosting a website on a 25-year-old Sun Netra X1 SPARC server running OpenBSD 7.8. The setup includes: Noctua fan mods for quiet operation, httpd serving static HTML/CSS, OpenBSD’s pf firewall with default-deny rules, and Cloudflare tunnels to expose it safely without port forwarding. The server pulls ~55MB of RAM and serves pages from my garage. Check it out live at sparc.rup12.net - because why not?

Well, the guy licks Cloudflare’s boots. Fuck that. He doesn’t understand the problem with that. So perhaps the real answer is NO, if he depends on Cloudflare Inc.

[-] evenwicht@lemmy.sdf.org 13 points 8 months ago* (last edited 8 months ago)

If you think it’s over the money, you’ve missed the plot.

There is an ethical problem with how they operate. If you let them get away with their shenanigans, you support them. I will not. Fuck banks. And fuck their shenanigans. When they pulled this shit, it became my ethical duty to cost them. Their postage cost exceeds the value of the check, and their phone operator costs are high. So I’m happy to ensure their profit-driven exploitation backfires fully.

Mobile deposits: most banks have scrapped remote deposits via web. Most banks are happy to exclude those not on their exclusive smartphone ecosystem and try to push you into Google’s walled garden to obtain their forced-obsolescence app (so Google can know where you bank after getting a mobile phone subscription in order to activate a Google acct). Anything to cattle-herd boot lickers onto the bank’s closed-source spyware app is part of their game. The ethical problems with this could fill a book.

I tried hacking together an Android emulator to take a JPG of a check and emulate the camera within the android v/m using the linux gstreamer tool. I tried that back when I was willing to briefly experiment with a closed-source bank app I exfiltrated using Raccoon. Shit didn’t work with the banking app.. it was too defensive. I was lucky the app even ran on the emulator. Many banking apps detect the emulator and refuse to run.

Can’t reach an ATM for deposits from overseas. But also, when I am in the country, it’s a long drive from the house to an ATM.

So deposits by mail are the most sensible in my situation.

They fucked up. They made you whole.

The idiot who charged the interest was just the first fuckup. And it’s not a significant fuckup. The notable fuckup here is the deliberate corporate-wide policy in how they deal with small credits that leads to a paper check in the mail. It’s the shitty policy that disables them from fixing their fuckups. A fuckup is fine if they can fix sensibly. But this is not the case here.

IIUC, it’s what the Scots call a running goat fuck.. which is fuck up after fuck up on top of fuck ups.

[-] evenwicht@lemmy.sdf.org 8 points 8 months ago

Diligent consumers don’t do that. They pay their bill off faster than fees can be incurred. It’s the other consumers, the undisciplined and the poor, who get sucked dry by fees. These are not the demographic of international travelers. One demographic is subsidizing another.

The interesting thing is that if you’re in the diligent demographic, you can make the shitty bank lose money. Profit from those they exploit is the same whether you create a loss for the bank or not.

[-] evenwicht@lemmy.sdf.org 10 points 10 months ago

I’ll have a brief look but I doubt ffmpeg would know about DVD CSS encryption.

[-] evenwicht@lemmy.sdf.org 19 points 1 year ago* (last edited 1 year ago)

If anyone is writing or maintaining a playbook/handbook for how to run an authoritarian regime, removing open data would be a play to add.

[-] evenwicht@lemmy.sdf.org 8 points 1 year ago* (last edited 1 year ago)

It’s possible that it’s an accident, but unlikely IMO. The accidental case is overload and timing fragility. Tor introduces a delay, so if a server already has a poor response time and the user’s browser has a short timeout tolerance, then it’s a recipe for a timeout. Firefox does better than Chromium on this (default configs). But I tried both browsers. At the state level I think they made a concious decision to drop packets.

It’s also possible that they are not blocking all of Tor but just the exit node I happened to use. I did not exhaustively try other nodes but I was blocked two different days (thus likely two different nodes). In any case, this forum should help sort it out. Anyone can chime in with other demographics who are blocked, or tor users that are not blocked.

(edit) ah, forgot to mention: www.flsenate.gov also drops Tor packets.

[-] evenwicht@lemmy.sdf.org 8 points 1 year ago* (last edited 1 year ago)

infosec 101:

  • confidentiality
  • integrity
  • availability

If users who should have access (e.g. US taxpayers) are blocked, there is an availability loss. Blocking Tor reduces availability. Which by definition undermines security.

Some would argue blocking Tor promotes availability because a pre-emptive strike against arbitrary possible attackers revents DoS, which I suppose is what you are thinking. But this is a sloppy practice by under-resourced or under-skilled workers. It demonstrates an IT team who lacks the talent needed to provide resources to all legit users.

A mom and pop shop, sure, we expect them to have limited skills. But the US federal gov? It’s a bit embarrassing. The Tor network of exit nodes is tiny. The IRS should be able to handle a full-on DDoS attempt from Tor because such an effort should bring down the Tor network itself before a federal gov website. If it’s fear of spam, there are other tools for that. IRS publications could of course be on a separate host than that which collects feedback.

[-] evenwicht@lemmy.sdf.org 8 points 1 year ago* (last edited 1 year ago)

This is not a news forum. It’s a boycott organisation and support forum. Do your boycotts tend to last less than 1 year? That’s not really impactful. (which is not to say impact is the only reason to boycott… I boycott just to ensure that I am not part of the problem, impact or not)

I have been boycotting Mars at least since 2018 when I found out they spent $½ million lobbying against GMO labeling in the US. Even if they were to turn that around and pay more money to lobby for GMO transparency, I would still boycott their vending machines. Not just because they got caught in a data abuse scandal, but because they lied about it, which means they cannot be trusted with technology.

[-] evenwicht@lemmy.sdf.org 7 points 1 year ago* (last edited 1 year ago)

Don’t Canadian insurance companies want to know where their customers are? Or are the Canadian privacy safeguards good on this?

In the US, Europe (despite the GDPR), and other places, banks and insurance companies snoop on their customers to track their whereabouts as a normal common way of doing business. They insert surreptitious tracker pixels in email to not only track the fact that you read their msg but also when you read the msg and your IP (which gives whereabouts). If they suspect you are not where they expect you to be, they take action. They modify your policy. It’s perfectly legal in the US to use sneaky underhanded tracking techniques rather than the transparent mechanism described in RFC 2298. If your suppliers are using RFC 2298 and not involuntary tracking mechanisms, lucky you.

[-] evenwicht@lemmy.sdf.org 16 points 1 year ago* (last edited 1 year ago)

You’re kind of freaking out about nothing.

I highly recommend Youtube video l6eaiBIQH8k, if you can track it down. You seem to have no general idea about PDF security problems.

And I’m not sure why an application would output a pdf this way. But there’s nothing harmful going on.

If you can’t explain it, then you don’t understand it. Thus you don’t have answers.

It’s a bad practice to just open a PDF you did not produce without safeguards. Shame on me for doing it.. I got sloppy but it won’t happen again.

view more: next ›

evenwicht

joined 2 years ago
MODERATOR OF