Configuring K-9 mail via command line
After reinstalling Replicant on phone, I couldn't bear to configure email settings again by hand, so wasted a couple of hours writing a script to do it instead.
Claes Wallin (韋嘉誠) likes this.
Cash all the way
A person at the table near me was being gently teased by their friends because they pay for things by cash. "Don't you have a card?" Made me smile. I love paying by cash - it's fast, anonymous, low risk of fraud and doesn't create a whole lot of noise on my bank account for inevitable fraudulent card transactions to hide in. Not to mention recent news of massive data leaks.Show all 6 repliesI agree and prefer my common, everyday purchases to be cash. The gas (gasoline) pump is one place that I miss where you could say fill 'er up and pay the attendant in cash. Today in my area, most are self serve, so I need to estimate the amount of the purchase or make a second trip in.
Emacs: Copying multiple things in a row
When copying and pasting several things in Emacs, I've always done it like this - alternating:
- copy A
- paste A
- copy B
- paste B
It only clicked for me today that it's easier to do the copies together, as long as you paste in the reverse order:
- copy A
- copy B
- paste B
- paste A
I've always known that when you copy or cut ("kill" in the Emacs lingo) some text in Emacs, that the selection goes onto a stack, called the
kill-ring(since it actually loops around). You can then paste ("yank") and immediately cycle through previous items on the stack with
yank-pop(M-y). Very handy if you get side-tracked and want something you copied a while back.
GPG email and the subject
I wouldn't make much of a secret agent. I go to all the effort of encrypting an email and after sending remember that the subject is unencrypted and basically sums up what the email is about. Not all my fault I suppose - it's a bit of a usability problem.
Upgrading a number of small websites with HTTPS,
Liking this tip from the Piwik team about using analytics in a way that complies with safe CSP settings.
Claes Wallin (韋嘉誠) likes this.Show all 5 replies
hyyps looked too risky
that stuff looks far worse than even that
its time to BREAK UP the cartels that try to bully us into a censorship regime
I will always resist that
there is no way in hell O would want to allow untrusted third parties to9 block any website I make!
untill they come up with something without the censorship risks plain old http will always be allowed
I won't budge on that and all the sloganising over https in recent years only makes me dig my heels in more.
I repeat - the issue is not the price of certificates, its the CENSORSHIP risk!.
now that browser BLOCK that is even worse!.
the brower cartel MUST be broken yp - had a gutful of their crapware in recent years.
sure encryption would be nice, but not if the price is to allow censorship.
@Michael You're right that there is some risk of censorship in that an HTTPS certificate could be revoked, which assuming you're using HSTS, censors you until you can get a new cert. There is also some risk that certificate authorities could sign certificates fraudulently.
It's a trade-off. HTTPS provides visitors privacy and authenticity when they access a web site or service and, for me, that's a higher priority.
While HTTP doesn't rely on a certification system, it is vulnerable to more subtle censorship and manipulation, in that spying and tampering with the information "in flight" is straightforward.
these days more worried about browser cartels than certificate cartels
re letsencrypt I need to find those instructions for doing it manually
there are multiple domains on the same server here and subdomains too
multiple "platforms" and an xmpp server too
I really do think the first time I should do it manually to make sure nothing breaks and I learn properly what needs to be done
(can probably automate it later once I know whats needed - just need to be sure I get web server configs right. I must avoid downtime as much as possible - there are users to consider!)
also cannot redirect http to https .. thats a no go for now
I do want to let users use https but still have that other option of they need it
I cannot rule out the possibility of browsers being compromised
they are fixing holes in every release and there are always more
and I saw an attack with my own eyes a year ago that was probably exploiting a browser vulverability
it showed a spoof site DESPITE dns returning the correct ip - trying http went to the real site! -
(saw it happen a few times - all the same day - on different machines in different locations running different operating systems - the only obvious thing those machines had on common was the browser)
if that could still happen to anyone out there it would be madness to take away the only remaing way that the user could get to the real site.
in that situation redirecting to https would force a user trying that back to the spoof site!
