Recent blog entries

8 Dec 2016 marnanel   » (Journeyer)

My Plover steno dictionary

Here are some interesting definitions from my personal Plover steno dictionary.

Proper nouns

I have a habit of setting up proper nouns with -LZ on the right hand. (It's unlikely to clash with anything; there's no reason beyond that.) So for example:

"K-LZ": "King's Cross",
"SP-LZ": "St Pancras",

(K-LZ and SP-LZ were for typing out this story.)

Punctuation

"KR-GS": "{^~|”}",
"KR-GZ": "{^~|\"}",
"KW-GS": "{~|“^}",
"KW-GZ": "{~|\"^}",
In the standard dictionary, KW-GS and KR-GS are open and close quotes, respectively. I've remapped them to curly quotes. The straight quotes are moved to KW-GZ and KR-GZ in case I need them.

"-RBS": "{^,” said}",
"SKHRAPLS": "{^!” said}",
Separate chords for typing things like comma, close quote, "said", These save me a lot of time. SKHRAPLS also avoids writing a capital S in, for example, "Woof!" Said the dog (because the exclamation mark makes Plover think you've started a new sentence).

"R-R": "{^}{#Return}{#Return}{^}{-|}",
"R-RS": "{^}{#Return}{#Return}{^}“{^}{-|}",
Because I can never remember the chord for "new paragraph".

"TK-RB": "{^—}",
TK-RB is the standard stroke for a dash, but here it's remapped to an em dash.

Pedantry
"TEUL": "until",
"TIL": "till",
In the standard dictionary, these are until and 'til, respectively. I have remapped them because 'til is not a thing.
 
Others
"OG": "oh",
"PH-R": "Mr {-|}",
"PH-RS": "Mrs {-|}",
"SED": "said",
"THO": "though",
"WAOEU": "why"
The standard strokes for oh and Mr are bizarre and unmemorable.
This entry was originally posted at http://marnanel.dreamwidth.org/382232.html. Please comment there using OpenID.

Syndicated 2016-12-08 14:31:08 (Updated 2016-12-08 17:42:59) from Monument

8 Dec 2016 superuser   » (Journeyer)

Devember 2016 – Day 7

Busy night, I had to help on call people in the middle of my coding, so
it delayed things. Still, I put in my hour. Later than I wanted, but
here it is. Started adding Router stuff. Learning about React in the
process. Yay!

Day 7 is here on GitHub.

Syndicated 2016-12-08 05:51:27 from JasonLotito

7 Dec 2016 LaForge   » (Master)

Open Hardware IEEE 802.15.4 adapter "ATUSB" available again

Many years ago, in the aftermath of Openmoko shutting down, fellow former Linux kernel hacker Werner Almesberger was working on an IEEE 802.15.4 (WPAN) adapter for the Ben Nanonote.

As a spin-off to that, the ATUSB device was designed: A general-purpose open hardware (and FOSS firmware + driver) IEEE 802.15.4 adapter that can be plugged into any USB port.

/images/atusb.jpg

This adapter has received a mainline linux kernel driver written by Werner Almesberger and Stefan Schmidt, which was eventually merged into mainline Linux in May 2015 (kernel v4.2 and later).

Earlier in 2016, Stefan Schmidt (the current ATUSB Linux driver maintainer) approached me about the situation that ATUSB hardware was frequently asked for, but currently unavailable in its physical/manufactured form. As we run a shop with smaller electronics items for the wider Osmocom community at sysmocom, and we also frequently deal with contract manufacturers for low-volume electronics like the SIMtrace device anyway, it was easy to say "yes, we'll do it".

As a result, ready-built, programmed and tested ATUSB devices are now finally available from the sysmocom webshop

Note: I was never involved with the development of the ATUSB hardware, firmware or driver software at any point in time. All credits go to Werner, Stefan and other contributors around ATUSB.

Syndicated 2016-12-07 00:00:00 from LaForge's home page

7 Dec 2016 superuser   » (Journeyer)

Devember 2016 – Day 6

So, adding in react after the fact was a pain. But it’s mostly working.
I still need to fix actually clicking on the links, but the basics of
React is up and running. Still a lot more work to be done, but still
making progress.

Syndicated 2016-12-07 05:08:35 from JasonLotito

6 Dec 2016 LaForge   » (Master)

The IT security culture, hackers industry consortiums

In a previous life I used to do a lot of IT security work, probably even at a time when most people had no idea what IT security actually is. I grew up with the Chaos Computer Club, as it was a great place to meet people with common interests, skills and ethics. People were hacking (aka 'doing security research') for fun, to grow their skills, to advance society, to point out corporate stupidities and to raise awareness about issues.

I've always shared any results worth noting with the general public. Whether it was in RFID security, on GSM security, TETRA security, etc.

Even more so, I always shared the tools, creating free software implementations of systems that - at that time - were very difficult to impossible to access unless you worked for the vendors of related device, who obviously had a different agenda then to disclose security concerns to the general public.

Publishing security related findings at related conferences can be interpreted in two ways:

On the one hand, presenting at a major event will add to your credibility and reputation. That's a nice byproduct, but that shouldn't be the primarily reason, unless you're some kind of a egocentric stage addict.

