Ben Sturmfels stumbles@identi.ca

Ballarat, Australia

Free software activist who loves riding bikes and flying kites. Lead developer at www.sturm.com.au.

  • 2017-07-20T21:07:24Z via Pumpa To: Public CC: Followers

    Was impressed to see GNU/Linux being used by a print shop here in Turin today

    Jackson S de Jesus, herco, Claes Wallin (韋嘉誠), Sarah Elkins and 2 others likes this.

  • Look who I ran into in Italy

    2017-07-20T17:28:45Z via Pumpa To: Public CC: Followers

    Jackson S de Jesus, martinho, John McClane, Stephen Sekula and 2 others likes this.

    John McClane, John McClane, John McClane, John McClane shared this.

    Hey!


    I know that guy! =)

    JanKusanagi at 2017-07-20T17:37:58Z

  • 2017-06-30T03:19:21Z via Pumpa To: Public CC: Followers

    Woo, inbox zero!

    Vladimir, Screwtape likes this.

    Now I just have to deal with the 5 billion tabs I have open in IceCat. :)

    Ben Sturmfels at 2017-06-30T03:20:19Z

    Elena ``of Valhalla'', Vladimir, Charles Stanhope, Claes Wallin (韋嘉誠) likes this.

  • Emacs: Copying multiple things in a row

    2017-06-30T00:23:53Z via Pumpa To: Public CC: Followers

    When copying and pasting several things in Emacs, I've always done it like this - alternating:

    • copy A
    • paste A
    • copy B
    • paste B

    It only clicked for me today that it's easier to do the copies together, as long as you paste in the reverse order:

    • copy A
    • copy B
    • paste B
    • paste A

    I've always known that when you copy or cut ("kill" in the Emacs lingo) some text in Emacs, that the selection goes onto a stack, called the kill-ring (since it actually loops around). You can then paste ("yank") and immediately cycle through previous items on the stack with yank-pop (M-y). Very handy if you get side-tracked and want something you copied a while back.

    Jackson S de Jesus, Charles Stanhope likes this.

  • GPG email and the subject

    2017-06-29T13:16:36Z via Pumpa To: Public CC: Followers

    I wouldn't make much of a secret agent. I go to all the effort of encrypting an email and after sending remember that the subject is unencrypted and basically sums up what the email is about. Not all my fault I suppose - it's a bit of a usability problem.

    Not if you apply some disinformation in the subject line. Or make it generic. Or randomly generate it. Or...

    Jason Self at 2017-06-29T13:18:42Z

    Yes, I should probably write some Emacs Lisp to automatically do this for me when I'm encrypting a message. I wonder if newer Enigmail does anything like this? Mine is fairly old now.

    Ben Sturmfels at 2017-06-29T13:20:27Z

  • Security Friday

    2017-06-09T01:07:21Z via Pumpa To: Public CC: Followers

    Upgrading a number of small websites with HTTPS, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options and Content-Security-Policy.

    Liking this tip from the Piwik team about using analytics in a way that complies with safe CSP settings.

    Claes Wallin (韋嘉誠) likes this.

    Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠) shared this.

    Show all 5 replies

    hyyps looked too risky


    that stuff looks far worse than even that


    its time to BREAK UP the cartels that try to bully us into a censorship regime


    I will always resist that


    there is no way in hell O would want to allow untrusted third parties to9 block any website I make!


    untill they come up with something without the censorship risks plain old http will always be allowed


    I won't budge on that and all the sloganising over https in recent years only makes me dig my heels in more.


    I repeat - the issue is not the price of certificates, its the CENSORSHIP risk!.

    now that browser BLOCK that is even worse!.


    the brower cartel MUST be broken yp - had a gutful of their crapware in recent years.


    sure encryption would be nice, but not if the price is to allow censorship.



    Michael at 2017-06-19T13:13:38Z

    @Michael You're right that there is some risk of censorship in that an HTTPS certificate could be revoked, which assuming you're using HSTS, censors you until you can get a new cert. There is also some risk that certificate authorities could sign certificates fraudulently.