I don't think those kinds of risks can be ignored
the only sane option would be to let the user choose
only they could really know which risk really is worse for them than another.
when its a case of a compromised web browser whether or not the connection is encrypted is probably not their biggest worry
and if they just want to look at the public events listings here without logging in (the most popular thing here) then they might consider that low risk and be more worried about NOT being able to see it!
but I do want people to be able to use tls here
especially when they login and look at non-public messages, post or edit content, etc
making logins safer where possible is always on the agenda
as long as the user can choose .. just in case
An office with a sign
I've been running a software engineering consulting business for over 10 years now, but have recently moved out of the home-office. I've really enjoyed the home office arrangement, but I didn't get a sign!
George Standish likes this.
I'm really excited about the future of GuixSD, but a string of breakages over the last few months is wearing me down. ;(Yeah. Better integration testing to make sure everything, or a decent subset, remains buildable before merging would be nice. Rust verifies their entire package repo on every language update. Travis offers free testing for free-software projects.
Also, a better upgrade path when incompatible changes are done to the package tree and the guix framework would be nice.
Looking forward to tonight’s Free Software Melb meet-up; my first in many months! http://freesoftware.org.au/blog/fsm-may-18th-fsm-committee-functions-and-behind-the-gnews/
lsblk- how have I never met this handy program before?
Replicant 6.0 released!
Being a Replicant user for 7 years or more, I'm really excited to see Replicant 6.0 released! Congrats to Wolfgang Wiedmeyer and the other contributors.
Over the last one and a half years, a lot of work has been done to move Replicant to a new version and to add new features.
Replicant 6.0 is based on LineageOS 13.0 which is based on Android 6.0. Replicant 6.0 includes all the improvements that were made since CyanogenMod 10.1.
Christopher Allan Webber likes this.
Yay stickers! Thanks EFF!
Ansible vs Fabric
I'm trying to love Ansible, but
ansible-playbook -i inventory.ini --sudo -v certbot-renew.ymlis just messy compared to say
uıɐɾ ʞ ʇɐɯɐs likes this.Show all 6 replies
@Adam Bolte it certainly could, and for renewing certificates it probably should, so perhaps not the best example. I really like using Fabric as a way to put a really simple interface over a sequence of hard to remember commands, that I might only run now and again.
>> Ben Sturmfels:
“>that I might only run now and again.”
Fair enough. In salt, you would put your host-specific states in top.sls. Then you can just run salt '*' state.highstate when you need to redeploy/update/whatever and forget about running any certbot-related commands, states or playbooks directly ever again. :)If there's an "ansible.cfg" file in the current directory, you can put "inventory=inventory.ini" in the "[defaults]" section and not have to mention it on the command-line.Instead of saying "--sudo", you can put "become: true" into your playbook file.That makes the Ansible command-line a bit simpler, but still not quite as simple as Fabric.In my experience, Ansible really shines when you have modular configuration, where these hosts need this subset of configuration applied to them, but those hosts need that overlapping-but-not-identical subset of configuration applied. Using Ansible for configuring a single thing on a single host is overkill for production, although it's a good way to learn about it.
Dialing phone numbers from Emacs
Wrote a little Emacs function to dial a phone number from my BBDB address book using my desktop Jitsi client. So now I run
C-c b [search term]then
M-dto dial. Really handy.
(defun jitsi-dial (phone) "Call a phone number PHONE using Jitsi." (interactive (list (bbdb-current-field) current-prefix-arg)) (let ((phone-uri (format "sip://%email@example.com" (replace-regexp-in-string " " "" phone)))) (call-process "jitsi" nil nil nil phone-uri))) (setq bbdb-dial-function 'jitsi-dial)
I've hard-coded my SIP gateway provider and preferred SIP client instead of configuring my OS to appropriately handle
sip://URLs. But that's how all good Emacs hacks should be. ;)