On the other hand, presenting findings or giving any kind of presentation or lecture at an event is a statement of support for that event. When I submit a presentation at a given event, I think carefully if that topic actually matches the event.

The reason that I didn't submit any talks in recent years at CCC events is not that I didn't do technically exciting stuff that I could talk about - or that I wouldn't have the reputation that would make people consider my submission in the programme committee. I just thought there was nothing in my work relevant enough to bother the CCC attendees with.

So when Holger 'zecke' Freyther and I chose to present about our recent journeys into exploring modern cellular modems at the annual Chaos Communications Congress, we did so because the CCC Congress is the right audience for this talk. We did so, because we think the people there are the kind of community of like-minded spirits that we would like to contribute to. Whom we would like to give something back, for the many years of excellent presentations and conversations had.

So far so good.

However, in 2016, something happened that I haven't seen yet in my 17 years of speaking at Free Software, Linux, IT Security and other conferences: A select industry group (in this case the GSMA) asking me out of the blue to give them the talk one month in advance at a private industry event.

I could hardly believe it. How could they? Who am I? Am I spending sleepless nights and non-existing spare time into security research of cellular modems to give a free presentation to corporate guys at a closed industry meeting? The same kind of industries that create the problems in the first place, and who don't get their act together in building secure devices that respect people's privacy? Certainly not. I spend sleepless nights of hacking because I want to share the results with my friends. To share it with people who have the same passion, whom I respect and trust. To help my fellow hackers to understand technology one step more.

If that kind of request to undermine the researcher/authors initial publication among friends is happening to me, I'm quite sure it must be happening to other speakers at the 33C3 or other events, too. And that makes me very sad. I think the initial publication is something that connects the speaker/author with his audience.

Let's hope the researchers/hackers/speakers have sufficiently strong ethics to refuse such requests. If certain findings are initially published at a certain conference, then that is the initial publication. Period. Sure, you can ask afterwards if an author wants to repeat the presentation (or a similar one) at other events. But pre-empting the initial publication? Certainly not with me.

I offered the GSMA that I could talk on the importance of having FOSS implementations of cellular protocol stacks as enabler for security research, but apparently this was not to their interest. Seems like all they wanted is an exclusive heads-up on work they neither commissioned or supported in any other way.

And btw, I don't think what Holger and I will present about is all that exciting in the first place. More or less the standard kind of security nightmares. By now we are all so numbed down by nobody considering security and/or privacy in design of IT systems, that is is hardly any news. IoT how it is done so far might very well be the doom of mankind. An unstoppable tsunami of insecure and privacy-invading devices, built on ever more complex technology with way too many security issues. We shall henceforth call IoT the Industry of Thoughtlessness.

Syndicated 2016-12-06 07:00:00 from LaForge's home page

6 Dec 2016 superuser   » (Journeyer)

Devember 2016 – Day 5

Another day has gone by.  Another video.  And more code. I learned that the recordings are difficult or impossible to see on screens smaller than an ultrawide, so this means they are mostly useless.  I need to come up with a solution to that if I mean to keep streaming.

From my commit:

So, didn't really think about it before, but decided to add
configuration injection into our commands.  This seems to have worked
out well and I'm happy with the results.  The command defines the
configuration and where it expects it, and the application provides the
external configuration in the appropriate location and it automatically
gets injected.

We also now can display route details.  This still needs more work, but
we are doing well and progressing.

Syndicated 2016-12-06 04:52:29 from JasonLotito

5 Dec 2016 berend   » (Journeyer)

Just had an ancient HP ProLiant dying on me: simultaneous failure of a memory bank, and a hard disk. Luckily hard disks were mirrored, phew.

As it was urgent, I bought a server I could pickup: an IBM Express x3100 M4. Warning: do not get this server. On a good day the thing takes 5 minutes to get to disk boot! Very time consuming to get that going. Also needed to apply an urgent firmware update, but no clue how that worked. Tried to run the IBM UpdateXPress ibm_utl_uxspi tool, but somehow that didn't seem to want to work on Ubuntu. Tried everything to get that going, booting OpenSUSE disk, booting SUSE EnterPrise Server 11 rescue disk, simply didn't want to work.

In the end I discovered that I had to use the IBM Bootable Media Creator utility. Doesn't run on Ubuntu. So installed a supported OS, SUSE Linux Enterprise Server 11 via my VMWare Workstation tool, and could then run BoMC. Once you know how updating firmware works, it works quite well, but boy is this hard to figure out. Took me a day of trying things, before I hit on this. And five minute boot times don't help. The IBM readme's are written by lawyers, not for people in a hurry.

This IBM X Server is apparently nice with something called Integrated Management Module II, but couldn't get that going, because I needed an activation key which I didn't have for some reason. I'll email IBM support, see if helps.

Pity I was in a hurry else I would have gotten a System76 or IX Systems box, they just work without getting in the way.