    It's a trade-off. HTTPS provides visitors privacy and authenticity when they access a web site or service and, for me, that's a higher priority.

    While HTTP doesn't rely on a certification system, it is vulnerable to more subtle censorship and manipulation, in that spying and tampering with the information "in flight" is straightforward.

    Ben Sturmfels at 2017-06-28T00:14:40Z

    der.hans, Christopher Allan Webber likes this.

    We need a better system than ssl for sure.

    But at least in the meanwhile, LetsEncrypt has done some for-profit-cabal-busting.

    But there is more to be done, and better systems to build!

    Christopher Allan Webber at 2017-06-28T14:50:13Z

    der.hans likes this.

    these days more worried about browser cartels than certificate cartels


    re letsencrypt I need to find those instructions for doing it manually


    there are multiple domains on the same server here and subdomains too


    multiple "platforms" and an xmpp server too


    I really do think the first time I should do it manually to make sure nothing breaks and I learn properly what needs to be done

    (can probably automate it later once I know whats needed - just need to be sure I get web server configs right. I must avoid downtime as much as possible - there are users to consider!)



    also cannot redirect http to https .. thats a no go for now


    I do want to let users use https but still have that other option of they need it


    I cannot rule out the possibility of browsers being compromised

    they are fixing holes in every release and there are always more


    and I saw an attack with my own eyes a year ago that was probably exploiting a browser vulverability

    it showed a spoof site DESPITE dns returning the correct ip - trying http went to the real site! -

    (saw it happen a few times - all the same day - on different machines in different locations running different operating systems - the only obvious thing those machines had on common was the browser)


    if that could still happen to anyone out there it would be madness to take away the only remaing way that the user could get to the real site.

    in that situation redirecting to https would force a user trying that back to the spoof site!


    I don't think those kinds of risks can be ignored

    the only sane option would be to let the user choose

    only they could really know which risk really is worse for them than another.


    when its a case of a compromised web browser whether or not the connection is encrypted is probably not their biggest worry


    and if they just want to look at the public events listings here without logging in (the most popular thing here) then they might consider that low risk and be more worried about NOT being able to see it!


    but I do want people to be able to use tls here

    especially when they login and look at non-public messages, post or edit content, etc


    making logins safer where possible is always on the agenda


    as long as the user can choose .. just in case








    Michael at 2017-07-04T08:43:09Z

  • An office with a sign

    2017-06-08T05:49:14Z via Pumpa To: Public CC: Followers

    I've been running a software engineering consulting business for over 10 years now, but have recently moved out of the home-office. I've really enjoyed the home office arrangement, but I didn't get a sign!

    George Standish likes this.

    And if your back hurts, you're close to "Why Knot Massage" xDD

    JanKusanagi at 2017-06-08T10:10:47Z

  • Upgraded to Replicant 6.0

    2017-06-08T02:25:08Z via Pumpa To: Public CC: Followers

    I've just migrated from Replicant 4.2 to the new 6.0. Loving the device encryption, upgraded browser and app permissions at time of use. Looking forward to trying the included RepWifi app with an AR9271 WiFi adaptor.

  • 2017-06-06T00:39:09Z via Pumpa To: Public CC: Followers

    I'm really excited about the future of GuixSD, but a string of breakages over the last few months is wearing me down. ;(

    Christopher Allan Webber, Claes Wallin (韋嘉誠) likes this.

    Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠) and 2 others shared this.

    Yeah. Better integration testing to make sure everything, or a decent subset, remains buildable before merging would be nice. Rust verifies their entire package repo on every language update. Travis offers free testing for free-software projects.

    Also, a better upgrade path when incompatible changes are done to the package tree and the guix framework would be nice.

    Claes Wallin (韋嘉誠) at 2017-06-06T00:43:28Z

    Christopher Allan Webber, Ben Sturmfels likes this.

    Yeah, it's possible usually to recover more easily where it wouldn't be in other places (though Guile 2.2 moveover was an exception) but it shouldn't be necessary in general.

