Uwe Hermann @uwehermann@fosstodon.org

Congrats to @letsencrypt for issuing their 1 billionth certificate and helping encrypt the entire Internet! https://twitter.com/letsencrypt/status/1233062610888585216

Our community member MagneFire got Quake 1 working on #AsteroidOS 🎮
https://github.com/MagneFire/meta-games
https://github.com/MagneFire/lp-public

OpenPush - A Free, #Decentralized Push Messaging Framework for #Android

"Push messages are an essential part of connected mobile devices. They are also one of the critical missing pieces in the #opensource Android ecosystem. Until now, free Android apps would either need to implement their own push notification system, do without any push messaging or use the proprietary Google Cloud Messaging service."

https://f-droid.org/en/2020/02/03/openpush-talk.html

http://a.b.c.d.e.f.g.h.i.j.k.l.m.n.oo.pp.qqq.rrrr.ssssss.tttttttt.uuuuuuuuuuu.vvvvvvvvvvvvvvv.wwwwwwwwwwwwwwwwwwwwww.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.me/ #RFC1035

Recent #PulseView features you might have missed: annotation export in various formats (printf-style spec), protocol decoder subwindow which allows nicer PD selection and stacking.

https://www.sigrok.org/blog/pulseview-features-you-might-have-missed

#sigrok

RT @PeterZaitsev@twitter.com

How bad is direct curl to shell ? https://www.arp242.net/curl-to-sh.html #curl #linux #security

Git is planning to switch to SHA-256 soon. This is all great news, but the best thing is the command to convert an existing repo to the new hash. It reads like a shitpost and gets better with each argument:

git convert-repo --to-hash=sha-256 --frobnicate-blobs --climb-subtrees --liability-waiver=none --use-shovels --carbon-offsets

Source: https://lwn.net/SubscriberLink/811068/cfeb6a67b8dfbe47/

I've been looking into DIY routers. Does anyone here have one? What operating system/software does it run?

"Facebook will now show you exactly how it stalks you — even when you’re not using Facebook"

You can view your off-Facebook activity history, clear it and disconnect if from your Facebook account using the new Off-Facebook Activity tool at https://www.facebook.com/off_facebook_activity/

"How to exit vim: Below are some simple methods for exiting vim."

https://github.com/hakluke/how-to-exit-vim

This is a very thorough analysis of the security principles and usability of various Two Factor Authentication systems: https://wiki.shibboleth.net/confluence/display/~trscavo@ncsa.illinois.edu/Two-Factor+Authentication

people were talking about the millennium bug recently, well it turns out a lot of the fixes just delayed the problem to 2020

"Programmers wanting to avoid the Y2K bug had two broad options: entirely rewrite their code, or adopt a quick fix called “windowing”, which would treat all dates from 00 to 20, as from the 2000s, rather than the 1900s. An estimated 80 per cent of computers fixed in 1999 used the quicker, cheaper option."

"Those systems that used the quick fix have now reached the end of that window, and have rolled back to 1920. Utility company bills have reportedly been produced with the erroneous date 1920, while tens of thousands of parking meters in New York City have declined credit card transactions because of the date glitch."

https://www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/

#Osmocom has just released new versions of the entire 2G/3G cellular network stack: See https://osmocom.org/news/123 for tthe release announcement - thanks for everyone contributing to this release!

Do you backup your email? If so, how and how often?

We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.

Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.

https://sha-mbles.github.io/

I decided to start the new year with some PCB Layout. Can you tell what it is? I am not sure if it is a good or a bad thing if you can recognize the footprint, but you are definitely in good company I recognize them pretty much instantly on other boards. :)

Visualising the amount of microplastic we eat https://graphics.reuters.com/ENVIRONMENT-PLASTIC/0100B4TF2MQ/index.html

Microphones are vulnerable to laser attack - https://lightcommands.com/
Smarter Every Day demonstrates controlling devices via laser, even through a window. https://www.youtube.com/watch?v=ozIKwGt38LQ

Setup is summarized at https://osmocom.org/projects/retro-bbs/wiki/36C3 - feel free to connect yourself with analog or ISDN lines to the patch panel (its labelled) in my absence.

#libsigrok 0.5.2 is released!

Roughly 40 or so additional devices (or whole device series) supported, improved USB HID support via HIDAPI, Bluetooth/BLE support (Linux-only for now, via BlueZ), and tons of improvements and bugfixes.

https://www.sigrok.org/blog/libsigrok-052-released

#sigrok