forsidebilde

Harald Eilertsen

harald@hub.volse.no

  
Björn Schießle 🇪🇺Björn Schießle 🇪🇺 skrev følgende innlegg Tue, 18 Sep 2018 12:55:50 +0200
#ActivityPub has the potential to change the way we think and act on the #internet, in a way that encourages #decentralization and puts users first again. That’s a vision worth fighting for. By @jdormit https://jeremydormitzer.com/blog/what-is-activitypub-and-how-will-it-change-the-internet/
  
Programmet til årets Ramaskrik begynner å ta form: https://ramaskrik.no/program/

#horror #skrekkfilm #ramaskrik #oppdal #norge
  
Bjørn Gregory-StærkBjørn Gregory-Stærk skrev følgende innlegg Thu, 13 Sep 2018 13:27:42 +0200
Jakten på den grønne lykken er nå ute, på papir og som ebok: http://www.humanistforlag.no/jakten-paa-den-groenne-lykken.6136558-325894.html

En journalist spurte meg hvem jeg skrev den for. Jeg slet med å svare, for jeg har egentlig bare fulgt nysgjerrigheten min, men her er et svar: Det er en bok for folk som er som meg, som kanskje ikke har beina plantet i miljøbevegelsen, men som merker at samfunnet vårt er på kollisjonskurs med naturen, andre mennesker og oss selv, og leter etter noe positivt som kan inspirere oss til å finne veien ut.
  


What we're left with is a license condition that does nothing to benefit individual contributors or other users, and costs us the opportunity to fork projects in response to disagreements over design decisions or governance. What it does is ensure that a range of VC-backed projects are in a better position to improve their returns, without any guarantee that the commons will be left better off.

 Ultima 2018: William Kentridge – Ursonate

Starter: lørdag september 15, 2018 @ 7:00 PM
Slutter: lørdag september 15, 2018 @ 8:00 PM
  
Bilde/fotografi

Ursonate, som er skrevet av den tyske dadaisten og eksilkunstneren Kurt Schwitters (1887–1948), har blitt kalt 1900-tallets fremste lyddikt. Verket ble fullført i 1932 og er firedelt, som en klassisk symfoni. Det består av vokale lyder og et merkelig, fremmed språk. I senere år har Ursonate blitt anerkjent som et mesterverk.

Nå tar den sørafrikanske kunstneren William Kentridge sin Performa 2017-produksjon av Ursonate til Ultima. Hans timelange versjon er en svært fysisk tolkning av verket, som blant annet innebærer voldsomme kroppsbevegelser og en samling projiserte bilder som utfyller og kommenterer teksten.

https://operaen.no/forestillinger/ultima-2018-william-kentridge-ursonate-opera/
Plassering: Den norske Opera, Oslo
  
  
You may check out this earlier performance. I think... Didn't watch it myself as I don't want to spoil seeing it on saturday.

 Kunstutstilling m/Lailia Litangen

Starter: lørdag september 22, 2018 @ 11:00 AM
Slutter: lørdag september 22, 2018 @ 3:00 PM
  

Salgsutstilling – malerier av Laila Litangen.


Bilde/fotografi
Plassering: Kafé Tandem, Grefsenveien 26, Oslo
  
Seems I can connect to @pixelfed accounts now, but posts don't federate yet. Not sure if the problem is with #hubzilla, #pixelfed or if this is to be expected for now. Still: things are progressing!
 fra Diaspora
Most every ActivityPub platform has had trouble initially connecting with Hubzilla because they usually do the bare minimum to support Mastodon, and then ship the product. In every case we've seen so far, it is because they assume that every platform implements ActivityPub exactly as Mastodon does; while the actual specification allows for some wildly different interpretations.
  
That's what I expected too. The developer seems responsive, though so I'm sure it'll improve rapidly.
  
Matrix.orgMatrix.org skrev følgende innlegg Thu, 06 Sep 2018 14:06:44 +0200
Synapse critical security update 0.33.3.1 has just been released as per yesterday’s planned disclosure announcement: https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/ . It impacts all previous Synapse versions. Please upgrade asap.