    Christopher Allan Webber at 2017-06-06T01:30:51Z

  • 2017-05-17T22:54:24Z via Pumpa To: Public CC: Followers

    Looking forward to tonight’s Free Software Melb meet-up; my first in many months! http://freesoftware.org.au/blog/fsm-may-18th-fsm-committee-functions-and-behind-the-gnews/

  • 2017-05-16T10:47:51Z via Pumpa To: Public CC: Followers

    lsblk - how have I never met this handy program before?

    uıɐɾ ʞ ʇɐɯɐs, sazius, Charles Stanhope likes this.

    There are simple too many nice tools included by default :-)

    Tobias Diekershoff at 2017-05-16T11:02:42Z

    Claes Wallin (韋嘉誠), Christopher Allan Webber likes this.

  • Replicant 6.0 released!

    2017-05-14T12:20:43Z via Pumpa To: Public CC: Followers

    Being a Replicant user for 7 years or more, I'm really excited to see Replicant 6.0 released! Congrats to Wolfgang Wiedmeyer and the other contributors.

    Over the last one and a half years, a lot of work has been done to move Replicant to a new version and to add new features.

    ...

    Replicant 6.0 is based on LineageOS 13.0 which is based on Android 6.0. Replicant 6.0 includes all the improvements that were made since CyanogenMod 10.1.

    https://blog.replicant.us/2017/05/replicant-6-0-released/

    Christopher Allan Webber likes this.

    Wooohoooo \o/


    Too bad they'll probably never be able to support my old-not-so-famous phone model xD


    But amazing news, this is a great, and really necessary project!

    JanKusanagi at 2017-05-14T16:14:22Z


    still wishing that one day there might be something for affordable hardware that is *locally* available.




    Michael at 2017-05-15T08:57:13Z

    Ben Sturmfels likes this.

  • 2017-05-14T01:28:56Z via Pumpa CC: Public

    Stephen Sekula, George Standish likes this.

    a face I remember meeting at LP2016... but... I still don't use emacs... :(

    George Standish at 2017-05-14T07:05:40Z

    Ben Sturmfels likes this.

  • 2017-05-09T10:44:02Z via Pumpa To: Public CC: Followers

    Yay stickers! Thanks EFF!

    Sarah Elkins, Claes Wallin (韋嘉誠), Stephen Sekula likes this.

    Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠) shared this.

    Hey, those are neat. I like the "Come back with a warrant" one. Spot on.

    Stephen Sekula at 2017-05-09T13:42:15Z

    Ben Sturmfels likes this.

  • Ansible vs Fabric

    2017-05-08T07:24:25Z via Pumpa To: Public CC: Followers

    I'm trying to love Ansible, but ansible-playbook -i inventory.ini --sudo -v certbot-renew.yml is just messy compared to say fab certbot-renew.

    uıɐɾ ʞ ʇɐɯɐs likes this.

    Show all 6 replies

    @Adam Bolte it certainly could, and for renewing certificates it probably should, so perhaps not the best example. I really like using Fabric as a way to put a really simple interface over a sequence of hard to remember commands, that I might only run now and again.

    Ben Sturmfels at 2017-05-08T07:53:06Z

    >> Ben Sturmfels:

    “>that I might only run now and again.”


    Fair enough. In salt, you would put your host-specific states in top.sls. Then you can just run salt '*' state.highstate when you need to redeploy/update/whatever and forget about running any certbot-related commands, states or playbooks directly ever again. :)

    Adam Bolte at 2017-05-08T08:06:50Z

    If there's an "ansible.cfg" file in the current directory, you can put "inventory=inventory.ini" in the "[defaults]" section and not have to mention it on the command-line.

    Instead of saying "--sudo", you can put "become: true" into your playbook file.

    That makes the Ansible command-line a bit simpler, but still not quite as simple as Fabric.

    In my experience, Ansible really shines when you have modular configuration, where these hosts need this subset of configuration applied to them, but those hosts need that overlapping-but-not-identical subset of configuration applied. Using Ansible for configuring a single thing on a single host is overkill for production, although it's a good way to learn about it.

