evenwicht

It’s disturbing that infosec illiterate friends enter my name and contact details into their Android phonebooks, which then gets recklessly shared in countless ways outside of my control and without my knowledge or consent as to which data abusers ultimately get my contact info.

I try to practice data minimisation even with friends (if they are new), so I don’t give them an email address; generally just my first name, XMPP acct, and phone number. But then of course they enter my name into their dodgy phonebook along with my last name if they happen to get it circumstantially.

So I have a fix of sorts. We can have some control over how the info gets entered into people’s phonebooks by using a vCard. One option is to leave your name blank on the vCard but to graphically put your name in the avatar image on your vCard. OTOH, users will likely manually fill your name in anyway. So consider using the name field but deviating from normal text. You can find some obscure unicode fonts at yaytext.com. Then follow this LaTeX template to generate a contact card:

\documentclass{minimal}

\usepackage[paper=a4paper,layoutwidth=210mm,layoutheight=297mm]{geometry}
\usepackage[newdimens]{labels}% let the package do the work...
\usepackage{qrcode}
 
% These attributes are for European label sheet OLW4738
\LabelCols=3
\LabelRows=7
\LeftPageMargin=0in
\RightPageMargin=0in
\TopPageMargin=0in
\BottomPageMargin=0in
\InterLabelColumn=0mm% adjust as required
\InterLabelRow=0mm
\RightLabelBorder=0mm% adjust to taste
\LeftLabelBorder=0mm
\TopLabelBorder=2mm
\BottomLabelBorder=2mm

\LabelGridtrue % <== use to line stuff up; delete this line to process final version
\numberoflabels=12 % ← normally this is 21 to fill a page (3×7), but due to memory overflow bug w/too many QR codes, it must be reduced!

\begin{document}

\genericlabel{%
  \begin{minipage}{66mm}% actual label is 70mm wide; subtract \RightLabelBorder and \LeftLabelBorder
    \hspace*{4mm}%
    \qrcode[height=22mm, level=l]{BEGIN:VCARD\?
VERSION:4.0\?
N:刀囗モ;╝ǫⱨᶇ;;;\?
IMPP:xmpp:johnsnickname@jd.snikket.chat\?
TEL;VALUE=uri;TYPE="cell":tel:+①-𝟝𝟝𝟝-𝟝𝟝𝟝-①²①²\?
LANG:en\?
END:VCARD
}%
\parbox[c]{8em}{%
  snkt fingrprint $\rightarrow$\\
  \vfill
  $\leftarrow$ Vcard4\\
  \vfill
  dino fingerprint $\rightarrow$
}
\parbox[c]{11mm}{
  \qrcode[height=11mm, level=l]{xmpp:johndoe@jd.snikket.chat?omemo-sid-1234567890=a9a9dc175fbdebad99db71f72396a1e7a9a9dc175fbdebad99db71f72396a1}\\
  \vfill
  \qrcode[height=11mm, level=l]{xmpp:johndoe@jd.snikket.chat?omemo-sid-1234567890=75fbdebad99db71f72396a1e7a9a9dc175fb1e7a9a9dcfbdebad99db71f723}
}
\end{minipage}
}

\end{document}

It’s not infallible but it’s unlikely that enough people would be doing this to justify Google coding their identity cross referencing logic to decode atypical characters.

It’s not trivial to get a good font. A lot of the yaytext fonts are simple font changes so when the QR code is scanned, the phone seems to automatically convert the font back to normal characters. Unfortunately this means you need to carefully select a non-font style that is being abused as a font, which then leads your name to look like a ransom letter style.

Kids can use cool nicknames w/out a real name to mitigate the problem to some extent, especially if they’re a hipster drug dealer, but it’s harder for an adult to pull that off without alienating people and coming off as a kid. We need to at least try to pretend to behave like adults.

It would be nice if there were a desktop app that could give all the yaytext.com styles and a bit more of the obscure ones. There is some python code in this thread but it’s quite limited in fonts. It’s missing the good ransom letter fonts.

(I tried to cross-post to cybersecurity@infosec.pub but this post triggers the slur filter there so I could not post it.)

LaTeX is great for writing letters. It seems like a little known secret how well the scrlttr2 class formats letters for windowed envelopes. LaTeX really makes letter writing enjoyable for programmers (though it would likely be hell for non-programmers).

If I were using a WYSIWYG tool like Libre Office, writing letters would be mundane, boring, and tedious. And the results would be aesthetically limited without doing copious manual labor.

There is noteworthy gratification in turning letter writing into a programming exercise. So whenever a gov agency or corporation fucks me over in some way, I find it theraputic to write complaints and petitions in LaTeX.