  
System broadcasts by Android OS expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.


https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/

#android #vulnerability #security #privacy
  
AnbaricAnbaric skrev følgende innlegg Mon, 03 Sep 2018 09:37:33 +0200

  
You can check out the new Manes album Slow Motion Death Sequence here:
https://heavymetal.no/blog/posts/manes-doden-i-slomo-albumstream

Unless you read Norwegian you may want to skip the interview, and head straight for the embedded player a bit down the page. Another promising release from Manes!

#manes #avantgarde #metal #norwegien
 Music

  
Bilde/fotografi

FINN FREM BADEBUKSA! Etter et par år med kalde og hustrige utevisninger kan du nå legge igjen longsen og ta med badetøy. Lørdag 20. Oktober åpner vi bassenget med sine deilige varmegrader, boblebad og vannsklie for en visning av Alexandre Ajas festlige horrorkomedie «Piranha».


https://ramaskrik.no/nyheter/fuktig-visning-av-piranha/

#piranha #horror #oppdal #ramaskrik

  
HTTP Strict Transport Security is a very nice feature. By returning a response with this header set from a properly configured HTTPS site, you instruct the browsers to don't try to contact your server over unsecured channels again. At least until the validity of the header times out. Even better, by submitting your domain to google, they'll put it on a list that is embedded by all the major browsers, so that the browser will insist on using a secured channel even the first time it connects to your server. Great stuff, you should use it!

Now I maintain the code for a few web sites, and as a precaution against my own fuck-ups, I have set up a virtual mirror of my hosting environments as a staging area. That is where I deploy my code once I think I have done something useful to it, and if it works there, I go on and deploy it to the actual production servers. Again, VirtualBox makes this easy and straight forward to do.

The final piece of the puzzle is of course to hack the hosts file on my system so that Server Name Indication (SNI) works as it should on my virtual staging boxes. Since I don't want to block access to the production servers I have created my own internal TLD (.dev as it happens,) and use names under that TLD to reach my staging setups. This has worked flawlessly for a long time.

Just this weekend I had to pick up an old project for some fairly simple fixes. The code changes didn't take much time, deploying to the staging server is always more painful, but not more than usual. It's when I point my web browser to the staging site to see that everything works the pain begins... Firefox helpfully informs me that the site is using HSTS, so a self signed cert will not do, thank you! Qutebrowser just hangs around and does nothing... Curl is happy giving me the site, as long as I tell it to not be too picky about the cert. So I know the server is working, and as expected the returned headers don't mention anything at all about HTTP Strict Transport Security. No matter how sternly I frown, nothing can convince Firefox or Qutebrowser to show me my site.

Checking https://hstspreload.org to see if some nuthead has submittet my internal site to the HSTS preload list, and sure enough - there it is! That's when I discovered Google has registered the .dev top level domain, and I'll have to find myself another one for my internal tests. That means reconfiguring my staging vms, regenerating certs and changing my hosts files as well. Hopefully I can find something that will never be an official TLD, so nobody will submit any name that matches mine to the HSTS preload list.

Grumpf!

#hsts #tld #webdev #tls #security #programming
 fra Diaspora
I’m not sure how I can install let’s encrypt certs without exposing them to the public internet.

Fairly simple: Use DNS-based challenge, in which case you don't need the host hooked up to the net at all, as certs are issued to you as long as your public DNS responds with the correct entries.

As for .local I'm unsure whether or not ICANN has a definitive answer about it's future use.
  