    Screwtape at 2017-05-08T08:45:09Z

  • Dialing phone numbers from Emacs

    2017-05-05T02:17:40Z via Pumpa To: Public CC: Followers

    Wrote a little Emacs function to dial a phone number from my BBDB address book using my desktop Jitsi client. So now I run C-c b [search term] then M-d to dial. Really handy.

    (defun jitsi-dial (phone)
      "Call a phone number PHONE using Jitsi."
      (interactive (list (bbdb-current-field) current-prefix-arg))
      (let ((phone-uri
             (format "sip://%s@sip.internode.on.net"
                     (replace-regexp-in-string " " "" phone))))
        (call-process "jitsi" nil nil nil phone-uri)))
    
    (setq bbdb-dial-function 'jitsi-dial)
    

    I've hard-coded my SIP gateway provider and preferred SIP client instead of configuring my OS to appropriately handle sip:// URLs. But that's how all good Emacs hacks should be. ;)

    Claes Wallin (韋嘉誠), Adam Bolte, Christopher Allan Webber likes this.

    Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠) and 1 others shared this.

    @John Sullivan had his openmoko set up so he could call from emacs back in the day :)

    Christopher Allan Webber at 2017-05-05T02:22:06Z

    Awesome! Was it Emacs running on the phone, or from a remote Emacs?

    Ben Sturmfels at 2017-05-05T02:25:34Z

    Emacs was running on the phone! It was talking to the phone daemon over dbus.

    Christopher Allan Webber at 2017-05-05T02:30:11Z

    Claes Wallin (韋嘉誠) likes this.

    Nice! I need to find something cool to do with my old OpenMoko. Maybe a digital clock for my new office...

    Ben Sturmfels at 2017-05-05T02:35:30Z

    der.hans, Christopher Allan Webber likes this.

  • Guix Packing

    2017-04-11T04:57:52Z via Pumpa To: Public CC: Followers

    Just used guix pack to copy direnv from my GuixSD machine to a Trisquel system. What a beautiful experience!

    Charles Stanhope, Christopher Allan Webber, Claes Wallin (韋嘉誠), Adam Bolte likes this.

    Christopher Allan Webber shared this.

  • 2017-04-06T23:09:40Z via Pumpa To: Public CC: Followers

    Making some home-made bread this morning. It's been a while, but we now have a wonderful wholefoods co-op that just up the road, so its easy to get bread-making flour.

  • 2017-03-26T02:36:01Z via Pumpa To: Public CC: Followers

    Epic house clean Sunday

    Stephen Sekula likes this.

  • Wekan Kanban on Sandstorm Oasis

    2017-02-23T10:47:21Z via Pumpa To: Public CC: Followers

    Wekan is a free software Kanban tool. I've been finding it really handy in my software engineering business. I use one board for high-level juggling of projects in progress, which sit somewhere between "lead" and "paid". I also use a board per project for the various elements of that project. It's very polished and easy to use.

    Sandstorm Oasis is a marvellous service, because it saves me having to host all my own services and the secure sharing/collaboration features are brilliantly simple. To be honest, I may have never tried Wekan if it wasn't a few clicks away in Sandstorm.

    I forgot to mention that I pay for a Sandstorm Oasis account, which for a small monthly fee gives me essentially "all you can eat" private web apps, with about 70 different apps to choose from. Very good value.

    Ben Sturmfels at 2017-02-23T10:53:17Z

    Claes Wallin (韋嘉誠) likes this.

    some kind of appstore? ..

    for me that concept is a bit of a turn-off


    the page listing the apps won't even load which doesn't give me a good impression.

    I won't sign up to anything that won't show me what it offers.


    Sounds like it needs a hefty box to run on anyway



    for hosting I prefer a shell prompt and keeping things lightweight and simple so not convinced theres much to interest me there.

    Michael at 2017-02-23T15:30:30Z

    Interesting. I originally came across this project as libreboard. They had a bit of a rocky start, but now they've moved past that. I will have to try it again.

    Charles Stanhope at 2017-02-23T17:55:06Z