There is an hacktivist mantra that goes something something like this:

“write code not text” (not sure on the exact wording)

LaTeX basically turns that on its side because you do both at the same time. I have built up a library of captioned legal statutes in LaTeX, such as commonly referenced GDPR law. So I can crank out GDPR requests quite quickly by using \input statements that imports a very nicely formatted block quote of law which I have thoroughly over-engineered. Also fun to use the qrcode package to reference URLs.

The perfectionism probably consumes more time than using a shit tool like MS Word in the end. But it’s enjoyable. And because it’s enjoyable, it triggers writing more petitions and complaints that I would otherwise write. Every time I get fucked over by some administrative malpractice, it’s another fun opportunity to play in LaTeX and refine my code.

cross-posted from: https://lemmy.sdf.org/post/35371288

The regulator of banks at a state-level responded to reports of legal infringements by a credit union to say: “why don’t you change banks?” Of course the important question here is: “why don’t you enforce the law? Are banks above the law?”

I wanted to find out how many reports of unlawful conduct by banks in the state were reported and how many are acted on. So I requested disclosure of reports and remedies for a specific credit union.

They’re response: investigations and actions taken against banks are secret.

WTF? This is a public regulator. How is this even possible? To be clear, we pay taxes to finance this regulator of banks, yet we are blocked from seeing whether they do their job? And we are blocked from seeing complaints submitted by the public, thus blocked from taking self-defense measures to avoid bad actors?

Would it be sensible to have a non-profit host a searchable website that publishes people’s complaints before forwarding them to the secretive regulator?

The regulator of banks at a state-level responded to reports of legal infringements by a credit union to say: “why don’t you change banks?” Of course the important question here is: “why don’t you enforce the law? Are banks above the law?”

I wanted to find out how many reports of unlawful conduct by banks in the state were reported and how many are acted on. So I requested disclosure of reports and remedies for a specific credit union.

They’re response: investigations and actions taken against banks are secret.

WTF? This is a public regulator. How is this even possible? To be clear, we pay taxes to finance this regulator of banks, yet we are blocked from seeing whether they do their job? And we are blocked from seeing complaints submitted by the public, thus blocked from taking self-defense measures to avoid bad actors?

Would it be sensible to have a non-profit host a searchable website that publishes people’s complaints before forwarding them to the secretive regulator?

I just had a quick look at how album art on a per-track basis reaches tuners. In the US, analog FM radio gets it through a side-channel.. a separate signal called HD radio.

And apparently DAB+ incorporates album art into the signal. This seems to be the difference between DAB and DAB+. I guess the question is, does the HD radio side channel approach ever happen with DAB (non-plus)?

The linked site apparently launched in 2013 to collect metrics on open data by govs around the world and rank them. Then what.. in 2015 they quit?

Did anyone pick up the slack? I would like to see how much rank the US would be losing under the GOP’s Trump regime.

I was disappointed to see that the qrcode package gives no way to insert an image into the center of the QR code. But in fact it turns out that QR codes cannot be made to have an alternate center. QR codes are simply spec’d to have 30% redundancy. So you can simply overwrite up to 30% of a QR code arbitrarily and it will still decode as long as you don’t mess with the boxes on the 4 corners.

Also worth noting that you can exceed 30% interference if you play games with colors. That is, if a transparent pic uses sufficiently light colors that pass as white (in a black vs white dithering algo), then those pixels obviously don’t count in the 30% tolerance. So some quite clever work could exploit this to make a QR code look less like a pixel blob.

I guess the gripe that I have is that redundancy is fixed at 30% for all QR codes, IIUC.

In principle, we should be able to generate a code with 50% redundancy and then clobber up to 50% of it.

There is a periodic meeting of linux users in my area where everyone brings laptops and connects to a LAN. Just wondering if I want to share files with them, what are decent options? Is FTP still the best option or has anything more interesting emerged in the past couple decades? Guess I would not want to maintain a webpage so web servers are nixed. It’s mainly so ppl can fetch linux ISO images and perhaps upload what they have as well.

(update) options on the table:

• ProFTPd
• OpenSSH SFTP server (built into SSHd)
• SAMBA
• webDAV file server - maybe worth a look, if other options don’t pan out; but I imagine it most likely does not support users uploading

I started looking at OpenSSH but it’s very basic. I can specify a chroot dir that everyone lands in, but it’s impossible to give users write permission in that directory. So there must be a subdir with write perms. Seems a bit hokey.. forces people to chdir right away. I think ProFTPd won’t have that limitation.

There is a particular public hotspot where tor takes like an hour to establish a connection on. It’s stuck on 10% shows a running count of connection attempts upwards of 40.