Thanks, I'll take a look at setting that up. Definitely looks like a better solution!
 fra Diaspora
My DNS provider actually modified his HTTPS-XML-API for me when I set it up.
That's the most complicated part: Getting the challenges into the DNS via scripting, if the provider supports that at all...
  
joshs harpjoshs harp skrev følgende innlegg Sat, 01 Sep 2018 14:45:13 +0200
"Apple recently became the first publicly traded American company to be valued at $1 trillion. It is also the world’s single greatest direct cause of inequality. This claim is not polemical, but statistical: Apple redistributes more wealth upward than any corporation or country on the planet."

http://bostonreview.net/class-inequality/robert-homan-think-different

(but hey, some people will tell you that Mozilla are the bad guys. 🙄)
  
Y AY A skrev følgende innlegg Fri, 31 Aug 2018 19:09:08 +0200

Til Galdhøpiggen i kåpe og dress


Disse private opptakene viser utenlandske turister sitt første møte med en norsk bre. I dress eller kåpe, og med veska på armen, ville de opp på toppen.Bilde/fotografi
FJELLTUR I PENKLÆR: Denne private videoen viser utenlandske turister på bretur i Jotunheimen.

De utenlandske bussturistene kom i hopetall for å oppleve en norsk isbre og kanskje komme seg opp på nordeuropas høyeste fjell.

Det var Åmund Elvesæter, som drev turisthotell på Elveseter i Bøverdalen på 1950-tallet, som tok opp denne filmen. Han hadde et ønske om å kjøre turistene helt opp på piggen. Han var både driftig og forutseende og tenkte ut mange ulike måter å få turistene fram på.

#funny #Norway #tourist #video #Jotunheimen #snow #mountain #slide #heehee
  
Hacker News ( unofficial )Hacker News ( unofficial ) skrev følgende innlegg Fri, 31 Aug 2018 19:12:41 +0200

x86-64 Assembly Language Programming with Ubuntu


The purpose of this text is to provide a reference for University level assembly language and systems programming courses. Specifically, this text addresses the x86-64 instruction set for the popular…

HN Discussion: https://news.ycombinator.com/item?id=17884893
Posted by lainon (karma: 13181)
Post stats: Points: 129 - Comments: 46 - 2018-08-31T12:21:55Z

\#HackerNews #assembly #language #programming #ubuntu #with #x86-64
Article content:

Bilde/fotografi


  [1]x86-64 Assembly Language Programming with Ubuntu Cover Page

The purpose of this text is to provide a reference for University level assembly language and systems programming courses.  Specifically, this text addresses the x86-64 instruction set for the popular x86-64 class of processors using the Ubuntu 64-bit Operating System (OS).  While the provided code and various examples should work under any Linux-based 64-bit OS, they have only been tested under Ubuntu 14.04 LTS (64-bit).

x86 Text, PDF Format:  [2]x86-64 Assembly Language Programming with Ubuntu

References

Visible links 2. http://www.egr.unlv.edu/~ed/assembly64.pdf

HackerNewsBot debug: Calculated post rank: 101 - Loop: 282 - Rank min: 100 - Author rank: 54

  
There's a first for everything. Today I went to a hip-hop gig, very much Norwegian-style. Great poets, and actually very good musicians. They have a funny perspective frim the Norwegian countryside. Still not quite my thing. Seems the other people there liked it though, and I think that's what matters.

Side Brok (means wide pants in certain Norwegian dialects,) and Sirkel Sag (Circular Saw) is absolutely entertaining, but I'll probably not be at their next gig.

Bilde/fotografi

#hiphop #concert #music #norway
  
This week I get to play with hardware at work. That's always a bit of fun. Flashing GnuK onto these little rascals turning them into simple OpenPGP hardware keys.

Bilde/fotografi

The programming headers next to the chip was so small I didn't have any header pins that fit. Had to chop the legs of an LED to use as pins. They had just the right size.

#diy #openpgp #crypto #hardware
  
What hardware are you using?
  
A very simple STM32 microcontroller board sold as an ST-Link compatible programmer. The headers on the back of the device is for programming other devices. But since the device is programmable itself, we use one of them to program the others. That's when we need to use the headers next to the chip as seen on the photo. We bought them through ali express for about two dollars a piece. There's several producers of these gizmos, so pinout and even the exact chip used may vary a bit from device to device, but it's not too hard to figure out. Here's one variant.
  
That's pretty slick!  I hadn't thought of using an ST-Link as a device, but it makes a lot of sense.