Subscribe: jorgenmodin.net - rss.xml
http://jorgenmodin.net/index_html/rss.xml
Added By: Feedage Forager Feedage Grade B rated
Language: Swedish
Tags:
alt  att  code  ctrl alt  ctrl  downside  encrypted  https  linux  och att  och  people sitg  people  sitg  ubuntu  ‏ sitg   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: jorgenmodin.net - rss.xml

Blogfeed





 



Convert hex or base64 to binary on the Linux command line

Thu, 19 Apr 2018 18:27:56 +0200

base64:

base64 -d infile.base64 > outfile.bin

hex (untested):

xxd -r -p input.txt output.bin

https://stackoverflow.com/questions/7826526/transform-a-hex-info-to-binary-using-linux-command




The IT guy

Sun, 08 Apr 2018 16:03:41 +0200

I have met a few IT guys who sound pretty much like this. Often very knowledgeable in their field, but sometimes difficult to get to work fruitfully in a bigger context.

width="560" height="315" src="https://www.youtube.com/embed/02a723LsoFA?rel=0" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen="allowfullscreen">



Legal/IT pioneers whose names I have problems remembering

Wed, 28 Mar 2018 20:53:22 +0200

In the spirit of using this blog also as my notepad:

 

  • Eben Moglen
  • Lawrence Lessig

 

And some keywords so I can find them again:

EFF, Electronic frontier foundation, law, cyberspace. Columbia, Stanford.




How to use locate on an encrypted home directory

Wed, 14 Mar 2018 22:45:17 +0100

Use a separate db for the encrypted part, and store that db on that encrypted part. A complete working solution with safeguards for not running when on battery or when the directory is encrypted, is linked below:

Read more: Link - tolaris.com · Secure locate with ecryptfs, part 2




Funny cat video: Sail

Mon, 12 Mar 2018 23:44:32 +0100

Yes, the blog is posting this…SAIL!

http://videohall.tumblr.com/post/22947862416/anybody-know-what-happened-to-the-cat




Yopass - an attempt to more securely share secrets

Mon, 12 Mar 2018 22:58:55 +0100

Seems to be about expiring urls and some encryption. Demo here: https://yopass.se/




Setting up 2 factor authentication for ssh logins on Ubuntu 16.04

Sun, 04 Mar 2018 05:30:00 +0100

totp is a way to use your Google Authenticator, FreeOTP or similar to add a layer of security to your ssh logins.

This guide worked for me (Linode):

Use One-Time Passwords for Two-Factor Authentication with SSH on Ubuntu 16.04 and Debian 8

While this guide did not enable totp for me:

https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04

 




How to drop to console in Ubuntu 17.10

Fri, 02 Mar 2018 09:55:00 +0100

It used to be Ctrl+Alt+F1, and then to get back Ctrl+Alt+F7.

Now it is Ctrl+Alt+F3, and the to get back Ctrl+Alt+F2. Actually a bit more logical than using F7. Ctrl+Alt+F1 is GUI login.

 

After upgrading to 17.10 like a true pioneer, I found the old CtrlAltF1 no longer switches between console mode and GUI, and a quick Google search brought up nothing useful. Was this feature removed entirely?


Read more: Link - gdm - How do I switch between console mode and GUI in 17.10? - Ask Ubuntu




Ord som har två motsatta betydelser

Mon, 26 Feb 2018 10:51:53 +0100

I engelskan, som i svenskan, så har en del ord antagit två betydelser som är varandras motsatser. T ex i meningen: "Andrew's oversight caused a showstopper, and a dollop of money was made from the show".
Oversight betyder både överinseende och att missa att inspektera, showstopper betyder både att showen var så bra att alla stod och applåderade och att det inte gick att genomföra showen, och dollop betyder både en liten klutt och en stor klump. Så man har ingen aning hur det gick, ovan…

På svenska kan man bestrida en nota, vilket både betyder att betala den och att vägra betala den.




Summary by @Douglas9162 of Taleb's book "Skin in the game"