What does this mean? Is it that the wi-fi operator is blocking guard nodes, but perhaps only a snapshot of guard nodes? When I finally connect, is it a case where I managed to get a more recent guard node than the wi-fi operator knows about?

Translating the Debian install instructions to tor network use, we have:

  torsocks wget https://apt.benthetechguy.net/benthetechguy-archive-keyring.gpg -O /usr/share/keyrings/benthetechguy-archive-keyring.gpg
  echo "deb [signed-by=/usr/share/keyrings/benthetechguy-archive-keyring.gpg] tor://apt.benthetechguy.net/debian bookworm non-free" > /etc/apt/sources.list.d/benthetechguy.list
  apt update
  apt install makemkv

apt update yields:

Ign:9 tor+https://apt.benthetechguy.net/debian bookworm InRelease
Ign:9 tor+https://apt.benthetechguy.net/debian bookworm InRelease
Ign:9 tor+https://apt.benthetechguy.net/debian bookworm InRelease
Err:9 tor+https://apt.benthetechguy.net/debian bookworm InRelease
  Connection failed [IP: 127.0.0.1 9050]

Turns out apt.benthetechguy.net is jailed in Cloudflare. And apparently the code is not developed out in the open -- there is no public code repo or even a bug tracker. Even the forums are a bit exclusive (registration on a particular host is required and disposable email addresses are refused). There is no makemkv IRC channel (according to netsplit.de).

There is a blurb somewhere that the author is looking to get MakeMKV into the official Debian repos and is looking for a sponsor (someone with a Debian account). But I wonder if this project would even qualify for the non-free category. Debian does not just take any non-free s/w.. it's more for drivers and the like.

Alternatives?

The reason I looked into #makemkv was that Handbrake essentially forces users into a long CPU-intensive transcoding process. It cannot simply rip the bits as they are. MakeMKV relieves us of transcoding at the same time as ripping. But getting it is a shit show.

Back in the days of dial-up BBSs and Internet via a real modem, speed and availability constraints led to apps that work well offline.

Now that most people have unlimited broadband, offline tools have become rare. Now we are trapped in an infrastructure that constrains us to having internet at all times which is then reinforced by the Tyranny of Convenience.

So when someone makes the point “boycott Time Warner/Spectrum because they support right-wing politics and assault privacy”, ppl are helpless.. unable to stomach the idea of being offline. It’s like no one has the constitution to say “fuck this shit”.

The web has become such garbage that I am happy to be offline. Shitty ISPs don’t get a dime from me. No more paying for something that is infested with surveillance advertising, CAPTCHA, and garbage. I’m content to periodically login from public hotspots.

But not a single lemmy client for offline use.. to sync when plugged in and then read and compose replies later. This would give a better workflow even if always online because you would have a local copy (useful when servers bail out out of the pure fucking blue).

The hecklers will say “what are you waiting for.. write it yourself!” As if 1 person can recreate a whole infrastructure (lemmy, kbin, mastodon, xmpp, scraper bots, etc). The heart of the issue is it’s a paradigm that’s being overlooked. If you are going to create an app for whatever reason, why not design it at the ground level to work offline and headless? Of course it would also work online and a GUI can be a separate module. But the reverse is not true.. design an app to expect always-available internet and you have something that cannot easily adapt to an offline workflow.

If you sit in front of a PC with a big screen all day, smartphones are not a good way to do SMS. Rationale:

• you have to reach for a small screen & possibly tap around (enter PINs) to see the txt that just arrived
• smartphones have a huge attack surface; street-wise people do not put GSM chips in them
• to send a msg, you have to tap on a tiny keyboard (or fiddle with a dicey speech-to-text tool)
• if your phone breaks, you lose access to all your SMS msgs. (Gammu can copy all your SMS msgs even if your screen is shattered, but only from dumb phones)
• (countless software freedom issues here… gammu does not work with smartphones because smartphones do not support a standard AT command protocol)

Theoretically, isn’t gammu or gnokii a smarter way of working? If you have a text terminal and gnu screen/tmux running, possibly with irssi, it would be a much more efficient workflow if SMS msgs would arrive in an irssi window just like an IRC channel so you can use your full size keyboard to enter an SMS.

Anyone doing this?

I got gammu working on an old dumb phone. Haven’t checked yet whether it can be integrated into irssi or bitlbee.

Possible snag: serial connections are possibly unreliable with Gammu. My USB→serial DCU-65 cable attached to a Sony Ericsson dumb phone chronically disconnects and reconnects to the PC. I wonder if using bluetooth instead would solve that.

The gammu and gnokii projects seem to be somewhat idling.. having been pushed aside due to smartphones. But it’s unjust and an artifact of tech wisdom fading in the population.