5 Dec 2016 salmoni   » (Master)

I just released a Python-based interpreter for the CESIL language.

https://github.com/salmoni/CESILPy

When I was first being taught computers (1983-1985), this was our first language. It had a massive total of 14 instructions and initially ran as a batch job. In my school, we had a Research Machines thing that ran the code but getting access was hard.

It was a good experience though. I was taught to plan properly: Write the expected output for a set of inputs (unit testing on paper), draw a flowchart of the flow, and then write the actual code on paper before even sitting down at a computer.

More information on CESIL.

BTW, I got Salstat running on FreeBSD as well as Linux, OSX and Windows.

5 Dec 2016 superuser   » (Journeyer)

Devember 2016 – Day 4

Day four is done. Got the UI up today, though it’s very basic.  Decided that the API builder should, obviously, not worry about HTML output.  It should be focused on outputting results as if it’s an API, not acting as a template.  That being said, nothing prevents that from happening.  HTTP is, effectively, and API.  But the focus is on data in a format like JSON.

I streamed it once again so you can follow along with the thought process.

I think tomorrow I’ll continue with the UI, building out a system that allows you to compose commands together.

Syndicated 2016-12-05 01:03:42 from JasonLotito

3 Dec 2016 superuser   » (Journeyer)

Devember 2016 – Day 3

Day three is done. Not much done today.  Cleanup and work on the output functionality.  I streamed it once again so you can follow along with the thought process.

Added a TODO.md file, which I think is handy in terms of keeping track of my thoughts, on what has been done, and what needs to be done.  I think tomorrow I’m going to work a bit on a UI that is built using this system.  Still not sure of a name.  Still, three days down.  Let’s keep it going.

Syndicated 2016-12-03 22:53:56 from JasonLotito

3 Dec 2016 superuser   » (Journeyer)

Devember 2016 – Day 2

Day two is complete. Continued work on the stuff I was doing yesterday.  Streamed it live to no one. That’s fine.  Overall, I’m happy with the progress I’ve made tonight.  Handled outputs, both from defining the API along with the context of the request.

I think tomorrow I might want to tackle parallel commands.  So, if I wanted to fetch multiple pieces of data at once, I could do that.  Maybe I can do something more real tomorrow, such as have something that requests someones Twitter and GitHub feed at the same time.  I could do that.

Syndicated 2016-12-03 04:10:05 from JasonLotito

2 Dec 2016 mjg59   » (Master)

Ubuntu still isn't free software

Mark Shuttleworth just blogged about their stance against unofficial Ubuntu images. The assertion is that a cloud hoster is providing unofficial and modified Ubuntu images, and that these images are meaningfully different from upstream Ubuntu in terms of their functionality and security. Users are attempting to make use of these images, are finding that they don't work properly and are assuming that Ubuntu is a shoddy product. This is an entirely legitimate concern, and if Canonical are acting to reduce user confusion then they should be commended for that.

The appropriate means to handle this kind of issue is trademark law. If someone claims that something is Ubuntu when it isn't, that's probably an infringement of the trademark and it's entirely reasonable for the trademark owner to take action to protect the value associated with their trademark. But Canonical's IP policy goes much further than that - it can be interpreted as meaning[1] that you can't distribute works based on Ubuntu without paying Canonical for the privilege, even if you call it something other than Ubuntu.

This remains incompatible with the principles of free software. The freedom to take someone else's work and redistribute it is a vital part of the four freedoms. It's legitimate for Canonical to insist that you not pass it off as their work when doing so, but their IP policy continues to insist that you remove all references to Canonical's trademarks even if their use would not infringe trademark law.

If you ask a copyright holder if you can give a copy of their work to someone else (assuming it doesn't infringe trademark law), and they say no or insist you need an additional contract, it's not free software. If they insist that you recompile source code before you can give copies to someone else, it's not free software. Asking that you remove trademarks that would otherwise infringe trademark law is fine, but if you can't use their trademarks in non-infringing ways, that's still not free software.

Canonical's IP policy continues to impose restrictions on all of these things, and therefore Ubuntu is not free software.

[1] And by "interpreted as meaning" I mean that's what it says and Canonical refuse to say otherwise

comment count unavailable comments

Syndicated 2016-12-02 09:37:41 from Matthew Garrett

2 Dec 2016 superuser   » (Journeyer)

Devember 2016 – Day 1

Day one is complete. I’m working on something completely different, but it’s started.

I want to build a system where APIs can be built using Node.js in a way that allows you to piece together different methods.  I realize there are systems out there like this, but I couldn’t find anything that meets my goals.  Besides, I wanted to build it.  Today was a longer day.  More than an hour, mostly because I didn’t want to leave it in a half state.  I can continue tomorrow where I left off with a working system and clear next steps.

I live streamed the entire session using Twitch.  There was one point where I was dealing with an error that I could not figure out.  Here is the moment I discover the very simple error. At some level, it’s fairly embarrassing to have that live on video.  But things like that do happen.

Most of this is being designed as I go along.  I’m not so concerned about performance at the moment.  Mostly it’s about getting it working.

Syndicated 2016-12-02 04:29:51 from JasonLotito

1 Dec 2016 caolan   » (Master)

Impress LibreOffice OpenGL Slide Transitions under Wayland via GTK3