Fri, 23 Feb 2018 12:26:01 +0100

This is a summary of Taleb's book "Skin in the game" tweeted in 100 tweets by @Douglas9162, tweeted here: https://twitter.com/Douglas9162/status/965904588846051328 I saved the tweets, made some small edits wrt uniformity in spacing and capitalization. (A bot has also directly summarised the tweets here: https://threadreaderapp.com/thread/965904588846051328.html ) SITG is about 4 things: uncertainty, symmetry in human affairs, information in transactions and rationality in complex systems. These 4 are best solved through SITG ‏ 1- If you want the upside, you must also take the risk of downside (bankers being bailed out by the public are the antithesis of SITG) 2- Opinions are BS generally, unless someone lives/is exposed to the risks of that opinion it is invalid ‏ 3- SITG isn’t purely incentives, it is symmetry in upside and downside. It is also about justice, honor and sacrifice. ‏ 4- Having exposure to the real world, with upside and downside, is the only way to learn properly (‘pathemata mathemata’ – guide your learning through pain) ‏ 5- EXPOSURE TO REAL WORLD CONSEQUENCES >>> Intellectualising (despite what academia tells us) ‏ 6-Think in dynamics, not statics. Think in high, not low dimensions. Think in terms of interactions as well as actions. ‏ 7- “what is crucial here is that the downside doesn’t affect the interventionist. He continues his practice from the comfort of his thermally regulated suburban house, with a two car garage, a dog, a small play area with pesticide free grass and his overprotected 2.2 kids” LOL ‏ 8- Intelligentsia have no downside for their actions (no SITG) so should be avoided like the plague. ‏ 9- Its much easier to MACRO bullshit than Micro bullshit. E.g. people who are cool on social media are depressing in real life. Marketing people should focus on macro therefore, as micro BSing is far harder. ‏ 10- Government intervention in general tends to remove SITG ‏ 11- You will never convince someone that he is wrong, only reality can. ALL people should be at risk of all downside to their decisions. ‏ 12- There is no evolution without skin in the game – note how academics can be wrong for so long while businesses cannot ‏ 13- SITG doesn’t literally mean an eye for an eye – it just means there is a downside large enough to individuals to protect the overall system. ‏ 14- We know far more what is bad than what is good. Therefore, when treating others: no bad actions > good actions as a rule. ‏ 15- Universal behavior is great on paper, disastrous on paper. Behaviour does not scale. Family are not friends and random people on the street are not friends. I may jokingly call my friend a “dickhead” as endearment, this doesn’t scale well ‏ 16- Avoid taking advice from someone who gives advice for a living, unless there is a penalty for their advice. ‏ 17- The doer wins by doing, not convincing. E.g. if someone is trying to convince you how cool their life is then it is not cool ‏ 18- How often you forecast correctly is unimportant, it is which outcomes you can forecast right which matters. ‏ 19- SITG helps solve the black swan problem as that which has survived over time with SITG has proved its robustness ‏ 20-There are some risks we just cannot afford to take (systemic risks). There are some risks we cannot afford to NOT take. ‏ 21- SITG is mainly a bullshit filter for professionally slanted people ‏ 22- Theories are fine, just don’t tell people how to apply them. People with SITG decide what theories they need. ‏ 23-people with SITG bring simplicity. People with SITG have no benefit for added complexity. Therefore be careful of people without SITG proposing complex solutions for a problem. They have incentive to seem[...]



Adding a Kotlin bintray repository with Maven

Mon, 19 Feb 2018 02:25:00 +0100

Summary: Keeping pom in the source stanza as listed at bintray, makes IntelliJ/Maven unable to resolve the dependency. Deleting it makes it work.

(image)
(image) Click to view full-size image…

 

 

 




Can recompiling the kernels with LFENCE mitigate spectre and meltdown?

Sun, 14 Jan 2018 12:15:29 +0100

Daniel J. Bernstein on Twitter:

Even with today's ludicrously bloated kernels, I'm skeptical about the idea that speculative execution _in the kernel_ seriously helps computer performance. Has anyone measured overall slowdown from recompiling kernel branches to use LFENCE with new (fully serializing) microcode?

https://twitter.com/hashbreaker/status/951550271624241152




L4Linux — Linux ontop of a microkernel

Mon, 08 Jan 2018 00:55:00 +0100

Untested by me, but I wonder if it is less susceptible to the meltdown and spectre attacks, at least some aspects of them.

 

Welcome to L4Linux!


Read more: Link - L4Linux




Notes on the meltdown and spectre exploits

Fri, 05 Jan 2018 00:30:00 +0100

These are my notes for personal use on 2018-01-05, check authoritative sources and do not rely on what is written here.

As of today, here is a good source:

https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/

General strategy

Run sensitive stuff on dedicated computers

Google Chrome

Enable site isolation

chrome://flags/#enable-site-per-process

Firefox

Firefox 57 and onwards has a kind of timing resolution mitigation, which should help a bit.

Linux

Linux distros may have patched some already in December. Unclear right now how much it helps.

Brutally honest notes from the Xen project on these exploits, worth reading


https://xenbits.xen.org/xsa/advisory-254.html

Excerpts:

SP1, "Bounds-check bypass": Poison the branch predictor, such that
operating system or hypervisor code is speculatively executed past
boundary and security checks.  This would allow an attacker to, for
instance, cause speculative code in the normal hypercall / emulation
path to execute with wild array indexes.

SP2, "Branch Target Injection": Poison the branch predictor.
Well-abstracted code often involves calling function pointers via
indirect branches; reading these function pointers may involve a
(slow) memory access, so the CPU attempts to guess where indirect
branches will lead.  Poisoning this enables an attacker to
speculatively branch to any code that exists in the hypervisor.

SP3, "Rogue Data Load": On some processors, certain pagetable
permission checks only happen when the instruction is retired;
effectively meaning that speculative execution is not subject to
pagetable permission checks.  On such processors, an attacker can
speculatively execute arbitrary code in userspace with, effectively,
the highest privilege level.

MITIGATION
==========

There is no mitigation for SP1 and SP2.

SP3 can be mitigated by running guests in HVM or PVH mode.
….

RESOLUTION
==========

There is no available resolution for SP1 or SP3.

We are working on patches which mitigate SP2 but these are not
currently available.




How I got my Microsoft Bluetooth 3600 mouse to work on Ubuntu 17.10

Thu, 21 Dec 2017 09:55:00 +0100

Now I do not know if or why this did the trick, but following the instructions here:

https://askubuntu.com/questions/966734/ubuntu-17-10-not-detecting-bluetooth-mouse

echo "options iwlwifi bt_coex_active=0"|sudo tee --append /etc/modprobe.d/iwlwifi.conf

then you should restart your computer or you can reload your wifi modules. Again in one line:

sudo rmmod iwlmvm iwlwifi && sudo modprobe iwlmvm

…gave a lot of new devices discovered in bluetoothctl, among which I could pair and trust the mouse. This issue was driving me nuts btw.


bluetoothctl

[NEW] Device CE:AB:BA:AB:87:87 BluetoothMouse3600

pair CE

trust CE

Here is some explanation but seems to go the other way…

https://superuser.com/questions/924559/wifi-connection-troubles-solved-why-does-my-fix-work